SlideShare a Scribd company logo
1 of 92
Cryptography 101
Nolan Egly
Code Camp 2013 Sponsors
Gold
Silver
Bronze
Cryptography 101
Agenda
• Branches and types of cryptography
• Early crypto systems and cryptanalysis
• Mechanization of cryptosystems
Agenda (cont.)
• Security Problems Cryptography Does Not Solve
• What Is Secure?
• Symmetric Encryption and Modes
• Asymmetric Encryption
Agenda (cont.)
• Quantum Cryptography
• Resources
• Open questions and discussion
Oh dear, this
isn’t going to
be my cup of
tea…
Image credit: http://supercutekittens.blogspot.com/2011_07_01_archive.html
Image credit: http://fanumusic.com/wp-content/uploads/2012/10/Free.jpg
Secret Writing
Cryptography
• Greek etymology
– Kryptos: secret
– Graphia: writing
• Scrambling a message in
plain sight
Steganography
• Greek etymology
– Steganos: covered
– Graphia: writing
• Hiding a message so it
cannot be seen
STEGANOGRAPHY
PAST AND PRESENT
Steganography - Ancient
Photo credit: http://en.wikipedia.org/wiki/File:Wachstafel_rem.jpg
Steganography - Historical
Invisible Ink
Steganography - Historical
Microdots
Photo credit: http://www.racq.com.au/__data/assets/image/0006/34908/microdot_cropped.jpg
Steganography - Modern
• Hiding messages in low order bits of media
Tool Demo
Steganography with Hide in Picture
Steganography Usage Today
• Digital watermarking intellectual property
– General copyright infringement detection
– Watermark per digital copy for data leak detection
Image source: http://www.amazon.com/Kerosene/dp/B001C79S0S/
Steganography Usage Today
• Underground communities
– Need to communicate covertly
What questions do you have?
CRYPTOGRAPHY
PRINCIPLES AND PAST HISTORY
Primary Two Methods of Cryptography
Transposition (Diffusion)
• Changing the position of the
characters
Substitution (Confusion)
• Changing the characters
from one into another
Transposition - Ancient
Photo credit: “The Code Book” by Simon Singh
Transposition – Route Cipher
Write the message in vertical rows in a grid, and
then transcribe according to a pattern
T A W I 2
H N E S X
E S R 4 Z
The answer is 42 EHT ANS REW IS4 ZX2
Plaintext Ciphertext
Transposition – Columnar Cipher
Write message in rows, and then scramble columns
in alphabetical order of a key
T H E A N
S W E R I
S 4 2 X Z
The answer is 42 HW4 NIZ ARX EE2 TSS
P A N I CKey
Plaintext Ciphertext
Transposition Today
Transposition is used as a component of more
complex ciphers, but is not strong enough to be
used by itself
What questions do you have?
Strategies of Substitution
Codes
• Substitute words or phrases
Ciphers
• Substitute letters
Ace => DFH
Bad => EDG
Caeser Shift Cipher
Plain A B C D E
Cipher D E F G H
TOP SECRET
Word Code Word
Ace Mushroom
Bad Pink
Image credit (paper background): http://www.flickr.com/photos/boston_public_library/4460136656
Secret Communication
Steganography Cryptography
Codes Ciphers
Transposition Substitution
Interlude: Complete Family Tree
Substitution - Ancient
• Oldest known cipher – Caeser cipher
• Shift characters by 3
Caeser Cipher
Cipher D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Plaintext Ciphertext
The answer is 42! WKH DQVZHU LV 42!
Kerckhoff’s Principle
"The security of a crypto-system must
not depend on keeping secret the
crypto-algorithm. The security depends
only on keeping secret the key."
Cryptography by Secret Key
Image credit: http://i.msdn.microsoft.com/dynimg/IC168364.gif
Shift cipher with key
• Improves the shift cipher by adding a secret key
• Just knowing the algorithm is useless without the
key
Shift Cipher With Key “Xylophone”
Cipher X Y L O P H N E A B C D F G I J K M Q R S T U V W Z
Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Plaintext Ciphertext
The answer is 42! REP XGQUPM OU 42!
What questions do you have?
We have secure communications.
Life is good.
Isn’t it?
Photo credit: http://www.flickr.com/photos/lorensztajer/4181632414/
Not quite.
Someone could use cryptanalysis
to break our cipher.
Photo credit: http://www.flickr.com/photos/85941395@N00/2190485197/
Cryptanalysis:
Lexical Frequencies
Image credit: http://en.wikipedia.org/wiki/File:English_letter_frequency_(alphabetic).svg
Lexical Frequency Analysis Example
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEM
VEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIMWQLMG
LMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITREWH
EXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJGSTVRIEYVI
EXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQIVIXQ
SVSTWHKPEGARCSXRWIEVSWIIBXVIZMXFSJXLIKEGAE
WHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVIIBGIIHM
WYPFLEVHEWHYPSRRFQMXLEPPXLIECCIEVEWGISJKTV
WMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQEROIVFVIZEV
AEKPIEWHXEAMWYEPPXLMWYRMWXSGSWRMHIVEXMSWMG
STPHLEVHPFKPEZINTCMXIVJSVLMRSCMWMSWVIRCIGX
MWYMX
Monoalphabetic ciphertext
E Freq. D
I 58
E 48
X 41
W 35
M 34
V 31
S 30
R 27
L 22
P 21
G 16
H 16
Y 13
E Freq. D
T 12
Q 12
C 9
K 9
J 9
C 6
F 6
A 5
O 3
B 2
U 1
N 1
D 0
Trigrams Freq. D
XLI 9
EWH 7
MWY 4
IVI 4
Analysis Counts
E Freq. D
I 58 E
E 48
X 41 T
W 35
M 34
V 31
S 30
R 27
L 22 H
P 21
G 16
H 16
Y 13
E Freq. D
T 12
Q 12
C 9
K 9
J 9
C 6
F 6
A 5
O 3
B 2
U 1
N 1
D 0
Trigrams Freq. D
XLI 9 THE
EWH 7
MWY 4
IVI 4
Analysis Counts
E Freq. D
I 58 E
E 48 A
X 41 T
W 35
M 34
V 31
S 30
R 27
L 22 H
P 21
G 16
H 16
Y 13
E Freq. D
T 12
Q 12
C 9
K 9
J 9
C 6
F 6
A 5
O 3
B 2
U 1
N 1
D 0
Trigrams Freq. D
XLI 9 THE
EWH 7
MWY 4
IVI 4
Analysis Counts
Applying Our Conjectures
heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePFaM
VaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReMWQhMG
hMtQaReWGPSReHMtQaRaKeaTtMJTPRGaVaKaeTRaWH
atthattMZeTWAWSQWtSWatTVaPMRtRSJGSTVReaYVe
atCVMUeMWaRGMeWtMJMGCSMWtSJOMeQtheVeQeVetQ
SVSTWHKPaGARCStRWeaVSWeeBtVeZMtFSJtheKaGAa
WHaPSWYSWeWeaVtheStheVtheRGaPeRQeVeeBGeeHM
WYPFhaVHaWHYPSRRFQMthaPPtheaCCeaVaWGeSJKTV
WMRheHYSPHtheQeMYhtSJtheMWReGtQaROeVFVeZaV
AaKPeaWHtaAMWYaPPthMWYRMWtSGSWRMHeVatMSWMG
STPHhaVHPFKPaZeNTCMteVJSVhMRSCMWMSWVeRCeGt
MWYMt
More Conjecturing
heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePFaM
VaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReMWQhMG
hMtQaReWGPSReHMtQaRaKeaTtMJTPRGaVaKaeTRaWH
atthattMZeTWAWSQWtSWatTVaPMRtRSJGSTVReaYVe
atCVMUeMWaRGMeWtMJMGCSMWtSJOMeQtheVeQeVetQ
SVSTWHKPaGARCStRWeaVSWeeBtVeZMtFSJtheKaGAa
WHaPSWYSWeWeaVtheStheVtheRGaPeRQeVeeBGeeHM
WYPFhaVHaWHYPSRRFQMthaPPtheaCCeaVaWGeSJKTV
WMRheHYSPHtheQeMYhtSJtheMWReGtQaROeVFVeZaV
AaKPeaWHtaAMWYaPPthMWYRMWtSGSWRMHeVatMSWMG
STPHhaVHPFKPaZeNTCMteVJSVhMRSCMWMSWVeRCeGt
MWYMt
Applying i, m, and r
hereTCSWPeYraWHarSReQithaYraOeaWHRtatePFai
raWHKrSTYhtmetheKeetPeJrSmaYPaRRGaReiWQhiG
hitQaReWGPSReHitQaRaKeaTtiJTPRGaraKaeTRaWH
atthattimeTWAWSQWtSWatTraPiRtRSJGSTrReaYre
atCriUeiWaRGieWtiJiGCSiWtSJOieQthereQeretQ
SrSTWHKPaGARCStRWearSWeeBtremitFSJtheKaGAa
WHaPSWYSWeWeartheSthertheRGaPeRQereeBGeeHi
WYPFharHaWHYPSRRFQithaPPtheaCCearaWGeSJKTr
WiRheHYSPHtheQeiYhtSJtheiWReGtQaROerFremar
AaKPeaWHtaAiWYaPPthiWYRiWtSGSWRiHeratiSWiG
STPHharHPFKPameNTCiterJSrhiRSCiWiSWreRCeGt
iWYit
And so on, and so forth
hereuponlegrandarosewithagraveandstatelyai
randbroughtmethebeetlefromaglasscaseinwhic
hitwasencloseditwasabeautifulscarabaeusand
atthattimeunknowntonaturalistsofcourseagre
atprizeinascientificpointofviewthereweretw
oroundblackspotsnearoneextremityofthebacka
ndalongoneneartheotherthescaleswereexceedi
nglyhardandglossywithalltheappearanceofbur
nishedgoldtheweightoftheinsectwasveryremar
kableandtakingallthingsintoconsiderationic
ouldhardlyblamejupiterforhisopinionrespect
ingit
With Spacing and Punctuation
Hereupon Legrand arose, with a grave and stately air, and
brought me the beetle from a glass case in which it was
enclosed. It was a beautiful scarabaeus, and, at that time,
unknown to naturalists—of course a great prize in a scientific
point of view. There were two round black spots near one
extremity of the back, and a long one near the other. The
scales were exceedingly hard and glossy, with all the
appearance of burnished gold. The weight of the insect was
very remarkable, and, taking all things into consideration, I
could hardly blame Jupiter for his opinion respecting it.
This is an excerpt from the short story “The Gold Bug” by Edgar Allen Poe.
Decrypting a simple cipher by frequency analysis is part of the plot.
What questions do you have?
The Cryptographers Strike Back
• Polyalphabetic ciphers
– Uses many alphabets of substitution instead of 1
– Hides letter frequencies
– Credit is generally given to Vigenere
Vigenere Square
Plaintext The sun and the man in the moon
Ciphertext DPR YEV NTN BUK WIA OX BUK WWBT
Polyalphabetic Cipher
• This plaintext is encrypted with Vigenere and
a pass phrase “King”
The Return of the Cryptanalysts
• Key cycle detection
• Find repeated sequences and estimate
possible key lengths
• Divide ciphertext in to groups by key length
• Analyze as a monoalphabetic cipher
Key Cycle Detection
Plaintext The sun and the man in the moon
DPRYEVNTNBUKWIAOXBUKWWBT
Alphabet 1 D E N W X W
Alphabet 2 P V B I B W
Alphabet 3 R N U A U B
Alphabet 4 Y T K O K T
Mechanization of Ciphers - Enigma
Image credit: http://www.oliverrobinson.net/photos/bletchley/index.html
Enigma Rotors and Plugboard
Image credit: http://www.ilord.com/enigma.html
What questions do you have?
SECURITY PROBLEMS
CRYPTOGRAPHY DOES NOT SOLVE
Cryptography
Infrastructure Vectors
Packet sniffers, key loggers, and malware – oh my!
Image credit:
http://3.bp.blogspot.com/-I0mI7eWkiiE/UVZ6KhVUqcI/AAAAAAAANAw/h7PNvdk9zXs/s320/WiresharkDissector.png
http://www.keelog.com/images/wifi_hardware_keylogger_03.jpg
http://www.thechromesource.com/wp-content/uploads/2011/07/download.jpg
User Confusion
Image credit: http://www.d00med.net/uploads/0d832c77559a2070a766f899e7efb783.png
Image credit: http://ctworkingmoms.com/wp-content/uploads/2013/06/bribery.jpg
Image credit: https://xkcd.com/538/
CRYPTOGRAPHY
TODAY
What is “Secure”?
Image credits: http://upload.wikimedia.org/wikipedia/commons/8/87/WinonaSavingsBankVault.JPG
What is “Secure”?
• Unconditionally secure
– Impossible to break, even with infinite resources
• Computationally secure
– Impossible to break without infinite resources
Unconditionally Secure
• Theorized to only be possible when the key is
as long as the message
• Every key is equally likely and denies pattern
matching
• Only known system is the one time pad
One Time Pads
Pros
• Completely unbreakable
Cons
• Must be as long as message
• Must be completely random
• Cannot be reused
• Need secure distribution
Image credits: http://www.ranum.com/security/computer_security/papers/otp-faq/otp.jpg
http://commons.wikimedia.org/wiki/File:OneTimePadExcerpt.agr.jpg
Computationally Secure
• Cipher cannot be broken with limited
computing resources
– E.g. a calculation that will take longer than the age
of the universe
– What most practical cryptography strives for
Things We Ask Crypto To Do
Algorithm Confidentiality Authentication Integrity
Symmetric encryption Yes No No
Asymmetric encryption Yes No No
Digital Signatures No Yes Yes
One-way hash functions No No Yes
Symmetric Encryption
• Uses a series of complex transformations with
the secret key to scramble the plaintext
• Let’s look at DES as an example
F: Feistel function
Crossed circle: XOR
Data is operated on in blocks by
alternating between the left and right
sides going through function F and
then XORing the function output with
the other half of the block. This is
done for 16 rounds.
Image credit: http://en.wikipedia.org/wiki/File:DES-main-network.png
DES algorithm - Overview
DES algorithm - Feistel function
Crossed circle: XOR
S: Substitution function
P: Permutation function
(transposition)
The half block is XORed with
a subset of the encryption
key, and then run through a
series of fixed substitutions
and permutations.
Image credit: http://en.wikipedia.org/wiki/File:DES-f-function.png
What questions do you have?
MAYBE.
This is great and all, but since the
substitutions and permutations are
constant, if I keep using the same key
can someone cryptanalyze my
ciphertexts?
Modes
• Modes are types of additional protection
when using a key on multiple messages
• Does not encrypt by itself, but affects the
input into the cryptographic functions
Electronic Codebook Mode (ECB)
• No modification to input process
• Susceptible to frequency analysis with
multiple ciphertexts
• Susceptible to replay attacks from malicious
sources without timestamps (blocks look the
same every time)
Cipher Block Chaining Mode (CBC)
• Plaintext block is XORed with previous block’s
cipher text
• First block XORed with an Initialization Vector
(IV)
• The IV is not sensitive and can be transmitted
as plaintext with the encrypted message
Cipher Feedback Mode (CFB)
• Similar to CBC, but operates on streams
instead of blocks
• Very useful for some communications
– Imagine a remote desktop session waiting for 4 to
8 keypresses before sending the text
Output-Feedback Mode (OFB)
• Streamed like CFB but uses the key itself,
encrypted by the algorithm, to XOR the text
• Transmission errors affect only a single byte
instead of an entire block since the feedback
stream is independent of the cipher block
And others…
Image credit last 4 slides: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Final Thoughts on Modes
• Some standards dictate the mode. If you
don’t use the specified mode, you aren’t using
that encryption standard.
What questions do you have?
Symmetric Disadvantages
• Key distribution must be done secretly
• Keys needed between each party
– Keys required = (n*(n-1)/2), n is number of users
Image credit: http://www.petri.co.il/images/Planning%20a%20DFS%20Architecture%20Part%202%20-2.jpg
Asymmetric Encryption
• Also called public key encryption
• Conceived by Diffie and Hellman in 1976
• Uses a public key to encrypt and a private key
to decrypt
• Benefits: solves the secret key distribution
problem, enables digital signature protocols
• Drawbacks: it’s much slower than symmetric
Asymmetric Encryption - Overview
Image credit: http://i.msdn.microsoft.com/dynimg/IC21919.gif
Asymmetric Encryption - RSA
• First usable algorithm, and the most popular
• Uses product of two large prime numbers as
one way function
What questions do you have?
CRYPTOGRAPHY
IN THE FUTURE
Quantum Cryptography
• Quantum cracking
– Calculate all states at once with quantum bits
– Schrodinger’s Cat Hypothesis
• Quantum encryption
– Transmit particles that cannot be measured with
affecting the value
– Heisenberg Uncertainty Principle
RESOURCES
Recommended Books - Heavy
• Bruce Schneier
– “Cryptography Engineering”
• A great critique of some perceived shortcomings is at
http://sockpuppet.org/blog/2013/07/22/applied-
practical-cryptography/
– “Applied Cryptography”
• dated but very comprehensive and interesting
Recommended Books - Light
• Simon Singh - “The Code Book”
– Covers history of cryptography
– Very accessible, even to nontechnical readers
• David Kahn
– Several historical books about cryptography
• Steven Levy – “Crypto”
– Covers discovery of public key cryptography
Online Courses
• (I haven’t taken any of these myself)
• Coursera
– https://www.coursera.org/course/crypto
• Udacity
– https://www.udacity.com/course/cs387
Community
• Schneir on Security
– http://www.schneier.com
• Stack Exchange
– http://crypto.stackexchange.com
Cryptography 101
Thanks for coming!
• Email: nolan@nolanegly.com
• Twitter: @nolanegly

More Related Content

Similar to Cryptography 101

Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
CryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptxCryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptxBhavikaGianey
 
Information and network security 12 classical substitution ciphers
Information and network security 12 classical substitution ciphersInformation and network security 12 classical substitution ciphers
Information and network security 12 classical substitution ciphersVaibhav Khanna
 
Pertemuan 7 cryptography
Pertemuan 7  cryptographyPertemuan 7  cryptography
Pertemuan 7 cryptographynewbie2019
 
Tales From the Crypt(ography)
Tales From the Crypt(ography)Tales From the Crypt(ography)
Tales From the Crypt(ography)Jeremiah Jackson
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques Dr. Kapil Gupta
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.pptGhamdan5
 
the art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.pptthe art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.pptjamkhan10
 
Best book for the cryptography doctor.ppt
Best book for the cryptography doctor.pptBest book for the cryptography doctor.ppt
Best book for the cryptography doctor.pptnicolausalex722
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysisBARATH800940
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffffmaninthemirrorrror
 
Crytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.pptCrytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.pptMuhammadShajid1
 

Similar to Cryptography 101 (20)

Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
CryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptxCryptX '22 W1 Release (1).pptx
CryptX '22 W1 Release (1).pptx
 
Information and network security 12 classical substitution ciphers
Information and network security 12 classical substitution ciphersInformation and network security 12 classical substitution ciphers
Information and network security 12 classical substitution ciphers
 
Pertemuan 7 cryptography
Pertemuan 7  cryptographyPertemuan 7  cryptography
Pertemuan 7 cryptography
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
Tales From the Crypt(ography)
Tales From the Crypt(ography)Tales From the Crypt(ography)
Tales From the Crypt(ography)
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
the art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.pptthe art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.ppt
 
Best book for the cryptography doctor.ppt
Best book for the cryptography doctor.pptBest book for the cryptography doctor.ppt
Best book for the cryptography doctor.ppt
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysis
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff
 
RSA.ppt
RSA.pptRSA.ppt
RSA.ppt
 
7 cryptography
7 cryptography7 cryptography
7 cryptography
 
Crytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.pptCrytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.ppt
 
ch02.ppt
ch02.pptch02.ppt
ch02.ppt
 
Watson System
Watson SystemWatson System
Watson System
 

Recently uploaded

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 

Recently uploaded (20)

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 

Cryptography 101

Editor's Notes

  1. Developers can sign up anytime at ctxgivecamp.org through our EventBrite link. You can follow back or mention the project at @ctxgivecamp on Twitter. There's a Facebook event page too at https://www.facebook.com/CtxGivecamp.The event takes place on October 18-20.Developers, designers and other professionals will team up to complete small applications for non-profits in needYou can sign up at ctxgivecamp.org or get more info at info@ctxgivecamp.org 
  2. In 480BC, Persia was about to attack Greece. A Greek exile named Demaratus was living in Persia, and sent wax covered tablets with a warning. He scraped off the wax, carved a message in wood, and resealed the wood tablets.
  3. Protein chars or burns. If you write on paper with a protein that dries clear (e.g. lemon juice), the message can be seen when the paper is heated.
  4. During World War II, Germany would shrink photos to the size of period and send them through the unsecure message system. The Allies were tipped off to “look for letters with shiny punctuation marks”.
  5. Media could be image files, sound files.
  6. Do HideInPicture demo here, compare images with hex editor to see altered bytes.
  7. Claude Shannon, generally credited as the inventor of Information Theory, used the term diffusion for transposition and confusion for substitution. Just an FYI for anyone who’s read Shannon’s work.
  8. Scytale – wooden rod of a certain diameter. A strip of leather or paper would be wound around the wooden rod, and then transcribed. Once the medium was unwound, it would be all scrambled. The message would be carried to its recipient (sometimes as a belt) who also had a scytale with a matching diameter, and would be able to recreate the message.
  9. Susceptible to frequency analysis, often leaves words or parts of words exposedRoute ciphers are also sometimes called Rail ciphers and were used by the Union in the American Civil War.
  10. Susceptible to frequency analysisCan be attacked by guessing column lengths and looking for word partials
  11. During WWII, a two step transposition cipher was considered the most complex scheme a secret agent could memorize and remember while in the field.
  12. Code books can be completely random, so there are no substitution patterns to cryptanalyze, but have a number of drawbacks.- Distribution and transportationLimited to vocabulary of the book- Vulnerable to lexical analysis (frequently occurring words, such as ‘the’)Ciphers have a pattern that can be potentially cryptanalyzed, butDon’t require a codebook (although more complex ciphers use a daily key book)Can express any message since the vocabulary isn’t predefinedToday ciphers are overwhelmingly favored over codes
  13. This is a concept diagram of families and types of secret communication.(after animation)The remainder of the talk is going to focus on ciphers.
  14. One of the primary weaknesses of this kind of cipher is the security depends on keeping the algorithm secret. Once the algorithm is known, the cipher is worthless.This leads us to…
  15. Kerckhoff was a Dutch (Netherlands) cryptographer who taught in a Paris university. In 1883 he wrote a paper in the French Journal of Military Science to encourage more secure crypographic practices and outlined six best practices. Number two became known as Kerckhoff’s Principle.
  16. The secret key keeps the message secure even if the enemy knows what the encryption method was.
  17. This is an improvement to the plain cipher by adding a secret key. Knowing the algorithm is a shift cipher without knowing the key is “XYLOPHONE” doesn’t decrypt the message.
  18. Lexical frequency analysis was discovered in the Arabia area in the 900’s. One of the oldest known works describing frequency analysis was written by al-Kindi, nicknamed ‘The philosopher of the Arabs’. It was also either discovered in Europe or introduced from the Arabian peninsula during the Renaissance period.
  19. Here’s some cipher text that’s been created with a simple substitution cipher. Could I please have a volunteer to count up the occurrences of each letter please? Anyone?
  20. Oh, OK. I used an online tool to perform the counting. http://www.richkni.co.uk/php/crypta/freq.phpE is the most common letter used in English, and “the” is the most common word. So ‘I’ is probably ‘E’, and ‘XLI’ is probably ‘THE’.(animate)
  21. E and T are the first and second most used letter, which we believe we’ve identified by way of ‘THE’. So the second most occurring cipher letter E is probably the third most common plaintext letter A.(animate)
  22. (next slide applies our conjectures to the text)
  23. (ask) Does anyone see any possible patterns or words? Blue lower case letters are plain text, red uppercase are cipher text.
  24. “heVe” looks like here“atthattMZe” looks like at that timeLets presume “V” is the letter r, and likewise that “M” is I and “Z” is M.
  25. (animate)remarA looks like remark, so we could apply K for A(forward)
  26. Here, we are going to see how the same plaintext letter gets encrypted as different letters to help mask its frequency of occurrence. We’ll use the passphrase “KING”.On row 10 (K), an E would be an O.On row 08 (I), an E would be M.On row 13 (N), an E would be R.On row 06 (G), an E would be K.
  27. In a nutshell – divide thepolyalphabetics into monoalphabetic strings, and then divide and conquer.
  28. It is important to remember that cryptography is USEFUL in enhancing security, but cannot guarantee it because attackers usually have many other vectors to exploit.
  29. There are also several social vector approaches that often work very well…
  30. In the cryptography literature this is fondly referred to as the rubber hose attack.
  31. Ask the audience what “secure” means to them in regards to cryptography.Things to encourage discussion on:Time and cost of attack vs value and timeliness of secretresources of various adversaries (another person vs corporation vs government)
  32. Claude Shannon developed the theory of unconditional security.
  33. “Need secure distribution” is the deal breaker here. It doesn’t matter how theoretically secure something is if it is painful and dangerous to orchestrate.
  34. DES was invented in the 1970s when the need for a national standard to securely communicate became apparent. The NSA helped develop the standard, but was unaware that the standard would be so openly published in a manner that allowed for software implementations.DES is NOT SECURE today. DO NOT USE IT. I’m showing it as a “simple” example of more modern techniques, and how computers help facilitate what was once done manually.
  35. IP and FP are not cryptographically significant, and were added to facilitate loading and unloading bytes into 1970’s era hardware.
  36. The cipher text of a message encrypted multiple times with the same key will look exactly the same each time.This is great from a hardware perspective (we can parallelize the operations), but horrible from a cryptanalysis perspective.
  37. The operation can no longer be done in parallel, but we will no longer get predictable output from the same input.
  38. The NSA claims to have invented beforeDiffie and Hellman, but how are we supposed to know?
  39. A more recent alternative to using prime numbers is using the mathematical properties of elliptical curves.
  40. (If you’re running fast) Talk about digital signatures
  41. (If you’re running fast) Talk about digital signatures
  42. Developers can sign up anytime at ctxgivecamp.org through our EventBrite link. You can follow back or mention the project at @ctxgivecamp on Twitter. There's a Facebook event page too at https://www.facebook.com/CtxGivecamp.The event takes place on October 18-20.Developers, designers and other professionals will team up to complete small applications for non-profits in needYou can sign up at ctxgivecamp.org or get more info at info@ctxgivecamp.org