Introduction to encryption


Published on

A brief overview of historical cryptography, moving into modern methods and a few How-To examples for PHP.

Talk given to @phpbelfast PHP User Group - Feb 2014 by @faffyman

Published in: Technology, Education
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Because it’s basically about encoding the data into a format your enemy cannot understand.
  • Symmettric and Asymmetric encryption is different.
  • Using a 26 letter alphabet there are 26! Combinations = 2^88 or 88bits
  • The PT Boat incident.Kennedy’s message gave away the position of the boat and their pick up times.Wheatston & palmerston
  • Very fast encoding and decoding – but the length of the key makes it impractical. It’s as difficult to transmit the key as the plaintext message.WEP 802.11b is bad crypto – it’s keyspace is exhausted so it’s effectively 2 time pad.IV is 24bit so it recycles after 16million data packetsWorse still it resets to zero each time the router reboots.
  • Key is very longSharing the Key s difficultSharing the key is as insecure as sharing the messageMessages should never repeatMessages with known portions are prone to being tampered with“nothing to report”
  • A German in the desert consistently sent the message Nothing to reportKnown plain text + intercepted cipher text meant they could figure out the machine settings for the day
  • XOR makes hardware encoding really fast and simplegenerally convert plain text messages to HEX pairs and XOR those pairs (perhaps via binary)The XOR rule above is WHY we cannot have a two time PADXOR +XOR = original text
  • Hopefully one of the only formula’s you’ll encounter tonightBasically Decrypt(encrypted message) = message
  • The One Time pad is a stream cipherStream ciphers use a small key but PAD it out to the required length with Pseudo randomnessStream ciphers are fast and commonly used by hardware systems – e.g. DVD encryption, GSM phones, Bluetooth all use stream ciphersRC4 (1987) is a common stream cipher encrypts 1 byte per roundDVD Encryption uses CSS (Code scrambling system)Salsa 20 is a modern stream cipher – process 5 x faster than RC4Block ciphers are the workhorse of modern encryptionExamples includes 3DES (64bit blocks) and key is 168 bitAES (128 bit blocks) key is 128,192 or 256 bitKey is expanded into one key per blockEncryption of block one is fed into block two and so on….Block ciphers are much slower than stream ciphers SLOWER is BETTERI’ll do a few definitions only.
  • Pseudo random keys are generated by PRGsA PRG uses a PRF A PRP is an invertible PRFAll PRPs are PRFsNOT all PRFs are PRPs some are non invertiblePRG – Stream CipherPRP = Block CipherA PRP is used by Block ciphers – not stream ciphers - think AES, 3DES etc
  • Small keys are EXPANDED by the PRG to form a ONE TIME PAD key of the required length.
  • DES used for cheque clearing and many other legacy banking systems.AES is Advanced Encryption Standard.Developed by Horst Fiestel in 1970s3DES tripled the workload time2DES is useless as it is prone to a meet in the middle attack
  • Used by DES, 3DES and Blowfish among othersTakes a *secure* PRF (non invertible) and makes it Efficiently invertble after 3 rounds.DES uses 16 rounds.TODO Small PHP script to demonstrate – add to gist - ? TODO
  • Substituion permutation layersKey XOR inputByte substitutionShift rowMix columnXOR with next key loop
  • Timing AttacksPower AttacksSound AttacksReplay attacks – resend a scrambled signal – could result in a duplicate web order
  • Electronic Code book sometimes falls foul of two time padSematic security says that cipher text tells you NOTHING about plain textBut in ECB if block n == block m then those two cipher texts are identicalEach block is encoded separately and independently of the others.
  • CBC gets over the short comings of ECB by feeding the results of one block into the intiialisation of the next block
  • Turns a Block Cipher into Stream CipherThe initalisation vector in this instance is eth Nonce + The CounterEach block differs from previous one due to eth counter – but not dependant on the previous blockYou can decrypt block independently of each other, or simultaneously is you know the number of blocksHence stream cipher
  • Most of the time when talking about encryption – we really mean hashingBecause most of the time we don’t need to decrypt only to confirm.Checking and rejecting an encrypted message based on MAC can leave you open to timing attacksIf decrypt fails or (login guessing) always add a random time interval before returning an error code.MAC also used to authenticate a message but do not provide confidentiality (Authenticated Encryption)
  • CCA – Chosen Cipher text attackCPA – Chosen Plaintext AttackAlways use hmac() in your own code.hash_hmac() provides keyed hashing not JUST hashing.Authenticated Encryption is relatively new – circa 2000
  • Physical world representation of secure communicationMathematical handshakes basically carry out the above scenario.The mathematical equivalent Public Key crypto was thought up by GCHQ employeeCliff Cocks 1973 – only declassified in 1997He worked it out in his head in 3 hours and had to remember it!!!!Source The Infinite Monkey Cage – 3rd Dec 2012 - Secret ScienceSimon Singh, Dr. Sue Back
  • Diffie / Hellmann is the modern approved Public Key system (RSA)It’s all about prime numbers & factorsPick a large primePick a number less than the primeRaise a fixed number to the power of that number less than the prime128bit encryption has modulus size of 3072 bits256bit AES has modulus size of 15,360bits – that’s why it’s a good protocol.
  • This is basically Diffie Hellman.
  • Many older systems still have plain text passowrds stored
  • Use a really long random key – Generate a random key with e.g. openssl_random_pseudo_bytes(64)Don’t reuse the same key over and over againUse a random 64bit minimum saltStore the salt along side the hashYou can store an encrypted version of the Salt with a re-usable key from your site configvars
  • Use OPEN SSL if decryption is required.Use openssl for Public private key encryption/decryptionOpenssl_public_[en|de]cryptOpenssl_private_[en|de]crypt
  • For versions of PHP less than 5.5 this is a good solid easy to use option
  • Php 5.5 password_hash is a wrapper for crypt()Hashes created by crypt can be used with password_hash()By default uses bcrypt CRYPT_BLOWFISHThe $hash returned by password_hash contains the algorith, workload and salt.Retrievable with password_get_info()
  • Introduction to encryption

    1. 1. Introduction to Encryption 6th Feb 2014
    2. 2. Who am I? PHP Developer @faffyman @phpbelfast
    3. 3. What’s this talk about? Mostly the Why and the What And just a little bit of the How
    4. 4. What this talk is not about Probability Theory behind encryption encryption model definitions
    5. 5. Why Encrypt? Secure communications - TLS Email - SSL web Payment Gateways -Credit Cards -Bitcoins Filesystems -DVD -Memory Cards Cable TV Signals Online Voting DRM WEP Skype Calls
    6. 6. What is Encryption? Είναι όλα ελληνικά για μένα It’s all Greek to me
    7. 7. *Encryption is… “An algorithm that can encode a message such that it is only readable by authorized persons” *Generally speaking.
    8. 8. *Encryption is… a Cipher.. “A pair of algorithms such that the output ciphertext of the encoding algorithm can be efficiently transformed back to the original text by the decoding algorithm” *not always true
    9. 9. Examples of Encryption through history
    10. 10. The Caesar Cipher Also known as the shift cipher Or substitution cipher
    11. 11. Shift 3 chars left Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD Plaintext: the quick brown fox jumps over the lazy dog
    12. 12. The Vigener Cipher 16th Century Rome Is a Modulo shift cipher
    13. 13. Create a repeating key the same length as the message Plain : PHP BELFAST ENCRYTION TALK Key : BLI NKSTUDI OSBLINKST UDIO Cipher: RTY PPEZVWC TEEDHHTHH OEUZ P = 16 + B=2 = 18 = R H = 8 + L=12 = 20 = T L = 12 + S=19 = 31 % 26 = 5 = E
    15. 15. The One Time Pad 1917, Vernam Symantically secure, practically useless Very fast encode / decode Stream Cipher
    16. 16. The One Time Pad Uses A Random Key of equal length to the message AJDPWNCGS82NCPS03NCBS72HGTWX1EZMBLHPY04YDVS2D
    17. 17. Rotor Machines Lorenz Cipher (a.k.a. Tunny) Enigma “Nothing to report”
    18. 18. Encryption is just XOR? There is a lot if it - yes M: 0 1 1 0 1 1 1 Ke: 1 0 1 1 0 0 1 C: 1 1 0 1 1 1 0 Kd: 1 0 1 1 0 0 1 M: 0 1 1 0 1 1 1
    19. 19. Symmetric Ciphers D ( K, E(k, m) ) = M Decryption of Encrypted Message = Original Message
    20. 20. Symmetric Ciphers 2 Identical Inputs = 2 different outputs
    21. 21. Making It Practical Stream Ciphers And Block Ciphers In danger of getting complex now…
    22. 22. Pseudo Randomness Pseudo Random Key PRF – Pseudo Rand Function PRG – Pseudo Rand Generator PRP – Pseudo Rand Permutation
    23. 23. Pseudo Random Keys Short Input => Long Output
    24. 24. Data Encryption Standard DES 1970 – 1976 - IBMs Lucifer cipher approved as Fed. Standard 1997 - DES is broken by exhaustive search Internet search – took 3 months 1998 – Deep Crack does it in 3 days (cost $250K) 1999 – combined search 22 hours 2000 – New Fed Standard adopted. Rijndael or AES
    25. 25. Feistel Network Common Block Cipher Construction DES is a 16 round Fiestel construction
    26. 26. Advanced Encryption Standard AES Uses block cipher – But NOT a Fiestel Construction 1997: DES Broken NIST requests proposal for new std 1999: 5 shortlisted options 2000: Rijndael chosen to be new AES
    27. 27. AES
    28. 28. Side Channel Attacks • • • • Timing Attacks Power Attacks Sound Attacks Replay Attacks
    29. 29. ECB Electronic Code Book Encrypted with ECB Encrypted in other modes show pseudo randomness
    30. 30. CBC Chain Block Cipher
    31. 31. CTR Counter Mode
    32. 32. MICs and MACs Message Integrity or Authentication Code Basically - Hash Functions MD5 - weak SHA-1 - weak SHA-256 - better Anti-Tamper codes
    33. 33. Authenticated Encryption Encrypt then MAC - always provides A.E. MAC then Encrypt is open to CCA attacks - it’s ok IF you use rand-CBC or rand-CTR mode - still open to padding attacks
    34. 34. Key Exchange
    35. 35. Public/Private Keys Public key used to encrypt Private key used to decrypt Uses large primes (600+ digits) and modulus of the powers of factors of that prime
    36. 36. Public/Private Keys ALICE Generate array of public & private keys Alice decrypts with Secret key To obtain Bobs random number BOB Bob chooses one public key Chooses a random secret {0,1}128 encrypts it using Public Key They now have a shared secret or key (Bobs number) with which to encrypt future messages
    37. 37. PHP – password storage • • • • • • • Raw / Plaintext – do people really do this? Roll your own encryption mechanism MySQL Encrypt() MD5() – no collision too common SHA and store salt bcrypt – No salt storage required phpass – no salt storage required
    38. 38. Golden Rule: Libraries, libraries, libraries Always use a tried & tested library *NEVER* Roll your own
    39. 39. PHP – MAC hash_hmac() hash_hmac ($algo, $data, $key [$raw_output = false]) hash_hmac(’sha256’,’phpbelfast rocks', ’MySecret');
    40. 40. PHP crypt()
    41. 41. PHP – openssl library openssl_get_cipher_methods() openssl_cipher_iv_length() openssl_encrypt() openssl_decrypt()
    42. 42. PHPass – for php v 5.4-
    43. 43. PHP password_hash() v5.5+ password_hash( $password, $algo [, $options] ) password_verify( $password, $hash )
    44. 44. Credits Cover image -Enigma Machine by Skittledog Creative Commons Fiestel Network Diagram Dan Boneh, Stanford Unversity (Coursera – Cryptography I course) Link Bundle
    45. 45. Final Thought “Only amateurs attack machines, professionals attack humans” - Bruce Schneier