Advanced Encryption Concepts: Digital Security in the Real World

ADVANCED ENCRYPTION
CONCEPTS
Digital security in The Real World
©MatthewMcCullough,AmbientIdeas,LLC

This Talk
★ Research
★ Books
★ News Events
★ Costs
★ Laws
★ Deeper JVM Encryption
★ Encoding
★ Hashing
★ Salting
★ Keytool
★ SSL, TLS
★ Elliptic Curve Cryptography
★ Other Techniques
★ Steganography
★ Higher Level Libraries

Bit Strength
! Performance not directly proportional to bit
strength increases
! Compare 512, 1024, 2048, 4096 bit RSA

Cracks in the News
! Thomas Jefferson letter

Cracks in the News
! Pacemakers

Cracks in the News
! Iraq drone video feeds

At least use some form of encryption!

Cracks in the News
! London Tube Oyster cards

Microscope-wielding boffins crack Tube smartcard
The keys to London Underground, and plenty more
By Dan Goodin in San Francisco • Get more from this author
Posted in ID, 12th March 2008 05:02 GMT
Free whitepaper – Protecting personally identifiable information
Security researchers say they've found a way to crack the encryption used to protect a widely-
used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone
the cards that are used to secure office buildings and automate the collection of mass
transportation fares.
The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP
Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by
organizations in the public and private sectors to control access to sensitive areas, according
to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers
who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards.
The wireless devices are growing in popularity because of their low cost - about 50 cents
apiece - and they offer many of the advantages of radio frequency identification (RFID)
technology. Specifically, smartcards don't require contact with the mechanical readers used by
transit agencies, which lowers operators' costs and are quicker and more convenient for users.
The research team was able to obtain the card's proprietary encryption scheme by physically
dissecting its chip and examining it under a microscope. They then photographed various
levels of its circuitry and used optical recognition software to produce a 3D representation of
the entire chip. By examining the logic gates in great detail, they were able to deduce the
proprietary algorithm, which NXP dubs Crypto1.

Cracks in the News
! GSM Phones, A5/1 cipher

Cracks in the News
! WiFi Connections
! Databases
! Passwords
! Credit Card Numbers

Only 25% of enterprises
responding to the Ponemon 2009
survey even had encryption on
their “priority” list

85% of respondents to the Ponemon
2009 survey had a detected a data breach
in the last 12 months

Encryption&TheLaw
★ Encryption considered a munition
under international law
★ 1999 relaxation of US rules

It was just ~200 lines of an RSA implementation

/******************************************************************************
*
* Copyright (c) 1998,99 by Mindbright Technology AB, Stockholm, Sweden.
* www.mindbright.se, info@mindbright.se
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*****************************************************************************
* $Author: nallen $
* $Date: 2001/11/12 16:31:16 $
* $Name: $
*****************************************************************************/
/*
* !!! Author's comment: The contents of this file is heavily based
* upon Tatu Ylonen's c-code in the ssh1.2.26 package, which in turn
* is a standard implementation of the RSA algorithm, the code is
* rather trivial (though the math behind it is not :-). I don't know
* whom are responsible for the original optimization using the
* Chinese remainder theorem which I guess is the only non-trivial
* part of this implementation. Please note that RSA can't be used
* without proper licensing in the United States.
*
* Below is some references to useful information about RSA:
*
* Bruce Schneier: Applied Cryptography 2nd ed., John Wiley & Sons, 1996
* Arto Salomaa: Public-Key Cryptography 2nd ed., Springer-Verlag, 1996
* Man Young Rhee: Cryptography and Secure Data Comm., McGraw-Hill, 1994
* R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications

break;
if(i == strip.length)
throw new IOException("Invalid strip-data");
val = new byte[strip.length - i];
System.arraycopy(strip, i, val, 0, val.length);
return new BigInteger(val);
}
public static BigInteger doPad(BigInteger input, int padLen, SecureRandom rand) throws
IOException {
BigInteger result;
BigInteger rndInt;
int inByteLen = (input.bitLength() + 7) / 8;
int padByteLen = (padLen + 7) / 8;
if(inByteLen > padByteLen - 3)
throw new IOException("rsaPad: Input too long to pad");
// !!! byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1];
byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1];
rand.nextBytes(ranBytes);
ranBytes[0] = 0;
for(int i = 1; i < (padByteLen - inByteLen - 3 + 1); i++)
if(ranBytes[i] == 0)
ranBytes[i] = 0x17;
rndInt = new BigInteger(ranBytes);
rndInt = rndInt.shiftLeft((inByteLen + 1) * 8);
result = new BigInteger("2");
result = result.shiftLeft((padByteLen - 2) * 8);
result = result.or(rndInt);
result = result.or(input);
return result;
}
}

The Jobs
★ National Security Agency (NSA)
★ Single largest employer of mathematicians in the world

!"#$%&'()*+,*-,$./0)'+,*1,2*3)"#.*45,6+.71)'+,*8#$9.')/:*;9,$)'+,(
8##*5,().9$)'+,*8"##)
<=**>+#(*/+9.*0.+29$)*0#.6+.7*?$./0)+@.10"/?A*+.*+)"#.B'(#*$+,)1',*1,/*01.)(*+.
$+70+,#,)(*)"1)*1.#*$101C&#*+6*0#.6+.7',@*1,/*+6*)"#*6+&&+B',@*?',6+.71)'+,
(#$9.')/?*69,$)'+,(D*
EF1.%*B')"*1,*?G?*1&&*)"1)*100&/H
1= #,$./0)'+,
C=* 2#$./0)'+,*+,&/*E,+*#,$./0)'+,H
$= %#/*71,1@#7#,)*I*09C&'$*%#/*',6.1().9$)9.#*EJK5H
2= 19)"#,)'$1)'+,*E#=@=A*01((B+.2*0.+)#$)'+,A*2'@')1&*('@,1)9.#(H
#=* $+0/*0.+)#$)'+,
6=* 1,)'LM'.9(*0.+)#$)'+,
@=** +)"#.**E0&#1(#*#N0&1',H*O*PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
"=** Q3Q-*I*Q3R*SJJT5!SUT-
V=**;+.*')#7(*B')"*#,$./0)'+,A*2#$./0)'+,*1,2I+.*%#/*71,1@#7#,)*69,$)'+,(*E<=1A
<=CA*<=$*1C+M#HO
1=***W"1)*(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*XYLC')*>-8A*<<V*I
<YZLC')*R.'0&#L>-8A*<VZ*I*VXYLC')*S-8*I*[',21#&H*1.#*'70&#7#,)#2*+.
(900+.)#2D
C=**W"1)*1(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*X<VLC')*[8S*I
>'66'#L]#&&71,A*<^V_*I*V^_ZLC')*[8S*I*>'66'#L]#&&71,H*1.#*'70&#7#,)#2*+.
(900+.)#2D
$=**W"1)*#,$./0)'+,*0.+)+$+&(*E#=@=A*88TA*88]A*5J8-!*+.*JK!8*()1,21.2(H*1.#
'70&#7#,)#2*+.*(900+.)#2D
2=**W"1)*)/0#*+6*21)1*'(*#,$./0)#2D
`=**;+.*0.+29$)(*)"1)*$+,)1',*1,*?#,$./0)'+,*$+70+,#,)?A*$1,*)"'(*#,$./0)'+,
$+70+,#,)*C#*#1('&/*9(#2*C/*1,+)"#.*0.+29$)A*+.*#&(#*1$$#((#2*I*.#L).1,(6#..#2*C/
)"#*#,2L9(#.*6+.*$./0)+@.10"'$*9(#D

ENCODING
makes data transport easy

Base64
★ Means of making data safe for transport
★ Email
★ Query string
★ XML
★ JSON
★ Removes need for escapes sequences

Hashes
★ All passwords should be hashed
★ Never store in any recoverable form
★ Reduce risk

Hashes
★ Hall of shame for plaintext passwords
★ http://www.nist.org/nist_plugins/content/content.php?content.54

Hash Algorithms
★ MD5
★ vulnerable
★ keyless
★ SHA1
★ stronger
★ keyless

MACs
★ MAC
★ Message Authentication Code
★ Arbitrary implementation (conceptual)
★ HMAC
★ Hash plus Message Authentication Code
★ Hash (like SHA-1) plus a Key (like RSA)

MACs
★ Verifies both the data integrity and the
authenticity of a message

SALTING
makes everything safer

Salt approaches
★ Random number
★ Stored in the clear next to the hash
★ Email address hash
★ Not (required to be) stored
★ Literally append to password hash

Salt Goals
★ Stops use of rainbow tables of hashes
★ Requires each password be cracked individually
★ Cracks become impractically slow

Rainbow Table
Password Hash
1234 7S9TT1U
john X54EJK11
password U99=3DK1
ihatemyjob L4OI192W
puppy Q82B3NW
letmein H99Z1M9
1968-10-19 A7fb92E

Database
Username Password Hash
matthewm 7S9TT1U
johnt X54EJK11
ellingsonb U99=3DK1
s.brin L4OI192W
n.ford Q82B3NW
tomf H99Z1M9
johnl A7fb92E

Database
rname Password Hash
thewm 7S9TT1U
hnt X54EJK11
gsonb U99=3DK1
brin L4OI192W
ord Q82B3NW
omf H99Z1M9
hnl A7fb92E
Hash Pass
7S9TT1U 12
X54EJK11 jo
U99=3DK1 pass
L4OI192W ihate
Q82B3NW pu
H99Z1M9 let
A7fb92E 1968

JDK KEYTOOL
makes data transport easy

Keytool
★ Manages
★ Keystores
★ Truststores
★ Functions
★ -genkey
★ -list
★ -import
★ -export

Creatingakeystore
keytool -genkeypair -keyalg RSA -keysize 2048 -
keystore myapp.keystore
Enter keystore password: ********
Re-enter new password: ********
What is your first and last name?
[Unknown]: Matthew McCullough
What is the name of your organizational unit?
[Unknown]: Consulting
What is the name of your organization?
[Unknown]: Ambient Ideas, LLC
What is the name of your City or Locality?
[Unknown]: Denver
What is the name of your State or Province?
[Unknown]: Colorado
What is the two-letter country code for this unit?
[Unknown]: US

Creatingakeystore
keytool -genkeypair -keyalg RSA -keysize 2048 -
keystore myapp.keystore
Enter keystore password: ********
Re-enter new password: ********
What is your first and last name?
[Unknown]: Matthew McCullough
What is the name of your organizational unit?
[Unknown]: Consulting
What is the name of your organization?
[Unknown]: Ambient Ideas, LLC
What is the name of your City or Locality?
[Unknown]: Denver
What is the name of your State or Province?
[Unknown]: Colorado
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Matthew McCullough, OU=Consulting, O="Ambient
Ideas, LLC", L=Denver, ST=Colorado, C=US correct?
[no]: yes
Enter key password for <mykey>
! (RETURN if same as keystore password):

TRANSPORT LEVEL
ENCRYPTION
abstracted from the data

Implementations
★ Web
★ SSL 1.0, 2.0
★ TLS

Server sends X509 certiﬁcate
(public key)
Client "hello"
CA
Client validates certiﬁcate or
allows override approval
Client generates random symmetric key
Signs it with server public key
Encrypted communication

Tomcat and SSL
★ Usually fronted, handled by Apache
★ But if you really want it, offered via Tomcat
★ http://tomcat.apache.org/tomcat-6.0-doc/
ssl-howto.html

ELLIPTIC CURVE
AES speed meets RSA keys

The concept
★ Elliptic Curve Cryptography (ECC)
★ Premise
★ “elliptic curve logarithm”
★ Getting the discrete logarithm of an elliptic curve
node is infeasible
★ Difficulty of finding A from B
★ Ease of finding B given A

The Goals
★ Reduces storage, footprint
★ Increases speed over standard public key
encryption
★ Aiming to beat RSA

The Risk
★ No mathematical proof yet
★ Patent encumbrances

The Endorsement
★ NSA
★ Approved for Top Secret
★ Open Source Implementations
★ BouncyCastle
★ OpenSSL

STEGANOGRAPHY
not just 3d-pictures from the newspaper

Steganography
! Hidden data in visible data
! Not usually encrypted
! Pedestrian files
! Quantity of files creates
confusion

Steganography
★ High signal to noise ratio (SNR)
★ Slow compared to encryption
★
but Inconspicuous

Steganography
★ Invisible?
★ Techniques
★ Luminosity
★ Hue
★ Compression
★ Metadata

HIGHER LEVEL LIBRARIES
making encryption with Java easier

KeyCzar
★ Highest level abstraction
★ Custom key format
★ Authored by Google Security Team
★ Intelligent encryption defaults

KeyczarTool create
--location=/path/to/keyset
--name=testkeyring
--purpose=sign

Encrypter.Encrypt(dataB64String)
Crypter.Decrypt(ciphertextB64String)
Signer.Sign(dataB64String)
Verifier.Verify(dataB64String)

Bouncy Castle
★ JCE Provider
★ Many more encryption and digest
algorithms than the Sun provider (AES)

Bouncy Castle
<java_home>/lib/security/java.security
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
...
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

Jasypt
Frictionless Java encryption

ConfigurablePasswordEncryptor pe =
new ConfigurablePasswordEncryptor();
pe.setAlgorithm("SHA-512");
pe.setPlainDigest(false);
pe.setStringOutputType("base64");
String encryptedPassword =
pe.encryptPassword(TEXT_TO_ENCRYPT);

Hibernate
Encryption in the ORM/DB world

<hibernate-mapping package="myapp">
...
<typedef name="encryptedString"
class="org.jasypt.hibernate.type.EncryptedStringType">
<param name="algorithm">PBEWithMD5AndTripleDES</
param>
<param name="password">mypass</param>
<param name="keyObtentionIterations">1000</param>
</typedef>
<class name="UserData" table="USER_DATA">
...
<property name="address" column="ADDRESS"
type="encryptedString" />
<class>
<hibernate-mapping>

Spring
Framework
Securing data and conﬁgurations

GNU
★ Non JCE implementations
★ Hundreds of algorithms
★ Legacy algorithms

In Summary
★ Laws
★ Know the rules for import and export
★ Get the appropriate approvals
★ Hashing
★ Proper bit strength (algorithm)
★ Salt is a modern requirement
★ Encrypting
★ Know the performance of your algorithm
★ Choose a future-proof bit size key

ADVANCED JVM ENCRYPTION
Digital security in Practice
Email
Twitter
Blog
Matthew McCullough
matthewm@ambientideas.com
@matthewmccull
http://ambientideas.com/blog

★ http://delicious.com/matthew.mccullough/
encryption
★ http://www.bouncycastle.org/java.html
★ http://code.google.com/p/keyczar/wiki/
KeyczarPhilosophy
★ http://crypto.stanford.edu/sjcl/
★ http://www.gnu.org/software/gnu-crypto/
★ http://www.jasypt.org/download.html
References

★ Sample Code
★ http://github.com/matthewmccullough/
encryption-jvm-bootcamp
★ Miscellaneous
★ http://www.ietf.org/rfc/rfc3852.txt
★ http://en.wikipedia.org/wiki/
Abstract_Syntax_Notation_One
References

• http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
• http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
• http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
• http://download.oracle.com/javase/6/docs/api/java/security/Security.html
References

★ CMS
★ Cryptographic Message Syntax (CMS) objects
★ RFC 3852
★ PKCS#7 (formerly RFC 2630, 3369)
★ http://www.ietf.org/rfc/rfc3852.txt
★ ASN.1
★ Abstract Syntax Notation One
★ 1984 X.409, 1988 X.208, 1995 X.680, 2002
★ http://www.asn1.org/
Acronyms

★ http://www.ambientideasphotography.com
★ http://stockfootageforfree.com/
★ All others, iStockPhoto.com
Credits

Advanced Encryption Concepts: Digital Security in the Real World

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (19)

Similar to Advanced Encryption Concepts: Digital Security in the Real World

Similar to Advanced Encryption Concepts: Digital Security in the Real World (20)

More from Matthew McCullough

More from Matthew McCullough (20)

Recently uploaded

Recently uploaded (20)

Advanced Encryption Concepts: Digital Security in the Real World