Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fundamentals of Cryptography

816 views

Published on

John Lutteringer presented this at the Dallas Web Security Group's March Meeting.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

Fundamentals of Cryptography

  1. 1. Credera is a full-service management and Dallas Office Houston Office Austin Office Denver Office 15303 Dallas Parkway 800 Town & Country Blvd 9020 N Capital of Texas Hwy 5445 DTC Parkwaytechnology consulting firm. Our clients range Suite 300 Suite 300 Suite 345 Suite 1040from Fortune 1,000 companies to emerging Addison, TX 75001 Houston, TX 77024 Austin, TX 78759 Greenwood Village, CO 80111industry leaders. We provide expert, objectiveadvice to help solve complex business and 972.692.0010 Phone 713.496.0711 Phone 512.327.1112 Phone 303.623.1344 Phonetechnology challenges. 972.692.0019 Fax 713.401.9650 Fax 512.233.0844 Fax 303.484.4577 Fax
  2. 2. Fundamentals ofCryptographyDallas, TXMarch 12, 2013John LutteringerDiscussion document – Strictly Confidential & Proprietary
  3. 3. Agenda …Tonight we will overview some cryptography principles, and how symmetric andasymmetric approaches address them• What is Cryptography? – Definition – Four basic principles• How do we get these principles? – Two methods• Symmetric Key Cryptography – Diffie-Hellman key exchange – Limitations• Asymmetric Key Cryptography – Satisfying cryptographic principles – RSA keygen algorithm• Q&A Dallas Web Security Group 4/8/2013 3
  4. 4. Introduction Dallas Web Security Group 4/8/2013 4
  5. 5. Introduction …John Lutteringer John Lutteringer John Lutteringer is a Consultant in the Custom Java practice at Credera. John graduated from Baylor University with a BS in Computer Science – Software Engineering and a minor in Mathematics. His technical skills include a focus on predominately open source web technologies with Java + Spring MVC as the most familiar. Additionally, John is familiar with relevant technologies like HTML and CSS, Javascript, SQL, and also agile development methodologies, software development life cycle, software design, and design patterns. John’s background in web security comes from a combination of personal study and schooling along with a passion for learning about new technologies. Dallas Web Security Group 4/8/2013 5
  6. 6. What is Cryptography? Dallas Web Security Group 4/8/2013 6
  7. 7. What is Cryptography? …Cryptography focuses on one major problem – How do we establishcommunication secure from third parties?Definition• The science or study of the techniques of secret writing, especially code and cipher systems, methods, and the likeThe Perfect Cryptographic System• What should it do? – Provide secure communication – Anything else??• What other characteristics should it have? – Hard or impossible to decrypt – Simple to understand/implement – Fast – Versatile in terms of medium (internet, paper messages, radio, etc.) – Deterministic – Variable – Walks your dog Dallas Web Security Group 4/8/2013 7
  8. 8. What is Cryptography? …Four basic principles• Encryption – How do we convert data into some unreadable form?• Authentication – How can I prove you are who you say you are?• Integrity – How can I be sure the message you sent hasn’t been modified?• Non Repudiation – How can I prove that the message was sent by you, even if you deny it? Dallas Web Security Group 4/8/2013 8
  9. 9. What is Cryptography? …Encryption – How do we convert data into some unreadable form?• The sender and receiver share some “secret” that they only know. This secret is then used to encrypt and decrypt messages so that intercepted messages are unreadable.• What do we want? – Has to be hard or impossible to decrypt (computationally intractable) – Has to be hard to decrypt even if the attacker has access to an unlimited number of plaintext and its corresponding ciphertext – Need some way to distribute our secret key without a secure channel (key distribution problem) Dallas Web Security Group 4/8/2013 9
  10. 10. What is Cryptography? …Authentication – How can I prove you are who you say you are?• Why do we need this? – Internet is inherently anonymous – Trust is a problem – What if a trusted source has been compromised? How do we know? Dallas Web Security Group 4/8/2013 10
  11. 11. What is Cryptography? …Integrity – How can I be sure the message you sent hasn’t been modified?• Why do we need this? – The internet is essentially a series of handoffs between routers – Even if the endpoints are secure, and intermediary router could be compromised – Possible to modify encrypted text even if an attacker can’t understand it Dallas Web Security Group 4/8/2013 11
  12. 12. What is Cryptography? …Non Repudiation – How can I prove the message was sent by you, even if youdeny it?• Why do we need this? – Legal reasons – Digital signatures – Accountability Dallas Web Security Group 4/8/2013 12
  13. 13. How do we get these principles? Dallas Web Security Group 4/8/2013 13
  14. 14. How do we get these principles? …Two predominate methods• Symmetric Key Cryptography – “Familiar” approach – Sender and receiver share a secret key and use that secret key to encrypt and decrypt messages• Asymmetric Key Cryptography (Public Key Cryptography) – Pairs of keys - each entity as a public key, which is shared to everyone, and a private key, which is shared to no one – Any message encrypted with a public key can be decrypted with a private key and vice versa, but an encrypted message cannot be decrypted by the same key that encrypted it as in symmetric key encryption• In practice, the methods are typically used together as a way to play off the advantages of each – RSA/IDEA – DSA/BLOWFISH Dallas Web Security Group 4/8/2013 14
  15. 15. Symmetric Key Cryptography Dallas Web Security Group 4/8/2013 15
  16. 16. Symmetric Key Cryptography …Symmetric Key Cryptography• Principles satisfied – Encryption - Yes! – Authentication - ??? – Integrity - ??? – Non repudiation - ???• Advantages – Fast – Conceptually simple to understand• Disadvantages – How do we distribute keys?  Hardcode keys?  Some other way?? – Can we satisfy our four baseline principles? Dallas Web Security Group 4/8/2013 16
  17. 17. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange• The algorithm relies on the mathematical identity: – (ga)b mod p = (gb mod p)a mod p Dallas Web Security Group 4/8/2013 17
  18. 18. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange Alice BobKnows: Eve Knows:a=6 b = 15 Computes secret Computes secret integer a = 6 integer b = 15 Dallas Web Security Group 4/8/2013 18
  19. 19. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob EveKnows: Knows: Knows:a=6 b = 15 p = 23p = 23 p = 23 g=5g=5 g=5 Sends prime number p = 23 and Intercepts p and g Recieves p and g base g = 5 Dallas Web Security Group 4/8/2013 19
  20. 20. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange Alice BobKnows: Eve Knows:a=6 Knows: b = 15p = 23 p = 23 p = 23g=5 g=5 g=5A=8 B = 19 Calculates A = Calculates B = ga mod p gb mod p A=8 B = 19 Dallas Web Security Group 4/8/2013 20
  21. 21. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange Bob Alice Eve Knows:Knows: Knows: b = 15a=6 p = 23 p = 23p = 23 g=5 g=5g=5 A=8 B = 19A=8 A=8 Sends A Intercepts A Recieves A Dallas Web Security Group 4/8/2013 21
  22. 22. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob EveKnows: Knows: Knows:a=6 b = 15 p = 23p = 23 p = 23 g=5g=5 g=5 A=8A=8 B = 19 B = 19B = 19 A=8 Receives B Intercepts B Sends B Dallas Web Security Group 4/8/2013 22
  23. 23. Symmetric Key Cryptography …Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob EveKnows: Knows: Knows:a=6 b = 15 p = 23p = 23 p = 23 g=5g=5 g=5 A=8A=8 B = 19 B = 19B = 19 A=8 s = ???s=2 s=2 Computes Computes s = Ba mod p s = Ab mod p s=2 s=2 We know Ba mod p = Ab mod p = (ga)b mod p from our identity: (ga)b mod p = (gb mod p)a mod p Dallas Web Security Group 4/8/2013 23
  24. 24. Symmetric Key Cryptography …What about our four principles?• Now we know we can distribute symmetric keys over an unsecure network to establish a secure channel, can we also use symmetric keys to get our four desired properties?• Encryption – This one is easy! – Alice sends message M to Bob encrypted with their shared key s: Es(M) – Bob decrypts Alice’s message with the shared key: Ds(Es(M)) = M• Authentication – Since the keys are temporary, there’s no good way to establish authenticity baked into the cryptographic system – Authentication is not possible through symmetric key encryption, at least not without using some mechanism external to the cryptographic method itself Dallas Web Security Group 4/8/2013 24
  25. 25. Symmetric Key Cryptography …What about our four principles?• Integrity – Alice sends encrypted message M to Bob Es(M) along with its encrypted hash Es(H(M)) – Bob decrypts Alice’s message Ds(Es(M)) = M and the hash Ds(Es(H(M))) = H(M) – Bob hashes Alices message H(M) and compares it to the hash Alice sent, if the hashes are equal, then we can be confident that integrity holds• Non repudiation – Much like authentication, without permanent keys trust cannot be established, so this is not possible without some external mechanism Dallas Web Security Group 4/8/2013 25
  26. 26. Asymmetric Key Cryptography Dallas Web Security Group 4/8/2013 26
  27. 27. Asymmetric Key Cryptography …Asymmetric Key Cryptography• In asymmetric key cryptography, each party has two keys, a public key and a private keys• The public key is shared to the world, and the private key is kept private• The keys are generated in such a way that any message encrypted by the public key in the pair can only be decrypted by the private key, and vice versa• Advantages – Symmetric Key Cryptography only satisfied two of our four principles. We can do better! – Key distribution isn’t a problem. We want everyone to see our public key!• Disadvantages – Slow, at least compared against symmetric key cryptography – Non intuitive Dallas Web Security Group 4/8/2013 27
  28. 28. Asymmetric Key Cryptography …Encryption - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to send Bob an Decrypts Alice’s encrypted message with message his private key DBpriv(EBpub(M)) Sends Bob a =M message M encrypted with Bob’s public key EBpub(M) Dallas Web Security Group 4/8/2013 28
  29. 29. Asymmetric Key Cryptography …Authentication - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to Sends Bob an validate Alice’s encrypted identity message EBpub(M) “signed” with Decrypts message with her private Alice’s public key key to get DApub(EApriv(EBpub(M))) = EApriv(EBpub(M)) EBpub(M)) Then, decrypts with private key DBpriv(EBpub(M)) = M Dallas Web Security Group 4/8/2013 29
  30. 30. Asymmetric Key Cryptography …Integrity - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to know Sends Bob an Alice’s message encrypted hasn’t been message modified EBpub(Mo) and the hash Decrypts message of that DBpriv(EBpub(Mr)) = Mr message, Decrypts hash encrypted DBpriv(EBpub(H(Mo))) = H(Mo) EBpub(H(Mo)) Verify integrity by hashing received message H(Mr) = H(Mo) Dallas Web Security Group 4/8/2013 30
  31. 31. Asymmetric Key Cryptography …Non Repudiation - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to Sends Bob an validate Alice’s encrypted identity message EBpub(M) “signed” with Decrypts message with her private Alice’s public key key to get DApub(EApriv(EBpub(M))) = EApriv(EBpub(M)) EBpub(M)) Then, decrypts with private key DBpriv(EBpub(M)) = M Dallas Web Security Group 4/8/2013 31
  32. 32. Asymmetric Key Cryptography …How does asymmetric key cryptography work?• Asymmetric key cryptography works in a similar manner to symmetric key cryptography except that the keys are generated in a special manner that allows them to decrypt only messages encrypted by the other key in the pair• While there are many ways to do this, the most common algorithm is known as the RSA keygen algorithm• RSA Algorithm: 1. Choose two distinct prime numbers p and q 2. Compute n = pq 3. Compute φ(n) = (p – 1)(q – 1) where φ is Euler’s totient function 4. Chose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 (e and φ(n) are coprime) 5. Solve for d given de ≡ 1 (mod φ(n)) 6. Compute keys: Public key: (n, e); To encrypt: C ≡ Me (mod n) Private key (n, d); To decrypt: M ≡ Ce (mod n) Dallas Web Security Group 4/8/2013 32
  33. 33. Asymmetric Key Cryptography …RSA key generation algorithm1. Choose two distinct prime numbers p and q p = 61 q = 53 Dallas Web Security Group 4/8/2013 33
  34. 34. Asymmetric Key Cryptography …RSA key generation algorithmp = 61q = 532. Compute n = pq n = (61)(53) = 3233 Dallas Web Security Group 4/8/2013 34
  35. 35. Asymmetric Key Cryptography …RSA key generation algorithmp = 61q = 53n = 32333. Compute the totient of the product (pq) as (p - 1)(q - 1) φ(3233) = (61 - 1)(53 - 1) = 3120 Dallas Web Security Group 4/8/2013 35
  36. 36. Asymmetric Key Cryptography …RSA key generation algorithmp = 61q = 53n = 3233φ(n) = 31204. Choose and number 1 < e < φ(n) that is coprime to φ(n) Picking this number could be hard, but if we choose a prime number, then we just have to make sure that 3120 isn’t divisible by it So lets choose e = 17 Dallas Web Security Group 4/8/2013 36
  37. 37. Asymmetric Key Cryptography …RSA key generation algorithmp = 61q = 53n = 3233φ(n) = 3120e = 175. Solve for d given de ≡ 1 (mod φ(n)) This is a different way to write the modular multiplicative inverse of e (mod φ(n)) d(17) ≡ 1 (mod 3120) d = 2753 (17 * 2753 = 46801 which has remainder 1 when divided by 3120) Dallas Web Security Group 4/8/2013 37
  38. 38. Asymmetric Key Cryptography …RSA key generation algorithmp = 61q = 53n = 3233φ(n) = 3120e = 17d = 2753• To encrypt, our public key is (n = 3233, e = 17) with function C ≡ Me (mod n) Lets say M = 65 C ≡ 6517 (mod 3233) C = 2790 Dallas Web Security Group 4/8/2013 38
  39. 39. Asymmetric Key Cryptography …RSA key generation algorithmp = 61q = 53n = 3233φ(n) = 3120e = 17d = 2753C = 2790• To decrypt, our private key is (n = 3233, d = 2753) with function M ≡ Cd (mod n) M ≡ 2790 2753 (mod 3233) M = 65 Dallas Web Security Group 4/8/2013 39
  40. 40. Credits Dallas Web Security Group 4/8/2013 40
  41. 41. Credits …Credits• Credera• http://dictionary.reference.com/browse/cryptography• http://www.thegeekstuff.com/2012/07/cryptography-basics/• http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html• All of Wikipedia• http://mathworld.wolfram.com Dallas Web Security Group 4/8/2013 41
  42. 42. Q&A Dallas Web Security Group 4/8/2013 42

×