Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Manchester 2013 1
Fred Piper
Information Security Group
Cryptography
From Black Art
to
Popular Science
Fred Piper
Codes & Ciphers Ltd
12 Duncan Road, Richmond
Surrey, TW9 2JD
Roy...
Aims of Lecture
• To enjoy ourselves
• To look at some implementation issues for
cryptographic systems
• To see how crypto...
Industry’s Problems with Implementing
Cryptography
• No real problems with algorithms – it’s the wraparounds
• Serious con...
A Little History
• Pre-1975: Hush hush!
– Practised mainly by Governments and military
• Early 1980s: Courses start
– Cust...
Popular Does Not Mean Easy
• Golf is a popular sport
• Anyone can swing a golf club
• Occasionally a complete novice will ...
Royal Holloway: Our Most Famous Ex-Student?
Manchester 2013 7
Manchester 2013
Why is the Profile of Encryption Growing?
• Increase in volume of communications over
insecure channels
• ...
Bletchley Park
Manchester 2013 9
Some Important Changes since 1945
• Advent of software
• Advent of fast computers
• Advent of new communications media
• A...
Manchester 2013 11
What is Information Security?
Information Security includes the following three
aspects:
• Confidential...
Authentication
• It is important to authenticate people and
devices
• Man-in-the-Middle Attacks
• How to beat a Grand Mast...
Manchester 2013
Early Definition of a Cipher System
Cryptogram
c
Key
Encryption
Algorithm
Message
m Decryption
Algorithm
K...
Confidentiality
How do you keep a secret?
• Don’t let anyone have access to the information
• Disguise it so that ‘unautho...
Warnings
• If that key is lost and the algorithm is strong then
your data is lost ‘forever’
• If someone else gains access...
Breaking an Algorithm
• Being able to determine plaintext from ciphertext
without being given key
• Exhaustive key search ...
Breaking a Security System
• ‘Broken’ is an emotive term
• Attacks often work only in unrealistic conditions
chosen by att...
The ‘Secure Channel’ Concept
AIM: To send information securely over an insecure
network
•We achieve this by building a “se...
Attacking Cryptographic Systems
•Passive interceptor attempts to break algorithm
•Active interceptor has more options
•Int...
Manchester 2013
Is PK Cryptography built on a ‘sound’
basis?
“Many cryptographic systems rely on the inability
of mathemat...
Are Today’s Algorithms ‘Future Proof’?
• Symmetric algorithms
–if well designed then key searches are ‘best’ attacks
–Main...
A Never Ending Debate
• What gives us confidence in an algorithm?
–Standards?
–Ask the opinions of experts?
• Early debate...
Kerchoff’s Principle
• The security of a cryptographic system should not depend on
keeping the encryption algorithm secret...
It is NOT just about Algorithms
Early 1980s:
• Thorn EMI conference
“Security is People”
Early 1990s:
• Ross Anderson’s pa...
A Fact of Life !
• In theory there is no difference between
theory and practice. In practice there is.
Manchester 2013 25
RSA: The Theory
• The published modulus is the product of 2 secret
primes
• Knowledge of the secret primes makes it easy t...
Attacks on RSA
The theory assumes that the attacker will need to
factor n using a mathematical factorisation
algorithm
In ...
Progress?
• So have we learnt from these early mistakes?
In theory: YES
In practice: NO
Manchester 2013 28
‘Shared’ Primes
• Factoring RSA moduli is very difficult
• Finding g.c.d. of two RSA moduli is easy
• Factoring two RSA mo...
“Ron was wrong, Whit is right”
“When exploited it could affect the expectation that
the public key infrastructure is inten...
Cryptographic Systems
• The use of strong algorithms prevents attackers
from calculating or guessing keys
• Keys need to b...
Protecting Keys (Storage or Distribution)
• Physical security
– Tamper Resistant Security Module (TRSM)
– Tokens (Smart Ca...
Side Channel Attacks (1)
To find a cryptographic key
• Exhaustive key search attacks try to find the
secret key by random ...
Side Channel Attacks (2)
• Changed the way cryptographers think about
security
– Properties of digital circuits are far mo...
Some Recent ‘Changes’
• More attacks concentrate on the implementation of
the algorithm and the accompanying protocols
• S...
Error Messages
ATM transaction
• Incorrect PIN
• Insufficient funds in account
• Exceeded daily limit
Manchester 2013 36
Disclaimer: Cryptography ≠ Security
• Crypto is only a tiny piece of the security puzzle
– but an important one
• Most sys...
Security Breaches
Many Reasons:
• Badly designed systems
• Inappropriate policies
• Human error
• Clever, innovative (tech...
Public Key Infrastructures
• Certification Authorities
• Sign certificates to bind user’s ID to their public
key
• Hierarc...
DigiNotar
• Netherlands based CA
• Host many other CAs
– SSL certificates
– Qualified certificates
– Government accredited...
Problem
• Who, or what, can we trust?
Manchester 2013 41
Protocol Security (1)
In recent work analysing Internet protocols:
• A design flaw in SSH leading to a plaintext recovery
...
Protocol Security (2)
• In all cases the cryptographic algorithms are secure
but the protocols are insecure
• The attacks ...
Some Things Never Change
• The widespread use of encryption for confidentiality
has always been a cause of concern for Gov...
Manchester 2013 45
Saints or Sinners ?
Receiver
Interceptor
Sender
Who are the ‘good’ guys ?
Manchester 2013 46
Law Enforcement’s Dilemmas
• Do not want to intrude into people’s private
lives
• Do not want to hinder...
Loss of Control of Encryption
•Academic papers
–Attacks on DES
–New algorithms
•Text books
•Need for international systems...
Newton Minow, Speech to the Association of
American Law Schools, 1985
•After 35 years, I have finished a comprehensive stu...
Manchester 2013
Future Developments ?
• Steganography
– You hide information rather than distort it
– Harder to detect?
• ...
Upcoming SlideShare
Loading in …5
×

Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science

1,383 views

Published on

A high level view, without using maths of the development in cryptography since World War 2. Professor Piper covers the changing attitudes of governments, the significance of Public key cryptography in modern society and the potential impact on information security professionals.

This was a presentation for the Institute of Information Security Professionals NW branch meeting in Manchester on 11th June 2013.

The copyright is held by the author - Prof. Fred Piper

Published in: Technology, Education
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • It's so easy that you can find it with your eyes shut. For example, as for me the best and the most responsibly working service is this one - ⇒ www.HelpWriting.net ⇐ - you'll find there everything you need. And the prices are reasonable.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get HERE to Read This eBook === http://freedaduada.qpoe.com/1855927179-fred-basset-no-43.html
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science

  1. 1. Manchester 2013 1 Fred Piper Information Security Group
  2. 2. Cryptography From Black Art to Popular Science Fred Piper Codes & Ciphers Ltd 12 Duncan Road, Richmond Surrey, TW9 2JD Royal Holloway, University of London Egham Hill, Egham Surrey TW20 0EX f.piper@rhul.ac.uk www.isg.rhul.ac.uk
  3. 3. Aims of Lecture • To enjoy ourselves • To look at some implementation issues for cryptographic systems • To see how cryptography has changed in the last 40 years Manchester 2013 3
  4. 4. Industry’s Problems with Implementing Cryptography • No real problems with algorithms – it’s the wraparounds • Serious concerns about some recent events – DigiNotar, RSA • Not sure how they should be regarding possibility of quantum computers • Cryptography needs standards (change slowly), but we need flexibility • Need for early warning about necessary changes (e.g. key lengths) • Concerns about timeliness of hardware (cryptographers recommend changes faster than hardware can be replaced) Manchester 2013 4
  5. 5. A Little History • Pre-1975: Hush hush! – Practised mainly by Governments and military • Early 1980s: Courses start – Customers start to know what they require • Early 1990s: Qualifications start – The role of security manager is no longer a punishment • Early 2000s: Popular science – Everyone knows about it • Today: Fundamental to e-commerce, e-Government etc Manchester 2013 5
  6. 6. Popular Does Not Mean Easy • Golf is a popular sport • Anyone can swing a golf club • Occasionally a complete novice will hit a good tee short • Being a professional is hard work – Training – practice Manchester 2013 6
  7. 7. Royal Holloway: Our Most Famous Ex-Student? Manchester 2013 7
  8. 8. Manchester 2013 Why is the Profile of Encryption Growing? • Increase in volume of communications over insecure channels • Increased requirement for remote access to information • Regulatory requirements for ‘adequate’ protection of data • Need for electronic ‘equivalent’ to handwritten signatures and other forms of identification • It can be fun! 8
  9. 9. Bletchley Park Manchester 2013 9
  10. 10. Some Important Changes since 1945 • Advent of software • Advent of fast computers • Advent of new communications media • Advent of binary codes • Increase in general awareness • Many applications other than provision of confidentiality • Public key cryptography • Seen as part of a wider discipline: Information Security Manchester 2013 10
  11. 11. Manchester 2013 11 What is Information Security? Information Security includes the following three aspects: • Confidentiality – Protecting information from unauthorised disclosure, perhaps to a competitor or to the press • Integrity – Protecting information from unauthorised modification, and ensuring that information, such as a customer list, can be relied upon and is accurate and complete • Availability – Ensuring information is available when you need it NOTE: Impersonating an authorised user is ofter a more effective form of attack than ‘breaking’ the technology
  12. 12. Authentication • It is important to authenticate people and devices • Man-in-the-Middle Attacks • How to beat a Grand Master at chess Manchester 2013 12
  13. 13. Manchester 2013 Early Definition of a Cipher System Cryptogram c Key Encryption Algorithm Message m Decryption Algorithm Key Message m Interceptor Key establishment channel (secure) 13
  14. 14. Confidentiality How do you keep a secret? • Don’t let anyone have access to the information • Disguise it so that ‘unauthorised’ people cannot understand it – Shared secrets rely on trust – Trust in people, processes, technology • If you use cryptography to protect your information then there will be a key to which you must deny access Manchester 2013 14
  15. 15. Warnings • If that key is lost and the algorithm is strong then your data is lost ‘forever’ • If someone else gains access to that key then they almost certainly have access to your information Manchester 2013 15
  16. 16. Breaking an Algorithm • Being able to determine plaintext from ciphertext without being given key • Exhaustive key search is always (theoretically) possible Well Designed (Symmetric) Algorithm • ‘Easiest’ attack is exhaustive key search Strong Algorithm • Well designed with a large number of keys Note: History is full of instances where algorithms were assumed to be well designed but …… Manchester 2013 16
  17. 17. Breaking a Security System • ‘Broken’ is an emotive term • Attacks often work only in unrealistic conditions chosen by attacker • Always understand assumptions associated with the term • For algorithms: – Ciphertext only – Known plaintext attack – Chosen plaintext attack Manchester 2013 17
  18. 18. The ‘Secure Channel’ Concept AIM: To send information securely over an insecure network •We achieve this by building a “secure channel” between two end points on the network •Typically offering: –Data origin authentication –Data integrity –Confidentiality •Cryptography is an important tool 18Manchester 2013
  19. 19. Attacking Cryptographic Systems •Passive interceptor attempts to break algorithm •Active interceptor has more options •Interception not necessarily the ‘best’ form of attack – Attack protocols – Attack key management – Attack the hardware – Impersonate genuine users – Espionage Manchester 2013 19
  20. 20. Manchester 2013 Is PK Cryptography built on a ‘sound’ basis? “Many cryptographic systems rely on the inability of mathematicians to do mathematics”. (Donald Davies: LMS Lecture) Tongue in cheek? Existence proofs do not provide solutions Algorithms should be implementable 20
  21. 21. Are Today’s Algorithms ‘Future Proof’? • Symmetric algorithms –if well designed then key searches are ‘best’ attacks –Main concern is advances in technology –Moore’s Law • Asymmetric algorithm –Always concerned about mathematical advances –Quantum computing • Hash functions –Confidence shaken 21Manchester 2013
  22. 22. A Never Ending Debate • What gives us confidence in an algorithm? –Standards? –Ask the opinions of experts? • Early debate –Publicly known or proprietary algorithms? –Less of an issue now than in the 1980s WARNING The fact that an algorithm is published and unbroken says nothing about its strength Manchester 2013 22
  23. 23. Kerchoff’s Principle • The security of a cryptographic system should not depend on keeping the encryption algorithm secret It does not say • The encryption algorithm should be made public However • Anyone assessing the security of a cryptographic system needs to have confidence that the algorithm is strong So: • Financial institutions should use public algorithms where appropriate Manchester 2013 23
  24. 24. It is NOT just about Algorithms Early 1980s: • Thorn EMI conference “Security is People” Early 1990s: • Ross Anderson’s paper “Why crypto systems fail” Manchester 2013 24
  25. 25. A Fact of Life ! • In theory there is no difference between theory and practice. In practice there is. Manchester 2013 25
  26. 26. RSA: The Theory • The published modulus is the product of 2 secret primes • Knowledge of the secret primes makes it easy to find the private key • In general, determining the private key appears to require knowledge of the primes • Factorisation is difficult • So, for large moduli, RSA is secure Manchester 2013 26
  27. 27. Attacks on RSA The theory assumes that the attacker will need to factor n using a mathematical factorisation algorithm In practice this may not be so EARLY ATTACKS Attack prime generator rather than try to factor n mathematically (1) Exhaustive prime search (2) Exploit bias in generation process Manchester 2013 27
  28. 28. Progress? • So have we learnt from these early mistakes? In theory: YES In practice: NO Manchester 2013 28
  29. 29. ‘Shared’ Primes • Factoring RSA moduli is very difficult • Finding g.c.d. of two RSA moduli is easy • Factoring two RSA moduli which share a prime factor is easy • Recent research showed that, for a sample 6.6 million RSA keys, over 4% either have a common modulus or gave moduli sharing a common prime factor • Suspect prime generators? Manchester 2013 29
  30. 30. “Ron was wrong, Whit is right” “When exploited it could affect the expectation that the public key infrastructure is intended to achieve” (Arjen K Lenstra, James P Hughes et al) Manchester 2013 30
  31. 31. Cryptographic Systems • The use of strong algorithms prevents attackers from calculating or guessing keys • Keys need to be stored and/or distributed throughout the system • Keys need protection Manchester 2013 31
  32. 32. Protecting Keys (Storage or Distribution) • Physical security – Tamper Resistant Security Module (TRSM) – Tokens (Smart Cards) • Components – Secret Sharing Scheme • Key hierarchies – Keys encrypted using other keys – Lower level keys derived from higher level ones Manchester 2013 32
  33. 33. Side Channel Attacks (1) To find a cryptographic key • Exhaustive key search attacks try to find the secret key by random trial and error • Side channel attacks try to use additional information drawn from the physical implementation of the cryptographic algorithm at hand so as to be substantially better than trial and error Manchester 2013 33
  34. 34. Side Channel Attacks (2) • Changed the way cryptographers think about security – Properties of digital circuits are far more important for security than was previously believed • Many previous design approaches recognised as inadequate Manchester 2013 34
  35. 35. Some Recent ‘Changes’ • More attacks concentrate on the implementation of the algorithm and the accompanying protocols • Some exploit error messages • Academic research is becoming less ‘blue skies’ and focussing on real systems/problems • Theory and practice are getting closer to each other Manchester 2013 35
  36. 36. Error Messages ATM transaction • Incorrect PIN • Insufficient funds in account • Exceeded daily limit Manchester 2013 36
  37. 37. Disclaimer: Cryptography ≠ Security • Crypto is only a tiny piece of the security puzzle – but an important one • Most systems break elsewhere – incorrect requirements or specifications – implementation errors – application level – social engineering 37Manchester 2013
  38. 38. Security Breaches Many Reasons: • Badly designed systems • Inappropriate policies • Human error • Clever, innovative (technical) attacks • Misplaced trust (e.g. In employees or trusted third party) Manchester 2013 38
  39. 39. Public Key Infrastructures • Certification Authorities • Sign certificates to bind user’s ID to their public key • Hierarchy of CAs • Root CA at top of hierarchy NOTE: If root CA’s private key is compromised then the entire PKI is affected Manchester 2013 39
  40. 40. DigiNotar • Netherlands based CA • Host many other CAs – SSL certificates – Qualified certificates – Government accredited • Hackers gained unauthorised access to their CA servers • Issued series of rogue certificates SERIOUS BREACH: DigiNotar root certificate was trusted by most widely used web browsers and email clients Hacker set up spoof websites (e.g. Googlemail) Manchester 2013 40
  41. 41. Problem • Who, or what, can we trust? Manchester 2013 41
  42. 42. Protocol Security (1) In recent work analysing Internet protocols: • A design flaw in SSH leading to a plaintext recovery attack against OpenSSH – Recovering 32 bits of plaintext with probability 2-14 • Plaintext recovery attacks against all MAC-then- encrypt configurations of IPsec – Recovering all protected IP traffic • A (minor) flaw in SSL/TLS leading to a distinguishing attack which breaks the design goals of the protocol – Can tell whether ‘yes’ or ‘no’ is encrypted in the channel! 42Manchester 2013
  43. 43. Protocol Security (2) • In all cases the cryptographic algorithms are secure but the protocols are insecure • The attacks illustrate the gap between theory and practice in cryptography and protocol design • More details at www.isg.rhul.ac.uk/~kp 43Manchester 2013
  44. 44. Some Things Never Change • The widespread use of encryption for confidentiality has always been a cause of concern for Governments • Simplified version of Government’s position – They are happy to support the use of strong encryption for ‘good’ purposes – Unhappy about the use of strong encryption for ‘bad’ purposes Manchester 2013 44
  45. 45. Manchester 2013 45 Saints or Sinners ? Receiver Interceptor Sender Who are the ‘good’ guys ?
  46. 46. Manchester 2013 46 Law Enforcement’s Dilemmas • Do not want to intrude into people’s private lives • Do not want to hinder e-commerce • Want to have their own secure communications • Occasionally use interception to obtain information • Occasionally need to read confiscated, encrypted information
  47. 47. Loss of Control of Encryption •Academic papers –Attacks on DES –New algorithms •Text books •Need for international systems 47Manchester 2013
  48. 48. Newton Minow, Speech to the Association of American Law Schools, 1985 •After 35 years, I have finished a comprehensive study of European comparative law •In Germany, under the law, everything is prohibited, except that which is permitted •In France, under the law, everything is permitted, except that which is prohibited •In the Soviet Union, under the law, everything is prohibited, including that which is permitted •And in Italy, under the law, everything is permitted, especially that which is prohibited 48Manchester 2013
  49. 49. Manchester 2013 Future Developments ? • Steganography – You hide information rather than distort it – Harder to detect? • Quantum – Quantum key establishment – Quantum cryptography – Quantum computing • Provable security – Academic ‘dream’ or reality? • Default encryption – Who looks after keys? (liability issues) 49

×