SlideShare a Scribd company logo
1 of 46
Download to read offline
CNIT 141
Cryptography for Computer Networks
3. Cryptographic Security
Topics
• Defining the Impossible
• Quantifying Security
• Achieving Security
• Generating Keys
• How Things Can Go Wrong
Defining the Impossible
Two Types of Security
• Informational security
• Theoretical impossibility
• Computational security
• Practical impossibility
Informational Security
• Even an attacker with unlimited computation
time and memory cannot crack it
• If an attack works, even if it requires trillions of
years
• That cipher is informationally insecure
• The one-time pad is informationally secure
• Brute-force attack finds all possible
messages, but there's no way to tell which is
correct
Security in Practice:
Computational Security
• A cipher cannot be broken with a reasonable
amount of time, memory, hardware, power,
money, etc.
• Ex: AES-128 is currently computationally secure
• Because no current system can try 2^128 keys
• But quantum computers can test 2^128 keys with
only 2*64 operations
• So when or if they are developed, AES-128 will
cease being computationally secure
Quantifying Security
• A cipher is (t, ε)-secure if cracking it requres
t -- calculations an attacker will perform
ε -- probability of success
• Ex: if no flaw is found in AES-128, it is
• (t, t/2^128) - secure, for any t between 1
and 2^128
128-Bit Security
• If t is 1, attacker tries one key
• Probability of success is 1/2*128
• If t is 2^64, attacker tries 2^64 keys
• Probability of success is 1/2*64
• If t is 2^128, attacker tries 2^128 keys
• Probability of success is 1
Quantifying Security
Measuring Security in Bits
• Assume we want success probability of 1
• An attack requires t operations
• n bits of security means it will take 2^n
operations to crack
• A perfect cipher with a 128-bit key provides
128 bits of security
• Does not consider the speed of a single
operation; a rough measure
Example: WEP
• Stronger version had a 104-bit key
• Should require 2^104 calculations to crack
• In 2001, the FMS attack cracked it in 

1.5 million operations (2^20.5)
• In 2007, the PTW attack worked in 40,000
operations (2^15.3)
• Link Ch 3a
Example: Substitution
Cipher
• Keyspace is
• 26 x 25 x 24 x ... x 3 x 2 x 1 = 26!
• = 4 x 10^26 = 2^88
• But children crack it with no computers for fun
with chosen-ciphertext guessing attacks
Example: RSA-2048
• Key is 2048 bits long, but provides 112 bits of
security
• Because key is not simply a random number,
but the product of two primes
• Textbook says "< 100 bits", which is a more
conservative estimate
NIST SP 800-57
• Link 3g
Full Attack Cost
• Parallelism
• Memory
• Precomputation
• Number of Targets
Parallelism
• 2^56 sequential steps are much slower than
• 2^56 independent steps
• If you can use many processors
Memory
• Some algorithms take a lot of memory
• Memory is much slower than registers
• Ethereum mining is memory-hard (link Ch 3i)
Precomputation
• Some operations only need to be performed
once
• Can be reused
• Time-memory trade-off attack
• Also called rainbow tables
• After tables are calculated, further attacks
are fast
Example: Windows
Password Hashes
Example: Windows
Password Hashes
• Fast, free cracker
• Link Ch 3j
Number of Targets
• Example: you have 1000 password hashes to
crack
• You will find one of them in 1/1000 the time it
takes to crack them all
Choosing and Evaluating
Security Levels
• Usually only two choices
• 128 bits for normal use
• 256 bits for high security
Achieving Security
Building Confidence
• Provable security
• Mathematical proof
• Heuristic security
• Evidence of failed attempts to break it
Provable Security
• Proof that breaking the crypto scheme is at
least as hard as a known hard problem
• RSA requires factoring a number into its
component primes
• A famously hard problem, studied for
thousands of years
• Note: there's no proof that "hard" math
problems are actually hard. It could be just
that no fast solution has been found yet.
RSA Algorithm
• Choose two random, large prime numbers 

p and q
• Calculate n = p x q
• Choose an exponent e (usually 65537)
• Public Key is (n, e)
RSA Algorithm
• To encrypt a plaintext message x
y = x^e mod n
• To decrypt a ciphertext y
x = y^d mod n
• d is the decryption key, and is calculated from p
and q
• n is public, but no one can find p or q
• Because factoring numbers is a hard problem
Proofs Relative to Another
Crypto Problem
• Compare one crypto scheme to another one
• Prove you can only break the new one if you
can break the old one
• This is used to derive new crypto schemes
from old ones
• Such as developing symmetric algorithms,
random bit generators, and hash functions
from the same permutation algorithm
Caveats
• The underlying system might be broken
• The proof might overlook some other attack
against a real implementation
• The proof might contain an error
Examples
• RSA is easy to crack if p and q aren't
sufficiently random
• Knapsack, by Merkle and Hellman, was later
totally broken by lattice reduction
• Side-channel attacks may reveal the key
• Without breaking the math
• By measuring radio waves, power
consumption, timing, etc.
Examples
• Implementation
may use the
cryptography
incorrectly
• True of most
Android apps
I've studied
Heuristic Security
• Most symmetric ciphers don't have a security
proof
• Including AES
• But "skilled people have tried to break it
and failed"
Security Margin
• Cryptanalysts often attack simplified
versions of a cipher, with fewer rounds
• They find how many rounds they can crack
• The difference between the actual number of
rounds in the full cipher and the number of
rounds they can crack is the security
margin
AES Margin of Security
• Link Ch 3k
Generating Keys
Three Ways to Generate
Keys
• Randomly using a pseudorandom number
generator
• From a password using a Key Derivation
Function
• Key agreement protocol using a series of
messages between parties to establish a
shared key
Generating Symmetric
Keys
• They are simple random numbers
• The same length as the security they provide
• For 128-bit security, generate 16-byte number
Generating Asymmetric
Keys
• Feed random numbers into a key generation
algorithm
• It's complex. For RSA
• Must make many guesses to find a prime
number p
• Repeat for q
Demonstration
• In Python
• RSA key generation takes a long time
Protecting Keys
• Key wrapping
• Encrypting the key with a second key
• Second key often generated from a password
• On-the-fly key generation from a password
• No need to store the key at all
• Storing keys on a hardware token
• Like a smartcard or USB dongle
• Password-protected
How Things Can Go
Wrong
Incorrect Security Proof
• RSA-OAEP was "proven"
• Proof shown to be incorrect
• But the actual implementation was secure by
accident (link Ch 3l)
Short Keys for Legacy
Support
• "Export" cryptography was deliberately
weakened by US regulations in the 1990's
• Including 512-bit RSA
• Many servers continued to support these weak
protocols in 2015
• Link Ch 3m
CNIT 141: 3. Cryptographic Security

More Related Content

What's hot

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumSam Bowne
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingSam Bowne
 
Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)ceng
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 126: 13: Data Encoding
CNIT 126: 13: Data EncodingCNIT 126: 13: Data Encoding
CNIT 126: 13: Data EncodingSam Bowne
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionSam Bowne
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacksAlexandre Moneger
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman	CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman Sam Bowne
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2Hamed Moghaddam
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
CNIT 141 9. Hard Problems
CNIT 141 9. Hard ProblemsCNIT 141 9. Hard Problems
CNIT 141 9. Hard ProblemsSam Bowne
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 

What's hot (20)

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream Ciphers
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic Curves
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed Hashing
 
Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
CNIT 126: 13: Data Encoding
CNIT 126: 13: Data EncodingCNIT 126: 13: Data Encoding
CNIT 126: 13: Data Encoding
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated Encryption
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman	CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
CNIT 141 9. Hard Problems
CNIT 141 9. Hard ProblemsCNIT 141 9. Hard Problems
CNIT 141 9. Hard Problems
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
 

Similar to CNIT 141: 3. Cryptographic Security

3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic SecuritySam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.pptwwww63
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
Information and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysisInformation and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysisVaibhav Khanna
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoVishnu Pendyala
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryptionrajakhurram
 

Similar to CNIT 141: 3. Cryptographic Security (20)

3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic Security
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
Rsa
RsaRsa
Rsa
 
Security fundamentals
Security fundamentalsSecurity fundamentals
Security fundamentals
 
Security Fundamentals
Security FundamentalsSecurity Fundamentals
Security Fundamentals
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniques
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
 
Network Security Topic 3 cryptography
Network Security Topic 3 cryptographyNetwork Security Topic 3 cryptography
Network Security Topic 3 cryptography
 
RSA
RSARSA
RSA
 
14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.ppt
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Information and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysisInformation and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysis
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryption
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
 

More from Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 

More from Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Recently uploaded

Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxElton John Embodo
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 

Recently uploaded (20)

Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docx
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 

CNIT 141: 3. Cryptographic Security

  • 1. CNIT 141 Cryptography for Computer Networks 3. Cryptographic Security
  • 2. Topics • Defining the Impossible • Quantifying Security • Achieving Security • Generating Keys • How Things Can Go Wrong
  • 4. Two Types of Security • Informational security • Theoretical impossibility • Computational security • Practical impossibility
  • 5. Informational Security • Even an attacker with unlimited computation time and memory cannot crack it • If an attack works, even if it requires trillions of years • That cipher is informationally insecure • The one-time pad is informationally secure • Brute-force attack finds all possible messages, but there's no way to tell which is correct
  • 6. Security in Practice: Computational Security • A cipher cannot be broken with a reasonable amount of time, memory, hardware, power, money, etc. • Ex: AES-128 is currently computationally secure • Because no current system can try 2^128 keys • But quantum computers can test 2^128 keys with only 2*64 operations • So when or if they are developed, AES-128 will cease being computationally secure
  • 7. Quantifying Security • A cipher is (t, ε)-secure if cracking it requres t -- calculations an attacker will perform ε -- probability of success • Ex: if no flaw is found in AES-128, it is • (t, t/2^128) - secure, for any t between 1 and 2^128
  • 8. 128-Bit Security • If t is 1, attacker tries one key • Probability of success is 1/2*128 • If t is 2^64, attacker tries 2^64 keys • Probability of success is 1/2*64 • If t is 2^128, attacker tries 2^128 keys • Probability of success is 1
  • 10. Measuring Security in Bits • Assume we want success probability of 1 • An attack requires t operations • n bits of security means it will take 2^n operations to crack • A perfect cipher with a 128-bit key provides 128 bits of security • Does not consider the speed of a single operation; a rough measure
  • 11. Example: WEP • Stronger version had a 104-bit key • Should require 2^104 calculations to crack • In 2001, the FMS attack cracked it in 
 1.5 million operations (2^20.5) • In 2007, the PTW attack worked in 40,000 operations (2^15.3) • Link Ch 3a
  • 12. Example: Substitution Cipher • Keyspace is • 26 x 25 x 24 x ... x 3 x 2 x 1 = 26! • = 4 x 10^26 = 2^88 • But children crack it with no computers for fun with chosen-ciphertext guessing attacks
  • 13. Example: RSA-2048 • Key is 2048 bits long, but provides 112 bits of security • Because key is not simply a random number, but the product of two primes • Textbook says "< 100 bits", which is a more conservative estimate
  • 14.
  • 16. Full Attack Cost • Parallelism • Memory • Precomputation • Number of Targets
  • 17. Parallelism • 2^56 sequential steps are much slower than • 2^56 independent steps • If you can use many processors
  • 18. Memory • Some algorithms take a lot of memory • Memory is much slower than registers • Ethereum mining is memory-hard (link Ch 3i)
  • 19. Precomputation • Some operations only need to be performed once • Can be reused • Time-memory trade-off attack • Also called rainbow tables • After tables are calculated, further attacks are fast
  • 21. Example: Windows Password Hashes • Fast, free cracker • Link Ch 3j
  • 22. Number of Targets • Example: you have 1000 password hashes to crack • You will find one of them in 1/1000 the time it takes to crack them all
  • 23. Choosing and Evaluating Security Levels • Usually only two choices • 128 bits for normal use • 256 bits for high security
  • 24.
  • 26. Building Confidence • Provable security • Mathematical proof • Heuristic security • Evidence of failed attempts to break it
  • 27. Provable Security • Proof that breaking the crypto scheme is at least as hard as a known hard problem • RSA requires factoring a number into its component primes • A famously hard problem, studied for thousands of years • Note: there's no proof that "hard" math problems are actually hard. It could be just that no fast solution has been found yet.
  • 28. RSA Algorithm • Choose two random, large prime numbers 
 p and q • Calculate n = p x q • Choose an exponent e (usually 65537) • Public Key is (n, e)
  • 29. RSA Algorithm • To encrypt a plaintext message x y = x^e mod n • To decrypt a ciphertext y x = y^d mod n • d is the decryption key, and is calculated from p and q • n is public, but no one can find p or q • Because factoring numbers is a hard problem
  • 30. Proofs Relative to Another Crypto Problem • Compare one crypto scheme to another one • Prove you can only break the new one if you can break the old one • This is used to derive new crypto schemes from old ones • Such as developing symmetric algorithms, random bit generators, and hash functions from the same permutation algorithm
  • 31. Caveats • The underlying system might be broken • The proof might overlook some other attack against a real implementation • The proof might contain an error
  • 32. Examples • RSA is easy to crack if p and q aren't sufficiently random • Knapsack, by Merkle and Hellman, was later totally broken by lattice reduction • Side-channel attacks may reveal the key • Without breaking the math • By measuring radio waves, power consumption, timing, etc.
  • 33. Examples • Implementation may use the cryptography incorrectly • True of most Android apps I've studied
  • 34. Heuristic Security • Most symmetric ciphers don't have a security proof • Including AES • But "skilled people have tried to break it and failed"
  • 35. Security Margin • Cryptanalysts often attack simplified versions of a cipher, with fewer rounds • They find how many rounds they can crack • The difference between the actual number of rounds in the full cipher and the number of rounds they can crack is the security margin
  • 36. AES Margin of Security • Link Ch 3k
  • 38. Three Ways to Generate Keys • Randomly using a pseudorandom number generator • From a password using a Key Derivation Function • Key agreement protocol using a series of messages between parties to establish a shared key
  • 39. Generating Symmetric Keys • They are simple random numbers • The same length as the security they provide • For 128-bit security, generate 16-byte number
  • 40. Generating Asymmetric Keys • Feed random numbers into a key generation algorithm • It's complex. For RSA • Must make many guesses to find a prime number p • Repeat for q
  • 41. Demonstration • In Python • RSA key generation takes a long time
  • 42. Protecting Keys • Key wrapping • Encrypting the key with a second key • Second key often generated from a password • On-the-fly key generation from a password • No need to store the key at all • Storing keys on a hardware token • Like a smartcard or USB dongle • Password-protected
  • 43. How Things Can Go Wrong
  • 44. Incorrect Security Proof • RSA-OAEP was "proven" • Proof shown to be incorrect • But the actual implementation was secure by accident (link Ch 3l)
  • 45. Short Keys for Legacy Support • "Export" cryptography was deliberately weakened by US regulations in the 1990's • Including 512-bit RSA • Many servers continued to support these weak protocols in 2015 • Link Ch 3m