[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜

1,739 views

Published on

Game and Security, Crytography and Protocol

Published in: Entertainment & Humor
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,739
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜

  1. 1. 암호 알고리즘과 프로토콜 신승민 CTO ㈜윈디소프트 게임과 보안
  2. 2. 온라인 게임 온라인게임과 보안 기초 암호 알고리즘 예제 X-Crypto
  3. 3. “비트 연산을 사용하여 조금 복잡한 것 몇 개 만들어 두고 패치할 때 마다 변경합니다.” “정말 귀신 같은 수법이에요.” 익숙한 얘기들● “中國 發 해커를 막을 수는 없으니 자주 로직과 키를 교체하고 있습니다.” “56비트 키를 사용하여 암호화를 합니다.” “md5로 Hash해서 사용하고 있습니다.” “예전부터 가지고 있던 암호 알고리즘을 활용합니다.” “이번에 암호 알고리즘을 다시 개발해요. 전부 고치려고요.”
  4. 4. “여기서는 간단한 비트 연산을 이용한 Crypt 클래스를 살펴 보겠습니다. … 1바이트 단위로 KEY를 변경하면서 암호화를 하는 것이 핵심 로직 입니다. 모든 데이터를 1바이트씩 같은 키로 비트 연산을 한다고 가정할 때 그 키만 알아낸다면 쉽게 복호화를 할 수 있습니다. 그렇기 때문에 키를 변경시키는 공식을 넣어 약간 더 불법적으로 키를 알아내어 복호화를 하는 것 을 막아놓은 것입니다.” 간단한 암호화 Crypt 클래스 ○ ● #include “Crypt.h” const INT C1 = 52845; const INT C2 = 22719; const INT KEY = 72957; BOOL CCrypt::Encrypt(Byte * source, BYTE *destination, DWORD length) { DWORD i; INT Key = KEY; for (i=0; i<length; i++) { destination[i] = source[i]^Key >> 8; Key = (destination[i] + Key) * C1 + C2; } return TRUE; }
  5. 5. 온라인 게임에서 통신 암호화 상용 서버 엔진 ○ ● 비대칭키 알고리즘을 128bit RSA를, 대칭키 알고리즘으로 RC4를 쓰고 있습니 다. RSA는 매우 강력합니다. 하지만 계산량이 막대해서 모든 메시지를 암호화 하기에는 벅찹니다. 그래서 대칭키 알고리즘과 혼용합니다. … 여기서 잠깐! 어떻게 암호화를 하는지 대놓고 공개해도 괜찮냐고요? 암호화 기법은 알고리즘을 공개해도 뚫지 못하는 데 그 가치가 있습니다. 이렇게 대 놓고 공개해도 안 뚫리니까 공개하는 거죠.
  6. 6. 호아킴 데 포사 “열정은 모든 것을 사로 잡는다. 인생을 살아가면서 어떤 피라니아를 만나도 멈추거나 피하지 않고 그 목표를 향해 나아 갈수 있는 원동력은 바로 열정이다. 열정은 그 어떤 성공의 멘토보다 강렬하다. 그것은 끊임없이 앞으로 나아가게 하는 에너지이자 격려와도 같다.”
  7. 7. Cryptography Stream Cipher Kerckhoff Protocol Block Cipher SSL CAPTCHA Key: Private, Public, Session, Symmetric Algorithm Quantum Information & ComputationShor–Algorithm Terms RSA
  8. 8. Game is…
  9. 9. Game Design by Chris Crawford● Creative Expression Entertainment Playthings Challenges Conflicts Games Art money Movies, Books, etc. Toys Puzzles Competitions beauty non-interactive no goals no competitor no attacks interactive goals competitor attacks allowed
  10. 10. [SRC] http://www.devmaster.net/engines/ Commercial Engines C4 Engine Torque Game Engine 3D Game Studio TV3D SDK 6.5 Leadwerks Engine 2 Unity ShiVa Engine Esenthel Engine DX Studio NeoAxis Engine
  11. 11. Open Source Engines OGRE Irrlicht Panda3D Crystal Space jME Blender Game Engine Reality Factory The Nebula Device 2 RealmForge OpenSceneGraph [SRC] http://www.devmaster.net/engines/
  12. 12. From http://www.devmaster.net/engines/ Taxonomy General Info Graphics API OpenGL | DirectX | Glide | Software | Other Operating Systems Windows | Linux | MacOS | Solaris | SunOS | HP/UX | FreeBSD | Irix | OS/2 | Amiga | DOS | Xbox | Playstation | GameCube | GBA | PSP | N-Gage | BeOS | Xbox360 | PS2 | PS3 | Nintendo Wii | Nintendo DS/iDS | iPhone | Flash | Browser-based | Google Android | WebOS Status Alpha | Beta | Productive/Stable | Inactive Programming Language C/C++ | Java | C# | D | Delphi | Pascal | BASIC | Ada | Fortran | Lisp | Perl | Python | Visual Basic6 | VB.NET | Action Script | JavaScript Misc Documentation General Features Object-Oriented Design | Plug-in Architecture | Save/Load System | Other General Features Networking System Client-Server | Peer-to-Peer | Master Server Tools & Editors Scripting | Built-in Editors Sound & Video 2D Sound | 3D Sound | Streaming Sound Physics Basic Physics | Collision Detection | Rigid Body | Vehicle Physics Artificial Intelligence Pathfinding | Decision Making | Finite State Machines | Scripted | Neural Networks
  13. 13. From http://www.devmaster.net/engines/ Taxonomy Graphics Features Lighting Per-vertex | Per-pixel | Volumetric | Lightmapping | Radiosity | Gloss maps | Anisotropic | BRDF Shadows Shadow Mapping | Projected planar | Shadow Volume Texturing Basic | Multi-texturing | Bumpmapping | Mipmapping | Volumetric | Projected | Procedural Shaders Vertex | Pixel | High Level Rendering Fixed-function | Stereo Rendering | Raytracing | Raycasting | Deferred Shading | Render-to-Texture | Voxel | Fonts | GUI Scene Management General | BSP | Portals | Octrees | Occlusion Culling | PVS | LOD Animation Inverse Kinematics | Forward Kinematics | Keyframe Animation | Skeletal Animation | Morphing | Facial Animation | Animation Blending Meshes Mesh Loading | Skinning | Progressive | Tessellation | Deformation Surfaces & Curves Splines | Patches Special Effects Environment Mapping | Lens Flares | Billboarding | Particle System | Depth of Field | Motion Blur | Sky | Water | Fire | Explosion | Decals | Fog | Weather | Mirror Terrain Rendering | CLOD | Splatting
  14. 14. The security in Online Gaming?
  15. 15. Automation Action at a distance Technique propagation The three new characteristics●
  16. 16. Online Game Publishing Platform Web + Web Servers + WAS Client + Rendering Engine + User Interface + Artificial Intelligence Infrastructure + Server + Storage + Network + Security Server + Authentication/Billing + Game Server + Operation Tools + Cryptography Database + In-game Character DB + User DB + Billing DB Module More complicated system than game●
  17. 17. Details● WEB PHP/Java ASP Apache/IIS WAS ODBC JDBC Jeus Server Windows 2003 Windows 2008 Sun Solaris Linux DATABASE MySQL Oracle MS-SQL Client Windows 98 Windows XP Windows Vista Windows 7
  18. 18. Online Game Platform Servers DB WASWEB Clients Single Sign On
  19. 19. Authentication w/ SSO● WEB & GAME Single Sign On
  20. 20. Authentication● • Passwords have been used with computers since the earliest days of computing. MIT's CTSS was introduced in 1961. • Unix is a computer operating system originally developed in 1969. • Robert Morris contributed to early versions of UNIX. He wrote the math library, the program crypt, and the password encryption scheme used for user authentication From Wikipedia○ Account theft
  21. 21. Authentication w/ multi login● IP Block BOT BlockLOG WEB - 1st Authentication Login Alarm SMS, Email Login Register1 IP Address CAPTCHA Anti-keylogging PIN OTP CAPTCHA GAME - 2nd Authentication Login Register2 MAC Address
  22. 22. Protocol of Internet Banking System●  공인인증서 암호  출금 계좌 비밀번호  OTP 비밀번호  이체 비밀번호  공인인증서 암호 Keystroke logging
  23. 23. 2nd Authentication System Protect from account theft ○ ● Anti-Keystroke logging○
  24. 24. Completely Automated Public Turing test to tell Computers and Humans Apart Protect from brute force attack ○ ● • Yahoo’s CAPTCHA, using 191 images, correctly identify in 176, 92% breaking! By Greg Mori(1,2) and Jitendra Malik (1) (1) UC Berkeley Computer Vision Group (2) Simon Fraser University
  25. 25. Protect from brute force attack●
  26. 26. Security Server + Forgery Private Server + Intrusion Attack Client + Hack Toolkits + Reverse Engineering Web + SQL Injection + Cross Site Scripting Network + Packet Analyze The field of Security●
  27. 27. Network Replay Denial of Service Modification Masquerading + Man in the Middle Network Attack > Packet Analyze● Case Study
  28. 28. June 22, I received an email.● [SRC] http://www.dt.co.kr/contentshtm?article_no=2010062402010660746002 DoS Attack
  29. 29. Packet Analyze●
  30. 30. Result > Denial of Service●
  31. 31. How to work BA10● 이용대금 명세서 보기 ActiveX Download Virus 설치
  32. 32. How to handle BA10● 미 발송된 메일 박스에서 회수 방화벽에서 해당 사이트 접속 폐쇄 백신으로 삭제
  33. 33. And additional work● “Anti-virus” “Anti-spam” “KISA” Engine update○ “Anti-Virus Company” Report to○
  34. 34. Continue…● [SRC] http://www.zdnet.co.kr/Contents/2010/07/20/zdnet20100720112109.htm SKIP
  35. 35. When did you reinstall your PC? Or your daughter Or your parents Or your siblings
  36. 36. Browser’s trends: World wide●
  37. 37. Browser’s trends: JAPAN vs. KOREA● JAPAN KOREA
  38. 38. Internet Explorer Most dangerous situation● Easily installed Trojan horse Zombie(BOT) PC! 95%
  39. 39. Recommend security policies●
  40. 40. Home router management To protect the privacy of my own Recommend security policies 2● What is BOTs? Regularly reinstall PC
  41. 41. Quiz? Savant syndrome
  42. 42. Mercury Rising●
  43. 43. Mercury Rising● 1-800-xxxx-xxxx
  44. 44. Fundame ntal Cryptog raphy
  45. 45. Protocol “Font; Bookshelf Symbol 7”
  46. 46. Fundamental Cryptography
  47. 47. RSA 1024bit, SEED-CBC 128bit, 키보드보안으로 안전합니다.
  48. 48. Cryptology● • Cryptology = cryptography + cryptanalysis – Cryptography: devise cryptosystems. – Cryptanalysis: break cryptosystems.
  49. 49. Alice BobEncrypter Decrypter Key source Secure channel Oscar x y x K x: plaintext y: ciphertext Encryption: transform x into y using key K, denoted eK.. Decryption: transform y back to x using key K, denoted dK i.e., y=eK(x) and x=dK(y) thus, dK(eK(x)) = x. K is the key for the encryption and decryption. Alice and Bob get the key K via secure channel. On the other hand, Oscar, who does not have the key K, can not decrypt y. Typical cryptosystem●
  50. 50. Cryptography● Private-key (Symmetric-key) Public-key (Asymmetric-key) Stream cipher: RC4, Panama, Sosemanuk, Salsa20, XSalsa20 RSA ElGamal, Elliptic Curve MD4, MD5 SHA-1, SHA-2 and SHA-3 by 2012 Hash Functions One-way Block cipher: DES, Triple-DES, AES, SEED
  51. 51. EK(m) Cipher text Encryption algorithm Decryption algorithm K Symmetric-key cryptography● K 세션키로 하는 비밀키 암호화 통신 m Plain text m=DK(EK(m)) Plain text
  52. 52. Symmetric-key cryptography● Stream Cipher Block Cipher RC4 is one of the most widely used stream cipher designs. Panama, Sosemanuk, Salsa20, XSalsa20 Data Encryption Standard Advanced Encryption Standard SEED is a block cipher developed by the Korean Information Security Agency. It is used broadly throughout South Korean industry, but seldom found elsewhere. The AES1 conference votes were as follows: CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, Rijndael, SAFER+, Serpent, and Twofish.
  53. 53. The AES2 conference votes were as follows● • Rijndael: 86 positive, 10 negative • Serpent: 59 positive, 7 negative • Twofish: 31 positive, 21 negative • RC6: 23 positive, 37 negative • MARS: 13 positive, 83 negative
  54. 54. Stream cipher● • Ciphers encrypt plaintext elements using the same key, i.e., y=y1y2…=eK(x1)eK(x2)… . Block ciphers • Ciphers encrypt plaintext elements using by generated keystream z=z1z2 …, i.e., y=y1y2…=ez1 (x1) ez2 (x2)… . Stream ciphers
  55. 55. Stream cipher● • Block cipher can be considered as a special case of stream cipher where the keystream is constant: zi =K for i 1 • Vigenere cipher is a periodic synchronous stream cipher with period m: - suppose K=(k1, k2 ,…,km) is the key in Vigenere cipher, then the keystream is: z= k1k2…km k1k2…km k1k2…
  56. 56. Comparison Of Stream Ciphers 1●
  57. 57. Comparison Of Stream Ciphers 2●
  58. 58. Comparison Of Block Ciphers 1●
  59. 59. Comparison Of Block Ciphers 2●
  60. 60. KB +(m) Cipher text Encryption algorithm Decryption algorithm Public key cryptography● m m= KB -(KB + (m)) Plain text KB + Bob’s Public Key KB - Bob’s Private Key Plain text
  61. 61. Why Public-key cryptography● 1. The two communicants in secret key system require the prior communication of key, using a secure channel. It is very difficult to achieve in practice. Unless the two communicants meet together, phone call, post mail, email, etc., are not secure. 2. Suppose there are n users and every pair of users want to communicate. In secret-key system, it is necessary that the total number of keys is n(n-1)/2. Very difficult to management and quite insecure.
  62. 62. Why Public-key cryptography● However, in public-key system, every user selects his/her own private key and public key, and publicizes the public key but keep the private key secret. Quite easy and very secure. The main problem with public-key system is that it is very slow.
  63. 63. Kerckhoff principle and attack levels● • Kerckhoff principle: – encryption/decryption algorithm is publicly known, but only the key is secret. – Breaking a cryptosystem (i.e., cryptanalysis) means figuring out the key currently used. • Attack levels: – Ciphertext-only: the attacker possesses a string of ciphertext, y. – Known plaintext: the attacker possesses a string of plaintext, x, and the corresponding ciphertext, y. – Chosen plaintext: the attacker has obtained temporary access to the encryption machinery. Hence, he can choose a plaintext string, x, and construct the corresponding ciphertext string, y. – Chosen ciphertext: the attacker has obtained temporary access to the decryption machinery. Hence, he can choose a ciphertext string, y, and construct the corresponding plaintext string, x.
  64. 64. Commonly Used Secure Protocol
  65. 65. Secure Socket Layer● • Brief history – Netscape: SSL v2 (1995)  SSL v3 (1996) • Microsoft PCT(Private Communication Technique) • IETF TLS(Transport Layer Security) • Belongs to layer 4 (transport layer) – In fact run on the top of layer 4: TCP – Do not need to change OS – TCP provides reliable transmission of packets
  66. 66. Secure Socket Layer example● http:// https://
  67. 67. Secure Socket Layer functionality● • Server authentication (by public certificate) • Client authentication (Optional) • Data encryption (by secret key system) • Integrity protection (by MAC)
  68. 68. Why Secure Socket Layer● • Confidentiality – Encrypt data being sent between client and server, so that passive adversary cannot read sensitive data. • Integrity Protection – Protect against modification of messages by an active adversary. • Authentication – Verify that a peer is who they claim to be. Servers are usually authenticated, and clients may be authenticated if requested by servers.
  69. 69. Structure Secure Socket Layer● • Key exchange algorithms • Encryption algorithms • Hash algorithms • Cipher suite • Compression algorithms • Cryptographic secret number extraction • Session and connection
  70. 70. Handshake protocol● ClientServer Phase I Establishing Security Capabilities Server authentication and key exchange Phase III Client authentication and key exchange Finalizing the handshake protocol Phase II Phase IV
  71. 71. Structure details:● Key exchange algorithms Null RSA Anonymous Diffie-Hellman Ephemeral Diffie-Hellman Fixed Diffie-Hellman Fortezza Encryption algorithms Null Stream RC4 Block RC2 Block DES Block IDEA Block Fortezza Hash algorithms Null MD5 SHA-1
  72. 72. Structure details: Cipher suites● • SSL_RSA_WITH_NULL_MD5 NULL-MD5 • SSL_RSA_WITH_NULL_SHA NULL-SHA • SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 • SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 • SSL_RSA_WITH_RC4_128_SHA RC4-SHA • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 • SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA • SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA • SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA • SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. • SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. • SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. • SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. • SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. • SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA • SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA • SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA • SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 • SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 • SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA • SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA • SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. • SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. • SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
  73. 73. Handshake protocol●
  74. 74. Client Hello● TLS v1.0: RFC 2246 (1999) TLS v1.1: RFC 4346 (2006) TLS v1.2: RFC 5246 (2008)
  75. 75. Server Hello● Key exchange: RSA, Encryption: RC4, Hash: MD5
  76. 76. 인증서 C의 개인키[A의 공개키 ] A의 공개키[ K ] K 세션키로 하는 대칭키 암호화 통신 브라우저 내에 있는 인증기 관의 공개키로 인증기관의 전자서명을 검증한 후, A의 공개키 획득 K 128bit A의 공개키 A의 공개키A의 개인키 A의 공개키 인증기관C 웹A 인터넷상점이용자 C의 개인키 [A의 공개키] C의 개인키 [A의 공개키] K How to work●
  77. 77. X-CRYPTO Crypto++
  78. 78. About Crypto++● • Crypto++ Library 5.6.1, update 8/9/2010 – http://www.cryptopp.com/ – Crypto++ Library is a free C++ class library of cryptographic schemes. • License – License of Crypto++ is somewhat unusual amongst open source projects. A distinction is made between the library as a compilation (i.e., collection), which is copyrighted by Wei Dai, and the individual files in it, which are public domain. – Because one purpose of the project is to act as a repository of public domain (not copyrighted) cryptographic source code, the code in Crypto++ was either written specifically for this project by its contributors and placed in the public domain, or derived from other sources that are public domain.
  79. 79. Algorithms● algorithm type name authenticated encryption schemes GCM, CCM, EAX high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20 AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent, CAST-256 other block ciphers IDEA, Triple-DES (DES-EDE2 and DES-EDE3), Camellia, SEED, RC5, Blowfish, TEA, XTEA, Skipjack, SHACAL-2 block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR) message authentication codes VMAC, HMAC, CMAC, CBC-MAC, DMAC, Two-Track-MAC hash functions SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA- 512), Tiger, WHIRLPOOL, RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320 public-key cryptography RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN padding schemes for public-key systems PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5 key agreement schemes Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV insecure or obsolescent algorithms retained for backwards compatibility and historical value MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square
  80. 80. Platforms● Crypto++ supports the following compilers: • MSVC 6.0 - 2010 • GCC 3.3 - 4.5 • C++Builder 2010 • Intel C++ Compiler 9 - 11.1 • Sun Studio 12u1, Express 11/08, Express 06/10
  81. 81. high speed stream ciphers● • PANAMA – Algorithm Type: Stream Cipher – Designers: Craig Clapp, Joan Daemen – Published in: 1998 – Standards: – Cryptanalysis status: not yet broken (note: this may be out of date.) – http://www.cryptolounge.org/wiki/PANAMA • Sosemanuk – Designers: Aline Gouget, Anne Canteaut, Come Berbain, Cédric Lauradoux, Henri Gilbert, Hervé Sibert, Louis Goubin, Louis Granboulan, Marine Minier, Nicolas Courtois, Olivier Billet, Thomas Pornin – Published in: 2005 – Standards: ESTREAM Portfolio (rev. 1) (2008) – Cryptanalysis status: not yet broken (note: this may be out of date) – http://www.cryptolounge.org/wiki/Sosemanuk
  82. 82. high speed stream ciphers● • Salsa20 – Algorithm Type: Stream Cipher – Designers: Daniel J. Bernstein – Published in: 2005 – Standards: ESTREAM Portfolio (rev. 1) (2008) – Cryptanalysis status: not yet broken (note: this may be out of date. please see papers section to see how up to date the entries are) – http://www.cryptolounge.org/wiki/Salsa20
  83. 83. Crypto++ 5.6.0 Benchmarks● Algorithm MiB Per Second Cycles Per Byte Microseconds to Cycles to Setup Key and IV Setup Key and IV Panama-LE 843 2.1 1.695 3103 Salsa20 408 4.3 0.39 714 Salsa20/12 643 2.7 0.483 884 Salsa20/8 887 2 0.481 881 Sosemanuk 727 2.4 1.24 2,269 AES/CTR (128-bit key) 139 12.6 0.698 1,277 AES/CTR (256-bit key) 96 18.2 0.756 1,383 AES/CBC (128-bit key) 109 16 0.569 1,041 AES/CBC (256-bit key) 80 21.7 0.619 1,133 Twofish/CTR 59 29.4 7.716 14,121 DES/CTR 32 54.7 8.372 15,320 SEED/CTR (1/2 K table) 29 59.2 0.762 1,394 * NOTE: All were coded in C++, compiled with Microsoft Visual C++ 2005 SP1 (whole program optimization, optimize for speed), and ran on an Intel Core 2 1.83 GHz processor under Windows Vista in 32-bit mode
  84. 84. Protocol of X-Crypto● Choose Crypto type ClientServer GetEncryptedSessionKey() SetEncryptedSessionKey() GetEncryptedIV() Transfer Encrypted IV Using by Session Key Finish an initialization SetEncryptedIV() IntializeClient() Transfer Session Key Using by Server’s Public Key Start Crypto-system Using by Session Key & IV Version 1.5○
  85. 85. “Scope Creep”
  86. 86. Place in actual use●
  87. 87. “사용하시는 알고리즘은? “프로토콜 어떻게 동작하나요?” “RNG, IV 등에 대한 관리는 어떻게 되나요?” “Key 사이즈와 Key 관리는 어떻게 되나요?” “알고리즘은 교체할 수 있는 효율적인 프로토콜인가요?” “평문과 암호화 기법을 사용한 것의 성능 차이는 어떻게 되나요?” “프로토콜의 사용으로 동시 접속자 수용인원에 영향을 미치나요?” “암호와 압축은 어떤 순서로 동작하나요?” “프로토콜은 Replay Attack에 어떻게 동작하나요?” Questionnaire●
  88. 88. “OPTION에 따라 서로 다른 암호 알고리즘 선택 사용 가능” “Key 관리 자동화 툴” The extended suggestions● “Stream Cipher 추가” “성능 측정 데이터에 따른 분석” “TEST, TEST, TEST” Version 2.0○
  89. 89. “프로토콜 설계는 쉬운 작업이 아니다. Secure Socket Layer를 충분히 분석하여 익히자!” “새로운 알고리즘이 필요한 것이 아니라 기존 알고리즘 중에서 나에게 적합한 것을 찾자!” “Stream Cipher가 성능이 뛰어나다!” “난수 생성, 키 교체 알고리즘 등 관리적인 면도 강화하자!” “암호 분야 전문 지식이 부족하다면 3rd Party 솔루션을 사용하자 !” Suggestion …●
  90. 90. Quiz?
  91. 91. c494bcdvs88156d4310c906f6540bae4281ed59a7d7312d26dfa277da ce1bdf31f2da4a9de1cc2cw019ecc249b05aeaab69a35aed0784b3 cbb34f052d259fd56er9a48873613750cab91f8266bc23627398cfb ac6f6465dad662e6d395e36f07665b853bd 024727bvy8b8580d3103acd14b480a0848ec06f44775dfa1a1a792512 01967d1239ebe48c90b76aye245993c92530ba294d22f06d62b13f 7bfbc37b7674784ac5o12b44e0bae71731d435e97a84069743c877 ec11e9426db8f7ef1eb3677cb93eb17f09be 6d49390vcf02ffbf3105a69e16c18026d78b75eb59cf3e750be2f2a850 dfee18d683d652853af7bn5c8cc0a5a3ffd7febc461edae620e443bf 82f7f7c167133c4kc3a36ea7c7bac7299e0108c0111039bb12c5def 6dbd4c6855d9c6dd74a8eb4d39a6fc9d b47ca83vm3b5a46631013cebcbfbb0d18843e4d9858440ca3c90a6c1 21fd1693c073b00df8adb0dgdd0da7033ff41048fddf923405646f7 38638ec23345034dcaqce2102ee9156d572fc392902ef92643f1bbd 76e0e00ebe9c0cbeda0bbff6006f1e6ecc6 1294248vcb16d71b310be4048b521451da7ff36f7de8d8c3d2bad46b d668d0091081ab6928ce0f9z05bb39f97f91fba5a5c89053cc49cb5 4829ee6fe8b1688a32m7be78f64c8c21d4d3e0d6add7edba58b5fe 6f73c7e0e97d06906276aaeaf5ec42f9b867
  92. 92. Books●
  93. 93. References● • Wikipedia.com • “Windows Cryptography with C++” by 강선명 • “암호학과 네트워크 보안” by 손승원 외 3인
  94. 94. KGC 10th Congratulation!
  95. 95. 8F Seung Kwang Bldg., 143-8 Samsung-Dong, Gangnam-Gu, Seoul, 135-877, Korea 신 승 민 / Seungmin Shin TEL: +82-2-2050-4307 E-MAIL: joo @ windysoft.net 감사합니다! CONTACT ME

×