Introduction To Encryption in Lasso 8.5


Published on

Presentation at LDC09: Introduction To Encryption in Lasso 8.5

Published in: Technology, Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Introduction To Encryption in Lasso 8.5

  1. 1. Session: Encryption Bil Corry
  2. 2. Caveat Emptor <ul><li>I am not a cryptographer
  3. 3. I only have a rudimentary understanding of cryptography
  4. 4. When in doubt, hire a professional </li></ul>
  5. 5. Encryption is strong, yet fragile <ul><li>Works well when implemented correctly
  6. 6. Easy to get wrong = broken implementation = insecure encryption
  7. 7. When there's a breach, keys have to be swapped out </li></ul>
  8. 8. Advice from Experts <ul><li>Never create/implement your own cipher
  9. 9. Do not implement an encryption scheme using low-level APIs (OpenSSL, etc)
  10. 10. Use a high-level API such KeyCzar, GPGME, or cryptlib </li><ul><li>
  11. 11.
  12. 12. </li></ul></ul>
  13. 13. High-Level APIs <ul><li>Abstract technical details
  14. 14. Safe defaults for key lengths, algorithms, and modes
  15. 15. Allow for key rotation and versioning
  16. 16. Automated generation of initialization vectors and other setup requirements </li></ul>
  17. 17. Encryption Gone Bad <ul><li>The default Pseudo Number Random Generator (PNRG) not suited for encryption </li><ul><li>Use the following instead: </li><ul><li>Java:
  18. 18. Unix: /dev/urandom
  19. 19. Windows: CryptGenRandom or RtlGenRandom from ADVAPI32.DLL </li></ul></ul></ul>
  20. 20. Encryption Gone Bad (cont) <ul><li>Block Cipher Modes </li><ul><li>OFB, CFB, CTR – fatal if output or counter reused
  21. 21. CCM, EAX, GCM, OCB – fatal if IV reused </li></ul><li>ECB: </li></ul>ECB-encrypted image of Tux Plaintext image of Tux Image of Tux encrypted in other (chained) modes From:
  22. 22. Encryption Gone Bad (cont) <ul><li>Encrypting IDs sent roundtrip to client doesn't protect from tampering (integrity) </li><ul><li>Use HMAC to verify hasn't been tampered with </li></ul><li>Custom hash constructions </li><ul><li>hash(key + data) open to length extension attack to determine the key -> use HMAC instead </li></ul></ul>
  23. 23. Encryption Gone Bad (cont) <ul><li>Many real-world examples of popular webapps getting crypto wrong: </li><ul><li> authentication flaws
  24. 24. Wordpress Cookie Integrity Vulnerability
  25. 25. Amazon Web Services v1 – lacked structure for data </li></ul></ul>
  26. 26. Types of Encryption <ul><li>Symmetric
  27. 27. Asymmetric
  28. 28. Hash </li><ul><li>Message Authentication Code (MAC) </li></ul></ul>
  29. 29. Symmetric <ul><li>Secret key used to both encrypt and decrypt
  30. 30. Examples: </li><ul><li>Blowfish
  31. 31. DES
  32. 32. 3DES
  33. 33. AES </li></ul></ul>
  34. 34. Symmetric Example [ Encode_Hex( Cipher_Encrypt('Data', -Cipher='CAST5-CBC', -Key='supersecretpassword') ); '<br>'; Cipher_Decrypt( Decode_Hex('D7BF2BE2EA29D2C9'), -Cipher='CAST5-CBC', -Key='supersecretpassword' ); ] LP8: D7BF2BE2EA29D2C9 Data
  35. 35. Asymmetric <ul><li>Public/Private Key Cryptography
  36. 36. Encrypt with public key to send over insecure channel that only can be decrypted with the private key
  37. 37. Encrypt with the private key, the public key can decrypt to verify the authenticity of the signer
  38. 38. Examples: </li><ul><li>SSL, PGP, S/MIME </li></ul></ul>
  39. 39. Asymmetric Example Currently in Lasso, you would need to use [os_process] to use PGP or similar command-line tool to sign/encrypt using public/private keys.
  40. 40. Hash <ul><li>One-way algorithm
  41. 41. Used as an integrity check, storing passwords
  42. 42. Examples: </li><ul><li>MD5
  43. 43. SHA-1
  44. 44. SHA-256 </li></ul></ul>
  45. 45. Hash <ul><li>The ideal cryptographic hash function has four main properties: </li><ul><li>it is easy to compute the hash value for any given message,
  46. 46. it is infeasible to find a message that has a given hash,
  47. 47. it is infeasible to modify a message without changing its hash,
  48. 48. it is infeasible to find two different messages with the same hash. </li></ul></ul>
  49. 49. Hash Example [ encode_hex( cipher_digest('Data',-digest='RIPEMD160') ) ] LP8: 934C399FC545B1C385E96CC30EFE8321B84F107C
  50. 50. Rainbow Table Attack <ul><li>Rainbow tables contain pre-computed hashes of most likely secrets – allows quick reversing of a hash
  51. 51. Example: </li><ul><li>934C399FC545B1C385E96CC30EFE8321B84F107C = Data </li></ul><li>Use a 'salt' to defeat rainbow tables
  52. 52. Iterate hash 1000 times or more – key strengthening </li></ul>
  53. 53. <ul><li>Message Authentication Code (MAC) </li></ul><ul><li>Similar to hash, but takes a secret key
  54. 54. Protects integrity and authenticity
  55. 55. Secret key used to create MAC and validate its authenticity
  56. 56. HMAC is MAC using a specific algorithm (RFC 2104) </li></ul>
  57. 57. HMAC Example [Encrypt_HMAC( 'Data', 'supersecretpassword', -Digest='SHA1',-Cram) ] LP8: 13c6e2d6bafbbed0723a00a61f79cde424cb83b7
  58. 58. Recommendations for Lasso <ul><li>SSL for transport
  59. 59. Do not use JavaScript encryption
  60. 60. Symmetric (data at rest) </li><ul><li>[encrypt_blowfish]
  61. 61. [cipher_encrypt(-cipher='CAST5-CBC')] </li></ul><li>Hash (passwords) </li><ul><li>[cipher_digest(-cipher='RIPEMD160')] </li></ul></ul>
  62. 62. Recommendations for Lasso <ul><li>HMAC (roundtrip public data, w/symmetric encryption for roundtrip secret data) </li><ul><li>[Encrypt_HMAC(-Digest='SHA1')] </li></ul><li>Remember to allow for key rotation, key revocation, and algorithm changes
  63. 63. Use a unique salt for every hash
  64. 64. Use key strengthening of at least 1000 for hashes of passwords
  65. 65. Protect keys! </li></ul>
  66. 66. Don't Do This <ul><li>Store passwords in plaintext
  67. 67. Use the same salt for all passwords
  68. 68. Use MD5 for anything
  69. 69. Use ECB mode
  70. 70. Re-use keys for different purposes
  71. 71. Create your own cipher </li></ul>
  72. 72. CarTalk: The Puzzler 2007-12-17 Imagine you have a friend who lives in Russia where the KGB spies on everyone and everything and you want to send a valuable object to this friend. So you have a box which is more than large enough to contain the object and you have several locks with keys. Now this box, I suppose you could call it a strongbox, has a lock ring which is more than large enough to have a padlock attached to it. In fact it's large enough to accommodate several locks. But your friend does not have to the key to any lock that you have. Now you can't send a key in the mail because the KGB will intercept it and they will copy it. And you can't not lock the box, because the object is very valuable. So you have to send it through the mail. You can't hand deliver it. You want to lock it so that your friend can open it, but the KGB can't. The question is, how would you do it? From:
  73. 73. CarTalk: The Puzzler Answer 2007-12-17 RAY: So the question is how do you package your valuable objects so that the KGB cannot open it, but your friend can? Now instead of a key, I would have mailed a hacksaw. But in the spirit of the puzzler that wouldn't have been fair. TOM: Sure. RAY: You put the valuable thing in the box. You put as many locks as you want on the clasp, making sure you leave room for at least one more. TOM: Yeah. RAY: You mail the thing to Russia. Your friend gets it. He doesn't have a key to any of these locks that you put on it. He puts another lock on it for which he has the key. He mails it back to you. You remove all of your locks and you can't get it open now. But you don't have to. TOM: He can. RAY: When you mail it back to him. From:
  74. 74. Thank You! Questions?