Successfully reported this slideshow.
Upcoming SlideShare
×

# ENEI 2014 - Cryptography

2,603 views

Published on

A brief introduction to cryptography and its mechanisms (eg. Ciphers, Smart Cards, etc..) , where it is found and why it is useful. Presented at ENEI 2014 in Aveiro.

Published in: Education, Technology
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Hello! I have searched hard to find a reliable and best research paper writing service and finally i got a good option for my needs as ⇒ www.HelpWriting.net ⇐

Are you sure you want to  Yes  No

Are you sure you want to  Yes  No

Are you sure you want to  Yes  No
• Be the first to like this

### ENEI 2014 - Cryptography

1. 1. Cryptography João Paulo Barraca <jpbarraca@ua.pt> ENEI 2014 - Aveiro
2. 2. Privacy Restrict information to a limited number of entities Privacy State of being free from being observed Flickr, valpearl/5103209989
3. 3. Security • The state of being free from danger or threat Security The state of being free from danger or threat Flickr, juanktru/3503494338
4. 4. Cryptography Write something in a covert way Greek: Kryptós (Hidden), graphein (Write) ! Similar to Steganography Cryptography Flickr, delgrossodotcom/3211643440
5. 5. Cryptography key = ‘qwerty’ text = ‘Meet with Alex at 13:05’ Base64( AES-128-ECB(key, text) ) U2FsdGVkX1/ Q7MhqgxAWF5YU57uZRzDfCDuJa6k0u QW9CZvB22svyiE/WdxKXid3
6. 6. Cryptography key = ‘qwerty’ text = ‘Meet with Alex at 13:05’ Base64( AES-128-ECB(key, text) ) U2FsdGVkX1/ Q7MhqgxAWF5YU57uZRzDfCDuJa6k0u QW9CZvB22svyiE/WdxKXid3 Output seems to be random
7. 7. Steganography ! text = ‘Meet with Alex at 13:05’ method = encode Least Signiﬁcant Bit (00000001)
8. 8. Steganography ! text = ‘Meet with Alex at 13:05’ method = encode Least Signiﬁcant Bit (00000001) Covert Channel
9. 9. Steganography ! text = ‘Meet with Alex at 13:05’ method = encode Least Signiﬁcant Bit (00000001) Output seems to be unmodiﬁed
10. 10. Cryptography Uses Increase Security 2 - Assure origin of information (Authentication) 1 - Condition access to information (Privacy)
11. 11. Ancient Times • Simple ciphers • Transposition: change symbol order • Substitution: replace symbols • Transmit encoded messages • Military, Political partners, Private conversations Flickr, stuckincustoms/189321498
12. 12. Scytale Flickr, templar-revenged/12468322164 ! Transposition Cipher ! Used by Greeks and Spartans
13. 13. Caesar Cipher ! ! E -> B N -> K E -> B I -> F Substitution Cipher
14. 14. Stallings, W. Cryptography and Internet Security: Principles and Practices. Upper Saddle River: Prentice, 1999.
15. 15. XIX, XX centuries More complex ciphers Using electro- mechanical devices Integration with communication lines (telegraph) Flickr, elsie/3916831047
16. 16. Enigma Transposition Cipher Flickr, timg_vancouver/200625463
17. 17. Flickr, brewbooks/3317243295
18. 18. Lorenz Vernan Cipher (substitution)
19. 19. Modern Times: > 1970 • Even more complex ciphers ! • Based on mathematical models • Applied by computers • Impossible to solve by hand! ! • Mostly use substitution algorithms
20. 20. Symmetric Crypto • Single key to cipher and decipher • Key sets state of cipher algorithm Text Cipher Algorithm Cryptogram Key Cipher Algorithm Text Key ???
21. 21. Stream Ciphers • Key sets cipher state • Cipher produces random sequence • Sequence is XORed with data
22. 22. Stream Ciphers Text Cipher Algorithm Key Cipher Algorithm Key ??? ++ Cryptogram Text Key Stream Key Stream
23. 23. Stream Ciphers • 1 byte encoded (XOR) at a time • Very fast! • Good for communications! • Size of input equals size of output • Typical Key Sizes: >128 bits
24. 24. Stream Ciphers • A5 - Mobile Phone Communications • RC4 - Wiﬁ WEP, Internet HTTPS
25. 25. • O Original Text
26. 26. Cryptogram seems to be random
27. 27. Block Ciphers • Input processed in blocks • Block size related to key size ! • Output is multiple of block size • Typical sizes: 64bits, 128bits, 192bits, 256bits
28. 28. Block Ciphers • Cipher algorithm does substitutions and permutations • Key deﬁnes how • Typical algorithms: AES, Blowﬁsh, 3DES…
29. 29. Block Ciphers CipherKey Decipher Key ??? Cryptogram Cryptogram
30. 30. Cryptogram doesn’t seems to be random
31. 31. Block Ciphers • Blocks with same content will result in same output • … because blocks are ciphered individually • …. no feedback mechanism
32. 32. Cipher Modes • Aditional Cipher Modes destroy patterns • eg, Cipher-block chaining (CBC) CipherKey Block 1 Cryptogram CipherKey Cryptogram Block 2 + +IV
33. 33. Asymmetric Crypto • Uses a pair of keys: • Public Key: every one may have it • Private Key: never should be disclosed • One key can do the oposite of the other
34. 34. Conﬁdentiality CipherPublic Key Decipher ??? Cryptogram Cryptogram Private Key
35. 35. Authentication CipherPrivate Key Decipher ??? Cryptogram Cryptogram Public Key
36. 36. Who uses cryptography? Should I (You) use? Flickr, icedsoul/3194511482
37. 37. Spies Flickr, dunechaser/2630433944
38. 38. Military Flickr, lord_dane/4809995767
39. 39. … and every one else
40. 40. Cryptography It’s a building block of our society Flickr, nickobec/359440072
41. 41. Enforces Security • Cipher: Restricts access to Information • Only holder of KEY can decipher cryptogram ! • Authentication: Restricts access to Actions • KEY asserts identity of its holder Flickr, adulau/7712545428
42. 42. In other words… • You really know with whom you are sharing information • Entities are Authenticated • Mechanisms really restrict who accesses information • Data is private Flickr, adulau/7712545428
43. 43. Wiﬁ • Restrict Access to authorised users • eg, Your friends • Make traﬃc conﬁdential • Wireless signals travel a long distance Flickr, _miki/3425273296
44. 44. Wiﬁ • Shared key (Password) provided by user is converted into key • All trafﬁc is ciphered • Only key holders are authorised to associate • Prevents eavesdropping and usage
45. 45. Wiﬁ • WEP: RC4 (Stream Cipher, weak) • Uses 24bits IV (‘random’) + 104bit Key • WPA/WPA2: AES/CCMP (Block Ciphers) • 128bit, per packet key • 802.1x: Extensible Authentication Protocol (EAP)
46. 46. Mobile Phones Identify user Identify sim card (client) Identify terminal Make all trafﬁc conﬁdencial Flickr, 26311710@N02/3235380837
47. 47. Mobile Phones • SIM card is protected by PIN • Contains algorithms for authentication • Contains Keys shared with Service Provider • Terminal contains identiﬁer (IMEI) • Trafﬁc is ciphered
48. 48. Secure Sockets Layer (SSL) • Protect trafﬁc over communication networks • Authenticate endpoints • Make trafﬁc conﬁdential
49. 49. Secure Sockets Layer (SSL) • Extensively used in the Internet • HTTPS, IMAPS, POP3S, XMPP, etc.. • Based on Certiﬁcates and Asymmetric Cryptography • Established tunnel before actual data
50. 50. Secure Sockets Layer (SSL) • Server has Certiﬁcated issued by Trusted CA • Client has temporary keys or trusted certiﬁcate • Single (Server) or Mutual authentication • All trafﬁc is conﬁdential
51. 51. Identiﬁcation • Identify citizen / user • Stronger method than visual ones • Enable authentication over the Internet • eg, web pages, emails, digital documents
52. 52. Identiﬁcation • Smart Card protected by PIN codes • Certiﬁcate issued by State • Private Key that can be used for signing • Card is secure against tampering • Private Key never leaves Smart Card
53. 53. Identiﬁcation I'm Maria Prove It! Random_number Sure! Sign(Random_number), CertVerify Certiﬁcate Verify Signature Request Card to Sign Hello Maria!
54. 54. Information Conﬁdentiality • Most systems provide Software ciphered storage • FileVault, BitLocker, TrueCrypt • Devices also support ciphered storage • Self Encrypting Drives Seagate
55. 55. Attacking Cryptographic Systems
56. 56. Direct Attacks • Analyse cryptographic algorithms • Find weaknesses in its components • Require serious mathematical skills ! • Frequent contests to elect the best algorithm • ex: 3DES, AES, SHA
57. 57. Direct Attacks • Brute force • Try every possible combination • Example: RSA 2048 • Time required: ~6.4 quadrillion years • Universe age: 13.2 billion years http://www.digicert.com/TimeTravel/math.htm ECRYPT II
58. 58. Direct Attacks • Brute force • Try every possible combination • Example: RSA 2048 • Time required: ~6.4 quadrillion years • Universe age: 13.2 billion years http://www.digicert.com/TimeTravel/math.htm Considering evolution in computer capacity RSA 2048 secure until 2030 ! Source, ECRYPT II
59. 59. Direct Attacks • Brute force • Try every possible combination • Example: RSA 2048 • Time required: ~6.4 quadrillion years • Universe age: 13.2 billion years http://www.digicert.com/TimeTravel/math.htm If aiming at a user created password, results should be ready soon
60. 60. Indirect Attacks • Obtain information indirectly • Algorithm is not broken • Implementation is broken • Implementation leaks information • User is the frequent target
61. 61. Human Behaviour
62. 62. Human Behaviour
63. 63. Power Leakage Consumption when Key bit is 0 Consumption when Key bit is 1 Wikimedia Foundation
64. 64. Sound Leakage Daniel et al
65. 65. Implementation Errors • Heartbleed bug in openssl 1.0.1-1.0.1f • Allows extracting 64Kbytes from server memory • Affects all systems using SSL
66. 66. Implementation Errors ... if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; … Apple “GOTO” bug, 2014
67. 67. Thanks