Cryptography for Smalltalkers - ESUG 2004


Published on

ESUG 2004

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • confidentiality - prevent eavesdropping (passive attack) integrity - prevent undetected modification (active attack) authentication - proof of origin (active attack) non-repudiation - undeniable proof of origin SSL provides authentication but doesn’t provide non-repudiation SMIME does both (theoretically) point-to-point vs end-to-end
  • Hardware implementations
  • Key stream reuse disastrous (P1 xor K) xor (P2 xor K) = P1 xor (K xor K) xor P2 = P1 xor P2 xoring 2 ciphertexts yields 2 xored plaintexts, easy to break
  • ARC4 – “Alleged” RC4
  • DEA (ANSI), DEA-1 (ISO) Lucifer descendant (IBM), NSA evaluated reviewed every 5 years 1983 – recertified, 1987 – recertified “last time” after public outcry 1993 – recertified, still no alternatives 1999 – reaffirmed 3DES, AES not finished yet
  • POSITIVES parallelizable NEGATIVES preserves plaintext patterns easily manipulated
  • N-bit OFB: smaller than block processing No need to pad. Doesn’t need decryption operation.
  • Nonce: usually message number combined with additional data to guarantee uniqueness N-bit CTR: smaller than block processing No need to pad. Doesn’t need decryption operation.
  • N-bit CFB: smaller than block processing No need to pad. Doesn’t need decryption operation.
  • double encryption – meet in the middle attach 2^n+1 instead of 2^2n triple encryption – 2key or 3key cascading – beware of algorithm interactions
  • Finalists Rijndael – Joan Daemen, Vincent Rijmen (Netherlands) Serpent – Ross Anderson (Cambridge, UK) Twofish – Bruce Schneier (Counterpane Inc) MARS – Don Coppersmith (IBM) RC6 – Ron Rivest (RSA Labs)
  • Cryptography for Smalltalkers - ESUG 2004

    1. 1. Cryptography for Smalltalkers Martin Kobetic Cincom Smalltalk Development ESUG 2004
    2. 2. Cryptographic Objectives <ul><li>confidentiality </li></ul><ul><ul><li>encryption </li></ul></ul><ul><li>integrity </li></ul><ul><ul><li>message authentication codes (MAC) </li></ul></ul><ul><li>authentication </li></ul><ul><ul><li>signatures </li></ul></ul>
    3. 3. Encryption <ul><li>E(P) = C & D(C) = P </li></ul><ul><li>symmetric (secret) key ciphers </li></ul><ul><ul><li>E K (P) = C & D K (C) = P </li></ul></ul><ul><li>asymmetric (public) key ciphers </li></ul><ul><ul><li>E K1 (P) = C & D K2 (C) = P </li></ul></ul><ul><li>one-time pad </li></ul>
    4. 4. Secret Key Ciphers <ul><li>bulk data encryption </li></ul><ul><li>built from simple, fast operations (xor, shift, x + y mod n, ...) </li></ul><ul><li>two fundamental classes </li></ul><ul><ul><li>stream ciphers (RC4) </li></ul></ul><ul><ul><li>block ciphers (DES/AES) </li></ul></ul>
    5. 5. Secret Key Ciphers <ul><li>key := ‘secret key’ asByteArray. </li></ul><ul><li>alice := ARC4 key: key. </li></ul><ul><li>msg := ‘Hello’ asByteArrayEncoding: #utf_8. </li></ul><ul><li>msg := alice encrypt: ‘Hello’ </li></ul><ul><li>msg asString. </li></ul><ul><li>bob := ARC4 key: key. </li></ul><ul><li>bob decryptInPlace: msg from: 1 to: 4. </li></ul><ul><li>msg asStringEncoding: #utf_8. </li></ul>
    6. 6. Stream Ciphers <ul><li>time-varying transformation on individual plain-text digits </li></ul><ul><ul><li>key-stream generator: k 1 , k 2 , k 3 , .... State S, NextState(S), Output(S) </li></ul></ul><ul><ul><li>E: c i = p i xor k i D: p i = c i xor k i </li></ul></ul><ul><li>Pike, A5, RC4, SEAL </li></ul><ul><li>key reuse is catastrophic! (a xor k) xor (b xor k) = a xor b </li></ul>
    7. 7. <ul><li>leaked trade secret of RSA Security (1994) </li></ul><ul><li>256 byte S-Box; 2 counters i=j=0 </li></ul>RC4 (1992) next key-stream byte: i = (i + 1) mod 256 j = (j+S i ) mod 256 swap S i and S j t = (S i + S j ) mod 256 K = S t S-Box initialization: S = 0, ..., 255 K = 256B of replicated key for i=0 to 255: j = (j + S i + K i ) mod 256 swap S i and S j
    8. 8. RC4 <ul><li>alice := ARC4 key: key. </li></ul><ul><li>msg := alice encrypt: 'Hello' asByteArray. </li></ul><ul><li>msg asHexString. </li></ul><ul><li>bob := ARC4 key: key. </li></ul><ul><li>(bob decrypt: msg) asString </li></ul>
    9. 9. Block Ciphers <ul><li>fixed transformation on blocks of plaintext (e.g 64, 128 bits) </li></ul><ul><li>basic transformation applied in rounds </li></ul><ul><li>DES, IDEA, CAST, Blowfish, RC2, RC5 </li></ul>
    10. 10. DES (1977) <ul><li> FIPS PUB 46 (1977) </li></ul><ul><li>FIPS PUB 46-3 (1999) </li></ul><ul><ul><li>triple DES still approved </li></ul></ul><ul><ul><li>single DES legacy systems only </li></ul></ul><ul><li>64 bit block size </li></ul><ul><li>56 bit key (64 bits with parity) </li></ul><ul><li>16 rounds using 48 bit subkeys </li></ul>
    11. 11. Block Ciphers - Padding <ul><li>key := ‘secret8B’ asByteArray. </li></ul><ul><li>alice := DES key: key. </li></ul><ul><li>alice encrypt: ‘Hello World!’ asByteArray. </li></ul><ul><li>alice := BlockPadding on: DES new. </li></ul><ul><li>alice setKey: key. </li></ul><ul><li>(alice encrypt: ‘Hello World!’ asByteArray) asString. </li></ul>
    12. 12. Block Ciphers - Padding <ul><li>must be reversible </li></ul><ul><li>pad with bits “100…0” </li></ul><ul><li>pad with padding size (1-8) </li></ul><ul><ul><li>aka PKCS#5 padding </li></ul></ul><ul><li>ciphertext stealing </li></ul><ul><ul><li>different for different modes (ECB, CBC) </li></ul></ul><ul><li>some modes don’t need padding </li></ul>
    13. 13. Block Ciphers - ECB <ul><li>electronic codebook mode </li></ul><ul><li>C i = E k (P i ) </li></ul><ul><li>P i = D k (C i ) </li></ul><ul><li>don’t use ! </li></ul>
    14. 14. Block Ciphers - CBC <ul><li>cipher block chaining mode </li></ul><ul><li>C i = E k (P i xor C i-1 ) </li></ul><ul><li>P i = C i-1 xor D k (C i ) </li></ul><ul><li>initialization vector (IV) </li></ul><ul><ul><li>isn’t secret but unique, random </li></ul></ul><ul><ul><li>timestamp, nonce, random nr </li></ul></ul>
    15. 15. Block Ciphers - CBC <ul><li>alice := CipherBlockChaining </li></ul><ul><li>on: DES new </li></ul><ul><li>iv: ‘nonce 8B’ asByteArray. </li></ul><ul><li>alice setKey: ‘secret8B’ asByteArray. </li></ul><ul><li>msg := ‘a block a block ’ asByteArray. </li></ul><ul><li>msg := alice encrypt: msg. </li></ul><ul><li>msg asString </li></ul>
    16. 16. Block Ciphers - CBC <ul><li>alice := DES newBP_CBC. </li></ul><ul><li>alice setKey: 'secret8B' asByteArray. </li></ul><ul><li>alice setIV: 'nonce 8B' asByteArray. </li></ul><ul><li>msg := 'Hello World!' asByteArray. </li></ul><ul><li>msg := alice encrypt: msg. </li></ul><ul><li>msg asString. </li></ul>
    17. 17. Block Ciphers - OFB <ul><li>output feedback mode </li></ul><ul><li>S i = E k (S i-1 ) </li></ul><ul><li>C i = P i xor S i </li></ul><ul><li>P i = C i xor S i </li></ul><ul><li>like synchronous stream cipher </li></ul><ul><li>(OutputFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray </li></ul>
    18. 18. Block Ciphers - CTR <ul><li>counter mode </li></ul><ul><li>S i := E k (Nonce || i) </li></ul><ul><li>C i = P i xor S i </li></ul><ul><li>P i = C i xor S i </li></ul><ul><li>OFB variant </li></ul>
    19. 19. Block Ciphers - CFB <ul><li>cipher feedback mode </li></ul><ul><li>C i = P i xor E k (C i-1 ) </li></ul><ul><li>P i = C i xor E k (C i-1 ) </li></ul><ul><li>like self-synchronizing stream cipher </li></ul><ul><li>(CipherFeeback on: DES new) setKey: ‘secret8B’ asByteArray; setIV: ‘nonce 8B’ asByteArray </li></ul>
    20. 20. Block Ciphers - Mixing <ul><li>interleaving </li></ul><ul><ul><li>parallelizing “chained” modes </li></ul></ul><ul><li>multiple encryption with single cipher </li></ul><ul><ul><li>double encryption – no good </li></ul></ul><ul><ul><li>3EDE (inner/outer CBC) </li></ul></ul><ul><li>cascading different ciphers </li></ul>
    21. 21. Block Ciphers - Mixing <ul><li>des3 := TrippleEDEOuterCBC </li></ul><ul><li>first: DES new </li></ul><ul><li>second: DES new </li></ul><ul><li>third: DES new. </li></ul><ul><li>des3 := DES new3EDE_CBC. </li></ul><ul><li>des3 setKey: ’24bytes for 3 keys’ asByteArray. </li></ul><ul><li>des3 setIV: ‘nonce 8B’ asByteArray. </li></ul>
    22. 22. AES (2001) <ul><li>NIST FIPS PUB 197 (2001) - Rijndael </li></ul><ul><li>15 submissions (1998) </li></ul><ul><li>5 finalists: MARS, Serpent, Twofish, RC6 </li></ul><ul><li>modes: ECB, CBC, CFB, OFB, CTR </li></ul><ul><li>block size 128 bits </li></ul><ul><li>key sizes 128, 192, 256 bits </li></ul><ul><li>10, 12, 14 rounds </li></ul>
    23. 23. Blowfish (1993) <ul><li> </li></ul><ul><li>block size 64-bits </li></ul><ul><li>variable key size 32-448 bits </li></ul><ul><li>not patented, royalty-free </li></ul><ul><li>2 parts: key expansion & data encryption </li></ul><ul><li>16 rounds, key dependent S-Boxes </li></ul>
    24. 24. Books <ul><li>Anderson: Security Engineering </li></ul><ul><li>Ferguson, Schneier: Practical Cryptography </li></ul><ul><li>Kahn: The Codebreakers, … </li></ul><ul><li>Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography </li></ul><ul><li>Schneier, B: Applied Cryptography </li></ul>