SlideShare a Scribd company logo

AllBits presentation - Security in Theory

AllBits BVBA (freelancer)
AllBits BVBA (freelancer)

Introduction in Security given by Bart Van Bos at Nalys. Topics: - Cryptographic Algorithms - Entity Authentication - Network Security (SSL/TLS)

Software
1 of 46
29-01-2015 by Bart Van Bos - AllBits29-01-2015 by Bart Van Bos - AllBits Security in TheorySecurity in Theory Cryptography and Entity Authentication
Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication ● Network Security ● Conclusion
Security Terminology ● Definitions – Confidentiality - limit access to information – Authentication - confirming the truth of an attribute – Authorization - access control – Non-repudiation - unable to deny an action ● Don't use the word authentication without defining it Data Entities Confidentiality encryption anonymity Authentication data authentication identification
Cryptology Basic Principles ● Alice – Bob – Eve clear text %^C&@&^( CRYPTO box clear text %^C&@&^( CRYPTO boxListen – Modify Alice Bob Eve
Presentation Overview ● Introduction ● Cryptographic Algorithms – Symmetric algorithms – Public-key Cryptology ● Entity Authentication ● Network Security ● Conclusion
Symmetric Encryption ● Confidentiality through encryption – Stream ciphers ● RC4 – 1987 by Ron Rivest (MIT) ● E0 (Bluetooth) or A5/1 (GSM) – Block ciphers ● DES and triple-DES ● AES ● Stream cipher – Plain text digits are combined with a pseudo random cipher digit stream (key stream) ● Block cipher – Fixed-length groups of bits, called blocks, with an unvarying transformation
Stream cipher init state next state function output function IV K + init state next state function output function IV K + Plain textPlain text Cipher text looks random
Stream cipher key stream ● For a fixed key K and initial value IV, the stream cipher output is a deterministic function of the state ● A repetition of the state (for a given K, IV) leads to a repetition of the key stream and plain text recovery ● Exhaustive key search (2014) – 240 instructions is easy, 260 is somewhat hard, 280 is hard, 2128 is completely infeasible – < 70 bits is insecure. 80 bits OK for 1 year. 100 bits for 20 years
Block cipher plain block 1 plain block 2 plain block 3 cipher block 1 cipher block 2 cipher block 3 block cipher block cipher block cipher – Larger data units: 64... 128 bits – Memoryless – Repeat simple operation (round) many times
AES Rijndael ● Advanced Encryption Standard – Open Competition launched by US government in 1997 to replace DES ● Joan Daemen and Vincent Rijmen ● Graduated a ESAT KUL – 128 bit block cipher with key of 128/192/256 bits – As strong as triple DES ● More efficient ● Royalty free
Symmetric Data Hashing ● Data authentication through Hashing – A hash function is a one way function – Hash functions without a key ● MDC (Manipulation Detection Code) – MD5: collisions 230 steps – SHA-1: collisions 269 steps – SHA-3 (Keccak – BE 2013): collisions 2256 steps – Hash functions with a secret key ● MAC (Message Authentication Code)
Data authentication with MDC ● Protect short hash value rather then long text ● Pre-image resistance – Give y, hard to find x, such that hash(x) = y – Hard to find x' ≠ x, such that hash(x') = hash(x) This is an input to a cryptographic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are additional security conditions: it should be very hard to find an input hashing to a given value (a pre-image) or to find two colliding inputs (a collision). 7E6FD7198A198FB3C HASH ● (MD5) ● (SHA-1)/256/512 ● RIPEMD-60 ● SHA-3 (BE design)
MAC Algorithms ● Alice – Bob – Eve clear text clear text MAC clear text clear text VERIFYModify Alice Bob Eve
Data authentication with MAC ● Protection of authenticity of long messages => protection of secrecy of short key ● Add MAC to the plain text ● Birthday attacks: security level smaller < expected This is an input to a MAC algorithm. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are additional security conditions: it should be very hard for someone who does not know the secret key to compute the hash function on a new input. 7E6FD7198A198FB3C HASH ● CBC-MAC (3DES) ● HMAC (AES) ● GMAC
Cipher Block Chaining MAC ● MAC algorithms – Banking: CBC-MAC based on triple DES – Internet: HMAC and CBC-MAC based on AES – Initial Vector should be random and secret AES + K plain block 1 cipher block 1 AES + K plain block 1 cipher block 1 AES + K plain block 2 cipher block 2 AES + K plain block n cipher block n ... IV MAC
Presentation Overview ● Introduction ● Cryptographic Algorithms – Symmetric algorithms – Public-key cryptology ● Entity Authentication ● Network Security ● Conclusion
Why Public-key Cryptology? ● Limitation of symmetric cryptology – Reduce security of information to security of keys – But how to establish these secret keys? ● Cumbersome and expensive ● Risky: all keys in one place – Do we really need to establish secret keys?
Public Key Encryption clear text %^C&@&^( CRYPTO box clear text %^C&@&^( CRYPTO boxListen Alice Bob Eve Public key Private key ● Public key cryptology: encryption
Public Key Digital signatures ● Public key cryptology: digital signature clear text %^C&@&^( CRYPTO box clear text %^C&@&^( CRYPTO boxModify Alice Bob Eve Private key Public key
Key transport using RSA ● RSA protocol (1978 - Rivest, Shamir and Adleman) – The security of RSA is based on the fact that it is easy to generate two large primes, but that it is hard to factor their product ● encryption: c = me mod(n) ● decryption: m = cd mod(n) – How does Bob know that k is coming from Alice? ● In reality as Alice you'll use a password or credit card number to identify yourself to Amazon – What happens if private server key SKB is leaked or requested by the NSA or hackers? All historical data can be read → no forward secrecy! generate k encrypt with PKB sign with SKA decrypt using SKB to obtain k verify using PKA SigSKA {EPKB (k || tA )}
Key transport using STS ● Station to Station (STS) protocol – Diffie-Hellman: first published in 1976 – Before: Alice & Bob never met and share no secrets – After: Alice & Bob share short term key k ● Eve cannot compute k (discrete logarithm problem) ● Provides perfect forward secrecy generate x compute αx compute k = (αy )x √ SigB generate y compute αy compute k = (αx )y √ SigA αx αy SigA(αx ,αy ) SigB(αy ,αx )
Public key cryptology ● Advantages – Protection of information => authenticity of public keys – Confidentiality without secret keys: open environment – Data authentication without shared secret keys: digital signature ● Disadvantages – Calculation in HW/SW is 2 to 3 orders of magnitude slower than symmetric algorithms – Longer keys: 1024 bits iso 56 ... 128
Cryptographic SW Libraries C, C++, C# Java ● Botan (C++) ● Cryptlib (C) ● Crypto++ (C++) ● CyaSSL (C) embedded ● GnuTLS (C) ● Libgcrypt (C++) ● MatrixSSL (C++) embedded ● Miracl (binaries) ● OpenSSL (C++) ● PolarSSL (C) ● SunJCA/JCE ● BouncyCastle (BC, C#) ● CryptixCrypto ● EspreSSL ● FlexiProvider ● GNU Crypto ● IAIK ● Java SSL ● RSA JSafe Reference: http://ece.gmu.edu/crypto_resources/web_resources/libraries.htm
Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication – Passwords – Symmetric Keys – Public Keys ● Network Security ● Conclusion
Entity Authentication ● Entity Authentication - one is corroborated of the identity of another party and of the fact that this party is alive (active) during the protocol Why should I believe her? Hello Bob, I am Alice
Entity Authentication Elements ● What someone knows – Password, PIN code ● What someone has – Magnetic stripe card, smart card ● What someone is (biometrics) – Fingerprint, retina, hand shape... ● How someone does something – Manual signature, typing pattern ● Where someone is – Dial back, location based services (GSM, Galileo) Xur%9pLr
Password identification ● Bob stores hash(P) rather then P ● Eve can guess the password P ● Eve can eavesdrop the channel and learn Alice's password OK! Hello Bob, I am Alice. My password P is Xur%9pLr One-way hash P f(P) Alice f(Xur%9pLr)
Password identification ● Every user a random publicly known salt S. ● Bob stores hash(P,S)||S rather then P ● It's harder to attack the passwords of all users simultaneously OK! Hello Bob, I am Alice. My password P is Xur%9pLr One-way hash P f(P || S) Alice f(Xur%9pLr || 987&*) || 987&*) S
Human memory is limited ● Store key K on magnetic stripe, USB keys or hard disk ● Stops guessing attacks ● But does not solve the other problems related to password ● And you identify the card, not the user ● Possibility of replay: liveliness is missing
Static Data Authentication ● Replace K by a signature of a third party CA (Certificate Authority) on Alice's name SigSKCA(Alice) ● Advantages – Can be verified using public string PKCA – Can only be generated by CA ● Disadvantages – Possibility of replay due to liveliness is missing – Can still be copied/intercepted – Signature = 40...128 bytes DN: cn= Alice, o=KBC, c=BE Serial #: 8391037 Start: 3/02/13 1:00 End: 3/02/14 00:59 CRL: cn=BCC, o=EMV, c=BE CA DN: o=EMV, c=BE
Identification symmetric token ● Challenge response protocol – Eavesdropping no longer effective – Bob still needs to have the secret key K – Detects whether Alice is alive! OK! MACK (r) random number r K K
Identification symmetric token ● With implicit challenge from clock – Eavesdropping no longer effective (no challenge) – Bob still needs to have the secret key K – Resynchronization mechanism needed OK! MACK (time) K K http://allthingsd.com/20110404/rsa-explains-how-it-was-hacked http://www.computerworld.com/article/2511297/security0/diginotar-dies-from-certificate-hack-caper.html
Identification public key token ● Use private key to sign the challenge r ● Eavesdropping no longer effective ● Bob no longer needs a secret – only PKA ● Most expensive (€ and time) OK! SigSKA (r) random number r SKA PKA
Overview Identification Protocols Guess Eavesdrop (liveliness) Impersonation by Bob Secret info for Bob Security Password - - - - 1 Magnetic stripe (SK) + - - - 2 Magnetic stripe (PK) + - - + 3 Dynamic PW + + - - 4 Smart Card (SK) + + - - 4 Smart Card (PK) + + + + 5
Entity authentication in practice ● Phishing – mutual authentication ● 2 stage authentication user → device, device → world ● Forward credentials – biometry ● Interrupt after initial authentication – authenticated key establishment (session key to encrypt data) ● Mafia fraud – distance bounding ● Protocol errors – check that local device authentication is linked to entity authentication protocol https://www.youtube.com/watch?v=JPAX32lgkrw http://www.cl.cam.ac.uk/research/security/banking/nopin
Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication ● Network Security – Transport Layer Security (SSL/TLS) ● Conclusion
Transport Layer Security ● Connection-oriented data confidentiality and integrity, with optional client and server authentication TCP SSL TCP SSL https://http:// HTTP HTTP over SSL browser 4 - Transport 3 - Network 2 – Data Link 1 - Physical 5 - Session 6 - Presentation 7 - Application SSL Secure Sockets Layer (Netscape) TLS Transport Layer Security (IETF) secure web server SSL 1.0 N/A SSL 2.0 1995 SSL 3.0 1996 TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 TBD
TLS Protocol Details ● A new record layer is inserted ● Handshake – Negotiation of Crypto Algorithms – Client/Server Authentication – Cryptographic Key Establishment ● Encryption (1st) ● MAC (2nd) – Key confirmation Application (http, telnet...) Transport Layer (TCP) Record Layer Protocol Handshake protocol Cipher Spec protocol Application protocol Client Hello Server Hello Application Data Data SSL Record Change Cipher Spec
TLS Handshake Overview ✔ start handshake, protocol version, algorithms ✔ authentication server + exchange (pre)master secret ✔ client authentication ✔ end handshake, integrity verification (*) Hello Request Server Hello Certificate Server Key Exchange Certificate Request Server Hello Done [change cipher spec] Finished Client Hello Certificate Client Key Exchange Certificate Verify [change cipher spec] Finished CLIENT SERVER MAC* MAC*
Data encapsulation options ● Integrity ● Confidentiality key size 144 160 256 algorithm HMAC-MD5 HMAC-SHA1 HMAC-SHA256 key size 40 56 128 168 256 algorithm options RC4_40 RC2_CBC_40 DES_CBC_40 DES_CBC RC4 IDEA_CBC AES_CBC 3DES_EDE_CBC AES_CBC TLS 1.2 TLS 1.0 – http://tools.ietf.org/html/rfc2246 TLS 1.2 – http://tools.ietf.org/html/rfc5246
TLS Key Management Options ➢ DH Diffie-Hellman ➢ DHE Ephemeral DH ➢ x/y generated each time ➢ perfect FW secrecy ➢ DSS Digital Signature Standard (DSA) ➢ RSA Rivest-Shamir-Adleman ➢ EC Elliptic Curve (shorter keys) ➢ TLS 1.0 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA1 ➢ TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA1 key exchange anonymousanonymous not anonymous server authentication only server and client authentication DH_anon RSA DH_DSS DH_RSA DHE_DSS DHE_RSA RSA DH_DSS DH_RSA DHE_DSS DHE_RSA TLS 1.0 man-in-the-middle ECDHE_ECDSA TLS 1.2
Current SSL & TLS usage ● Top 1 Million websites October 2014 – Removal of SSLv3 browsers support blocked – 96.9% still support SSLv3 – Only 34.2% support TLSv1.2 https://zmap.io/sslv3/#affected 41.21% 0.12% 24.02% 0.40% 34.24% Highest supported TLS Version HTTP Only SSLv3 TLS 1.0 TLS 1.1 TLS 1.2 No TLS support! citibank.com marketwatch.com clkmon.com inclk.com informer.com billdesk.com
Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication ● Network Security ● Conclusion
Conclusions ● Properties of protocols are subtle ● Many standardized protocols exist – ISO/IEC, IETF ● Difficulty: which properties are needed for a specific application ● Rule #1 of protocol design – DON'T – Not even by simplifying existing protocols
References ● A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997. – http://www.cacr.math.uwaterloo.ca/hac ● N. Smart, Cryptography, An Introduction: 3rd Ed, 2008. Solid and up to date but on the mathematical side. – http://www.cs.bris.ac.uk/~nigel/Crypto_Book ● Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano: The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. – IEEE Symposium on Security and Privacy 2012: 553-567
Q&A ● Thanks for your attention Email: bartvanbos@allbits.eu LinkedIn: http://lnkd.in/Kre-kR

Recommended

Cryptography - Simplified - Asymmetric Encryption
Cryptography - Simplified - Asymmetric EncryptionCryptography - Simplified - Asymmetric Encryption
Cryptography - Simplified - Asymmetric Encryption
Abdul Manaf Vellakodath
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
Jyothishmathi Institute of Technology and Science Karimnagar
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
Priyamvada Singh
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
aritraranjan
 
Kleptography
KleptographyKleptography
Kleptography
Erfan Mallick
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 

Recommended

Cryptography - Simplified - Asymmetric Encryption
Cryptography - Simplified - Asymmetric EncryptionCryptography - Simplified - Asymmetric Encryption
Cryptography - Simplified - Asymmetric Encryption
Abdul Manaf Vellakodath
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
Jyothishmathi Institute of Technology and Science Karimnagar
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
Priyamvada Singh
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
aritraranjan
 
Kleptography
KleptographyKleptography
Kleptography
Erfan Mallick
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
Enrico Zimuel
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
Vinayak Raja
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview
EL Bachir Nouni
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Cryptography
CryptographyCryptography
Cryptography
Deepak Kumar
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
Dharmalingam Ganesan
 
Let's play with crypto!
Let's play with crypto!Let's play with crypto!
Let's play with crypto!
Ange Albertini
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
Dharmalingam Ganesan
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOU
Yurii Bilyk
 
Hybrid encryption
Hybrid encryption Hybrid encryption
Hybrid encryption ranjit banshpal
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
Dharmalingam Ganesan
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
Dharmalingam Ganesan
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
Dharmalingam Ganesan
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
Dharmalingam Ganesan
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
Dharmalingam Ganesan
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
Indra97065
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
Information Security Awareness Group
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
Dharmalingam Ganesan
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Popescu Petre
 
Cryptography
CryptographyCryptography
Cryptography
Smruti Ranjan Sahoo
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 

More Related Content

What's hot

Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
Enrico Zimuel
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
Vinayak Raja
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview
EL Bachir Nouni
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Cryptography
CryptographyCryptography
Cryptography
Deepak Kumar
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
Dharmalingam Ganesan
 
Let's play with crypto!
Let's play with crypto!Let's play with crypto!
Let's play with crypto!
Ange Albertini
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
Dharmalingam Ganesan
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOU
Yurii Bilyk
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
Dharmalingam Ganesan
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
Dharmalingam Ganesan
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
Dharmalingam Ganesan
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
Dharmalingam Ganesan
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
Dharmalingam Ganesan
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
Indra97065
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
Information Security Awareness Group
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
Dharmalingam Ganesan
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Popescu Petre
 
Cryptography
CryptographyCryptography
Cryptography
Smruti Ranjan Sahoo
 

What's hot (20)

Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
 
Let's play with crypto!
Let's play with crypto!Let's play with crypto!
Let's play with crypto!
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOU
 
Hybrid encryption
Hybrid encryption Hybrid encryption
Hybrid encryption
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 

Similar to AllBits presentation - Security in Theory

Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
NYversity
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
CSNP
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
SherefHesham
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
Nagendra Um
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
tommychauhan
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
faizalkhan673954
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)
neonaveen
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
Ganesh Chavan
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
ShounakDas16
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
CH02-CompSec4e.pptx
CH02-CompSec4e.pptxCH02-CompSec4e.pptx
CH02-CompSec4e.pptx
ams1ams11
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Harry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
James Wong
 

Similar to AllBits presentation - Security in Theory (20)

Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key Cryptography
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
 
Cryptography101
Cryptography101Cryptography101
Cryptography101
 
CH02-CompSec4e.pptx
CH02-CompSec4e.pptxCH02-CompSec4e.pptx
CH02-CompSec4e.pptx
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 

Recently uploaded

Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 

Recently uploaded (20)

Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 

AllBits presentation - Security in Theory

  • 1. 29-01-2015 by Bart Van Bos - AllBits29-01-2015 by Bart Van Bos - AllBits Security in TheorySecurity in Theory Cryptography and Entity Authentication
  • 2. Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication ● Network Security ● Conclusion
  • 3. Security Terminology ● Definitions – Confidentiality - limit access to information – Authentication - confirming the truth of an attribute – Authorization - access control – Non-repudiation - unable to deny an action ● Don't use the word authentication without defining it Data Entities Confidentiality encryption anonymity Authentication data authentication identification
  • 4. Cryptology Basic Principles ● Alice – Bob – Eve clear text %^C&@&^( CRYPTO box clear text %^C&@&^( CRYPTO boxListen – Modify Alice Bob Eve
  • 5. Presentation Overview ● Introduction ● Cryptographic Algorithms – Symmetric algorithms – Public-key Cryptology ● Entity Authentication ● Network Security ● Conclusion
  • 6. Symmetric Encryption ● Confidentiality through encryption – Stream ciphers ● RC4 – 1987 by Ron Rivest (MIT) ● E0 (Bluetooth) or A5/1 (GSM) – Block ciphers ● DES and triple-DES ● AES ● Stream cipher – Plain text digits are combined with a pseudo random cipher digit stream (key stream) ● Block cipher – Fixed-length groups of bits, called blocks, with an unvarying transformation
  • 7. Stream cipher init state next state function output function IV K + init state next state function output function IV K + Plain textPlain text Cipher text looks random
  • 8. Stream cipher key stream ● For a fixed key K and initial value IV, the stream cipher output is a deterministic function of the state ● A repetition of the state (for a given K, IV) leads to a repetition of the key stream and plain text recovery ● Exhaustive key search (2014) – 240 instructions is easy, 260 is somewhat hard, 280 is hard, 2128 is completely infeasible – < 70 bits is insecure. 80 bits OK for 1 year. 100 bits for 20 years
  • 9. Block cipher plain block 1 plain block 2 plain block 3 cipher block 1 cipher block 2 cipher block 3 block cipher block cipher block cipher – Larger data units: 64... 128 bits – Memoryless – Repeat simple operation (round) many times
  • 10. AES Rijndael ● Advanced Encryption Standard – Open Competition launched by US government in 1997 to replace DES ● Joan Daemen and Vincent Rijmen ● Graduated a ESAT KUL – 128 bit block cipher with key of 128/192/256 bits – As strong as triple DES ● More efficient ● Royalty free
  • 11. Symmetric Data Hashing ● Data authentication through Hashing – A hash function is a one way function – Hash functions without a key ● MDC (Manipulation Detection Code) – MD5: collisions 230 steps – SHA-1: collisions 269 steps – SHA-3 (Keccak – BE 2013): collisions 2256 steps – Hash functions with a secret key ● MAC (Message Authentication Code)
  • 12. Data authentication with MDC ● Protect short hash value rather then long text ● Pre-image resistance – Give y, hard to find x, such that hash(x) = y – Hard to find x' ≠ x, such that hash(x') = hash(x) This is an input to a cryptographic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are additional security conditions: it should be very hard to find an input hashing to a given value (a pre-image) or to find two colliding inputs (a collision). 7E6FD7198A198FB3C HASH ● (MD5) ● (SHA-1)/256/512 ● RIPEMD-60 ● SHA-3 (BE design)
  • 13. MAC Algorithms ● Alice – Bob – Eve clear text clear text MAC clear text clear text VERIFYModify Alice Bob Eve
  • 14. Data authentication with MAC ● Protection of authenticity of long messages => protection of secrecy of short key ● Add MAC to the plain text ● Birthday attacks: security level smaller < expected This is an input to a MAC algorithm. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are additional security conditions: it should be very hard for someone who does not know the secret key to compute the hash function on a new input. 7E6FD7198A198FB3C HASH ● CBC-MAC (3DES) ● HMAC (AES) ● GMAC
  • 15. Cipher Block Chaining MAC ● MAC algorithms – Banking: CBC-MAC based on triple DES – Internet: HMAC and CBC-MAC based on AES – Initial Vector should be random and secret AES + K plain block 1 cipher block 1 AES + K plain block 1 cipher block 1 AES + K plain block 2 cipher block 2 AES + K plain block n cipher block n ... IV MAC
  • 16. Presentation Overview ● Introduction ● Cryptographic Algorithms – Symmetric algorithms – Public-key cryptology ● Entity Authentication ● Network Security ● Conclusion
  • 17. Why Public-key Cryptology? ● Limitation of symmetric cryptology – Reduce security of information to security of keys – But how to establish these secret keys? ● Cumbersome and expensive ● Risky: all keys in one place – Do we really need to establish secret keys?
  • 18. Public Key Encryption clear text %^C&@&^( CRYPTO box clear text %^C&@&^( CRYPTO boxListen Alice Bob Eve Public key Private key ● Public key cryptology: encryption
  • 19. Public Key Digital signatures ● Public key cryptology: digital signature clear text %^C&@&^( CRYPTO box clear text %^C&@&^( CRYPTO boxModify Alice Bob Eve Private key Public key
  • 20. Key transport using RSA ● RSA protocol (1978 - Rivest, Shamir and Adleman) – The security of RSA is based on the fact that it is easy to generate two large primes, but that it is hard to factor their product ● encryption: c = me mod(n) ● decryption: m = cd mod(n) – How does Bob know that k is coming from Alice? ● In reality as Alice you'll use a password or credit card number to identify yourself to Amazon – What happens if private server key SKB is leaked or requested by the NSA or hackers? All historical data can be read → no forward secrecy! generate k encrypt with PKB sign with SKA decrypt using SKB to obtain k verify using PKA SigSKA {EPKB (k || tA )}
  • 21. Key transport using STS ● Station to Station (STS) protocol – Diffie-Hellman: first published in 1976 – Before: Alice & Bob never met and share no secrets – After: Alice & Bob share short term key k ● Eve cannot compute k (discrete logarithm problem) ● Provides perfect forward secrecy generate x compute αx compute k = (αy )x √ SigB generate y compute αy compute k = (αx )y √ SigA αx αy SigA(αx ,αy ) SigB(αy ,αx )
  • 22. Public key cryptology ● Advantages – Protection of information => authenticity of public keys – Confidentiality without secret keys: open environment – Data authentication without shared secret keys: digital signature ● Disadvantages – Calculation in HW/SW is 2 to 3 orders of magnitude slower than symmetric algorithms – Longer keys: 1024 bits iso 56 ... 128
  • 23. Cryptographic SW Libraries C, C++, C# Java ● Botan (C++) ● Cryptlib (C) ● Crypto++ (C++) ● CyaSSL (C) embedded ● GnuTLS (C) ● Libgcrypt (C++) ● MatrixSSL (C++) embedded ● Miracl (binaries) ● OpenSSL (C++) ● PolarSSL (C) ● SunJCA/JCE ● BouncyCastle (BC, C#) ● CryptixCrypto ● EspreSSL ● FlexiProvider ● GNU Crypto ● IAIK ● Java SSL ● RSA JSafe Reference: http://ece.gmu.edu/crypto_resources/web_resources/libraries.htm
  • 24. Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication – Passwords – Symmetric Keys – Public Keys ● Network Security ● Conclusion
  • 25. Entity Authentication ● Entity Authentication - one is corroborated of the identity of another party and of the fact that this party is alive (active) during the protocol Why should I believe her? Hello Bob, I am Alice
  • 26. Entity Authentication Elements ● What someone knows – Password, PIN code ● What someone has – Magnetic stripe card, smart card ● What someone is (biometrics) – Fingerprint, retina, hand shape... ● How someone does something – Manual signature, typing pattern ● Where someone is – Dial back, location based services (GSM, Galileo) Xur%9pLr
  • 27. Password identification ● Bob stores hash(P) rather then P ● Eve can guess the password P ● Eve can eavesdrop the channel and learn Alice's password OK! Hello Bob, I am Alice. My password P is Xur%9pLr One-way hash P f(P) Alice f(Xur%9pLr)
  • 28. Password identification ● Every user a random publicly known salt S. ● Bob stores hash(P,S)||S rather then P ● It's harder to attack the passwords of all users simultaneously OK! Hello Bob, I am Alice. My password P is Xur%9pLr One-way hash P f(P || S) Alice f(Xur%9pLr || 987&*) || 987&*) S
  • 29. Human memory is limited ● Store key K on magnetic stripe, USB keys or hard disk ● Stops guessing attacks ● But does not solve the other problems related to password ● And you identify the card, not the user ● Possibility of replay: liveliness is missing
  • 30. Static Data Authentication ● Replace K by a signature of a third party CA (Certificate Authority) on Alice's name SigSKCA(Alice) ● Advantages – Can be verified using public string PKCA – Can only be generated by CA ● Disadvantages – Possibility of replay due to liveliness is missing – Can still be copied/intercepted – Signature = 40...128 bytes DN: cn= Alice, o=KBC, c=BE Serial #: 8391037 Start: 3/02/13 1:00 End: 3/02/14 00:59 CRL: cn=BCC, o=EMV, c=BE CA DN: o=EMV, c=BE
  • 31. Identification symmetric token ● Challenge response protocol – Eavesdropping no longer effective – Bob still needs to have the secret key K – Detects whether Alice is alive! OK! MACK (r) random number r K K
  • 32. Identification symmetric token ● With implicit challenge from clock – Eavesdropping no longer effective (no challenge) – Bob still needs to have the secret key K – Resynchronization mechanism needed OK! MACK (time) K K http://allthingsd.com/20110404/rsa-explains-how-it-was-hacked http://www.computerworld.com/article/2511297/security0/diginotar-dies-from-certificate-hack-caper.html
  • 33. Identification public key token ● Use private key to sign the challenge r ● Eavesdropping no longer effective ● Bob no longer needs a secret – only PKA ● Most expensive (€ and time) OK! SigSKA (r) random number r SKA PKA
  • 34. Overview Identification Protocols Guess Eavesdrop (liveliness) Impersonation by Bob Secret info for Bob Security Password - - - - 1 Magnetic stripe (SK) + - - - 2 Magnetic stripe (PK) + - - + 3 Dynamic PW + + - - 4 Smart Card (SK) + + - - 4 Smart Card (PK) + + + + 5
  • 35. Entity authentication in practice ● Phishing – mutual authentication ● 2 stage authentication user → device, device → world ● Forward credentials – biometry ● Interrupt after initial authentication – authenticated key establishment (session key to encrypt data) ● Mafia fraud – distance bounding ● Protocol errors – check that local device authentication is linked to entity authentication protocol https://www.youtube.com/watch?v=JPAX32lgkrw http://www.cl.cam.ac.uk/research/security/banking/nopin
  • 36. Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication ● Network Security – Transport Layer Security (SSL/TLS) ● Conclusion
  • 37. Transport Layer Security ● Connection-oriented data confidentiality and integrity, with optional client and server authentication TCP SSL TCP SSL https://http:// HTTP HTTP over SSL browser 4 - Transport 3 - Network 2 – Data Link 1 - Physical 5 - Session 6 - Presentation 7 - Application SSL Secure Sockets Layer (Netscape) TLS Transport Layer Security (IETF) secure web server SSL 1.0 N/A SSL 2.0 1995 SSL 3.0 1996 TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 TBD
  • 38. TLS Protocol Details ● A new record layer is inserted ● Handshake – Negotiation of Crypto Algorithms – Client/Server Authentication – Cryptographic Key Establishment ● Encryption (1st) ● MAC (2nd) – Key confirmation Application (http, telnet...) Transport Layer (TCP) Record Layer Protocol Handshake protocol Cipher Spec protocol Application protocol Client Hello Server Hello Application Data Data SSL Record Change Cipher Spec
  • 39. TLS Handshake Overview ✔ start handshake, protocol version, algorithms ✔ authentication server + exchange (pre)master secret ✔ client authentication ✔ end handshake, integrity verification (*) Hello Request Server Hello Certificate Server Key Exchange Certificate Request Server Hello Done [change cipher spec] Finished Client Hello Certificate Client Key Exchange Certificate Verify [change cipher spec] Finished CLIENT SERVER MAC* MAC*
  • 40. Data encapsulation options ● Integrity ● Confidentiality key size 144 160 256 algorithm HMAC-MD5 HMAC-SHA1 HMAC-SHA256 key size 40 56 128 168 256 algorithm options RC4_40 RC2_CBC_40 DES_CBC_40 DES_CBC RC4 IDEA_CBC AES_CBC 3DES_EDE_CBC AES_CBC TLS 1.2 TLS 1.0 – http://tools.ietf.org/html/rfc2246 TLS 1.2 – http://tools.ietf.org/html/rfc5246
  • 41. TLS Key Management Options ➢ DH Diffie-Hellman ➢ DHE Ephemeral DH ➢ x/y generated each time ➢ perfect FW secrecy ➢ DSS Digital Signature Standard (DSA) ➢ RSA Rivest-Shamir-Adleman ➢ EC Elliptic Curve (shorter keys) ➢ TLS 1.0 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA1 ➢ TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA1 key exchange anonymousanonymous not anonymous server authentication only server and client authentication DH_anon RSA DH_DSS DH_RSA DHE_DSS DHE_RSA RSA DH_DSS DH_RSA DHE_DSS DHE_RSA TLS 1.0 man-in-the-middle ECDHE_ECDSA TLS 1.2
  • 42. Current SSL & TLS usage ● Top 1 Million websites October 2014 – Removal of SSLv3 browsers support blocked – 96.9% still support SSLv3 – Only 34.2% support TLSv1.2 https://zmap.io/sslv3/#affected 41.21% 0.12% 24.02% 0.40% 34.24% Highest supported TLS Version HTTP Only SSLv3 TLS 1.0 TLS 1.1 TLS 1.2 No TLS support! citibank.com marketwatch.com clkmon.com inclk.com informer.com billdesk.com
  • 43. Presentation Overview ● Introduction ● Cryptographic Algorithms ● Entity Authentication ● Network Security ● Conclusion
  • 44. Conclusions ● Properties of protocols are subtle ● Many standardized protocols exist – ISO/IEC, IETF ● Difficulty: which properties are needed for a specific application ● Rule #1 of protocol design – DON'T – Not even by simplifying existing protocols
  • 45. References ● A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997. – http://www.cacr.math.uwaterloo.ca/hac ● N. Smart, Cryptography, An Introduction: 3rd Ed, 2008. Solid and up to date but on the mathematical side. – http://www.cs.bris.ac.uk/~nigel/Crypto_Book ● Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano: The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. – IEEE Symposium on Security and Privacy 2012: 553-567
  • 46. Q&A ● Thanks for your attention Email: bartvanbos@allbits.eu LinkedIn: http://lnkd.in/Kre-kR