Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
We use it every day and we rely on it. But what are the roots of cryptography? How were, for example, the ancient Greeks able to protect information from their enemies? In this talk we will go through 5500 years of developing encryption technologies and look at how these work.
From the Un-Distinguished Lecture Series (http://ws.cs.ubc.ca/~udls/). The talk was given Mar. 23, 2007
Security Concepts: Introduction, The need for security, Security approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A model for Network Security Cryptography Concepts and Techniques: Introduction, plain text and cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and asymmetric key cryptography, steganography, key range and key size, possible types of attacks
Key management: Introduction, How public key distribution done, Diffie Hellman Key Exchage Algorithm,Digital Certificate. Key Management using Digital certificate is done etc. wireshark screenshot showing digital cetificate.
Senior Network Analyst Warren Finch discussed the use of web-based crypto miners and how the crypto miners could be used maliciously for crypto jacking at PacNOG 23 in the Marshall Islands from 3 to 7 December 2018.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the ElGamal Cryptosystem.
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
We use it every day and we rely on it. But what are the roots of cryptography? How were, for example, the ancient Greeks able to protect information from their enemies? In this talk we will go through 5500 years of developing encryption technologies and look at how these work.
From the Un-Distinguished Lecture Series (http://ws.cs.ubc.ca/~udls/). The talk was given Mar. 23, 2007
Security Concepts: Introduction, The need for security, Security approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A model for Network Security Cryptography Concepts and Techniques: Introduction, plain text and cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and asymmetric key cryptography, steganography, key range and key size, possible types of attacks
Key management: Introduction, How public key distribution done, Diffie Hellman Key Exchage Algorithm,Digital Certificate. Key Management using Digital certificate is done etc. wireshark screenshot showing digital cetificate.
Senior Network Analyst Warren Finch discussed the use of web-based crypto miners and how the crypto miners could be used maliciously for crypto jacking at PacNOG 23 in the Marshall Islands from 3 to 7 December 2018.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the ElGamal Cryptosystem.
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
There is great research in the field of data security these days. Storing information digitally in the cloud and transferring it over the internet proposes risks of disclosure and unauthorized access, thus users, organizations and businesses are adapting new technology and methods to protect their data from breaches. In this paper, we introduce a method to provide higher security for data transferred over the internet, or information based in the cloud. The introduced method for the most part depends on the Advanced Encryption Standard (AES) algorithm. Which is currently the standard for secret key encryption. A standardized version of the algorithm was used by The Federal Information Processing Standard 197 called Rijndael for the Advanced Encryption Standard. The AES algorithm processes data through a combination of Exclusive-OR operations (XOR), octet substitution with an S-box, row and column rotations, and a MixColumn operations. The fact that the algorithm could be easily implemented and run on a regular computer in a reasonable amount of time made it highly favorable and successful.
In this paper, the proposed method provides a new dimension of security to the AES algorithm by securing the key itself such that even when the key is disclosed, the text cannot be deciphered. This is done by enciphering the key using Output Feedback Block Mode Operation. This introduces a new level of security to the key in a way in which deciphering the data requires prior knowledge of the key and the algorithm used to encipher the key for the purpose of deciphering the transferred text.
Keywords: Keywords: Keywords: Keywords: Keywords: Keywords: Keywords:
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
Information And Data Security Pseudorandom Number Generation and Stream Cipher seminar
Mustansiriya University
Department of Education
Computer Science
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
A brief overview of historical cryptography, moving into modern methods and a few How-To examples for PHP.
Talk given to @phpbelfast PHP User Group - Feb 2014 by @faffyman
In cryptography, a one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random ...
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. Menu
Can't explain the whole cryptography here
Let's try to explain how it works
Simply
Let's see then some concrete examples
Among so many other fields of application...
3. Menu
Cryptography main rule
Vernam One Time Pad (OTP)
Computer applications
Problems
Solutions
Symetric computer-based cryptography
PRNG & LFSR
Designing a stream cipher using PHP and C
Applications :
DVD-Blu-Ray encryption (CSS / AACS)
Wifi (WEP : RC4)
GSM (A5/1)
4. About me
Julien PAULI - @julienpauli - github.com/jpauli
Working for Sensiolabs in Paris
Release manager of PHP 5.5 / 5.6
PHP internals contributor from time to time (bug fixes,
internal API, performances)
Knowledges about CPU architectures, C lang, Linux and
networking
5. Vernam OTP (One Time Password)
The only method of encryption that is mathematically
absolutely 100% sure and uncrackable
6. Vernam OTP
The only method of encryption that is mathematically
absolutely 100% sure and uncrackable
Hello foo
secretkey
?????????
clear
key
encrypted
+
7. Vernam OTP
You modulo-add clear text + a key, randomly chosen and of
the same size (or more) than the clear text
The operation is fully bijective and can be undone , just like
a classical math addition
3 + 8 = 11
11 - 8 = 3
8. Vernam OTP
3 + 8 = 11
11 ??? = ???
clear + key = encrypted
This cryptography method is the only one being 100% safe
and not violable.
If you get the crypted content only, you'll never be able to
get back the clear text, without having the key
10. Vernam conditions
Vernam OTP is 100% sure if and only if :
The key is random and cant be guessed
The key is kept secret
The key size is >= to the clear content size
The key is never reused (One Time Password : OTP)
The same key is used to encrypt and decrypt
This is called symetric encryption
12. Vernam
Used during WW II
Enigma
Used in red phone
To link Moscow to Washington
Keys (physical) were carried using extra safe planes
13. In computer science
Machines make use of basis 2 (binary)
"modulo 2 addition" is called XOR (exclusive OR)
Noted or ^
A B A ^ B
0 0 0
0 1 1
1 0 1
1 1 0
14. XOR for cryptography
XOR satisfies Vernam OTP conditions
Having A a clear text
Having B a secret key
Crypted C = A ^ B
Clear A = C ^ B
Symetric cryptography using
key C
15. Vernam in computer sciences
Vernam based cryptography is inviolable if :
The key is kept secret
The key size is >= the clear size
The key is random
The key is never reused
Those 4 rules seem hard to achieve in modern computers world
17. The key is secret
It is possible, while not best, to exchange the key securely
Hand to hand
"What's the wifi password please ?"
Usually, asymetric cryptography is used to create a secure
channel to exchange the symetric crypto key
18. And then ?
Vernam based cryptography is inviolable if :
The key is kept secret
The key size is >= the clear size
The key is random
The key is not used more than once
20. Key size
To crypt 25Mb of data , one will need a 25Mb key
that's 26214400 characters
How to do to use a "reasonnably finite-size" key ?
Think about Wifi keys, often long sized, but not that long of
thousands of thousands of chars
22. LFSR
Linear Feedback Shift Register
Solution chosen to solve the problem "The key size must be
>= the clear size to crypt"
How does that work ?
23. LFSR
Linear Feedback Shift Register
Computer and electronic structure
Easy to code in computer language
Easy to make into electronic chips
Very powerful, very fast
24. One byte : 8 digits (bits)
2^7 + 2^5 + 2^2 + 2^1 + 2^0 = 167 (decimal)
In computer science, 1 byte = 1 character (like 'f')
or one integer between 0 and 255 if you prefer
Let's take one byte from the secret key
1 01 10 1101
7 6 5 4 3 2 1 0
25. LFSR
1 01 10 1101
Shift register. At each clock tick ...
Shift digits one slot to the right
Reinject the right-out digit to the left
We got an infinite source of digits
This is a circular shift
Extracted digit used to crypt
one digit of the payload (using
XOR)
26. LFSR
1 01 10 1101
Shift register
Shift to the right
Reinject on the left
We got an infinite number of digits but ...
We got a finite digit sequence (repeating itself)
1 10 11 1001
1 01 11 0011
1 11 01 0101
1-
2-
3-
4-
27. LFSR
1 01 10 1101
Shift register
We got an infinite digit sequence
But not random
The feedback function is 1
1 10 11 1001
1 01 11 0011
1 11 01 0101
. ..
1-
2-
3-
4-
. . .
28. Where are we ?
Vernam based cryptography is inviolable if :
The key is secret
The key size is >= the clear size
The key is random
The key is never reused
29. LFSR
1 01 10 1101
The sequence is going to repeat itself
How to add it some randomness ?
1 10 11 1001
1 01 11 0011
1 11 01 0101
. ..
1-
2-
3-
4-
30. LFSR
1 01 10 1101
It's all about the feedback function
Let's complexify the feedback function
33. LFSR vs Maths
1 01 10 1101
This can be mathematically modelized :
S = X^8 + X^7 + X^6 + X^5 + 1
This is a classic polynom , that can be solved
34. m-sequence LFSR
1 01 10 1101
As the output is injected back into the input, this LFSR will
generate a finite number of states
The maximum sequence is 2^n - 1
"n" is the LFSR degree (number of digits)
This maximum sequence is called the "m-sequence"
In the above example, n is 8, the LFSR will have a maximum
period of 255 states
35. m-sequence LFSR
1 01 10 1101
To get an m-sequence
The number of feedback digits must be odd
Their factors must be prime between them
S = X^8 + X^7 + X^6 + X^5 + 1
Works, this LFSR will have a m-sequence (255 states)
S = X^8 + 1
Doesn't work, this LFSR will repeat before 255 states
36. m-sequence LFSR
1 01 10 1101
If we extend LFSR to 32 digits, max period becomes 2^32 - 1
That's 4294967295 different states
Randomness slowly becomes more and more appearingly clear
With 32 digits (4 bytes or 4 secret key chars) we can
encrypt 4294967295 digits, thus 512Mb.
Above that : the key repeats itself (and invalidates Vernam
conditions)
37. LFSR example coded in PHP
https://github.com/jpauli/PHP-Crypto
**Simple Galois LFSR, degree 7 (127 states m-sequence)**
Used register bits for feedback : 7 6
Deducted Feedback function : 1100000 (0X60)
Your initial state is : 00000000000000000000001110001100 (908)
Let's now start the Linear Feedback Shift Register
[Iteration] [-------Internal Register -------] [PRandom bit]
| | |
v v v
0 - 00000000000000000000001110001100 [ 0 ]
1 - 00000000000000000000000111000110 [ 0 ]
2 - 00000000000000000000000011100011 [ 1 ]
3 - 00000000000000000000000000010001 [ 1 ]
4 - 00000000000000000000000001101000 [ 0 ]
38. LFSR example coded in PHP
for ($i = 0; $i < count(self::POLYNOMIAL_PRIME_COEFF[$this->degree]); $i++)
$this->taps[ ] = self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i];
$this->ff |= (1 << self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]);
}
/* LFSR always has first and last bit set */
$this->ff |= 1 << ($this->degree);
$this->ff |=1;
do {
$this->iterations++;
$this->currentState >>= 1; /* Shift register */
yield $this->iterations => $this->currentState;
if ($this->currentState & 1) {
$this->currentState ^= $this->ff; /* re-enter */
}
} while ($this->currentState != $this->start);
39. Encryption with a LFSR ?
Pretty easy
Initialize LFSR with the secret key
Encrypt each clear digit with one digit generated from the LFSR
using XOR operation
This is called a stream cipher
(bloc ciphers also exist)
41. Generating a random byte using an LFSR
function getRandomByte(LFSR $lfsr) : int
{
$random = 0;
$run = $lfsr->run();
for ($j=0; $j<8; $j++) {
$random |= $lfsr->getCurrentBit() << $j;
$run->next();
}
return $random;
}
42. Ciphering clear data with the random byte
function cipher(string $input) : string
{
$dataSize = strlen($input);
$i = 0;
$output = '';
$lfsr = new LFSR($this->degree, $this->seed);
do {
$random = $this->getRandomByte($lfsr);
$data = unpack('C', $input[$i]);
$output .= pack('C', $outputByte = $data[1] ^ $random);
} while (++$i < $dataSize);
return $output;
}
Yeah !
43. Where are we ?
Vernam based cryptography is inviolable if :
The key is secret
The key size is >= the clear size
The key is random
The key is not reused
44. Stream ciphers can be secure if
The key is secret
The feedback digits are kept secret
The period is big enough (m-sequence) to never loop
The attacker cannot access the input stream
If the attacker can inject some data into the clear input, a linear
equation system can be used to crack the LFSR and deduce the
key
This, with only 2n states
"Berlekamp-Massey attack"
45. Having a good initialisation
Randomness will depend on how the key is used to initialize
the LFSR in the stream cipher
The key is used to define the starting state of the LFSR
It can also be used to choose the feedback digits
The key is usually mixed with an initialization vector (IV),
which is some piece of random bytes.
Thus, with the same key , the same LFSR will produce
different output
46. Hacking the encryption process
If the LFSR starts looping, its going to produce the same
output (repeat itself) and thus doesn't satisfy Vernam
conditions anymore
If the attacker can inject some input, he can use Berlekamp-
Massey attack to crack the LFSR key and states
49. Strengthen the encryption
Having several LFSR working together :
The loop is still linear
Thus can be cracked in polynomial time by injecting some traffic into the
input
N-degree linear equation system
We push the time limit, only
51. Examples
Content Scrambling System (CSS)
DVD protection mechanism (from 1995)
Cracked in 1999 by hacking the LFSRs
Keys are cracked by injecting some input, watching the output and
cracking the polynoms
DECSS is born, and movie piracy with it
Back then, less than 18 seconds were needed to a Pentium 3
@ 450Mhz to hack the LFSRs
53. DECSS
CSS keys are secret and distributed by DVDCCA to DVD-
reader manufacturers
Keys are stored into the hardware (or soft for PC softwares)
Each device needs a key, this is costly
http://www.dvdcca.org/css.aspx
Hence, free world and Linux were forgotten from DVDCCA
The open/free world answered by cracking CSS
Lawsuits happened
Technical analysis of CSS :
http://www.lemuria.org/DeCSS/crypto.gq.nu/
54. CSS and VLC
Since, DECSS code is embeded into VLC
In libdvdcss
http://git.videolan.org/?p=libdvdcss.git;a=blob;f=src/css.c;
This code is the algorithm to hack CSS protected DVDs, to
read them under Linux
Hacking the LFSRs and the keys
Otherwise the stream is crypted and unreadable
55. LFSR cant be cryptographically secure, but we can still push
the limits of the time needed to crack it
Time should be > brute force attack
If output is a linear function of the input, then it can be
cracked
https://en.wikipedia.org/wiki/Correlation_attack
We need to have the output not being a linear function of
the input.
Use a non-linear reentrancy function
NLFSR
Use a non-linear shift
Strengthen the encryption
57. Notes about Trivium
3 LFSR
A : 93 digits
B : 84 digits
C : 111 digits
On LFSR input depends on an other's output and one of its
own digit
Period 2^64
Some of the output makes use of an AND
AND is a modulo-2 multiplication
Thus cryptanalysis of the output cant crack the LFSR in linear time
anymore
58. Using Trivium
80 digits IV
loaded in the A LFSR left digits
secret key of 80 digits as well
loaded in the B LFSR left digits
All other digits are zeroed.
We shuffle 1152 round times.
Starting from 1153th time : we got our stream
59. Cracking Trivium
Today, no efficient attack has been discovered
We found algos in 2^68
Thus above brute force (2^64) , thus useless
As of today 2018, Trivium is recommanded by security
experts
61. A5/1
A5/1 makes use of 3 LFSR
19 / 22 / 23 digits
Introduces a non-linear shift :
LFSR are shifted only if it is in the MAJ(1,2,3) set
62. A5/1
A5/1 is used to crypt GSM communications
It took about 10 years, but today A5/1 is broken
In an acceptable time
Under acceptable computing hardware (CPU/Mem)
Often still needs some specific hardware
Some flaws were found in the GSM protocols that weaken A5/1
and allow an attack
63. RC4
Rivest Cipher 4 don't use LFSR, but still can be used as a
pseudo random generator
The big picture of RC4 :
Byte based (unit is byte, not digit)
Works on a 256 bytes payload
Uses many permutations and one XOR only
Huge period, about 10^100
Depending on the key used
Max theoric period is : 2^170000
64. RC4
We put 256 bytes into an array
We shuffle the array by adding bytes and swapping them
We get one byte from the array at indexes i and j
We shuffle 2 array slots, then i and j
66. RC4 , demo in PHP and C
https://github.com/jpauli/PHP-Crypto
67. RC4 is cracked
As its been massively used since its creation (1987), RC4
has been cracked
Today, it is cracked. Flaws have been discovered
The first bytes leak some informations about the key
KSA (Key Scheduling Algo) is too weak
RC4 doesnt define how to use the IV
So weak usage started to appear (concatenation of IV with the key)
algo has some weaknesses
You can recognize RC4 from a P-random output stream
68. RC4 in practice
RC4 was used in 802.11 WEP (Wired Equivalent Privacy).
WEP is very weak :
Ability to inject some trafic in input, and watch the output, thus
hijacking the internal state of RC4
Control checksum are weak (CRC32 : which is linear)
Reusage of the key (overflow of the stream cipher period)
70. Memorize
We talked about stream ciphers
There exists block ciphers
DES/AES/BlowFish/RC5
Every cipher uses the only 100% cryptographically secure
Vernam one-time pad
A secret key
A key length >= the clear length
A modulo-2 addition (XOR in radix 2)
71. Memorize
100% cryptographically secure Vernam one-time pad
A secret key
A key length >= the clear length
A modulo-2 addition (XOR in radix 2)
... is difficult to gather in computer world
We then use compromises : LFSR f.e
From XOR operations, we try to push the limits so far that it goes
over brute force time
But cryptanalysers often use high level math tools to try to hack such
systems
Daniel J Bernstein should be the most known engineer about cryptanalysis
72. Crypto using PHP ?
Don't use ext/mcrypt
Old, unmaintained, bugged and unsecure
Don't use mt_*() or rand() for crypto purposes
Use ext/hash if you need to hash
Use ext/sodium if you need to crypt
2018 crypto. secured stream ciphers :
trivium / salsa20 ...
Have a look at the "estream" project
http://www.ecrypt.eu.org/stream/