SlideShare a Scribd company logo

Introduction to security_and_crypto

Download as PPTX, PDF
J
James Wong

This document provides an overview of security and cryptography topics including: - The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them. - Symmetric cryptography algorithms like DES, Triple DES, and AES as well as modes of operation like CBC. - Asymmetric cryptography concepts like public/private key pairs, digital signatures, and how RSA works. - Other cryptographic tools like hash functions, message authentication codes, and key exchange methods like Diffie-Hellman. - The role of public key infrastructure and certificates in authenticating public keys. - Attacks on cryptographic algorithms and their implementations are also briefly discussed.

Technology
1 of 43
Introduction to Security and Crypto
Agenda Basics of security Basics of cryptography  Symmetric Crypto  DES example, block chaining  Key exchange, Asymetric Crypto  RSA example Public Key Infrastructure Trust Provisionning  Attacks and how to cope with it  Attacks on Algorithms  Attacks on Implementations  Attacks on Protocols  Two Examples  A7 FS-application Trust provisioning + Offline Authentication TLS and support of A70CM 2
Embedded NFC 3 Basics of Security
Security Goals Confidentiality: Eavesdropping possible? At 10 at my place Alice At 10 at my place Anneliese Authenticity: Sender correct? Mon, at 10 at my place. Alice Tue, at 10 at my place. Alice Integrity: Message modified? Alice Non-Repudiation: Message signed? But also: Availability (i.e.: preventing denial of service), Privacy (personal data towards merchant or third parties) 4
Security Goals and Algorithms Confidentiality: Symmetric Crypto Authenticity: Asymmetric Crypto / Signature / Hash Integrity: Hash / Signature / MAC Non-repudiation: Hash / Signature Symmetric Crypto DES, Triple-DES, AES Asymmetric Crypto RSA, ECC Hash SHA Signature Hash + Asymmetric Crypto MAC Hash / Symmetric Crypto 5
There is no such thing as „perfect security“ There is no such thing as “perfect security” – A secure system makes an attack more expensive than the value of the advantage gained by the attacker. 6
Attacks & Principles Kerckhoffs’ principle: The attacker always knows the algorithm; the only information unknown to him/her is the key. Brute force attack – Exhaustive search over all keys – Single plaintext-ciphertext-pair may be enough to determine the correct key – Cannot be avoided – Goal: Make it practically infeasible, i.e. key space is so large that the search takes more than a lifetime Side Channel Attacks: – Even if a cryptographic algorithm offers high level of security, its implementation may still leak information about secrets or keys: timing behavior, current consumption, electromagnetic radiation etc establish so called side channels for secret information. There is no such thing as “perfect security” – A secure system makes an attack more expensive than the value of the advantage gained by the attacker.
There is no such thing as „perfect security“
Embedded NFC 9 Basics of Cryptography Symmetric Crypto
Symmetric Encryption PlaintextPlaintext Encryption DES Triple-DES AES Decryption DES-1 Triple-DES-1 AES-1 Ciphertext Key Key  Confidentiality: Eavesdropping not easily possible 10
1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources A bit of history… The Caesar cipher
1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources Block Ciphers DES Block Chaining
Symmetric Encryption : DES
Symmetric block ciphers: DES and AES Plaintext is divided into blocks m1, m2, ... of the same length Every block is encrypted under the same key. Typical block lengths: DES – 64 bit, AES – 128 bit Typical key lengths: DES – 56 bit; AES – 128, 192, 256 bit Algorithm Block c2 Block c1Block m4 Block m3 14
DES - Data Encryption Standard Most important example for Feistel ciphers (ie: same operations to encrypt and decrypt) Published in 1977 as a standard for the American governmental institutions Significant weakness: 56 bit key is too short 1999 Deep Crack: 100.000 PCs computed key within 22 hours and 15 minutes Input 64 bit Output 64 bit Permutation IP –1 round i round 16 Round key i Round key 16 Key 56 bit Permutation IP R16 F K16 F K1 L0 R0 L1 R1 L15 R15 L16 R16 15
Modes of Operation Algorithm Block c2 Block c1Block m4 Block m3 Modes of Operation – How to ensure that the ordering of blocks is not changed by an attacker? – Dependencies between encrypted blocks: Cipher Block Chaining (CBC)
Problems of block encryption m1 c1 m2 c2 m3 c3 (3)DES Enciphering (3)DES Enciphering (3)DES Enciphering Electronic Code Book Mode: Identical blocks are identically encrypted. ECB-Example: 17
CBC Mode Cipher Block Chaining Mode: Identical blocks are differently encrypted. CBC-Example: m1 c1 m2 c2 m3 c3 (3)DES Enciphering (3)DES Enciphering (3)DES Enciphering IV 18
Triple-DES Triple-DES = triple encryption using DES with two or three external keys: DES(k1, DES-1(k2, DES(k1,m))) 1. Question: Why is the decryption DES-1 in the middle? Compatibility: When implementing Triple-DES and choosing k1 = k2, then one gets the single DES. Therefore, only one algorithm needs to be implemented to get Triple-DES and single DES. 2. Question: Why is not Double-DES used instead of Triple-DES? Meet-in-the-middle attack! Security comparison – Two keys – NIST estimation: effectively 80 bits – Three keys – NIST estimation: effectively 112 bits 19
AES – Scheme AES is standardized for key lengths of 128 bit, 192 bit, 256 bit, and block size of 128 bit. The number of rounds depends on key length used: 10 up to 14 Round Function: 20 plaintext Round key 0 Round 1 (round key 1) Round 2 (round key 2) Round n (round key n) ciphertext ByteSub ShiftRow MixColumn AddRoundKey
Security Goals and Algorithms; HASH Function Confidentiality: Symmetric Crypto Authentication: Asymmetric Crypto / Signature / Hash Integrity: Hash / Signature / MAC Non-repudiation: Hash / Signature Symmetric Crypto DES, Triple-DES, AES Asymmetric Crypto RSA, ECC Hash SHA Signature Hash + Asymmetric Crypto MAC Hash / Symmetric Crypto
Hashfunctions Analogy: digital fingerprints Compression: Data of arbitrary length is mapped to n bits. (Typical values: 128/160 bits) Cryptographic properties Preimage of a hash is hard to find. Two data elements with the same hash value are hard to find (Collisions). Data Hash
Hashfunctions Compression: Data of arbitrary length is mapped to n bits. Preimage of a hash is hard to find. One-wayness: Given h(m) finding m is infeasible. Two data elements with the same hash value are hard to find (Collisions). Collision resistance: It is infeasible to find m and m‘ which are mapped to the same value. (birthday paradox; output should be at least 160 bits) m m' m m' m h(m)
Secure Hash Algorithm (SHA) First version: SHA-0 (160 bit output) in early 90s SHA-1 only a minor change to SHA-0 Chinese Research Group attacked SHA-1: – On collision resistance only expected effort: 280, real effort 263 (Birthday paradox) – Applicability highly depends on application SHA-224,256,512 etc … xxx giving the length of output SHA-3 in review and selection process
Message Authentication Codes: MAC, HASH At 10 at my place Alice At 10 at my place Anneliese The active attacker: Who is the origin of a message? Authentication verifies MAC = HK(m) ? K m, MAC computes MAC = HK(m) K Message Authentication Code (“symmetric signature”) A authenticates her message by computing a tag MAC and sends it together with the message to B. B can verify this tag by re-computing it and check whether the two results match. The function H can be either a hash function (SHA, MD5), or a symetric block cipher based on DES or AES (CMAC,…).  Integrity: Message can’t be easily modified 25 m,
1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources Key Exchange Asymmetric Crypto
What about the Keys? Alice and Bob need to share the same key. How to share it securely? Pre distribution? (ie: keys exchanges in a “secure environment”) – Trust provisionning (see later) Secured Key Exchange – Diffie Hellman and asymetric cryptography 27
Diffie Hellmann Key Exchange Private “keys” Public “keys” 28
Asymmetric Crypto: The Idea PlaintextPlaintext Encryption RSA ECC Decryption RSA ECC Ciphertext Bob‘s Public Key Bob‘s Private Key 29
Asymmetric Crypto: Signatures Plaintext verifiedPlaintext, Hash Signature Generation (Decryption) RSA ECC Signature Verification (Encryption and Compare with Hash) RSA ECC Plaintext, Hash, Signature Bob‘s Private Key Bob‘s Public Key 30
Principles of Asymmetric Encryption Everyone can put a letter into Bob‘s mailbox. Everyone can encrypt message for Bob. Everyone can verify Bob’s signature Only Bob can open his mailbox with his private key. Only Bob can decrypt with his private key. Only Bob can create his own signature Bob Hello Bob, .... ... Encryption Decryption Hello Bob, .... ... 31
Comparison Symmetric - Asymmetric Symmetric Algorithms Asymmetric Algorithms Number Many Few Security Can be very good Can be very good Performance In general: good Bad Key exchange necessary? Yes No Digital Signatures No Yes Typical Application Encryption Digital Signatures Key Exchange
1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources Asymmetric Crypto: RSA
RSA Based on the so called factorization problem: – Given two prime numbers, it is easy to multiply them. Given the product, it is difficult to find the prime numbers. RSA Keys – Every participant has – a modulus n = p*q (public), the product of two large prime numbers – a public exponent e (for performance reasons, one often chooses small prime numbers with few 1’s) – a private exponent d. A: nA,eA B: nB,eB C : nC,eC dA dC dB 34
RSA - Operation Encryption The sender computes c = me mod n, where m is the message, (n, e) is the public key of the receiver, and c is the cipher text. Decryption The receiver computes cd mod n, where c is the cipher text and d is the private key of the receiver. It holds: cd mod n = med mod n = m. For signing it is the other way round: • Signing is the same operation as decrypting • Verifying a signature is the same operation as encrypting 35
RSA – Some Math Primes p, q ; n = p*q Thus, φ(n) = (p-1)*(q-1) = |{ x | x and n are coprime }|. Euler‘s Theorem: cφ(n) mod n = 1 mod n Let e, d such that – e and φ(n) are coprime, thus inverse of e mod φ(n) exists – e*d = 1 mod φ(n) Let‘s prove RSA: – cd mod n = (me)d mod n = med mod n // substitution = m1+k*φ(n) mod n = m1 * mk*φ(n) mod n // definition modulo = m1 * (mφ(n)) k mod n = m * 1k mod n // Euler‘s Theorem = m c = me mod n and m = cd mod n - Why?
RSA Size of the RSA keys – The bit length of the modulus is called the size of an RSA key. The public exponent is usually a lot shorter; the private exponent is of the same length as the modulus. – Today, everything larger than 1024 2048 bit is considered to be secure. Implementation – Chinese Remainder Theorem (CRT) is a mathematical fact that allows to make decryption and signing significantly more efficient. Has to be carefully implemented in order to be secure. – Implementation without CRT is often called “straight forward” – significantly less performance, but usually less security issues as well
Embedded NFC 38 Public Key Infrastructure
Threat: Authenticity of Public Keys Attack Mr. X replaces B’s public key EB by his own public key EX. Consequences: – Encryption: Only X can read messages that are meant for B. – Signature: B’s signatures are not verifiable – B’s signatures are invalid! X can sign messages that are verified as Bob’s signatures. A : EA B : E B E X C : E C U : E U V : E V 39
Certificates Name and public key are signed by a trustworthy institution (certification authority, CA). Message (name, public key) and the CA’s signature on it are called “certificate”: Cert(A) = {A, EA}, DCA{A, EA} Format of Certificates have to be specified – X.509 for example Tree-like structure possible – path of trust Banco di Santo Spirito DCAA, EA Cert(A) DA 40
Random numbers Facts: – In cryptography, often “unpredictable” numbers are needed (for keys for example). – Example: Generate a 128 bit AES key – required is, that even if an attacker “knows” 127 bits of this key, he should not be able to guess the missing bit with a better probability than ½. – There is NO mathematical way to determine whether the outcome of an “random number generator” is unpredictable!!!! – The best thing offered by mathematicians are statistical tests: but they can only test whether a sequence of random numbers has a specific structure or property (and hence is NOT unpredictable). A statistical test never gives a POSITIVE result. Passing a test, only means a sequence does not have one specific (of many) negative properties.
Unpredictable random numbers
Block Diagram of Random Number Generator

Recommended

introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
Priyamvada Singh
 
Moein
MoeinMoein
Moein
itrraincity
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
Amit Pathak
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Cryptography
CryptographyCryptography
Cryptography
Deepak Kumar
 
Ppt cns
Ppt cnsPpt cns
Ppt cns
Amit Pathak
 

Recommended

introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
Priyamvada Singh
 
Moein
MoeinMoein
Moein
itrraincity
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
Amit Pathak
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Cryptography
CryptographyCryptography
Cryptography
Deepak Kumar
 
Ppt cns
Ppt cnsPpt cns
Ppt cns
Amit Pathak
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography ppt
Soma Subbama
 
Encryption
EncryptionEncryption
Encryption
Mahmoud Abdeen
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and Cryptography
Talha SAVAS
 
Day5
Day5Day5
Day5
Jai4uk
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
Hemant Sharma
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Seema Goel
 
Cryptography
CryptographyCryptography
Cryptography
Smruti Ranjan Sahoo
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
Prabhat Goel
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
ramya marichamy
 
When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)
Nate Lawson
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Cryptography
CryptographyCryptography
Cryptography
Darshini Parikh
 
Info security & crypto
Info security & cryptoInfo security & crypto
Info security & cryptoShehrevar Davierwala
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
Priyank Kapadia
 
Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2
Bryan Glancey
 
got HW crypto-slides_hardwear
got HW crypto-slides_hardweargot HW crypto-slides_hardwear
got HW crypto-slides_hardwearGunnar Alendal
 

More Related Content

What's hot

Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography ppt
Soma Subbama
 
Encryption
EncryptionEncryption
Encryption
Mahmoud Abdeen
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and Cryptography
Talha SAVAS
 
Day5
Day5Day5
Day5
Jai4uk
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
Hemant Sharma
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Seema Goel
 
Cryptography
CryptographyCryptography
Cryptography
Smruti Ranjan Sahoo
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
Prabhat Goel
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
ramya marichamy
 

What's hot (15)

Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography ppt
 
Encryption
EncryptionEncryption
Encryption
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and Cryptography
 
Day5
Day5Day5
Day5
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 

Viewers also liked

When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)
Nate Lawson
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Cryptography
CryptographyCryptography
Cryptography
Darshini Parikh
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
Priyank Kapadia
 
Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2
Bryan Glancey
 
got HW crypto-slides_hardwear
got HW crypto-slides_hardweargot HW crypto-slides_hardwear
got HW crypto-slides_hardwearGunnar Alendal
 
Prolog programming
Prolog programmingProlog programming
Prolog programming
David Hoen
 
Text categorization
Text categorization Text categorization
Text categorization
Luis Goldster
 
Database introduction
Database introductionDatabase introduction
Database introduction
James Wong
 
Access data connection
Access data connectionAccess data connection
Access data connection
James Wong
 
Database introduction
Database introductionDatabase introduction
Database introduction
David Hoen
 
Introduction to prolog
Introduction to prologIntroduction to prolog
Introduction to prolog
James Wong
 
Decision tree
Decision treeDecision tree
Decision tree
James Wong
 
Key exchange in crypto
Key exchange in cryptoKey exchange in crypto
Key exchange in crypto
Luis Goldster
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Luis Goldster
 
Computer security
Computer securityComputer security
Computer security
James Wong
 
Hashfunction
HashfunctionHashfunction
Hashfunction
James Wong
 
Database constraints
Database constraintsDatabase constraints
Database constraints
Luis Goldster
 

Viewers also liked (20)

When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Cryptography
CryptographyCryptography
Cryptography
 
Info security & crypto
Info security & cryptoInfo security & crypto
Info security & crypto
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2
 
got HW crypto-slides_hardwear
got HW crypto-slides_hardweargot HW crypto-slides_hardwear
got HW crypto-slides_hardwear
 
Prolog programming
Prolog programmingProlog programming
Prolog programming
 
Text categorization
Text categorization Text categorization
Text categorization
 
Database introduction
Database introductionDatabase introduction
Database introduction
 
Access data connection
Access data connectionAccess data connection
Access data connection
 
Database introduction
Database introductionDatabase introduction
Database introduction
 
Introduction to prolog
Introduction to prologIntroduction to prolog
Introduction to prolog
 
Decision tree
Decision treeDecision tree
Decision tree
 
Key exchange in crypto
Key exchange in cryptoKey exchange in crypto
Key exchange in crypto
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Cryptography
CryptographyCryptography
Cryptography
 
Computer security
Computer securityComputer security
Computer security
 
Hashfunction
HashfunctionHashfunction
Hashfunction
 
Database constraints
Database constraintsDatabase constraints
Database constraints
 

Similar to Introduction to security_and_crypto

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
Nagendra Um
 
20CS2008 Computer Networks
20CS2008 Computer Networks 20CS2008 Computer Networks
20CS2008 Computer Networks
Kathirvel Ayyaswamy
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and Ross
Information Security Awareness Group
 
Hardware Network Trojans for neural Networks
Hardware Network Trojans for neural NetworksHardware Network Trojans for neural Networks
Hardware Network Trojans for neural Networks
gayathrid55
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010Umang Gupta
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
Hardik Manocha
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
NYversity
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Cryptography
CryptographyCryptography
CryptographyRohan04
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryption
Tharindu Weerasinghe
 
Cryptography
CryptographyCryptography
Cryptography
amiable_indian
 
Cryptography
CryptographyCryptography
Cryptography
subodh pawar
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
Mazin Alwaaly
 
Network security
Network securityNetwork security
Network security
Ramasubbu .P
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System Security
Shu Shin
 

Similar to Introduction to security_and_crypto (20)

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
20CS2008 Computer Networks
20CS2008 Computer Networks 20CS2008 Computer Networks
20CS2008 Computer Networks
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and Ross
 
Hardware Network Trojans for neural Networks
Hardware Network Trojans for neural NetworksHardware Network Trojans for neural Networks
Hardware Network Trojans for neural Networks
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
 
Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryption
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
Network security
Network securityNetwork security
Network security
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System Security
 

More from James Wong

Multi threaded rtos
Multi threaded rtosMulti threaded rtos
Multi threaded rtos
James Wong
 
Business analytics and data mining
Business analytics and data miningBusiness analytics and data mining
Business analytics and data mining
James Wong
 
Data mining and knowledge discovery
Data mining and knowledge discoveryData mining and knowledge discovery
Data mining and knowledge discovery
James Wong
 
Cache recap
Cache recapCache recap
Cache recap
James Wong
 
Big picture of data mining
Big picture of data miningBig picture of data mining
Big picture of data mining
James Wong
 
How analysis services caching works
How analysis services caching worksHow analysis services caching works
How analysis services caching works
James Wong
 
Optimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessorsOptimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessors
James Wong
 
Directory based cache coherence
Directory based cache coherenceDirectory based cache coherence
Directory based cache coherence
James Wong
 
Abstract data types
Abstract data typesAbstract data types
Abstract data types
James Wong
 
Abstraction file
Abstraction fileAbstraction file
Abstraction file
James Wong
 
Hardware managed cache
Hardware managed cacheHardware managed cache
Hardware managed cache
James Wong
 
Object model
Object modelObject model
Object model
James Wong
 
Abstract class
Abstract classAbstract class
Abstract class
James Wong
 
Object oriented analysis
Object oriented analysisObject oriented analysis
Object oriented analysis
James Wong
 
Concurrency with java
Concurrency with javaConcurrency with java
Concurrency with java
James Wong
 
Data structures and algorithms
Data structures and algorithmsData structures and algorithms
Data structures and algorithms
James Wong
 
Cobol, lisp, and python
Cobol, lisp, and pythonCobol, lisp, and python
Cobol, lisp, and python
James Wong
 
Inheritance
InheritanceInheritance
Inheritance
James Wong
 

More from James Wong (20)

Data race
Data raceData race
Data race
 
Multi threaded rtos
Multi threaded rtosMulti threaded rtos
Multi threaded rtos
 
Recursion
RecursionRecursion
Recursion
 
Business analytics and data mining
Business analytics and data miningBusiness analytics and data mining
Business analytics and data mining
 
Data mining and knowledge discovery
Data mining and knowledge discoveryData mining and knowledge discovery
Data mining and knowledge discovery
 
Cache recap
Cache recapCache recap
Cache recap
 
Big picture of data mining
Big picture of data miningBig picture of data mining
Big picture of data mining
 
How analysis services caching works
How analysis services caching worksHow analysis services caching works
How analysis services caching works
 
Optimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessorsOptimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessors
 
Directory based cache coherence
Directory based cache coherenceDirectory based cache coherence
Directory based cache coherence
 
Abstract data types
Abstract data typesAbstract data types
Abstract data types
 
Abstraction file
Abstraction fileAbstraction file
Abstraction file
 
Hardware managed cache
Hardware managed cacheHardware managed cache
Hardware managed cache
 
Object model
Object modelObject model
Object model
 
Abstract class
Abstract classAbstract class
Abstract class
 
Object oriented analysis
Object oriented analysisObject oriented analysis
Object oriented analysis
 
Concurrency with java
Concurrency with javaConcurrency with java
Concurrency with java
 
Data structures and algorithms
Data structures and algorithmsData structures and algorithms
Data structures and algorithms
 
Cobol, lisp, and python
Cobol, lisp, and pythonCobol, lisp, and python
Cobol, lisp, and python
 
Inheritance
InheritanceInheritance
Inheritance
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 

Introduction to security_and_crypto

  • 2. Agenda Basics of security Basics of cryptography  Symmetric Crypto  DES example, block chaining  Key exchange, Asymetric Crypto  RSA example Public Key Infrastructure Trust Provisionning  Attacks and how to cope with it  Attacks on Algorithms  Attacks on Implementations  Attacks on Protocols  Two Examples  A7 FS-application Trust provisioning + Offline Authentication TLS and support of A70CM 2
  • 4. Security Goals Confidentiality: Eavesdropping possible? At 10 at my place Alice At 10 at my place Anneliese Authenticity: Sender correct? Mon, at 10 at my place. Alice Tue, at 10 at my place. Alice Integrity: Message modified? Alice Non-Repudiation: Message signed? But also: Availability (i.e.: preventing denial of service), Privacy (personal data towards merchant or third parties) 4
  • 5. Security Goals and Algorithms Confidentiality: Symmetric Crypto Authenticity: Asymmetric Crypto / Signature / Hash Integrity: Hash / Signature / MAC Non-repudiation: Hash / Signature Symmetric Crypto DES, Triple-DES, AES Asymmetric Crypto RSA, ECC Hash SHA Signature Hash + Asymmetric Crypto MAC Hash / Symmetric Crypto 5
  • 6. There is no such thing as „perfect security“ There is no such thing as “perfect security” – A secure system makes an attack more expensive than the value of the advantage gained by the attacker. 6
  • 7. Attacks & Principles Kerckhoffs’ principle: The attacker always knows the algorithm; the only information unknown to him/her is the key. Brute force attack – Exhaustive search over all keys – Single plaintext-ciphertext-pair may be enough to determine the correct key – Cannot be avoided – Goal: Make it practically infeasible, i.e. key space is so large that the search takes more than a lifetime Side Channel Attacks: – Even if a cryptographic algorithm offers high level of security, its implementation may still leak information about secrets or keys: timing behavior, current consumption, electromagnetic radiation etc establish so called side channels for secret information. There is no such thing as “perfect security” – A secure system makes an attack more expensive than the value of the advantage gained by the attacker.
  • 8. There is no such thing as „perfect security“
  • 9. Embedded NFC 9 Basics of Cryptography Symmetric Crypto
  • 11. 1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources A bit of history… The Caesar cipher
  • 12. 1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources Block Ciphers DES Block Chaining
  • 14. Symmetric block ciphers: DES and AES Plaintext is divided into blocks m1, m2, ... of the same length Every block is encrypted under the same key. Typical block lengths: DES – 64 bit, AES – 128 bit Typical key lengths: DES – 56 bit; AES – 128, 192, 256 bit Algorithm Block c2 Block c1Block m4 Block m3 14
  • 15. DES - Data Encryption Standard Most important example for Feistel ciphers (ie: same operations to encrypt and decrypt) Published in 1977 as a standard for the American governmental institutions Significant weakness: 56 bit key is too short 1999 Deep Crack: 100.000 PCs computed key within 22 hours and 15 minutes Input 64 bit Output 64 bit Permutation IP –1 round i round 16 Round key i Round key 16 Key 56 bit Permutation IP R16 F K16 F K1 L0 R0 L1 R1 L15 R15 L16 R16 15
  • 16. Modes of Operation Algorithm Block c2 Block c1Block m4 Block m3 Modes of Operation – How to ensure that the ordering of blocks is not changed by an attacker? – Dependencies between encrypted blocks: Cipher Block Chaining (CBC)
  • 17. Problems of block encryption m1 c1 m2 c2 m3 c3 (3)DES Enciphering (3)DES Enciphering (3)DES Enciphering Electronic Code Book Mode: Identical blocks are identically encrypted. ECB-Example: 17
  • 18. CBC Mode Cipher Block Chaining Mode: Identical blocks are differently encrypted. CBC-Example: m1 c1 m2 c2 m3 c3 (3)DES Enciphering (3)DES Enciphering (3)DES Enciphering IV 18
  • 19. Triple-DES Triple-DES = triple encryption using DES with two or three external keys: DES(k1, DES-1(k2, DES(k1,m))) 1. Question: Why is the decryption DES-1 in the middle? Compatibility: When implementing Triple-DES and choosing k1 = k2, then one gets the single DES. Therefore, only one algorithm needs to be implemented to get Triple-DES and single DES. 2. Question: Why is not Double-DES used instead of Triple-DES? Meet-in-the-middle attack! Security comparison – Two keys – NIST estimation: effectively 80 bits – Three keys – NIST estimation: effectively 112 bits 19
  • 20. AES – Scheme AES is standardized for key lengths of 128 bit, 192 bit, 256 bit, and block size of 128 bit. The number of rounds depends on key length used: 10 up to 14 Round Function: 20 plaintext Round key 0 Round 1 (round key 1) Round 2 (round key 2) Round n (round key n) ciphertext ByteSub ShiftRow MixColumn AddRoundKey
  • 21. Security Goals and Algorithms; HASH Function Confidentiality: Symmetric Crypto Authentication: Asymmetric Crypto / Signature / Hash Integrity: Hash / Signature / MAC Non-repudiation: Hash / Signature Symmetric Crypto DES, Triple-DES, AES Asymmetric Crypto RSA, ECC Hash SHA Signature Hash + Asymmetric Crypto MAC Hash / Symmetric Crypto
  • 22. Hashfunctions Analogy: digital fingerprints Compression: Data of arbitrary length is mapped to n bits. (Typical values: 128/160 bits) Cryptographic properties Preimage of a hash is hard to find. Two data elements with the same hash value are hard to find (Collisions). Data Hash
  • 23. Hashfunctions Compression: Data of arbitrary length is mapped to n bits. Preimage of a hash is hard to find. One-wayness: Given h(m) finding m is infeasible. Two data elements with the same hash value are hard to find (Collisions). Collision resistance: It is infeasible to find m and m‘ which are mapped to the same value. (birthday paradox; output should be at least 160 bits) m m' m m' m h(m)
  • 24. Secure Hash Algorithm (SHA) First version: SHA-0 (160 bit output) in early 90s SHA-1 only a minor change to SHA-0 Chinese Research Group attacked SHA-1: – On collision resistance only expected effort: 280, real effort 263 (Birthday paradox) – Applicability highly depends on application SHA-224,256,512 etc … xxx giving the length of output SHA-3 in review and selection process
  • 25. Message Authentication Codes: MAC, HASH At 10 at my place Alice At 10 at my place Anneliese The active attacker: Who is the origin of a message? Authentication verifies MAC = HK(m) ? K m, MAC computes MAC = HK(m) K Message Authentication Code (“symmetric signature”) A authenticates her message by computing a tag MAC and sends it together with the message to B. B can verify this tag by re-computing it and check whether the two results match. The function H can be either a hash function (SHA, MD5), or a symetric block cipher based on DES or AES (CMAC,…).  Integrity: Message can’t be easily modified 25 m,
  • 26. 1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources Key Exchange Asymmetric Crypto
  • 27. What about the Keys? Alice and Bob need to share the same key. How to share it securely? Pre distribution? (ie: keys exchanges in a “secure environment”) – Trust provisionning (see later) Secured Key Exchange – Diffie Hellman and asymetric cryptography 27
  • 28. Diffie Hellmann Key Exchange Private “keys” Public “keys” 28
  • 29. Asymmetric Crypto: The Idea PlaintextPlaintext Encryption RSA ECC Decryption RSA ECC Ciphertext Bob‘s Public Key Bob‘s Private Key 29
  • 30. Asymmetric Crypto: Signatures Plaintext verifiedPlaintext, Hash Signature Generation (Decryption) RSA ECC Signature Verification (Encryption and Compare with Hash) RSA ECC Plaintext, Hash, Signature Bob‘s Private Key Bob‘s Public Key 30
  • 31. Principles of Asymmetric Encryption Everyone can put a letter into Bob‘s mailbox. Everyone can encrypt message for Bob. Everyone can verify Bob’s signature Only Bob can open his mailbox with his private key. Only Bob can decrypt with his private key. Only Bob can create his own signature Bob Hello Bob, .... ... Encryption Decryption Hello Bob, .... ... 31
  • 32. Comparison Symmetric - Asymmetric Symmetric Algorithms Asymmetric Algorithms Number Many Few Security Can be very good Can be very good Performance In general: good Bad Key exchange necessary? Yes No Digital Signatures No Yes Typical Application Encryption Digital Signatures Key Exchange
  • 33. 1. Introduction - What is Android ? 2. Platform Architecture 3. Platform Components 4. Platform Initialization 5. How to get Android sources Asymmetric Crypto: RSA
  • 34. RSA Based on the so called factorization problem: – Given two prime numbers, it is easy to multiply them. Given the product, it is difficult to find the prime numbers. RSA Keys – Every participant has – a modulus n = p*q (public), the product of two large prime numbers – a public exponent e (for performance reasons, one often chooses small prime numbers with few 1’s) – a private exponent d. A: nA,eA B: nB,eB C : nC,eC dA dC dB 34
  • 35. RSA - Operation Encryption The sender computes c = me mod n, where m is the message, (n, e) is the public key of the receiver, and c is the cipher text. Decryption The receiver computes cd mod n, where c is the cipher text and d is the private key of the receiver. It holds: cd mod n = med mod n = m. For signing it is the other way round: • Signing is the same operation as decrypting • Verifying a signature is the same operation as encrypting 35
  • 36. RSA – Some Math Primes p, q ; n = p*q Thus, φ(n) = (p-1)*(q-1) = |{ x | x and n are coprime }|. Euler‘s Theorem: cφ(n) mod n = 1 mod n Let e, d such that – e and φ(n) are coprime, thus inverse of e mod φ(n) exists – e*d = 1 mod φ(n) Let‘s prove RSA: – cd mod n = (me)d mod n = med mod n // substitution = m1+k*φ(n) mod n = m1 * mk*φ(n) mod n // definition modulo = m1 * (mφ(n)) k mod n = m * 1k mod n // Euler‘s Theorem = m c = me mod n and m = cd mod n - Why?
  • 37. RSA Size of the RSA keys – The bit length of the modulus is called the size of an RSA key. The public exponent is usually a lot shorter; the private exponent is of the same length as the modulus. – Today, everything larger than 1024 2048 bit is considered to be secure. Implementation – Chinese Remainder Theorem (CRT) is a mathematical fact that allows to make decryption and signing significantly more efficient. Has to be carefully implemented in order to be secure. – Implementation without CRT is often called “straight forward” – significantly less performance, but usually less security issues as well
  • 38. Embedded NFC 38 Public Key Infrastructure
  • 39. Threat: Authenticity of Public Keys Attack Mr. X replaces B’s public key EB by his own public key EX. Consequences: – Encryption: Only X can read messages that are meant for B. – Signature: B’s signatures are not verifiable – B’s signatures are invalid! X can sign messages that are verified as Bob’s signatures. A : EA B : E B E X C : E C U : E U V : E V 39
  • 40. Certificates Name and public key are signed by a trustworthy institution (certification authority, CA). Message (name, public key) and the CA’s signature on it are called “certificate”: Cert(A) = {A, EA}, DCA{A, EA} Format of Certificates have to be specified – X.509 for example Tree-like structure possible – path of trust Banco di Santo Spirito DCAA, EA Cert(A) DA 40
  • 41. Random numbers Facts: – In cryptography, often “unpredictable” numbers are needed (for keys for example). – Example: Generate a 128 bit AES key – required is, that even if an attacker “knows” 127 bits of this key, he should not be able to guess the missing bit with a better probability than ½. – There is NO mathematical way to determine whether the outcome of an “random number generator” is unpredictable!!!! – The best thing offered by mathematicians are statistical tests: but they can only test whether a sequence of random numbers has a specific structure or property (and hence is NOT unpredictable). A statistical test never gives a POSITIVE result. Passing a test, only means a sequence does not have one specific (of many) negative properties.
  • 43. Block Diagram of Random Number Generator