SlideShare a Scribd company logo

Cryptography 202

UTD Computer Security Group
UTD Computer Security Group

Cryptography dos and don'ts, block cipher modes, and standard attacks on block cipher modes.

Technology
1 of 34
Download to read offline
Cryptography 101, Part 2 9/7/2011
Outline ● Homework Solutions ● Crypto Dos and Donts ● Block Ciphers ○ Modes of Operation ○ CTF Problems ● A CTF Warm-up ● More homework!
Homework Solutions Gold stars for everyone!
Homework Solution 1 def gogo(): from PIL import Image import hashlib im = Image.open("SNight.png") im2 = Image.open("SNightOrig.png") s="" for i in range(0,1024): for j in range(0,768): t1 = im.getpixel((i,j)) t2 = im2.getpixel((i,j)) if t1 != t2: s+=chr(im.getpixel((i,j))[3]) print s sha = hashlib.sha1() sha.update(s) print sha.hexdigest() >>> gogo() HASH ME: These are the droids you are looking for. 87f0a993d63a468317740d788f08d1802aaca868 (65, 79, 64, 72) (59, 76, 58, 65) (82, 99, 80, 83) (135, 150, 127, 72) (218, 228, 204, 32) (239, 243, 218, 77) (160, 158, 133, 69) (96, 90, 64, 58) (195, 183, 157, 32) (235, 221, 195, 84) (228, 212, 187, 104) (254, 238, 215, 101) (236, 221, 198, 115) (182, 172, 147, 101) (166, 160, 134, 32) (165, 163, 138, 97) (204, 204, 192, 114) (224, 222, 210, 101) (203, 197, 185, 32) (135, 127, 114, 116) (71, 64, 46, 104) (55, 50, 30, 101) (108, 108, 84, 32) ...
Homework Solution 2 Cdokw www tssmpfovy tk kwh hitq zqjez sx guxvato ty dij guwvwx wf tdi tozo, cfj wx hwzabs rqlnqfg ps vc: arew uz lwegw gti jsj xweliv wzxq lnm toko zsd wkkzmj www jsmhkfm, jmt ex zop rq hoklunik cd gqfbmjswxaczw kf ob, 'snz azof mu lnm msa sx o nsqc,' zpgucll Oxmew 'cqlhkyl dugvmxmk on ggbhitkgbaoj?' ... http://www.cryptool.org
Things they don't tell you... DO: Obey export controls (http://www.bis.doc.gov/encryption/) DO: Follow NIST standards (http://csrc.nist. gov/groups/ST/index.html) DO: Follow FIPS standards (http://www.itl.nist.gov/fipspubs/) DON'T: Write cryptographic code DON'T: Use the wrong tools DON'T: Use tools in the wrong way DON'T: Be a victim of stupidity, stay informed and up-to-date
Things they don't tell you...Hash Edition DO: Use SHA-256, SHA-512 DO: Switch to SHA-3 soon (est. NIST approval 2012) DO: Use a hash function when you can securely distribute H(x) then receive value x' insecurely and want to verify x' equal to x DO: Salt hashes when appropriate DON'T: Use MD2, MD4, MD5, RIPEMD, SHA-0, SHA-1 DON'T: Use a hash function as a symmetric signature DON'T: Reuse salt values
Things they don't tell you...MAC Edition DO: Use HMAC-SHA256, HMAC-SHA512 DO: Always use a MAC to authenticate encrypted data DO: Verify authenticity of encrypted data before decryption DO: Guarantee two different messages cannot result in the same input to the MAC function. DON'T: Use CBC-MAC, HMAC-MD5/SHA1, DAA, Poly1305 DON'T: Allow side-channel timing attacks when verifying MAC DON'T: Perform partial verification of MAC
Things they don't tell you...Block Edition DO: Use AES-256 DO: Always pad plaintext input to the appropriate block size DO: Use CTR, XTS mode DO: Use the appropriate cryptographically random IV DON'T: Use AES-128, AES-192, Blowfish DON'T: Even think about using DES or Triple-DES DON'T: Ever use a block cipher in RAW mode DON'T: Even think about using ECB mode DON'T: Use modes that provide both authentication and encryption (i.e. CBC and CFB mode) DON'T: Ever reuse IV's
Things they don't tell you...RSA Edition DO: Use a 2048-bit RSA key with public exponent 65537 and SHA256 DO: Apply symmetric encryption separately to the random key and your message DO: Use PKCS 2.1 padding DON'T: Use DSA or Elliptic Curve Signature Schemes DON'T: Ever use the same RSA key for authentication and encryption DON'T: Use PKCS 1.5 padding DON'T: Ever use RSA without appropriate padding
Things they don't tell you...SSL/TSL Edition DO: Understand SSL is currently our only complex attacker friendly option. DO: Use SSL 3.0, TSL 1.2 DO: Include hash of asymmetric signature key with client side software DO: Use SSL/TSL to secure network/internet communication DON'T: Use SSL 1.0, SSL 2.0, TSL 1.0, TSL 1.1 DON'T: Blindly trust every certificate authority
Things they don't tell you...Pro Edition DO: Consult a professional cryptographer if you are dealing with hardware with physical access DO: Consult a professional cryptographer if you require energy efficiency DO: Consult a professional cryptographer if you need maximum throughput rates DO: Consult a professional cryptographer if you need to transmit minimal information DON'T: Be afraid to ask for help DON'T: Ignore any of the above advice
Block Ciphers ● Ideal Block cipher = totally random permutation from n-bit strings to n-bit strings. ○ Infeasible in practice: ■ Number of permutations of N bits = 2^N ■ Number of mappings from N bit strings to N bit strings = (2^N)! ■ Number of bits require to specify a key for such a mapping = lg((2^N)!) > (n-1)*2^(n-1) ■ Exponential key size :( ● Modern block ciphers use an Iterated Cipher
Block Ciphers ● Iterated Ciphers ○ Require invertible function g ○ Key schedule K ○ Number of rounds N ● Feistel Cipher ○ Uses specific round function ○ Does not have to be invertible ● List of Feistel Ciphers: ○ Blowfish, Camellia, CAST- 128, DES, FEAL, ICE, KASUMI, LOKI97, Lucifer, MARS, MAGENTA, MISTY1, RC5, TEA, Triple DES, Twofish, XTEA, ... http://en.wikipedia.org
AES Block Encryption ● KeyExpansion—round keys are derived from the cipher key ● Initial Round 1. AddRoundKey—each byte of the state is combined with the round key using bitwise xor ● Rounds 1. SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table. 2. ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps. 3. MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column. 4. AddRoundKey ● Final Round (no MixColumns) 1. SubBytes 2. ShiftRows 3. AddRoundKey
Modes of encryption ● There are multiple ways that you can implement your block cipher: ○ Electronic Codebook (ECB), ○ Cipher-Block Chaining (CBC), ○ Cipher Feedback (CFB), ○ Output Feedback (OFB), ○ Counter (CTR) ● Also different padding schemes
ECB: Electronic Codebook ● Simply divide plaintext into blocks and feed each block into the block cipher encryption algorithm ● Terrible security implications ○ Information leaked - repeated blocks in plaintext result in repeated blocks in ciphertext ○ Vulnerable to block swapping ■ Forge a ciphertext: ■ Given P = AABA, recieve C= ZZYZ ■ Forge C=YZZZ for P=BAAA
ECB Example For large files containing many blocks, the patterns found in the ciphertext can be very obvious
CTF Problem - CSAW 2010, Crypto Bonus ● Users allowed to log into system with only their username ○ Root and Admin are not allowed! ● Upon authentication, they are presented with an authentication token (an encryption of the timestamp, username, and puzzle name) ● Each auth-token only lasts 5 minutes! ● Goal: Construct a correct authentication token for Root
CTF Problem - CSAW 2010, Crypto Bonus EBC Block Swapping! ● Attempting to authenticated as "AAAAAAAA" (8 A's) results in a token: ○ ... A1 B2 C3 D4 A1 B2 C3 D4 ... ● As "AAAAAAAAAAAA" (12 A's) ○ ... A1 B2 C3 D4 A1 B2 C3 D4 A1 B2 C3 D4 ... ● How about "AAAAAAAAadmin"? ○ ...A1 B2 C3 D4 A1 B2 C3 D4 F1 2E BF 11 12 3D F6 18... ● Construct our token: ○ [Encrypted prefix]F1 2E BF 11 12 3D F6 18[Encrypted suffix] ● Win.
CBC: Cipher-Block Chaining ● Encryption depends on previous block. ● No repetition like in ECB (due to IV and feed-forward) ● Can decode in parallel (since you will have access to the previous block's ciphertext and the key) ● Vulnerable to bit-flipping!
Bit-flipping in CBC mode ● Identify target bits in plaintext. ● Find corresponding bits in previous block's ciphertext ● Ciphertext_0 XOR Decrypt(Ciphertext_1,key) = Plaintext_1 ● If you can modify Ciphertext_0, you can modify Plaintext_1 ● Flipping a bit in Ciphertext_0 will flip the corresponding bit in Plaintext_1 ● Plaintext_0 is corrupted in the process (OK if no vital information was stored there!) http://blog.gdssecurity.com/labs/tag/ctf
CTF Problem - CSAW 2010, Crypto 2 ● Users are presented with an auth token ● Token is AES encryption of (Username, Teamname, Puzzle Name, Access level). ● The access level was set to 5, and teams were told they needed to obtain access level 0. ● Solution: ○ Use bit-flipping to change the decrypted value from 5 to 0 without actually decrypting the ciphertext
CTF Problem - CSAW 2010, Crypto 2 Goal: Make 0x05 become 0x00 in decrypted text Solution: 0xa8 XOR 0x05 = 0xad Resulting plaintext will have role=0 http://blog.gdssecurity.com/labs/tag/ctf
RSA ● Based on the factoring problem for large numbers ○ Choose n = p*q for primes p and q ○ Compute phi(n) = (p-1)*(q-1) ○ Choose e in (0,phi(n)) s.t. gcd(e,phi(n))=1 ○ Calculate d = e^-1 mod phi(n) ● Results: ○ (m^e)^d mod n = m ● Why? ○ Fermet's Little Theorem ■ http://en.wikipedia.org/wiki/Fermat%27s_little_theorem
Time for a CTF Problem! Taken from DEFCON 18
Decrypt Please. http://www.mediafire.com/?ibrrtnibr4pspuu http://tinyurl.com/3bua759 Ocmln. up.'g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV
Hint 1: Frequency Table = 39 (16.81%) ' = 1 (0.43%) , = 3 (1.29%) . = 20 (8.62%) / = 1 (0.43%) = = 1 (0.43%) O = 1 (0.43%) V = 2 (0.86%) W = 2 (0.86%) Y = 2 (0.86%) a = 13 (5.60%) b = 11 (4.74%) c = 13 (5.60%) d = 11 (4.74%) f = 7 (3.02%) g = 5 (2.16%) i = 3 (1.29%) j = 4 (1.72%) l = 3 (1.29%) m = 4 (1.72%) n = 7 (3.02%) o = 13 (5.60%) p = 11 (4.74%) q = 1 (0.43%) r = 16 (6.90%) t = 6 (2.59%) u = 4 (1.72%) v = 3 (1.29%) w = 3 (1.29%) x = 2 (0.86%) y = 15 (6.47%) z = 1 (0.43%)
Hint 2: Common word? Note that "yd." appears multiple times in the ciphertext.
Solution
QWERTY -> DVORAK This cipher was created by typing on a DVORAK keyboard using QWERTY key positioning. The translated text is: Simple frequency analysis should do the trick here [well, for the most part]. This text was written using a special keyboard, no not ergonomic, you asshat. <hint> The key you are looking for is the namesake of this keyboard. </hint> The final solution to the problem was "DVORAK"
Homework Problem 1 How could you simultaneously ensure privacy and authenticity using public key crypto? Give your answer using some or all of the following: ● Functions: Encrypt(msg,key), Decrypt(msg,key) ● Strings: Pub_A, Priv_A, Pub_B, Priv_B, Msg
Homework Problem 2 (Taken from interview question): Consider an authentication scheme where multiple users need to authenticate to the server prior to communication. There is a shared key that only the users and server know. Authentication occurs as follows: 1) User sends Challenge to server 2) Server proves it’s identity by replying Encrypt(Challenge, SharedSecret) 3) User verifies server by encrypting Challenge and comparing with the received message 4) Server sends Challenge2 to user 5) User authenticates by replying Encrypt(Challenge2, SharedSecret) 4) Server verifies user by encrypting Challenge2 and comparing with received message The encryption system itself is unbreakable (think OTP). However, the implementation is broken - point out the flaw that would allow anyone to authenticate without actually knowing the SharedSecret. Can you think of a simple way to fix it?
Announcements!     CSAW CTF 2011 Qualification Round Friday, September 23, 2011 20:00 EDT (-4) - Sunday, September 25, 2011 20:00 EDT (-4)

Recommended

Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solverDharmalingam Ganesan
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleDharmalingam Ganesan
 
Let's play with crypto!
Let's play with crypto!Let's play with crypto!
Let's play with crypto!Ange Albertini
 
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...yaevents
 
Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Roy Wasse
 
Rass presentation
Rass presentationRass presentation
Rass presentationShalini Guha
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without PaddingDharmalingam Ganesan
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynoteKaya Ota
 

Recommended

Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solverDharmalingam Ganesan
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleDharmalingam Ganesan
 
Let's play with crypto!
Let's play with crypto!Let's play with crypto!
Let's play with crypto!Ange Albertini
 
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...
Как мы охотимся на гонки (data races) или «найди багу до того, как она нашла ...yaevents
 
Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Roy Wasse
 
Rass presentation
Rass presentationRass presentation
Rass presentationShalini Guha
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without PaddingDharmalingam Ganesan
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynoteKaya Ota
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementationRoman Oliynykov
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersJyothishmathi Institute of Technology and Science Karimnagar
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionDharmalingam Ganesan
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challengesDharmalingam Ganesan
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеPlatonov Sergey
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an OracleDharmalingam Ganesan
 
AES Cryptosystem
AES CryptosystemAES Cryptosystem
AES Cryptosystemهيثم فرج
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzleDharmalingam Ganesan
 
Week5 ap3421 2019_part1
Week5 ap3421 2019_part1Week5 ap3421 2019_part1
Week5 ap3421 2019_part1David Cian
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Fault Detection AES
Fault Detection AESFault Detection AES
Fault Detection AESSumathi Reddy
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerPlatonov Sergey
 
Advanced Encryption Standard Report
Advanced Encryption Standard ReportAdvanced Encryption Standard Report
Advanced Encryption Standard Reportbrakanjero
 
RSA without Integrity Checks
RSA without Integrity ChecksRSA without Integrity Checks
RSA without Integrity ChecksDharmalingam Ganesan
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
Aes128 bit project_report
Aes128 bit project_reportAes128 bit project_report
Aes128 bit project_reportNikhil Gupta
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dDharmalingam Ganesan
 
Let's play with crypto! v2
Let's play with crypto! v2Let's play with crypto! v2
Let's play with crypto! v2Ange Albertini
 
SymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfSymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfMohammedMorhafJaely
 

More Related Content

What's hot

CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementationRoman Oliynykov
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionDharmalingam Ganesan
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challengesDharmalingam Ganesan
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеPlatonov Sergey
 
Week5 ap3421 2019_part1
Week5 ap3421 2019_part1Week5 ap3421 2019_part1
Week5 ap3421 2019_part1David Cian
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerPlatonov Sergey
 
Advanced Encryption Standard Report
Advanced Encryption Standard ReportAdvanced Encryption Standard Report
Advanced Encryption Standard Reportbrakanjero
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
Aes128 bit project_report
Aes128 bit project_reportAes128 bit project_report
Aes128 bit project_reportNikhil Gupta
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dDharmalingam Ganesan
 

What's hot (20)

CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementation
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challenges
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
 
AES Cryptosystem
AES CryptosystemAES Cryptosystem
AES Cryptosystem
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
 
Week5 ap3421 2019_part1
Week5 ap3421 2019_part1Week5 ap3421 2019_part1
Week5 ap3421 2019_part1
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
 
Fault Detection AES
Fault Detection AESFault Detection AES
Fault Detection AES
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
 
Advanced Encryption Standard Report
Advanced Encryption Standard ReportAdvanced Encryption Standard Report
Advanced Encryption Standard Report
 
RSA without Integrity Checks
RSA without Integrity ChecksRSA without Integrity Checks
RSA without Integrity Checks
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
Aes128 bit project_report
Aes128 bit project_reportAes128 bit project_report
Aes128 bit project_report
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent d
 

Similar to Cryptography 202

Let's play with crypto! v2
Let's play with crypto! v2Let's play with crypto! v2
Let's play with crypto! v2Ange Albertini
 
SymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfSymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfMohammedMorhafJaely
 
Bluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyBluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyFReeze FRancis
 
Data Encryption standard in cryptography
Data Encryption standard in cryptographyData Encryption standard in cryptography
Data Encryption standard in cryptographyNithyasriA2
 
3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of CryptographyMohammedMorhafJaely
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Ahmed Mohamed Mahmoud
 
When AES(☢) = ☠ - Episode V
When AES(☢) = ☠ - Episode VWhen AES(☢) = ☠ - Episode V
When AES(☢) = ☠ - Episode VAnge Albertini
 
Crypto & Crpyocurrencies Intro
Crypto & Crpyocurrencies IntroCrypto & Crpyocurrencies Intro
Crypto & Crpyocurrencies IntroTal Shmueli
 
when AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trickwhen AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trickAnge Albertini
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attackSeth Wahle
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
How to Build Your Own Blockchain
How to Build Your Own BlockchainHow to Build Your Own Blockchain
How to Build Your Own BlockchainLeonid Beder
 
Two fish & Rijndael (AES) Encryption Algorithm
Two fish & Rijndael (AES) Encryption AlgorithmTwo fish & Rijndael (AES) Encryption Algorithm
Two fish & Rijndael (AES) Encryption AlgorithmRifat Tasnim
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
How to build TiDB
How to build TiDBHow to build TiDB
How to build TiDBPingCAP
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...Yandex
 
Fast dynamic analysis, Kostya Serebryany
Fast dynamic analysis, Kostya SerebryanyFast dynamic analysis, Kostya Serebryany
Fast dynamic analysis, Kostya Serebryanyyaevents
 

Similar to Cryptography 202 (20)

Let's play with crypto! v2
Let's play with crypto! v2Let's play with crypto! v2
Let's play with crypto! v2
 
SymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfSymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdf
 
Bluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyBluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case Study
 
Data Encryption standard in cryptography
Data Encryption standard in cryptographyData Encryption standard in cryptography
Data Encryption standard in cryptography
 
3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)
 
When AES(☢) = ☠ - Episode V
When AES(☢) = ☠ - Episode VWhen AES(☢) = ☠ - Episode V
When AES(☢) = ☠ - Episode V
 
Auto Tuning
Auto TuningAuto Tuning
Auto Tuning
 
Crypto & Crpyocurrencies Intro
Crypto & Crpyocurrencies IntroCrypto & Crpyocurrencies Intro
Crypto & Crpyocurrencies Intro
 
when AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trickwhen AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trick
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attack
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
 
How to Build Your Own Blockchain
How to Build Your Own BlockchainHow to Build Your Own Blockchain
How to Build Your Own Blockchain
 
Two fish & Rijndael (AES) Encryption Algorithm
Two fish & Rijndael (AES) Encryption AlgorithmTwo fish & Rijndael (AES) Encryption Algorithm
Two fish & Rijndael (AES) Encryption Algorithm
 
Ctf hello,world!
Ctf hello,world! Ctf hello,world!
Ctf hello,world!
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
How to build TiDB
How to build TiDBHow to build TiDB
How to build TiDB
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...
 
Fast dynamic analysis, Kostya Serebryany
Fast dynamic analysis, Kostya SerebryanyFast dynamic analysis, Kostya Serebryany
Fast dynamic analysis, Kostya Serebryany
 

More from UTD Computer Security Group

UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 

More from UTD Computer Security Group (20)

Py jail talk
Py jail talkPy jail talk
Py jail talk
 
22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
 
Cloud talk
Cloud talkCloud talk
Cloud talk
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 
Forensics audio and video
Forensics audio and videoForensics audio and video
Forensics audio and video
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
 
Intro to python
Intro to pythonIntro to python
Intro to python
 
Powershell crash course
Powershell crash coursePowershell crash course
Powershell crash course
 
Intro to cybersecurity
Intro to cybersecurityIntro to cybersecurity
Intro to cybersecurity
 
Intro to Bash
Intro to BashIntro to Bash
Intro to Bash
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
 
Penetration Testing: Celestial
Penetration Testing: CelestialPenetration Testing: Celestial
Penetration Testing: Celestial
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
Cryptography Crash Course
Cryptography Crash CourseCryptography Crash Course
Cryptography Crash Course
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Heap Base Exploitation
Heap Base ExploitationHeap Base Exploitation
Heap Base Exploitation
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Cryptography 202

  • 2. Outline ● Homework Solutions ● Crypto Dos and Donts ● Block Ciphers ○ Modes of Operation ○ CTF Problems ● A CTF Warm-up ● More homework!
  • 4. Homework Solution 1 def gogo(): from PIL import Image import hashlib im = Image.open("SNight.png") im2 = Image.open("SNightOrig.png") s="" for i in range(0,1024): for j in range(0,768): t1 = im.getpixel((i,j)) t2 = im2.getpixel((i,j)) if t1 != t2: s+=chr(im.getpixel((i,j))[3]) print s sha = hashlib.sha1() sha.update(s) print sha.hexdigest() >>> gogo() HASH ME: These are the droids you are looking for. 87f0a993d63a468317740d788f08d1802aaca868 (65, 79, 64, 72) (59, 76, 58, 65) (82, 99, 80, 83) (135, 150, 127, 72) (218, 228, 204, 32) (239, 243, 218, 77) (160, 158, 133, 69) (96, 90, 64, 58) (195, 183, 157, 32) (235, 221, 195, 84) (228, 212, 187, 104) (254, 238, 215, 101) (236, 221, 198, 115) (182, 172, 147, 101) (166, 160, 134, 32) (165, 163, 138, 97) (204, 204, 192, 114) (224, 222, 210, 101) (203, 197, 185, 32) (135, 127, 114, 116) (71, 64, 46, 104) (55, 50, 30, 101) (108, 108, 84, 32) ...
  • 5. Homework Solution 2 Cdokw www tssmpfovy tk kwh hitq zqjez sx guxvato ty dij guwvwx wf tdi tozo, cfj wx hwzabs rqlnqfg ps vc: arew uz lwegw gti jsj xweliv wzxq lnm toko zsd wkkzmj www jsmhkfm, jmt ex zop rq hoklunik cd gqfbmjswxaczw kf ob, 'snz azof mu lnm msa sx o nsqc,' zpgucll Oxmew 'cqlhkyl dugvmxmk on ggbhitkgbaoj?' ... http://www.cryptool.org
  • 6. Things they don't tell you... DO: Obey export controls (http://www.bis.doc.gov/encryption/) DO: Follow NIST standards (http://csrc.nist. gov/groups/ST/index.html) DO: Follow FIPS standards (http://www.itl.nist.gov/fipspubs/) DON'T: Write cryptographic code DON'T: Use the wrong tools DON'T: Use tools in the wrong way DON'T: Be a victim of stupidity, stay informed and up-to-date
  • 7. Things they don't tell you...Hash Edition DO: Use SHA-256, SHA-512 DO: Switch to SHA-3 soon (est. NIST approval 2012) DO: Use a hash function when you can securely distribute H(x) then receive value x' insecurely and want to verify x' equal to x DO: Salt hashes when appropriate DON'T: Use MD2, MD4, MD5, RIPEMD, SHA-0, SHA-1 DON'T: Use a hash function as a symmetric signature DON'T: Reuse salt values
  • 8. Things they don't tell you...MAC Edition DO: Use HMAC-SHA256, HMAC-SHA512 DO: Always use a MAC to authenticate encrypted data DO: Verify authenticity of encrypted data before decryption DO: Guarantee two different messages cannot result in the same input to the MAC function. DON'T: Use CBC-MAC, HMAC-MD5/SHA1, DAA, Poly1305 DON'T: Allow side-channel timing attacks when verifying MAC DON'T: Perform partial verification of MAC
  • 9. Things they don't tell you...Block Edition DO: Use AES-256 DO: Always pad plaintext input to the appropriate block size DO: Use CTR, XTS mode DO: Use the appropriate cryptographically random IV DON'T: Use AES-128, AES-192, Blowfish DON'T: Even think about using DES or Triple-DES DON'T: Ever use a block cipher in RAW mode DON'T: Even think about using ECB mode DON'T: Use modes that provide both authentication and encryption (i.e. CBC and CFB mode) DON'T: Ever reuse IV's
  • 10. Things they don't tell you...RSA Edition DO: Use a 2048-bit RSA key with public exponent 65537 and SHA256 DO: Apply symmetric encryption separately to the random key and your message DO: Use PKCS 2.1 padding DON'T: Use DSA or Elliptic Curve Signature Schemes DON'T: Ever use the same RSA key for authentication and encryption DON'T: Use PKCS 1.5 padding DON'T: Ever use RSA without appropriate padding
  • 11. Things they don't tell you...SSL/TSL Edition DO: Understand SSL is currently our only complex attacker friendly option. DO: Use SSL 3.0, TSL 1.2 DO: Include hash of asymmetric signature key with client side software DO: Use SSL/TSL to secure network/internet communication DON'T: Use SSL 1.0, SSL 2.0, TSL 1.0, TSL 1.1 DON'T: Blindly trust every certificate authority
  • 12. Things they don't tell you...Pro Edition DO: Consult a professional cryptographer if you are dealing with hardware with physical access DO: Consult a professional cryptographer if you require energy efficiency DO: Consult a professional cryptographer if you need maximum throughput rates DO: Consult a professional cryptographer if you need to transmit minimal information DON'T: Be afraid to ask for help DON'T: Ignore any of the above advice
  • 13. Block Ciphers ● Ideal Block cipher = totally random permutation from n-bit strings to n-bit strings. ○ Infeasible in practice: ■ Number of permutations of N bits = 2^N ■ Number of mappings from N bit strings to N bit strings = (2^N)! ■ Number of bits require to specify a key for such a mapping = lg((2^N)!) > (n-1)*2^(n-1) ■ Exponential key size :( ● Modern block ciphers use an Iterated Cipher
  • 14. Block Ciphers ● Iterated Ciphers ○ Require invertible function g ○ Key schedule K ○ Number of rounds N ● Feistel Cipher ○ Uses specific round function ○ Does not have to be invertible ● List of Feistel Ciphers: ○ Blowfish, Camellia, CAST- 128, DES, FEAL, ICE, KASUMI, LOKI97, Lucifer, MARS, MAGENTA, MISTY1, RC5, TEA, Triple DES, Twofish, XTEA, ... http://en.wikipedia.org
  • 15. AES Block Encryption ● KeyExpansion—round keys are derived from the cipher key ● Initial Round 1. AddRoundKey—each byte of the state is combined with the round key using bitwise xor ● Rounds 1. SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table. 2. ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps. 3. MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column. 4. AddRoundKey ● Final Round (no MixColumns) 1. SubBytes 2. ShiftRows 3. AddRoundKey
  • 16. Modes of encryption ● There are multiple ways that you can implement your block cipher: ○ Electronic Codebook (ECB), ○ Cipher-Block Chaining (CBC), ○ Cipher Feedback (CFB), ○ Output Feedback (OFB), ○ Counter (CTR) ● Also different padding schemes
  • 17. ECB: Electronic Codebook ● Simply divide plaintext into blocks and feed each block into the block cipher encryption algorithm ● Terrible security implications ○ Information leaked - repeated blocks in plaintext result in repeated blocks in ciphertext ○ Vulnerable to block swapping ■ Forge a ciphertext: ■ Given P = AABA, recieve C= ZZYZ ■ Forge C=YZZZ for P=BAAA
  • 18. ECB Example For large files containing many blocks, the patterns found in the ciphertext can be very obvious
  • 19. CTF Problem - CSAW 2010, Crypto Bonus ● Users allowed to log into system with only their username ○ Root and Admin are not allowed! ● Upon authentication, they are presented with an authentication token (an encryption of the timestamp, username, and puzzle name) ● Each auth-token only lasts 5 minutes! ● Goal: Construct a correct authentication token for Root
  • 20. CTF Problem - CSAW 2010, Crypto Bonus EBC Block Swapping! ● Attempting to authenticated as "AAAAAAAA" (8 A's) results in a token: ○ ... A1 B2 C3 D4 A1 B2 C3 D4 ... ● As "AAAAAAAAAAAA" (12 A's) ○ ... A1 B2 C3 D4 A1 B2 C3 D4 A1 B2 C3 D4 ... ● How about "AAAAAAAAadmin"? ○ ...A1 B2 C3 D4 A1 B2 C3 D4 F1 2E BF 11 12 3D F6 18... ● Construct our token: ○ [Encrypted prefix]F1 2E BF 11 12 3D F6 18[Encrypted suffix] ● Win.
  • 21. CBC: Cipher-Block Chaining ● Encryption depends on previous block. ● No repetition like in ECB (due to IV and feed-forward) ● Can decode in parallel (since you will have access to the previous block's ciphertext and the key) ● Vulnerable to bit-flipping!
  • 22. Bit-flipping in CBC mode ● Identify target bits in plaintext. ● Find corresponding bits in previous block's ciphertext ● Ciphertext_0 XOR Decrypt(Ciphertext_1,key) = Plaintext_1 ● If you can modify Ciphertext_0, you can modify Plaintext_1 ● Flipping a bit in Ciphertext_0 will flip the corresponding bit in Plaintext_1 ● Plaintext_0 is corrupted in the process (OK if no vital information was stored there!) http://blog.gdssecurity.com/labs/tag/ctf
  • 23. CTF Problem - CSAW 2010, Crypto 2 ● Users are presented with an auth token ● Token is AES encryption of (Username, Teamname, Puzzle Name, Access level). ● The access level was set to 5, and teams were told they needed to obtain access level 0. ● Solution: ○ Use bit-flipping to change the decrypted value from 5 to 0 without actually decrypting the ciphertext
  • 24. CTF Problem - CSAW 2010, Crypto 2 Goal: Make 0x05 become 0x00 in decrypted text Solution: 0xa8 XOR 0x05 = 0xad Resulting plaintext will have role=0 http://blog.gdssecurity.com/labs/tag/ctf
  • 25. RSA ● Based on the factoring problem for large numbers ○ Choose n = p*q for primes p and q ○ Compute phi(n) = (p-1)*(q-1) ○ Choose e in (0,phi(n)) s.t. gcd(e,phi(n))=1 ○ Calculate d = e^-1 mod phi(n) ● Results: ○ (m^e)^d mod n = m ● Why? ○ Fermet's Little Theorem ■ http://en.wikipedia.org/wiki/Fermat%27s_little_theorem
  • 26. Time for a CTF Problem! Taken from DEFCON 18
  • 27. Decrypt Please. http://www.mediafire.com/?ibrrtnibr4pspuu http://tinyurl.com/3bua759 Ocmln. up.'g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV
  • 28. Hint 1: Frequency Table = 39 (16.81%) ' = 1 (0.43%) , = 3 (1.29%) . = 20 (8.62%) / = 1 (0.43%) = = 1 (0.43%) O = 1 (0.43%) V = 2 (0.86%) W = 2 (0.86%) Y = 2 (0.86%) a = 13 (5.60%) b = 11 (4.74%) c = 13 (5.60%) d = 11 (4.74%) f = 7 (3.02%) g = 5 (2.16%) i = 3 (1.29%) j = 4 (1.72%) l = 3 (1.29%) m = 4 (1.72%) n = 7 (3.02%) o = 13 (5.60%) p = 11 (4.74%) q = 1 (0.43%) r = 16 (6.90%) t = 6 (2.59%) u = 4 (1.72%) v = 3 (1.29%) w = 3 (1.29%) x = 2 (0.86%) y = 15 (6.47%) z = 1 (0.43%)
  • 29. Hint 2: Common word? Note that "yd." appears multiple times in the ciphertext.
  • 31. QWERTY -> DVORAK This cipher was created by typing on a DVORAK keyboard using QWERTY key positioning. The translated text is: Simple frequency analysis should do the trick here [well, for the most part]. This text was written using a special keyboard, no not ergonomic, you asshat. <hint> The key you are looking for is the namesake of this keyboard. </hint> The final solution to the problem was "DVORAK"
  • 32. Homework Problem 1 How could you simultaneously ensure privacy and authenticity using public key crypto? Give your answer using some or all of the following: ● Functions: Encrypt(msg,key), Decrypt(msg,key) ● Strings: Pub_A, Priv_A, Pub_B, Priv_B, Msg
  • 33. Homework Problem 2 (Taken from interview question): Consider an authentication scheme where multiple users need to authenticate to the server prior to communication. There is a shared key that only the users and server know. Authentication occurs as follows: 1) User sends Challenge to server 2) Server proves it’s identity by replying Encrypt(Challenge, SharedSecret) 3) User verifies server by encrypting Challenge and comparing with the received message 4) Server sends Challenge2 to user 5) User authenticates by replying Encrypt(Challenge2, SharedSecret) 4) Server verifies user by encrypting Challenge2 and comparing with received message The encryption system itself is unbreakable (think OTP). However, the implementation is broken - point out the flaw that would allow anyone to authenticate without actually knowing the SharedSecret. Can you think of a simple way to fix it?
  • 34. Announcements!     CSAW CTF 2011 Qualification Round Friday, September 23, 2011 20:00 EDT (-4) - Sunday, September 25, 2011 20:00 EDT (-4)