SlideShare a Scribd company logo
1 of 170
Download to read offline
Informa(on 
Security 
Tech 
Talk 
Aug 
4th 
2014 
Dirk 
Zi=ersteyn
Informa(on 
security 
Three 
main 
goals
Keep 
your 
data 
secure
Make 
sure 
people 
can’t 
change 
your 
data
Make 
sure 
your 
informa(on 
stays 
available
Confiden(ality 
Integrity 
Availability
Confiden(ality 
Integrity 
Availability
Availability 
Subject 
for 
another 
talk
Confiden(ality 
and 
Integrity 
Two 
sides 
of 
the 
same 
coin 
If 
you 
can’t 
guarantee 
integrity, 
confiden(ality 
is 
useless, 
and 
vice-­‐versa.
Cryptography 
Confiden(ality 
Integrity 
(a 
bit)
Basic 
Terminology: 
Plaintext 
Encryp(on 
Key 
Ciphertext 
Decryp(on 
Key 
Plaintext
Basic 
Terminology: 
Plaintext 
Encryp(on 
Key 
Ciphertext 
Decryp(on 
Key 
Plaintext 
= 
Symmetric 
encryp(on
Basic 
Terminology: 
Plaintext 
Encryp(on 
Key 
Ciphertext 
Decryp(on 
Key 
Plaintext 
≠ 
Asymmetric 
encryp(on
Founda(ons 
Kerckhoffs 
(1835 
– 
1903) 
Shannon 
(1916 
– 
2001)
Auguste 
Kerckhoffs 
La 
Cryptographie 
Militaire 
(1883)
Kerckhoffs’ 
principle 
The design of a system should not 
require secrecy
Kerckhoffs’ 
principle 
The design of a system should not 
require secrecy 
and compromise of the system 
should not inconvenience the 
correspondents
Kerckhoffs’ 
principle 
Open Source your method
Kerckhoffs’ 
principle 
Security 
is 
in 
the 
key
Claude 
Shannon 
Perfect 
Secrecy 
Confusion 
Diffusion
Claude 
Shannon 
"Perfect Secrecy" is defined by requiring of a 
system that after a cryptogram 
is intercepted by the enemy, the a posteriori 
probabilities of this cryptogram representing 
various messages be identically the same as 
the a priori probabilities of the same 
messages before the interception
In 
other 
words: 
The 
enemy 
learns 
nothing.
Claude 
Shannon 
Confusion: 
Rela(on 
plaintext 
-­‐ 
ciphertext
Claude 
Shannon 
Diffusion: 
Posi(on 
of 
plaintext 
in 
ciphertext
Back 
in 
the 
days… 
Caesar 
Cipher
caesar 
= 
alpha[n:] 
+ 
alpha[:n]
caesar(‘Hello World’, 3) 
= 
‘KHOOR ZRUOG’
Decrypt 
Simple.
Decrypt 
A 
li=le… 
too 
simple.
for i in range(26): 
print caesar('KHOOR ZRUOG', i)
0: KHOOR ZRUOG 
1: LIPPS ASVPH 
2: MJQQT BTWQI 
3: NKRRU CUXRJ 
4: OLSSV DVYSK 
5: PMTTW EWZTL 
6: QNUUX FXAUM 
7: ROVVY GYBVN 
8: SPWWZ HZCWO 
9: TQXXA IADXP 
10: URYYB JBEYQ 
11: VSZZC KCFZR 
12: WTAAD LDGAS 
13: XUBBE MEHBT 
14: YVCCF NFICU 
15: ZWDDG OGJDV 
16: AXEEH PHKEW 
17: BYFFI QILFX 
18: CZGGJ RJMGY 
19: DAHHK SKNHZ 
20: EBIIL TLOIA 
21: FCJJM UMPJB 
22: GDKKN VNQKC 
23: HELLO WORLD 
24: IFMMP XPSME 
25: JGNNQ YQTNF
ecuritysay 
oughthray 
obscurityyay
ecuritysay 
oughthray 
obscurityyay 
They 
simply 
assumed 
no-­‐one 
would 
think 
t 
o 
decrypt 
it 
(they 
even 
hardcoded 
the 
number 
by 
which 
is 
was 
shi`ed: 
3)
KHOOR Z'RUOG! 
(Klingons 
never 
bluff) 
They 
hoped 
people 
would 
think 
it 
was 
some 
language 
they 
did 
not 
understand
Kerckhoffs’ 
principle
Improving 
Caesar 
shi` 
Keyspace 
≈ 
26
Generalizing 
Caesar 
shi` 
ABCDEFGHIJKLMNOPQRSTUVWXYZ 
alpha = alpha[n:] + alpha[:n] 
DEFGHIJKLMNOPQRSTUVWXYZABC
Subs(tu(on 
cipher 
ABCDEFGHIJKLMNOPQRSTUVWXYZ 
alpha = random.shuffle(alpha) 
WGLOJTYUDZQXKVAFHMBPECRNIS
Subs(tu(on 
cipher 
Keyspace 
≈ 
26! 
403291461126605635584000000
Secure?
You 
intercept: 
MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A 
ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 
1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, 
MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ 
MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV 
A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL 
DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A 
KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG 
AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG 
UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ 
QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS 
RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. 
…
English 
le=er 
freq’s
Message 
le=er 
freq’s
Pre=y 
similar! 
English 
Message
Information security - Paylogic TechTalk 2014
a 
d
ab 
do
abc 
dok
abcdefghijklmnopqrstuvwxyz 
dokutbnvrxcespalyhzmwqjfgi
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi 
aoeutsnhrcxkbdpjyvzmwqlfgi 
Actual 
key
Similar 
enough 
to 
come 
close 
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi 
aoeutsnhrcxkbdpjyvzmwqlfgi 
Actual 
key
More 
work 
needed 
Guessed 
key 
dokutbnvrxcespalyhzmwqjfgi 
aoeutsnhrcxkbdpjyvzmwqlfgi 
Actual 
key
There 
are 
some 
pre=y 
big 
mismatches
Decoded 
with 
guessed 
key 
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O 
STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 
1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, 
TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS 
TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH 
O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP 
AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O 
CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY 
OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY 
DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS 
VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM 
IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
We’ve 
assumed 
it’s 
English 
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O 
STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 
1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, 
TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS 
TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH 
O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP 
AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O 
CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY 
OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY 
DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS 
VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM 
IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM. 
So 
let’s 
find 
some 
English 
words
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O 
STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 
1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, 
TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS 
TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH 
O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP 
AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O 
CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY 
OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY 
DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS 
VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM 
IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O 
StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 
1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, 
theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS 
thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH 
O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP 
AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O 
CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY 
OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY 
DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS 
VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM 
IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O 
StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 
1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, 
theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS 
thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH 
O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP 
AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O 
CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY 
OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY 
DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS 
VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM 
IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O 
stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 
1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, 
theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os 
thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer 
O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP 
AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O 
CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY 
OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY 
DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress 
VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM 
iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O 
stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 
1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, 
theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os 
thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer 
O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP 
AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O 
CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY 
OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY 
DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress 
VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM 
iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 
1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, 
then at Par Pith great britain, regarDeD theFseCVes as 
thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger 
a Wart NM the british eFWire. insteaD theY MNrFeD a neP 
natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a 
CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY 
aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY 
DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress 
VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM 
inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 
1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, 
then at Par Pith great britain, regarDeD theFseCVes as 
thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger 
a Wart NM the british eFWire. insteaD theY MNrFeD a neP 
natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a 
CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY 
aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY 
DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress 
VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM 
inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 
1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, 
then at war with great britain, regarDeD theFseCVes as 
thirteen newCY inDeWenDent sNVereign states, anD nN CNnger 
a Wart NM the british eFWire. insteaD theY MNrFeD a new 
natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a 
CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY 
aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY 
DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress 
VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM 
inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a 
stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 
1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, 
then at war with great britain, regarDeD theFseCVes as 
thirteen newCY inDeWenDent sNVereign states, anD nN CNnger 
a Wart NM the british eFWire. insteaD theY MNrFeD a new 
natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a 
CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY 
aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY 
DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress 
VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM 
inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 
1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, 
then at war with great britain, regarded theFseCVes as 
thirteen newCY indeWendent sNVereign states, and nN CNnger 
a Wart NM the british eFWire. instead theY MNrFed a new 
natiNn - the united states NM aFeriLa. KNhn adaFs was a 
Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY 
aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY 
draMted the MNrFaC deLCaratiNn, tN be readY when LNngress 
VNted Nn indeWendenLe. the terF "deLCaratiNn NM 
indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 
1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, 
then at war with great britain, regarded theFseCVes as 
thirteen newCY indeWendent sNVereign states, and nN CNnger 
a Wart NM the british eFWire. instead theY MNrFed a new 
natiNn - the united states NM aFeriLa. KNhn adaFs was a 
Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY 
aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY 
draMted the MNrFaC deLCaratiNn, tN be readY when LNngress 
VNted Nn indeWendenLe. the terF "deLCaratiNn NM 
indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 
1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, 
then at war with great britain, regarded theFseCVes as 
thirteen newCy indeWendent sNVereign states, and nN CNnger 
a Wart NM the british eFWire. instead they MNrFed a new 
natiNn - the united states NM aFeriLa. KNhn adaFs was a 
Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy 
aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready 
draMted the MNrFaC deLCaratiNn, tN be ready when LNngress 
VNted Nn indeWendenLe. the terF "deLCaratiNn NM 
indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a 
stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 
1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, 
then at war with great britain, regarded theFseCVes as 
thirteen newCy indeWendent sNVereign states, and nN CNnger 
a Wart NM the british eFWire. instead they MNrFed a new 
natiNn - the united states NM aFeriLa. KNhn adaFs was a 
Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy 
aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready 
draMted the MNrFaC deLCaratiNn, tN be ready when LNngress 
VNted Nn indeWendenLe. the terF "deLCaratiNn NM 
indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration oM indeWendence is the usual naFe oM a 
stateFent adoWted by the continental congress on Kuly 4, 
1776, which announced that the thirteen aFerican colonies, 
then at war with great britain, regarded theFselVes as 
thirteen newly indeWendent soVereign states, and no longer 
a Wart oM the british eFWire. instead they MorFed a new 
nation - the united states oM aFerica. Kohn adaFs was a 
leader in Wushing Mor indeWendence, which was unaniFously 
aWWroVed on Kuly 2. a coFFittee oM MiVe had already 
draMted the MorFal declaration, to be ready when congress 
Voted on indeWendence. the terF "declaration oM 
indeWendence" is not used in the docuFent itselM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of indeWendence is the usual naFe of a 
stateFent adoWted by the continental congress on Kuly 4, 
1776, which announced that the thirteen aFerican colonies, 
then at war with great britain, regarded theFselVes as 
thirteen newly indeWendent soVereign states, and no longer 
a Wart of the british eFWire. instead they forFed a new 
nation - the united states of aFerica. Kohn adaFs was a 
leader in Wushing for indeWendence, which was unaniFously 
aWWroVed on Kuly 2. a coFFittee of fiVe had already 
drafted the forFal declaration, to be ready when congress 
Voted on indeWendence. the terF "declaration of 
indeWendence" is not used in the docuFent itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of independence is the usual naFe of a 
stateFent adopted by the continental congress on Kuly 4, 
1776, which announced that the thirteen aFerican colonies, 
then at war with great britain, regarded theFselVes as 
thirteen newly independent soVereign states, and no longer 
a part of the british eFpire. instead they forFed a new 
nation - the united states of aFerica. Kohn adaFs was a 
leader in pushing for independence, which was unaniFously 
approVed on Kuly 2. a coFFittee of fiVe had already 
drafted the forFal declaration, to be ready when congress 
Voted on independence. the terF "declaration of 
independence" is not used in the docuFent itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of independence is the usual name of a 
statement adopted by the continental congress on Kuly 4, 
1776, which announced that the thirteen american colonies, 
then at war with great britain, regarded themselVes as 
thirteen newly independent soVereign states, and no longer 
a part of the british empire. instead they formed a new 
nation - the united states of america. Kohn adams was a 
leader in pushing for independence, which was unanimously 
approVed on Kuly 2. a committee of fiVe had already 
drafted the formal declaration, to be ready when congress 
Voted on independence. the term "declaration of 
independence" is not used in the document itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 
the declaration of independence is the usual name of a 
statement adopted by the continental congress on july 4, 
1776, which announced that the thirteen american colonies, 
then at war with great britain, regarded themselves as 
thirteen newly independent sovereign states, and no longer 
a part of the british empire. instead they formed a new 
nation - the united states of america. john adams was a 
leader in pushing for independence, which was unanimously 
approved on july 2. a committee of five had already 
drafted the formal declaration, to be ready when congress 
voted on independence. the term "declaration of 
independence" is not used in the document itself.
Information security - Paylogic TechTalk 2014
Cracked! 
So, 
let’s 
adap(ng 
it 
in 
a 
different 
way
Change 
the 
shi` 
each 
le=er
Plaintext: 
supersecretmessageyoushouldnotsee 
Key: 
donotlook
Repeat 
the 
key 
supersecretmessageyoushouldnotsee 
donotlookdonotlookdonotlookdonotl
Add 
plaintext 
and 
key 
supersecretmessageyoushouldnotsee 
donotlookdonotlookdonotlookdonotl 
--------------------------------- 
vicskdsqbhhzsldouobchgaziznqcggxp 
+
This 
is 
the 
Vigenère 
Cipher 
Named 
for 
Blaise 
de 
Vigenère 
(1523 
– 
1596)
This 
is 
the 
Vigenère 
Cipher 
Actually 
invented 
by 
Giovan 
Bapsta 
Bellaso 
(1505 
– 
??)
Also 
known 
as: 
Le 
Chiffre 
Indéchiffrable 
(The 
Unbreakable 
Cipher)
Secure?
Brute 
Force: 
possibili(es 
(n 
= 
9 
-­‐> 
10795636100592)
Frequency 
analysis? 
Ciphertext 
English
First: 
Guess 
the 
key 
length
Repeated 
words, 
repeated 
key 
Key: ABCDABCDABCDABCDABCDABCDABCD 
Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY 
Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB
Repeated 
words, 
repeated 
key 
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
Repeated 
words, 
repeated 
key 
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR 
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
Repeated 
words, 
repeated 
key 
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR 
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1] 
QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]
Repeated 
words, 
repeated 
key 
[18, 9, 6, 3, 2, 1] 
∩ 
[30, 15, 10, 6, 5, 3, 2, 1] 
= 
[6, 3, 2, 1]
Repeated 
words, 
repeated 
key 
[18, 9, 6, 3, 2, 1] 
∩ 
[30, 15, 10, 6, 5, 3, 2, 1] 
= 
[6, 3, 2, 1]
When 
you 
assume 
You 
make 
an 
ass 
out 
of 
u 
and 
me
When 
you 
assume 
There 
might 
not 
be 
any 
repeated 
words 
at 
the 
right 
spots
If 
the 
key 
length 
= 
2 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
If 
the 
key 
length 
= 
2 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA 
udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
If 
the 
key 
length 
= 
2 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA 
udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB 
Should be a standard letter distribution
If 
the 
key 
length 
= 
3 
uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle 
ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC 
uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe 
AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC 
Should be a standard letter distribution
Let’s 
try 
this! 
Encoded 
a 
plaintext 
with 
key 
‘SECRET’
Split 
the 
ciphertext,
Split 
the 
ciphertext, 
Sort 
characters 
by 
frequency
Split 
the 
ciphertext, 
Sort 
characters 
by 
frequency 
Sum 
highest 
frequencies, 
second 
highest, 
etc.
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
secret
secret 
s e c 
r e t
Now 
that 
we 
know 
the 
key 
length, 
This 
is 
not 
that 
different 
from 
subs(tu(on 
cipher
Cracked! 
Principle 
is 
easy 
Doing 
it 
by 
hand 
is 
tedious
Cracked! 
smurfoncrack.com/pygenere/ 
source: 
smurfoncrack.com/pygenere/pygenere.py
Information security - Paylogic TechTalk 2014
Is 
there 
any 
truly 
secure 
method?
Yes.
The 
One-­‐Time 
pad 
Looks 
like 
Vigenère.
The 
One-­‐Time 
pad 
Create 
a 
long 
key, 
without 
repeFFon
The 
One-­‐Time 
pad 
Create 
a 
long 
key, 
without 
repeFFon 
Securely 
share 
it 
between 
both 
par(es
The 
One-­‐Time 
pad 
To 
send 
a 
message:
Plaintext attackatdawn 
Key owbxelcixrql 
------------ + 
Ciphertext opuxgvcbarmy
And 
then:
And 
then: 
Destroy 
the 
key
One-­‐Time 
pad
This 
is 
provably 
perfectly 
secure 
You 
can’t 
even 
brute 
force 
it!
This 
is 
provably 
perfectly 
secure 
opuxgvcbarmy 
owbxelcixrql 
------------ - 
attackatdawn 
opuxgvcbarmy 
elqinoymwrku 
------------ - 
keepthepeace
This 
is 
provably 
perfectly 
secure 
So 
why 
don’t 
we 
all 
use 
it?
Why 
we 
don’t 
use 
it: 
You 
need 
to 
share 
the 
key 
securely, 
But 
how?
Out 
of 
band 
communica(on 
How 
the 
spies 
did 
it 
Before 
the 
mission, 
they 
received 
a 
codebook
Out 
of 
band 
communica(on 
How 
the 
spies 
did 
it 
But 
imprac(cal 
for 
ordinary 
use
In 
band 
communica(on 
Safe 
channel 
through 
which 
to 
send 
the 
key
In 
band 
communica(on 
Just 
use 
that 
channel 
to 
send 
the 
message.
They 
all 
have 
in 
common: 
Confusion 
✓ 
Diffusion 
✗
Why 
do 
you 
need 
diffusion? 
e.g. 
image 
encryp(on
Using 
a 
block 
cipher 
Encodes 
blocks 
of 
data
Information security - Paylogic TechTalk 2014
Electronic 
Code 
Book 
(ECB) 
Blocks 
with 
the 
same 
data 
are 
encoded 
as 
the 
same 
data
Encode 
this 
image 
with 
ECB: 
24-­‐bits 
bmp
“Encrypted” 
(a`er 
header 
restora(on)
Cipher 
block 
chaining 
Does 
do 
diffusion
Information security - Paylogic TechTalk 2014
Looks 
like 
noise.
Methods 
covered 
so 
far: 
Brute 
Force 
Caesar 
Cipher
Methods 
covered 
so 
far: 
Brute 
Force 
Caesar 
Cipher 
Founda(onal 
weakness 
Vigenère, 
Subs9tu9on, 
ECB
Next 
up: 
Mad 
Science
Next 
up: 
Mad 
Science 
Side 
channel 
a=acks
Tradi(onal 
model 
Plaintext 
E 
Key 
Ciphertext 
D 
Key 
Plaintext
Side 
channel 
model 
Plaintext 
E 
Key 
Ciphertext 
D 
Key 
Plaintext 
Heat 
Timing 
Heat 
Timing
Simple 
example 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True
Simple 
example 
if input == password: 
login() 
else: 
error()
Simple 
example 
1000 * input = '-' 
Wall time: 817 μs 
1000 * input = '--' 
Wall time: 2.14 ms 
1000 * input = '---' 
Wall time: 806 μs 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True
Simple 
example 
1000 * input = '-' 
Wall time: 817 μs 
1000 * input = '--' 
Wall time: 2.14 ms 
1000 * input = '---' 
Wall time: 806 μs 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True 
≈ 
0.8ms
Simple 
example 
1000 * input = '-' 
Wall time: 817 μs 
1000 * input = '--' 
Wall time: 2.14 ms 
1000 * input = '---' 
Wall time: 806 μs 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True 
≈ 
2.1ms 
(1 
iter)
Simple 
example 
1000 * input = 'a-' 
Wall time: 2.15 ms 
1000 * input = 'b-' 
Wall time: 2.33 ms 
1000 * input = 'c-' 
Wall time: 2.14 ms 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True 
≈ 
2.1ms 
(1 
iter)
Simple 
example 
1000 * input = 'a-' 
Wall time: 2.15 ms 
1000 * input = 'b-' 
Wall time: 2.33 ms 
1000 * input = 'c-' 
Wall time: 2.14 ms 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True 
≈ 
2.3ms 
(2 
iter)
Simple 
example 
1000 * input = 'ba' 
Wall time: 2.33 ms 
1000 * input = 'bb' 
LOGGED IN! (2.47 ms) 
1000 * input = 'bc' 
Wall time: 2.32 ms 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True 
≈ 
2.3ms 
(2 
iter)
Simple 
example 
1000 * input = 'ba' 
Wall time: 2.33 ms 
1000 * input = 'bb' 
LOGGED IN! (2.47 ms) 
1000 * input = 'bc' 
Wall time: 2.32 ms 
def __eq__(self, other): 
if len(self) != len(other): 
return False 
for x,y in zip(self, other): 
if x != y: 
return False 
return True 
≈ 
2.5ms 
(2 
iter)
Simple 
example 
This 
simple 
error 
has 
reduced 
your 
keyspace 
From 
26n 
to 
26n
Information security - Paylogic TechTalk 2014
This 
isn’t 
really 
MAD 
science…
Power 
consump(on 
of 
a 
CPU 
during 
RSA 
computa(on.
0
0 
1 
…
Information security - Paylogic TechTalk 2014
Crypto 
is 
a 
minefield
h=p://www.moserware.com/2009/09/s(ck-­‐figure-­‐guide-­‐to-­‐advanced.html
Methods 
covered 
so 
far: 
Brute 
Force 
Caesar 
Cipher 
Founda(onal 
weakness 
Vigenère, 
Subs9tu9on, 
ECB 
Side 
channel 
a=acks 
Timing, 
Power 
Consump9on, 
Acous9c, 
etc.
Last 
but 
not 
least 
Rubber-­‐Hose 
Cryptanalysis
[..] 
In 
which 
a 
rubber 
hose 
is 
applied 
forcefully 
and 
frequently 
to 
the 
soles 
of 
the 
feet, 
un9l 
the 
key 
to 
the 
cryptosystem 
is 
discovered 
A 
process 
that 
can 
take 
a 
surprisingly 
short 
9me 
and 
is 
quite 
computa9onally 
inexpensive 
sci.crypt 
(1990)
Information security - Paylogic TechTalk 2014
Information security - Paylogic TechTalk 2014
What 
haven’t 
I 
covered? 
Asymmetric 
encryp(on 
public 
– 
private 
key 
… 
A 
lot 
of 
math 
Diffie 
– 
Hellman 
key 
exchange 
Prime 
factoriza(on 
Ellip(c 
Curve 
crypto 
… 
Integrety 
assurance 
HMAC 
… 
Stream 
Ciphers 
Man 
in 
the 
middle 
AES, 
DES, 
Hashes 
Salts 
Etc.
MORE!!! 
Great 
intro 
to 
a 
great 
encryp(on 
standard 
A 
s(ck 
figure 
guide 
to 
AES 
Awesome 
primer 
for 
InfoSec 
Mad 
science 
side-­‐channel 
a=acks 
To 
Protect 
and 
Infect 
(Jacob 
Applebaum) 
History 
of 
the 
informa(on 
age

More Related Content

Similar to Information security - Paylogic TechTalk 2014

Street life in if with english toponimes paranyuk
Street life in if with english toponimes paranyukStreet life in if with english toponimes paranyuk
Street life in if with english toponimes paranyukSergiy Sydoriv
 
I have a homework about information security and cipher code. I need.pdf
I have a homework about information security and cipher code. I need.pdfI have a homework about information security and cipher code. I need.pdf
I have a homework about information security and cipher code. I need.pdfaggarwalshoppe14
 
FHM Philippines October 2006
FHM Philippines October 2006FHM Philippines October 2006
FHM Philippines October 2006dinomasch
 
Kuala Selangor Trip - scrapbook journal
Kuala Selangor Trip -  scrapbook journalKuala Selangor Trip -  scrapbook journal
Kuala Selangor Trip - scrapbook journalMuhammad Nazmi
 
November 2015
November 2015November 2015
November 2015snehalcnp
 
Playbill Hong Kong Concert June 17, 2010
Playbill Hong Kong Concert June 17, 2010Playbill Hong Kong Concert June 17, 2010
Playbill Hong Kong Concert June 17, 2010Katya Grineva
 
Teks viler specijal 16 pustinjski razbojnici (scancl) (dusky&zika teror...
Teks viler specijal 16   pustinjski razbojnici (scancl) (dusky&zika teror...Teks viler specijal 16   pustinjski razbojnici (scancl) (dusky&zika teror...
Teks viler specijal 16 pustinjski razbojnici (scancl) (dusky&zika teror...zoran radovic
 
4 10 april 2016
4  10 april 20164  10 april 2016
4 10 april 2016snehalcnp
 
Jayraj Passport.PDF
Jayraj Passport.PDFJayraj Passport.PDF
Jayraj Passport.PDFvarma jayraj
 
Amar_chitra_katha___gopal_the_cowherd
  Amar_chitra_katha___gopal_the_cowherd  Amar_chitra_katha___gopal_the_cowherd
Amar_chitra_katha___gopal_the_cowherdJosephite
 
Prezentatsia pro shechenka_shumeyka_daniyila
Prezentatsia pro shechenka_shumeyka_daniyilaPrezentatsia pro shechenka_shumeyka_daniyila
Prezentatsia pro shechenka_shumeyka_daniyilaJulia Birhova
 
20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라
20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라
20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라Myoung-Ryun Mission Presbyterian Church
 

Similar to Information security - Paylogic TechTalk 2014 (16)

Street life in if with english toponimes paranyuk
Street life in if with english toponimes paranyukStreet life in if with english toponimes paranyuk
Street life in if with english toponimes paranyuk
 
Aquatics ppt copy
Aquatics ppt   copyAquatics ppt   copy
Aquatics ppt copy
 
I have a homework about information security and cipher code. I need.pdf
I have a homework about information security and cipher code. I need.pdfI have a homework about information security and cipher code. I need.pdf
I have a homework about information security and cipher code. I need.pdf
 
annotated script
annotated scriptannotated script
annotated script
 
FHM Philippines October 2006
FHM Philippines October 2006FHM Philippines October 2006
FHM Philippines October 2006
 
Kuala Selangor Trip - scrapbook journal
Kuala Selangor Trip -  scrapbook journalKuala Selangor Trip -  scrapbook journal
Kuala Selangor Trip - scrapbook journal
 
November 2015
November 2015November 2015
November 2015
 
009576860.pdf
009576860.pdf009576860.pdf
009576860.pdf
 
1.foot notes
1.foot notes1.foot notes
1.foot notes
 
Playbill Hong Kong Concert June 17, 2010
Playbill Hong Kong Concert June 17, 2010Playbill Hong Kong Concert June 17, 2010
Playbill Hong Kong Concert June 17, 2010
 
Teks viler specijal 16 pustinjski razbojnici (scancl) (dusky&zika teror...
Teks viler specijal 16   pustinjski razbojnici (scancl) (dusky&zika teror...Teks viler specijal 16   pustinjski razbojnici (scancl) (dusky&zika teror...
Teks viler specijal 16 pustinjski razbojnici (scancl) (dusky&zika teror...
 
4 10 april 2016
4  10 april 20164  10 april 2016
4 10 april 2016
 
Jayraj Passport.PDF
Jayraj Passport.PDFJayraj Passport.PDF
Jayraj Passport.PDF
 
Amar_chitra_katha___gopal_the_cowherd
  Amar_chitra_katha___gopal_the_cowherd  Amar_chitra_katha___gopal_the_cowherd
Amar_chitra_katha___gopal_the_cowherd
 
Prezentatsia pro shechenka_shumeyka_daniyila
Prezentatsia pro shechenka_shumeyka_daniyilaPrezentatsia pro shechenka_shumeyka_daniyila
Prezentatsia pro shechenka_shumeyka_daniyila
 
20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라
20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라
20170122 주일예배, 눅07장18 35절, 그리스도를 영접하라
 

Recently uploaded

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 

Recently uploaded (12)

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 

Information security - Paylogic TechTalk 2014

  • 1. Informa(on Security Tech Talk Aug 4th 2014 Dirk Zi=ersteyn
  • 3. Keep your data secure
  • 4. Make sure people can’t change your data
  • 5. Make sure your informa(on stays available
  • 9. Confiden(ality and Integrity Two sides of the same coin If you can’t guarantee integrity, confiden(ality is useless, and vice-­‐versa.
  • 11. Basic Terminology: Plaintext Encryp(on Key Ciphertext Decryp(on Key Plaintext
  • 12. Basic Terminology: Plaintext Encryp(on Key Ciphertext Decryp(on Key Plaintext = Symmetric encryp(on
  • 13. Basic Terminology: Plaintext Encryp(on Key Ciphertext Decryp(on Key Plaintext ≠ Asymmetric encryp(on
  • 14. Founda(ons Kerckhoffs (1835 – 1903) Shannon (1916 – 2001)
  • 15. Auguste Kerckhoffs La Cryptographie Militaire (1883)
  • 16. Kerckhoffs’ principle The design of a system should not require secrecy
  • 17. Kerckhoffs’ principle The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents
  • 18. Kerckhoffs’ principle Open Source your method
  • 20. Claude Shannon Perfect Secrecy Confusion Diffusion
  • 21. Claude Shannon "Perfect Secrecy" is defined by requiring of a system that after a cryptogram is intercepted by the enemy, the a posteriori probabilities of this cryptogram representing various messages be identically the same as the a priori probabilities of the same messages before the interception
  • 22. In other words: The enemy learns nothing.
  • 23. Claude Shannon Confusion: Rela(on plaintext -­‐ ciphertext
  • 24. Claude Shannon Diffusion: Posi(on of plaintext in ciphertext
  • 25. Back in the days… Caesar Cipher
  • 26. caesar = alpha[n:] + alpha[:n]
  • 27. caesar(‘Hello World’, 3) = ‘KHOOR ZRUOG’
  • 29. Decrypt A li=le… too simple.
  • 30. for i in range(26): print caesar('KHOOR ZRUOG', i)
  • 31. 0: KHOOR ZRUOG 1: LIPPS ASVPH 2: MJQQT BTWQI 3: NKRRU CUXRJ 4: OLSSV DVYSK 5: PMTTW EWZTL 6: QNUUX FXAUM 7: ROVVY GYBVN 8: SPWWZ HZCWO 9: TQXXA IADXP 10: URYYB JBEYQ 11: VSZZC KCFZR 12: WTAAD LDGAS 13: XUBBE MEHBT 14: YVCCF NFICU 15: ZWDDG OGJDV 16: AXEEH PHKEW 17: BYFFI QILFX 18: CZGGJ RJMGY 19: DAHHK SKNHZ 20: EBIIL TLOIA 21: FCJJM UMPJB 22: GDKKN VNQKC 23: HELLO WORLD 24: IFMMP XPSME 25: JGNNQ YQTNF
  • 33. ecuritysay oughthray obscurityyay They simply assumed no-­‐one would think t o decrypt it (they even hardcoded the number by which is was shi`ed: 3)
  • 34. KHOOR Z'RUOG! (Klingons never bluff) They hoped people would think it was some language they did not understand
  • 36. Improving Caesar shi` Keyspace ≈ 26
  • 37. Generalizing Caesar shi` ABCDEFGHIJKLMNOPQRSTUVWXYZ alpha = alpha[n:] + alpha[:n] DEFGHIJKLMNOPQRSTUVWXYZABC
  • 38. Subs(tu(on cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ alpha = random.shuffle(alpha) WGLOJTYUDZQXKVAFHMBPECRNIS
  • 39. Subs(tu(on cipher Keyspace ≈ 26! 403291461126605635584000000
  • 41. You intercept: MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. …
  • 46. a d
  • 47. ab do
  • 51. Guessed key dokutbnvrxcespalyhzmwqjfgi aoeutsnhrcxkbdpjyvzmwqlfgi Actual key
  • 52. Similar enough to come close Guessed key dokutbnvrxcespalyhzmwqjfgi aoeutsnhrcxkbdpjyvzmwqlfgi Actual key
  • 53. More work needed Guessed key dokutbnvrxcespalyhzmwqjfgi aoeutsnhrcxkbdpjyvzmwqlfgi Actual key
  • 54. There are some pre=y big mismatches
  • 55. Decoded with guessed key TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
  • 56. We’ve assumed it’s English TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM. So let’s find some English words
  • 57. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
  • 58. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
  • 59. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
  • 60. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
  • 61. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
  • 62. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  • 63. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  • 64. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  • 65. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
  • 66. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  • 67. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  • 68. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  • 69. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
  • 70. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration oM indeWendence is the usual naFe oM a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart oM the british eFWire. instead they MorFed a new nation - the united states oM aFerica. Kohn adaFs was a leader in Wushing Mor indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee oM MiVe had already draMted the MorFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration oM indeWendence" is not used in the docuFent itselM.
  • 71. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of indeWendence is the usual naFe of a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart of the british eFWire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in Wushing for indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration of indeWendence" is not used in the docuFent itself.
  • 72. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of independence is the usual naFe of a stateFent adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly independent soVereign states, and no longer a part of the british eFpire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in pushing for independence, which was unaniFously approVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on independence. the terF "declaration of independence" is not used in the docuFent itself.
  • 73. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of independence is the usual name of a statement adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselVes as thirteen newly independent soVereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. Kohn adams was a leader in pushing for independence, which was unanimously approVed on Kuly 2. a committee of fiVe had already drafted the formal declaration, to be ready when congress Voted on independence. the term "declaration of independence" is not used in the document itself.
  • 74. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z the declaration of independence is the usual name of a statement adopted by the continental congress on july 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselves as thirteen newly independent sovereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. john adams was a leader in pushing for independence, which was unanimously approved on july 2. a committee of five had already drafted the formal declaration, to be ready when congress voted on independence. the term "declaration of independence" is not used in the document itself.
  • 76. Cracked! So, let’s adap(ng it in a different way
  • 77. Change the shi` each le=er
  • 79. Repeat the key supersecretmessageyoushouldnotsee donotlookdonotlookdonotlookdonotl
  • 80. Add plaintext and key supersecretmessageyoushouldnotsee donotlookdonotlookdonotlookdonotl --------------------------------- vicskdsqbhhzsldouobchgaziznqcggxp +
  • 81. This is the Vigenère Cipher Named for Blaise de Vigenère (1523 – 1596)
  • 82. This is the Vigenère Cipher Actually invented by Giovan Bapsta Bellaso (1505 – ??)
  • 83. Also known as: Le Chiffre Indéchiffrable (The Unbreakable Cipher)
  • 85. Brute Force: possibili(es (n = 9 -­‐> 10795636100592)
  • 87. First: Guess the key length
  • 88. Repeated words, repeated key Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB
  • 89. Repeated words, repeated key VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
  • 90. Repeated words, repeated key VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
  • 91. Repeated words, repeated key VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1] QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]
  • 92. Repeated words, repeated key [18, 9, 6, 3, 2, 1] ∩ [30, 15, 10, 6, 5, 3, 2, 1] = [6, 3, 2, 1]
  • 93. Repeated words, repeated key [18, 9, 6, 3, 2, 1] ∩ [30, 15, 10, 6, 5, 3, 2, 1] = [6, 3, 2, 1]
  • 94. When you assume You make an ass out of u and me
  • 95. When you assume There might not be any repeated words at the right spots
  • 96. If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
  • 97. If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
  • 98. If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB Should be a standard letter distribution
  • 99. If the key length = 3 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC Should be a standard letter distribution
  • 100. Let’s try this! Encoded a plaintext with key ‘SECRET’
  • 102. Split the ciphertext, Sort characters by frequency
  • 103. Split the ciphertext, Sort characters by frequency Sum highest frequencies, second highest, etc.
  • 106. secret
  • 107. secret s e c r e t
  • 108. Now that we know the key length, This is not that different from subs(tu(on cipher
  • 109. Cracked! Principle is easy Doing it by hand is tedious
  • 110. Cracked! smurfoncrack.com/pygenere/ source: smurfoncrack.com/pygenere/pygenere.py
  • 112. Is there any truly secure method?
  • 113. Yes.
  • 114. The One-­‐Time pad Looks like Vigenère.
  • 115. The One-­‐Time pad Create a long key, without repeFFon
  • 116. The One-­‐Time pad Create a long key, without repeFFon Securely share it between both par(es
  • 117. The One-­‐Time pad To send a message:
  • 118. Plaintext attackatdawn Key owbxelcixrql ------------ + Ciphertext opuxgvcbarmy
  • 120. And then: Destroy the key
  • 122. This is provably perfectly secure You can’t even brute force it!
  • 123. This is provably perfectly secure opuxgvcbarmy owbxelcixrql ------------ - attackatdawn opuxgvcbarmy elqinoymwrku ------------ - keepthepeace
  • 124. This is provably perfectly secure So why don’t we all use it?
  • 125. Why we don’t use it: You need to share the key securely, But how?
  • 126. Out of band communica(on How the spies did it Before the mission, they received a codebook
  • 127. Out of band communica(on How the spies did it But imprac(cal for ordinary use
  • 128. In band communica(on Safe channel through which to send the key
  • 129. In band communica(on Just use that channel to send the message.
  • 130. They all have in common: Confusion ✓ Diffusion ✗
  • 131. Why do you need diffusion? e.g. image encryp(on
  • 132. Using a block cipher Encodes blocks of data
  • 134. Electronic Code Book (ECB) Blocks with the same data are encoded as the same data
  • 135. Encode this image with ECB: 24-­‐bits bmp
  • 137. Cipher block chaining Does do diffusion
  • 140. Methods covered so far: Brute Force Caesar Cipher
  • 141. Methods covered so far: Brute Force Caesar Cipher Founda(onal weakness Vigenère, Subs9tu9on, ECB
  • 142. Next up: Mad Science
  • 143. Next up: Mad Science Side channel a=acks
  • 144. Tradi(onal model Plaintext E Key Ciphertext D Key Plaintext
  • 145. Side channel model Plaintext E Key Ciphertext D Key Plaintext Heat Timing Heat Timing
  • 146. Simple example def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True
  • 147. Simple example if input == password: login() else: error()
  • 148. Simple example 1000 * input = '-' Wall time: 817 μs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 μs def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True
  • 149. Simple example 1000 * input = '-' Wall time: 817 μs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 μs def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 0.8ms
  • 150. Simple example 1000 * input = '-' Wall time: 817 μs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 μs def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.1ms (1 iter)
  • 151. Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.1ms (1 iter)
  • 152. Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.3ms (2 iter)
  • 153. Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.3ms (2 iter)
  • 154. Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True ≈ 2.5ms (2 iter)
  • 155. Simple example This simple error has reduced your keyspace From 26n to 26n
  • 157. This isn’t really MAD science…
  • 158. Power consump(on of a CPU during RSA computa(on.
  • 159. 0
  • 162. Crypto is a minefield
  • 164. Methods covered so far: Brute Force Caesar Cipher Founda(onal weakness Vigenère, Subs9tu9on, ECB Side channel a=acks Timing, Power Consump9on, Acous9c, etc.
  • 165. Last but not least Rubber-­‐Hose Cryptanalysis
  • 166. [..] In which a rubber hose is applied forcefully and frequently to the soles of the feet, un9l the key to the cryptosystem is discovered A process that can take a surprisingly short 9me and is quite computa9onally inexpensive sci.crypt (1990)
  • 169. What haven’t I covered? Asymmetric encryp(on public – private key … A lot of math Diffie – Hellman key exchange Prime factoriza(on Ellip(c Curve crypto … Integrety assurance HMAC … Stream Ciphers Man in the middle AES, DES, Hashes Salts Etc.
  • 170. MORE!!! Great intro to a great encryp(on standard A s(ck figure guide to AES Awesome primer for InfoSec Mad science side-­‐channel a=acks To Protect and Infect (Jacob Applebaum) History of the informa(on age