Intro to modern cryptography
- 1. Zahid Mian Part of the Brown-bag Series
- 2. History andTerms WhyWe Need Encryption How is Encryption Used In Systems Difference in Ciphers Various Implementations HashValues Digital Signatures Why Attacks Are Successful
- 3. Hieroglyphs 4000 years ago Use pictures to represent words/messages Caesar ShiftCipher Replace characters by an offset (or shifting) Offset = 2, then “hello” -> “jgnnq” Improvements over time Steganography,Vigenere Coding
- 4. Modern really means digital Much more mathematically oriented Operating on bit values Use of public key and secret key Even though algorithm are public, it’s nearly impossible to obtain original information
- 5. Plaintext –The original information Cipher – A secret way of writing (an algorithm) Encryption Key – A value that is used to encrypt plaintext (aka, public key) Decryption Key – A value that is used to decrypt Ciphertext (aka, private key) Ciphertext -The encrypted information Algorithm – (Often) Public algorithm that uses keys to encrypt or decrypt information Interceptor/Attacker – unauthorized entity that tries to determine the cipher text (aka, hacker) Symmetric – single key used for encryption and decryption Asymmetric – uses public key and private key
- 6. http://www.infosectoday.com/Articles/Intro_to_Cryptography/CryptoFig05a.jpg This is how things generally work today, but there are a lot of pieces that make this happen.
- 7. Passive – Simply gaining unauthorized access to information. Most common password is 123456 Active – A hacker attempts to make changes to data on the target or data en route Masquerading: hacker pretends to be someone Denial of Service (DoS): deny access to legitimate users by overwhelming the system (common) Using technical information to steal user id (e.g., using session id)
- 8. Known Plaintext Attack (KPA) Attacker knows plaintext of some part of the ciphertext; attempts to decrypt the rest Chosen Plaintext Attack (CPA) Attacker has ciphertext and plaintext; attempts to determine key Brute Force Attack (BFA) Attacker tries to determine key by attempting all possible values Man in the Middle (MIM) Simple, but technically challenging method of duping both the sender and the receiver into thinking keys came from correct source Side Channel Attacks (SCA) Data Remanence (reading data that should have been deleted) Row Hammer (low-level memory hack) Fault Analysis (forcing errors and reading outputs for clues)
- 9. Traditionally Ciphers were single character Caesar Cipher: shift a single character Two-character Cipher (Playfair) Use two characters as key String Cipher (Vigenere) Use a string (word) as key One-Time Pad Key length equals length of plaintext Block/Stream (DES,AES) Plaintext is processed in blocks/streams of bits at a time
- 10. Simple Feedback
- 11. Underlying model for many block ciphers Same algorithm for encryption/decryption Steps Input is split into two halves RHS input is transformed by function f which receives a subkey LHS combined with transformed input from RHS using XOR operation RHS and LHS are switched to obtain the input for next round Repeat
- 12. 32 bit 32 bit f 32 bit 32 bit 32 bit 32 bit Ki LHSi-1 RHSi-1 LHSi-1 = RHSi-1 RHSi-1 = LHSi-1
- 13. Block size is 64 bits Key length is 64 bits (though only 56 are used) Round-key generator creates 48-bit Key • Very Strong Cipher • Fallen out of favor because small key value • Can be hacked with exhaustive search
- 14. Don’t abandon original DES; change usage Effectively use 3 Keys (3X56 = 168) Problem of short key solved Kind of slow Process Encrypt plaintext using K1 Decrypt output of Step1 using K2 Encrypt output of Step2 using K3 Output of Step3 is ciphertext Decrypt in reverse order
- 15. The more popular algorithm today Much faster thanTriple DES 128-bit data; 128/192/256-bit keys Key size depends on the number of rounds A “bit” more complex algorithm (pun intended) For details see online resources To-Date no attacks againstAES have been successful
- 16. Asymmetric Cipher (diff keys) Necessary due to growth of Internet Used for smaller pieces of data ThreeTypes RSA (widely used) ElGamal Elliptic Curve Cryptography (ECC)
- 18. Function that converts arbitrarily long numeric input into a fixed numeric output called a hash Very Efficient Hard to reverse value Hard to produce same hash for diff inputs Some well known Hash Functions Message Digest (MD), Secure Hash Function (SHA), RIPEMD Most Common Use: Password Storage Secure Apps will not save your password in plaintext
- 19. How can we be sure a message is authentic? In the old days, a signature on a letter proved authenticity Digital Signatures do the same thing-they ensure that the message is from the original sender with the original message Adds trust when exchanging data Using Encryption with Digital Signatures is important Certifying Authority (CA) responsible for management of certificates Generating, issuing, publishing, verifying, revoking
- 20. Encryption of Email Decryption of Email
- 21. User Carelessness / Stolen Credentials Stolen equipment (laptops, phones, etc.) Incorrect Implementation / Backdoor Broken Processes / InsiderThreats PhishingAttacks Sending sensitive data over plaintext Zero-day threats / Maintenance Application vulnerabilities
Editor's Notes
- #9: Which of these are likely to happen? Some are more theoretical than practical.
- #11: In feedback cipher, the encrypted text of the previous step is used to encrypt the next block
- #13: Right side image shows the all 16 rounds of encryption. Number of rounds is configurable Left side shows a single round of encryption. LHS = Left Hand Side RHS = Right Hand Side
- #21: Each person adopting this scheme has a public-private key pair. the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. Signer feeds data to the hash function and generates hash of data. Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. Verifier also runs same hash function on received data to generate hash value. For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.