1. Encryption & Security
64
1. Encryption & Security
Transcript of 1. Encryption & Security
1. Encryption & Security
Overview
¤ Securityissues
¤ Encryptionandcryptanalysis
¤ Encryptioninthedigitalage¤ Symmetricencryption¤ Asymmetricencryption
¤ Applicationsofencryption
¤ Encryptionisnotsecurity!
2
Securityissues
3
Networkingisasecurityissue
¤ Why?
¤ Ifyouwantareallysecuremachine,lockitinanelectromagneticallyshieldedroomanddon’tconnectittoanynetworksorothersourcesofdatabeyondyourcontrol(totallyisolatedisland)
¤ Notmuchfun,isit?
4
TheProblem¤ TheInternetispublic
¤ Messagessentpassthroughmanymachinesandmedia
¤ Anyoneinterceptingamessagemight¤ readitand/or¤ replaceitwithadifferentmessage
¤ TheInternetisanonymous¤ IPaddressesdon’testablishidentity
¤ Anyonemaysendmessagesunderafalseidentity
5
TheProblem¤ TheInternetispublic
¤ Messagessentpassthroughmanymachinesandmedia
¤ Anyoneinterceptingamessagemight¤ readitand/or¤ replaceitwithadifferentmessage
¤ TheInternetisanonymous¤ IPaddressesdon’testablishidentity
¤ Anyonemaysendmessagesunderafalseidentity
6
Cryptography offers partial
solutions to all of these problems
AShadyExample¤ Iwanttomakeapurchaseonlineandclickalinkthattakesmeto
http://www.sketchystore.com/checkout.jsp
¤ WhatIseeinmybrowser:
7
AShadyExample(cont’d)¤ WhenIpressSUBMIT,mybrowsersendsthis:
POST /purchase.jsp HTTP/1.1
Host: www.sketchystore.com
User-Agent: Mozilla/4.0
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
userid=rbd&creditcard=2837283726495601& exp=01/09
8
AShadyExample(cont’d)
¤ Ifthisinformationissentunencrypted,whohasaccesstomycreditcardnumber?¤ Otherpeoplewhocanconnecttomywireless
ethernet¤ Otherpeoplephysicallyconnectedtomywired
ethernet¤ …
¤ Packetsarepassedfromroutertorouter.¤ Allthoseroutershaveaccesstomydata.
9
Acaveatcryptography is not security
10
11
Encryptionandcryptanalysisbasic concepts
12
Encryption
¤ Weencrypt(encode)ourdatasootherscan’tunderstandit(easily)exceptforthepersonwhoissupposedtoreceiveit.
¤ Wecallthedatatoencodeplaintextandtheencodeddatatheciphertext.
¤ Encodinganddecodingareinversefunctionsofeachother
13
ATTACKATDAWNEncryptionalgorithm
AGSTRMBNDO
ATTACKATDAWN
plaintext
ciphertext
secretkey
secretkey
Decryptionalgorithm
Encryption/decryption
ATTACKATDAWN AGSTRMBNDO
ATTACKATDAWN
ciphertext
Mathematical,logical,empirical
analysis
secretkey
plaintext
Encryptionalgorithm
Cryptanalysis
Encryptiontechniquessubstitution and transposition
16
Twobasicwaysofalteringtexttoencrypt/decrypt
¤ Substituteoneletterforanotherusingsomekindofrule
¤ Scrambletheorderofthelettersusingsomekindofrule
17
Substitution Ciphers
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
19
SubstitutionCiphers
20
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
¤ Example:MESSAGE→NFTTBHF
21
SubstitutionCiphers
22
MESSAGE→NFTTBHF
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
¤ Example:MESSAGE→NFTTBHF
¤ CanyoudecryptTFDSFU?
23
SubstitutionCiphers
24
TFDSFU
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
¤ Example:MESSAGE→NFTTBHF
¤ CanyoudecryptTFDSFU?SECRET
25
CaesarCipher
¤ Shiftforwardnletters;nisthesecretkey
¤ Forexample,shiftforward3letters:A→D,B→E,...,Z→C¤ ThisisaCaesarcipherusingakeyof3(n=3).
¤ MESSAGE→ PHVVDJH
¤ Howcanwecrackthisencryptedmessageifwedon’tknowthekey?DEEDUSEKBTFEIIYRBOTUSETUJXYI
26
CaesarCipher(cont’d)
¤ Howlongwouldittakeacomputertotryall25shifts?
27
DEEDUSEKBTFEIIYRBOTUSETUJXYI EFFEVTFLCUGFJJZSCPUVTFUVKYZJ FGGFWUGMDVHGKKATDQVWUGVWLZAK GHHGXVHNEWIHLLBUERWXVHWXMABL HIIHYWIOFXJIMMCVFSXYWIXYNBCM IJJIZXJPGYKJNNDWGTYZXJYZOCDN JKKJAYKQHZLKOOEXHUZAYKZAPDEO KLLKBZLRIAMLPPFYIVABZLABQEFP LMMLCAMSJBNMQQGZJWBCAMBCRFGQ MNNMDBNTKCONRRHAKXCDBNCDSGHR NOONECOULDPOSSIBLYDECODETHIS OPPOFDPVMEQPTTJCMZEFDPEFUIJT PQQPGEQWNFRQUUKDNAFGEQFGVJKU
QRRQHFRXOGSRVVLEOBGHFRGHWKLV RSSRIGSYPHTSWWMFPCHIGSHIXLMW STTSJHTZQIUTXXNGQDIJHTIJYMNX TUUTKIUARJVUYYOHREJKIUJKZNOY UVVULJVBSKWVZZPISFKLJVKLAOPZ VWWVMKWCTLXWAAQJTGLMKWLMBPQA WXXWNLXDUMYXBBRKUHMNLXMNCQRB XYYXOMYEVNZYCCSLVINOMYNODRSC YZZYPNZFWOAZDDTMWJOPNZOPESTD ZAAZQOAGXPBAEEUNXKPQOAPQFTUE ABBARPBHYQCBFFVOYLQRPBQRGUVF BCCBSQCIZRDCGGWPZMRSQCRSHVWG CDDCTRDJASEDHHXQANSTRDSTIWXH
VigenèreCipher
¤ Shiftdifferentamountforeachletter.Useakeyword;eachletterinthekeydetermineshowmanyshiftswedoforthecorrespondingletterinthemessage.
¤ Example:keyword“cmu”:shiftby2,12,20
¤ Message“pittsburgh”
cmucmucmuc
encrypted:runvevwdaj
¤ Tryityourselfathttp://www.simonsingh.net/The_Black_Chamber/v_square.html
28
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ noshift B BCDEFGHIJKLMNOPQRSTUVWXYZA shiftby1 C CDEFGHIJKLMNOPQRSTUVWXYZAB shiftby2 D DEFGHIJKLMNOPQRSTUVWXYZABC shiftby3 E EFGHIJKLMNOPQRSTUVWXYZABCD etc. F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: D
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: DX
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: DXV
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: DXVAHNEVDFZR
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
VernamCipher
¤ VigenèrecipherwasbrokenbyCharlesBabbageinthemid1800sbyexploitingtherepeatedkey¤ Thelengthofthekeydeterminesthecycleinwhichthe
cipherisrepeated.
¤ Vernamcipher:makethekeythesamelengthasthemessage;Babbage’sanalysisdoesn’twork.
33
One-timePads
¤ Vernamcipheriscommonlyreferredtoasaone-timepad.
¤ Ifrandomkeysareusedone-timepadsareunbreakableintheory.
34
AliceandBobhaveidentical“pads”(sharedkeys)
Transposition Ciphers
Transpositionciphers
STSF…EROL...NOUA...DOTN…MPHK…OSEA…RTRN…EOND…
image:http://crypto.interactive-maths.com/simple-transposition-ciphers.html
an ancient Greek method
Encryptionincomputingfast computation makes encryption usable by all of us
Encryptionincomputing
¤ One-timepadsimpracticalonthenet(why?)
¤ Basicassumption:theencryption/decryptionalgorithmisknown;onlythekeyissecret(why?)
¤ Verycomplicatedencryptionscanbecomputedfast:• typically,elaboratecombinationsofsubstitutionand
transposition
HTTPS
¤ SecurityprotocolfortheWeb,thepeoples’encryption
¤ Purpose:¤ confidentiality(preventeavesdropping)¤ messageintegrityandauthentication(prevent“maninthe
middle”attacksthatcouldalterthemessagesbeingsent)
¤ Techniques:¤ asymmetricencryption(“publickey”encryption)toexchange
secretkey¤ certificateauthoritytoobtainpublickeys¤ symmetricencryptiontoexchangeactualmessages
Keyspace
¤ Keyspaceisjargonforthenumberofpossiblesecretkeys,foraparticularencryption/decryptionalgorithm
¤ Numberofbitsperkeydeterminessizeofkeyspace• importantbecausewewanttomakebruteforceattacksinfeasible
¤ Bruteforceattack:runthe(known)decryptionalgorithmrepeatedlywitheverypossiblekeyuntilasensibleplaintextappears
¤ Typicalkeysizes:severalhundredbits
40
Symmetricvs.asymmetricencryption
¤ Symmetric(shared-keybetweensenderandreceiver)encryption:commonlyusedforlongmessages• Oftenacomplicatedmixofsubstitutionandtranspositionencipherment• Reasonablyfasttocompute• Examples(CaesarCipher)• Requiresasharedsecretkeyusuallycommunicatedusing(slower)
asymmetricencryption
Bob Alice
Symmetric(SharedKey)Encryption
42
Ciphertext = Enc(plaintext, key)
Bob uses the shared key to decrypt the ciphertext to recover the plaintext
Plaintext Plaintext = Dec(Ciphertext, key)
Encrypt using key Decrypt using key
Alice uses the shared key to encrypt the plaintext to produce the ciphertext
Ciphertext
EstablishingSharedKeys
¤ Problem:howcanAliceandBobsecretlyagreeonakey,usingapubliccommunicationsystem?
¤ Solution:asymmetricencryptionbasedonnumbertheory¤ Alicehasonesecret,Bobhasadifferentsecret;workingtogetherthey
establishasharedsecret¤ Examples:Diffie-Hellmankeyexchange,RSApublickeyencryption
43
Symmetricvs.asymmetricencryption
¤ Symmetric(shared-keybetweensenderandreceiver)encryption:commonlyusedforlongmessages• Oftenacomplicatedmixofsubstitutionandtranspositionencipherment• Reasonablyfasttocompute• Examples(CaesarCipher)• Requiresasharedsecretkeyusuallycommunicatedusing(slower)
asymmetricencryption
¤ Asymmetricencryption(twokeys):differentkeysareusedtoencryptandtodecrypt• Publickey:availabletoeveryone,usedtoencrypt• Privatekey:availableonlytoreceiver,usedtodecrypt• Anyonewiththepublickeycanencrypt,onlytheprivatekeycanbe
usedtodecrypt!
Onetypeofasymmetricencryption:RSA
¤ CommonencryptiontechniquefortransmittingsymmetrickeysontheInternet(https,ssl/tls)¤ Namedafteritsinventors:Rivest,Shamirand
Adleman¤ Usedinhttps(youknowwhenyou’reusingitbecause
youseetheURLintheaddressbarbeginswithhttps://)
45
Bob Alice
AsymmetricPublicKeyEncryption
46
ciphertext = Enc(plaintext, pubA)
Alice’spublickeypubA
plaintext plaintext = Dec(ciphertext, privA
Encrypt using pubA Decrypt using privA
Alice uses herprivate key to decrypt the ciphertext to recover the plaintext
Bob uses Alice’s public key to encrypt the plaintext to produce the ciphertext
ciphertext
Alice’sprivatekeyprivA
HowRSAworks
¤ First,wemustbeabletorepresentanymessageasasinglenumber(itmayalreadybeanumberasisusualforasymmetrickey)
¤ Forexample:
A T T A C K A T D A W N
012020010311012004012314
47
PublicandPrivateKeys
48
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
PublicandPrivateKeys
49
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
PublicandPrivateKeys
50
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
PublicandPrivateKeys
51
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
RSAExample
52
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
RSAExample
53
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
RSAExample
54
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
RSAExample
55
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Generatingn,eandd
56
• pandqare(big)randomprimes.
• n=p×q• φ=(p-1)(q-1)• eissmallandrelativelyprimetoφ
• d,suchthat:e × dmodφ=1
p=3,q=11
n=3×11=33φ=2×10=20e=3
3 × dmod20=1d=7
Usually the primes are huge numbers--hundreds of digits long.
CrackingRSA
¤ Everyoneknows(e,n).OnlyAliceknowsd.
¤ Ifweknoweandn,canwefigureoutd?¤ Ifso,wecanreadsecretmessagestoAlice.
¤ Wecandeterminedfromeandn.¤ Factornintopandq.
n=p×qφ=(p-1)(q-1)e×d=1(modφ)
¤ Weknowe(whichispublic),sowecansolveford.
¤ Butonlyifwecanfactorn
57
Every receiver has a: • public key (e, n) • private key (d, n)
Every sender has the receiver’s public key: • publickey(e,n)
RSAissafe(fornow)
¤ Supposesomeonecanfactormy5-digitnin1ms,
¤ Atthisrate,tofactora10-digitnumberwouldtake2minutes.
¤ …tofactora15-digitnumberwouldtake4months.
¤ …20-digitnumber…30,000years.
¤ …25-digitnumber…3billionyears.
¤ We'resafewithRSA!(atleast,fromfactoringwithdigitalcomputers)
58
CertificateAuthorities
¤ Howdoweknowwehavetherightpublickeyforsomeone?
¤ CertificateAuthoritiessigndigitalcertificatesindicatingauthenticityofasenderwhotheyhavecheckedoutintherealworld.
¤ Sendersprovidecopiesoftheircertificatesalongwiththeirmessageorsoftware.
¤ Butcanwetrustthecertificateauthorities?(onlysome)
59
Encryptionisnotsecurity!It’sjustasetoftechniques
60
How(in)secureistheInternet?
¤ TheNSAhasabudgetof$11B;weknowfromEdwardSnowdenhowsomeofitisused
¤ Corporationsandcriminalsalsospyonus
¤ Whatcangowrong?¤ Insecurepseudo-randomnumbergenerators¤ Untrustworthycertificateauthorities¤ Malware¤ “Socialengineering”attackslikephishing¤ Deliberatelybuilt-ininsecurityincryptoproducts¤ PhysicaltappingofInternetrouters
61
Securityisanunsolvedproblem
Yourcybersystemscontinuetofunctionandserveyounotduetotheexpertiseofyoursecuritystaffbutsolelyduetothesufferanceofyouropponents.
–formerNSAInformationAssuranceDirectorBrianSnow(quotedbyBruceSchneier,https://www.schneier.com/blog/archives/2013/03/phishing_has_go.html)
62
Summary
¤ Cryptographyiscoolmathematicsandprotocoldesign
¤ Butcryptographyisnotsecurity,onlyasetoftechniques
¤ Securityisabroaderissueinvolving¤ Othertechnology¤ Socialandlegalfactors
63
“Only amateurs attack machines; professionals target people” –Bruce Schneier
Two closing thoughts
Use Signal…
