Cryptography
-
Upload
yung-luen-lan -
Category
Technology
-
view
3.662 -
download
0
Transcript of Cryptography
![Page 1: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/1.jpg)
yllan, 2015
![Page 3: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/3.jpg)
![Page 4: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/4.jpg)
![Page 5: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/5.jpg)
Q: AES
![Page 6: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/6.jpg)
![Page 7: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/7.jpg)
![Page 8: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/8.jpg)
•
•
• /
• key
• key
![Page 9: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/9.jpg)
Encryption
![Page 10: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/10.jpg)
Encryption System• Block Cipher
•
• DES, AES, RSA, …
• block padding block
• Block Mode: ECB / CBC / GCM / ……
![Page 11: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/11.jpg)
Don’t Use ECB mode!Block 1 Block 2 Block N…
Cipher 1 Cipher 2 Cipher N…
![Page 12: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/12.jpg)
ECB: Cut & Paste
Cookie: auth=AES-ECB(username)
Cookie: auth=AES-ECB(1234567890123456admin)
![Page 13: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/13.jpg)
ECB: Byte-by-Byte• Oracle(m)=AES-ECB(m‖secret, key)
AES-ECB(123456789012345secret, key) AES-ECB(123456789012345*secret, key) AES-ECB(123456789012345ssecret, key) AES-ECB(12345678901234secret, key) AES-ECB(12345678901234s*secret, key) AES-ECB(12345678901234sesecret, key) AES-ECB(1234567890123secret, key)
A block: 16-bytes
![Page 14: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/14.jpg)
CBC
![Page 15: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/15.jpg)
comment=hello ,%20MOPCON. %26admin=true&admin=true
![Page 16: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/16.jpg)
comment=hello ,%20MOPCON. %26admin=true&admin=true
comment=hello ?SDA(*H@*(#$& %2&admin=true
&⊕6
![Page 17: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/17.jpg)
CBC Padding Oracle• PKCS7 Padding
• xxxxxxxxxx\01
• xxxxxxxxx\02\02
• xxxxxxxx\03\03\03
![Page 18: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/18.jpg)
if (!bytes.takeRight(bytes.last)
.forAll(_ == bytes.last))
{
throw Exception(“Padding invalid!”)
}
![Page 19: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/19.jpg)
![Page 20: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/20.jpg)
030303
![Page 21: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/21.jpg)
030303
⊕01
![Page 22: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/22.jpg)
030302
⊕01
![Page 23: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/23.jpg)
030302
⊕01
![Page 24: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/24.jpg)
030303
⊕02
![Page 25: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/25.jpg)
030301
⊕02
valid padding!
![Page 26: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/26.jpg)
030301
⊕02
valid padding!last byte ⊕ 02 = 01, last byte = 03
![Page 27: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/27.jpg)
030303
valid padding!last byte ⊕ 02 = 01, last byte = 03
![Page 28: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/28.jpg)
??040404
⊕??070707
![Page 29: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/29.jpg)
Authentication(Signing)
![Page 30: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/30.jpg)
(Crypto) Hash• MD5, SHA1, SHA2, SHA3……
• input n output
• One-Way: H(x) x
• 2nd Pre-Image Resistance: y H(x) = H(y)
• Collision Free: x ≠ y ⇒ H(x) = H(y)
![Page 31: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/31.jpg)
Hash ≠ Authentication
![Page 32: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/32.jpg)
• user=yllan&rating=5&album=12345
• MD5(secretalbum12345rating5useryllan)
•
• Length Extension Attack
![Page 33: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/33.jpg)
Length Extension Attack• ????user=yllan&rating=5
• ????user=yllan&rating=5…&admin=true
![Page 34: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/34.jpg)
data data paddata
1 length0…0
64bytes 64bytes 64bytes
![Page 35: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/35.jpg)
data paddatadata
64bytes 64bytes 64bytes
v1: 0x67452301
v2: 0xEFCDAB89
v3: 0x98BADCFE
v4: 0x10325476
v5: 0xC3D2E1F0
![Page 36: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/36.jpg)
data paddatadata
64bytes 64bytes 64bytes
v1: 0xAAAAAAAA
v2: 0xBBBBBBBB
v3: 0xCCCCCCCC
v4: 0xDDDDDDDD
v5: 0xEEEEEEEE
![Page 37: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/37.jpg)
data paddatadata
64bytes 64bytes 64bytes
v1: 0xFFFFFFFF
v2: 0xFFFFFFFF
v3: 0xFFFFFFFF
v4: 0xFFFFFFFF
v5: 0xFFFFFFFF
![Page 38: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/38.jpg)
data paddatadata
64bytes 64bytes 64bytes
v1: 0x00000000
v2: 0x11111111
v3: 0x22222222
v4: 0x33333333
v5: 0x44444444
SHA1: 0x0000000011111111222222223333333344444444
![Page 39: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/39.jpg)
? ???
64bytes 64bytes 64bytes
SHA1: 0x0000000011111111222222223333333344444444
![Page 40: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/40.jpg)
? ???
64bytes 64bytes 64bytes
SHA1: 0x0000000011111111222222223333333344444444
v1: 0x00000000
v2: 0x11111111
v3: 0x22222222
v4: 0x33333333
v5: 0x44444444
![Page 41: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/41.jpg)
? ???
64bytes 64bytes 64bytes
v1: 0x00000000
v2: 0x11111111
v3: 0x22222222
v4: 0x33333333
v5: 0x44444444
PadExtension
![Page 42: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/42.jpg)
? ???
64bytes 64bytes 64bytes
v1: 0x55555555
v2: 0x66666666
v3: 0x77777777
v4: 0x88888888
v5: 0x99999999
SHA1: 0x5555555566666666777777778888888899999999
PadExtension
![Page 43: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/43.jpg)
? ???
64bytes 64bytes 64bytes
v1: 0x55555555
v2: 0x66666666
v3: 0x77777777
v4: 0x88888888
v5: 0x99999999
SHA1: 0x5555555566666666777777778888888899999999
PadExtension
![Page 44: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/44.jpg)
MAC
• Message Authentication Code
• HMAC-SHA256(message, secret)
• m, MACk(m) ⇒ n, MACk(n)
![Page 45: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/45.jpg)
Side Channel Attack
![Page 46: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/46.jpg)
Comparisonpublic static boolean isEqual(byte digesta[], byte digestb[]) { if (digesta.length != digestb.length) return false;
for (int i = 0; i < digesta.length; i++) { if (digesta[i] != digestb[i]) { return false; } } return true; }
Java 6u15: MessageDigest.isEqual
![Page 47: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/47.jpg)
Constant Time Comparison ( )
public static boolean isEqual(byte[] a, byte[] b) { if (a.length != b.length) { return false; }
int result = 0; for (int i = 0; i < a.length; i++) { result |= a[i] ^ b[i]; } return result == 0; }
![Page 48: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/48.jpg)
Side Channel
•
•
•
• HEARTBLEED
![Page 49: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/49.jpg)
![Page 50: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/50.jpg)
![Page 51: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/51.jpg)
![Page 52: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/52.jpg)
• bcrypt()
![Page 53: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/53.jpg)
• RSA/DES library… Orz
![Page 54: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/54.jpg)
![Page 55: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/55.jpg)
![Page 56: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/56.jpg)
Q & A
![Page 57: Cryptography](https://reader031.fdocuments.us/reader031/viewer/2022030305/58729fe91a28ab07208b57e7/html5/thumbnails/57.jpg)
1 2 3 4 5 6 78 9 10……