CRYPTOGRAPHY How does it impact cyber security and why you need to know more?
-
Upload
everett-sherman -
Category
Documents
-
view
215 -
download
1
Transcript of CRYPTOGRAPHY How does it impact cyber security and why you need to know more?
CRYPTOGRAPHYHow does it impact cyber security and why you need to know more?
WHAT YOU DON'T KNOW ABOUT CRYPTOGRAPHY
Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p
C= M e % n
y2 = x3 + Ax + B
And why it can hurt you
Kerhoff
Euler
Ferm
at
WHO IS THE SPEAKER?
19 Books
29 industry certifications
2 Masters degrees
6 Computer science related patents
Over 20 years experience, over 15 years teaching/training
Helped create CompTIA Security+, Linux+, Server+. Helped revise CEH v8
Frequent consultant/expert witness
Teaches crypto around the world
www.chuckeasttom.com
WHAT DOES CRYPTO DO FOR YOU?
Provide data Confidentiality
Data integrity
Identification and Authentication
Non- repudiation
WHAT ARE THE LIMITS OF MOST SECURITY PROFESSIONALS CRYPTO KNOWLEDGE
General description of symmetric crypto (AES, DES, Blowfish)
General description of assymetric (Diffie Hellman, RSA, DSA, and maybe ECC)
General description of digital signatures
General description of digital certificates
General description of protocols such as TLS
WHY?
Why learn crypto? Kerkhoff’s principle
Bad crypto solutions
Dual_EC_DRBG backdoor
Is RSA Secure enough?
KERKHOFF’S PRINCIPLE
“A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”
-August Kerkhoff
The EnigmaDS story http://money.cnn.com/2011/09/02/technology/unhackable_code/
BAD CRYPTO SOLUTIONS
Windows SALT What is SALT And why hashing needs it?
How does it go wrong?
Keep it secret
Has to be simple enough to be fast
Has to be complex enough to not be ‘guessable’
Poor random number generators
How to select hard drive/file encryption
DUAL_EC_DRBG BACKDOOR
In 2013 Edward Snowden revealed that it had a backdoor however:
In 2004 suspicions of this where around the crypto community
In 2006 multiple papers are published suggesting this.
In 2006 Bruce Schneier blogged about it.
The Cyber Security community may have been in the dark on this issue, but the crypto community was not.
WHAT ABOUT CRYPTOGRAPHIC BACKDOORS?
What can you do?
Can you prevent them even if you don’t know they are there?
PROBLEMS WITH RSA
The most widely used asymmetric cryptographic algorithm, may not be secure enough.
IS RSA STILL SECURE?
Heninger and Shacham Zhao and Qi Yeh, Huang, Lin, and Chang Hinek
HENINGER AND SHACHAM
Heninger and Shacham (2009) found that RSA implementations that utilized a smaller modulus were susceptible to cryptanalysis attacks. A smaller modulus can increase the efficiency of an RSA implementation, but as Heninger and Shacham (2009) showed, it may also decrease the efficacy.
HENINGER AND SHACHAM
Heninger and Shacham (2009) utilized the fact of the smaller modulus to reduce the set of possible factors, thus decreasing the time needed to factor the public key of an RSA implementation. It is in fact a common practice to use a specific modulus e = 216 + 1= 65537 (Heninger & Shacham, 2009). If an RSA Implementation is using this common value for e, then factoring the public key is a much simpler process
ZHAO AND QI
Zhao and Qi (2007) also utilized implementations that have a smaller modulus operator. The authors of this study also applied modular arithmetic, a subset of number theory, to analyzing weaknesses in RSA. Many implementations of RSA use a shorter modulus operator in order to make the algorithm execute more quickly.
RSA RESOURCES
Hinek, M. (2009). Cryptanalysis of RSA and its variants. England: Chapman and Hall.
Heninger, N., Shacham, H. (2009). Reconstructing RSA private keys from random key bit. Advances in Cryptology Lecture Notes in Computer Science, 1 (1). doi:10.1007/978-3-642-03356-8_1.
Yeh, Y., Huang, T., Lin, H., Chang, Y. (2009). A study on parallel RSA factorization. Journal of Computers, 4 (2), 112-118. doi:10.4304/jcp.4.2.112-118
Zhao, Y., Qi, W. (2007). Small private-exponent attack on RSA with primes sharing bits. Lecture Notes in Computer Science, 2007, 4779 (2007) 221-229. doi: 10.1007/978-3-540-75496-1_15
HOW TO LEARN MORE?
http://www.cryptocorner.com/ Professor Dan Boneh’s course online
https://class.coursera.org/crypto-preview/lecture Modern Cryptography: Applied Mathematics for
Encryption and Information Security by Chuck Easttom from McGraw Hill (out by August 2015)
Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier
Secret History: The Story of Cryptography by Bauer
Modern Cryptanalysis: Techniques for Advanced Code Breaking by Swenson