1. encryption & security
TRANSCRIPT
Overview
¤ Securityissues
¤ Encryptionandcryptanalysis
¤ Encryptioninthedigitalage¤ Symmetricencryption¤ Asymmetricencryption
¤ Applicationsofencryption
¤ Encryptionisnotsecurity!
2
Networkingisasecurityissue
¤ Why?
¤ Ifyouwantareallysecuremachine,lockitinanelectromagneticallyshieldedroomanddon’tconnectittoanynetworksorothersourcesofdatabeyondyourcontrol(totallyisolatedisland)
¤ Notmuchfun,isit?
4
TheProblem¤ TheInternetispublic
¤ Messagessentpassthroughmanymachinesandmedia
¤ Anyoneinterceptingamessagemight¤ readitand/or¤ replaceitwithadifferentmessage
¤ TheInternetisanonymous¤ IPaddressesdon’testablishidentity
¤ Anyonemaysendmessagesunderafalseidentity
5
TheProblem¤ TheInternetispublic
¤ Messagessentpassthroughmanymachinesandmedia
¤ Anyoneinterceptingamessagemight¤ readitand/or¤ replaceitwithadifferentmessage
¤ TheInternetisanonymous¤ IPaddressesdon’testablishidentity
¤ Anyonemaysendmessagesunderafalseidentity
6
Cryptography offers partial
solutions to all of these problems
AShadyExample¤ Iwanttomakeapurchaseonlineandclickalinkthattakesmeto
http://www.sketchystore.com/checkout.jsp
¤ WhatIseeinmybrowser:
7
AShadyExample(cont’d)¤ WhenIpressSUBMIT,mybrowsersendsthis:
POST /purchase.jsp HTTP/1.1
Host: www.sketchystore.com
User-Agent: Mozilla/4.0
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
userid=rbd&creditcard=2837283726495601& exp=01/09
8
AShadyExample(cont’d)
¤ Ifthisinformationissentunencrypted,whohasaccesstomycreditcardnumber?¤ Otherpeoplewhocanconnecttomywireless
ethernet¤ Otherpeoplephysicallyconnectedtomywired
ethernet¤ …
¤ Packetsarepassedfromroutertorouter.¤ Allthoseroutershaveaccesstomydata.
9
Encryption
¤ Weencrypt(encode)ourdatasootherscan’tunderstandit(easily)exceptforthepersonwhoissupposedtoreceiveit.
¤ Wecallthedatatoencodeplaintextandtheencodeddatatheciphertext.
¤ Encodinganddecodingareinversefunctionsofeachother
13
ATTACKATDAWNEncryptionalgorithm
AGSTRMBNDO
ATTACKATDAWN
plaintext
ciphertext
secretkey
secretkey
Decryptionalgorithm
Encryption/decryption
ATTACKATDAWN AGSTRMBNDO
ATTACKATDAWN
ciphertext
Mathematical,logical,empirical
analysis
secretkey
plaintext
Encryptionalgorithm
Cryptanalysis
Twobasicwaysofalteringtexttoencrypt/decrypt
¤ Substituteoneletterforanotherusingsomekindofrule
¤ Scrambletheorderofthelettersusingsomekindofrule
17
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
19
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
¤ Example:MESSAGE→NFTTBHF
21
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
¤ Example:MESSAGE→NFTTBHF
¤ CanyoudecryptTFDSFU?
23
SubstitutionCiphers
¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A
¤ Example:MESSAGE→NFTTBHF
¤ CanyoudecryptTFDSFU?SECRET
25
CaesarCipher
¤ Shiftforwardnletters;nisthesecretkey
¤ Forexample,shiftforward3letters:A→D,B→E,...,Z→C¤ ThisisaCaesarcipherusingakeyof3(n=3).
¤ MESSAGE→ PHVVDJH
¤ Howcanwecrackthisencryptedmessageifwedon’tknowthekey?DEEDUSEKBTFEIIYRBOTUSETUJXYI
26
CaesarCipher(cont’d)
¤ Howlongwouldittakeacomputertotryall25shifts?
27
DEEDUSEKBTFEIIYRBOTUSETUJXYI EFFEVTFLCUGFJJZSCPUVTFUVKYZJ FGGFWUGMDVHGKKATDQVWUGVWLZAK GHHGXVHNEWIHLLBUERWXVHWXMABL HIIHYWIOFXJIMMCVFSXYWIXYNBCM IJJIZXJPGYKJNNDWGTYZXJYZOCDN JKKJAYKQHZLKOOEXHUZAYKZAPDEO KLLKBZLRIAMLPPFYIVABZLABQEFP LMMLCAMSJBNMQQGZJWBCAMBCRFGQ MNNMDBNTKCONRRHAKXCDBNCDSGHR NOONECOULDPOSSIBLYDECODETHIS OPPOFDPVMEQPTTJCMZEFDPEFUIJT PQQPGEQWNFRQUUKDNAFGEQFGVJKU
QRRQHFRXOGSRVVLEOBGHFRGHWKLV RSSRIGSYPHTSWWMFPCHIGSHIXLMW STTSJHTZQIUTXXNGQDIJHTIJYMNX TUUTKIUARJVUYYOHREJKIUJKZNOY UVVULJVBSKWVZZPISFKLJVKLAOPZ VWWVMKWCTLXWAAQJTGLMKWLMBPQA WXXWNLXDUMYXBBRKUHMNLXMNCQRB XYYXOMYEVNZYCCSLVINOMYNODRSC YZZYPNZFWOAZDDTMWJOPNZOPESTD ZAAZQOAGXPBAEEUNXKPQOAPQFTUE ABBARPBHYQCBFFVOYLQRPBQRGUVF BCCBSQCIZRDCGGWPZMRSQCRSHVWG CDDCTRDJASEDHHXQANSTRDSTIWXH
VigenèreCipher
¤ Shiftdifferentamountforeachletter.Useakeyword;eachletterinthekeydetermineshowmanyshiftswedoforthecorrespondingletterinthemessage.
¤ Example:keyword“cmu”:shiftby2,12,20
¤ Message“pittsburgh”
cmucmucmuc
encrypted:runvevwdaj
¤ Tryityourselfathttp://www.simonsingh.net/The_Black_Chamber/v_square.html
28
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ noshift B BCDEFGHIJKLMNOPQRSTUVWXYZA shiftby1 C CDEFGHIJKLMNOPQRSTUVWXYZAB shiftby2 D DEFGHIJKLMNOPQRSTUVWXYZABC shiftby3 E EFGHIJKLMNOPQRSTUVWXYZABCD etc. F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: D
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: DX
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: DXV
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE
...
• Message: ATTACKATDAWN• Pickasecretkey DECAFDECAFDE • Encrypted: DXVAHNEVDFZR
1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …
VernamCipher
¤ VigenèrecipherwasbrokenbyCharlesBabbageinthemid1800sbyexploitingtherepeatedkey¤ Thelengthofthekeydeterminesthecycleinwhichthe
cipherisrepeated.
¤ Vernamcipher:makethekeythesamelengthasthemessage;Babbage’sanalysisdoesn’twork.
33
One-timePads
¤ Vernamcipheriscommonlyreferredtoasaone-timepad.
¤ Ifrandomkeysareusedone-timepadsareunbreakableintheory.
34
AliceandBobhaveidentical“pads”(sharedkeys)
Transpositionciphers
STSF…EROL...NOUA...DOTN…MPHK…OSEA…RTRN…EOND…
image:http://crypto.interactive-maths.com/simple-transposition-ciphers.html
an ancient Greek method
Encryptionincomputing
¤ One-timepadsimpracticalonthenet(why?)
¤ Basicassumption:theencryption/decryptionalgorithmisknown;onlythekeyissecret(why?)
¤ Verycomplicatedencryptionscanbecomputedfast:• typically,elaboratecombinationsofsubstitutionand
transposition
HTTPS
¤ SecurityprotocolfortheWeb,thepeoples’encryption
¤ Purpose:¤ confidentiality(preventeavesdropping)¤ messageintegrityandauthentication(prevent“maninthe
middle”attacksthatcouldalterthemessagesbeingsent)
¤ Techniques:¤ asymmetricencryption(“publickey”encryption)toexchange
secretkey¤ certificateauthoritytoobtainpublickeys¤ symmetricencryptiontoexchangeactualmessages
Keyspace
¤ Keyspaceisjargonforthenumberofpossiblesecretkeys,foraparticularencryption/decryptionalgorithm
¤ Numberofbitsperkeydeterminessizeofkeyspace• importantbecausewewanttomakebruteforceattacksinfeasible
¤ Bruteforceattack:runthe(known)decryptionalgorithmrepeatedlywitheverypossiblekeyuntilasensibleplaintextappears
¤ Typicalkeysizes:severalhundredbits
40
Symmetricvs.asymmetricencryption
¤ Symmetric(shared-keybetweensenderandreceiver)encryption:commonlyusedforlongmessages• Oftenacomplicatedmixofsubstitutionandtranspositionencipherment• Reasonablyfasttocompute• Examples(CaesarCipher)• Requiresasharedsecretkeyusuallycommunicatedusing(slower)
asymmetricencryption
Bob Alice
Symmetric(SharedKey)Encryption
42
Ciphertext = Enc(plaintext, key)
Bob uses the shared key to decrypt the ciphertext to recover the plaintext
Plaintext Plaintext = Dec(Ciphertext, key)
Encrypt using key Decrypt using key
Alice uses the shared key to encrypt the plaintext to produce the ciphertext
Ciphertext
EstablishingSharedKeys
¤ Problem:howcanAliceandBobsecretlyagreeonakey,usingapubliccommunicationsystem?
¤ Solution:asymmetricencryptionbasedonnumbertheory¤ Alicehasonesecret,Bobhasadifferentsecret;workingtogetherthey
establishasharedsecret¤ Examples:Diffie-Hellmankeyexchange,RSApublickeyencryption
43
Symmetricvs.asymmetricencryption
¤ Symmetric(shared-keybetweensenderandreceiver)encryption:commonlyusedforlongmessages• Oftenacomplicatedmixofsubstitutionandtranspositionencipherment• Reasonablyfasttocompute• Examples(CaesarCipher)• Requiresasharedsecretkeyusuallycommunicatedusing(slower)
asymmetricencryption
¤ Asymmetricencryption(twokeys):differentkeysareusedtoencryptandtodecrypt• Publickey:availabletoeveryone,usedtoencrypt• Privatekey:availableonlytoreceiver,usedtodecrypt• Anyonewiththepublickeycanencrypt,onlytheprivatekeycanbe
usedtodecrypt!
Onetypeofasymmetricencryption:RSA
¤ CommonencryptiontechniquefortransmittingsymmetrickeysontheInternet(https,ssl/tls)¤ Namedafteritsinventors:Rivest,Shamirand
Adleman¤ Usedinhttps(youknowwhenyou’reusingitbecause
youseetheURLintheaddressbarbeginswithhttps://)
45
Bob Alice
AsymmetricPublicKeyEncryption
46
ciphertext = Enc(plaintext, pubA)
Alice’spublickeypubA
plaintext plaintext = Dec(ciphertext, privA
Encrypt using pubA Decrypt using privA
Alice uses herprivate key to decrypt the ciphertext to recover the plaintext
Bob uses Alice’s public key to encrypt the plaintext to produce the ciphertext
ciphertext
Alice’sprivatekeyprivA
HowRSAworks
¤ First,wemustbeabletorepresentanymessageasasinglenumber(itmayalreadybeanumberasisusualforasymmetrickey)
¤ Forexample:
A T T A C K A T D A W N
012020010311012004012314
47
PublicandPrivateKeys
48
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
PublicandPrivateKeys
49
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
PublicandPrivateKeys
50
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
PublicandPrivateKeys
51
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
RSAExample
52
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
RSAExample
53
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
RSAExample
54
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
RSAExample
55
Receiver decrypts using private key • Alice is the receiver • Every receiver has a:
• public key (e, n) • private key (d, n)
• Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).
• C d modulo n → M (plaintext)
• Bob wants to send Alice the message M=4 • Bob knows Alice’s Public Key: (3, 33) (e = 3,
n = 33) • Bob encrypts the message using e and n
• (M e modulo n → C): • 43 modulo 33 → 31 • ... Bob sends 31
• Alice’s Public Key: (3, 33) (e = 3, n = 33) • Alice’s Private Key: (7, 33) (d = 7, n = 33)
• Usually these are really huge numbers with many hundreds of digits!
• Alice receives the encoded message 31 • Alice decrypts the message using d and
n • (C d modulo n → M ): • 317 modulo 33 → 4
Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:
• publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:
• M e modulo n → C (ciphertext)
Generatingn,eandd
56
• pandqare(big)randomprimes.
• n=p×q• φ=(p-1)(q-1)• eissmallandrelativelyprimetoφ
• d,suchthat:e × dmodφ=1
p=3,q=11
n=3×11=33φ=2×10=20e=3
3 × dmod20=1d=7
Usually the primes are huge numbers--hundreds of digits long.
CrackingRSA
¤ Everyoneknows(e,n).OnlyAliceknowsd.
¤ Ifweknoweandn,canwefigureoutd?¤ Ifso,wecanreadsecretmessagestoAlice.
¤ Wecandeterminedfromeandn.¤ Factornintopandq.
n=p×qφ=(p-1)(q-1)e×d=1(modφ)
¤ Weknowe(whichispublic),sowecansolveford.
¤ Butonlyifwecanfactorn
57
Every receiver has a: • public key (e, n) • private key (d, n)
Every sender has the receiver’s public key: • publickey(e,n)
RSAissafe(fornow)
¤ Supposesomeonecanfactormy5-digitnin1ms,
¤ Atthisrate,tofactora10-digitnumberwouldtake2minutes.
¤ …tofactora15-digitnumberwouldtake4months.
¤ …20-digitnumber…30,000years.
¤ …25-digitnumber…3billionyears.
¤ We'resafewithRSA!(atleast,fromfactoringwithdigitalcomputers)
58
CertificateAuthorities
¤ Howdoweknowwehavetherightpublickeyforsomeone?
¤ CertificateAuthoritiessigndigitalcertificatesindicatingauthenticityofasenderwhotheyhavecheckedoutintherealworld.
¤ Sendersprovidecopiesoftheircertificatesalongwiththeirmessageorsoftware.
¤ Butcanwetrustthecertificateauthorities?(onlysome)
59
How(in)secureistheInternet?
¤ TheNSAhasabudgetof$11B;weknowfromEdwardSnowdenhowsomeofitisused
¤ Corporationsandcriminalsalsospyonus
¤ Whatcangowrong?¤ Insecurepseudo-randomnumbergenerators¤ Untrustworthycertificateauthorities¤ Malware¤ “Socialengineering”attackslikephishing¤ Deliberatelybuilt-ininsecurityincryptoproducts¤ PhysicaltappingofInternetrouters
61
Securityisanunsolvedproblem
Yourcybersystemscontinuetofunctionandserveyounotduetotheexpertiseofyoursecuritystaffbutsolelyduetothesufferanceofyouropponents.
–formerNSAInformationAssuranceDirectorBrianSnow(quotedbyBruceSchneier,https://www.schneier.com/blog/archives/2013/03/phishing_has_go.html)
62
Summary
¤ Cryptographyiscoolmathematicsandprotocoldesign
¤ Butcryptographyisnotsecurity,onlyasetoftechniques
¤ Securityisabroaderissueinvolving¤ Othertechnology¤ Socialandlegalfactors
63
“Only amateurs attack machines; professionals target people” –Bruce Schneier