Upload File

perfect forward secrecy - next step in information security

  • Home
  • Internet
  • Perfect Forward Secrecy - Next Step in Information Security
23
Perfect Forward Secrecy Intercept today, decrypt tomorrow Abraxas Informa8k AG, Thomas Briner

Upload: thomas-briner

Post on 21-Jul-2015

471 views

Category:

Internet


0 download

Report

TRANSCRIPT

Page 1: Perfect Forward Secrecy - Next Step in Information Security

Perfect  Forward  Secrecy  

Intercept  today,    decrypt  tomorrow  

Abraxas  Informa8k  AG,  Thomas  Briner  

Page 2: Perfect Forward Secrecy - Next Step in Information Security
Page 3: Perfect Forward Secrecy - Next Step in Information Security
Page 4: Perfect Forward Secrecy - Next Step in Information Security

Symmetrisch  verschlüsseln  

Anna   Beat  Emil  

Page 5: Perfect Forward Secrecy - Next Step in Information Security

Verschlüsseln  ohne  Schlüsselaustausch?  

WhiGield  Diffie,  Mar8n  Hellman,  Ralph  Merkle  

James  H.  Ellis,  Clifford  Cocks,  Malcom  J.  Williamson  

Page 6: Perfect Forward Secrecy - Next Step in Information Security

Idee:  Beat  soll  sich  auch  noch  ein  Schloss  besorgen!  Dann  geht  es.  

Aber  wie?  

Page 7: Perfect Forward Secrecy - Next Step in Information Security

Grundidee:  Opera8on,  die  schwierig  umkehrbar  ist  

128  =  2  ?  

Page 8: Perfect Forward Secrecy - Next Step in Information Security

Z*p  :  Rechnen  mit  Mul8plika8on  modulo  Primzahl  

1   2  3  

4  

5  6  7  

8  

9  

10  

12  

11  

Page 9: Perfect Forward Secrecy - Next Step in Information Security

Diskreter  Logarithmus  

11  =  2  ?      in  Z*13  

Page 10: Perfect Forward Secrecy - Next Step in Information Security

Diffie-­‐Hellman:  Verschlüsseln  ohne  vorgängig  bekannten  Schlüssel  

p  =  13,  g  =  2  

Page 11: Perfect Forward Secrecy - Next Step in Information Security

RSA:  Offene  Schlösser  verteilen  

Grundannahme:  Zerlegen  in  Primfaktoren  ist  schwierig  

Beat

Beat

Beat

Beat Beat

Beat

Page 12: Perfect Forward Secrecy - Next Step in Information Security

Standard-­‐Anwendungen  von  Verschlüsselung  mit  RSA  

•  SSL  Verschlüsselung  •  Mail  Verschlüsselung  •  Signaturen  

 

Page 13: Perfect Forward Secrecy - Next Step in Information Security

Wie  funk8oniert  SSL-­‐Verbindungsaugau  

Hallo  server.ch,  ich    möchte  eine  verschlüsselte  Verbindung  mit  dir  

Ok,  hier  ist  mein  Zer8fikat  und  mein  Public  Key  

Schönes  Zer8fikat!  Für  Verschlüsselung  unterstütze  ich  

Schema  4,  5  und  9.   Dann  nehmen  wir  doch  Nr.  9!  

Ok,  9  ist  bestens.  Als  Passwort  schlage  ich  „HoppGCMeister2015“  vor.   Bin  zwar  FCZ-­‐Fan,  aber  

von  mir  aus...  

Beat

Beat

Page 14: Perfect Forward Secrecy - Next Step in Information Security

und  verschlüsselte  Informa8on  

•  Kann  die  NSA  AES-­‐256  knacken?  •  Kann  die  NSA  effiziente  Primfaktorenzerlegung?  •  Kann  die  NSA  allen  hmps-­‐Traffic  entschlüsseln?  

Intercept  today,    decrypt  tomorrow  

Page 15: Perfect Forward Secrecy - Next Step in Information Security

Wieso  funk8oniert  das?  

1.   Private  Key                    raten,      hacken,  stehlen,  …  

2.   Session  Key      dechiffrieren  

3.   Verschlüsselte      Informa8onen  dechiffrieren  

Für  ALLE  jemals  verschickten  Messages  

Page 16: Perfect Forward Secrecy - Next Step in Information Security

Was  können  wir  dagegen  tun?  

Anna   Beat  

Page 17: Perfect Forward Secrecy - Next Step in Information Security

SSL  Verbindungsaugau  mit  DH  

Hallo  server.ch,  ich    möchte  eine  verschlüsselte  Verbindung  mit  dir  

Ok,  hier  ist  mein  Zer8fikat  und  mein  Public  Key  

Schönes  Zer8fikat!  Für  Verschlüsselung  unterstütze  ich  

Schema  4,  5  und  9.   Dann  nehmen  wir  doch  Nr.  9!    

p=  …,  g=  …,  g^b  =  …  

Ok,  9  ist  bestens.  g^a  =  …  Los  geht’s:  …  

Beat

Beat

Beat

Page 18: Perfect Forward Secrecy - Next Step in Information Security

Bleeding  Edge?  

1996   2011   2014  2013  

Page 19: Perfect Forward Secrecy - Next Step in Information Security

Nun  sag,  Gretchen,  wie  hast  du‘s  mit  der  Perfect  Forward  Secrecy?    

Schrim  1:  Client  

Page 20: Perfect Forward Secrecy - Next Step in Information Security

Nun  sag,  Gretchen,  wie  hast  du‘s  mit  der  Perfect  Forward  Secrecy?    

Schrim  2:  Server  

Page 21: Perfect Forward Secrecy - Next Step in Information Security

Nun  sag,  Gretchen,  wie  hast  du‘s  mit  der  Perfect  Forward  Secrecy?    

Schrim  2:  Server  im  Detail  

Page 22: Perfect Forward Secrecy - Next Step in Information Security

Conclusion  

Schleppnetz  vs.  Angel  

•  Performance  •  Usability  (?)  •  Komplexität  

Implika8onen  auf  

Page 23: Perfect Forward Secrecy - Next Step in Information Security

TODOs  für  Abraxas?  

•  Bewusstsein  für  Sicherheitseigenschav  schaffen    

•  Webserver  für  PFS  fit  machen    

•  In  Fachapplika8onen  für  Kommunika8on  verwenden,  z.B.  Client  –  Server    

•  Als  zusätzliche  Sicherheitsstufe  verwenden  z.B.  TrustTalk  mit  OTR-­‐Modus  


Chernobyl Secrecy

SAKE : Strengthened Symmetric-Key Authenticated Key ... · SAKE+: Strengthened Symmetric-Key Authenticated Key Exchange with Perfect Forward Secrecy for IoT Seyed Farhad Aghili1,

Imperfect Forward Secrecy: How Diffie-Hellman …Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian Karthikeyan Bhargavan∗ Zakir Durumeric Pierrick Gaudry†

The Cyprus Debt: Perfect Crisis and a Way Forward

Moving forward: Forward Secrecy in OpenPGP · Justus Winter Moving forward: Forward Secrecy in OpenPGPDeltaX Freiburg, 2018-07-21 2/19 Dataatrestvs

Lecture 5 Ciphers, Information Theory, and Elementary ... · Perfect Secrecy Information Theory Elementary Number Theory Perfect Secrecy (3/3) Game Based Definition. Expb A, where

Cyprus Debt. The perfect crisis and a way forward

Key agreement in dynamic peer groups - Parallel and ... · our protocols can be easily extended to authenticated group key agreement providing perfect forward secrecy (PFS) [16],

SR-OS Cryptographic Module - NIST · 2018. 11. 21. · OSPF Open Shortest Path First PFS Perfect Forward Secrecy RNG Random Number Generator RSVP Resource Reservation Protocol SA

Simmel Secrecy

Perfect Forward Security of SPAKE2 · 2020-01-14 · Perfect Forward Security of SPAKE2 Michel Abdalla1;2 and Manuel Barbosa3 1 DIENS, Ecole normale sup erieure, CNRS, PSL University,

Recover A RSA Private key from a TLS session with perfect forward secrecy

Techniques in Cryptography and Cryptanalysis · 2021. 1. 11. · Perfect secrecy 6 Perfect secrecy, historical version, Shannon, 1949. Prior distribution: distribution of M known

SSL & Perfect Forward Secrecy - Steve Gibson · 2013-07-12 · Leo Laporte: It's time for Security Now! with Steve Gibson, Episode 412, recorded July 10th, 2013: SSL & Perfect Forward

An Identity Based Key Exchange Scheme with Perfect Forward ...ethesis.nitrkl.ac.in/7374/1/2015_BT_Sonalin_111CS0446.pdf · An Identity Based Key Exchange Scheme with Perfect Forward

Perfect Forward Secrecy for GETVPN - Cisco · Secrecy(PFS),theattackermustnotbeabletousethelong-termkeystoobtainkeysanddecryptrecorded communicationofpastsessions.ArelatedsecuritymeasureiscalledPerfectBackwardSecrecy(PBS).For

Exercise 1 – Perfect Secrecy

IPSec and IKE - gauss.ececs.uc.edugauss.ececs.uc.edu/Courses/c5153/lectures/PDF/ipsec.pdf · IPSec and IKE Perfect Forward Secrecy: attacker cannot decrypt even if the entire session

CS555Spring 2012/Topic 31 Cryptography CS 555 Topic 3: One-time Pad and Perfect Secrecy

Imperfect Forward Secrecy

Pairing-Based Onion Routing with Improved Forward Secrecyiang/pubs/PBOR-TISSEC.pdf · Pairing-Based Onion Routing with Improved Forward Secrecy ... Pairing-Based Onion Routing with

Perfect Secrecy - Indian Institute of Technology Madras · • Perfect secrecy is difficult to achieve in practice • Instead we use a crypto-scheme that cannot be broken in reasonable

Perfect and Statistical Secrecy, probabilistic algorithms, Definitions of Easy and Hard, 1-Way FN -- formal definition

Symmetric-key Authenticated Key Exchange (SAKE) with ... · SAKE: Symmetric-key AKE with Perfect Forward Secrecy 3 accepts. In our scheme, one of the party also keeps in memory (a

Govt Secrecy

Version 1.2 November 2009 - Juniper Networks · 2017-03-01 · November 2009 . Configuring Dynamic VPN – Application Note ... • Perfect Forward Secrecy-PFS is mandatory ... (The

Recover a RSA private key - Black Hat | Home · Recover a RSA private key from a TLS session with Perfect Forward Secrecy (Marco Ortisi –2016) About me ... enjoy your leaked private

1720 - Forward Secrecy: How to Secure SSL from Attacks by ...vox.veritas.com/legacyfs/online/veritasdata/2pm_1720_Forward Secrecy How to Secure SSL...Elliptic Curve Cryptography (ECC)

Perfect Forward Secrecy - Mathematicsdrew/PerfectForwardSecrecy.pdfTypically the decryption key is secret, but the encryption key is not. Making K E public solves the key distribution

Seven Grades of Perfect Forward Secrecy

Secrecy world

Fully Non-Interactive Onion Routing with Forward-Secrecy · 2011-09-29 · Anonymity in a public network Fully Non-Interactive Onion Routing with Forward-Secrecy 3 Internet Nov 10,

Secure P2P-Messenger · Record Messaging [5] or short OTR. Perfect forward secrecy is guaranteed by exchanging new keys with every message. This key exchange is based on Di e-Hellman

CryptographyPerfect secrecySlide 1 Today What does it mean for a cipher to be: –Computational secure? Unconditionally secure? Perfect secrecy –Conditional

Signcryption Schemes with Forward Secrecy Based on ...ethesis.nitrkl.ac.in/2009/1/Thesis_rkm214.pdf · Signcryption Schemes with Forward Secrecy Based on Elliptic Curve Cryptography