1. Encryption & Security

1. Encryption & Security

Overview

¤  Securityissues

¤  Encryptionandcryptanalysis

¤  Encryptioninthedigitalage¤  Symmetricencryption¤  Asymmetricencryption

¤  Applicationsofencryption

¤  Encryptionisnotsecurity!

2

Securityissues

3

Networkingisasecurityissue

¤ Why?

¤  Ifyouwantareallysecuremachine,lockitinanelectromagneticallyshieldedroomanddon’tconnectittoanynetworksorothersourcesofdatabeyondyourcontrol(totallyisolatedisland)

¤ Notmuchfun,isit?

4

TheProblem¤  TheInternetispublic

¤  Messagessentpassthroughmanymachinesandmedia

¤  Anyoneinterceptingamessagemight¤  readitand/or¤  replaceitwithadifferentmessage

¤  TheInternetisanonymous¤  IPaddressesdon’testablishidentity

¤  Anyonemaysendmessagesunderafalseidentity

5

TheProblem¤  TheInternetispublic

¤  Messagessentpassthroughmanymachinesandmedia

¤  Anyoneinterceptingamessagemight¤  readitand/or¤  replaceitwithadifferentmessage

¤  TheInternetisanonymous¤  IPaddressesdon’testablishidentity

¤  Anyonemaysendmessagesunderafalseidentity

6

Cryptography offers partial

solutions to all of these problems

AShadyExample¤  Iwanttomakeapurchaseonlineandclickalinkthattakesmeto

http://www.sketchystore.com/checkout.jsp

¤  WhatIseeinmybrowser:

7

AShadyExample(cont’d)¤  WhenIpressSUBMIT,mybrowsersendsthis:

POST /purchase.jsp HTTP/1.1

Host: www.sketchystore.com

User-Agent: Mozilla/4.0

Content-Length: 48

Content-Type: application/x-www-form-urlencoded

userid=rbd&creditcard=2837283726495601& exp=01/09

8

AShadyExample(cont’d)

¤ Ifthisinformationissentunencrypted,whohasaccesstomycreditcardnumber?¤ Otherpeoplewhocanconnecttomywireless

ethernet¤ Otherpeoplephysicallyconnectedtomywired

ethernet¤ …

¤ Packetsarepassedfromroutertorouter.¤ Allthoseroutershaveaccesstomydata.

9

Acaveatcryptography is not security

10

11

Encryptionandcryptanalysisbasic concepts

12

Encryption

¤ Weencrypt(encode)ourdatasootherscan’tunderstandit(easily)exceptforthepersonwhoissupposedtoreceiveit.

¤ Wecallthedatatoencodeplaintextandtheencodeddatatheciphertext.

¤ Encodinganddecodingareinversefunctionsofeachother

13

ATTACKATDAWNEncryptionalgorithm

AGSTRMBNDO

ATTACKATDAWN

plaintext

ciphertext

secretkey

secretkey

Decryptionalgorithm

Encryption/decryption

ATTACKATDAWN AGSTRMBNDO

ATTACKATDAWN

ciphertext

Mathematical,logical,empirical

analysis

secretkey

plaintext

Encryptionalgorithm

Cryptanalysis

Encryptiontechniquessubstitution and transposition

16

Twobasicwaysofalteringtexttoencrypt/decrypt

¤  Substituteoneletterforanotherusingsomekindofrule

¤  Scrambletheorderofthelettersusingsomekindofrule

17

Substitution Ciphers

SubstitutionCiphers

¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A

19

SubstitutionCiphers

20

SubstitutionCiphers

¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A

¤ Example:MESSAGE→NFTTBHF

21

SubstitutionCiphers

22

MESSAGE→NFTTBHF

SubstitutionCiphers

¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A

¤ Example:MESSAGE→NFTTBHF

¤ CanyoudecryptTFDSFU?

23

SubstitutionCiphers

24

TFDSFU

SubstitutionCiphers

¤ Simpleencryptionschemeusingasubstitutioncipher:¤ Shifteveryletterforwardby1:A→ B,B→ C,...,Z→A

¤ Example:MESSAGE→NFTTBHF

¤ CanyoudecryptTFDSFU?SECRET

25

CaesarCipher

¤ Shiftforwardnletters;nisthesecretkey

¤ Forexample,shiftforward3letters:A→D,B→E,...,Z→C¤  ThisisaCaesarcipherusingakeyof3(n=3).

¤ MESSAGE→ PHVVDJH

¤ Howcanwecrackthisencryptedmessageifwedon’tknowthekey?DEEDUSEKBTFEIIYRBOTUSETUJXYI

26

CaesarCipher(cont’d)

¤ Howlongwouldittakeacomputertotryall25shifts?

27

DEEDUSEKBTFEIIYRBOTUSETUJXYI EFFEVTFLCUGFJJZSCPUVTFUVKYZJ FGGFWUGMDVHGKKATDQVWUGVWLZAK GHHGXVHNEWIHLLBUERWXVHWXMABL HIIHYWIOFXJIMMCVFSXYWIXYNBCM IJJIZXJPGYKJNNDWGTYZXJYZOCDN JKKJAYKQHZLKOOEXHUZAYKZAPDEO KLLKBZLRIAMLPPFYIVABZLABQEFP LMMLCAMSJBNMQQGZJWBCAMBCRFGQ MNNMDBNTKCONRRHAKXCDBNCDSGHR NOONECOULDPOSSIBLYDECODETHIS OPPOFDPVMEQPTTJCMZEFDPEFUIJT PQQPGEQWNFRQUUKDNAFGEQFGVJKU

QRRQHFRXOGSRVVLEOBGHFRGHWKLV RSSRIGSYPHTSWWMFPCHIGSHIXLMW STTSJHTZQIUTXXNGQDIJHTIJYMNX TUUTKIUARJVUYYOHREJKIUJKZNOY UVVULJVBSKWVZZPISFKLJVKLAOPZ VWWVMKWCTLXWAAQJTGLMKWLMBPQA WXXWNLXDUMYXBBRKUHMNLXMNCQRB XYYXOMYEVNZYCCSLVINOMYNODRSC YZZYPNZFWOAZDDTMWJOPNZOPESTD ZAAZQOAGXPBAEEUNXKPQOAPQFTUE ABBARPBHYQCBFFVOYLQRPBQRGUVF BCCBSQCIZRDCGGWPZMRSQCRSHVWG CDDCTRDJASEDHHXQANSTRDSTIWXH

VigenèreCipher

¤  Shiftdifferentamountforeachletter.Useakeyword;eachletterinthekeydetermineshowmanyshiftswedoforthecorrespondingletterinthemessage.

¤  Example:keyword“cmu”:shiftby2,12,20

¤ Message“pittsburgh”

cmucmucmuc

encrypted:runvevwdaj

¤  Tryityourselfathttp://www.simonsingh.net/The_Black_Chamber/v_square.html

28

ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ noshift B BCDEFGHIJKLMNOPQRSTUVWXYZA shiftby1 C CDEFGHIJKLMNOPQRSTUVWXYZAB shiftby2 D DEFGHIJKLMNOPQRSTUVWXYZABC shiftby3 E EFGHIJKLMNOPQRSTUVWXYZABCD etc. F FGHIJKLMNOPQRSTUVWXYZABCDE

...

•  Message: ATTACKATDAWN•  Pickasecretkey DECAFDECAFDE •  Encrypted: D

1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …

ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ

B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB

D DEFGHIJKLMNOPQRSTUVWXYZABC

E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE

...

•  Message: ATTACKATDAWN•  Pickasecretkey DECAFDECAFDE •  Encrypted: DX

1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …

ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ

B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB

D DEFGHIJKLMNOPQRSTUVWXYZABC

E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE

...

•  Message: ATTACKATDAWN•  Pickasecretkey DECAFDECAFDE •  Encrypted: DXV

1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …

ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ

B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB

D DEFGHIJKLMNOPQRSTUVWXYZABC

E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE

...

•  Message: ATTACKATDAWN•  Pickasecretkey DECAFDECAFDE •  Encrypted: DXVAHNEVDFZR

1st letter in the message is shifted by 3, 2nd letter is shifted by 4, …

VernamCipher

¤ VigenèrecipherwasbrokenbyCharlesBabbageinthemid1800sbyexploitingtherepeatedkey¤ Thelengthofthekeydeterminesthecycleinwhichthe

cipherisrepeated.

¤ Vernamcipher:makethekeythesamelengthasthemessage;Babbage’sanalysisdoesn’twork.

33

One-timePads

¤  Vernamcipheriscommonlyreferredtoasaone-timepad.

¤  Ifrandomkeysareusedone-timepadsareunbreakableintheory.

34

AliceandBobhaveidentical“pads”(sharedkeys)

Transposition Ciphers

Transpositionciphers

STSF…EROL...NOUA...DOTN…MPHK…OSEA…RTRN…EOND…

image:http://crypto.interactive-maths.com/simple-transposition-ciphers.html

an ancient Greek method

Encryptionincomputingfast computation makes encryption usable by all of us

Encryptionincomputing

¤ One-timepadsimpracticalonthenet(why?)

¤ Basicassumption:theencryption/decryptionalgorithmisknown;onlythekeyissecret(why?)

¤ Verycomplicatedencryptionscanbecomputedfast:•  typically,elaboratecombinationsofsubstitutionand

transposition

HTTPS

¤ SecurityprotocolfortheWeb,thepeoples’encryption

¤ Purpose:¤  confidentiality(preventeavesdropping)¤  messageintegrityandauthentication(prevent“maninthe

middle”attacksthatcouldalterthemessagesbeingsent)

¤ Techniques:¤  asymmetricencryption(“publickey”encryption)toexchange

secretkey¤  certificateauthoritytoobtainpublickeys¤  symmetricencryptiontoexchangeactualmessages

Keyspace

¤  Keyspaceisjargonforthenumberofpossiblesecretkeys,foraparticularencryption/decryptionalgorithm

¤  Numberofbitsperkeydeterminessizeofkeyspace•  importantbecausewewanttomakebruteforceattacksinfeasible

¤  Bruteforceattack:runthe(known)decryptionalgorithmrepeatedlywitheverypossiblekeyuntilasensibleplaintextappears

¤  Typicalkeysizes:severalhundredbits

40

Symmetricvs.asymmetricencryption

¤  Symmetric(shared-keybetweensenderandreceiver)encryption:commonlyusedforlongmessages•  Oftenacomplicatedmixofsubstitutionandtranspositionencipherment•  Reasonablyfasttocompute•  Examples(CaesarCipher)•  Requiresasharedsecretkeyusuallycommunicatedusing(slower)

asymmetricencryption

Bob Alice

Symmetric(SharedKey)Encryption

42

Ciphertext = Enc(plaintext, key)

Bob uses the shared key to decrypt the ciphertext to recover the plaintext

Plaintext Plaintext = Dec(Ciphertext, key)

Encrypt using key Decrypt using key

Alice uses the shared key to encrypt the plaintext to produce the ciphertext

Ciphertext

EstablishingSharedKeys

¤  Problem:howcanAliceandBobsecretlyagreeonakey,usingapubliccommunicationsystem?

¤  Solution:asymmetricencryptionbasedonnumbertheory¤  Alicehasonesecret,Bobhasadifferentsecret;workingtogetherthey

establishasharedsecret¤  Examples:Diffie-Hellmankeyexchange,RSApublickeyencryption

43

Symmetricvs.asymmetricencryption

¤  Symmetric(shared-keybetweensenderandreceiver)encryption:commonlyusedforlongmessages•  Oftenacomplicatedmixofsubstitutionandtranspositionencipherment•  Reasonablyfasttocompute•  Examples(CaesarCipher)•  Requiresasharedsecretkeyusuallycommunicatedusing(slower)

asymmetricencryption

¤  Asymmetricencryption(twokeys):differentkeysareusedtoencryptandtodecrypt•  Publickey:availabletoeveryone,usedtoencrypt•  Privatekey:availableonlytoreceiver,usedtodecrypt•  Anyonewiththepublickeycanencrypt,onlytheprivatekeycanbe

usedtodecrypt!

Onetypeofasymmetricencryption:RSA

¤ CommonencryptiontechniquefortransmittingsymmetrickeysontheInternet(https,ssl/tls)¤ Namedafteritsinventors:Rivest,Shamirand

Adleman¤ Usedinhttps(youknowwhenyou’reusingitbecause

youseetheURLintheaddressbarbeginswithhttps://)

45

Bob Alice

AsymmetricPublicKeyEncryption

46

ciphertext = Enc(plaintext, pubA)

Alice’spublickeypubA

plaintext plaintext = Dec(ciphertext, privA

Encrypt using pubA Decrypt using privA

Alice uses herprivate key to decrypt the ciphertext to recover the plaintext

Bob uses Alice’s public key to encrypt the plaintext to produce the ciphertext

ciphertext

Alice’sprivatekeyprivA

HowRSAworks

¤  First,wemustbeabletorepresentanymessageasasinglenumber(itmayalreadybeanumberasisusualforasymmetrickey)

¤  Forexample:

A T T A C K A T D A W N

012020010311012004012314

47

PublicandPrivateKeys

48

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

PublicandPrivateKeys

49

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

PublicandPrivateKeys

50

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

PublicandPrivateKeys

51

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

RSAExample

52

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

•  Bob wants to send Alice the message M=4 •  Bob knows Alice’s Public Key: (3, 33) (e = 3,

n = 33) •  Bob encrypts the message using e and n

•  (M e modulo n → C): •  43 modulo 33 → 31 •  ... Bob sends 31

•  Alice’s Public Key: (3, 33) (e = 3, n = 33) •  Alice’s Private Key: (7, 33) (d = 7, n = 33)

•  Usually these are really huge numbers with many hundreds of digits!

•  Alice receives the encoded message 31 •  Alice decrypts the message using d and

n •  (C d modulo n → M ): •  317 modulo 33 → 4

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

RSAExample

53

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

•  Bob wants to send Alice the message M=4 •  Bob knows Alice’s Public Key: (3, 33) (e = 3,

n = 33) •  Bob encrypts the message using e and n

•  (M e modulo n → C): •  43 modulo 33 → 31 •  ... Bob sends 31

•  Alice’s Public Key: (3, 33) (e = 3, n = 33) •  Alice’s Private Key: (7, 33) (d = 7, n = 33)

•  Usually these are really huge numbers with many hundreds of digits!

•  Alice receives the encoded message 31 •  Alice decrypts the message using d and

n •  (C d modulo n → M ): •  317 modulo 33 → 4

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

RSAExample

54

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

•  Bob wants to send Alice the message M=4 •  Bob knows Alice’s Public Key: (3, 33) (e = 3,

n = 33) •  Bob encrypts the message using e and n

•  (M e modulo n → C): •  43 modulo 33 → 31 •  ... Bob sends 31

•  Alice’s Public Key: (3, 33) (e = 3, n = 33) •  Alice’s Private Key: (7, 33) (d = 7, n = 33)

•  Usually these are really huge numbers with many hundreds of digits!

•  Alice receives the encoded message 31 •  Alice decrypts the message using d and

n •  (C d modulo n → M ): •  317 modulo 33 → 4

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

RSAExample

55

Receiver decrypts using private key •  Alice is the receiver •  Every receiver has a:

•  public key (e, n) •  private key (d, n)

•  Decryption: The receiver decodes the encrypted message C to get the original message M using the private key (which no one else knows).

•  C d modulo n → M (plaintext)

•  Bob wants to send Alice the message M=4 •  Bob knows Alice’s Public Key: (3, 33) (e = 3,

n = 33) •  Bob encrypts the message using e and n

•  (M e modulo n → C): •  43 modulo 33 → 31 •  ... Bob sends 31

•  Alice’s Public Key: (3, 33) (e = 3, n = 33) •  Alice’s Private Key: (7, 33) (d = 7, n = 33)

•  Usually these are really huge numbers with many hundreds of digits!

•  Alice receives the encoded message 31 •  Alice decrypts the message using d and

n •  (C d modulo n → M ): •  317 modulo 33 → 4

Sender encrypts using public key • Bob is sender/transmitter • Every sender has the receiver’s public key:

•  publickey(e,n) • Encryption: The sender encrypts a (numerical) message M into ciphertext C using the receiver’s public key:

•  M e modulo n → C (ciphertext)

Generatingn,eandd

56

•  pandqare(big)randomprimes.

•  n=p×q•  φ=(p-1)(q-1)•  eissmallandrelativelyprimetoφ

•  d,suchthat:e × dmodφ=1

p=3,q=11

n=3×11=33φ=2×10=20e=3

3 × dmod20=1d=7

Usually the primes are huge numbers--hundreds of digits long.

CrackingRSA

¤  Everyoneknows(e,n).OnlyAliceknowsd.

¤  Ifweknoweandn,canwefigureoutd?¤  Ifso,wecanreadsecretmessagestoAlice.

¤  Wecandeterminedfromeandn.¤  Factornintopandq.

n=p×qφ=(p-1)(q-1)e×d=1(modφ)

¤  Weknowe(whichispublic),sowecansolveford.

¤  Butonlyifwecanfactorn

57

Every receiver has a: •  public key (e, n) •  private key (d, n)

Every sender has the receiver’s public key: •  publickey(e,n)

RSAissafe(fornow)

¤  Supposesomeonecanfactormy5-digitnin1ms,

¤  Atthisrate,tofactora10-digitnumberwouldtake2minutes.

¤  …tofactora15-digitnumberwouldtake4months.

¤  …20-digitnumber…30,000years.

¤  …25-digitnumber…3billionyears.

¤  We'resafewithRSA!(atleast,fromfactoringwithdigitalcomputers)

58

CertificateAuthorities

¤  Howdoweknowwehavetherightpublickeyforsomeone?

¤  CertificateAuthoritiessigndigitalcertificatesindicatingauthenticityofasenderwhotheyhavecheckedoutintherealworld.

¤  Sendersprovidecopiesoftheircertificatesalongwiththeirmessageorsoftware.

¤  Butcanwetrustthecertificateauthorities?(onlysome)

59

Encryptionisnotsecurity!It’sjustasetoftechniques

60

How(in)secureistheInternet?

¤ TheNSAhasabudgetof$11B;weknowfromEdwardSnowdenhowsomeofitisused

¤ Corporationsandcriminalsalsospyonus

¤ Whatcangowrong?¤  Insecurepseudo-randomnumbergenerators¤  Untrustworthycertificateauthorities¤  Malware¤  “Socialengineering”attackslikephishing¤  Deliberatelybuilt-ininsecurityincryptoproducts¤  PhysicaltappingofInternetrouters

61

Securityisanunsolvedproblem

Yourcybersystemscontinuetofunctionandserveyounotduetotheexpertiseofyoursecuritystaffbutsolelyduetothesufferanceofyouropponents.

–formerNSAInformationAssuranceDirectorBrianSnow(quotedbyBruceSchneier,https://www.schneier.com/blog/archives/2013/03/phishing_has_go.html)

62

Summary

¤  Cryptographyiscoolmathematicsandprotocoldesign

¤  Butcryptographyisnotsecurity,onlyasetoftechniques

¤  Securityisabroaderissueinvolving¤  Othertechnology¤  Socialandlegalfactors

63

“Only amateurs attack machines; professionals target people” –Bruce Schneier

Two closing thoughts

Use Signal…