information security - paylogic techtalk 2014

Informa(on  Security                                                  Tech  Talk    

Aug  4th  2014  Dirk  Zi=ersteyn  

Informa(on  security      

Three  main  goals  

Keep  your  data  secure  

Make  sure  people  can’t  change  your  data  

Make  sure  your  informa(on  stays  available  

                                                         Confiden(ality                                                          Integrity                                                          Availability  

                                                         Confiden(ality                                                          Integrity                                                          Availability  

Availability  

                                             Subject  for  another  talk  

Confiden(ality  and  Integrity  

Two  sides  of  the  same  coin      

If  you  can’t  guarantee  integrity,  confiden(ality  is  useless,  and  vice-­‐versa.  

Cryptography    

Confiden(ality  Integrity  (a  bit)  

Basic  Terminology:  

Encryp(on  Plaintext  Ke

y  Ciphertext   Decryp(on  

Key  

Plaintext  

Basic  Terminology:  

Encryp(on  Plaintext  Ke

y  Ciphertext   Decryp(on  

Key  

Plaintext  

=  Symmetric  encryp(on    

Basic  Terminology:  

Encryp(on  Plaintext  Ke

y  Ciphertext   Decryp(on  

Key  

Plaintext  

≠  Asymmetric  encryp(on    

Founda(ons    Kerckhoffs  (1835  –  1903)   Shannon  (1916  –  2001)  

Auguste  Kerckhoffs    

La  Cryptographie  Militaire  (1883)  

Kerckhoffs’  principle  The design of a system should not

require secrecy

The design of a system should not require secrecy

Kerckhoffs’  principle  

and compromise of the system should not inconvenience the

correspondents

Kerckhoffs’  principle  

Open Source your method

Kerckhoffs’  principle      

Security  is  in  the  key  

Claude  Shannon    

Perfect  Secrecy  Confusion  Diffusion  

Claude  Shannon  "Perfect Secrecy" is defined by requiring of a

system that after a cryptogram is intercepted by the enemy, the a posteriori probabilities of this cryptogram representing various messages be identically the same as

the a priori probabilities of the same messages before the interception

In  other  words:      

The  enemy  learns  nothing.    

Claude  Shannon    

Confusion:  Rela(on  plaintext  -­‐  ciphertext  

Claude  Shannon    

Diffusion:  Posi(on  of  plaintext  in  ciphertext  

Back  in  the  days…  

Caesar  Cipher  

caesar  =  alpha[n:]  +  alpha[:n]  

caesar(‘Hello World’, 3) =

‘KHOOR ZRUOG’

Decrypt    

 Simple.  

Decrypt  

A  li=le…  too  simple.  

for i in range(26):

print caesar('KHOOR ZRUOG', i)

0: KHOOR ZRUOG 1: LIPPS ASVPH 2: MJQQT BTWQI 3: NKRRU CUXRJ 4: OLSSV DVYSK 5: PMTTW EWZTL 6: QNUUX FXAUM 7: ROVVY GYBVN 8: SPWWZ HZCWO 9: TQXXA IADXP 10: URYYB JBEYQ 11: VSZZC KCFZR 12: WTAAD LDGAS

13: XUBBE MEHBT 14: YVCCF NFICU 15: ZWDDG OGJDV 16: AXEEH PHKEW 17: BYFFI QILFX 18: CZGGJ RJMGY 19: DAHHK SKNHZ 20: EBIIL TLOIA 21: FCJJM UMPJB 22: GDKKN VNQKC 23: HELLO WORLD 24: IFMMP XPSME 25: JGNNQ YQTNF

ecuritysay  oughthray  obscurityyay  

ecuritysay  oughthray  obscurityyay  

   They  simply  assumed  no-­‐one  would  think  to  decrypt  it    

(they  even  hardcoded  the  number  by  which  is  was  shi`ed:  3)    

KHOOR Z'RUOG! (Klingons  never  bluff)  

They  hoped  people  would  think  it  was  some  language  they  did  not  understand    

Kerckhoffs’  principle  

Improving  Caesar  shi`      

Keyspace  ≈  26        

Generalizing  Caesar  shi`  

ABCDEFGHIJKLMNOPQRSTUVWXYZ  

alpha = alpha[n:] + alpha[:n]  

DEFGHIJKLMNOPQRSTUVWXYZABC  

Subs(tu(on  cipher  

ABCDEFGHIJKLMNOPQRSTUVWXYZ

alpha = random.shuffle(alpha)

WGLOJTYUDZQXKVAFHMBPECRNIS

Subs(tu(on  cipher    

Keyspace  ≈  26!    

403291461126605635584000000  

 Secure?  

You  intercept:  MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. …

English  le=er  freq’s  

Message  le=er  freq’s  

Pre=y  similar!  English   Message  

a d

ab do

abc dok

abcdefghijklmnopqrstuvwxyz dokutbnvrxcespalyhzmwqjfgi

Guessed  key  

dokutbnvrxcespalyhzmwqjfgi

dokutbnvrxcespalyhzmwqjfgi

aoeutsnhrcxkbdpjyvzmwqlfgi

Actual  key  

Guessed  key  

Similar  enough  to  come  close  

dokutbnvrxcespalyhzmwqjfgi

aoeutsnhrcxkbdpjyvzmwqlfgi

Actual  key  

Guessed  key  

More  work  needed  

dokutbnvrxcespalyhzmwqjfgi

aoeutsnhrcxkbdpjyvzmwqlfgi

Actual  key  

Guessed  key  

There  are  some  pre=y  big  mismatches  

Decoded  with  guessed  key  TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.

We’ve  assumed  it’s  English  TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.

So  let’s  find  some  English  words  

TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the declaration oM indeWendence is the usual naFe oM a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart oM the british eFWire. instead they MorFed a new nation - the united states oM aFerica. Kohn adaFs was a leader in Wushing Mor indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee oM MiVe had already draMted the MorFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration oM indeWendence" is not used in the docuFent itselM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the declaration of indeWendence is the usual naFe of a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart of the british eFWire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in Wushing for indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration of indeWendence" is not used in the docuFent itself.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the declaration of independence is the usual naFe of a stateFent adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly independent soVereign states, and no longer a part of the british eFpire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in pushing for independence, which was unaniFously approVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on independence. the terF "declaration of independence" is not used in the docuFent itself.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the declaration of independence is the usual name of a statement adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselVes as thirteen newly independent soVereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. Kohn adams was a leader in pushing for independence, which was unanimously approVed on Kuly 2. a committee of fiVe had already drafted the formal declaration, to be ready when congress Voted on independence. the term "declaration of independence" is not used in the document itself.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the declaration of independence is the usual name of a statement adopted by the continental congress on july 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselves as thirteen newly independent sovereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. john adams was a leader in pushing for independence, which was unanimously approved on july 2. a committee of five had already drafted the formal declaration, to be ready when congress voted on independence. the term "declaration of independence" is not used in the document itself.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

Cracked!      

So,  let’s  adap(ng  it  in  a  different  way  

Change  the  shi`  each  le=er  

Plaintext: supersecretmessageyoushouldnotsee

Key:

donotlook

Repeat  the  key  

supersecretmessageyoushouldnotsee

donotlookdonotlookdonotlookdonotl

Add  plaintext  and  key  

supersecretmessageyoushouldnotsee

donotlookdonotlookdonotlookdonotl --------------------------------- vicskdsqbhhzsldouobchgaziznqcggxp

+  

This  is  the  Vigenère  Cipher    

Named  for    Blaise  de  Vigenère  (1523  –  1596)    

This  is  the  Vigenère  Cipher    

Actually  invented  by  Giovan  Bapsta  Bellaso  

(1505  –  ??)    

Also  known  as:      

Le  Chiffre  Indéchiffrable  (The  Unbreakable  Cipher)  

Secure?  

Brute  Force:        

possibili(es  (n  =  9  -­‐>  10795636100592)  

Frequency  analysis?  

Ciphertext     English  

First:    

Guess  the  key  length  

Repeated  words,  repeated  key  

Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB

Repeated  words,  repeated  key  

VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR

Repeated  words,  repeated  key  

VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR

VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]

Repeated  words,  repeated  key  

VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR

VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]

QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]

Repeated  words,  repeated  key  

[18, 9, 6, 3, 2, 1]

∩

[30, 15, 10, 6, 5, 3, 2, 1]

=

[6, 3, 2, 1]

Repeated  words,  repeated  key  

[18, 9, 6, 3, 2, 1]

∩

[30, 15, 10, 6, 5, 3, 2, 1]

=

[6, 3, 2, 1]

When  you  assume                        You  make  an  ass                                                          out  of  u                                                                      and  me  

When  you  assume    

There  might  not  be  any    repeated  words  at  the  right  spots  

If  the  key  length  =  2   uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA

If  the  key  length  =  2   uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA

udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl

AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB

If  the  key  length  =  2   uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA

udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl

AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB

Should be a standard letter distribution

If  the  key  length  =  3   uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC

uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe

AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC

Should be a standard letter distribution

Let’s  try  this!      

Encoded  a  plaintext  with  key  ‘SECRET’

 Split  the  ciphertext,  

 Split  the  ciphertext,  

Sort  characters  by  frequency  

 Split  the  ciphertext,  

Sort  characters  by  frequency  Sum  highest  frequencies,  second  highest,  etc.  

secret

secret s e c r e t

 Now  that  we  know  the  key  length,  This  is  not  that  different  from  

subs(tu(on  cipher  

Cracked!    

Principle  is  easy    

Doing  it  by  hand  is  tedious    

Cracked!    

smurfoncrack.com/pygenere/        

source:  smurfoncrack.com/pygenere/pygenere.py  

Is  there  any  truly  secure  method?  

Yes.  

The  One-­‐Time  pad    

Looks  like  Vigenère.    

The  One-­‐Time  pad    

Create  a  long  key,  without  repeFFon    

The  One-­‐Time  pad    

Create  a  long  key,  without  repeFFon  Securely  share  it  between  both  par(es  

The  One-­‐Time  pad    

To  send  a  message:  

Plaintext attackatdawn Key owbxelcixrql

------------ +

Ciphertext opuxgvcbarmy

And  then:  

And  then:    

Destroy  the  key  

 One-­‐Time  pad  

This  is  provably  perfectly  secure    

You  can’t  even  brute  force  it!  

This  is  provably  perfectly  secure  opuxgvcbarmy owbxelcixrql

------------ -

attackatdawn

opuxgvcbarmy elqinoymwrku

------------ -

keepthepeace

This  is  provably  perfectly  secure      

So  why  don’t  we  all  use  it?  

Why  we  don’t  use  it:    

You  need  to  share  the  key  securely,  But  how?  

Out  of  band  communica(on    

How  the  spies  did  it  Before  the  mission,  they  received  a  codebook  

Out  of  band  communica(on    

How  the  spies  did  it  But  imprac(cal  for  ordinary  use  

In  band  communica(on    

Safe  channel  through  which  to  send  the  key  

In  band  communica(on    

Just  use  that  channel  to  send  the  message.  

They  all  have  in  common:    

Confusion  ✓    Diffusion  ✗  

Why  do  you  need  diffusion?    

e.g.  image  encryp(on  

Using  a  block  cipher    

Encodes  blocks  of  data  

Electronic  Code  Book  (ECB)    

Blocks  with  the  same  data  are  encoded  as  the  same  data  

Encode  this  image  with  ECB:  

24-­‐bits  bmp  

“Encrypted”  

(a`er  header  restora(on)  

Cipher  block  chaining    

Does  do  diffusion  

Looks  like  noise.  

Methods  covered  so  far:    

Brute  Force  Caesar  Cipher  

Methods  covered  so  far:    

Brute  Force  Caesar  Cipher  

Founda(onal  weakness  Vigenère,  Subs9tu9on,  ECB  

Next  up:    

Mad  Science  

Next  up:    

Mad  Science  Side  channel  a=acks  

Tradi(onal  model  

E  Plaintext  

Key  

Ciphertext  

Key  

Plaintext  D  

Side  channel  model  

E  Plaintext  

Key  

Ciphertext  

Key  

Plaintext  D  

Heat  

Timing  

Heat  

Timing  

Simple  example  def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True

Simple  example  if input == password: login()

else:

error()

Simple  example  1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

Simple  example  1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

≈  0.8ms  

Simple  example  1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

≈  2.1ms  (1  iter)  

Simple  example  1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

≈  2.1ms  (1  iter)  

Simple  example  1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

≈  2.3ms  (2  iter)  

Simple  example  1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

≈  2.3ms  (2  iter)  

Simple  example  1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True

≈  2.5ms  (2  iter)  

Simple  example  This  simple  error  has  reduced  your  keyspace  

 From  26n  to  26n  

This  isn’t  really  MAD  science…  

Power  consump(on  of  a  CPU  during  RSA  computa(on.      

0  

0   1   …  

Crypto  is  a  minefield  

h=p://w

ww.m

oserware.com

/2009/09/s(ck-­‐figure-­‐guide-­‐to-­‐advanced.html  

Methods  covered  so  far:    

Brute  Force  Caesar  Cipher  

Founda(onal  weakness  Vigenère,  Subs9tu9on,  ECB  

Side  channel  a=acks  Timing,  Power  Consump9on,  Acous9c,  etc.  

Last  but  not  least      

Rubber-­‐Hose  Cryptanalysis  

[..]  In  which  a  rubber  hose  is  applied  forcefully  and  frequently  to  the  soles  of  the  feet,  un9l  the  

key  to  the  cryptosystem  is  discovered      

A  process  that  can  take  a  surprisingly  short  9me  and  is  quite  computa9onally  inexpensive  

sci.crypt  (1990)  

What  haven’t  I  covered?  Asymmetric  encryp(on    

 public  –  private  key    …  

 A  lot  of  math  

 Diffie  –  Hellman  key  exchange    Prime  factoriza(on    Ellip(c  Curve  crypto    …        

Integrety  assurance    HMAC    …  

Stream  Ciphers    Man  in  the  middle    AES,  DES,      Hashes    Salts    Etc.      

MORE!!!  

Great  intro  to  a  great    encryp(on  standard  

A  s(ck  figure  guide  to  AES  

Mad  science  side-­‐channel  a=acks  To  Protect  and  Infect  (Jacob  Applebaum)  

Awesome  primer    for  InfoSec  

History  of  the    informa(on  age