cryptography basics - dc206cryptography basics eugenia potseluevskaya (jennie) @epotseluevskaya...
TRANSCRIPT
Cryptography Basics
Eugenia Potseluevskaya(Jennie)
@epotseluevskaya
whoami
● Math education with the focus on cryptography and cybernetics
● 5 years in defensive security (mostly PKI, SIEM, and risk assessments)
● 8+ years in offensive security (vulnerability analysis, pentesting, security research, threat intelligence, ICS, IoT, etc.)
● PHDays forum organizer
/* buzzwords */ CISA, CISSP, OSCP, OSCE, Russian haxxor, Kaspersky Lab O_O
Cryptography is huge
In my diploma:
530 hours of various cryptography topics
including a year-long course of elliptic curves only
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Objectives
● Confidentiality● Authentication● Integrity● Non-repudiation
Kerckhoffs' Principle
The security of the encryption scheme must depend only on the secrecy of the key, and not on the secrecy of the algorithm.
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Symmetric cryptography
For symmetric (aka conventional, secret-key, single-key algorithms, or one-key) algorithms the encryption key can be calculated from the decryption key and vice versa.
Symmetric cryptography
For symmetric (aka conventional, secret-key, single-key algorithms, or one-key) algorithms the encryption key can be calculated from the decryption key and vice versa.
Stream ciphers process plain text one unit (bit/byte/character) at a time
Symmetric cryptography
For symmetric (aka conventional, secret-key, single-key algorithms, or one-key) algorithms the encryption key can be calculated from the decryption key and vice versa.
Stream ciphers process plain text one unit (bit/byte/character) at a time
Block ciphers process plain text in blocks
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Basics
XOR:
Stream ciphers overview
● A perfect encryption scheme: one-time pad
Stream ciphers overview
● A perfect encryption scheme: one-time pad● Closely tied with pseudo-random-sequence
generators
Stream ciphers overview
● A perfect encryption scheme: one-time pad● Closely tied with pseudo-random-sequence
generators● The most well-known ciphers:
- RC4 (used by WEP)
Stream ciphers overview
● A perfect encryption scheme: one-time pad● Closely tied with pseudo-random-sequence
generators● The most well-known ciphers:
- RC4 (used by WEP)
- A5/1 (used in GSM communications)
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Block ciphers
● A block cipher is an encryption function for fixed-size blocks of data.
● Block length is fixed, so padding is needed. Padding must be reversible.
Block ciphers
● A block cipher is an encryption function for fixed-size blocks of data.
● Block length is fixed, so padding is needed. Padding must be reversible.
Example: block size is 16
42 42 42 42 42 42 42 42 42 42 06 06 06 06 06 06
42 42 42 42 42 42 42 42 42 42 42 05 05 05 05 05
Block ciphers
● A block cipher is an encryption function for fixed-size blocks of data.
● Block length is fixed, so padding is needed. Padding must be reversible.
Side note: "Padding oracle" (nothing to do with Oracle DBMS) - it freely responds to queries about whether a message is correctly padded or not, and allows an attacker to use the padding validation of a cryptographic message to decrypt the ciphertext
Block ciphers
● A block cipher is an encryption function for fixed-size blocks of data.
● Block length is fixed, so padding is needed. Padding must be reversible.
● Different modes exist to handle more than one block: ECB, CBC, OFB, CTR
Block ciphers
● A block cipher is an encryption function for fixed-size blocks of data.
● Block length is fixed, so padding is needed. Padding must be reversible.
● Different modes exist to handle more than one block: ECB, CBC, OFB, CTR
● The most well-known ciphers: DES, 3-DES, AES, Blowfish
DES
● DES - Data Encryption Standard● Block length – 64 bits● Effective key length – 56 bits● 16 rounds (each consists of substitution and
permutation)● Used in: Microsoft LM, Net-NTLMv1, MS-
CHAPv2, linux crypt(), IPsec (if no better options)
DES
DES
DES
Feistel function (F)
DES
Feistel function (F)
DES and 3-DES
● Nowadays DES is not secure
DES and 3-DES
● Nowadays DES is not secure
● 3-DES is better
● Effective key length is 112 or 168 bits
DES and 3-DES
● Nowadays DES is not secure
● 3-DES is better
● Effective key length is 112 or 168 bits
In November 2017, NIST restricted usage to 220 64-bit blocks (8 MB of data) using a single key bundle, so it could no longer effectively be used for TLS, IPsec, or large file encryption.
AES
● AES - Advanced Encryption Standard● Block length – 128 bits● Key length – 128, 192, or 256 bits● 10-14 rounds (depending on the key length)● Used in: TLS, SSH, IPsec, PGP, S/MIME,
WPA2, Kerberos 5, SMB 3
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Block cipher modes
● Electronic Code Book (ECB) – each block is independent - bad
Block cipher modes
● Electronic Code Book (ECB) – each block is independent - bad
● Cipher Block Chaining (CBC) - XORing each plaintext block with the previous ciphertext block
Block cipher modes
● Electronic Code Book (ECB) – each block is independent - bad
● Cipher Block Chaining (CBC) - XORing each plaintext block with the previous ciphertext block
IV is for Initialization Vector – can be generated in different ways
Block cipher modes
● Output Feedback Mode (OFB) – block cipher is used to generate a pseudorandom key stream, which is XORed with the plaintext.
Block cipher modes
● Output Feedback Mode (OFB) – block cipher is used to generate a pseudorandom key stream, which is XORed with the plaintext.
● Counter Mode (CTR or CNT) – similar to OFB, but has a counter
IV or nonce MUST be unique every time
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Hash functions
● A hash (or message digest) function - a function that takes as an arbitrarily long input string and produces a fixed-size result.
Hash functions
● A hash (or message digest) function - a function that takes as an arbitrarily long input string and produces a fixed-size result.
● In cryptography must be one-way● Must be collision-resistant
Hash functions
● A hash (or message digest) function - a function that takes as an arbitrarily long input string and produces a fixed-size result.
● In cryptography must be one-way● Must be collision-resistant● Should be not too fast
Hash functions
● A hash (or message digest) function - a function that takes as an arbitrarily long input string and produces a fixed-size result.
● In cryptography must be one-way● Must be collision-resistant● Should be not too fast● The most well-known examples: MD4 (used in
NTLM), MD5, SHA-1, SHA-256, SHA-512, bcrypt
Hash functions
● A hash (or message digest) function - a function that takes as an arbitrarily long input string and produces a fixed-size result.
● In cryptography must be one-way● Must be collision-resistant● Should be not too fast● The most well-known examples: MD4 (used in
NTLM), MD5, SHA-1, SHA-256, SHA-512, bcrypt
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Salt
Salt
● Cryptographic salt is a random string added to the password before hashing
Salt
● Cryptographic salt is a random string added to the password before hashing
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Message authentication codes
● A message authentication code (MAC) or a data authentication code (DAC), is a one-way hash function with the addition of a secret key.
● Only someone with the key can verify the hash value.
Message authentication codes
● CBC-MAC:
Message authentication codes
● CBC-MAC:
● HMAC:
Message authentication codes
● CBC-MAC:
● HMAC:
● Improve block ciphers modes:● Galois/Counter Mode (GCM) provides both encryption and
authentication for a block cipher, also used as MAC only as GMAC
● CCM mode = Counter mode with CBC-MAC
Symmetric cryptography
For symmetric (aka conventional, secret-key, single-key algorithms, or one-key) algorithms the encryption key can be calculated from the decryption key and vice versa.
Problem: key management and distribution
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Asymmetric cryptography
Asymmetric (public-key) algorithms are designed so that the key used for encryption is different from the key used for decryption, and the decryption key cannot be calculated from the encryption key in any reasonable amount of time.
A bit of complexity theory
● P consists of all decision problems that can be solved on a deterministic Turing machine in an amount of time that is polynomial in the size of the input.
If n is the input length, the solving time is a polynom from n
time = aknk+a
k-1nk-1+...a
1n+a
0 – denoted as O(nk)
A bit of complexity theory
● P consists of all decision problems that can be solved on a deterministic Turing machine in an amount of time that is polynomial in the size of the input.
If n is the input length, the solving time is a polynom from n
time = aknk+a
k-1nk-1+...a
1n+a
0 – denoted as O(nk)
● Solutions to a NP problem can be verified on a deterministic Turing machine in polynomial time.
often the time to solve is exponential - O(2n)
A bit of complexity theory
● P consists of all decision problems that can be solved on a deterministic Turing machine in an amount of time that is polynomial in the size of the input.
If n is the input length, the solving time is a polynom from n
time = aknk+a
k-1nk-1+...a
1n+a
0 – denoted as O(nk)
● Solutions to a NP problem can be verified on a deterministic Turing machine in polynomial time.
often the time to solve is exponential - O(2n)
● P == NP ? - a Millennium Prize Problem, the classical asymmetric cryptography assumes that likely NO
Some of NP problems
● Prime Factorization:
given N=pq, p and q are prime, find p and q
Some of NP problems
● Prime Factorization:
given N=pq, p and q are prime, find p and q● Discrete Logarithm:
given p,g, and y=gx mod p, find x
x = logg(y)
A variant (for a different group) – Elliptic Curve Discrete Logarithm Problem
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Diffie-Hellman● Alice to Bob: X = gx mod p● Bob to Alice Y = gy mod p● Alice: k = Yx mod p● Bob: k` = Xy mod p
k=k`=gxy mod p
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
RSA encryption
● Ronald Rivest, Adi Shamir, and Leonard Adleman
t=(p-1)(q-1)cd mod n = med mod n = mkt+1 mod n = mkt m mod n = (mt)k m mod n = 1k m mod n = m
Cryptography topics
cryptography
symmetric
asymmetric
stream
block different modes
key exchange
encryption
digital signatures
MAC
hashes
salt
cryptanalysis
Digital Signatures
● Verify authenticity● Can be created based on public-key encryption
Asymmetric cryptography
Asymmetric (public-key) algorithms are designed so that the key used for encryption is different from the key used for decryption, and the decryption key cannot be calculated from the encryption key in any reasonable amount of time.
Widespread algorithms: RSA, Diffie-Hellman key agreement protocol, Digital Signature Algorithm (DSA), Elliptic Curve Cryptography (ECC) including Elliptic Curve Digital Signature Algorithm (ECDSA)
All together (TLS example)
Thank youEugenia Potseluevskaya(Jennie)
@epotseluevskaya