Download - Cryptography and SSL in Smalltalk - StS 2003
![Page 1: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/1.jpg)
Cryptography and SSLCryptography and SSLin Smalltalkin Smalltalk
Martin Kobetic
Cincom Smalltalk Development
January 2003
![Page 2: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/2.jpg)
CryptographyCryptography
bag of tricks ever growing lists of weaknesses fortune telling the “weakest link” tragedy
![Page 3: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/3.jpg)
CryptographyCryptography
best tricks known (publicly) serious mathematical foundations astronomic margins public peer review competitive standardization (AES)
![Page 4: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/4.jpg)
Secure SolutionsSecure Solutions
mature components balanced “economics” implementation quality
threats, countermeasures, failure modes
deployment qualityinfrastructure, processes, personnel
![Page 5: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/5.jpg)
Cryptographic ObjectivesCryptographic Objectives
confidentiality– encryption
integrity– message authentication codes (MAC)
authentication– signatures
![Page 6: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/6.jpg)
EncryptionEncryption
E(P) = C & D(C) = P one-time pad symmetric (secret) key ciphers
– EK(P) = C & DK(C) = P
asymmetric (public) key ciphers– EK1(P) = C & DK2(C) = P
![Page 7: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/7.jpg)
Secret Key CiphersSecret Key Ciphers
bulk data encryption constructed from simple operations for
speed (xor, shift, x + y mod n, ...) two fundamental classes
– stream ciphers (RC4)– block ciphers (DES/AES)
![Page 8: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/8.jpg)
Secret Key CiphersSecret Key Ciphers
key := ‘secret key’ asByteArray.alice := ARC4 key: key.(ctxt := alice encrypt: ‘Hello’) asString
bob := ARC4 key: key.(bob decrypt: ctxt) asString
![Page 9: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/9.jpg)
Secret Key CiphersSecret Key Ciphers
key strength (HW Brute Force 1995)
1012yrs3s.01s.2µs$1T
1015yrs1h13s.2ms$1G
1018yrs37d3.5h.2s$1M
1019yrs1yr35h2s$100K
128b64b56b40b
![Page 10: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/10.jpg)
Stream CiphersStream Ciphers
time-varying transformation on individual plain-text digits
Pike, A5, RC4, SEAL key-stream generator
– produces: k1, k2, k3, ....
– ci = pi xor ki & pi = ci xor ki
– State S, NextState(S), Output(S) avoid key reuse!
![Page 11: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/11.jpg)
leaked trade secret of RSA Security (1994) 256 byte S-Box; 2 counters i=j=0
RC4 (1992)RC4 (1992)
next key-stream byte:i = (i + 1) mod 256j = (j+Si) mod 256swap Si and Sj
t = (Si + Sj) mod 256K = St
S-Box initialization:S = 0, ..., 255K = 256B of replicated keyfor i=0 to 255: j = (j + Si + Ki) mod 256 swap Si and Sj
![Page 12: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/12.jpg)
Stream Ciphers - KAKStream Ciphers - KAK
synchronous ciphers (KAK)– NextStateK(S)
– Output(S) noise contained preprocessing synchronization critical not parallelizable
![Page 13: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/13.jpg)
Stream Ciphers - CTAKStream Ciphers - CTAK
self-synchronizing ciphers (CTAK)– NextState (Ci-n...i)
– OutputK(S) synchronization decryption parallelizable random access noise propagates encryption not parallelizable
![Page 14: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/14.jpg)
Block CiphersBlock Ciphers
fixed transformation on blocks of plaintext(e.g 64, 128 bits)
DES, IDEA, CAST, Blowfish, RC2, RC5 basic transformation applied in rounds
![Page 15: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/15.jpg)
DES (1977)DES (1977)
csrc.nist.gov: FIPS PUB 46 (1977) FIPS PUB 46-3 (1999)
– triple DES still approved– single DES legacy systems only
64 bit block size 56 bit key (64 bits with parity) 16 rounds using 48 bit subkeys
![Page 16: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/16.jpg)
Block Ciphers - PaddingBlock Ciphers - Padding
alice := DES key: ‘secret8B’ asByteArray.alice encrypt: ‘Hello World!’.
alice := BlockPadding on: DES new.alice setKey: ‘secret8B’ asByteArray.alice encrypt: ‘Hello World!’.
![Page 17: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/17.jpg)
Block Ciphers - PaddingBlock Ciphers - Padding
must be reversible pad with padding size (1-8)
– aka PKCS#5 padding
pad with bits “100…0” ciphertext stealing
– different for different modes (ECB, CBC)
some modes don’t need padding
![Page 18: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/18.jpg)
Block Ciphers - ECBBlock Ciphers - ECB
electronic codebook mode
Ci = Ek(Pi)
Pi = Dk(Ci)
don’t use !
![Page 19: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/19.jpg)
Block Ciphers - CBCBlock Ciphers - CBC
cipher block chaining mode
Ci = Ek(Pi xor Ci-1)
Pi = Ci-1 xor Dk(Ci)
initialization vector (IV)– isn’t secret but unique, random– timestamp, nonce, random nr
![Page 20: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/20.jpg)
Block Ciphers - CBCBlock Ciphers - CBC
alice := CipherBlockChainingon: DES newiv: ‘nonce 8B’ asByteArray.
alice setKey: ‘secret8B’ asByteArray.alice encrypt: ‘a block a block ’.
![Page 21: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/21.jpg)
Block Ciphers - OFBBlock Ciphers - OFB
output feedback mode Si = Ek(Si-1)
Ci = Pi xor Si
Pi = Ci xor Si
like synchronous stream cipher(OutputFeeback on: DES new)
setKey: ‘secret8B’ asByteArray;setIV: ‘nonce 8B’ asByteArray
![Page 22: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/22.jpg)
Block Ciphers - CTRBlock Ciphers - CTR
counter mode
Si := Ek(Nonce || i)
Ci = Pi xor Si
Pi = Ci xor Si
OFB variant
![Page 23: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/23.jpg)
Block Ciphers - CFBBlock Ciphers - CFB
cipher feedback mode
Ci = Pi xor Ek(Ci-1)
Pi = Ci xor Ek(Ci-1)
like self-synchronizing stream cipher
(CipherFeeback on: DES new)setKey: ‘secret8B’ asByteArray;setIV: ‘nonce 8B’ asByteArray
![Page 24: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/24.jpg)
Block Ciphers - MixingBlock Ciphers - Mixing
interleaving– parallelizing “chained” modes
multiple encryption with single cipher– double encryption – no good– 3EDE (inner/outer CBC)
cascading different ciphers
![Page 25: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/25.jpg)
Block Ciphers - MixingBlock Ciphers - Mixing
des3 := TrippleEDEOuterCBCfirst: DES newsecond: DES newthird: DES new.
des3 := DES new3EDE_CBC.des3 setKey: ’24bytes for 3 keys’ asByteArray.des3 setIV: ‘nonce 8B’ asByteArray.
![Page 26: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/26.jpg)
AES (2001)AES (2001)
NIST FIPS PUB 197 (2001) - Rijndael 15 submissions (1998) 5 finalists: MARS, Serpent, Twofish, RC6 modes: ECB, CBC, CFB, OFB, CTR block size 128 bits key sizes 128, 192, 256 bits 10, 12, 14 rounds
![Page 27: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/27.jpg)
Blowfish (1993)Blowfish (1993)
http://www.counterpane.com/blowfish.html block size 64-bits variable key size 32-448 bits not patented, royalty-free 2 parts: key expansion & data encryption 16 rounds, key dependent S-Boxes
![Page 28: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/28.jpg)
Public Key CiphersPublic Key Ciphers
public and private key– hard to compute private from the public
based on “hard” problems– factoring, discrete logarithm
much slower key encryption/exchange, signing RSA, DSA, DH, ElGamal
![Page 29: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/29.jpg)
Public Key CiphersPublic Key Ciphers
key lengths with similar “strength” (bits):symmetric:
asymmetric: 23041792768512384
128112806456
![Page 30: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/30.jpg)
RSA (1977)RSA (1977)
RSA Security, PKCS #1modulus n = product of 2 large primes p, q
public: e = relatively prime to (p-1)(q-1)
private: d = e-1 mod ((p-1)(q-1))
C = Pe mod n [ P < n ] P = Cd mod n
![Page 31: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/31.jpg)
RSARSA
keys := RSAKeyGenerator keySize: 512.alice := RSA new publicKey: keys publicKey.ctxt := alice encrypt: 'Hello World' asByteArray.ctxt asHexString
bob := RSA new privateKey: keys privateKey.(bob decrypt: ctxt) asString
![Page 32: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/32.jpg)
Hash FunctionsHash Functions
one-way:hard to find the input for given output
collision resistant:hard to find two distinct inputs with the same output
data “finger-printing” MD2, MD4, MD5, SHA, RIPE-MD
![Page 33: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/33.jpg)
Hash FunctionsHash Functions
unlimited input size >> fixed output size compression function:
M = M1, M2, ...
hi = f(Mi, hi-1)
MD-strengthening: include message length
![Page 34: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/34.jpg)
Hash FunctionsHash Functions
(MD5 hash: 'Hello') asHexString
input := 'Hello World!' asByteArray readStream.sha := SHA new.sha updateWithNext: 5 from: input.sha updateFrom: input.sha digest asHexString
![Page 35: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/35.jpg)
MD5 (1992)MD5 (1992)
http://www.ietf.org/rfc/rfc1321.txt (Ron Rivest) hash: 128-bits (16B) block: 512-bits (64B) padding: M | 10...0 | length (64bits)
![Page 36: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/36.jpg)
SHA (1993)SHA (1993)
SHS - NIST FIPS PUB 180– hash: 160 bits (20B)– block: 512 bits (64B)– padding: M | 10...0 | length (64B)
FIPS 180-1: SHA-1 (1995) FIPS 180-2: SHA-256, 384, 512 (2002)
![Page 37: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/37.jpg)
Message AuthenticationMessage Authentication
hash function with secret key (MAC) HMAC (RFC 2104, FIPS-198) (1997)
– H(K xor OPad, H(K xor IPad, text))– OPad = 0x5C[B], IPad = 0x36[B]– B = block size, K = key
CBC-MAC:– Hi = EK(Pi xor Hi-1);
– IV=0
![Page 38: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/38.jpg)
HMACHMAC
alice := HMAC hash: SHA new.alice setKey: 'secret' asByteArray.(mac := alice hash: 'Hello World!') asHexString
bob := HMAC hash: SHA new.bob setKey: 'secret' asByteArray.mac = (bob hash: 'Hello World!')
![Page 39: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/39.jpg)
Digital SignaturesDigital Signatures
authentic, non-reusable, unalterable RSA:
– signing:hash the plaintextencrypt digest with private key
– verifying:hash the plaintextdecrypt digest with public keycompare the digests
![Page 40: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/40.jpg)
RSARSA
alice := RSA new privateKey: keys privateKey.sig := alice sign: 'Hello World' asByteArray.sig asHexString
bob := RSA new publicKey: keys publicKey.bob verify: sig of: 'Hello World' asByteArray
![Page 41: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/41.jpg)
DSA (1994)DSA (1994)
NIST FIPS PUB 186– p prime (modulus): (512 + k*64 <= 1024)– q prime factor of p – 1 (160 bits)– g > 1; g^q mod p = 1 (g has order q mod p)– x < q (private key)– y = g^x mod p (public key)
FIPS 186-1 (1998): RSA(X9.31) FIPS 186-2 (2000): ECDSA(X9.62) change notice 2001: revised PRNG
![Page 42: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/42.jpg)
DSADSA
keys := DSAKeyGenerator keySize: 512.alice := DSA new privateKey: keys privateKey.sig := alice sign: 'Hello World' asByteArray
bob := DSA new publicKey: keys publicKey.bob verify: sig of: 'Hello World' asByteArray
![Page 43: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/43.jpg)
Key ManagementKey Management
“keys are pain”:generation, transfer, verification, usage, updating, storing, backup, compromise, lifetime, destruction
public-key cryptography helps– session key exchange– public key distribution
![Page 44: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/44.jpg)
Diffie-Hellman (1976)Diffie-Hellman (1976)
establishing a shared secret value http://www.ietf.org/rfc/rfc2631.txt modulus p: large prime (>512b)
generator g: primitive mod pprivate x: random 1 < x < ppublic y: g^x mod ppublic y’: other party’s yshared secret: y’^x mod p
![Page 45: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/45.jpg)
Diffie-HellmanDiffie-Hellman
gen := DHParameterGenerator m: 160 l: 512.alice := DH p: gen p q: gen q.ya := alice computePublicValue.
bob := DH p: alice p g: alice g.yb := bob computePublicValue.ss := bob computeSharedSecretUsing: ya
ss = (alice computeSharedSecretUsing: yb)
![Page 46: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/46.jpg)
Digital CertificatesDigital Certificates
data signed by a “trusted” third party public key, subject & issuer identification,
certificate identification, validity certificate hierarchies certificate chain validation certificate revocation
![Page 47: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/47.jpg)
X.509X.509
RFC 2459 (1999) > RFC 3279, 3280 (2002) ASN.1 – DER encoding X.509v1: version, serial nr, issuer, validity,
subject, public key, signature X.509v2: issuer/subject UID X.509v3: extensions (basic constraints, key
usage, key identifiers, policies, ...)
![Page 48: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/48.jpg)
Random NumbersRandom Numbers
random: passes all statistical tests secure: unpredictable without the seed RFC 1750 (Recommendations) FIPS-186-2 (DSS) yarrow (www.counterpane.com) entropy gathering
– /dev/urandom– EGD, EGADS
![Page 49: Cryptography and SSL in Smalltalk - StS 2003](https://reader034.vdocuments.site/reader034/viewer/2022052509/55a1ae2a1a28abcd798b4722/html5/thumbnails/49.jpg)
SSLSSL
Believe it or not, it uses all that !
to be continued