Informa(on Security Tech Talk
Aug 4th 2014 Dirk Zi=ersteyn
Informa(on security
Three main goals
Keep your data secure
Make sure people can’t change your data
Make sure your informa(on stays available
Confiden(ality Integrity Availability
Confiden(ality Integrity Availability
Availability
Subject for another talk
Confiden(ality and Integrity
Two sides of the same coin
If you can’t guarantee integrity, confiden(ality is useless, and vice-‐versa.
Cryptography
Confiden(ality Integrity (a bit)
Basic Terminology:
Encryp(on Plaintext Ke
y Ciphertext Decryp(on
Key
Plaintext
Basic Terminology:
Encryp(on Plaintext Ke
y Ciphertext Decryp(on
Key
Plaintext
= Symmetric encryp(on
Basic Terminology:
Encryp(on Plaintext Ke
y Ciphertext Decryp(on
Key
Plaintext
≠ Asymmetric encryp(on
Founda(ons Kerckhoffs (1835 – 1903) Shannon (1916 – 2001)
Auguste Kerckhoffs
La Cryptographie Militaire (1883)
Kerckhoffs’ principle The design of a system should not
require secrecy
The design of a system should not require secrecy
Kerckhoffs’ principle
and compromise of the system should not inconvenience the
correspondents
Kerckhoffs’ principle
Open Source your method
Kerckhoffs’ principle
Security is in the key
Claude Shannon
Perfect Secrecy Confusion Diffusion
Claude Shannon "Perfect Secrecy" is defined by requiring of a
system that after a cryptogram is intercepted by the enemy, the a posteriori probabilities of this cryptogram representing various messages be identically the same as
the a priori probabilities of the same messages before the interception
In other words:
The enemy learns nothing.
Claude Shannon
Confusion: Rela(on plaintext -‐ ciphertext
Claude Shannon
Diffusion: Posi(on of plaintext in ciphertext
Back in the days…
Caesar Cipher
caesar = alpha[n:] + alpha[:n]
caesar(‘Hello World’, 3) =
‘KHOOR ZRUOG’
Decrypt
Simple.
Decrypt
A li=le… too simple.
for i in range(26):
print caesar('KHOOR ZRUOG', i)
0: KHOOR ZRUOG 1: LIPPS ASVPH 2: MJQQT BTWQI 3: NKRRU CUXRJ 4: OLSSV DVYSK 5: PMTTW EWZTL 6: QNUUX FXAUM 7: ROVVY GYBVN 8: SPWWZ HZCWO 9: TQXXA IADXP 10: URYYB JBEYQ 11: VSZZC KCFZR 12: WTAAD LDGAS
13: XUBBE MEHBT 14: YVCCF NFICU 15: ZWDDG OGJDV 16: AXEEH PHKEW 17: BYFFI QILFX 18: CZGGJ RJMGY 19: DAHHK SKNHZ 20: EBIIL TLOIA 21: FCJJM UMPJB 22: GDKKN VNQKC 23: HELLO WORLD 24: IFMMP XPSME 25: JGNNQ YQTNF
ecuritysay oughthray obscurityyay
ecuritysay oughthray obscurityyay
They simply assumed no-‐one would think to decrypt it
(they even hardcoded the number by which is was shi`ed: 3)
KHOOR Z'RUOG! (Klingons never bluff)
They hoped people would think it was some language they did not understand
Kerckhoffs’ principle
Improving Caesar shi`
Keyspace ≈ 26
Generalizing Caesar shi`
ABCDEFGHIJKLMNOPQRSTUVWXYZ
alpha = alpha[n:] + alpha[:n]
DEFGHIJKLMNOPQRSTUVWXYZABC
Subs(tu(on cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
alpha = random.shuffle(alpha)
WGLOJTYUDZQXKVAFHMBPECRNIS
Subs(tu(on cipher
Keyspace ≈ 26!
403291461126605635584000000
Secure?
You intercept: MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. …
English le=er freq’s
Message le=er freq’s
Pre=y similar! English Message
a d
ab do
abc dok
abcdefghijklmnopqrstuvwxyz dokutbnvrxcespalyhzmwqjfgi
Guessed key
dokutbnvrxcespalyhzmwqjfgi
dokutbnvrxcespalyhzmwqjfgi
aoeutsnhrcxkbdpjyvzmwqlfgi
Actual key
Guessed key
Similar enough to come close
dokutbnvrxcespalyhzmwqjfgi
aoeutsnhrcxkbdpjyvzmwqlfgi
Actual key
Guessed key
More work needed
dokutbnvrxcespalyhzmwqjfgi
aoeutsnhrcxkbdpjyvzmwqlfgi
Actual key
Guessed key
There are some pre=y big mismatches
Decoded with guessed key TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
We’ve assumed it’s English TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
So let’s find some English words
TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the declaration oM indeWendence is the usual naFe oM a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart oM the british eFWire. instead they MorFed a new nation - the united states oM aFerica. Kohn adaFs was a leader in Wushing Mor indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee oM MiVe had already draMted the MorFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration oM indeWendence" is not used in the docuFent itselM.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the declaration of indeWendence is the usual naFe of a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart of the british eFWire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in Wushing for indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration of indeWendence" is not used in the docuFent itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the declaration of independence is the usual naFe of a stateFent adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly independent soVereign states, and no longer a part of the british eFpire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in pushing for independence, which was unaniFously approVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on independence. the terF "declaration of independence" is not used in the docuFent itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the declaration of independence is the usual name of a statement adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselVes as thirteen newly independent soVereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. Kohn adams was a leader in pushing for independence, which was unanimously approVed on Kuly 2. a committee of fiVe had already drafted the formal declaration, to be ready when congress Voted on independence. the term "declaration of independence" is not used in the document itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
the declaration of independence is the usual name of a statement adopted by the continental congress on july 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselves as thirteen newly independent sovereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. john adams was a leader in pushing for independence, which was unanimously approved on july 2. a committee of five had already drafted the formal declaration, to be ready when congress voted on independence. the term "declaration of independence" is not used in the document itself.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
Cracked!
So, let’s adap(ng it in a different way
Change the shi` each le=er
Plaintext: supersecretmessageyoushouldnotsee
Key:
donotlook
Repeat the key
supersecretmessageyoushouldnotsee
donotlookdonotlookdonotlookdonotl
Add plaintext and key
supersecretmessageyoushouldnotsee
donotlookdonotlookdonotlookdonotl --------------------------------- vicskdsqbhhzsldouobchgaziznqcggxp
+
This is the Vigenère Cipher
Named for Blaise de Vigenère (1523 – 1596)
This is the Vigenère Cipher
Actually invented by Giovan Bapsta Bellaso
(1505 – ??)
Also known as:
Le Chiffre Indéchiffrable (The Unbreakable Cipher)
Secure?
Brute Force:
possibili(es (n = 9 -‐> 10795636100592)
Frequency analysis?
Ciphertext English
First:
Guess the key length
Repeated words, repeated key
Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB
Repeated words, repeated key
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
Repeated words, repeated key
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
Repeated words, repeated key
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR
VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]
QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]
Repeated words, repeated key
[18, 9, 6, 3, 2, 1]
∩
[30, 15, 10, 6, 5, 3, 2, 1]
=
[6, 3, 2, 1]
Repeated words, repeated key
[18, 9, 6, 3, 2, 1]
∩
[30, 15, 10, 6, 5, 3, 2, 1]
=
[6, 3, 2, 1]
When you assume You make an ass out of u and me
When you assume
There might not be any repeated words at the right spots
If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA
udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB
Should be a standard letter distribution
If the key length = 3 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC
uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe
AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC
Should be a standard letter distribution
Let’s try this!
Encoded a plaintext with key ‘SECRET’
Split the ciphertext,
Split the ciphertext,
Sort characters by frequency
Split the ciphertext,
Sort characters by frequency Sum highest frequencies, second highest, etc.
secret
secret s e c r e t
Now that we know the key length, This is not that different from
subs(tu(on cipher
Cracked!
Principle is easy
Doing it by hand is tedious
Cracked!
smurfoncrack.com/pygenere/
source: smurfoncrack.com/pygenere/pygenere.py
Is there any truly secure method?
Yes.
The One-‐Time pad
Looks like Vigenère.
The One-‐Time pad
Create a long key, without repeFFon
The One-‐Time pad
Create a long key, without repeFFon Securely share it between both par(es
The One-‐Time pad
To send a message:
Plaintext attackatdawn Key owbxelcixrql
------------ +
Ciphertext opuxgvcbarmy
And then:
And then:
Destroy the key
One-‐Time pad
This is provably perfectly secure
You can’t even brute force it!
This is provably perfectly secure opuxgvcbarmy owbxelcixrql
------------ -
attackatdawn
opuxgvcbarmy elqinoymwrku
------------ -
keepthepeace
This is provably perfectly secure
So why don’t we all use it?
Why we don’t use it:
You need to share the key securely, But how?
Out of band communica(on
How the spies did it Before the mission, they received a codebook
Out of band communica(on
How the spies did it But imprac(cal for ordinary use
In band communica(on
Safe channel through which to send the key
In band communica(on
Just use that channel to send the message.
They all have in common:
Confusion ✓ Diffusion ✗
Why do you need diffusion?
e.g. image encryp(on
Using a block cipher
Encodes blocks of data
Electronic Code Book (ECB)
Blocks with the same data are encoded as the same data
Encode this image with ECB:
24-‐bits bmp
“Encrypted”
(a`er header restora(on)
Cipher block chaining
Does do diffusion
Looks like noise.
Methods covered so far:
Brute Force Caesar Cipher
Methods covered so far:
Brute Force Caesar Cipher
Founda(onal weakness Vigenère, Subs9tu9on, ECB
Next up:
Mad Science
Next up:
Mad Science Side channel a=acks
Tradi(onal model
E Plaintext
Key
Ciphertext
Key
Plaintext D
Side channel model
E Plaintext
Key
Ciphertext
Key
Plaintext D
Heat
Timing
Heat
Timing
Simple example def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True
Simple example if input == password: login()
else:
error()
Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 0.8ms
Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.1ms (1 iter)
Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.1ms (1 iter)
Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.3ms (2 iter)
Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.3ms (2 iter)
Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms
def __eq__(self, other): if len(self) != len(other):
return False
for x,y in zip(self, other):
if x != y:
return False
return True
≈ 2.5ms (2 iter)
Simple example This simple error has reduced your keyspace
From 26n to 26n
This isn’t really MAD science…
Power consump(on of a CPU during RSA computa(on.
0
0 1 …
Crypto is a minefield
h=p://w
ww.m
oserware.com
/2009/09/s(ck-‐figure-‐guide-‐to-‐advanced.html
Methods covered so far:
Brute Force Caesar Cipher
Founda(onal weakness Vigenère, Subs9tu9on, ECB
Side channel a=acks Timing, Power Consump9on, Acous9c, etc.
Last but not least
Rubber-‐Hose Cryptanalysis
[..] In which a rubber hose is applied forcefully and frequently to the soles of the feet, un9l the
key to the cryptosystem is discovered
A process that can take a surprisingly short 9me and is quite computa9onally inexpensive
sci.crypt (1990)
What haven’t I covered? Asymmetric encryp(on
public – private key …
A lot of math
Diffie – Hellman key exchange Prime factoriza(on Ellip(c Curve crypto …
Integrety assurance HMAC …
Stream Ciphers Man in the middle AES, DES, Hashes Salts Etc.
MORE!!!
Great intro to a great encryp(on standard
A s(ck figure guide to AES
Mad science side-‐channel a=acks To Protect and Infect (Jacob Applebaum)
Awesome primer for InfoSec
History of the informa(on age