NETS1035 FALL 2020

Applied Cryptography

Symmetric Encryption

Crypto Primitives

• There are four primitives which are considered the building blocks of digital cryptography

• Random Number Generation

• Symmetric Encryption

• Asymmetric Encryption

• Hash Functions

• These primitives get combined to achieve the CIA (confidentiality, integrity, authentication) goals of cryptography

The Four Primitives

Random Number Generation https://xkcd.com/221/

• Simple ciphers are not cryptographically secure because they are so quick and easy to break

• Breaking a caesar cipher can be done with trial and error by trying different shifts and looking at the results

• It is easier if you have a useful amount of caesar ciphertext to just analyze the frequency of characters and match it to the language of the plaintext that was encrypted to find the value for the shift (the key)

• Simple ciphers always produce the same ciphertext for any given plaintext/key making frequency analysis fast and reliable

• More sophisticated substitutions require more ciphertext and analysis of additional characteristics of the ciphertext but can still be done fairly quickly with modern computing power since most will produce the same ciphertext every time for a specific plaintext/key

Simple Cipher, Simple Break

Cryptographically Secure

• A method of protecting data is considered cryptographically secure if the effort to crack it makes cracking it infeasible in a useful timeframe

• Predictable characteristics of ciphertext or flaws in algorithms which cause predictable ciphertext patterns that may be exploited to discover keys are not good for maintaining confidentiality

• Producing multiple ciphertexts from one plaintext is an important tool in making cryptanalysis difficult by eliminating or greatly reducing patterns in ciphertext

• e.g. rainbow tables can be unusably larger if the result of encrypting a specific plaintext can be many different ciphertexts

• Random numbers are included in secure algorithms to scramble ciphertext in unpredictable ways

Random Numbers

Random Number

• A number which cannot be predicted

RNG

• Random Number Generator, a program whose goal is to produce random numbers

• Most random number sources in modern operating systems and programming languages do not generate random numbers, they generate pseudo-random numbers

• Random numbers used in cryptography do not have to be truly random, they only need to be unpredictable by an attacker

• Underestimating what is required to be unpredictable is a significant contributor to success in defeating encryption algorithms

• There are many algorithms for producing pseudo-random numbers, all of them balance predictability against speed

Random Number Generation

PRNG or PSRNG

• Pseudo-random number generator, an program or algorithm designed to produce numbers which are difficult to predict

• PRNG algorithms generally need a seed value to start with and it is supposed to be random, which is then repeatedly hashed and/or encrypted with pieces of each result carved out and fed back in as the seed for the next iteration

• Some algorithms use a key as a seed

• Event measurements and very high resolution timestamps are often used for seed numbers

• Some CPUs provide instructions to leverage the encryption hardware built into them to create random numbers, because encrypted data is unpredictable, just like a random number is supposed to be

• RNG algorithms are at the heart of crypto and as such they are constantly being probed for ways to break them (i.e. figure out how to predict their output)

• When an algorithm is shown to be predictable, it is no longer considered cryptographically secure

PRNG AlgorithmsCSPRNG

• Cryptographically secure pseudo random number generator

Seed

• An initial value used as the starting data for an PRNG algorithm, a random number is desired for this

Hash

• The result of applying a formula to data such that output is significantly affected by any changes in the original data

• CPUs can provide RNG capabilities, such as the RDRAND instructions in newer Intel CPUs but these are generally untrusted as sole sources because of suspicions of NSA backdoors in the hardware

• Operating systems include facilities for PRNG typically drawing on multiple sources of pseudo-random numbers and combining them

• UNIX-like systems have /dev/random and /dev/urandom which provide random numbers with different characteristics

• Windows has SystemPRNG (CNG-based) and ProcessPRNG (BCryptGenRandom-based) exposed via multiple libraries with different characteristics in newer Windows versions, and CryptGenRandom in older Windows versions

• Consumer embedded systems like routers typically have weak PRNG because they tend to use the same sources with the same starting values (seeds) every time they boot although this is improving

• Programming languages may include their own PRNG and may use operating system facilities to seed them

• There are add-on software packages to do PRNG, and hardware devices which can be added to systems that can provide RNG

RNG Implementations

Symmetric Encryption

https://www.glasbergen.com/ngg_tag/encrypted/nggallery/image/business-

cartoons-data-security-security-information-encryption-encrypt-

information-data-encryption-encrypt-data-information-security-cartoon-safety-internet-security-

keeping-safeguard-saf-1

• There are many algorithms for symmetric encryption, built to operate as stream ciphers or block ciphers - only some are recommended for general use

• The key used to encrypt and decrypt is sometimes called a "shared secret" or "secret key" because both parties to the process must have the key and the message confidentiality is reliant on the key remaining secret

• When 2 parties create and share one or more keys for future communications, it is a "pre-shared secret" and is frequently used over and over

• Symmetric encryption is fast and secure, and is used whenever there is a viable method of sharing a key

Symmetric Encryption

Secret Key or Shared Secret

• A sequence of bytes, often printable ascii, used to both encrypt and decrypt a message

Pre-shared Secret

• A secret key which has been distributed to both parties prior to communications starting

• Stream ciphers encrypt/decrypt arbitrary lengths of data very fast and are easy/cheap to implement in hardware

• The simple ciphers we have reviewed so far are stream ciphers - they encrypt one plaintext character at a time

• Stream ciphers apply a series of bits using exclusive-or to the plaintext to encrypt, and the same series of bits using exclusive-or to decrypt ciphertext - the longer the series, the more difficult it is to search the keyspace to find the key

• To get long series of bits for the XOR, stream ciphers can be thought of as using the key as a seed for RNG, then the result is combined with the plaintext

• If a bad actor can get any 2 out of the 3 parts of a communication (M, K, C), they can derive the third fairly easily

• Stream ciphers enable encrypting/decrypting at arbitrary indices into the stream - nice for jumping around in a stream, nice for corrupting specific items of a stream

Symmetric Encryption - Stream Ciphers

Exclusive-or

• A boolean operation on a pair of bits yielding a result bit which is a 1 only if the input bits differ

• Block ciphers encrypt small blocks of data at a time

• AES (Rijndael) is the most popular block cipher, succeeding DES and 3DES which are no longer computationally secure

• AES uses a 128 bit block size, encrypting 16 bytes at a time and producing 16 bytes of output for each 16 bytes of input

• Block ciphers operate in one of several modes and most use an Initialization Vector, some use nonces

• Because it has streaming modes, AES is the also most popular symmetric stream cipher

Symmetric Encryption - Block Ciphers

Block Mode

• A technique of using a block cipher to encrypt arbitrarily-long plaintext, effectively making it a stream cipher

Initialization Vector (IV)

• A randomly generated data block mixed with the first block of plaintext prior to encryption in order to stymie some cryptanalysis techniques

• The full designation of a deployed block cipher has 3 parts written using their acronyms and dashes to separate the parts:

• Cipher name

• Key length in bits

• Block mode

• E.G.

• AES-256-CTR is the AES cipher using a 256 bit key and Counter (CTR) block mode

• AES-192-GCM is the AES cipher using a 192 bit key and Galois/Counter (GCM) block mode

Symmetric Encryption - Cipher Names

ECB modeBlock Ciphers

• Glorified stream cipher with the speed benefits

• Does not use an IV

• Ciphertext blocks can contain repetition patterns

• Only good for small exchanges such as key transfershttps://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

CBC ModeBlock Ciphers

• Pure block mode that requires padding input data to a multiple of the block size

• Cannot be parallelized

• First block is combined with an IV to create input to the cipher along with the key

• Each cipherblock is combined with the next plaintext block to create input to the cipher along with the key

• Can create patterns in ciphertext allowing deduction of the IV, and susceptible to padding-based attacks

• Cipher Feedback (CFB) and Output Feedback (OFB) modes are modified versions of CBC designed to avoid some of the weakness in CBC

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

CTR ModeBlock Ciphers

• A streaming mode

• Suitable for parallelized processing, like ECB

• IV/Nonce may be random, or may come from any other number source

• Careful choices must be made in sources for the IV/Nonce, or chosen plaintext attacks are possible

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

GCM ModeBlock Ciphers

• A streaming mode

• Suitable for parallelized processing

• Generates authentication code for integrity as part of algorithm

• Galois Message Authentication Code (GMAC) is a way of using GCM to ony produce the Auth Tag

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Tool Samples

https://www.thisiswhyimbroke.com/the-ultimate-swiss-army-knife/

A CLI tool for measuring entropy in dataent

• Available as a standard package

• Provides several measurements

• Can display frequency tables

• Can provide indicators as to randomness of data

• Can provide indicators of information density

• Useful for cryptanalysis and forensics

man ent

man ent | ent

dd if=/dev/urandom bs=1m count=1 | ent

man ent | ent -c

man ent | caesar 3

man ent | caesar 3 | ent -c | awk '/^[0-9]/{print $2,$3}' | sort -nk 2

A cli tool to do AES encryption/decryptionaespipe

• Open source software from Jari Ruusu

• Source is available at http://loop-aes.sourceforge.net

• Can do single key, double key, or triple key

• Can use GnuPG tools, keys, and ids

• Has many options

• ccrypt is a simpler alternative to just do AES-256

• ccrypt still has quite a few options

• ccrypt can be installed with apt

cat /etc/hosts|file -

aespipe

Linux isn't the only platform for encryptionOther Tools

• From cipher on Windows to openssl on MacOSX, all the popular operating systems have some free cli tools available

• Some are special-purpose like zip and ccrypt, other are swiss army knives like openssl

• There are graphical tools which tend to be aimed more at being toys or educational aids

• openssl is a good cross-platform tool to learn because of its ubiquity

• Web-based tools can enable exploration of less-common ciphers - e.g. dcode.fr

openssl aes-256-cbc

Key Distribution

https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

• Before encryption can be done, keys must be created and provided to both the encrypting and decrypting parties

• Keys must be kept secret because ciphers are published - this is cryptography, not steganography

• The method used to digitally exchange keys can be manual between parties or automated using a key exchange protocol

• The Diffie-Hellman protocol is the main protocol that has been used for a long time to securely exchange keys between co-operating parties

• It takes advantage of the infeasibility of working with very large prime numbers to make it computationally impractical to retrieve the keys if a useful timeframe even if the key exchange is captured

• Similarly, the ElGamal key exchange protocol uses computationally difficult math to provide a secure method to exchange keys

• Neither of these solves the problem of authentication of the other party during key exchange which makes man in the middle attacks possible

• Neither of these solves the problem of verifying the integrity of the ciphertext

Key Distribution

Cipher Creation

DON'TYour inability to imagine how to break your own creation is in no way a reflection of the abilities of others