# the secrets of keeping secrets

Post on 16-Jan-2016

99 views

Embed Size (px)

DESCRIPTION

The Secrets of Keeping Secrets. Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky porter@digitalme.com. Crypto—ASCII style. ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001 a = 1100001 - PowerPoint PPT PresentationTRANSCRIPT

CryptoASCII styleASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001a = 1100001Because ASCII uses bits to represent letters, its a kind of cypher

Transposition CipherOne of the simplest transposition ciphers substitutes the first and second digits and the third and forth digitsMeganASCII 1001101 1100101 1100111 1100001 1101110Cypher 0110101 0011101 0011111 0011001 0010110

5 ) 1 %

Key-Based AlgorithmThe security of key-based algorithms is based on the secrecy of the algorithm, the key(s), or both

Private Key Cryptosystem(Symmetric)ANQR1DBw 4DokTETykx LwQB/9JZe 7eCzXW 9iYVNOT HWjioKOIDear Cindy,

You are so beautiful!Clear TextClear TextCypher TextCypher TextSame Encryption Key

Modified Substitution CipherMessage = COOL

In ASCII

Key = MEGAN

Ciphertext1000010100111110011111001100011010100111010011111001100100101101110111101001010100001010101Key longer than message is okay

Modified Substitution CipherCan be broken with simple techniquesNot secureSECURE

Whitfield DiffieInterested (obsessed!) with the key distribution problemImagined two strangers meeting on the netwondered how they would send secret messages

Martin HellmanWas reluctant to even talk to DiffieEventually became Diffies crypto-partnerSolved the key exchange problem

Cryptography: Algorithms and KeysA method of encryption and decryption is called a cipherGenerally there are two related functions Encryption DecryptionAll modern algorithms use a key to control encryption and decryptionEncryption key may be different from decryption key

From the Minds of Diffie/HellmanThe postal problem...Demonstration

PostmanTo: Wilt DiffieWow! I can see inside. I think Ill take a look!Got here safely.

PostmanIll lock it this time

PostmanHummm!I cant see eitherIll lock it too!

Postman

Postman

Postman

Postman

Postman

Alices keyabcdefghijklmnopqrstuvwxyzEDIRCTOYNUWAPFLMBGJZHKQXVSBobs keyAbcdefghijklmnopqrstuvwxyzZNAMSREVILYUCKOGJTBWDXQHPF

Messagelostmyhotel keyEncrypted with Alices keyALJZPVYLZCA WCVEncrypted with Bobs keyUOBWCPVOWSU YSPDecrypted with Alices keyHLDQIMKLQJH VJMDecrypted with Bobs keyVUMJICYUJLV XLC

Why the Postal Example Wont Work

One-Way FunctionsDiffie and Hellman were not interested in two-way functions, only solving the problem with one-way functionsBecause they could imagine the postal example, there MUST be a solution

senderreceiverBobAlice

Types of AlgorithmsSymmetric (Encryption)EnckM ciphertext ciphertext MencryptiondecryptionDecksenderreceiverBobAlice

One-Way FunctionDemonstration

5 + 10 (mod 12) = 38 + 31 (mod 12) = 3

Diffie/Hellman Key Exchange TechniqueDemonstration

2956729 mod (98219) = 75149 756 mod (98219) = 676656766529 mod (98219)409127514956 mod (98219)409127N mod (98219)751497N mod (98219)67665

A Mathematical Genius?!Whitfield Diffie is best known for his 1975 discovery of the concept of Public Key Cryptography

Rivest Shamir Adleman

Types of AlgorithmsPublic Key (Asymmetric Encryption)encryptiondecryptionsenderreceiver

encryptiondecryptionM ciphertext ciphertextEncpubkeyDecpubkeyTypes of Algorithms Public Key (Asymmetric Encryption)senderreceiver

encryptiondecryptionM ciphertext ciphertext TRASH!EncpubkeyDecpubkeyTypes of Algorithms Public Key (Asymmetric Encryption)senderreceiver

Encryption and DecryptionThe following identity must hold trueD(C) = M, where C = E(M)M is the message, E is encryption, C is Ciphertext, D is decryptionEDMCM

Secret Key Cryptography K is the secret key shared by both the sender (S) and receiver (R)SREDMCMKKSymmetric Encryption

Public Key CryptographyKR(pub) is Receivers public key and KR(pri) is Receivers private keySREDMCMKR(pub)KR(pri)Asymmetric Encryption

RSA works by using a mathematical function that is (comparatively) easy to compute while encrypting, but very difficult to reverse without knowing the private key

RSA works by selecting two large prime numbers

RSA Key GenerationPick large random primes p,q Let p*q = n and =(p-1)(q-1)Choose a random number e such that: 1

Pierre de FermatDiscovered thatif you use a prime number for the modulus, then raising a number to the power (prime-1) is always 1m(p-1) mod p = 1According to Fermat, this works with any prime number p and any positive m thats less than p, therefore 1 < m < pWhat is 710 mod 11

Leonhard Euler (pronounced Oiler)Discovered Fermats relationship held true when using the product of two primes as the modulusn = pqm(p-1)(q-1) mod n = 1Works so long as p and q are relative prime to one anotherIf p = 11 and q=5, what is [m(p-1)(q-1) mod 55] ?

So...Fermat: m(p-1) mod p = 1

So...Fermat: m(p-1) mod p = 1Euler: m(p-1)(q-1) mod n = 1m(p-1) mod pm(p-1)(q-1) mod n=

RSA Key GenerationPick large random primes p,qp = 5, q = 11Let p*q = n and =(p-1)(q-1)The encrypting modulus n = pq = 55 = (p-1)(q-1) = (4)(10) = 40 + 1 = e * d (were looking for both e and d)41 = e * d (but no two number multiplied together equal 41)41 is prime but, using modular math 41 becomes 1 mod 40e * d = 1 mod 40

RSA Key GenerationWell use 3 for e3 * d = 1 mod 40Using Extended Euclidian algorithm, d = 27

Encrypting Using RSA (Review)Step 1: generate two prime numbers, p and qStep 2: Combine the primes n=pq Step 3: Combine the primes another way, =(p-1)(q-1)Step 4: Using , generate a key pair, e and dStep 5: Using e, d, and n, encrypt and decrypt

RSA Mechanical OverviewBasicallyAlice: me mod n cBob: cd mod n m

Lets encrypt the letter G (for Gary)For simplicity sake, well represent g as 7, the 7th letter of the alphabetSo, 7public key * encrypting modulus73 * mod 55 = 13To decrypt, 13private key * encrypting modulus1327 * mod 55 = 7 Encrypting/Decrypting, StepbyStep

Gary J Porters PGP Public Key-----BEGIN PGP PUBLIC KEY BLOCK-----Version: PGP Personal Security 7.0.3

mQGiBDtsK/URBAD+OujjPRvMu22fq9T78fRA2ijOzzKH9HeXHZ81x8C3D/wJF7ea1ToD42sk6kV6+fcI2JGV4YrApXkzu7TfmU8T5eUxPsk4YY7q4ZP7JCmTVwPWeROJZH6QHjyBQUm792trCFbmuOl+t5PjY8TZwBBo4Hrm/kvgex+OfqzZEi4hlwCg/2YVHCcvjAKa/tfDgaq9ei9NZW8D/0WiVnOqZUSqlBfG69oi0PGWtRXiJqIKsZj6Ljtwqtxk3W5G+BqWOcI+Az3m2pGoaXzlz7z9n1iDx0ZufNzLu38/wh9FZe86817V9Y8XjvSTf0UY/T7+BbMNF1OquUz9BaSis+a6tvsoF1Ya/657IkLhCO4CEHOc+eggFtkVr+0eBACfHMZ4x5dxj+YtOV5eN5gxQcyjAB2NFBj+GFnBV2wezX3D6TaHpx3VwEZhAHDeSLySoRs6bmhmd16mVdsgE/u5Em49Sc1Y59WzJGwfKAis6hHhDt4Htyhum281impMbkEZAxIgbQplWoUivxk8LwuLjMfrfdq0+WWeLF4fJUGWBLQkR2FyeSBKIFBvcnRlciA8cG9ydGVyQGRpZ2l0YWxtZS5jb20+iQBYBBARAgAYBQI7bCv1CAsDCQgHAgEKAhkBBRsDAAAAAAoJENkIAq1B47uW7F8AoNfRgtp+9IYs/gpcLxT8XVlul54fAKDH6bA2D4CR2l1sxW71RFIWEMX+CrkCDQQ7bCv1EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggA7WTvMQ0WgywmeT2+ZdQTio1UvBtkLZTV5PBTWLnMXhSAL+JIY2D4xnP4Coh+Mf2PuZ6c4IxpFVF/ywnekW2wX53qqWV0tjbTcbQ7lwkg276hQPUOfWU7UaZncyxFznRPc2OiO6SpzIpcVHY1nJ8uLOvhSTU67vTOonNri5zlR/ev91SPK1azTjtQW7jqb+v2z72Lxh/BgtDiFld8cXMmbHYdjZ9cPpW0JsKZ+tBwl2SsJXtopst4PYmw2hoLYA0DS+Q0X8OIxROLxQXqinEaKhjP+s6XU+q9x85McR9mT8HaCdliE1W0yToL2dLHnwEKBBDN5vLi8+SnHjTRNU/b7IkATAQYEQIADAUCO2wr9QUbDAAAAAAKCRDZCAKtQeO7luHBAJ45z2IW9D0g/2pZVSHFwzTsDOob3QCg+6rozdE+M57CTDNQE5AyuoxxTWE==DeGR-----END PGP PUBLIC KEY BLOCK-----

An eDirectory Public Key

An eDirectory Private Key

Novell International Cryptographic Infrastructure (NICI) NICI is a layered, hierarchical infrastructure which divides cryptographic functionality among three distinct layersNICI is a modular architecture that allows new cryptographic algorithms to be added without bringing the server downNICI modules are cryptographically signed for protection and for module authentication When government regulations concerning the use and exportation of cryptography change, only NICI needs to change to support the new regulations NICI provides an API set that offers a consistent interface for application developers to use and deploy cryptography within their applications

NICI ArchitectureXIMXENGNICINovell International Cryptographic InfrastructureXSUP Cryptography Library XENG Cryptography Manager XMGR Cryptography Engine XLIB - Cryptography Engine SupportXIM - Cryptography Interface Manager XSUPXMGRXLIBCCS API

Novell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT14

Recommended