the secrets of keeping secrets

Download The Secrets of Keeping Secrets

Post on 16-Jan-2016

99 views

Category:

Documents

1 download

Embed Size (px)

DESCRIPTION

The Secrets of Keeping Secrets. Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky porter@digitalme.com. Crypto—ASCII style. ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001 a = 1100001 - PowerPoint PPT Presentation

TRANSCRIPT

  • CryptoASCII styleASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001a = 1100001Because ASCII uses bits to represent letters, its a kind of cypher

  • Transposition CipherOne of the simplest transposition ciphers substitutes the first and second digits and the third and forth digitsMeganASCII 1001101 1100101 1100111 1100001 1101110Cypher 0110101 0011101 0011111 0011001 0010110

    5 ) 1 %

  • Key-Based AlgorithmThe security of key-based algorithms is based on the secrecy of the algorithm, the key(s), or both

  • Private Key Cryptosystem(Symmetric)ANQR1DBw 4DokTETykx LwQB/9JZe 7eCzXW 9iYVNOT HWjioKOIDear Cindy,

    You are so beautiful!Clear TextClear TextCypher TextCypher TextSame Encryption Key

  • Modified Substitution CipherMessage = COOL

    In ASCII

    Key = MEGAN

    Ciphertext1000010100111110011111001100011010100111010011111001100100101101110111101001010100001010101Key longer than message is okay

  • Modified Substitution CipherCan be broken with simple techniquesNot secureSECURE

  • Whitfield DiffieInterested (obsessed!) with the key distribution problemImagined two strangers meeting on the netwondered how they would send secret messages

  • Martin HellmanWas reluctant to even talk to DiffieEventually became Diffies crypto-partnerSolved the key exchange problem

  • Cryptography: Algorithms and KeysA method of encryption and decryption is called a cipherGenerally there are two related functions Encryption DecryptionAll modern algorithms use a key to control encryption and decryptionEncryption key may be different from decryption key

  • From the Minds of Diffie/HellmanThe postal problem...Demonstration

  • PostmanTo: Wilt DiffieWow! I can see inside. I think Ill take a look!Got here safely.

  • PostmanIll lock it this time

  • PostmanHummm!I cant see eitherIll lock it too!

  • Postman

  • Postman

  • Postman

  • Postman

  • Postman

  • Alices keyabcdefghijklmnopqrstuvwxyzEDIRCTOYNUWAPFLMBGJZHKQXVSBobs keyAbcdefghijklmnopqrstuvwxyzZNAMSREVILYUCKOGJTBWDXQHPF

    Messagelostmyhotel keyEncrypted with Alices keyALJZPVYLZCA WCVEncrypted with Bobs keyUOBWCPVOWSU YSPDecrypted with Alices keyHLDQIMKLQJH VJMDecrypted with Bobs keyVUMJICYUJLV XLC

    Why the Postal Example Wont Work

  • One-Way FunctionsDiffie and Hellman were not interested in two-way functions, only solving the problem with one-way functionsBecause they could imagine the postal example, there MUST be a solution

  • senderreceiverBobAlice

  • Types of AlgorithmsSymmetric (Encryption)EnckM ciphertext ciphertext MencryptiondecryptionDecksenderreceiverBobAlice

  • One-Way FunctionDemonstration

  • 5 + 10 (mod 12) = 38 + 31 (mod 12) = 3

  • Diffie/Hellman Key Exchange TechniqueDemonstration

  • 2956729 mod (98219) = 75149 756 mod (98219) = 676656766529 mod (98219)409127514956 mod (98219)409127N mod (98219)751497N mod (98219)67665

  • A Mathematical Genius?!Whitfield Diffie is best known for his 1975 discovery of the concept of Public Key Cryptography

  • Rivest Shamir Adleman

  • Types of AlgorithmsPublic Key (Asymmetric Encryption)encryptiondecryptionsenderreceiver

  • encryptiondecryptionM ciphertext ciphertextEncpubkeyDecpubkeyTypes of Algorithms Public Key (Asymmetric Encryption)senderreceiver

  • encryptiondecryptionM ciphertext ciphertext TRASH!EncpubkeyDecpubkeyTypes of Algorithms Public Key (Asymmetric Encryption)senderreceiver

  • Encryption and DecryptionThe following identity must hold trueD(C) = M, where C = E(M)M is the message, E is encryption, C is Ciphertext, D is decryptionEDMCM

  • Secret Key Cryptography K is the secret key shared by both the sender (S) and receiver (R)SREDMCMKKSymmetric Encryption

  • Public Key CryptographyKR(pub) is Receivers public key and KR(pri) is Receivers private keySREDMCMKR(pub)KR(pri)Asymmetric Encryption

  • RSA works by using a mathematical function that is (comparatively) easy to compute while encrypting, but very difficult to reverse without knowing the private key

    RSA works by selecting two large prime numbers

  • RSA Key GenerationPick large random primes p,q Let p*q = n and =(p-1)(q-1)Choose a random number e such that: 1

  • Pierre de FermatDiscovered thatif you use a prime number for the modulus, then raising a number to the power (prime-1) is always 1m(p-1) mod p = 1According to Fermat, this works with any prime number p and any positive m thats less than p, therefore 1 < m < pWhat is 710 mod 11

  • Leonhard Euler (pronounced Oiler)Discovered Fermats relationship held true when using the product of two primes as the modulusn = pqm(p-1)(q-1) mod n = 1Works so long as p and q are relative prime to one anotherIf p = 11 and q=5, what is [m(p-1)(q-1) mod 55] ?

  • So...Fermat: m(p-1) mod p = 1

  • So...Fermat: m(p-1) mod p = 1Euler: m(p-1)(q-1) mod n = 1m(p-1) mod pm(p-1)(q-1) mod n=

  • RSA Key GenerationPick large random primes p,qp = 5, q = 11Let p*q = n and =(p-1)(q-1)The encrypting modulus n = pq = 55 = (p-1)(q-1) = (4)(10) = 40 + 1 = e * d (were looking for both e and d)41 = e * d (but no two number multiplied together equal 41)41 is prime but, using modular math 41 becomes 1 mod 40e * d = 1 mod 40

  • RSA Key GenerationWell use 3 for e3 * d = 1 mod 40Using Extended Euclidian algorithm, d = 27

  • Encrypting Using RSA (Review)Step 1: generate two prime numbers, p and qStep 2: Combine the primes n=pq Step 3: Combine the primes another way, =(p-1)(q-1)Step 4: Using , generate a key pair, e and dStep 5: Using e, d, and n, encrypt and decrypt

  • RSA Mechanical OverviewBasicallyAlice: me mod n cBob: cd mod n m

  • Lets encrypt the letter G (for Gary)For simplicity sake, well represent g as 7, the 7th letter of the alphabetSo, 7public key * encrypting modulus73 * mod 55 = 13To decrypt, 13private key * encrypting modulus1327 * mod 55 = 7 Encrypting/Decrypting, StepbyStep

  • Gary J Porters PGP Public Key-----BEGIN PGP PUBLIC KEY BLOCK-----Version: PGP Personal Security 7.0.3

    mQGiBDtsK/URBAD+OujjPRvMu22fq9T78fRA2ijOzzKH9HeXHZ81x8C3D/wJF7ea1ToD42sk6kV6+fcI2JGV4YrApXkzu7TfmU8T5eUxPsk4YY7q4ZP7JCmTVwPWeROJZH6QHjyBQUm792trCFbmuOl+t5PjY8TZwBBo4Hrm/kvgex+OfqzZEi4hlwCg/2YVHCcvjAKa/tfDgaq9ei9NZW8D/0WiVnOqZUSqlBfG69oi0PGWtRXiJqIKsZj6Ljtwqtxk3W5G+BqWOcI+Az3m2pGoaXzlz7z9n1iDx0ZufNzLu38/wh9FZe86817V9Y8XjvSTf0UY/T7+BbMNF1OquUz9BaSis+a6tvsoF1Ya/657IkLhCO4CEHOc+eggFtkVr+0eBACfHMZ4x5dxj+YtOV5eN5gxQcyjAB2NFBj+GFnBV2wezX3D6TaHpx3VwEZhAHDeSLySoRs6bmhmd16mVdsgE/u5Em49Sc1Y59WzJGwfKAis6hHhDt4Htyhum281impMbkEZAxIgbQplWoUivxk8LwuLjMfrfdq0+WWeLF4fJUGWBLQkR2FyeSBKIFBvcnRlciA8cG9ydGVyQGRpZ2l0YWxtZS5jb20+iQBYBBARAgAYBQI7bCv1CAsDCQgHAgEKAhkBBRsDAAAAAAoJENkIAq1B47uW7F8AoNfRgtp+9IYs/gpcLxT8XVlul54fAKDH6bA2D4CR2l1sxW71RFIWEMX+CrkCDQQ7bCv1EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggA7WTvMQ0WgywmeT2+ZdQTio1UvBtkLZTV5PBTWLnMXhSAL+JIY2D4xnP4Coh+Mf2PuZ6c4IxpFVF/ywnekW2wX53qqWV0tjbTcbQ7lwkg276hQPUOfWU7UaZncyxFznRPc2OiO6SpzIpcVHY1nJ8uLOvhSTU67vTOonNri5zlR/ev91SPK1azTjtQW7jqb+v2z72Lxh/BgtDiFld8cXMmbHYdjZ9cPpW0JsKZ+tBwl2SsJXtopst4PYmw2hoLYA0DS+Q0X8OIxROLxQXqinEaKhjP+s6XU+q9x85McR9mT8HaCdliE1W0yToL2dLHnwEKBBDN5vLi8+SnHjTRNU/b7IkATAQYEQIADAUCO2wr9QUbDAAAAAAKCRDZCAKtQeO7luHBAJ45z2IW9D0g/2pZVSHFwzTsDOob3QCg+6rozdE+M57CTDNQE5AyuoxxTWE==DeGR-----END PGP PUBLIC KEY BLOCK-----

  • An eDirectory Public Key

  • An eDirectory Private Key

  • Novell International Cryptographic Infrastructure (NICI) NICI is a layered, hierarchical infrastructure which divides cryptographic functionality among three distinct layersNICI is a modular architecture that allows new cryptographic algorithms to be added without bringing the server downNICI modules are cryptographically signed for protection and for module authentication When government regulations concerning the use and exportation of cryptography change, only NICI needs to change to support the new regulations NICI provides an API set that offers a consistent interface for application developers to use and deploy cryptography within their applications

  • NICI ArchitectureXIMXENGNICINovell International Cryptographic InfrastructureXSUP Cryptography Library XENG Cryptography Manager XMGR Cryptography Engine XLIB - Cryptography Engine SupportXIM - Cryptography Interface Manager XSUPXMGRXLIBCCS API

  • Novell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT141The Secrets of Keeping SecretsNovell BrainShare 2002TUT14

Recommended

View more >