540 likes | 637 Views
What Mother Never Told You about Cryptography. Don Stoever Product Development CSI International. Cryptography Fundamentals. Cryptography is the key building block for many other security services Without it: No privacy No authentication No integrity. Cryptography Fundamentals.
E N D
What Mother Never Told You about Cryptography Don Stoever Product Development CSI International WAVV 2007, Green Bay, WI
Cryptography Fundamentals • Cryptography is the key building block for many other security services • Without it: • No privacy • No authentication • No integrity WAVV 2007, Green Bay, WI
Cryptography Fundamentals • Cryptography algorithms used to provide: • Confidentiality • Authentication • Integrity WAVV 2007, Green Bay, WI
Cryptography Fundamentals • Symmetric algorithms • Block ciphers – DES, AES, etc • Asymmetric algorithms • RSA, Diffie-Hellman • Digest algorithms • SHA-256, SHA-1, MD5 • Digital Signatures • MAC, HMAC WAVV 2007, Green Bay, WI
Must Have Crypto Reading • Applied Cryptography • Bruce Schneier • Considered the bible of crypto… • RSA Security’s official Guide to Cryptography • Steve Burnett + Stephen Pain • Cracking DES • Electronic Frontier Foundation • SSL and TLS Essentials • Stephen Thomas • SSL and TLS • Eric Rescorla WAVV 2007, Green Bay, WI
Symmetric Encryption • Same key used for: • Encryption and Decryption • Decryption is same code same keys • Just different input = encrypted data • What if many parties want to securely communicate? How many keys do we need? How do we manage these keys? WAVV 2007, Green Bay, WI
Symmetric Encryption • Data encrypted block by block according to the algorithm and key • DES uses a 8 byte(64-bit) block • AES uses a 16 byte(128-bit) block • DES key sizes • Single DES uses a 8 byte key, but • Only 56-bits of the key are used • Bits 8, 16, 24, 32, 40, 48, 56, and 64 are ignored... • 56-bit effective strength • Triple DES uses a 24 byte key • 168-bit effective strength WAVV 2007, Green Bay, WI
Symmetric Encryption • AES uses a 16 byte(128-bit) block • AES Key sizes • 128, 192, or 256 bit key, and • All bits used(unlike DES which only used 7-bits of each byte) • AES superior to DES • More efficient • More secure? WAVV 2007, Green Bay, WI
Block Encryption • How is encryption is actually performed? • Block by block. Meaning we take a block of data (64-bits for DES, 128-bits for AES) and encrypt it using the algorithm and key. • Repeat that for the full message block by block. • What are the potential problems of this approach? • 1. A given cleartext will create the same cyphertext. That means an attacker can potentially determine patterns and therefore analyze the cryptographic system. • Solution: Cipher Block Chaining • 2. What if I have a data stream that I want to encrypt or less than the block size? • Solution: Padding in last block WAVV 2007, Green Bay, WI
Cipher Block Chaining • Problem we are trying to address: • 2 identical Plaintext blocks will result in 2 identical Cyphertext. This may allow an attacker to gather information on the type of traffic and assist in the attack of the key. • So we want 2 identical plaintext to result in 2 different Cyphertext. • Basic idea: Instead of encrypting the plaintext, perform an XOR of the plaintext with the previous blocks’ Cyphertext. Then encrypt that result. • Question what do you do for the message’s first block? • Answer: Use a predetermined data block to XOR the first block with it. • This initial block is known as the “Initialization Vector” or “IV” WAVV 2007, Green Bay, WI
Cipher Block Chaining WAVV 2007, Green Bay, WI
Asymmetric Encryption • Most important breakthrough in crypto science in 4000 years… • Public Key encryption uses 2 keys that are linked together by mathematical properties • One key used to encrypt the other used to decrypt • Freely distribute your public key • Keep private key private WAVV 2007, Green Bay, WI
Asymmetric Encryption • Misconceptions • More secure than symetric • Depends on key length • Makes conventional obsolete • Much larger overhead • (1000x of DES) • Key distribution is easy • Need method to distribute public keys • Private key must be carefully protected • Certicate Authorities used, but… • Future WAVV session on PKI… WAVV 2007, Green Bay, WI
Asymmetric/Public Key Overview • Simple concept (complicated math theory behind) • One key can encrypt, the other can decrypt WAVV 2007, Green Bay, WI
Asymmetric Cryptography • It’s computationally easy to generate a pair of keys • It’s computationally easy to encrypt • It’s computationally easy to decrypt • It is computationally infeasible for an opponent to derive the private key from the known public key • It is computationally infeasible for an opponent to recover the original message from the ciphertext knowing only the public key. WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm • RSA key generation based on RSA PKCS-1 • Select a positive integer e as its public exponent • 3 and 65537 are commonly used… • Randomly select two distinct odd primes p and q • (p-1) and e have no common divisors • (q-1) and e have no common divisors. • public modulus n shall be product of prime factors p and q: • n = pq . • Private exponent is a positive integer d • de-1 is divisible by both p-1 and q-1. WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm • RSA encryption process quite simple • Data formatted into block size of modulous • 64(512), 128(1024), 256(2048) byte block(bit) sizes • Specific rules used for padding • Raise the formatted block to the power of the public exponent • So for RSA with a 128 byte key • 128*8 = 1024 bits • Use public exponent to raise a 1024-bit number to power of 1024 bit exponent • Public exponent always 3 or 65,537… • 1024 * 1024 = 2048 bit number • Divide by modulous keep the remainder and repeat… WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm • RSA decryption also quite simple • Raise the encrpyted block to the power of the private exponent • Private exponent true random 1024-bit number… • Much slower(100x) than encrypt because exponent is much larger… • Same process as encrypt • Raises 1024-bit number to power of 1024-bit number • Divide by modulous keep the remainder and repeat… • Not that bad… • But remember… WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm • 2 to power of 31 VSE addressing limit(2gig) • 2,147,483,648 • 2 to the power of 64 • 18,446,744,073,709,551,616 • Each bit doubles the number space… • 2 to power of 1024 • Number size > number of atoms in know universe • Lots of primes in this size number space • RSA based on difficulty of factoring primes… • Very computationally intensive WAVV 2007, Green Bay, WI
Asymmetric RSA Algorithm • Can be speeded up using math tricks: • Modular math • Chinese Remainder Theorem • But best handled in hardware… WAVV 2007, Green Bay, WI
Cryptography Digest Algorithms • Basically a hash of any amount of data • Also referred to as a “fingerprint” • MD5 creates 16 byte digest • 16*8 = 128 bit number • SHA-1 creates 20 byte digest • 20*8 = 160 bit number • No collisions • SHA-256 creates 32 bytes digest • 32*8 = 256 bit number WAVV 2007, Green Bay, WI
Cryptography MAC • MAC or HMAC will mix in a secret with the hash • Create a MD5 or SHA hash of any amount of data + “secret” • RFC2104 • HMAC: Keyed-Hashing for Message Authentication WAVV 2007, Green Bay, WI
Cryptography Digital Signature • Create a MD5 or SHA-1 hash of any amount of data… • PDF document, etc. • RSA encrypt the hash with my private key • Now anyone can use my RSA public key to • Verify that I signed it • Verify it has not be modified WAVV 2007, Green Bay, WI
Cryptography Fundamentals • Algorithms must be: • Secure and Reliable • Secret Algorithm’s • Unknown to attackers • Only creator and his “friends” know weaknesses • Back door’s possible • Public Algorithm’s • Subject to crypto-analysis • Attacked with “brute force” • Known published weaknesses WAVV 2007, Green Bay, WI
Cryptography Fundamentals • Secret Algorithm’s • “Hidden” in hardware or compiled code • In software could be reverse engineered • In hardware much harder to analyze but secrecy can be compromised by: • Disgruntled employee • Careless vendor • If algorithm has a “flaw” data may be decryptable without the key • Not subject to analysis that may identify weakness before deployment • The only method to guarantee a algorithm has a weakness is to allow cryptographic analysts to study it… WAVV 2007, Green Bay, WI
Secret Algorithms • Cable/Sat TV Scrambling • Rely on hardware encoding/scrambling • Many places you can find “cheap” descrambler for sale. • Manufacturer relies on difficulty to analyze hardware functions and reproduce it. WAVV 2007, Green Bay, WI
Secret Algorithms • DVD Encoding • Movie industry spent years developing a standard for encryption. • After development they simply released it. Not for review, but the full product (DVD) that relied on the standard. • Encryption keys were assigned to manufacturers and decryption keys based on them were distributed to all DVD reader manufacturers to build in all DVD readers. • Two “ooppps” happened: • A DVD software reader improperly protected one decryption key and it was made public. • Several (2 initially I think) “security technologists” (“SoupaFr0g” and “Canman”) reversed engineered decoded the encryption algorithm used. WAVV 2007, Green Bay, WI
Secret Algorithms • DVD Encoding • Soon after a software program (DeCSS) was released that allows one to pull the decrypted data off the DVD disk and play/save it like any other multimedia file. • What was the movie industry reaction: Sue them but the damage is done: nobody can order or afford the recall of all DVD players! • Lesson learned: Security by Secrecy does not work! (Unless you work for the NSA) WAVV 2007, Green Bay, WI
Public Algorithms • The algorithm will be scrutinized by experts and if after some time, nobody finds a weakness: chances are: there are none! • So how do you defeat the encryption? The only way is by going through and trying all possible decryption keys! This is called a “Brute Force” attack. • How many possible keys exist? It depends on the length/size of the key. • 40 bits key – 240 • 56 bits key – 256 • 128 bits key – 2128 • On average you will need to go through ½ the possible keys. However here is a fun question: how do you know you found the right key? Can you identify the plaintext? If it is English (or French for that matter) it is easy but what if it is a binary file? WAVV 2007, Green Bay, WI
Public Algorithms • So how do you protect the secrecy? • Use a longer key!!! • However the longer the key, the longer it takes to encrypt/decrypt the data. • So we can establish that it will be possible for anybody to decrypt the data: the problem is not IF they can decrypt it but HOW LONG will it take to decrypt it! • Make the “cost” of running a brute force attack longer than the value of the data. For example: • If it takes you 4 years to decode a credit card number that has a 2 years expiration, is it worth trying? • If you need to build a $10,000.00 decryption machine to decrypt ordering information that will allow you to hijack $2,000,000.00 worth of data in 3 months, is it worth it? • Interesting note: It is believed that, using current technology, one can build a brute force decoder that is able to decrypt a 56/64 bits encrypted DES traffic in near real time for less than $500,000.00. WAVV 2007, Green Bay, WI
Case Study: Reliable Algorithm with long key: is it safe? • If you use an algorithm that has no known weakness (for example AES) with a long enough key (for example 128 bits) you are safe from eavesdropping. Is that really true? What could go wrong? WAVV 2007, Green Bay, WI
Case Study: Reliable Algorithm with long key: is it safe? • Case example: Law enforcement vs. child pornographer. • In 1998, Law enforcement hired a well recognized cryptanalyst to apprehend an individual suspected of transmitting child pornography. • After getting a court order to sniff the traffic, they quickly determined that is was strongly encrypted. How did they determine that? Encrypted traffic has the inherent characteristic of been “very blend”: no patterns, no interesting characteristics. • Large size also gave information on the type of information transmitted: it was large. WAVV 2007, Green Bay, WI
Case Study: Reliable Algorithm with long key: is it safe? • Case example: Law enforcement vs. child pornographer. • So how do you defeat that? One solution would be to bring in the suspect and interrogate him hoping he will crack. Or… another way: perform a search at the destination of the traffic. That is what they did, they found the destination and on the computer found the decryption key in plain view! Then they could decode the traffic and apprehend the suspect. • What is the lesson? It does not matter how large your key is: if it is not protected, it is not safe! WAVV 2007, Green Bay, WI
IETF Standards • RFC1321 The MD5 Message-Digest Algorithm • RFC2104 HMAC: Keyed hashing for message authentication • RFC2202 Test Cases for HMAC-MD5 and HMAC-SHA-1 • RFC1113 Universal Printable Character encoding • RFC2459 Internet x509v3 PKI certificates • Internet draft HTTP over TLS WAVV 2007, Green Bay, WI
FIPS Standards • PUB 46-3 Data Encryption Standard (DES) • PUB 81 DES Modes of Operation • PUB 197 Advanced Encryption Standard(AES) • PUB 180-1 Secure Hash Standard (SHA-1) • http://www-08.nist.gov/cryptval/des.htm • http://csrc.nist.gov/pki/nist_crypto/welcome.html WAVV 2007, Green Bay, WI
Cryptography Fundamentals Books you must have… • Applied Cryptography • Bruce Schneier • Considered the bible or crypto… • RSA Security’s official Guide to Cryptography • Steve Burnett + Stephen Pain • Cracking DES • Electronic Frontier Foundation • SSL and TLS Essentials • Stephen Thomas • SSL and TLS • Eric Rescorla WAVV 2007, Green Bay, WI
CSI Cryptography Products • SSL for VSE • SecureFTP • HFS • Dr. Crypto WAVV 2007, Green Bay, WI
CSI Cryptography Products • SSL for VSE • Feature of TCP/IP • Allows secure connections • Provides API to many crypto algorithms • SecureFTP • Allows secure FTP sessions WAVV 2007, Green Bay, WI
CSI Cryptography Products • HFS Encrypted file system • DEFINE FILE,DLBL=HFSTST,PUBLIC=HFSTST, • TYPE=HFS,RECFM=S,LRECL=4096, • CIPHER=SDESCBC-SHA1,CIPHERKEY=SEEDSAMP • CIPHER=KEYMASTER,CIPHERKEY=CIALHFSK • CIPHER=TDESCBC-SHA1,CIPHERKEY=CIALHFSK • CIPHER=TDESCBC-NULL,CIPHERKEY=CIALHFSK • CIPHER=SDESCBC-NULL,CIPHERKEY=CIALHFSK • CIPHER=NULL-SHA1,CIPHERKEY=CIALHFSK WAVV 2007, Green Bay, WI
CSI Cryptography Products • Dr. Crypto • Encrypted tape files • DES, Triple-DES • AES with z ICF facility • User definable key stored in Epic catalog • Working on keymaster for non-Epic WAVV 2007, Green Bay, WI