SlideShare una empresa de Scribd logo

Fundamentals of Cryptography

Descargar como PPTX, PDF
D
Dallas Web Security Group

John Lutteringer presented this at the Dallas Web Security Group's March Meeting.

TecnologíaEducación
1 de 42
Credera is a full-service management and Dallas Office Houston Office Austin Office Denver Office 15303 Dallas Parkway 800 Town & Country Blvd 9020 N Capital of Texas Hwy 5445 DTC Parkway technology consulting firm. Our clients range Suite 300 Suite 300 Suite 345 Suite 1040 from Fortune 1,000 companies to emerging Addison, TX 75001 Houston, TX 77024 Austin, TX 78759 Greenwood Village, CO 80111 industry leaders. We provide expert, objective advice to help solve complex business and 972.692.0010 Phone 713.496.0711 Phone 512.327.1112 Phone 303.623.1344 Phone technology challenges. 972.692.0019 Fax 713.401.9650 Fax 512.233.0844 Fax 303.484.4577 Fax
Fundamentals of Cryptography Dallas, TX March 12, 2013 John Lutteringer Discussion document – Strictly Confidential & Proprietary
Agenda … Tonight we will overview some cryptography principles, and how symmetric and asymmetric approaches address them • What is Cryptography? – Definition – Four basic principles • How do we get these principles? – Two methods • Symmetric Key Cryptography – Diffie-Hellman key exchange – Limitations • Asymmetric Key Cryptography – Satisfying cryptographic principles – RSA keygen algorithm • Q&A Dallas Web Security Group 4/8/2013 3
Introduction Dallas Web Security Group 4/8/2013 4
Introduction … John Lutteringer John Lutteringer John Lutteringer is a Consultant in the Custom Java practice at Credera. John graduated from Baylor University with a BS in Computer Science – Software Engineering and a minor in Mathematics. His technical skills include a focus on predominately open source web technologies with Java + Spring MVC as the most familiar. Additionally, John is familiar with relevant technologies like HTML and CSS, Javascript, SQL, and also agile development methodologies, software development life cycle, software design, and design patterns. John’s background in web security comes from a combination of personal study and schooling along with a passion for learning about new technologies. Dallas Web Security Group 4/8/2013 5
What is Cryptography? Dallas Web Security Group 4/8/2013 6
What is Cryptography? … Cryptography focuses on one major problem – How do we establish communication secure from third parties? Definition • The science or study of the techniques of secret writing, especially code and cipher systems, methods, and the like The Perfect Cryptographic System • What should it do? – Provide secure communication – Anything else?? • What other characteristics should it have? – Hard or impossible to decrypt – Simple to understand/implement – Fast – Versatile in terms of medium (internet, paper messages, radio, etc.) – Deterministic – Variable – Walks your dog Dallas Web Security Group 4/8/2013 7
What is Cryptography? … Four basic principles • Encryption – How do we convert data into some unreadable form? • Authentication – How can I prove you are who you say you are? • Integrity – How can I be sure the message you sent hasn’t been modified? • Non Repudiation – How can I prove that the message was sent by you, even if you deny it? Dallas Web Security Group 4/8/2013 8
What is Cryptography? … Encryption – How do we convert data into some unreadable form? • The sender and receiver share some “secret” that they only know. This secret is then used to encrypt and decrypt messages so that intercepted messages are unreadable. • What do we want? – Has to be hard or impossible to decrypt (computationally intractable) – Has to be hard to decrypt even if the attacker has access to an unlimited number of plaintext and its corresponding ciphertext – Need some way to distribute our secret key without a secure channel (key distribution problem) Dallas Web Security Group 4/8/2013 9
What is Cryptography? … Authentication – How can I prove you are who you say you are? • Why do we need this? – Internet is inherently anonymous – Trust is a problem – What if a trusted source has been compromised? How do we know? Dallas Web Security Group 4/8/2013 10
What is Cryptography? … Integrity – How can I be sure the message you sent hasn’t been modified? • Why do we need this? – The internet is essentially a series of handoffs between routers – Even if the endpoints are secure, and intermediary router could be compromised – Possible to modify encrypted text even if an attacker can’t understand it Dallas Web Security Group 4/8/2013 11
What is Cryptography? … Non Repudiation – How can I prove the message was sent by you, even if you deny it? • Why do we need this? – Legal reasons – Digital signatures – Accountability Dallas Web Security Group 4/8/2013 12
How do we get these principles? Dallas Web Security Group 4/8/2013 13
How do we get these principles? … Two predominate methods • Symmetric Key Cryptography – “Familiar” approach – Sender and receiver share a secret key and use that secret key to encrypt and decrypt messages • Asymmetric Key Cryptography (Public Key Cryptography) – Pairs of keys - each entity as a public key, which is shared to everyone, and a private key, which is shared to no one – Any message encrypted with a public key can be decrypted with a private key and vice versa, but an encrypted message cannot be decrypted by the same key that encrypted it as in symmetric key encryption • In practice, the methods are typically used together as a way to play off the advantages of each – RSA/IDEA – DSA/BLOWFISH Dallas Web Security Group 4/8/2013 14
Symmetric Key Cryptography Dallas Web Security Group 4/8/2013 15
Symmetric Key Cryptography … Symmetric Key Cryptography • Principles satisfied – Encryption - Yes! – Authentication - ??? – Integrity - ??? – Non repudiation - ??? • Advantages – Fast – Conceptually simple to understand • Disadvantages – How do we distribute keys?  Hardcode keys?  Some other way?? – Can we satisfy our four baseline principles? Dallas Web Security Group 4/8/2013 16
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange • The algorithm relies on the mathematical identity: – (ga)b mod p = (gb mod p)a mod p Dallas Web Security Group 4/8/2013 17
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Knows: Eve Knows: a=6 b = 15 Computes secret Computes secret integer a = 6 integer b = 15 Dallas Web Security Group 4/8/2013 18
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Eve Knows: Knows: Knows: a=6 b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 Sends prime number p = 23 and Intercepts p and g Recieves p and g base g = 5 Dallas Web Security Group 4/8/2013 19
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Knows: Eve Knows: a=6 Knows: b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 B = 19 Calculates A = Calculates B = ga mod p gb mod p A=8 B = 19 Dallas Web Security Group 4/8/2013 20
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Bob Alice Eve Knows: Knows: Knows: b = 15 a=6 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 B = 19 A=8 A=8 Sends A Intercepts A Recieves A Dallas Web Security Group 4/8/2013 21
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Eve Knows: Knows: Knows: a=6 b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 A=8 B = 19 B = 19 B = 19 A=8 Receives B Intercepts B Sends B Dallas Web Security Group 4/8/2013 22
Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Eve Knows: Knows: Knows: a=6 b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 A=8 B = 19 B = 19 B = 19 A=8 s = ??? s=2 s=2 Computes Computes s = Ba mod p s = Ab mod p s=2 s=2 We know Ba mod p = Ab mod p = (ga)b mod p from our identity: (ga)b mod p = (gb mod p)a mod p Dallas Web Security Group 4/8/2013 23
Symmetric Key Cryptography … What about our four principles? • Now we know we can distribute symmetric keys over an unsecure network to establish a secure channel, can we also use symmetric keys to get our four desired properties? • Encryption – This one is easy! – Alice sends message M to Bob encrypted with their shared key s: Es(M) – Bob decrypts Alice’s message with the shared key: Ds(Es(M)) = M • Authentication – Since the keys are temporary, there’s no good way to establish authenticity baked into the cryptographic system – Authentication is not possible through symmetric key encryption, at least not without using some mechanism external to the cryptographic method itself Dallas Web Security Group 4/8/2013 24
Symmetric Key Cryptography … What about our four principles? • Integrity – Alice sends encrypted message M to Bob Es(M) along with its encrypted hash Es(H(M)) – Bob decrypts Alice’s message Ds(Es(M)) = M and the hash Ds(Es(H(M))) = H(M) – Bob hashes Alices message H(M) and compares it to the hash Alice sent, if the hashes are equal, then we can be confident that integrity holds • Non repudiation – Much like authentication, without permanent keys trust cannot be established, so this is not possible without some external mechanism Dallas Web Security Group 4/8/2013 25
Asymmetric Key Cryptography Dallas Web Security Group 4/8/2013 26
Asymmetric Key Cryptography … Asymmetric Key Cryptography • In asymmetric key cryptography, each party has two keys, a public key and a private keys • The public key is shared to the world, and the private key is kept private • The keys are generated in such a way that any message encrypted by the public key in the pair can only be decrypted by the private key, and vice versa • Advantages – Symmetric Key Cryptography only satisfied two of our four principles. We can do better! – Key distribution isn’t a problem. We want everyone to see our public key! • Disadvantages – Slow, at least compared against symmetric key cryptography – Non intuitive Dallas Web Security Group 4/8/2013 27
Asymmetric Key Cryptography … Encryption - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to send Bob an Decrypts Alice’s encrypted message with message his private key DBpriv(EBpub(M)) Sends Bob a =M message M encrypted with Bob’s public key EBpub(M) Dallas Web Security Group 4/8/2013 28
Asymmetric Key Cryptography … Authentication - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to Sends Bob an validate Alice’s encrypted identity message EBpub(M) “signed” with Decrypts message with her private Alice’s public key key to get DApub(EApriv(EBpub(M))) = EApriv(EBpub(M)) EBpub(M)) Then, decrypts with private key DBpriv(EBpub(M)) = M Dallas Web Security Group 4/8/2013 29
Asymmetric Key Cryptography … Integrity - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to know Sends Bob an Alice’s message encrypted hasn’t been message modified EBpub(Mo) and the hash Decrypts message of that DBpriv(EBpub(Mr)) = Mr message, Decrypts hash encrypted DBpriv(EBpub(H(Mo))) = H(Mo) EBpub(H(Mo)) Verify integrity by hashing received message H(Mr) = H(Mo) Dallas Web Security Group 4/8/2013 30
Asymmetric Key Cryptography … Non Repudiation - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to Sends Bob an validate Alice’s encrypted identity message EBpub(M) “signed” with Decrypts message with her private Alice’s public key key to get DApub(EApriv(EBpub(M))) = EApriv(EBpub(M)) EBpub(M)) Then, decrypts with private key DBpriv(EBpub(M)) = M Dallas Web Security Group 4/8/2013 31
Asymmetric Key Cryptography … How does asymmetric key cryptography work? • Asymmetric key cryptography works in a similar manner to symmetric key cryptography except that the keys are generated in a special manner that allows them to decrypt only messages encrypted by the other key in the pair • While there are many ways to do this, the most common algorithm is known as the RSA keygen algorithm • RSA Algorithm: 1. Choose two distinct prime numbers p and q 2. Compute n = pq 3. Compute φ(n) = (p – 1)(q – 1) where φ is Euler’s totient function 4. Chose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 (e and φ(n) are coprime) 5. Solve for d given de ≡ 1 (mod φ(n)) 6. Compute keys: Public key: (n, e); To encrypt: C ≡ Me (mod n) Private key (n, d); To decrypt: M ≡ Ce (mod n) Dallas Web Security Group 4/8/2013 32
Asymmetric Key Cryptography … RSA key generation algorithm 1. Choose two distinct prime numbers p and q p = 61 q = 53 Dallas Web Security Group 4/8/2013 33
Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 2. Compute n = pq n = (61)(53) = 3233 Dallas Web Security Group 4/8/2013 34
Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 3. Compute the totient of the product (pq) as (p - 1)(q - 1) φ(3233) = (61 - 1)(53 - 1) = 3120 Dallas Web Security Group 4/8/2013 35
Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 4. Choose and number 1 < e < φ(n) that is coprime to φ(n) Picking this number could be hard, but if we choose a prime number, then we just have to make sure that 3120 isn’t divisible by it So lets choose e = 17 Dallas Web Security Group 4/8/2013 36
Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 e = 17 5. Solve for d given de ≡ 1 (mod φ(n)) This is a different way to write the modular multiplicative inverse of e (mod φ(n)) d(17) ≡ 1 (mod 3120) d = 2753 (17 * 2753 = 46801 which has remainder 1 when divided by 3120) Dallas Web Security Group 4/8/2013 37
Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 e = 17 d = 2753 • To encrypt, our public key is (n = 3233, e = 17) with function C ≡ Me (mod n) Lets say M = 65 C ≡ 6517 (mod 3233) C = 2790 Dallas Web Security Group 4/8/2013 38
Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 e = 17 d = 2753 C = 2790 • To decrypt, our private key is (n = 3233, d = 2753) with function M ≡ Cd (mod n) M ≡ 2790 2753 (mod 3233) M = 65 Dallas Web Security Group 4/8/2013 39
Credits Dallas Web Security Group 4/8/2013 40
Credits … Credits • Credera • http://dictionary.reference.com/browse/cryptography • http://www.thegeekstuff.com/2012/07/cryptography-basics/ • http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html • All of Wikipedia • http://mathworld.wolfram.com Dallas Web Security Group 4/8/2013 41
Q&A Dallas Web Security Group 4/8/2013 42

Recomendados

Introduction to STIX 101
Introduction to STIX 101Introduction to STIX 101
Introduction to STIX 101stixproject
 
Everything about TAXII
Everything about TAXIIEverything about TAXII
Everything about TAXIIstixproject
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanJoao Galdino Mello de Souza
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGAVenkata Kishore
 
Securing Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudSecuring Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudLiwei Ren任力偉
 
128 BIT WHAT?
128 BIT WHAT?128 BIT WHAT?
128 BIT WHAT?Razorpoint Security
 
Em24873876
Em24873876Em24873876
Em24873876IJERA Editor
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 

Recomendados

Introduction to STIX 101
Introduction to STIX 101Introduction to STIX 101
Introduction to STIX 101stixproject
 
Everything about TAXII
Everything about TAXIIEverything about TAXII
Everything about TAXIIstixproject
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanJoao Galdino Mello de Souza
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGAVenkata Kishore
 
Securing Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudSecuring Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudLiwei Ren任力偉
 
128 BIT WHAT?
128 BIT WHAT?128 BIT WHAT?
128 BIT WHAT?Razorpoint Security
 
Em24873876
Em24873876Em24873876
Em24873876IJERA Editor
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 
1 id and fort riley weekly news update 2 8-13
1 id and fort riley weekly news update 2 8-131 id and fort riley weekly news update 2 8-13
1 id and fort riley weekly news update 2 8-13LawDawg___7879
 
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group
 
Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas Web Security Group
 
National pet dental health month
National pet dental health monthNational pet dental health month
National pet dental health monthMegan Hart
 
Employee engagement overview of findings
Employee engagement overview of findingsEmployee engagement overview of findings
Employee engagement overview of findingsCindy Joice
 
Flores
FloresFlores
Floresjamach53
 
Digility Corporate Introduction
Digility Corporate IntroductionDigility Corporate Introduction
Digility Corporate IntroductionAnkush Gupta
 
Tresorit intro - Europas 2014
Tresorit intro - Europas 2014Tresorit intro - Europas 2014
Tresorit intro - Europas 2014BME Management Szakkollégium
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloudn|u - The Open Security Community
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Correcthorsebatterystaple dwsg 07 09-13
Correcthorsebatterystaple dwsg 07 09-13Correcthorsebatterystaple dwsg 07 09-13
Correcthorsebatterystaple dwsg 07 09-13Dallas Web Security Group
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Are You Leveraging the Cloud? Or is it Leveraging You?
Are You Leveraging the Cloud? Or is it Leveraging You?Are You Leveraging the Cloud? Or is it Leveraging You?
Are You Leveraging the Cloud? Or is it Leveraging You?Tom Mumford
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Preventionrefaeli
 
SecurityBasics.ppt
SecurityBasics.pptSecurityBasics.ppt
SecurityBasics.pptssuser7ec6af
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paperLuisa Francisco
 
Dama - Protecting Sensitive Data on a Database
Dama - Protecting Sensitive Data on a DatabaseDama - Protecting Sensitive Data on a Database
Dama - Protecting Sensitive Data on a Databasejohanswart1234
 
Data security in clouds
Data security in cloudsData security in clouds
Data security in cloudsimVishhh
 

Más contenido relacionado

Destacado

1 id and fort riley weekly news update 2 8-13
1 id and fort riley weekly news update 2 8-131 id and fort riley weekly news update 2 8-13
1 id and fort riley weekly news update 2 8-13LawDawg___7879
 
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group
 
Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas Web Security Group
 
National pet dental health month
National pet dental health monthNational pet dental health month
National pet dental health monthMegan Hart
 
Employee engagement overview of findings
Employee engagement overview of findingsEmployee engagement overview of findings
Employee engagement overview of findingsCindy Joice
 
Digility Corporate Introduction
Digility Corporate IntroductionDigility Corporate Introduction
Digility Corporate IntroductionAnkush Gupta
 

Destacado (7)

1 id and fort riley weekly news update 2 8-13
1 id and fort riley weekly news update 2 8-131 id and fort riley weekly news update 2 8-13
1 id and fort riley weekly news update 2 8-13
 
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
 
Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2
 
National pet dental health month
National pet dental health monthNational pet dental health month
National pet dental health month
 
Employee engagement overview of findings
Employee engagement overview of findingsEmployee engagement overview of findings
Employee engagement overview of findings
 
Flores
FloresFlores
Flores
 
Digility Corporate Introduction
Digility Corporate IntroductionDigility Corporate Introduction
Digility Corporate Introduction
 

Similar a Fundamentals of Cryptography

Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Are You Leveraging the Cloud? Or is it Leveraging You?
Are You Leveraging the Cloud? Or is it Leveraging You?Are You Leveraging the Cloud? Or is it Leveraging You?
Are You Leveraging the Cloud? Or is it Leveraging You?Tom Mumford
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Preventionrefaeli
 
SecurityBasics.ppt
SecurityBasics.pptSecurityBasics.ppt
SecurityBasics.pptssuser7ec6af
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paperLuisa Francisco
 
Dama - Protecting Sensitive Data on a Database
Dama - Protecting Sensitive Data on a DatabaseDama - Protecting Sensitive Data on a Database
Dama - Protecting Sensitive Data on a Databasejohanswart1234
 
Data security in clouds
Data security in cloudsData security in clouds
Data security in cloudsimVishhh
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesMurali Krishna
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!Kevin Fisher
 
What is cloud encryption
What is cloud encryptionWhat is cloud encryption
What is cloud encryptionPrancer Io
 

Similar a Fundamentals of Cryptography (20)

Tresorit intro - Europas 2014
Tresorit intro - Europas 2014Tresorit intro - Europas 2014
Tresorit intro - Europas 2014
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Correcthorsebatterystaple dwsg 07 09-13
Correcthorsebatterystaple dwsg 07 09-13Correcthorsebatterystaple dwsg 07 09-13
Correcthorsebatterystaple dwsg 07 09-13
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Are You Leveraging the Cloud? Or is it Leveraging You?
Are You Leveraging the Cloud? Or is it Leveraging You?Are You Leveraging the Cloud? Or is it Leveraging You?
Are You Leveraging the Cloud? Or is it Leveraging You?
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Prevention
 
SecurityBasics.ppt
SecurityBasics.pptSecurityBasics.ppt
SecurityBasics.ppt
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paper
 
Dama - Protecting Sensitive Data on a Database
Dama - Protecting Sensitive Data on a DatabaseDama - Protecting Sensitive Data on a Database
Dama - Protecting Sensitive Data on a Database
 
Data security in clouds
Data security in cloudsData security in clouds
Data security in clouds
 
Cyber security
Cyber securityCyber security
Cyber security
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modules
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
 
What is cloud encryption
What is cloud encryptionWhat is cloud encryption
What is cloud encryption
 

Último

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Último (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Fundamentals of Cryptography

  • 1. Credera is a full-service management and Dallas Office Houston Office Austin Office Denver Office 15303 Dallas Parkway 800 Town & Country Blvd 9020 N Capital of Texas Hwy 5445 DTC Parkway technology consulting firm. Our clients range Suite 300 Suite 300 Suite 345 Suite 1040 from Fortune 1,000 companies to emerging Addison, TX 75001 Houston, TX 77024 Austin, TX 78759 Greenwood Village, CO 80111 industry leaders. We provide expert, objective advice to help solve complex business and 972.692.0010 Phone 713.496.0711 Phone 512.327.1112 Phone 303.623.1344 Phone technology challenges. 972.692.0019 Fax 713.401.9650 Fax 512.233.0844 Fax 303.484.4577 Fax
  • 2. Fundamentals of Cryptography Dallas, TX March 12, 2013 John Lutteringer Discussion document – Strictly Confidential & Proprietary
  • 3. Agenda … Tonight we will overview some cryptography principles, and how symmetric and asymmetric approaches address them • What is Cryptography? – Definition – Four basic principles • How do we get these principles? – Two methods • Symmetric Key Cryptography – Diffie-Hellman key exchange – Limitations • Asymmetric Key Cryptography – Satisfying cryptographic principles – RSA keygen algorithm • Q&A Dallas Web Security Group 4/8/2013 3
  • 4. Introduction Dallas Web Security Group 4/8/2013 4
  • 5. Introduction … John Lutteringer John Lutteringer John Lutteringer is a Consultant in the Custom Java practice at Credera. John graduated from Baylor University with a BS in Computer Science – Software Engineering and a minor in Mathematics. His technical skills include a focus on predominately open source web technologies with Java + Spring MVC as the most familiar. Additionally, John is familiar with relevant technologies like HTML and CSS, Javascript, SQL, and also agile development methodologies, software development life cycle, software design, and design patterns. John’s background in web security comes from a combination of personal study and schooling along with a passion for learning about new technologies. Dallas Web Security Group 4/8/2013 5
  • 6. What is Cryptography? Dallas Web Security Group 4/8/2013 6
  • 7. What is Cryptography? … Cryptography focuses on one major problem – How do we establish communication secure from third parties? Definition • The science or study of the techniques of secret writing, especially code and cipher systems, methods, and the like The Perfect Cryptographic System • What should it do? – Provide secure communication – Anything else?? • What other characteristics should it have? – Hard or impossible to decrypt – Simple to understand/implement – Fast – Versatile in terms of medium (internet, paper messages, radio, etc.) – Deterministic – Variable – Walks your dog Dallas Web Security Group 4/8/2013 7
  • 8. What is Cryptography? … Four basic principles • Encryption – How do we convert data into some unreadable form? • Authentication – How can I prove you are who you say you are? • Integrity – How can I be sure the message you sent hasn’t been modified? • Non Repudiation – How can I prove that the message was sent by you, even if you deny it? Dallas Web Security Group 4/8/2013 8
  • 9. What is Cryptography? … Encryption – How do we convert data into some unreadable form? • The sender and receiver share some “secret” that they only know. This secret is then used to encrypt and decrypt messages so that intercepted messages are unreadable. • What do we want? – Has to be hard or impossible to decrypt (computationally intractable) – Has to be hard to decrypt even if the attacker has access to an unlimited number of plaintext and its corresponding ciphertext – Need some way to distribute our secret key without a secure channel (key distribution problem) Dallas Web Security Group 4/8/2013 9
  • 10. What is Cryptography? … Authentication – How can I prove you are who you say you are? • Why do we need this? – Internet is inherently anonymous – Trust is a problem – What if a trusted source has been compromised? How do we know? Dallas Web Security Group 4/8/2013 10
  • 11. What is Cryptography? … Integrity – How can I be sure the message you sent hasn’t been modified? • Why do we need this? – The internet is essentially a series of handoffs between routers – Even if the endpoints are secure, and intermediary router could be compromised – Possible to modify encrypted text even if an attacker can’t understand it Dallas Web Security Group 4/8/2013 11
  • 12. What is Cryptography? … Non Repudiation – How can I prove the message was sent by you, even if you deny it? • Why do we need this? – Legal reasons – Digital signatures – Accountability Dallas Web Security Group 4/8/2013 12
  • 13. How do we get these principles? Dallas Web Security Group 4/8/2013 13
  • 14. How do we get these principles? … Two predominate methods • Symmetric Key Cryptography – “Familiar” approach – Sender and receiver share a secret key and use that secret key to encrypt and decrypt messages • Asymmetric Key Cryptography (Public Key Cryptography) – Pairs of keys - each entity as a public key, which is shared to everyone, and a private key, which is shared to no one – Any message encrypted with a public key can be decrypted with a private key and vice versa, but an encrypted message cannot be decrypted by the same key that encrypted it as in symmetric key encryption • In practice, the methods are typically used together as a way to play off the advantages of each – RSA/IDEA – DSA/BLOWFISH Dallas Web Security Group 4/8/2013 14
  • 15. Symmetric Key Cryptography Dallas Web Security Group 4/8/2013 15
  • 16. Symmetric Key Cryptography … Symmetric Key Cryptography • Principles satisfied – Encryption - Yes! – Authentication - ??? – Integrity - ??? – Non repudiation - ??? • Advantages – Fast – Conceptually simple to understand • Disadvantages – How do we distribute keys?  Hardcode keys?  Some other way?? – Can we satisfy our four baseline principles? Dallas Web Security Group 4/8/2013 16
  • 17. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange • The algorithm relies on the mathematical identity: – (ga)b mod p = (gb mod p)a mod p Dallas Web Security Group 4/8/2013 17
  • 18. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Knows: Eve Knows: a=6 b = 15 Computes secret Computes secret integer a = 6 integer b = 15 Dallas Web Security Group 4/8/2013 18
  • 19. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Eve Knows: Knows: Knows: a=6 b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 Sends prime number p = 23 and Intercepts p and g Recieves p and g base g = 5 Dallas Web Security Group 4/8/2013 19
  • 20. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Knows: Eve Knows: a=6 Knows: b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 B = 19 Calculates A = Calculates B = ga mod p gb mod p A=8 B = 19 Dallas Web Security Group 4/8/2013 20
  • 21. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Bob Alice Eve Knows: Knows: Knows: b = 15 a=6 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 B = 19 A=8 A=8 Sends A Intercepts A Recieves A Dallas Web Security Group 4/8/2013 21
  • 22. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Eve Knows: Knows: Knows: a=6 b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 A=8 B = 19 B = 19 B = 19 A=8 Receives B Intercepts B Sends B Dallas Web Security Group 4/8/2013 22
  • 23. Symmetric Key Cryptography … Solving the key distribution problem - Diffie-Hellman key exhange Alice Bob Eve Knows: Knows: Knows: a=6 b = 15 p = 23 p = 23 p = 23 g=5 g=5 g=5 A=8 A=8 B = 19 B = 19 B = 19 A=8 s = ??? s=2 s=2 Computes Computes s = Ba mod p s = Ab mod p s=2 s=2 We know Ba mod p = Ab mod p = (ga)b mod p from our identity: (ga)b mod p = (gb mod p)a mod p Dallas Web Security Group 4/8/2013 23
  • 24. Symmetric Key Cryptography … What about our four principles? • Now we know we can distribute symmetric keys over an unsecure network to establish a secure channel, can we also use symmetric keys to get our four desired properties? • Encryption – This one is easy! – Alice sends message M to Bob encrypted with their shared key s: Es(M) – Bob decrypts Alice’s message with the shared key: Ds(Es(M)) = M • Authentication – Since the keys are temporary, there’s no good way to establish authenticity baked into the cryptographic system – Authentication is not possible through symmetric key encryption, at least not without using some mechanism external to the cryptographic method itself Dallas Web Security Group 4/8/2013 24
  • 25. Symmetric Key Cryptography … What about our four principles? • Integrity – Alice sends encrypted message M to Bob Es(M) along with its encrypted hash Es(H(M)) – Bob decrypts Alice’s message Ds(Es(M)) = M and the hash Ds(Es(H(M))) = H(M) – Bob hashes Alices message H(M) and compares it to the hash Alice sent, if the hashes are equal, then we can be confident that integrity holds • Non repudiation – Much like authentication, without permanent keys trust cannot be established, so this is not possible without some external mechanism Dallas Web Security Group 4/8/2013 25
  • 26. Asymmetric Key Cryptography Dallas Web Security Group 4/8/2013 26
  • 27. Asymmetric Key Cryptography … Asymmetric Key Cryptography • In asymmetric key cryptography, each party has two keys, a public key and a private keys • The public key is shared to the world, and the private key is kept private • The keys are generated in such a way that any message encrypted by the public key in the pair can only be decrypted by the private key, and vice versa • Advantages – Symmetric Key Cryptography only satisfied two of our four principles. We can do better! – Key distribution isn’t a problem. We want everyone to see our public key! • Disadvantages – Slow, at least compared against symmetric key cryptography – Non intuitive Dallas Web Security Group 4/8/2013 27
  • 28. Asymmetric Key Cryptography … Encryption - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to send Bob an Decrypts Alice’s encrypted message with message his private key DBpriv(EBpub(M)) Sends Bob a =M message M encrypted with Bob’s public key EBpub(M) Dallas Web Security Group 4/8/2013 28
  • 29. Asymmetric Key Cryptography … Authentication - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to Sends Bob an validate Alice’s encrypted identity message EBpub(M) “signed” with Decrypts message with her private Alice’s public key key to get DApub(EApriv(EBpub(M))) = EApriv(EBpub(M)) EBpub(M)) Then, decrypts with private key DBpriv(EBpub(M)) = M Dallas Web Security Group 4/8/2013 29
  • 30. Asymmetric Key Cryptography … Integrity - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to know Sends Bob an Alice’s message encrypted hasn’t been message modified EBpub(Mo) and the hash Decrypts message of that DBpriv(EBpub(Mr)) = Mr message, Decrypts hash encrypted DBpriv(EBpub(H(Mo))) = H(Mo) EBpub(H(Mo)) Verify integrity by hashing received message H(Mr) = H(Mo) Dallas Web Security Group 4/8/2013 30
  • 31. Asymmetric Key Cryptography … Non Repudiation - Can we satisfy our four basic principles? Alice Bob Public Key: Apub Public Key: Bpub Private Key: Apriv Private Key: Bpriv Wants to Sends Bob an validate Alice’s encrypted identity message EBpub(M) “signed” with Decrypts message with her private Alice’s public key key to get DApub(EApriv(EBpub(M))) = EApriv(EBpub(M)) EBpub(M)) Then, decrypts with private key DBpriv(EBpub(M)) = M Dallas Web Security Group 4/8/2013 31
  • 32. Asymmetric Key Cryptography … How does asymmetric key cryptography work? • Asymmetric key cryptography works in a similar manner to symmetric key cryptography except that the keys are generated in a special manner that allows them to decrypt only messages encrypted by the other key in the pair • While there are many ways to do this, the most common algorithm is known as the RSA keygen algorithm • RSA Algorithm: 1. Choose two distinct prime numbers p and q 2. Compute n = pq 3. Compute φ(n) = (p – 1)(q – 1) where φ is Euler’s totient function 4. Chose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 (e and φ(n) are coprime) 5. Solve for d given de ≡ 1 (mod φ(n)) 6. Compute keys: Public key: (n, e); To encrypt: C ≡ Me (mod n) Private key (n, d); To decrypt: M ≡ Ce (mod n) Dallas Web Security Group 4/8/2013 32
  • 33. Asymmetric Key Cryptography … RSA key generation algorithm 1. Choose two distinct prime numbers p and q p = 61 q = 53 Dallas Web Security Group 4/8/2013 33
  • 34. Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 2. Compute n = pq n = (61)(53) = 3233 Dallas Web Security Group 4/8/2013 34
  • 35. Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 3. Compute the totient of the product (pq) as (p - 1)(q - 1) φ(3233) = (61 - 1)(53 - 1) = 3120 Dallas Web Security Group 4/8/2013 35
  • 36. Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 4. Choose and number 1 < e < φ(n) that is coprime to φ(n) Picking this number could be hard, but if we choose a prime number, then we just have to make sure that 3120 isn’t divisible by it So lets choose e = 17 Dallas Web Security Group 4/8/2013 36
  • 37. Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 e = 17 5. Solve for d given de ≡ 1 (mod φ(n)) This is a different way to write the modular multiplicative inverse of e (mod φ(n)) d(17) ≡ 1 (mod 3120) d = 2753 (17 * 2753 = 46801 which has remainder 1 when divided by 3120) Dallas Web Security Group 4/8/2013 37
  • 38. Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 e = 17 d = 2753 • To encrypt, our public key is (n = 3233, e = 17) with function C ≡ Me (mod n) Lets say M = 65 C ≡ 6517 (mod 3233) C = 2790 Dallas Web Security Group 4/8/2013 38
  • 39. Asymmetric Key Cryptography … RSA key generation algorithm p = 61 q = 53 n = 3233 φ(n) = 3120 e = 17 d = 2753 C = 2790 • To decrypt, our private key is (n = 3233, d = 2753) with function M ≡ Cd (mod n) M ≡ 2790 2753 (mod 3233) M = 65 Dallas Web Security Group 4/8/2013 39
  • 40. Credits Dallas Web Security Group 4/8/2013 40
  • 41. Credits … Credits • Credera • http://dictionary.reference.com/browse/cryptography • http://www.thegeekstuff.com/2012/07/cryptography-basics/ • http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html • All of Wikipedia • http://mathworld.wolfram.com Dallas Web Security Group 4/8/2013 41
  • 42. Q&A Dallas Web Security Group 4/8/2013 42

Notas del editor

  1. Here’s a little about meConsultant at CrederaI know some languagesBaylor – BS CSNot a security expert – don’t do this professionallyLearned a lot in this presentationHope you will tooFirst time presenting at a user grp &amp; for this long
  2. Turns out there are 4Read themTransition: “SO LETS TALK ABOUT EACH OF THEM”
  3. Read title1st bullet – symmetric keyKey distribution is a chicken and egg problem, we need a secure channel to distribute our key so we can create a secure channel for communication…
  4. Internet anonymity – Ips change, spoofing sites, phishing attacks, changing a letter in the url, etc… trust hierarchy can protect us from all of thisTalk briefly about the internet’s web of trust: your browser trusts Amazon because Amazon’s key is signed by VeriSign’s key and VeriSign’s key is hardcoded into your browser as assumed to be trustworthy since it’s a root CA
  5. At every router there is an opportunity for the contents of your packets to changeIt would be easy for a malicious person with access to compromised router to flip random bits in an encrypted message, even if he didn’t know what they meant. This could end up being catastrophic if you had no way of testing this.
  6. Related to Authentication. If you’re developing the concept of digital signatures to prove you are who you say you are, then I also want to be able to prove that you did, indeed, agree to something that had your digital signature on it even after the fact
  7. Describe eachRelate to real word &amp; using bothRSA/IDEA- pgp
  8. ASK THE AUDIENCE – Any ideas for key distribution?
  9. Don’t get too caught up in the math, its there for anyone interested and to prove that it works!Just think of it as exploiting a mathematical identity to hide values
  10. Bob is a very sensitive man &amp; cryptographic expertIntegers are typically large
  11. G can be any integer
  12. a and b ARE transmitted, but their values are “hidden” in the mathematical identity, so that even someone who can see the messages can’t extract the hidden value (key) without one of the originalsLimitation: can’t determine the key
  13. What problem are we trying to solve here? TRUSTASK THE AUDIENCE: How would we solve the next principle - Encryption
  14. ASK THE AUDIENCE: How would we solve the next principle - Authentication
  15. ASK THE AUDIENCE: How would we solve the next principle - Integrity
  16. ASK THE AUDIENCE: How would we solve the next principle – Non repudiation
  17. AMAZON &amp; VERSIGN – TIE IT ALL TOGTHER
  18. Totient function just counts the number of integers from 1 to n that are relatively prime to n. That is… they share no common divisors except 1, or the only number that evenly divides both of them is 1.φ = PHIφ(n) is just a number that we calculate from (p – 1)(q – 1), so think of it as just a numberTriple equals means congruentCongruent means for a ≡ b (mod n) that a − b is an integer multiple of n OR the same as saying a / n and b /n have THE SAME REMAINDERde ≡ 1 (mod φ(n)) is a simpler notation for the modular multiplicative inverse of e-1 = d (mod φ(n))Basically, we want to find a d so that de mod φ(n) = 1 mod φ(n) which is like saying we want to find a d so that de / φ(n) has a remainder of 1, because 1 mod anything is 1Don’t worry, we’re going to go through this step by step….
  19. Don’t get too caught up in the math, its there for anyone interested and to prove that it works!Just think of it as exploiting a mathematical identity to hide values
  20. Once again, just think of φ(3233) as a number!It’s just (61 - 1)(53 - 1) = 3120
  21. Coprime means they share no common divisors other than 1. Since 17 is prime, by definition its only divisors are 1 and 17, so as long as 17 doesn’t evenly divide 3120, we’re good.
  22. Probably the most difficult step to grasp, but its actually really simpleThink: Congruent! We want to find d so that the remainder of de / 3120 is the same as 1 / 3120 which is 1! So…We just want to look for a number that when multiplied by 17, divides by 3120 with a remainder of 1There are algorithms to do this quickly, but its easily brute forced… just count up from 1, multiply by 17… divide by 3120… does it have a remainder 1?
  23. Think: Congruent! We want to find C so remainder of C / n is equal to remainder of Me / nExactly the same thing as before. We can think of this as just solving for 65^17 / 3233… what is the remainder? 2790
  24. Think: Congruent! We want to find M so remainder of M / n is equal to remainder of Cd / nExactly the same thing as before. We can think of this as just solving for 2790^2753 / 3233… what is the remainder? 65! Which was our original message!!