diff options
Diffstat (limited to 'security/crypto/pres_crypto_en.tex')
| -rw-r--r-- | security/crypto/pres_crypto_en.tex | 278 |
1 files changed, 278 insertions, 0 deletions
diff --git a/security/crypto/pres_crypto_en.tex b/security/crypto/pres_crypto_en.tex new file mode 100644 index 0000000..606f61c --- /dev/null +++ b/security/crypto/pres_crypto_en.tex @@ -0,0 +1,278 @@ +\def\lximg{/usr/share/lx/icons/fueller.png} + +\newcommand{\superscript}[1]{\ensuremath{^{\textrm{#1}}}} +\newcommand{\subscript}[1]{\ensuremath{_{\textrm{#1}}}} + +\input{configpres} + +\subsection{Cryptography} + +\title{Cryptography} +\maketitle + +\def\lximg{none} + +\begin{frame} +\frametitle{Contents} +\tableofcontents +\end{frame} + +% ---------------------------- +\subsubsection{Fundamentals} + +\begin{frame}[fragile] +\frametitle{Cryptography: Historical} +\begin{itemize} +\item First mention: 300 BC in ancient Egypt +\item Mechanical Systems +\item Character Exchange Tables and Codebooks +\item Problem: Crypto Analysis, Transmission +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Cryptography: Modern} +\begin{itemize} +\item Revolution starts in 1970 +\item Cryptography for non-military purpose +\item Data Encryption Standard (DES: 1976) +\item Secret Key Exchange (Diffie, Hellmann: 1976) +\item Private/Public Key: RSA Algorithm (Rivest, Shamir, Adleman: 1977) +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Kerckhoffs's principle} +Auguste Kerckhoff (1983) on \emph{La Cryptographie Militaire} +\begin{itemize} +\item \dots +\item It must not be required to be secret, and it must be able to fall into + the hands of the enemy without inconvenience +\item \dots +\end{itemize} +Conclusion: +\begin{itemize} +\item No \emph{Security by Obscurity} +\item The strength of the system must depend on the secret of +the key, not on the secret of the algorithm +\item published and standardized method/algorithm \\ + (eliminate failures in theory) +\item open implementation \\ + (eliminate failures in implementation) +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Cryptographical Methods} +\begin{itemize} +\item Asymetric methods +\begin{itemize} +\item expensive and slow +\item Public and Private Key +\item Key Exchange +\end{itemize} +\item Symetric methods +\begin{itemize} +\item efficient and fast +\item single Key +\item Bulk Data Encryption/Hashes +\end{itemize} +\item non-linear bahavior +\item resistent against +\begin{itemize} +\item statistical analysis +\item differential crytanalysis +\end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{Symetric Methods} + +\begin{frame} +\frametitle{Data Encryption Standard (DES)} +\begin{itemize} +\item S-Box based, \\ + 56 bit key size, \\ + 64 bit cipher block size +\item developed by IBM and NSA +\item 1975: First publication +\item 1976: accepted as standard +\item 1977: published as FIPS PUB 46 +\item TDES is recommended as replacement since 1999 +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Advanced Encryption Standard (AES)} +\begin{itemize} +\item S-Box based, \\ + 128, 192, 256 bit key size, \\ + 128 bit cipher block size +\item 1997: public selection process started by NIST +\item 1999: end of 1st round: 15 algorithms +\item 2000: end of 2nd round: 6 algorithms +\item 2000: Rijndael published as AES in October +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{Asymetric Methods} + +\begin{frame} +\frametitle{} +\begin{itemize} +\item based on one-way methods +\item encryption with public information +\item decryption only with private information +\item RSA +\begin{itemize} +\item 512 to 4096 bit key size +\item min. 2048 bit recommended +\end{itemize} +\item Elliptic Curve Cryptography (ECC) +\begin{itemize} +\item 160 to 512 bit key size +\item equivalent security with shorter key size +\item RSA/DH 2048 equivalent to ECDH 224 +\end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{Applications} + +\begin{frame} +\frametitle{Modes of Operation} +\begin{itemize} +\item turn Block Cipher into a Stream Cipher +\item disarrange repeating patterns +\end{itemize} +\begin{figure}[h] +\centering +\includegraphics[scale=0.3]{images/crypto_3tux.png} +\end{figure} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Cipher Block Chaining (CBC)} +\begin{itemize} +\item Decryption parallelizable +\item damaged IV affects first plaintext block +\item one-bit flip in ciphertext affects whole plaintext block and the +corresponding bit in the following plaintext block +\item Multiple Cipherblock Size only, padding required (e.g. with CBC-CS) +\end{itemize} +\begin{figure}[h] +\centering +\includegraphics[scale=0.3]{images/crypto-cbc.png} +\end{figure} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Cipher Feedback (CFB)} +\begin{itemize} +\item Required only Block Encryption +\item Decryption parallelizable +\item No padding required +\end{itemize} +\begin{figure}[h] +\centering +\includegraphics[scale=0.3]{images/crypto-cfb.png} +\end{figure} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Counter (CFB)} +\begin{itemize} +\item Required only Block Encryption +\item Encryption and Decryption parallelizable +\item No padding required +\end{itemize} +\begin{figure}[h] +\centering +\includegraphics[scale=0.3]{images/crypto-ctr.png} +\end{figure} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{SSL/TLS Handshake (1)} +Secure Key Exchange +\begin{itemize} +\item Phase 1 +\begin{itemize} +\item Client / Server exchange Random Numbers (RN\subscript{c} and +RN\subscript {s}) +\item Negotiate Session Parameter (encryption method, compression) +\end{itemize} +\item Phase 2 +\begin{itemize} +\item Server Certificate (incl. PubK\subscript{s}), checked by Client +\item opt: Client verify Server Certificate Signature +\item opt: Server request signed Client Certificate +\end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{SSL/TLS Handshake (2)} +\begin{itemize} +\item Phase 3: +\begin{itemize} +\item Client Certificate (incl. PubK\subscript{c}), checked by Server +\item Hash over all previous messages, signed with PrivK\subscript{c}, checked by Server +\item Client calculate Pre-Master-Secret (PMS) +\item Encrypted PMS (with PrivK\subscript{c}) to Server +\item Both sides calculate Master-Secret with RN\subscript{c}, +RN\subscript{s} and PMS +\end{itemize} +\item Phase 4: +\begin{itemize} +\item Both sides switch to encrypted communication with MS +\end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame} +\frametitle{Open Crypto Libraries} +\begin{itemize} +\item OpenSSL: libcrypto and libssl \\ + Implementations and Hardware support for most common algorithms +\item GnuTLS: GNU SSL/TLS implementation \\ + Focus on TLS handshaking and protocol implementation +\item PKCS\#11 (API for Smartcard Slots and Tokens) \\ + OpenSC Project \\ + opencryptoki +\end{itemize} +\end{frame} + +% ---------------------------- +\subsubsection{Related Links} + +\begin{frame} +Starting point on Wikipedia +\begin{itemize} +\item \url{http://en.wikipedia.org/wiki/Cryptography} +\end{itemize} +National Institute of Standards and Technology +\begin{itemize} +\item \url{http://www.nist.gov} +\end{itemize} +RSA Labratories +\begin{itemize} +\item \url{http://www.rsa.com} +\end{itemize} +\end{frame} + +\subsection{} +\input{tailpres} |