\def\lximg{/usr/share/lx/icons/fueller.png} \newcommand{\superscript}[1]{\ensuremath{^{\textrm{#1}}}} \newcommand{\subscript}[1]{\ensuremath{_{\textrm{#1}}}} \input{configpres} \subsection{Cryptography} \title{Cryptography} \maketitle \def\lximg{none} % ---------------------------- \begin{frame} \frametitle{Overview} \tableofcontents \end{frame} % ---------------------------- \subsubsection{Fundamentals} \begin{frame}[fragile] \frametitle{Cryptography: Historical} \begin{itemize} \item First mention: 300 BC in ancient Egypt \item Mechanical Systems \item Character Exchange Tables and Codebooks \item Problem: Crypto Analysis, Transmission \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Cryptography: Modern} \begin{itemize} \item Revolution starts in 1970 \item Cryptography for non-military purpose \item Data Encryption Standard (DES: 1976) \item Secret Key Exchange (Diffie, Hellmann: 1976) \item Private/Public Key: RSA Algorithm (Rivest, Shamir, Adleman: 1977) \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Kerckhoffs's principle} Auguste Kerckhoff (1883) on \emph{La Cryptographie Militaire} \begin{itemize} \item \dots \item It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience. \item \dots \end{itemize} Conclusion: \begin{itemize} \item No \emph{Security by Obscurity} \item The strength of the system must depend on the secret of the key, not on the secret of the algorithm \item published and standardized method/algorithm \\ (eliminate failures in theory) \item open implementation \\ (eliminate failures in implementation) \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Terminology} \begin{itemize} \item Encoding \item Encryption \item Hashing \item Obfuscation \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Encoding} \begin{itemize} \item Data Transformation \begin{itemize} \item Consumability (different systems) \item Transportability \end{itemize} \item Public available Transformation Scheme \item No information secret! \item Encoding Schemes \begin{itemize} \item ASCII \item BASE64 \item Unicode \item ROT13 \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Encryption} \begin{itemize} \item Data Transformation \begin{itemize} \item Security \item Privacy \end{itemize} \item public available Algorithm \item non-public available Message Secret (Key) \item Encryption Methods \begin{itemize} \item Block-Ciphers, symm./asymm. \item DES, AES, Blowfish \item RSA, ECC \item Stream-Ciphers \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Hash} \begin{itemize} \item Data Transformation \begin{itemize} \item Message integrity \item Input: variable length (0..x) \item Output: fixed length (e.g. 128bit) \end{itemize} \item No information secret! \item Hash algorithms \item MD-Family (MD2, MD4, MD5, MD6) \item SHA-1, SHA-2, SHA-3 \item GHASH \item HMAC, CBC-MAC \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Obfuscation} \begin{itemize} \item Data Re-order / Re-format \begin{itemize} \item Consumability restriction \item Prevent Attacks or Leak of Information \end{itemize} \item Obstacle only, no information secret! \item e.g. Code Obfuscation \begin{itemize} \item Make it hard for Humans to read/understand \item Compiler/Interpreter still work \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Cryptographic Methods I} \begin{itemize} \item Cryptographic Hashes \begin{itemize} \item one-way functions \item "The workhorses of modern cryptography" \\ (Bruce Schneier, Cryptanalysis of MD5 and SHA: Time for a New Standard) \item Required properties \begin{itemize} \item fast \item no correlation: \\ small changes in input shall cause an extensively changed hash \item no reverse function: \\ infeasible to recreate a message from its hash \item no collision: \\ infeasible to find 2 messages with the same hash \end{itemize} \item Usage \begin{itemize} \item Message Digest, Check-sum, Fingerprint \item Message Authentication \item Signature \end{itemize} \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Cryptographic Methods II} \begin{itemize} \item Asymmetric encryption methods \begin{itemize} \item expensive and slow \item Public and Private Key \item Key Exchange \end{itemize} \item Symmetric encryption methods \begin{itemize} \item efficient and fast \item single Key \item Bulk Data Encryption/Hashes \end{itemize} \item non-linear behavior \item resistant against \begin{itemize} \item statistical analysis \item differential cryptanalysis \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{Hash Methods} \begin{frame}[fragile] \frametitle{Message Digest Algorithm} \begin{itemize} \item MD2, MD4 \begin{itemize} \item MD2: successful attacks (collision, preimage) since 1997 \item MD4: first successful collision attack published in 1995 \item 2004: "MD2 can no longer be considered a secure one-way hash function" \item 2009: Security Update disables MD2 in OpenSSL \end{itemize} \item MD5 \begin{itemize} \item published 1992 (by R. Rivest) \item Hash Size: 128 \item Block size: 512 \item Rounds: 4 \end{itemize} \item MD6 \begin{itemize} \item published 2008 (by R. Rivest) \item Hash Size: up to 512 bit (variable) \item Rounds: variable \item Modes: keyed and un-keyed \end{itemize} \item Recommendations: \begin{itemize} \item no usage of MD2 or MD4 \item MD5 only for tasks with low security requirements \\ (e.g. check-sums for downloads) \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Secure Hash Algorithm} \begin{itemize} \item SHA-1 \begin{itemize} \item SHA-1, SHA-0 replacement (small modification, harder to attack) \item SHA-0: published in 1993 (by NSA) \item SHA-1: published in 1995 (by NSA) \item since 2005: recommendation to replace SHA-1 with SHA-2 \item 2017: main browsers will deny SSL-certificates using SHA-1 \end{itemize} \item SHA-2 \begin{itemize} \item SHA-224, SHA-256, SHA-384, SHA-512 \item published 2001 (by NSA) \item Hash Size: 224, 256, 384, or 512 bit \item Shortened SHA-512 variants: \\ SHA-512/224, SHA-512/256 \item Rounds: 64 or 80 \end{itemize} \item SHA-3 \begin{itemize} \item developed as KECCAK \item published 2011 \\ (by G. Bertoni, J. Daemen, M. Peeters, G. v. Assche) \item Hash Size: variable (usual: 224, 256, 384, or 512 bit) \item Rounds: 24 (in SHA-3) \end{itemize} \item Recommendations \begin{itemize} \item at least SHA-2, SHA-3 if possible \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Other Hash Algorithm} \begin{itemize} \item GHASH \begin{itemize} \item based on Galois-field multiplication \item calculation in parallel \item used in Galois Counter Mode (GCM) \end{itemize} \item Stream-cipher based Hashes \begin{itemize} \item hash: last block of stream cipher \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{Symmetric Encryption Methods} \begin{frame}[fragile] \frametitle{Data Encryption Standard (DES)} \begin{itemize} \item S-Box based, \\ 56 bit key size, \\ 64 bit cipher block size \item developed by IBM and NSA \item 1975: First publication \item 1976: accepted as standard \item 1977: published as FIPS PUB 46 \item TDES is recommended as replacement since 1999 \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Advanced Encryption Standard (AES)} \begin{itemize} \item S-Box based, \\ 128, 192, 256 bit key size, \\ 128 bit cipher block size \item 1997: public selection process started by NIST \item 1999: end of 1st round: 15 algorithms \item 2000: end of 2nd round: 6 algorithms \item 2000: Rijndael published as AES in October \end{itemize} \end{frame} % ---------------------------- \subsubsection{Asymmetric Encryption Methods} \begin{frame}[fragile] \frametitle{Asymmetric Methods} \begin{itemize} \item based on one-way methods \item encryption with public information \item decryption only with private information \item RSA \begin{itemize} \item 512 to 4096 bit key size \item min. 2048 bit recommended \end{itemize} \item Elliptic Curve Cryptography (ECC) \begin{itemize} \item 160 to 512 bit key size \item equivalent security with shorter key size \item RSA/DH 2048 equivalent to ECDH 224 \end{itemize} \end{itemize} \end{frame} % ---------------------------- \subsubsection{Applications} \begin{frame}[fragile] \frametitle{Hash-based Message Authentication Code (HMAC)} \begin{columns}[onlytextwidth] \begin{column}{0.5\textwidth} \begin{itemize} \item Authentication of a message \item Symmetric Key \item outer pad: 0x5c5c\dots5c \item inner pad: 0x3636\dots36 \item Notation: HMAC-SHA1, HAMC-MD5,etc. \end{itemize} \end{column} \begin{column}{0.5\textwidth} \begin{figure}[h] \centering \includegraphics[width=4cm]{images/sec_crypto_hmac.png} \end{figure} \end{column} \end{columns} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Modes of Operation} \begin{itemize} \item turn Block Cipher into a Stream Cipher \item disarrange repeating patterns \end{itemize} \begin{figure}[h] \centering \includegraphics[scale=0.3]{images/crypto_3tux.png} \end{figure} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Cipher Block Chaining (CBC)} \begin{itemize} \item Decryption in parallel \item damaged IV affects first plaintext block \item one-bit flip in ciphertext affects whole plaintext block and the corresponding bit in the following plaintext block \item Multiple Cipherblock Size only, padding required (e.g. with CBC-CS) \end{itemize} \begin{figure}[h] \centering \includegraphics[scale=0.3]{images/crypto-cbc.png} \end{figure} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Cipher Feedback (CFB)} \begin{itemize} \item Required only Block Encryption \item Decryption in parallel \item No padding required \end{itemize} \begin{figure}[h] \centering \includegraphics[scale=0.3]{images/crypto-cfb.png} \end{figure} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Counter (CTR)} \begin{itemize} \item Required only Block Encryption \item Encryption and Decryption in parallel \item En-/decryption can be prepared in advance \item No padding required \end{itemize} \begin{figure}[h] \centering \includegraphics[scale=0.3]{images/crypto-ctr.png} \end{figure} \end{frame} % ---------------------------- \subsubsection{Protocols} \begin{frame}[fragile] \frametitle{SSL/TLS Handshake (1)} Secure Key Exchange \begin{itemize} \item Phase 1 \begin{itemize} \item Client / Server exchange Random Numbers (RN\subscript{c} and RN\subscript {s}) \item Negotiate Session Parameter (encryption method, compression) \end{itemize} \item Phase 2 \begin{itemize} \item Server Certificate (incl. PubK\subscript{s}), checked by Client \item opt: Client verify Server Certificate Signature \item opt: Server request signed Client Certificate \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{SSL/TLS Handshake (2)} \begin{itemize} \item Phase 3: \begin{itemize} \item Client Certificate (incl. PubK\subscript{c}), checked by Server \item Hash over all previous messages, signed with PrivK\subscript{c}, checked by Server \item Client calculate Pre-Master-Secret (PMS) \item Encrypted PMS (with PubK\subscript{s}) to Server \item Both sides calculate Master-Secret with RN\subscript{c}, RN\subscript{s} and PMS \end{itemize} \item Phase 4: \begin{itemize} \item Both sides switch to encrypted communication with MS \end{itemize} \end{itemize} \end{frame} % ---------------------------- \begin{frame}[fragile] \frametitle{Open Crypto Libraries} \begin{itemize} \item OpenSSL: libcrypto and libssl \\ Implementations and Hardware support for most common algorithms \item LibreSSL \\ fork of openSSL \item mbedTLS \\ implementation for embedded systems \\ new name for PolarSSL \item GnuTLS: GNU SSL/TLS implementation \\ Focus on TLS handshaking and protocol implementation \item PKCS\#11 (API for Smartcard Slots and Tokens) \\ OpenSC Project \\ opencryptoki \end{itemize} \end{frame} % ---------------------------- \subsubsection{Related Links} \begin{frame}[fragile] Starting point on Wikipedia \begin{itemize} \item \url{http://en.wikipedia.org/wiki/Cryptography} \end{itemize} National Institute of Standards and Technology \begin{itemize} \item \url{http://www.nist.gov} \end{itemize} RSA Labratories \begin{itemize} \item \url{http://www.rsa.com} \end{itemize} \end{frame} \subsection{} \input{tailpres}