1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
\def\lximg{/usr/share/lx/icons/fueller.png}
\newcommand{\superscript}[1]{\ensuremath{^{\textrm{#1}}}}
\newcommand{\subscript}[1]{\ensuremath{_{\textrm{#1}}}}
\input{configpres}
\subsection{Cryptography}
\title{Cryptography}
\maketitle
\def\lximg{none}
\begin{frame}
\frametitle{Contents}
\tableofcontents
\end{frame}
% ----------------------------
\subsubsection{Fundamentals}
\begin{frame}[fragile]
\frametitle{Cryptography: Historical}
\begin{itemize}
\item First mention: 300 BC in ancient Egypt
\item Mechanical Systems
\item Character Exchange Tables and Codebooks
\item Problem: Crypto Analysis, Transmission
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Cryptography: Modern}
\begin{itemize}
\item Revolution starts in 1970
\item Cryptography for non-military purpose
\item Data Encryption Standard (DES: 1976)
\item Secret Key Exchange (Diffie, Hellmann: 1976)
\item Private/Public Key: RSA Algorithm (Rivest, Shamir, Adleman: 1977)
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Kerckhoffs's principle}
Auguste Kerckhoff (1983) on \emph{La Cryptographie Militaire}
\begin{itemize}
\item \dots
\item It must not be required to be secret, and it must be able to fall into
the hands of the enemy without inconvenience
\item \dots
\end{itemize}
Conclusion:
\begin{itemize}
\item No \emph{Security by Obscurity}
\item The strength of the system must depend on the secret of
the key, not on the secret of the algorithm
\item published and standardized method/algorithm \\
(eliminate failures in theory)
\item open implementation \\
(eliminate failures in implementation)
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Cryptographic Methods}
\begin{itemize}
\item Asymmetric methods
\begin{itemize}
\item expensive and slow
\item Public and Private Key
\item Key Exchange
\end{itemize}
\item Symmetric methods
\begin{itemize}
\item efficient and fast
\item single Key
\item Bulk Data Encryption/Hashes
\end{itemize}
\item non-linear behavior
\item resistant against
\begin{itemize}
\item statistical analysis
\item differential cryptanalysis
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{Symmetric Methods}
\begin{frame}
\frametitle{Data Encryption Standard (DES)}
\begin{itemize}
\item S-Box based, \\
56 bit key size, \\
64 bit cipher block size
\item developed by IBM and NSA
\item 1975: First publication
\item 1976: accepted as standard
\item 1977: published as FIPS PUB 46
\item TDES is recommended as replacement since 1999
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Advanced Encryption Standard (AES)}
\begin{itemize}
\item S-Box based, \\
128, 192, 256 bit key size, \\
128 bit cipher block size
\item 1997: public selection process started by NIST
\item 1999: end of 1st round: 15 algorithms
\item 2000: end of 2nd round: 6 algorithms
\item 2000: Rijndael published as AES in October
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{Asymmetric Methods}
\begin{frame}
\frametitle{}
\begin{itemize}
\item based on one-way methods
\item encryption with public information
\item decryption only with private information
\item RSA
\begin{itemize}
\item 512 to 4096 bit key size
\item min. 2048 bit recommended
\end{itemize}
\item Elliptic Curve Cryptography (ECC)
\begin{itemize}
\item 160 to 512 bit key size
\item equivalent security with shorter key size
\item RSA/DH 2048 equivalent to ECDH 224
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{Applications}
\begin{frame}
\frametitle{Modes of Operation}
\begin{itemize}
\item turn Block Cipher into a Stream Cipher
\item disarrange repeating patterns
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[scale=0.3]{images/crypto_3tux.png}
\end{figure}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Cipher Block Chaining (CBC)}
\begin{itemize}
\item Decryption parallelizable
\item damaged IV affects first plaintext block
\item one-bit flip in ciphertext affects whole plaintext block and the
corresponding bit in the following plaintext block
\item Multiple Cipherblock Size only, padding required (e.g. with CBC-CS)
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[scale=0.3]{images/crypto-cbc.png}
\end{figure}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Cipher Feedback (CFB)}
\begin{itemize}
\item Required only Block Encryption
\item Decryption parallelizable
\item No padding required
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[scale=0.3]{images/crypto-cfb.png}
\end{figure}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Counter (CTR)}
\begin{itemize}
\item Required only Block Encryption
\item Encryption and Decryption parallelizable
\item No padding required
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[scale=0.3]{images/crypto-ctr.png}
\end{figure}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{SSL/TLS Handshake (1)}
Secure Key Exchange
\begin{itemize}
\item Phase 1
\begin{itemize}
\item Client / Server exchange Random Numbers (RN\subscript{c} and
RN\subscript {s})
\item Negotiate Session Parameter (encryption method, compression)
\end{itemize}
\item Phase 2
\begin{itemize}
\item Server Certificate (incl. PubK\subscript{s}), checked by Client
\item opt: Client verify Server Certificate Signature
\item opt: Server request signed Client Certificate
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{SSL/TLS Handshake (2)}
\begin{itemize}
\item Phase 3:
\begin{itemize}
\item Client Certificate (incl. PubK\subscript{c}), checked by Server
\item Hash over all previous messages, signed with PrivK\subscript{c}, checked by Server
\item Client calculate Pre-Master-Secret (PMS)
\item Encrypted PMS (with PrivK\subscript{c}) to Server
\item Both sides calculate Master-Secret with RN\subscript{c},
RN\subscript{s} and PMS
\end{itemize}
\item Phase 4:
\begin{itemize}
\item Both sides switch to encrypted communication with MS
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}
\frametitle{Open Crypto Libraries}
\begin{itemize}
\item OpenSSL: libcrypto and libssl \\
Implementations and Hardware support for most common algorithms
\item GnuTLS: GNU SSL/TLS implementation \\
Focus on TLS handshaking and protocol implementation
\item PKCS\#11 (API for Smartcard Slots and Tokens) \\
OpenSC Project \\
opencryptoki
\end{itemize}
\end{frame}
% ----------------------------
\subsubsection{Related Links}
\begin{frame}
Starting point on Wikipedia
\begin{itemize}
\item \url{http://en.wikipedia.org/wiki/Cryptography}
\end{itemize}
National Institute of Standards and Technology
\begin{itemize}
\item \url{http://www.nist.gov}
\end{itemize}
RSA Labratories
\begin{itemize}
\item \url{http://www.rsa.com}
\end{itemize}
\end{frame}
\subsection{}
\input{tailpres}
|
