Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems.

Published byAdrian Shaw Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems."— Presentation transcript:

1 Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems

2

3 Security Goals Confidentiality Integrity Availability

4 Security’s Methods Authentication Access Control Accountability

5 Discussion Overview Algorithms Protocols Implementations Resources

6 Classes of Encryption Symmetric Encryption Hashing Random Number Generation Asymmetric Encryption (Public Key)

7 Symmetric Algorithms Use a secret key to both encrypt and decrypt Are fast Operate on fixed-size blocks (8 or 16 bytes) DES, Triple-DES, AES, RC4, Blowfish

8 NIST National Institute of Standards and Technology www.nist.gov www.nist.gov Computer Security Resource Center (CSRC) Federal Information Processing Standards (FIPS) Special Publication 800 (SP-800) http://csrc.nist.gov/publications/nistpubs/

9 Symmetric Modes Electronic Code Book (ECB) Cipher Block Chaining (CBC) Output Feedback (OFB) Cipher Feedback (CFB) Counter (CTR) More …

10 Electronic Code Book (ECB)

11

12 Encrypted Using ECB Mode

13 Cipher Block Chaining (CBC)

14 Encrypted Using CBC Mode

15 Initialization Vector Not secret Must be unique for each stream or file. Reused IVs reveal patterns in the first blocks of ciphertext.

16 Common File Headers PDFs %PDF-1.3 JPEG JFIF EXE MZ Therefore, IVs must be unique for each key!

17 CBC Weaknesses One bad block corrupts the chain Only sequential access Unsuitable for stream ciphers

18 Block vs. Stream Ciphers Block Ciphers –Operate on data of known, finite size –Files, hard drives Stream Ciphers –Operate on data of unknown, indefinite size –Network flow, media

19 Cipher Feedback (CFB) Symmetric cipher is a pseudo-random number generator. Plaintext XOR’ed with PRN, not encrypted by cipher.

20 CFB Weaknesses One bad block corrupts the chain. Only sequential access. Can’t be computed in parallel.

21 Counter (CTR)

22 Common Weaknesses Key Secrecy Key Quality

23 Key Management Locking Is EasyKey Management Is Hard

24 What Is Key Quality? Computational infeasibility of brute-force attack

25 What Is Key Quality? Computational infeasibility of brute-force attack DES Key: 56-bits = 72,057,594,037,927,936 keys

26 What Is Key Quality? Computational infeasibility of brute-force attack DES Key: 56-bits = 72,057,594,037,927,936 keys How secure? Security measured in time. “When” not “if”

27 Security of 56 Bit DES? 29 PCBs of 64 ASICs = 1856 ASICs! Checked +90b keys/s  9 days Built by EFF in 1998 for $250,000

28 Advanced Encryption Standard (AES) AES Key: 128-bits = 3.402 e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000

29 Advanced Encryption Standard (AES) AES Key: 128-bits = 3.402 e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = 6.277 e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000

30 Advanced Encryption Standard (AES) AES Key: 128-bits = 3.402 e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = 6.277 e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000 AES Key: 256-bits = 1.157 e+77 = 115,792,089,237,316,195,423,570,985,008,690,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000

31 Advanced Encryption Standard (AES) AES Key: 128-bits = 3.402 e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = 6.277 e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000 AES Key: 256-bits = 1.157 e+77 = 115,792,089,237,316,195,423,570,985,008,690,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000 Mass of all visible matter in the universe equiv. 4.0 e+78 hydrogen atoms!

32 Measuring Key Quality Entropy The likelihood of selecting any single key out of all possible keys.

33 How to Measure Entropy? 0x50615373576F5264

34 How to Measure Entropy? 0x50 61 53 73 57 6F 52 64 P a S s W o R d

35 How to Measure Entropy? 0x50 61 53 73 57 6F 52 64 P a S s W o R d Many keys are derived from passwords. Memorizable pwds = negative effect on entropy.

36 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys

37 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896

38 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits

39 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes!

40 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes! 8 chars of alpha-only = 52^8 = 53,459,728,531,456 ~ 45 bits

41 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes! 8 chars of alpha-only = 52^8 = 53,459,728,531,456 ~ 45 bits 8 chars, lower-only = 26^8 = 208,827,064,576 ~ 37 bits

42 Measuring Key Entropy

43

44

45 Dictionary Attacks Reduce entropy by leveraging language patterns

46 Dictionary Attacks Reduce entropy by leveraging language patterns Merriam-Webster: 250,000 words 250,000 special/scientific 250,000 proper nouns (?) - 1,000 words that are <5 characters = 740,000 ~ 19 bits

47 Dictionary Attacks Reduce entropy by leveraging language patterns Merriam-Webster: 250,000 words 250,000 special/scientific 250,000 proper nouns (?) - 1,000 words that are <5 characters = 740,000 ~ 19 bits Random use of upper and lower case –Add one bit per char length (max) Random use of upper, lower and numbers –Add ~1.5 bits per char length (max)

48 Cryptographic Hashing Works like a CRC or checksum Impossible to reverse 128, 160 and 256 bits long Small changes in the plaintext create vast changes in the hash MD5, SHA-1, SHA-256

49 Hashing Applications Validating data –Verifying download packages (md5sum) Increasing key entropy –2 n hash operations adds n bits of entropy Obscuring passwords

50 Sending Passwords in the Clear

51 Obscuring Passwords

52 Replay Attack

53 Zero-Knowledge Proof Proving a user knows a piece of data without divulging that piece of data.

54 Challenge-Response Protocol

55

56

57 NTLM Authentication

58 ! 0000 0000 00

59 Challenge-Response Protocol Vulnerabilities “Stolen Verifier” Attack No Mutual Authentication

60 Implementations SSL IPSec Secure Protocols

61 Recommended Reading “Applied Cryptography” By Bruce Schneier “Practical Cryptography” By Bruce Schneier “Secrets and Lies” By Bruce Schneier “Cryptographic Security Architecture” By Peter Gutmann “Parallelizable Enciphering Mode” By Phillip Rogaway

62 Organizations Commercial –Schneier.com CryptoGram & blog –RSA, Inc. (rsa.com) PKCS –Internet Engineering Taskforce (ietf.org) RFCs –ANSI, ISO, IEEE, W3C Government –Natl. Inst. of Standards & Tech. (nist.gov) FIPS & SP-800 documents –Natl. Security Agency (NSA)

63 Happy Crypting! Presentation Created By Dave Stycos April, 2010 © 2010, Zocalo Data Systems, Ltd.

Download ppt "Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems."

Similar presentations

Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography.

Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CS470, A.SelcukModes of Operation1 Encrypting with Block Ciphers CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukModes of Operation1 Encrypting with Block Ciphers CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Similar presentations

Ads by Google