Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems.

Similar presentations


Presentation on theme: "Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems."— Presentation transcript:

1 Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems

2

3 Security Goals Confidentiality Integrity Availability

4 Security’s Methods Authentication Access Control Accountability

5 Discussion Overview Algorithms Protocols Implementations Resources

6 Classes of Encryption Symmetric Encryption Hashing Random Number Generation Asymmetric Encryption (Public Key)

7 Symmetric Algorithms Use a secret key to both encrypt and decrypt Are fast Operate on fixed-size blocks (8 or 16 bytes) DES, Triple-DES, AES, RC4, Blowfish

8 NIST National Institute of Standards and Technology Computer Security Resource Center (CSRC) Federal Information Processing Standards (FIPS) Special Publication 800 (SP-800)

9 Symmetric Modes Electronic Code Book (ECB) Cipher Block Chaining (CBC) Output Feedback (OFB) Cipher Feedback (CFB) Counter (CTR) More …

10 Electronic Code Book (ECB)

11

12 Encrypted Using ECB Mode

13 Cipher Block Chaining (CBC)

14 Encrypted Using CBC Mode

15 Initialization Vector Not secret Must be unique for each stream or file. Reused IVs reveal patterns in the first blocks of ciphertext.

16 Common File Headers PDFs %PDF-1.3 JPEG JFIF EXE MZ Therefore, IVs must be unique for each key!

17 CBC Weaknesses One bad block corrupts the chain Only sequential access Unsuitable for stream ciphers

18 Block vs. Stream Ciphers Block Ciphers –Operate on data of known, finite size –Files, hard drives Stream Ciphers –Operate on data of unknown, indefinite size –Network flow, media

19 Cipher Feedback (CFB) Symmetric cipher is a pseudo-random number generator. Plaintext XOR’ed with PRN, not encrypted by cipher.

20 CFB Weaknesses One bad block corrupts the chain. Only sequential access. Can’t be computed in parallel.

21 Counter (CTR)

22 Common Weaknesses Key Secrecy Key Quality

23 Key Management Locking Is EasyKey Management Is Hard

24 What Is Key Quality? Computational infeasibility of brute-force attack

25 What Is Key Quality? Computational infeasibility of brute-force attack DES Key: 56-bits = 72,057,594,037,927,936 keys

26 What Is Key Quality? Computational infeasibility of brute-force attack DES Key: 56-bits = 72,057,594,037,927,936 keys How secure? Security measured in time. “When” not “if”

27 Security of 56 Bit DES? 29 PCBs of 64 ASICs = 1856 ASICs! Checked +90b keys/s  9 days Built by EFF in 1998 for $250,000

28 Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000

29 Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000

30 Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000 AES Key: 256-bits = e+77 = 115,792,089,237,316,195,423,570,985,008,690,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000

31 Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000 AES Key: 256-bits = e+77 = 115,792,089,237,316,195,423,570,985,008,690,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000 Mass of all visible matter in the universe equiv. 4.0 e+78 hydrogen atoms!

32 Measuring Key Quality Entropy The likelihood of selecting any single key out of all possible keys.

33 How to Measure Entropy? 0x F5264

34 How to Measure Entropy? 0x F P a S s W o R d

35 How to Measure Entropy? 0x F P a S s W o R d Many keys are derived from passwords. Memorizable pwds = negative effect on entropy.

36 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys

37 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896

38 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits

39 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes!

40 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes! 8 chars of alpha-only = 52^8 = 53,459,728,531,456 ~ 45 bits

41 Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes! 8 chars of alpha-only = 52^8 = 53,459,728,531,456 ~ 45 bits 8 chars, lower-only = 26^8 = 208,827,064,576 ~ 37 bits

42 Measuring Key Entropy

43

44

45 Dictionary Attacks Reduce entropy by leveraging language patterns

46 Dictionary Attacks Reduce entropy by leveraging language patterns Merriam-Webster: 250,000 words 250,000 special/scientific 250,000 proper nouns (?) - 1,000 words that are <5 characters = 740,000 ~ 19 bits

47 Dictionary Attacks Reduce entropy by leveraging language patterns Merriam-Webster: 250,000 words 250,000 special/scientific 250,000 proper nouns (?) - 1,000 words that are <5 characters = 740,000 ~ 19 bits Random use of upper and lower case –Add one bit per char length (max) Random use of upper, lower and numbers –Add ~1.5 bits per char length (max)

48 Cryptographic Hashing Works like a CRC or checksum Impossible to reverse 128, 160 and 256 bits long Small changes in the plaintext create vast changes in the hash MD5, SHA-1, SHA-256

49 Hashing Applications Validating data –Verifying download packages (md5sum) Increasing key entropy –2 n hash operations adds n bits of entropy Obscuring passwords

50 Sending Passwords in the Clear

51 Obscuring Passwords

52 Replay Attack

53 Zero-Knowledge Proof Proving a user knows a piece of data without divulging that piece of data.

54 Challenge-Response Protocol

55

56

57 NTLM Authentication

58 !

59 Challenge-Response Protocol Vulnerabilities “Stolen Verifier” Attack No Mutual Authentication

60 Implementations SSL IPSec Secure Protocols

61 Recommended Reading “Applied Cryptography” By Bruce Schneier “Practical Cryptography” By Bruce Schneier “Secrets and Lies” By Bruce Schneier “Cryptographic Security Architecture” By Peter Gutmann “Parallelizable Enciphering Mode” By Phillip Rogaway

62 Organizations Commercial –Schneier.com CryptoGram & blog –RSA, Inc. (rsa.com) PKCS –Internet Engineering Taskforce (ietf.org) RFCs –ANSI, ISO, IEEE, W3C Government –Natl. Inst. of Standards & Tech. (nist.gov) FIPS & SP-800 documents –Natl. Security Agency (NSA)

63 Happy Crypting! Presentation Created By Dave Stycos April, 2010 © 2010, Zocalo Data Systems, Ltd.


Download ppt "Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems."

Similar presentations


Ads by Google