Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems.

Slides:



Advertisements
Similar presentations
Block Cipher Modes of Operation and Stream Ciphers
Advertisements

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Lecture 23 Symmetric Encryption
CS470, A.SelcukModes of Operation1 Encrypting with Block Ciphers CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
SEC835 Cryptography Basic. Major Security Services Present in any web application Cryptography, or cryptosystem User’s authentication Access control Audit.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Crypto Bro Rigby. History
Chapter 20 Symmetric Encryption and Message Confidentiality.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
SEC835 Cryptography Basic. Major Security Services Present in any web application Cryptography, or cryptosystem User’s authentication Access control Audit.
A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski.
Lecture 4: Using Block Ciphers
Chapter 20 Symmetric Encryption and Message Confidentiality.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.
Network Security Lecture 4 Modes of Operation Waleed Ejaz
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.
Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
BLOCK CIPHER SYSTEMS OPERATION MODES OF DATA ENCRYPTION STANDARD (DES)
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections first (skipping 3.2.2)
TE/CS 536 Network Security Spring 2005 – Lecture 8 Security of symmetric algorithms.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Lecture 23 Symmetric Encryption
Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Various Attacks on Cryptosystems slides (c) 2012 by Richard Newman.
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
Block Cipher Encrypting a large message Electronic Code Book (ECB) message m1 m2 m3 m4 m5 m6 c1 c2 c3 c4 c5 c6 E E E Secret.
Block Cipher Modes CS 465 Make a chart for the mode comparisons
مروري برالگوريتمهاي رمز متقارن(كليد پنهان)
Symmetric-Key Encryption
Block vs Stream Ciphers
Counter Mode, Output Feedback Mode
Elect. Codebook, Cipher Block Chaining
Presentation transcript:

Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems

Security Goals Confidentiality Integrity Availability

Security’s Methods Authentication Access Control Accountability

Discussion Overview Algorithms Protocols Implementations Resources

Classes of Encryption Symmetric Encryption Hashing Random Number Generation Asymmetric Encryption (Public Key)

Symmetric Algorithms Use a secret key to both encrypt and decrypt Are fast Operate on fixed-size blocks (8 or 16 bytes) DES, Triple-DES, AES, RC4, Blowfish

NIST National Institute of Standards and Technology Computer Security Resource Center (CSRC) Federal Information Processing Standards (FIPS) Special Publication 800 (SP-800)

Symmetric Modes Electronic Code Book (ECB) Cipher Block Chaining (CBC) Output Feedback (OFB) Cipher Feedback (CFB) Counter (CTR) More …

Electronic Code Book (ECB)

Encrypted Using ECB Mode

Cipher Block Chaining (CBC)

Encrypted Using CBC Mode

Initialization Vector Not secret Must be unique for each stream or file. Reused IVs reveal patterns in the first blocks of ciphertext.

Common File Headers PDFs %PDF-1.3 JPEG JFIF EXE MZ Therefore, IVs must be unique for each key!

CBC Weaknesses One bad block corrupts the chain Only sequential access Unsuitable for stream ciphers

Block vs. Stream Ciphers Block Ciphers –Operate on data of known, finite size –Files, hard drives Stream Ciphers –Operate on data of unknown, indefinite size –Network flow, media

Cipher Feedback (CFB) Symmetric cipher is a pseudo-random number generator. Plaintext XOR’ed with PRN, not encrypted by cipher.

CFB Weaknesses One bad block corrupts the chain. Only sequential access. Can’t be computed in parallel.

Counter (CTR)

Common Weaknesses Key Secrecy Key Quality

Key Management Locking Is EasyKey Management Is Hard

What Is Key Quality? Computational infeasibility of brute-force attack

What Is Key Quality? Computational infeasibility of brute-force attack DES Key: 56-bits = 72,057,594,037,927,936 keys

What Is Key Quality? Computational infeasibility of brute-force attack DES Key: 56-bits = 72,057,594,037,927,936 keys How secure? Security measured in time. “When” not “if”

Security of 56 Bit DES? 29 PCBs of 64 ASICs = 1856 ASICs! Checked +90b keys/s  9 days Built by EFF in 1998 for $250,000

Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000

Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000

Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000 AES Key: 256-bits = e+77 = 115,792,089,237,316,195,423,570,985,008,690,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000

Advanced Encryption Standard (AES) AES Key: 128-bits = e+38 = 340,282,366,920,938,463,463,374,607,431,770,000,000 AES Key: 192-bits = e+57 = 6,277,101,735,386,680,763,835,789,423,207,700,000,000, 000,000,000,000,000,000 AES Key: 256-bits = e+77 = 115,792,089,237,316,195,423,570,985,008,690,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000 Mass of all visible matter in the universe equiv. 4.0 e+78 hydrogen atoms!

Measuring Key Quality Entropy The likelihood of selecting any single key out of all possible keys.

How to Measure Entropy? 0x F5264

How to Measure Entropy? 0x F P a S s W o R d

How to Measure Entropy? 0x F P a S s W o R d Many keys are derived from passwords. Memorizable pwds = negative effect on entropy.

Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys

Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896

Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits

Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes!

Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes! 8 chars of alpha-only = 52^8 = 53,459,728,531,456 ~ 45 bits

Entropy of Passwords 64-bits = 1.8 E+19 = 18,446,744,073,709,551,616 keys 8 chars of lower, upper, numeric = 62^8 = 218,340,105,584,896 ~ 47 bits –Deep Crack Brute Force in 40 minutes! 8 chars of alpha-only = 52^8 = 53,459,728,531,456 ~ 45 bits 8 chars, lower-only = 26^8 = 208,827,064,576 ~ 37 bits

Measuring Key Entropy

Dictionary Attacks Reduce entropy by leveraging language patterns

Dictionary Attacks Reduce entropy by leveraging language patterns Merriam-Webster: 250,000 words 250,000 special/scientific 250,000 proper nouns (?) - 1,000 words that are <5 characters = 740,000 ~ 19 bits

Dictionary Attacks Reduce entropy by leveraging language patterns Merriam-Webster: 250,000 words 250,000 special/scientific 250,000 proper nouns (?) - 1,000 words that are <5 characters = 740,000 ~ 19 bits Random use of upper and lower case –Add one bit per char length (max) Random use of upper, lower and numbers –Add ~1.5 bits per char length (max)

Cryptographic Hashing Works like a CRC or checksum Impossible to reverse 128, 160 and 256 bits long Small changes in the plaintext create vast changes in the hash MD5, SHA-1, SHA-256

Hashing Applications Validating data –Verifying download packages (md5sum) Increasing key entropy –2 n hash operations adds n bits of entropy Obscuring passwords

Sending Passwords in the Clear

Obscuring Passwords

Replay Attack

Zero-Knowledge Proof Proving a user knows a piece of data without divulging that piece of data.

Challenge-Response Protocol

NTLM Authentication

!

Challenge-Response Protocol Vulnerabilities “Stolen Verifier” Attack No Mutual Authentication

Implementations SSL IPSec Secure Protocols

Recommended Reading “Applied Cryptography” By Bruce Schneier “Practical Cryptography” By Bruce Schneier “Secrets and Lies” By Bruce Schneier “Cryptographic Security Architecture” By Peter Gutmann “Parallelizable Enciphering Mode” By Phillip Rogaway

Organizations Commercial –Schneier.com CryptoGram & blog –RSA, Inc. (rsa.com) PKCS –Internet Engineering Taskforce (ietf.org) RFCs –ANSI, ISO, IEEE, W3C Government –Natl. Inst. of Standards & Tech. (nist.gov) FIPS & SP-800 documents –Natl. Security Agency (NSA)

Happy Crypting! Presentation Created By Dave Stycos April, 2010 © 2010, Zocalo Data Systems, Ltd.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.