Jaap van Ginkel Security of Systems and Networks

Transcription

1 Jaap van Ginkel Security of Systems and Networks November 5, 2012 Part 3 Modern Crypto

2 SSN Week 2 Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES

3 Book Chapter 1 in full Chapter 2 in full Chapter 3 in full emphasis on MD5 and SHA Chapter 4 in full mind the slides! Chapter 5 in full emphasis on MD5 and SHA Chapter 6 only what is covered in class Chapter 7 en 8 only as background to Math sheets

4 Book 2 Chapter 9 in full Chapter 10 in full Chapter slides Chapter 12 just read Chapter 13 and 14 (only slides) Chapter 15 read (only slides)

5 Book 3 Chapter 16 in full Chapter and 19 read (only slides) Chapter tbd

6 Presentations Minimum 20 minutes Research question Related research Approach/Experiments Conclusions Open standards/open Source Example implementations or demo Your findings and personal view

7 Reports Individual contribution Who wrote... Depth and clarity more important than length Discuss and read drafts of report Deadline 23rd December

8 Modern Cryptography Hashes Symmetric Cryptography Stream ciphers Block ciphers Asymmetric Cryptography Public Key Non Secret

9 Some Crypto Properties Deniable Encryption Plausible Deniability Perfect Forward Secrecy Non-repudiation Anti-replay Proof of delivery

10 Cryptographic Hash Different from parity or CRC! Also known as Message Digest Input always delivers fixed length output Hash properties Easy to compute One-way (Can't go back) Collision-resistant (No two inputs result in same hash) Output should be as random as possible (Avalanche) (cryptool demo) 10

11 HASH 11

12 Merkle-Damgård Construction

13 HASH Algorithms MD MD2 MD4 MD5 (IETF RFC1321), SHA SHA-1 (NIST) SHA-2 (Collection) (SHA-256/ /384) SHA-3 (New NIST competition) 2012

14 Demo fraud exam results Birthday Attack Result for the course SSN of the master education SNE ===================================================== Course: Exam date: Credits: Teacher: MSNSSNP6 [Security of Systems and Networks] December 20, ECTS Jaap van Ginkel Student ======= First ===== Fahimeh Nicolas Wicher Tim Edwin Thijs Jos Last ==== Alizadeh Moghaddam Canceill Minnaard Timmermans Schaap Houtenbos van Dijk Result ======

15 Hash Brute force Attacks Exhaustive search Collision Attacks Find m1 and m2 where hash(m1) = hash(m2) Preimage Attacks Find m for hash(m) = h Second Preimage Attacks Find m2 for given m1 where hash(m2) = hash(m1)

16 MD5 128 bit Hash Broken since at least 2005 Still used a lot :-(

17 MD5 Algorithm 128 bit hash 512 bit block processing Padding with 1 then 0 64 Rounds in 4 groups Mi is Message block Ki is Constant F is nonlinear function

18 SHA Secure Hash Algorithm 1993 NIST FIPS SHA-0/SHA-1 Similar to MD5 160 bit Lots of research From 2^80 to 2^69 Move to SHA and 512 bit SHA-3 challenge

19 SHA-2

20 SHA-3 BLAKE Blue Midnight Wish CubeHash (Bernstein) ECHO (France Telecom) Fugue (IBM) Grøstl (Knudsen et al.) Hamsi JH Keccak (Keccak team, Daemen et al.) Luffa Shabal SHAvite-3 SIMD Skein (Schneier et al.)

21 HMAC Keyed-hash message authentication code MAC + Encryption HMAC-MD5 HMAC-SHA-1 Cryptool demo

22 Symmetric Encryption

23 Symmetric Encryption

24 One Time Pad OTP Proven Secure by Shannon Implemented in the Vernam Cipher XOR data stream with pad Truly random pad data needed Hardware noise sources

25 Secret Key Encryption Symmetric Encryption DES (Triple DES) IDEA AES (Rijndael) RC6 Blowfish

26 Key Distribution Expensive Vulnerable Difficult to scale

27 Stream Ciphers

28 Block Ciphers

29 DES DEA is algorithm 64 bits key with parity Effectively 56 bits Theoretically and practically considered cracked

30

31

32 Deep Crack

33 Tripple DES 3 times? In a smart way Key length between 80 en 112 bits EEE EDE with K1, K2, K3, often K1 equals K3.

34 ECB M1 M2 M3 M4 C1 C2 C3 C4 34

35 ECB effect

36 CBC (Cipher Block Chaining) IV IV M1 M2 M3 M4 E E E E C1 C2 C3 C4 36

37 Cipher Block Chaining

38

39 Cipher feedback

40 Output Feedback Mode

41 Use with error correcting codes

42

43 Counter (CTR) Mode Counter (CTR) Also known as Segmented Integer Counter (SIC) mode Random Access possible properties OFB

44 AES Competition Nist MARS RC-6 Rijndael Twofish Serpent

45 Rijndael Winner AES Joan Daemen en Vincent Rijmen

46

47

48

49 Chocolate Key Encryption Courtesy Prof. Ezra Brown of VA Tech.

50 Public Key Cryptography Asymmetric encryption Expensive/Slow Diffie Hellmann RSA PGP

51 El Gamal Dr. Taher Elgamal طاهر الجمل Egyptian American cryptographer

52 Diffie Hellman Merkle

53 Public Key Encryption

54

55

56 1 RFC 2631 Diffie-Hellman Key Agreement Method

57 William Stanley Jevons William Stanley Jevons (September 1, August 13, 1882), English economist and logician,

58 Non Secret Encryption James Ellis Clifford Cocks Secret research at GCHQ

59 RSA Ron Rivest, Adi Shamir en Len Adleman