Implementing Cryptography: Good Theory vs. Bad Practice

Similar documents
Plaintext-Recovery Attacks Against Datagram TLS

Uses of Cryptography

Summary on Crypto Primitives and Protocols

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

CIS 4360 Secure Computer Systems Applied Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Lecture 1 Applied Cryptography (Part 1)

TLS 1.1 Security fixes and TLS extensions RFC4346

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Cryptographic Concepts

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Cryptography Introduction

PYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER

Authenticated Encryption in TLS

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

Security: Cryptography

(2½ hours) Total Marks: 75

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Wireless LAN Security. Gabriel Clothier

Public Key Algorithms

Advanced Encryption Standard

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

1 Achieving IND-CPA security

Symmetric-Key Cryptography

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Cryptography and Network Security

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

CIS 4360 Secure Computer Systems Symmetric Cryptography

SSH PK Authentication and Auto login configuration for Chassis Management Controller

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Cryptography (Overview)

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Key Establishment and Authentication Protocols EECE 412

Unit 8 Review. Secure your network! CS144, Stanford University

PASSWORDS & ENCRYPTION

CSE 127: Computer Security Cryptography. Kirill Levchenko

Deploying a New Hash Algorithm. Presented By Archana Viswanath

NETWORK SECURITY & CRYPTOGRAPHY

Formal Methods for Assuring Security of Computer Networks

Spring 2010: CS419 Computer Security

Lecture 2 Applied Cryptography (Part 2)

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

Classical Cryptography. Thierry Sans

Lecture 1: Perfect Security

APNIC elearning: Cryptography Basics

Session key establishment protocols

Lecture III : Communication Security Mechanisms

Information Security CS526

Session key establishment protocols

Diffie-Hellman. Part 1 Cryptography 136

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CPSC 467: Cryptography and Computer Security

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Security. Communication security. System Security

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

CS 6903: Modern Cryptography Spring 2011

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

Lecture IV : Cryptography, Fundamentals

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

CS 161 Computer Security

Digital Certificates Demystified

Scanned by CamScanner

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Transport Layer Security

Overview. SSL Cryptography Overview CHAPTER 1

Connecting Securely to the Cloud

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Message authentication codes

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Verifying Real-World Security Protocols from finding attacks to proving security theorems

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

VERIFICATION OF CRYPTO PRIMITIVES MIND THE GAPS. Lennart Beringer, Princeton University

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Pass, No Record: An Android Password Manager

Symmetric, Asymmetric, and One Way Technologies

Protect Yourself Against Security Challenges with Next-Generation Encryption

Computer Security CS 526

Kurose & Ross, Chapters (5 th ed.)

Findings for

CS408 Cryptography & Internet Security

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Study Guide to Mideterm Exam

Introduction to Cryptography. Lecture 6

2.1 Basic Cryptography Concepts

How to Implement Cryptography for the OWASP Top 10 (Reloaded)

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Elements of Security

CPSC 467: Cryptography and Computer Security

What did we talk about last time? Public key cryptography A little number theory

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

Encryption. INST 346, Section 0201 April 3, 2018

Transcription:

Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London

Outline News report What is cryptography? Why is it ever implemented? Why are there problems? Where do they affect in the systems? What could possibly happen? What to do and not to do?

News report Padding oracle attack on ASP.NET

News report Bytes recovery attack (chopchop) on WEP and then on WPA TKIP

News report Padding oracle attacks on Datagram TLS (NDSS 11): Flaws in RFCs: Mac-then-pad-then-encrypt Flaws in implementations: did not follow RFCs Attacks on GPG (2004): Did not choose private key in the right way Implementations reuse key Attacks on Kerberos v.4 (2004): Encryption was not authenticated Attacks on bad random number generators, e.g., Netscape (1996)

News report Attacks on leap-of-faith authentication

News report BIG question: why are all these happening, and what are we going to do?

What is (modern?) cryptography? The practice and studies of an (expanding) set of mathematical techniques toward achieving certain security objectives, such as confidentiality, integrity, non-repudiation, etc.

What is (modern?) cryptography? The practice and studies of an (expanding) set of mathematical techniques toward achieving certain security objectives, such as confidentiality, integrity, non-repudiation, etc. What is so special about this definition?

What is (modern?) cryptography? The practice and studies of an (expanding) set of mathematical techniques toward achieving certain security objectives, such as confidentiality, integrity, non-repudiation, etc. What is so special about this definition? Three important keywords: mathematical, techniques, and toward

Why is cryptography being extensively implemented? Mathematical: proven secure or mathematically reasoned to be secured Provides security services that could otherwise be impossible without A system is only secure until an attack is found

Why are there problems? Revisit how system is being created: Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Design protocols Implement protocols Deploy systems

Why are there problems? Cryptography is about techniques, not readily useable systems Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Mathematically proven Design protocols Mathematically reasoned Implement protocols Deploy systems Empirical studies

Why are there problems Cryptography implementers are often not cryptographers themselves Overestimate the power of cryptography: I don t see a reason to have a x of about the same size as the p. It should be sufficient to have one about the size of q or the later used k plus a large safety margin. Decryption will be much faster with such an x. comments in GPG source code Lack of theoretical knowledge (e.g., cryptography, formal method) to verify the security of the implementations Use of look-like secure components: Mac-then-encrypt, bad random generators, etc. Protocol specifications are sometimes too complicated

Where do problems happen? Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Mac-then-encrypt vs. Encrypt-then-mac Design protocols Implement protocols Deploy systems

Where do problems happen? Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Design protocols Implement protocols Deploy systems

Where do problems happen? Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Design protocols openssl DTLS, GPG Implement protocols Deploy systems

Where do problems happen? Randomness, unique credential Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Design protocols Implement protocols Deploy systems

Where do problems happen? Objectives (confidentiality, integrity, etc.) Assumptions Functions (encryption, hash, sign, etc.) Design schemes Prove security theorems Design primitives (AES, SHA, DSA, etc.) Design protocols Implement protocols Deploy systems Wrong environment: e.g., too many attackers, easy access

What could possibly happen? May bring negative effects if not implemented/deployed properly Crypto attacks might become serious: Plaintext (full/partial) recovery Key compromise Phising Often platform independent

What should we do? Kerckhoffs s principle: do not design/implement your own cryptographic protocols in secret. Eventually they will be discovered. Design your own cryptosystem? Do not deploy it, instead, submit for peer review Use of approved cryptographic libraries, e.g., cryptlib, crypto++, openssl Implementing on your own? Pay attention strictly to all the details of the protocol specification and recommendations Deploying an implementation? Check the assumptions attached to the cryptographic and protocol designs

What should we do? What to do if even things like RFCs and IEEE are flawed? Low risk, but high damage: risk x damage might still be considerable No one man s job to prevent the problems Last significant word: cryptography is about practice and studies of an (expanding) set of mathematical techniques toward achieving certain security objectives: Multi-factor authentication Multi-layer security Backup Incidence response plans Business continuity plans etc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback