The secrets of keeping secrets
Download
1 / 53

The Secrets of Keeping Secrets - PowerPoint PPT Presentation


  • 207 Views
  • Uploaded on

The Secrets of Keeping Secrets. Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky [email protected] Crypto—ASCII style. ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001 a = 1100001

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The Secrets of Keeping Secrets' - jethro


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The secrets of keeping secrets

The Secrets of Keeping Secrets

Gary J Porter

Senior Network Analyst

MindWorks, Inc. of Kentucky

[email protected]


Crypto ascii style
Crypto—ASCII style

  • ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation

    • A = 1000001

    • a = 1100001

  • Because ASCII uses bits to represent letters, it’s a kind of cypher


Transposition cipher
Transposition Cipher

  • One of the simplest transposition ciphers substitutes the first and second digits and the third and forth digits

  • Megan

    • ASCII— 1001101 1100101 1100111 1100001 1101110

    • Cypher— 0110101 0011101 0011111 0011001 0010110

  • 5 ) 1 % “


Key based algorithm
Key-Based Algorithm

The security of key-based algorithms is based on the secrecy of the algorithm, the key(s), or both


Private key cryptosystem symmetric

ANQR1DBw

4DokTETykx

LwQB/9JZe

7eCzXW

9iYVNOT

HWjioKOI

Dear Cindy,

You are so

beautiful!

Private Key Cryptosystem(Symmetric)

Same Encryption Key

ANQR1DBw

4DokTETykx

LwQB/9JZe

7eCzXW

9iYVNOT

HWjioKOI

Dear Cindy,

You are so

beautiful!

Cypher Text

Cypher Text

Clear Text

Clear Text


Modified substitution cipher
Modified Substitution Cipher

  • Message = COOL

  • In ASCII

  • Key = MEGAN

  • Ciphertext

Key longer than message is okay

1000010100111110011111001100

01101010011101001111100110010010110

1110111101001010100001010101


Modified substitution cipher1
Modified Substitution Cipher

  • Can be broken with simple techniques

  • Not secure

SECURE


Whitfield diffie
Whitfield Diffie

  • Interested (obsessed!) with the key distribution problem

  • Imagined two strangers meeting on the net—wondered how they would send secret messages


Martin hellman
Martin Hellman

  • Was reluctant to even talk to Diffie

  • Eventually became Diffie’s crypto-partner

  • Solved the key exchange problem


Cryptography algorithms and keys
Cryptography: Algorithms and Keys

  • A method of encryption and decryption is called a cipher

  • Generally there are two related functions

    • Encryption

    • Decryption

  • All modern algorithms use a key to control encryption and decryption

  • Encryption key may be different from decryption key


From the minds of diffie hellman
From the Minds of Diffie/Hellman

  • The postal problem...

Demonstration


Got here safely.

To: Wilt Diffie

Wow! I can see inside. I think I’ll take a look!

Postman









Why the Postal Example Won’t Work

  • Alice’s key

    • abcdefghijklmnopqrstuvwxyz

    • EDIRCTOYNUWAPFLMBGJZHKQXVS

  • Bob’s key

    • Abcdefghijklmnopqrstuvwxyz

    • ZNAMSREVILYUCKOGJTBWDXQHPF

  • Message lost my hotel key

  • Encrypted with Alice’s key ALJZ PV YLZCA WCV

  • Encrypted with Bob’s key UOBW CP VOWSU YSP

  • Decrypted with Alice’s key HLDQ IM KLQJH VJM

  • Decrypted with Bob’s key VUMJ IC YUJLV XLC


One way functions
One-Way Functions

  • Diffie and Hellman were not interested in two-way functions, only solving the problem with one-way functions

  • Because they could imagine the postal example, there MUST be a solution


Bob

Alice

sender

receiver


Types of algorithms symmetric encryption

k

k

Types of AlgorithmsSymmetric (Encryption)

Bob

Alice

Enck

sender

receiver

encryption

decryption

M ciphertext

ciphertext M

Deck


One way function
One-Way Function

Demonstration


5 + 10 (mod 12) = 3

8 + 31 (mod 12) = 3



56

29

7N mod (98219)

7N mod (98219)

729 mod (98219) = 75149

756 mod (98219) = 67665

67665

75149

6766529 mod (98219)

7514956 mod (98219)

40912

40912


A mathematical genius
A Mathematical Genius?!

  • Whitfield Diffie is best known for his 1975 discovery of the concept of Public Key Cryptography


Rivest shamir adleman
Rivest ShamirAdleman


Types of algorithms public key asymmetric encryption

pubkey

privkey

M ciphertext

ciphertext M

Encpubkey

Decprivkey

Types of AlgorithmsPublic Key (Asymmetric Encryption)

sender

receiver

decryption

encryption


pubkey

pubkey

privkey

Types of AlgorithmsPublic Key (Asymmetric Encryption)

sender

receiver

decryption

encryption

M ciphertext

ciphertext

Encpubkey

Dec

pubkey


pubkey

pubkey

pubkey

privkey

Types of AlgorithmsPublic Key (Asymmetric Encryption)

sender

receiver

encryption

M ciphertext

decryption

Encpubkey

ciphertext TRASH!

Dec

pubkey


Encryption and decryption

Jna fq h5tunb89d`58jdf[835gj

Encryption and Decryption

M is the message, E is encryption, C is Ciphertext, D is decryption

C

M

M

D

E

The following identity must hold true

D(C) = M, where C = E(M)


Secret key cryptography

Jna fq h5tunb89d`58jdf[835gj

Secret Key Cryptography

K

K

C

M

M

S

R

D

E

K is the secret key shared by both the

sender (S) and receiver (R)

Symmetric Encryption


Public key cryptography

Jna fq h5tunb89d`58jdf[835gj

Public Key Cryptography

KR(pub)

KR(pri)

C

M

M

S

R

D

E

KR(pub) is Receiver’s public key and KR(pri) is Receiver’s private key

Asymmetric Encryption




Rsa key generation
RSA Key Generation

  • Pick large random primes p,q

  • Let p*q = n and =(p-1)(q-1)

  • Choose a random number e such that: 1<e< and gcd(e, )=1 (relative primes)

  • Calculate the unique number d such that 1<d< and d*e  1 (mod ) (d is inverse of e)

  • The public key is {e,n} and the private key is {d,n}

  • The factors p and q may be kept private or destroyed


Pierre de fermat
Pierre de Fermat

  • Discovered that—if you use a prime number for the modulus, then raising a number to the power (prime-1) is always 1

    • m(p-1) mod p = 1

    • According to Fermat, this works with any prime number p and any positive m that’s less than p, therefore

      1 < m < p

  • What is 710 mod 11

The answer is 1


Leonhard euler pronounced oiler
Leonhard Euler (pronounced “Oiler”)

  • Discovered Fermat’s relationship held true when using the product of two primes as the modulus

    • n = pq

    • m(p-1)(q-1) mod n = 1

    • Works so long as p and q are relative prime to one another

  • If p = 11 and q=5, what is [m(p-1)(q-1) mod 55] ?


m(p-1)(q-1) mod n = 1

Euler:

So...

Fermat: m(p-1) mod p = 1


So...

Euler: m(p-1)(q-1) mod n = 1

m(p-1)(q-1) mod n

Fermat: m(p-1) mod p = 1

m(p-1) mod p

=


Rsa key generation1
RSA Key Generation

  • Pick large random primes p,q

    • p = 5, q = 11

  • Let p*q = n and =(p-1)(q-1)

    • The encrypting modulus n = pq = 55

    •  = (p-1)(q-1) = (4)(10) = 40

  •  + 1 = e * d(we’re looking for both e and d)

    • 41 = e * d (but no two number multiplied together equal 41)

    • 41 is prime but, using modular math — 41 becomes 1 mod 40

    • e * d = 1 mod 40


Rsa key generation2
RSA Key Generation

  • We’ll use 3 for e

  • 3 * d = 1 mod 40

    • Using Extended Euclidian algorithm, d = 27


Encrypting using rsa review
Encrypting Using RSA (Review)

  • Step 1: generate two prime numbers, p and q

  • Step 2: Combine the primes n=pq

  • Step 3: Combine the primes another way, =(p-1)(q-1)

  • Step 4: Using , generate a key pair, e and d

  • Step 5: Using e, d, and n, encrypt and decrypt


Rsa mechanical overview
RSA Mechanical Overview

  • Basically

    • Alice: me mod n → c

    • Bob: cd mod n → m


Encrypting/Decrypting, Step—by—Step

  • Lets encrypt the letter “G” (for Gary)

    • For simplicity sake, we’ll represent “g” as 7, the 7th letter of the alphabet

  • So, 7public key * encrypting modulus

    • 73 * mod 55 = 13

  • To decrypt, 13private key * encrypting modulus

    • 1327 * mod 55 = 7


Gary j porter s pgp public key
Gary J Porter’s PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGP Personal Security 7.0.3

mQGiBDtsK/URBAD+OujjPRvMu22fq9T78fRA2ijOzzKH9HeXHZ81x8C3D/wJF7ea

1ToD42sk6kV6+fcI2JGV4YrApXkzu7TfmU8T5eUxPsk4YY7q4ZP7JCmTVwPWeROJ

ZH6QHjyBQUm792trCFbmuOl+t5PjY8TZwBBo4Hrm/kvgex+OfqzZEi4hlwCg/2YV

HCcvjAKa/tfDgaq9ei9NZW8D/0WiVnOqZUSqlBfG69oi0PGWtRXiJqIKsZj6Ljtw

qtxk3W5G+BqWOcI+Az3m2pGoaXzlz7z9n1iDx0ZufNzLu38/wh9FZe86817V9Y8X

jvSTf0UY/T7+BbMNF1OquUz9BaSis+a6tvsoF1Ya/657IkLhCO4CEHOc+eggFtkV

r+0eBACfHMZ4x5dxj+YtOV5eN5gxQcyjAB2NFBj+GFnBV2wezX3D6TaHpx3VwEZh

AHDeSLySoRs6bmhmd16mVdsgE/u5Em49Sc1Y59WzJGwfKAis6hHhDt4Htyhum281

impMbkEZAxIgbQplWoUivxk8LwuLjMfrfdq0+WWeLF4fJUGWBLQkR2FyeSBKIFBv

cnRlciA8cG9ydGVyQGRpZ2l0YWxtZS5jb20+iQBYBBARAgAYBQI7bCv1CAsDCQgH

AgEKAhkBBRsDAAAAAAoJENkIAq1B47uW7F8AoNfRgtp+9IYs/gpcLxT8XVlul54f

AKDH6bA2D4CR2l1sxW71RFIWEMX+CrkCDQQ7bCv1EAgA9kJXtwh/CBdyorrWqULz

Bej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHT

UPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq

01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O

9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcK

ctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TIL

OwACAggA7WTvMQ0WgywmeT2+ZdQTio1UvBtkLZTV5PBTWLnMXhSAL+JIY2D4xnP4

Coh+Mf2PuZ6c4IxpFVF/ywnekW2wX53qqWV0tjbTcbQ7lwkg276hQPUOfWU7UaZn

cyxFznRPc2OiO6SpzIpcVHY1nJ8uLOvhSTU67vTOonNri5zlR/ev91SPK1azTjtQ

W7jqb+v2z72Lxh/BgtDiFld8cXMmbHYdjZ9cPpW0JsKZ+tBwl2SsJXtopst4PYmw

2hoLYA0DS+Q0X8OIxROLxQXqinEaKhjP+s6XU+q9x85McR9mT8HaCdliE1W0yToL

2dLHnwEKBBDN5vLi8+SnHjTRNU/b7IkATAQYEQIADAUCO2wr9QUbDAAAAAAKCRDZ

CAKtQeO7luHBAJ45z2IW9D0g/2pZVSHFwzTsDOob3QCg+6rozdE+M57CTDNQE5Ay

uoxxTWE=

=DeGR

-----END PGP PUBLIC KEY BLOCK-----




Novell international cryptographic infrastructure nici
Novell International Cryptographic Infrastructure (NICI)

  • NICI is a layered, hierarchical infrastructure which divides cryptographic functionality among three distinct layers

  • NICI is a modular architecture that allows new cryptographic algorithms to be added without bringing the server down

  • NICI modules are cryptographically signed for protection and for module authentication

  • When government regulations concerning the use and exportation of cryptography change, only NICI needs to change to support the new regulations

  • NICI provides an API set that offers a consistent interface for application developers to use and deploy cryptography within their applications


Nici architecture
NICI Architecture

CCS API

XSUP

XMGR

XLIB

XENG

XIM

XSUP – Cryptography Library

XENG – Cryptography Manager

XMGR – Cryptography Engine

XLIB - Cryptography Engine Support

XIM - Cryptography Interface Manager

NICI—Novell International Cryptographic Infrastructure


ad