AES algorithm

452 Views

Download Presentation
## AES algorithm

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**AES algorithm**128 bits/16 bytes Byte substitution Shift Row A round: Mix Column Key Addition**4 bytes**AES algorithm a set of 16 bytes from the file to be encrypted B Y S T U E B s S H I R F O T W Mix column Mix column Mix column Mix column Ki,15 + K A E D Y D Ki,0 +**SECURITY**Cryptology cryptanalysis cryptography symmetric asymmetric protocols We are here stream block ciphers ciphers LFSR DES, 3DES, AES**Asymmetric encryption**https://youtube.com/watch?v=YEBfamv-_do&t=127s**Asymmetric algorithms**Diffe-Hellman first RSA most common Digitial Signature Algorithm U.S. Govt standard ECDSA elliptic curve XTR clever/esoteric field theory stuff Encrypt a file using a public key: opensslrsautl -encrypt -inkeypublic.pem -pubin -in file.txt -out file.ssl**Generate a public/private key pair:**$ opensslgenrsa -out private.pem 1024 Extract the public key: $ opensslrsa -in private.pem -out public.pem -outform PEM -pubout Encrypt a file using a public key: opensslrsautl -encrypt -inkeypublic.pem -pubin -in file.txt -out file.ssl Unencrypt using the private key: opensslrsautl -decrypt -inkeyprivate.pem -in file.ssl -out decrypted.txt**$ cat private.pem**-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQChSCwe6Cut/MbQPrlFXCVJ/vCypeiDnHa//yerdeZ/zNR4oYZ1 d60dRc2Ro1nQNgJEissd9HTy/u4COlaShYHRzyiolCS39mi+hmRp2lRWMfdzBEdc nezeVlptSriGm0dl3bJG9J9EK3/QL25FH4lxHIXxGJY5ldCZOFldp/ITKwIDAQAB AoGAUEwzk0u6e4xvm7yu12aSNi4Uvo01n1kmEl9B6+7uTNC5NDoPTKrB6OIZABqZ G73YETIdAJP2KglcjIVpFtgbkoSUat08ZSKzs1lU/WJRJ7WAVBWPVeYyRdB6OIWs yguE8QuO4PGCG21no1SzgxHTp7Uv1r2RrvZDcHvcLNhK3+kCQQDTz6GNydhaav+L wzSC15AsyaMvy0rwh7NicJR27voDY8VA8WbpqYrt8Gby4yE/kpvRmF7ngjdiZwpU jgwDJVu3AkEAwu3jysmrLt2R76abxhvSr57TYpGGDraBQiK4lvzm61xMhnDMFIH9 sN5/pjQx6ojczWYpSliZn/Sgajn8aU6sLQJBAIw68c2Krdem8UsZ0OEzUDumv4h8 AkBex0/MEy7ups2pt0V4zVazrcw8FhyGbVPGf6zzQRnq5zoZ2AgFB0Tp7d8CQDlG HIAg8SM8Bv0bPvnegvEHAaUcjP8VsLT17rauaEsPO4zk55G/AANP3MHA5Em9HONc +RTXI4xUHC4aC4gFjaECQQCoTw66TwRaSKIS2x3vL8NYYmwo0wh7tbiJm1BhtUrH nGQ/KA4rEJZiUQVv2U50uyjR1mYQZ1ujeqeGmpvDdajS -----END RSA PRIVATE KEY-----**$ cat public.pem**-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChSCwe6Cut/MbQPrlFXCVJ/vCy peiDnHa//yerdeZ/zNR4oYZ1d60dRc2Ro1nQNgJEissd9HTy/u4COlaShYHRzyio lCS39mi+hmRp2lRWMfdzBEdcnezeVlptSriGm0dl3bJG9J9EK3/QL25FH4lxHIXx GJY5ldCZOFldp/ITKwIDAQAB -----END PUBLIC KEY-----**Asymmetric encryption**Symmetric encryption is much faster than public/private key encryption Leading to a hybrid system encrypt with symmetric, use public/private to transmit the key**Keys are mathematically related as we’ve seen**• encrypt with one key, decrypt with the other • given one key, the probability that you could derive the other is so close to zero that even Adi-Ananta-Seshi & Khowarizimi can’t tell the difference**Consider the following scenarios with respect**to the sender, the receiver, and eve: I encrypt something with your public key and send it to you I encrypt something with my public key and send it to you**I encrypt something with my private key and send it to you**I encrypt something with my private key I encrypt a second time with your pubic key then send it to you I encrypt something with your public key the encrypt a second time with your friend’s public key then send it to you**“I encrypt with my private key”**Mathematically sensible, but usually We say sign with the private key and verify with the public key + hash function + padding + usually separate key pair for signing**Electronic signature**• more general • distinct legal concept • standardization varies, as does acceptance and case law • NH 1869 – • enforceability of telegraphs as electronic signatures**Digital signature –**can be used to implement electronic signatures n • Existential forgery • Selective forgery • Universal forgery • Total break**Existential forgery – adversaries can forge the signature**of one message, but not the one they wanted Selective forgery – adversaries can forge the signature of a message of their choice Universal forgery – adversaries can forge the signature of any message though they don’t know the secret key Total break - adversaries know the secret key**+ hash function**+ padding + usually separate key pair for signing “I encrypt with my private key” Vulnerable to existential forgery Pick a random signature, use verification to determine the corresponding message Instead, we hash the message to produce a digest pad it out to a given length, then sign**Digital signature**Hash functions**Hash tables**Hash functions Enough data structures to see the connection Checksum Message digest Digital fingerprint Hash value**Cryptographic hash function**CHF MD5(lynx.cfg)= 1b734f5470ad18e362efcb11bd5907cc**They share attributes**• Deterministic – same hash every time given the same msg • 1 – way • Avalanche – small change in input = big change in output • Finding collisions is difficult • Finding the original msg is difficult • there are infinitely many, but this • is still worth considering**DGST(1) OpenSSL**DGST(1) NAME openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384,sha512, md2, md4, md5, dss1 - message digests SYNOPSIS openssldgst [-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384| -sha512|-md2|-md4|-md5|-dss1] [-c] [-d] [-hex] [-binary] [-r] [-non-fips-allow] [-out filename] [-sign filename] [-keyformarg] [-passinarg] [-verify filename] [-prverify filename] [-signature filename] [-hmac key] [-non-fips-allow] [-fips-fingerprint] [file...]**$ echo "hi" | openssldgst -sha256**(stdin)= 98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4 rjoyce9@ITEC-480-E15748 /etc $ echo "hi " | openssldgst -sha256 (stdin)= 5400fc717d9b2543f5e24da4b2c52f196845455073fd7fcef704c792322a552c $ echo "hi" | openssldgst -sha256 (stdin)= 98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4**But necessarily suffer from collisions**Add ASCII values of letters to hash the words in English == 95% collision rate 3 * hash table size**And… you can’t go backwards**You cannot decrypt a message digest to get the original document Why not?**Crypt(3)**DES Vs CHF’s**rjoyce9@ITEC-480-E15748 /etc**$ echo "this is much muchmuchmuchmuch longer than the length of the resulting digest and, given the same radix, implies collisions" | openssldgst -sha256 (stdin)= 11c5337d902b97bd8f0086a7394e52f0b9c2f2d1ddcaa2ccd6b8682ba42e5442**In theory digital signatures will provide**Authenticity Integrity Non-repudiation What are some weak spots here?**I use your public key to encrypt a top secret document,**then I send it to you. You use the corresponding private key to decrypt and read it What could possibly go wrong?**Digital Certificates**Proves the ownership of a public key (after all, how can you really be sure?) Information in the public key verify the private key and the validity of the certificate – can be independently verified**Typically issued to a person or organization,**but also to a computer or other device SSL - secure socket layer TLS - transport layer security (HTTPS)**PKI – public key infrastructure scheme**The overall roles, policies, procedures needed To make it all work over a large range of e-activities Certificates are issued by a CA – Certificate Authority https://m.youtube.com/watch?v=i-rtxrEz_E8**Registration Authorities**• The “GUI” for the CA • interface • payment • verification of identity documents • Certificate revocation lists • something changed • did you pay me yet?**Root CA, imtermediate CA, hierarchy, chain of trust**https://m.youtube.com/watch?v=heacxYUnFHA**openssl – “robust, commercial-grade, and full-featured**Toolkit for the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols. It is also a general-purpose cryptography library. --openssl.org “Please put OpenSSL Out of Its Misery. OpenSSL must die, for it will never get any better”**“OpenSSL is a terrible piece of software”.**“/* The aim of right-shifting md_size is so that the compiler doesn’t figure out that it can remove div_spoiler as that would require it to prove that md_size is always even, which I hope is beyond it */ div_spoiler = md_size >> 1; “ **”proven” correct”****Cryptographic building blocks**• Crypto-protocol designers • API design • Implementation programmers • Compiler design and code • Instruction set • Hardware • Million(s) of lines of code • get everything correct, then a maybe-not-exceptional • application developer can use it all without fault**“CA Trustworthiness is a joke” – internet opinion (but**not alone) TURKTRUST BILGI ILETISIM VE BILISM GUVENLIGI HIZMETLERI A.@. 8/2012 – issued bogus certificates A “one-time” mistake, “it can never happen again” ok…. Still, bottom line is that more complexity = more risk and we have complexity in spades**Openssl – the big one**NSS – Mozilla tools libreSSL – heartbleed response boringSSL – google’s version Pgp, openPGP – Pretty Good Privacy, encryption for the masses, Phil Zimmerman 1991 GPG – GNU Privacy Guard, implementation of the OpenPGP standard Kerberos – computer network authentication protocol allows proof-of-identity for devices talking over an insecure network on US Munitions List at the time due to DES Crypt/libcrypt**MIDTERM in class**Thursday 10 October 2019**Cryptography Landscape**Can you explain/combine/label/group these? DES Feistel network ZKP OTP Substitution D-H Digital signature Diffusion TRNG Symmetric encryption Elliptic Curve SHA PGP GPG X.509 AES Confusion LFSR Block cipher Galois Fields stream cipher Public Key Cryptography PKI RSA Digital Signature 3DES Trust Transposition CA MD5