The Secret Battle of Encryption Algorithms

Transcript

1. The Secret Battle of Encryption Algorithms by @amandasopkin

2. None
3. None

4. Disclaimer @amandasopkin

5. Where are we headed? @amandasopkin

6. Cryptography (bad): “The art of writing or solving codes.” @amandasopkin

7. Cryptography (better): “method of storing and transmitting data in a

   particular form so that only those for whom it is intended can read and process it.” -IEEE
8. None

9. @amandasopkin Bread and Butter of encryption

10. Encryption: encoding using a key and an encryption algorithm @amandasopkin

11. Key derivation: process for creating suitable keys for use in

    encryption @amandasopkin

12. Plain text: input in its natural form Can be stream

    of bits, text file, bitmap, etc. @amandasopkin

13. Cipher text: input that has been encrypted @amandasopkin

14. Basic process:

15. Ciphers: • Method for disguising text @amandasopkin

16. History @amandasopkin

17. 1900 BC: Cryptographic hieroglyphics @amandasopkin

18. None

19. 100 BC: Julius Caeser @amandasopkin

20. @amandasopkin

21. Documentation of Caesar Cipher:

22. Did Caesar design more complicated systems as well?

23. How effective was the Caesar Cipher?

24. How effective was the Caesar Cipher?

25. Effectiveness of Caesar Cipher: Many of Caesar’s enemies were illiterate

    Others assumed that encoded letters were in another language

26. 9th century Al Kindi (mathematician): Earliest surviving frequency analysis records

27. Letter frequencies Can be used to break a cipher

28. Letter frequencies

29. Letter frequencies Frequency of each letter in cipher Sorted from

    most common to least

30. Letter frequencies Frequencies of letters in cipher

31. Letter frequencies Standard english letter frequencies

32. Letter frequencies Most frequent letters in cipher are S and

    O

33. Substitute E and T for S and O

34. Spot instances of “tle”

35. Most common letter is now G, which must be a,

    i, or o

36. Substitute e and t for s and o and o

    for g

37. Spot oFe and theF and then Lheet

38. Spot sODVe and OK

39. Sub l for D, v for V, R for K

40. Spot enoQRh

41. Spot EesMge and Nount

42. Few more steps...

43. Solved!

44. 1500s: Vignere’s system @amandasopkin

45. None

46. here is a super secure message sups up s upsup

    supsup supsups Key = “sup”
47. None

48. here is a super secure message sups up s upsup

    supsup supsups z... .. . ..... ...... ....... Key = “sup”

49. How effective was the Vignere system?

50. How effective was the Vignere system?

51. “le chiffre indéchiffrable” until 1863 (but broken as early as

    the 16th century)

52. How was it broken?

53. The Kasiski examination: takes advantage of the fact that repeated

    words are, by chance, sometimes encrypted using the same key letters, leading to repeated groups in the ciphertext.

54. Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB The Kasiski examination:

55. Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB The Kasiski examination: Using

    the distance between repeated subsequences, the length of the key can be found.

56. Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB The Kasiski examination: Once

    length is known, if a key is N letters long then every Nth letter must have been encoded using same letter of the text

57. Vignere System and The Civil War Confederate soldiers had messages

    frequently cracked because they relied on the phrases “Complete Victory,” “Manchester Bluff” and “Come Retribution.”

58. Pro Tip: Don’t Use Easy to Guess Phrases!

59. Kerchoff’s Principle: secrecy of key @amandasopkin

60. Let’s get electric! @amandasopkin

61. 1800s: Hebern’s system @amandasopkin

62. 1800s: Hebern’s system

63. 1800s: Hebern’s system Defines a monoalphabet Rotates after each input

    is processed

64. William Friedman Hebern System vs.

65. Breaking Hebern’s system

66. Breaking Hebern’s system With each rotor, one step = one

    keypress Fastest rotor always at either end of rotor series Statistical method called kappa test applied

67. William Friedman: 1 vs. Hebern System: 0

68. How effective was Hebern’s system?

69. How effective was Hebern’s system?

70. WW1/WW2: Engima Machine @amandasopkin

71. None

72. Breakthroughs by Polish Mathematicians WW1: Engima Machine

73. Marian Rejewski

74. Marian Rejewski vs. Enigma Machine

75. Key Insights into Enigma 1. Single initial 6 letter setting

    for all messages each day 2. Chosen message key repeated in this initial setting

76. Indicator or Grundstellung = initial rotor setting

77. Indicator or Grundstellung = initial rotor setting Initial setting RAO

    3 letter message key IHL Resulting indicator from setting rotors to RAO and encoding IHL twice DQYQQT

78. Indicator: DQYQQT

79. Indicator: DQYQQT D and Q represent the same letter

80. By collecting enough messages enciphered with same indicator, a table

    could be produced:

81. Path from first letter to fourth then from that letter

    to its fourth and so on leads to cycle group

82. Path from first letter to fourth then from that letter

    to its fourth and so on leads to cycle group

83. Path from first letter to fourth then from that letter

    to its fourth and so on leads to cycle group

84. Path from first letter to fourth then from that letter

    to its fourth and so on leads to cycle group

85. Cycle group starting at A 9 (A, N, P, L,

    X, M, J, F, I, A) Cycle group starting at B 3 (B, S, Z, B) Cycle group starting at C 9 (C, Y, D, Q, W, V, O, U, G, C) Cycle group starting at E 3 (E, T, K, E) Cycle group starting at H 1 (H, H) Cycle group starting at R 1 (R, R)

86. Cycle group starting at A (A, N, P, L, X,

    M, J, F, I, A) Cycle group starting at B (B, S, Z, B) Cycle group starting at C (C, Y, D, Q, W, V, O, U, G, C) Cycle group starting at E (E, T, K, E) Cycle group starting at H (H, H) Cycle group starting at R (R, R) 1* 3 * 9 = 27 possibilities for ciphers at 1 and 4

87. Another weak link = Lazy cipher clerks! Key Insights into

    Enigma

88. Lazy cipher clerks often used same starting position i.e. “AAA”

    Key Insights into Enigma

89. Solve for indicator/day key => Factor out board permutation =>

    Commercial Enigma wiring => Rightmost rotor wiring Given a day’s traffic...

90. Solve for indicator/day key => Factor out board permutation =>

    Commercial Enigma wiring => Rightmost rotor wiring Given a day’s traffic...
91. None

92. Given a day’s traffic... Solve for indicator/day key => Factor

    out board permutation => Commercial Enigma wiring => Rightmost rotor wiring

93. Marian Rejewski: 1 vs. Enigma Machine: 0

94. Alan Turing and British efforts to crack the “Engima”

95. Using findings of Rejewski and others:

96. One Bombe = 36 Enigmas!

97. One Bombe = 36 Enigmas! 97,000 parts 12 miles of

    wiring £4,000,000 2,000 pounds 7 feet wide

98. Bombe provided several possible answers, Codebreakers narrowed it down

99. At peak, 200+ Bombe machines cracking 3,000 messages each day!

100. Shortened the war by an estimated 2 years!

101. How effective was The Engima machine?

102. How effective was The Engima machine?

103. Pro Tip: Establish a process and eliminate possible human error!

104. Let’s get some standards!

105. 1973: IBM’s Luther @amandasopkin

106. Note on block cipher encryption @amandasopkin

107. None

108. DES @amandasopkin

109. DES

110. None

111. DES Criticism @amandasopkin - Shortened key length (56 bits) -

     S-box structure

112. DES Criticism “NSA worked closely with IBM to strengthen the

     algorithm against all except brute-force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key.” -American Cryptology During the Cold War

113. DES Criticism "We sent the S-boxes off to Washington. They

     came back and were all different.” -Alan Konheim (one of the designers of DES)

114. 20 years later...

115. "It took the academic community two decades to figure out

     that the NSA 'tweaks' actually improved the security of DES." -Bruce Schneier

116. How effective was DES?

117. How effective was DES?

118. 2000: Advanced Encryption Standard (Rijndael) @amandasopkin

119. None

120. AES = 128 bits! @amandasopkin

121. Attacks on AES @amandasopkin

122. Attacks on AES => so far not practical @amandasopkin

123. Attacks on AES => so far not practical @amandasopkin

124. Attacks on [insert algorithm with x > 256 bit key

     strength here] => so far not practical @amandasopkin

125. How effective is AES?

126. How effective is AES?

127. Crypto Wars @amandasopkin

128. None

129. Key size restrictions @amandasopkin

130. 1991: Sen. Biden introduced a bill requiring providers of electronic

     communication to provide voice, data, and other content to the government when authorized by law

131. 1991: PGP (Pretty Good Privacy) @amandasopkin

132. PGP: relies on math that is difficult to reverse @amandasopkin

133. PGP = 3 keys 1. Public key 2. Private key

     3. Encrypted key that gets sent
134. None

135. 1. You generate a random key. 2. You use that

     key to encrypt your data. 3. I send you my public key. 4. My public key is used to encrypt your random key. 5. You send both the encrypted data and the encrypted random key to me. 6. I use my private key to decrypt your random key. 7. I use your random key to decrypt the data.

136. Phil Zimmerman/PGP vs. Criminal Investigation

137. Published by MIT press to allow export under 1st amendment

138. Phil Zimmerman/PGP: 1 vs. Criminal Investigation: 0

139. The end of crypto wars @amandasopkin

140. Randomness & Encryption @amandasopkin

141. 4oio342ip4o24p32o

142. 4fdslf95454

143. None
144. None

145. DUAL_EC_DRBG Controversy • 2004: Dual EC PRNG introduced

146. • 08/2007: Shumow and Ferguson present Dual_EC_DRBG flaw at cryptography

     conference DUAL_EC_DRBG Controversy

147. • 11/2007: Schneier bases article in Wired on their findings

     DUAL_EC_DRBG Controversy

148. “...would allow NSA to determine the state of the random

     number generator, and thereby eventually be able to read all data sent over the SSL connection.” DUAL_EC_DRBG Controversy
149. None

150. • 09/2013: One of the purposes of Bullrun is described

     as being "to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world." DUAL_EC_DRBG Controversy

151. • NIST recommends removal of the algorithm as a standard

     DUAL_EC_DRBG Controversy

152. • 2004: Dual EC PRNG introduced • 08/2007: Shumow and

     Ferguson present Dual_EC_DRBG flaw at cryptography conference • 11/2007: Schneier bases article in Wired on their findings DUAL_EC_DRBG Controversy

153. • 09/2013: One of the purposes of Bullrun is described

     as being "to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world." • 12/2013: Presidential advisory examines encryption standards • 2014: Standard is removed DUAL_EC_DRBG Controversy

154. Years until standard removed... 10!

155. Who did this impact? Microsoft, Google, Apple, McAfee, Docker, IBM,

     Oracle, Cisco, VMWare, Juniper, HP, Red Hat, Samsung, Toshiba, DELL, Ruckus, F5 Networks, Lenovo, Nokia, the RSA BSAFE libraries for Java and C++ and more....

156. Pro Tip: Don’t assume standardized = good

157. Modern Encryption... Where are we now?

158. Modern Encryption...

159. Modern Encryption... ?

160. Pro Tip: Often good security is not flashy

161. Common breach causes Not encrypting all the things Using cloud

     storage without pre-encrypting Using a poor random number generator

162. Cloud encryption

163. Let’s wrap up... @amandasopkin

164. Security != obscurity Process is ESSENTIAL Trust no one (kidding)

     Historical Encryption Lessons @amandasopkin

165. Something to say? Amanda Sopkin @amandasopkin

166. Thank you! @amandasopkin

167. THE END @amandasopkin

168. Sources: • Icons taken from flaticon.com • https://crypto.stackexchange.com/questions/51232/using- 32-hexadecimal-digits-vs-ascii-equivalent-16-character- password

     • https://dev.to/walker/pseudo-random-numbers-in-python-f rom-arithmetic-to-probability-distributions • Wired Magazine • The Washington Post • NYT • http://home.bt.com/tech-gadgets/cracking-the-enigma-cod e-how-turings-bombe-turned-the-tide-of-wwii-11363990654 704 • Geeks for Geeks • Crypto Corner