Pigeons to Padlocks: 5000 years of Network Security

Transcript

1. Luke Crouch speakerdeck.com/groovecoder Pigeons to padlocks 5,000 years of data

   network security

2. About Me: Luke • Not a networking expert
 • Web

   dev who got into Security
 • Always been scared of cryptography

3. The Code Book Simon Singh

4. None

5. Early History of Data Network Gerard Holzmann Bjorn Pehrson

6. None

7. • Focus on networking • 5000 years of networking in

   35 minutes • Don’t take notes • Slides are at speakerdeck.com/groovecoder

8. 5000 years in 35 minutes • Intro & CIA model

   • Beacons • Messengers • Hydraulic Telegraph • Torch Telegraphs • Optical/Semaphore Telegraph Networks • Electric Telegraphs • Telephone Network • Internet & HTTPS

9. 5000 years in 40 minutes • Intro & CIA (Con

   fi dentiality, Integrity, Availability) • Beacons • Messengers • Hydraulic Telegraph • Torch Telegraphs • Optical/Semaphore Telegraph Networks • Electric Telegraphs • Telephone Network • Internet & HTTPS

10. Computers and the Internet Khan Academy

11. Computers and the Internet Khan Academy

12. None
13. None
14. None
15. None
16. None
17. None
18. None
19. None
20. None
21. None

22. Confidentiality Integrity Availability

23. Confidentiality

24. Confidentiality 🤣

25. Confidentiality 🤣 Integrity

26. Confidentiality 🤣 Integrity 🔥

27. Confidentiality 🤣 Integrity Availability 🔥

28. Confidentiality 🤣 Integrity Availability 👫 🏕 🔥 🔥

29. Single bit of pre-determined data

30. 1 bit in 28,000s = 0.00000003 Mbps

31. άτ&τ

32. None
33. None
34. None
35. None

36. 680,000 bits in 324,000s

37. Bits latency (seconds) Fire beacons 1 28,000 Messenger Network 680,000

    324,000

38. Bits latency (seconds) Bandwidth (bps) Fire beacons 1 28,000 0.00003

    Messenger Network 680,000 324,000 2.09

39. Confidentiality Integrity Availability

40. Confidentiality

41. Easy to memorize key JULIUS CAESAR
 JULISCAER

42. Easy to memorize key Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR
 JULISCAER

43. None

44. Confidentiality

45. Confidentiality Integrity

46. By Fæ, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=11044638

47. Confidentiality Integrity 🧧

48. Confidentiality Integrity 🧧 Availability

49. None

50. Confidentiality 🤣 Integrity 🔥 Availability 🏕 🧧

51. None
52. None

53. Confidentiality Integrity 🧧 Availability 🏃🐦 🐎💩

54. Bits latency (seconds) Bandwidth (bps) Fire beacons 1 28,000 0.00003

    Messenger Relay Network 680,000 324,000 2.09

55. Telegraphs

56. https://en.wikipedia.org/wiki/Hydraulic_telegraph

57. https://en.wikipedia.org/wiki/Hydraulic_telegraph

58. https://www.alamy.com/hydraulic-telegraph-image222560368.html

59. https://www.youtube.com/watch?v=Az28Hsne-nI

60. https://en.wikipedia.org/wiki/Hydraulic_telegraph

61. None
62. None

63. Confidentiality Integrity Availability

64. Confidentiality 🤷

65. Confidentiality Integrity 🚰 🤷

66. Confidentiality Integrity 🚰 Availability 🔥 🤷

67. https://www.alamy.com/stock-photo-ancient-greek-historian-polybius-c-200-c-118-bc-working-on-the-polybius-82936980.html

68. https://en.wikipedia.org/wiki/Polybius_square

69. https://en.wikipedia.org/wiki/Polybius_square

70. https://en.wikipedia.org/wiki/Polybius_square

71. https://en.wikipedia.org/wiki/Polybius_square

72. https://en.wikipedia.org/wiki/Polybius_square

73. https://en.wikipedia.org/wiki/Polybius_square

74. https://en.wikipedia.org/wiki/Polybius_square

75. https://en.wikipedia.org/wiki/Polybius_square

76. https://en.wikipedia.org/wiki/Polybius_square

77. Character set

78. None

79. https://www.joelonsoftware.com/2003/10/08/the-absolute-minimum-every-software-developer-absolutely-positively-must-know-about-unicode-and-character-sets-no-excuses/

80. None
81. None
82. None
83. None

84. Header Header Data Data

85. Scytale, ~700 BCE - 120 AD Algorithm Wrap message around

    a cylinder Key Diameter of cylinder
86. None

87. Confidentiality Integrity

88. Confidentiality Integrity ✅

89. Confidentiality Integrity Availability 🔥🏕 ✅

90. https://www.alamy.com/stock-photo-ancient-greek-historian-polybius-c-200-c-118-bc-working-on-the-polybius-82936980.html

91. None
92. None
93. None
94. None

95. https://en.wikipedia.org/wiki/Claude_Chappe

96. None
97. None

98. https://en.wikipedia.org/wiki/Claude_Chappe

99. https://en.wikipedia.org/wiki/Claude_Chappe

100. https://en.wikipedia.org/wiki/Claude_Chappe

101. https://en.wikipedia.org/wiki/Claude_Chappe Paris

102. https://en.wikipedia.org/wiki/Claude_Chappe Paris

103. https://en.wikipedia.org/wiki/Claude_Chappe Paris

104. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

105. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

106. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

107. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

108. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

109. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

110. https://en.wikipedia.org/wiki/Claude_Chappe Paris Strasbourg

111. None

112. Header

113. Header Data

114. Header Data Footer

115. None
116. None

117. Header Data

118. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality Integrity Availability

119. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality

120. None
121. None

122. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality

123. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality Integrity

124. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality Integrity ✅

125. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality Integrity ✅ Availability

126. https://en.wikipedia.org/wiki/Claude_Chappe Confidentiality Integrity ✅ Availability 🌫 ⛈ 🌌 ⏳

127. None
128. None
129. None
130. None

131. https://letstalkscience.ca/educational-resources/interactives/telegraph-key

132. https://letstalkscience.ca/educational-resources/interactives/telegraph-key

133. None
134. None

135. Confidentiality

136. None

137. Confidentiality Integrity ✅

138. Confidentiality Integrity ✅ Availability ⚡ 🌫 ✅ ⛈ ✅ 🌌

     ✅ 🌐

139. https://en.wikipedia.org/wiki/Timeline_of_North_American_telegraphy

140. None
141. None

142. https://tb-manual.torproject.org/managing-identities/

143. None
144. None
145. None
146. None
147. None
148. None
149. None
150. None

151. Confidentiality Integrity Availability

152. Confidentiality 🙃

153. Confidentiality 🙃 Integrity 🗣

154. Confidentiality 🙃 Integrity 🗣 Availability ⚡ 🌫 ✅ ⛈ ✅

     🌌 ✅ 🌐
155. None
156. None
157. None
158. None
159. None
160. None

161. https://mikkegoes.com/computer-science-binary-code-explained/

162. https://medium.com/@yakupcengiz/character-encoding-ascii-unicode-utf-8-3c072d9e77dd

163. None
164. None
165. None
166. None

167. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:routing-with-redundancy/a/ip-packets

168. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:routing-with-redundancy/a/ip-packets

169. None
170. None
171. None

172. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:routing-with-redundancy/a/ip-packets

173. https://www.rfc-editor.org/rfc/rfc791

174. https://www.rfc-editor.org/rfc/rfc791#section-3.1

175. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:routing-with-redundancy/a/ip-packets

176. None

177. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:transporting-packets/a/transmission-control-protocol--tcp

178. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:transporting-packets/a/transmission-control-protocol--tcp

179. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:transporting-packets/a/transmission-control-protocol--tcp

180. https://www.rfc-editor.org/rfc/rfc793

181. https://www.rfc-editor.org/rfc/rfc793#section-3.1

182. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:transporting-packets/a/transmission-control-protocol--tcp

183. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:transporting-packets/a/transmission-control-protocol--tcp

184. https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:transporting-packets/a/transmission-control-protocol--tcp

185. http://www.example.com/index.html https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:web-protocols/a/hypertext-transfer-protocol-http

186. http://www.example.com/index.html GET /index.html HTTP/1.1 Host: www.example.com 93.184.216.34 https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7

     ff 015e7d:web-protocols/a/hypertext-transfer-protocol-http

187. http://www.example.com/index.html GET /index.html HTTP/1.1 Host: www.example.com 93.184.216.34 https://www.rfc-editor.org/rfc/rfc1035

188. http://www.example.com/index.html GET /index.html HTTP/1.1 Host: www.example.com 93.184.216.34 https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7

     ff 015e7d:web-protocols/a/hypertext-transfer-protocol-http

189. http://www.example.com/index.html https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:web-protocols/a/hypertext-transfer-protocol-http http://www.example.com/index.html

190. http://www.example.com/index.html GET /index.html HTTP/1.1 Host: www.example.com 93.184.216.34 https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7

     ff 015e7d:web-protocols/a/hypertext-transfer-protocol-http

191. GET /index.html HTTP/1.1 Host: www.example.com 93.18 https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff

     015e7d:web-protocols/a/hypertext-transfer-protocol-http

192. http://www.example.com/index.html HTTP/1.1 200 OK ... 93.184.216.34 https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff

     015e7d:web-protocols/a/hypertext-transfer-protocol-http

193. HTTP/1.1 200 OK ... 93.18 https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7 ff 015e7d:the-internet/xcae6f4a7 ff 015e7d:web-protocols/a/hypertext-transfer-protocol-http

194. HTTP/1.1 200 OK ... 93.18 https://www.rfc-editor.org/rfc/rfc2616

195. None
196. None
197. None
198. None

199. Confidentiality Integrity Availability

200. Confidentiality Integrity Availability 🌎🌍🌏 🔌 📡 💻📱 ⏱

201. Confidentiality Integrity Availability 🌎🌍🌏 🔌 📡 💻📱 ⏱ ✅ 🔁

     ✉
202. None

203. Wireshark demo

204. Confidentiality Integrity Availability 🌎🌍🌏 🔌 📡 💻📱 ⏱ ✅ 🔁

     ✉ 📶 👀

205. Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ Defend the East wall

     ISCSYI HES SJGH NJWW

206. Plain alphabet: 01100001 01100010 01100011 01100100 01100101 01100110 01100111 01101000

     01101001 01101010 01101011 01101100 01101101 01101110 01101111 01110000 01110001 01110010 01110011 01110100 01110101 01110110 01110111 01111000 01111001 01111010 Cipher alphabet: 01101010 01110101 01101100 01101001 01110011 01100011 01100001 01100101 01110010 01110100 01110110 01110111 01111000 01111001 01111010 01100010 01100100 01100110 01100111 01101000 01101011 01101101 01101110 01101111 01110000 01110001 01000100 01100101 01100110 01100101 01101110 01100100 00100000 01110100 01101000 01100101 00100000 01100101 01100001 01110011 01110100 00100000 01110111 01100001 01101100 01101100 01001001 01010011 01000011 01010011 01011001 01001001 00100000 01001000 01000101 01010011 00100000 01010011 01001010 01000111 01001000 00100000 01001110 01001010 01010111 01010111
207. None
208. None
209. None
210. None

211. XOR

212. None

213. S-Box

214. S-Box

215. None
216. None
217. None
218. None
219. None

220. AES

221. https://www.devglan.com/online-tools/aes-encryption-decryption

222. Confidentiality Integrity Availability 🌎🌍🌏 🔌 📡 💻📱 ⏱ ✅ 🔁

     ✉ 🔒
223. None
224. None
225. None
226. None

227. New Directions in Cryptography 1976

228. Alice, Bob, and Eve • Alice needs to send secret

     data to Bob • They need to share a secret key • They only have public Internet between them • i.e., “Eve is always eavesdropping” • How can they share a secret, but NOT share it with Eve?

229. Diffie-Hellman Key Exchange

230. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1

231. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1

232. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1

233. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1

234. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1

235. None

236. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1

237. Diffie-Hellman Key Exchange Algorithms • Modular arithmetic • Eliptic Curves

     • Galois Fields • Lattices • Note: quantum-safe

238. AES

239. None
240. None

241. Confidentiality Integrity Availability 🌎🌍🌏 🔌 📡 💻📱 ⏱ ✅ 🔁

     ✉ 🔒
242. None
243. None

244. Practical advice for devs

245. Don’t invent your own networking 


246. Don’t invent your own networking 
 use mature, popular protocols

247. None
248. None

249. Don’t invent your own crypto 


250. Don’t invent your own crypto 
 use mature, popular libraries

251. None
252. None

253. Bulletproof TLS and PKI Ivan Ristić

254. None
255. None
256. None

257. Questions? • CIA model • Beacons • Messengers • Hydraulic

     Telegraph • Torch Telegraph • Optical Semaphore Telegraph • Electric Telegraph • Telephone Network • Internet & HTTPS • Let’s Encrypt • MDN HTTP Observatory • Math?
258. None
259. None
260. None
261. None
262. None

263. Wireshark demo

264. GET / HTTP/1.1 
 Host: example.com

265. GET / HTTP/1.1 
 Host: example.com

266. None
267. None

268. GET / HTTP/1.1 
 Host: example.com

269. None
270. None
271. None
272. None
273. None
274. None
275. None

276. Math Appendix: Modular Arithmetic

277. None

278. And in MATH! , we have some 1-way functions!

279. Modular Arithmetic aka “Clock” arithmetic https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem

280. To fi nd 46 mod 12 … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem

281. Wrap a cord 46 “hours” long around a 12-hour clock

     … … and it ends on 10

282. Easy to perform … 46 mod 12 is “congruent” to

     10 generator Modulus

283. ? mod 12 ≡ 10 … hard to reverse

284. ? mod 12 ≡ 10 22 mod 12 ≡ 10

     34 mod 12 ≡ 10 46 mod 12 ≡ 10 58 mod 12 ≡ 10 70 mod 12 ≡ 10 .. mod 12 ≡ 10 … impossible to reverse!

285. … impossible for recipient too!

286. Alice picks an exponent https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Prime Modulus “n”

     generator “g”

287. Alice keeps her exponent secret https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Prime Modulus

     “n” generator “g”

288. “Discrete Logarithm” problem https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2

289. “Discrete Logarithm” problem Have to resort to “brute force” guessing

     the exponent

290. For small numbers, it’s easy, but not for a large

     prime modulus. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2

291. How can we turn that single exponent secret into 2

     secrets?

292. “Commutative” Arithmetic: 
 Order of operands doesn’t matter 3 +

     5 5 + 3 = = 8 3 * 5 = = 15 5 * 3

293. “Commutative” Arithmetic: 
 Order of operands doesn’t matter 323 332

     = = 729 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3

294. Alice and Bob publicly agree on a generator and prime

     modulus https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2

295. Alice picks a private number, and sends the result to

     Bob https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2

296. Bob picks a private number, and sends the result to

     Alice https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2

297. Now the cool part … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2

298. Alice raises Bob’s result to her private exponent and gets

     10

299. Bob raises Alice’s mixture to his private exponent and also

     gets 10!

300. Because their results were calculated from the shared public generator

     and prime modulus

301. So, they did the same calculation with exponents in different

     order, which doesn’t affect the result