15. Terminology
Other actors (the bad guys):
• Eve (eavesdropper, does not change the
message)
• Mallory (malicious attacker, changes the
message aka: man-in-the-middle)
16. Terminology
Plaintext
The data that needs to be encrypted. Your “message”
17. Terminology
Ciphertext
The output from after encrypting the message. The actual data that is send over to Bob.
18. Terminology
Cipher
The algorithm used for converting a plaintext into a ciphertext and/or vice versa
19. Terminology
key
A block of data that is used as a parameter into a cipher for either encryption or decryption
$ciphertext = cipher($message, $key)
$message = cipher($ciphertext, $key)
20. Terminology
Encryption
In cryptography, encryption is the process of transforming information (referred to as plaintext) using an
algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually
referred to as a key.
Wikipedia says so, so it must be true..
http://en.wikipedia.org/wiki/Encryption
21. Bad encryptions
Before we look at
good encryptions,
let’s take a look at
some bad ones...
http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/
22. Bad encryptions
“algorithm”:
A = 1, B = 2, C = 3, ...., Z = 26
23. Bad encryptions
“algorithm”:
A = 1, B = 2, C = 3, ...., Z = 26
Encrypted message:
12, 1, 13, 5
24. Bad encryptions
“algorithm”:
A = 1, B = 2, C = 3, ...., Z = 26
Encrypted message:
12, 1, 13, 5
=
L, A, M, E
25. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
m = m + k mod 26
26. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
m = m + k mod 26
Message (key=1): M B N F
27. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
m = m + k mod 26
Message (key=1): M B N F
Message (key=-1): K Z L D
28. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
m = m + k mod 26
Message (key=1): M B N F
Message (key=-1): K Z L D
Message (key=26): L A M E
29. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
m = m + k mod 26
Message (key=1): M B N F
Message (key=-1): K Z L D
Message (key=26): L A M E
Message (key=0): L A M E
30. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
m = m + k mod 26
Message (key=1): M B N F
Message (key=-1): K Z L D
Message (key=26): L A M E
Message (key=0): L A M E
Message (key=13): Y N Z R (ROT13)
31. Bad encryptions
Caesar cipher:
A = (A + key) mod 26,
B = (B + key) mod 26
....
Z = (Z + key) mod 26
or:
A-1 = Z
m = m + k mod 26 Z+1 = A
wraparound
Message (key=1): M B N F
Message (key=-1): K Z L D
Message (key=26): L A M E
Message (key=0): L A M E
Message (key=13): Y N Z R (ROT13)
33. Possible problems
when dealing with those simple encryption algorithms
• Key is too simple (easy to guess, brute force)
34. Possible problems
when dealing with those simple encryption algorithms
• Key is too simple (easy to guess, brute force)
• Key has to be send to Bob (so everybody knows
the key, unless it too has been encrypted)
35. Possible problems
when dealing with those simple encryption algorithms
• Key is too simple (easy to guess, brute force)
• Key has to be send to Bob (so everybody knows
the key, unless it too has been encrypted)
• Deterministic (same input generates always same
output)
36. Possible problems
when dealing with those simple encryption algorithms
• Key is too simple (easy to guess, brute force)
• Key has to be send to Bob (so everybody knows
the key, unless it too has been encrypted)
• Deterministic (same input generates always same
output)
• Prone to frequency analysis
38. Frequency Analysis
• The usage of every letter in the English (or
any other language) can be represented by
a percentage.
39. Frequency Analysis
• The usage of every letter in the English (or
any other language) can be represented by
a percentage.
• ‘E’ is used 12.7% of the times in english
texts, the ‘Z’ only 0.074%.
40. Edgar Allan Poe
“the raven”
http://www.gutenberg.org/cache/epub/14082/pg14082.txt
41. Edgar Allan Poe
“the raven”
http://www.gutenberg.org/cache/epub/14082/pg14082.txt
42. Let’s analyze:
A small bit of text can result in differences, but still there
are some letters we can deduce..
43. Let’s analyze:
A small bit of text can result in differences, but still there
are some letters we can deduce..
44. More text: better matching
We can deduce almost all letters just without even
CARING about the crypto algorithm used.
45. Frequency analysis
This is not only true for single letters, but can also be
used for complete text sentences.
46. Frequency analysis
Frequency analysis made it possible
to crack the nazi’s WW2 “enigma”
encryption machine:
http://plus.maths.org/issue34/features/ellis/ http://upload.wikimedia.org/wikipedia/commons/a/ae/Enigma.jpg
47. Frequency analysis
Frequency analysis made it possible
to crack the nazi’s WW2 “enigma”
encryption machine:
“An die gruppe”
http://plus.maths.org/issue34/features/ellis/ http://upload.wikimedia.org/wikipedia/commons/a/ae/Enigma.jpg
48. Frequency analysis
Frequency analysis made it possible
to crack the nazi’s WW2 “enigma”
encryption machine:
“An die gruppe”
“Keinebesondere Ereignisse”
http://plus.maths.org/issue34/features/ellis/ http://upload.wikimedia.org/wikipedia/commons/a/ae/Enigma.jpg
49. Frequency analysis
Frequency analysis made it possible
to crack the nazi’s WW2 “enigma”
encryption machine:
“An die gruppe”
“Keinebesondere Ereignisse”
And, off course:
http://plus.maths.org/issue34/features/ellis/ http://upload.wikimedia.org/wikipedia/commons/a/ae/Enigma.jpg
50. Frequency analysis
Frequency analysis made it possible
to crack the nazi’s WW2 “enigma”
encryption machine:
“An die gruppe”
“Keinebesondere Ereignisse”
And, off course:
“Heil Hitler”
http://plus.maths.org/issue34/features/ellis/ http://upload.wikimedia.org/wikipedia/commons/a/ae/Enigma.jpg
54. Good encryptions
• Have “open” algorithms.
• Have (strong) mathematical proof.
• Knowing the algorithm doesn’t mean you
can encrypt or decrypt with the key.
57. Encryption
• Previous (bad) examples where
symmetrical encryptions.
• Key is used for both encryption and
decryption (2-way street)
58. Encryption
• Previous (bad) examples where
symmetrical encryptions.
• Key is used for both encryption and
decryption (2-way street)
• Good symmetrical encryptions: AES,
Blowfish, (3)DES
61. Asymmetrical encryption
It is NOT possible to decrypt the message with the
key that is used for encryption. This is an very
IMPORTANT property for various reasons.
64. Asymmetrical encryption
• Can be used for encryption
• Can be used for validation and authentication (is
the sender REALLY the sender and is the data not
tampered with) (Signing)
65. Comparison
Symmetrical Asymmetrical
✓ Quick ✓ no need to send over the key
✓ Not resource intensive ✓ can be used for encryption
and validation (signing)
✓ Useful for small (but not
too) and large messages ✗ very resource intensive
✗ Need to send over the key ✗ only useful for small messages
to the other side.
66. So let’s combine both:
Use symmetrical for the (large) message and
encrypt the key with asymmetrical encryption.
67. Hybrid encryption
✓ Quick
✓ Not resource intensive
✓Useful for small and large
messages
✓ Safely exchange key data
+
68. But we’re not talking about
hybrid encryption
(at least, not yet)
73. What is it?
• Asymmetrical encryption
• Uses a key-pair: private key + public key
74. What is it?
• Asymmetrical encryption
• Uses a key-pair: private key + public key
• Can be used for both encryption and
validation (signing)
75. What is it?
• Asymmetrical encryption
• Uses a key-pair: private key + public key
• Can be used for both encryption and
validation (signing)
• Keys should be very large
76. What is it?
• Asymmetrical encryption
• Uses a key-pair: private key + public key
• Can be used for both encryption and
validation (signing)
• Keys should be very large
• Deterministic, so use with caution
77. Myths
• Key length doesn’t say anything about
security when comparing different
encryptions.
AES256 (256bit) > RSA 1024bit
78. How does it work?
• Public key encryption works on the
premise that it is almost impossible to
(quickly) refactor a large primes back into 2
separate other primes
• But there is no proof that it’s IMPOSSIBLE
to do it quickly.
79. So are we just gambling?
http://farm1.static.flickr.com/43/80125882_3347a3ab46_z.jpg
80. Not really, but there are flaws
http://farm1.static.flickr.com/43/80125882_3347a3ab46_z.jpg
81. Not really, but there are flaws
• There is no proof that it’s impossible to
refactor quickly (all tough it doesn’t look
plausible)
• Brute-force decrypting is always lurking
around (quicker machines, better
algorithms).
• Good enough today != good enough
tomorrow.
87. - p = (large) prime number
- q = (large) prime number (but not too close to p)
88. - p = (large) prime number
- q = (large) prime number (but not too close to p)
- n = p . q (= bit length of the rsa-key)
89. - p = (large) prime number
- q = (large) prime number (but not too close to p)
- n = p . q (= bit length of the rsa-key)
- φ = (p-1) . (q-1) (the φ thingie is called phi)
90. - p = (large) prime number
- q = (large) prime number (but not too close to p)
- n = p . q (= bit length of the rsa-key)
- φ = (p-1) . (q-1) (the φ thingie is called phi)
- e = 1 < φ < gcd(e, φ)
91. - p = (large) prime number
- q = (large) prime number (but not too close to p)
- n = p . q (= bit length of the rsa-key)
- φ = (p-1) . (q-1) (the φ thingie is called phi)
- e = 1 < φ < gcd(e, φ)
- d = 1 < d < φ and e.d = 1 (mod φ)
92. - p = (large) prime number
- q = (large) prime number (but not too close to p)
- n = p . q (= bit length of the rsa-key)
- φ = (p-1) . (q-1) (the φ thingie is called phi)
- e = 1 < φ < gcd(e, φ)
- d = 1 < d < φ and e.d = 1 (mod φ)
- public key = (n, e)
93. - p = (large) prime number
- q = (large) prime number (but not too close to p)
- n = p . q (= bit length of the rsa-key)
- φ = (p-1) . (q-1) (the φ thingie is called phi)
- e = 1 < φ < gcd(e, φ)
- d = 1 < d < φ and e.d = 1 (mod φ)
- public key = (n, e)
- private key = (n, d)
101. Math example
Step 2: create modulus n and create phi
P = 11
Q=3
N=?
Phi = ?
E=?
D=?
102. Math example
Step 2: create modulus n and create phi
• n = p . q = 11 . 3 = 33
P = 11
Q=3
N=?
Phi = ?
E=?
D=?
103. Math example
Step 2: create modulus n and create phi
• n = p . q = 11 . 3 = 33
• phi = (p-1) . (q-1) = 10 . 2 = 20
P = 11
Q=3
N=?
Phi = ?
E=?
D=?
104. Math example
P = 11
Q=3
N = 33
Phi = 20
E=?
D=?
105. Math example
Step 3: choose public exponent e
P = 11
Q=3
N = 33
Phi = 20
E=?
D=?
106. Math example
Step 3: choose public exponent e
• Use a Fermat prime for easy calculations:
3, 17 or 65537
P = 11
Q=3
N = 33
Phi = 20
E=?
D=?
107. Math example
Step 3: choose public exponent e
• Use a Fermat prime for easy calculations:
3, 17 or 65537
• e=3
P = 11
Q=3
N = 33
Phi = 20
E=?
D=?
108. Math example
Step 3: choose public exponent e
• Use a Fermat prime for easy calculations:
3, 17 or 65537
• e=3
• check gdc(e, p-1) = 1 =>
gdc(3, 10) = 1 (no common factors P = 11
except for 1) Q=3
N = 33
Phi = 20
E=?
D=?
109. Math example
P = 11
Q=3
N = 33
Phi = 20
E=3
D=?
110. Math example
Step 3: check gdc(e, phi) = 1
• gdc(3, 20) = 1 (there are no common
factors except for 1)
P = 11
Q=3
N = 33
Phi = 20
E=3
D=?
111. Math example
P = 11
Q=3
N = 33
Phi = 20
E=3
D=?
127. Math example
That’s it:
• public key = (n, e) = (33, 3)
• private key = (n, d) = (33, 7)
P = 11
Q=3
N = 33
Phi = 20
E=3
D=7
128. Math example
The actual math is much more complex,
since we use large, very large numbers, but it
all comes down to these (relatively simple)
calculations..
129. Encrypting and decrypting
Encrypting a message:
• c = me mod n
Decrypting a message:
• m = cd mod n
130. Encrypting and decrypting
Encrypting a message (private key = (n,e) = (33, 7):
• c = me mod n
• message = 10, 20, 15, 5
c = 10^7 mod 33 = 10
c = 20^7 mod 33 = 26
c = 15^7 mod 33 = 27
c = 5^7 mod 33 =14
c = 10, 26, 27, 14 (Note: these are not ascii values or any kind. These are integers!)
131. Encrypting and decrypting
Decrypting a message (public key = (n,d) = (33, 3):
• m = cd mod n
• c = 10, 26, 27, 14
m = 10^3 mod 33 = 10
m = 26^3 mod 33 = 20
m = 27^3 mod 33 = 15
m = 14^3 mod 33 =5
m = 10, 20, 15, 5
134. RSA Messages
• A message must be between 2 and n-1.
• A message is an “int”, not a block of data.
135. PKCS#1
• Public Key Cryptography Standard #1
• Pads data with (random) bytes up to n bits
in length
136. PKCS#1
Bob's 1024-bit RSA encryption key in hex format:
n=
A9E167983F39D55FF2A093415EA6798985C8355D9A915BFB1D01DA197026170F
BDA522D035856D7A986614415CCFB7B7083B09C991B81969376DF9651E7BD9A9
3324A37F3BBBAF460186363432CB07035952FC858B3104B8CC18081448E64F1C
FB5D60C4E05C1F53D37F53D86901F105F87A70D1BE83C65F38CF1C2CAA6AA7EB
e=010001 (65537)
d=
67CD484C9A0D8F98C21B65FF22839C6DF0A6061DBCEDA7038894F21C6B0F8B35
DE0E827830CBE7BA6A56AD77C6EB517970790AA0F4FE45E0A9B2F419DA8798D6
308474E4FC596CC1C677DCA991D07C30A0A2C5085E217143FC0D073DF0FA6D14
9E4E63F01758791C4B981C3D3DB01BDFFA253BA3C02C9805F61009D887DB0319
Data =4E636AF98E40F3ADCFCCB698F4E80B9F
The encoded message block, EB, after encoding but before encryption, with random padding bytes shown in green,
0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009
E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038
B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF
4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F
After RSA encryption, the output is
3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5
8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621
EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E
609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes
138. Signing a message
• Signing a message means adding a signature
that authenticates the validity of a message.
139. Signing a message
• Signing a message means adding a signature
that authenticates the validity of a message.
• Like md5 or sha1, so when the message
changes, so should the signature.
140. Signing a message
• Signing a message means adding a signature
that authenticates the validity of a message.
• Like md5 or sha1, so when the message
changes, so should the signature.
• This works on the premise that Alice and
only Alice has the private key that can
encrypt the hash.
144. Signing a message
• message m
• Alice gets Bob’s public key
• Alice encrypts message m into c
145. Signing a message
• message m
• Alice gets Bob’s public key
• Alice encrypts message m into c
• Alice calculates the hash of m (Hm)
146. Signing a message
• message m
• Alice gets Bob’s public key
• Alice encrypts message m into c
• Alice calculates the hash of m (Hm)
• Alice encrypts the hash with Alice’s private
key => c(Hm)
147. Signing a message
• message m
• Alice gets Bob’s public key
• Alice encrypts message m into c
• Alice calculates the hash of m (Hm)
• Alice encrypts the hash with Alice’s private
key => c(Hm)
• Alice sends c + c(Hm)
150. Signing a message
• Bob receives c + c(Hm)
• Bob decrypts c into m with it’s private key
151. Signing a message
• Bob receives c + c(Hm)
• Bob decrypts c into m with it’s private key
• Bob decrypts c(Hm) into Hm with Alice’s public
key
152. Signing a message
• Bob receives c + c(Hm)
• Bob decrypts c into m with it’s private key
• Bob decrypts c(Hm) into Hm with Alice’s public
key
• Bob checks Hm against hash(m)
153. Signing a message
• Bob receives c + c(Hm)
• Bob decrypts c into m with it’s private key
• Bob decrypts c(Hm) into Hm with Alice’s public
key
• Bob checks Hm against hash(m)
• If equal, we know alice has send the message
AND the message content is not tampered
with.
154. Implementations of public key
algorithms in real life.
http://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpg
155. public key encryption in
Web communication
(aka: I never use my credit card for internet purchases. It’s not safe.
Instead, I give it to the waiter who walks away with it to the kitchen for 5 minutes..)
156. Back in time
Welcome to 1991: HTTP is plaintext.
Everybody can be trusted. This page is under
construction, here’s a photo of my cat and a
link to geocities.
166. HTTPS
• Actual encryption methodology is decided
by the browser and the server (highest
possible encryption used).
• Symmetric encryption (AES-256, others)
• But both sides needs the same key, so we
have the same problem as before: how do we
send over the key?
168. HTTPS
• Key is exchanged in a public/private
encrypted communication.
169. HTTPS
• Key is exchanged in a public/private
encrypted communication.
• Which public and private key?
170. HTTPS
• Key is exchanged in a public/private
encrypted communication.
• Which public and private key?
• They are stored inside the server’s SSL
certificate
173. HTTPS
• Browser sends over it’s encryption methods.
• Server decides which one to use.
174. HTTPS
• Browser sends over it’s encryption methods.
• Server decides which one to use.
• Server send certificate(s).
175. HTTPS
• Browser sends over it’s encryption methods.
• Server decides which one to use.
• Server send certificate(s).
• Client sends “session key” encrypted by the
public key found in the server certificate.
176. HTTPS
• Browser sends over it’s encryption methods.
• Server decides which one to use.
• Server send certificate(s).
• Client sends “session key” encrypted by the
public key found in the server certificate.
• Server and client uses the “session key” for
symmetrical encryption.
178. HTTPS
• Thus: Public/private encryption is only used
in establishing a secondary
(better!?)encryption.
• SSL/TLS is a separate talk (It’s way more
complex as this)
179. HTTPS
• Myths about self-signed certificates:
• HTTPS traffic is ALWAYS(*) encrypted no
matter if the certificate is self-signed or not.
• Self-signed certificates are NOT less safe
than (expensive) signed certificates.
• They are just annoying for end-users.
180. HTTPS
• Myths about self-signed certificates:
• HTTPS traffic is ALWAYS(*) encrypted no
matter if the certificate is self-signed or not.
• Self-signed certificates are NOT less safe
than (expensive) signed certificates.
• They are just annoying for end-users.
181. public key encryption in
Email communication
(aka: the worst communication method invented when it comes to privacy or secrecy, except for yelling)
182. SMTP sucks
but it didn’t matter back then.
If you had a beard, you could be trusted.
http://farm1.static.flickr.com/179/375718254_31e1d7b5d3.jpg
183. Nowadays, not so much
http://torontoemerg.files.wordpress.com/2010/09/spam.gif http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpg
187. Questions:
• Did Bill really send this email?
• Do we know for sure that nobody has read
this email (before it came to us?)
188. Questions:
• Did Bill really send this email?
• Do we know for sure that nobody has read
this email (before it came to us?)
• Do we know for sure that the contents of
the message isn’t tampered with?
189. We can answer these questions positively if
Bill had signed and encrypted his email with a
public key encryption (didn’t he got the
memo?)
192. Introduction a pretty-good-privacy
• GPG / PGP: Lets you create asymmetrical
keys for signing and/or encrypting data (or
email).
• Public keys can be send / found on PGP-
servers so you don’t need to send your
keys to everybody all the time.
195. But beware:
Stupidity trumps
everything:
Don’t loose your
private key(s)
(as I did on multiple occasions)
http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpg
198. Advantages
• Everybody can send emails that ONLY YOU
can read.
• Everybody can verify that YOU have send
the email and that it is authentic.
199. Advantages
• Everybody can send emails that ONLY YOU
can read.
• Everybody can verify that YOU have send
the email and that it is authentic.
• Why is this not the standard? (No really: why isn’t it?)
200. Advantages
• Everybody can send emails that ONLY YOU
can read.
• Everybody can verify that YOU have send
the email and that it is authentic.
• Why is this not the standard? (No really: why isn’t it?)
• Try it yourself with Thunderbird’s Enigmail
extension.
201. other fields
PGP / GPG
(encrypt / decrypt sensitive data)
OpenSSH
(Secure connection to other systems)
IPSEC
(VPN tunnels)
203. Thank you
And thanks to all creative commons
contributors on flickr.com
Joshua Thijssen
http://www.adayinthelifeof.nl
jthijssen@4worx.com
Twitter: @jaytaph
