System Security:Cryptography Technologies
CPE 261403 - Operating Systemshttp://www.e-cpe.org/moodle
What does the fish mean?
Ichthys
User name / Password
Threat Ex: Wifi Packet Sniffers
Protection with Cryptography
Encryption and Decryption
Symmetric – Uses a shared key
Asymmetric – Added security with Public and Private keys
Symmetric Encryption
I LOVE YOU
Simple example: Add a constant to the ASCII value
J MPWF ZPVKey = 1
The EnigmaMachine German Encryption MachineFor WWI
Enigma was cracked by the Allies in WWIISome say this helped shortened WWII by two years
Some Examples Data Encryption Standard (DES)
56 bit key for every 64 bit value
Advanced Encryption Standard (AES) 256 bit key for every 128 bit value
RC4 As used in WEP (Wired Equivalent Privacy)
WPA, WPA2 (Wi-Fi Protected Access) 256 bit key
Asymmetric Encryption
Algorithm Example
Public Key = (kd, N)
Private Key = (ke, N)
N = p.q (where p, q are prime numbers) Pick kd that is < N Calculate ke where
ke.kd mod (p-1)(q-1) = 1
Example If p = 7 and q = 13 N = 7.13 = 91
Pick Kd = 5 Find Ke
Ke.5 mod (7-1)(13-1) = 1 Ke = 29
Public Key = (5, 91)Private Key = (29, 91)
Encrypting and Decrypting
Encrypt message = (input ^ ke ) mod N Decrypt message = (input ^ kd) mod N
If we want to send the number 69
Encrypted message = 69 ^ 5 mod 91 = 62
Decrypted message = 62 ^ 29 mod 91 = 69
*Note: number must < N
Notes
In reality p and q can be 512 bits each
Case Study:SSL (Secure Socket Layer Protocol)
An Online Bank Example
BrowserSCBServer
Request Secure Connection (HTTPS)
Sends a Public Key
Encrypt & Send Login/Password
Is there a problem with this method?Yes. A fake web site can also send a public key
SSL Certificate Verification
BrowserSCBServer
Request SSL
Sends key + Certificate
Verify
SSL Protocol
BrowserSCBServer
Request SSL
Sends key + Certificate
Verify
Encrypt + send user/password
Ok. Now the client can send secure info to the server.But how can the bank send secure information to the client?
SSL Protocol
BrowserSCBServer
Request SSL
Sends key + Certificate
Verify
Sends client’s public key
Do we need to verify the Server’s second response?Yes. But now it is easier.
Data encrypted with client’s public key
SSL Protocol
BrowserSCBServer
Request SSL
Sends key + Certificate
Verify
Sends client’s public key
If the client can de-crypt the data with the server’s public keyIt verifies that data is sent from the server.
Data encrypted with client’s public key
Encrypt with server’s private key
BrowserSCBServer
SSL Protocol
Data encrypted with client’s public key
Encrypt with server’s private key
Double encryption is too much work. Can we optimize?
Browser withNew (pub/pri) keys Server with
New (pub/pri) keys
SSL Protocol
Send a new public key
Encrypt with server’s private key
Yes. The server can send a new set of keys for future use
Secure Data
Secure Data
Encrypt with the new public key
Encrypt with the new private key
Encrypt with the client’s public key
Summary
BrowserSCBServer
Request SSL
Sends key + Certificate
Verify
Sends client’s public key
Send new pub key
Secure Data
Secure Data
Encryption is a cat & mouse game
Encryption is becoming more complex (64bits, 128bits, …, 512bits, …, ?)
Relies on Mathematical Models. Can be cracked.
Never fully trust that your data is safe with encryption