uBlvIcM6yK1QPzmsT7YqcmKOwBwaGDNIwcvEOSr4jor
‘Encryption’RICK JEFFRIES
NEBRASKA HIMSS 2019 SPRING MEETING
NEBRASKA HIMSS 2019 SPRING MEETING 1
Disclosure(s): Richard P. Jeffries – I have no actual or potential conflict of interestin relation to this program/presentation.
NEBRASKA HIMSS SPRING MEETING 2019 2
A Secret Message,A Crowded Room• Get a secret message passed to the front of the
room• Cannot meet with your friend ahead of time• Cannot speak privately
NEBRASKA HIMSS 2019 SPRING MEETING 3
You yell to the back: “Use the two-lock box!”• Everyone can hear you• Everyone knows how the two-lock box is designed• You yell to the back “Here’s a key to use!”
• You provide precise dimensions• Everyone can hear you• Everyone knows how to make a key
NEBRASKA HIMSS 2019 SPRING MEETING 4
The message is sent• Your friend writes a message, puts it in the two lock box• He uses the key with the dimensions you specified to lock
the box• He passes the box to the front• Everyone in the room can see the box, many pass the box• Everyone knows the key he used to lock it
NEBRASKA HIMSS 2019 SPRING MEETING 5
The message arrives securely!• Your friend’s key can only lock the box
• You have a key that has a mathematical relationship to his key
• Your key can only unlock the box• The relationship is very hard to figure out and requires years of
long division of huge numbers
• You unlock the box and read the message
• The process can be reversed!
NEBRASKA HIMSS 2019 SPRING MEETING 6
You now understand encryption!
NEBRASKA HIMSS 2019 SPRING MEETING 7
What is encryption?• Encryption is the process of making a message
unreadable to an unauthorized recipient• Encryption presumes interception• The internet works on a series of intentional
interceptions
NEBRASKA HIMSS 2019 SPRING MEETING 8
My desk at Cline Williams to Google –6 interceptions!
• Traceroute to www.google.com (216.58.218.196), 64 hops max, 52 byte packets
1 10.1.0.1 (10.1.0.1) 2.400 ms 3.555 ms 3.251 ms
2 10.1.0.254 (10.1.0.254) 1.671 ms 4.247 ms 1.343 ms
3 66.37.247.221 (66.37.247.221) 2.355 ms 2.817 ms 2.131 ms
4 66.37.238.16 (66.37.238.16) 1.878 ms 1.919 ms 2.056 ms
5 dalsbprj01-ae1.0.rd.dl.cox.net (68.1.2.109) 31.218 ms 44.839 ms 35.053 ms
6 72.14.212.233 (72.14.212.233) 17.082 ms 17.356 ms 17.687 ms
7 209.85.244.122 (209.85.244.122) 17.652 ms 17.639 ms 17.779 ms
8 209.85.246.213 (209.85.246.213) 17.534 ms 17.316 ms 17.578 ms
9 dfw06s47-in-f4.1e100.net (216.58.218.196) 17.374 ms 17.292 ms 17.420 ms
NEBRASKA HIMSS 2019 SPRING MEETING 9
Making a message unreadable to an unauthorized recipient
A B C . . . Y Z
B C D . . . Z A
NEBRASKA HIMSS 2019 SPRING MEETING 10
Let’s complicate that a little• Shift each letter by X• HELLO MJQQT
• X = 5
NEBRASKA HIMSS 2019 SPRING MEETING 11
The anatomy of encryption:• “Shift each letter by X” is the “algorithm”
• Algorithm means “bunch of math”
• HELLO is the “plaintext”
• Input to the encryption algorithm
• MJQQZ is the “ciphertext”
• The output of the encryption algorithm
• 5 is the “key”
• The variable put into the algorithm
NEBRASKA HIMSS 2019 SPRING MEETING 12
Why do we call it a key?The lock is the
algorithm. Just knowing how it works doesn’t help
much.
The key is the unique method for operating the lock. If you don’t have the key, you don’t open the lock.
NEBRASKA HIMSS 2019 SPRING MEETING 13
Shannon’s maxim:• “The enemy knows the system”• The algorithms are all known
• i.e. all of the locks are made the same way• That’s the only way the internet can work• It’s only the security of the keys that keeps
information safe
NEBRASKA HIMSS 2019 SPRING MEETING 14
A real world example: Coffee shop Wi-Fi• Your laptop can see the signal• You click and your computer asks for a code
• Key (usually a word or “passphrase”)
• You go ask the barista, the barista tells you• You input the code and access the internet
• Computer knows the algorithm; the key makes the data readable
NEBRASKA HIMSS 2019 SPRING MEETING 15
Some basics of cryptographic safety• The key should not accompany the message
• The key should travel in a different channel from the message
• The key should be difficult to guess
• A longer key is always better
NEBRASKA HIMSS 2019 SPRING MEETING 16
Key length, explained:• Keys become exponentially harder to guess with
length• Higher number of guesses better• Computers think in binary, so it’s an exponent of 2, or “bits”
• Long keys require a large number of guesses• Computers can guess very quickly
NEBRASKA HIMSS 2019 SPRING MEETING 117
Key length and entropy• Entropy is chaos or randomness • Number-symbol-capital-lower increases entropy, but it isn’t everything
• Husker$1 = 35 bits of entropy• thefutureisbaconpants = 80 bits of entropy
• Each additional bit of entropy requires twice as many guesses• 1 coin flip – 2 possibilities• 2 flips – 4 possibilities• 3 flips – 8 possibilities• Possibilities = 2n, where n is the number of bits
NEBRASKA HIMSS 2019 SPRING MEETING 18
Is 256-bit encryption 6.4 times better than 40-bit encryption?• 40-bit encryption (DES)
• 240 = 1,099,511,627,776 possible keys• Guessable within a couple of days by brute force
• 256-bit encryption (AES)• 2256 =
115792089237316195423570985008687907853269984665640564039457584007913129639936 possible keys
• A 65-digit number times more powerful than 40-bit • More than the number of atoms in the observable universe• Not currently crackable while fuel remains in the sun
NEBRASKA HIMSS 2019 SPRING MEETING 19
Some password perspective• Husker$1 = 35 bits of entropy• thefutureisbaconpants = 80 bits of entropy• Difference is 245 possible combinations• thefutureisbaconpants is 3.45 trillion times harder to
guess• If the guessability of Husker$1 was represented by the head
of a pin, thefutureisbaconpants would be an object three times the size of the sun
NEBRASKA HIMSS 2019 SPRING MEETING 20
Types of encryption• Disk encryption
• File encryption
• Wi-Fi encryption
• Connection encryption
NEBRASKA HIMSS 2019 SPRING MEETING 21
Disk Encryption• Whole disk is encrypted • First thing your computer does is ask for key • Once key is supplied, all data is visible• Useful for:
• Physical security• Mobile devices
• Useless for:• “Always on” computer
NEBRASKA HIMSS 2019 SPRING MEETING 22
File encryption• Individual files have individual keys
• Example: Adobe
• Useful for:• Preventing unauthorized access to specific data
• Sending thumb drives or other media through the mail
• Useless for:• Preventing unauthorized access to systems
• Large-scale work
• “Email encryption” is a form of file encryption
NEBRASKA HIMSS 2019 SPRING MEETING 23
Wi-Fi encryption• Access to network (and internet) requires input of key• Useful for:
• Preventing unauthorized use of network• Preventing eavesdropping by persons outside network
• Useless for:• Preventing by others also connected to network• File security• Physical security
NEBRASKA HIMSS 2019 SPRING MEETING 24
Wi-Fi encryption algorithms• WEP (Wired Equivalent Privacy)
• OUT OF DATE SINCE 2004
• WPA• Better• WPA + TKIP is breakable• WPA + AES is less so
• WPA2• Best
NEBRASKA HIMSS 2019 SPRING MEETING 25
Why do I care?• Old routers are vulnerable routers
• Do you know how to check your connection type?
• Check your router security settings• If you don’t know how to do that, learn• Not a bad idea to check your work Wi-Fi also
NEBRASKA HIMSS 2019 SPRING MEETING 26
Connection encryption• Sees that the data is encrypted from end to end• Useful for:
• Secure communications, such as banking• Vulnerable to:
• Use of outdated standards by sender• Useless for:
• Physical security • Someone who already has access to your computer
NEBRASKA HIMSS 2019 SPRING MEETING 227
Types of connection encryption• VPN
• Creates “tunnel” through which all traffic passes• Very difficult to break
• HTTPS (the “lock” in your browser)• Creates reasonably secure connection for brief web
site visits
NEBRASKA HIMSS 2019 SPRING MEETING 28
Conclusions:• Make sure your algorithm is good• Security of the key is everything• Use the right kind of encryption for the job• A longer key is always much better• Know who else has the key
NEBRASKA HIMSS 2019 SPRING MEETING 29