Decrypting Encryption (for Fun and Profit)

globestupendousSecurity

Dec 3, 2013 (3 years and 10 months ago)

76 views

Decrypting Encryption
(for Fun and Profit)

Christopher Ward,
CISSP,
C|CISO

Director of Information Security

Vinson & Elkins, LLP

Just because you’re paranoid
doesn’t mean they’re not out to
get you.

System Centric vs. Data Centric Security

Valuable Data

Access Control Lists

Admin Access

2 Factor
Authentication

Firewall

System Centric vs. Data Centric Security

Encryption and Data
Centric
Security

Encryption:

o
Independent of

o
operating system

o
transmission

o
media

o
Maintains its own independent
ACLs

Protection strength based on algorithms used and key
length


Encryption Types

Hashes

A
cryptographic
hash

function

is
an
algorithm that takes an
arbitrary block of data and returns a fixed
-
size bit
string.

The
ideal cryptographic hash function has four main properties:

it is easy to compute the hash value for any given message

it is infeasible to generate a message that has a given hash

it is infeasible to modify a message without changing the hash

it is infeasible to find two different messages with the same
hash
.

Common:


MD5


SHA1


SHA256


RIPEMD

Encryption Types

Hashes

Password Encryption

Digital Document Fingerprinting

Message Integrity Verification



Encryption Types

Symmetric Encryption

Symmetric
-
key
encryption
uses
the same cryptographic
key
(shared key) for
both encryption of plaintext and decryption of
ciphertext.

Two basic types:

Stream ciphers encrypt the
digits/bytes/ characters
of a
message one at a time.

Block ciphers take a number of bits and encrypt them as a
single unit, padding the plaintext so that it is a multiple of
the block
size.



Encryption Types

Symmetric Encryption

Most common form of encryption

Fast

Control strength by key length and
iterations

Common
Algorithms:


AES


Blowfish


DES / Triple DES


Serpent


Twofish


RC4

(stream)



Encryption Types

Symmetric Encryption

Most common uses:

Local file encryption (MS Word, WinZip,
TrueCrypt
)

Fixed point
-
to
-
point encryption

Device & disk encryption

Asymmetric payload encryption



Symmetric Encryption

Encryption Types

Asymmetric
Encryption

Asymmetric
-
key
encryption
uses
two keys:

1.
Public key used for encryption
of plaintext

2.
Private key used for decryption
of
ciphertext


Common Algorithms:

RSA

Diffie

Hellman

Digital Signature Standard (
DSS
)

Elliptic Curve


Encryption Types

Asymmetric Encryption

Secure key distribution

Slower

Associate key with identity

Easier key management


Encryption Types

Asymmetric Encryption

Examples of protocols using asymmetric key algorithms
include
:

Internet Key Exchange (
X.509

certificates)

Transport
Layer Security (TLS)

PGP

/
OpenPGP

/
GPG

SSH

Bitcoin


Asymmetric Encryption

Practical Examples

Do you know what I know?

Practical Examples

File Sharing with Symmetric Keys

Practical Examples

File Sharing with Public Keys

Practical Examples

Digital Signatures

Pra
ctical Examples

Cloud “Security”

Perfect Forward Security

Key Length

Asymmetric (RSA) keys

Longer keys = more secure

but longer processing



Key length should be 2048 bits to protect data for about
20 years


3072
bits for 20+ years


4096 bits for lifetime of the universe


8192 bits for the
uber
-
paranoid

Key Length

Symmetric Keys

Each bit doubles the key length








256 Bits AES is both fast and secure enough for your lifetime

NSA “Suite B”

http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

Function

Use

Bits

Standard

Hash

SHA

256 / 384

FIPS

180
-
2

Symmetric

AES

128 / 256

FIPS

197

Signature

ECDSA

256 / 384

FIPS

186
-
2

Key Exchange

ECDH

256 / 384

SP

800
-
56

Questions