Cryptography - Yimg

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 10 months ago)

54 views

Revealed
Agenda


Cryptography ?? .


Encryption .


Symmetric Encryption .


Asymmetric Encryption.


Diffie
-
hellman.


Hashing .


Digital signature .


Authentication Protocols .


PKI .


Cryptosystems .


Cryptanalysis .


Quantum Cryptography.

. Cryptography is a framework of methodologies used to ensure the CIA
triad for our information ; C for confidentiality , I for Integrity and A for
authenticity.


. The need for cryptographic techs was as old as the need to keep the
critical info secure , safe and authentic . the techs were invented in
different forms that can be compatible with their current age , while the
concept was the same .


. Cryptography was known anciently as Encryption which means : Hiding the
information from unauthorized entities . Various methods were used to
adopt this purpose , it could be implemented manually , mechanically or
even electronically .

Cryptography ??

.
SCYTALE

, is an example for a really old tech that was used to cipher
(encrypt) information . The concept of operation is so simple . Get a long
strip of leather and wind it over a rode like the picture , write the clear
data on the leather over the rod and then unwind it .

. “ HELP ME I AM UNDER ATTACK “ will be
"HENTEIDTLAEAPMRCMUAK“ ,
and it totally depends on the diameter of the rode , which is the key to
decipher the message .

. Nowadays are a bit different , as we are not talking about only encryption
when dealing with cryptography , hashing shares the place with encryption
to form the whole framework (cryptographic framework) ; hashing role is
to ensure the integrity of the message . So , back to the CIA triad ,
encryption is used to insure the confidentiality, hashing is for ensuring the
integrity and a combination of encryption & hashing for ensuring the
authenticity of the message sender .

. Encryption and Hashing can be
considered now as systems that need an
input to deliver an output , this system is
controlled by a set of mathematical
equations which is known as an algorithm.

Encryption

. As we stated before , Encryption is considered as a component of the
cryptographic framework . It’s role is to offer the confidentiality axis of
the CIA triad .

. Recalling the systematic view of
any cryptographic component ,
Encryption needs an input (Clear
message & key) to deliver the
cipher form (output) , this cipher
form to be decrypted (converted to
the clear form ) we shall need a key
and the same algorithm .

. Encryption can be implemented symmetrically or asymmetrically .


. If we are using symmetric encryption , then we will encrypt the clear
message with one key and decrypt it with the same key ; encryptor and
decryptor should have the same key .

. On the other hand , for Asymmetric encryption , the sender will use a key
to encrypt the message and the receiver will use a different key to
decrypt the message , in case we have a bidirectional communication , each
pair will use two keys one of them is public for others and a private key
for himself.

Symmetric Encryption

. To wrap the concept let us discuss a case for three entities that need to
communicate securely using symmetric encryption .

. From the figure , we can conclude
that we will use 9 different private
keys for achieving bidirectional
communication between xyz and
abc .


. We can conclude also that we
need to define a way by which we
can exchange these private keys in
a secure manner between distant
entities .


. We will recall these two
conclusions a bit later .

. DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the
well known symmetric encryption algorithms .


. We will go deeply for DES

and AES

in the Demos section .

Asymmetric Encryption

. Back to the same case that was assumed when using symmetric
encryption.

. ABC and XYZ have their public
keys distributed over each other ,
anyone needs to talk to the other
will use the other’s public key to
encrypt the traffic and the other
will use his own private key to
decrypt the traffic , X will use A’s
public key to encrypt clear traffic
A will receive the cipher to decrypt
it using his own private key .


. Less number of keys and simple
key distribution .

. RSA is the famous asymmetric key encryption algorithm .

Ron
R
ivest ## left


Adi
S
hamir ## Middle


Leonard
A
dleman ## Right

. RSA operation will be discussed
in the Demos section .

. Let us now compare them (symmetric and asymmetric) :


1
-

Symmetric key encryption suffers from scalability issues ; to achieve a
secure communication between N points , we will need to generate (N(N
-
1))/2
different keys .


3
-

Symmetric key encryption requires “ out of band “ secure exchange of keys ,
because , both the communicating parties needs to know about the keys before
proceeding into the communication .


4
-

Asymmetric key encryption systems are incredibly complex , and that
complexity will surely impact the performance . Asymmetric key encryption is
up to 1000 times slower than symmetric key encryption .


. Now how can we deal with that problem ?!!! , Diffie and Hellman will
answer this question for us .

Diffie
-
hellman


Diffie
-
Hellman algorithm will use
public key encryption to only
distribute symmetric keys for
communicating parties , symmetric
key encryption will be used to deal
with clear data to create the cipher ,
so we will have no odds :: high
performance using symmetric key
encryption and simple key distribution
process using Diffie
-
Hellman
algorithm , as we will sure see here
and the demos section .



Khaled will generate two (public and private ) keys using his own Diffie
-
Hellman algorithm , Ali will do the same thing ; both of them will exchange
his own public key , khaled will have his own private key and Ali’s public key
, he will use his Diffie
-
Hellman algorithm to generate a new private key ;
Ali will have the same private key if he executed the same operation.

Hashing


Hashing is the second component of the cryptographic framework , its
role is to ensure the integrity of a message . The most important aspect
of integrity violation is that the target of the attack is not aware about
the violation occurrence , simply , if he knew he will request for a
retransmission .


The problem is that I am
communicating with my co
-
workers basing on a false
information .



Hashing is an irreversible
process with no keys , the clear
message is the only input for
the hashing process .



The message will be delivered as an input to the hashing system , hashing
system will create message digest (hash) from the clear message , it will
then append the digest to the message and then send them over the
media ; The recipient will have the message to create a new digest and
then compare the two digests .


A simple newbie can execute an MITM attack , he will be able to receive
the message with the digest from the sender so as to create a new fake
message with a new generated hash from the fake message (using the
same hashing algorithm) to be sent to the poor receiver .



HMAC , the solution for this problem .


MD5 and SHA are the most used hashing algorithms , SHA is more secure
than MD5 .



We will have a demo for HMAC in the demos section .

Digital signature


This is our last step for completing the CIA triad , how can we ensure
authenticity using cryptography !!!



Digital signature is a mechanism by which we can authenticate the
message sender on a message basis , each message needs to be
authenticated , this needs to be clarified , digital signature is not a
connection based authentication mechanism like pap , chap , kerborse ,
TACACS ...............


Digital signature uses a combination of
encryption and hashing .


The message will be hashed , the digest will be encrypted by the
sender private key and then sent with message to the recipient .


We have a demo for Digital signature .

Authentication Protocols


As we are taking about connection based authentication mechanism ,
we will deal with protocols rather than algorithms . This is to briefly
list famous authentication protocols :


1
-

PAP

2
-

CHAP

3
-

MS
-
CHAP

4
-

NTLM

5
-

EAP

6
-

PEAP

7
-

Kerberos

8
-

TACACS+

9
-

Radius

10
-

Diameter

PKI


Public Key Infrastructure is a
Trust

Connectivity media , I need to
trust the sender before beginning a new session with him , how can I
know that this public key is the one owned by the real sender; I need
someone between us , someone that I can trust and that can trust this
remote sender .


How can I trust you?

Answer: The CA trusts me.



How can I know the CA trusts you?

Answer: You can see my certificate
issued by the CA.


.So , PKI is not for authentication,
but it can be considered as a pre
-
authentication phase .


.We will have a full PKI course .

Cryptosystems


Cryptosystem is an implemented form of the cryptographic framework ,
it consists of three components :


1
-

algorithms : cryptographic engines for doing encryption and hashing .


2
-

protocols : for establishing connections and negotiating parameters
between the communicating parties .


3
-

keys : for encryption algorithms .



IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems
, some of them provide the full CIA tirade . The only factor that
differentiate between these cryptosystems is the protocol used to
establish the connection and negotiate the parameters .



These cryptosystems will be discussed deeply in the VPN course .


Cryptanalysis


“ Breaking a cipher doesn't
necessarily mean finding a practical
way for an eavesdropper to recover
the plaintext from just the
ciphertext. In academic
cryptography, the rules are relaxed
considerably. Breaking a cipher
simply means finding a weakness in
the cipher that can be exploited
with a complexity less than brute
-
force ”
Bruce Schneier
.



Quantum Cryptography


“While I like the science of
quantum cryptography
--

my
undergraduate degree was in
physics
--

I don't see any
commercial value in it. I don't
believe it solves any security
problem that needs solving. I don't
believe that it's worth paying for,
and I can't imagine anyone but a
few technophiles buying and
deploying it. Systems that use it
don't magically become
unbreakable, because the quantum
part doesn't address the weak
points of the system.



Bruce Schneier
.