Trainor - Cryptography

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 9 months ago)

76 views

Begins with

C..

By Andrew Trainor
and Abira Das

Ends with

ryptography!

Sorry hopefully we’re the last ones guys I think at this point I hate cryptography

What is cryptography?

Overview


Cryptography


the conversion of plaintext into cipher text via
an encryption algorithm


Common Encryption algorithms


Advanced Encryption Standard (AES), used by U.S. National
Sceurity Agency


RSA (Rivest, Shamir, Adleman), for public key cryptography


Secure Sockets Layer (SSL)


used in in web browsers, websites
with http
s

Cryptanalysis


The science of analyzing information systems in order to
find faults in a system.


Used to gain access to encrypted messages, even when
the key is unknown.


Primary focus on cryptographic algorithms and the
possible weakness in implementation.

One Time Pad


Most accredited discoverer: Claude Shannon


Where OTP is used


Super encryption


Quantum key distribution


Mimicked by stream ciphers


Requirements


Perfect secrecy


True randomness


Random Number Generator


CAN’T USE


Random number generation functions in programming language
libraries


/dev/random


hardware random number generator


Can’t be used twice






H E L L O message




7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message


+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key


= 30 16 13 21 25 message + key


= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) message + key (mod 26)




E Q

N V Z → ciphertext


E Q N V Z
ciphertext


4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z)
ciphertext


-

23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key


=
-
19 4 11 11 14
ciphertext



key

= 7 (H) 4 (E) 11 (L) 11 (L) 14 (O)
ciphertext



key (mod 26)


H E L
L

O → message

Cryptanalysis of the ciphertext
(attempt)


4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) ciphertext


− 19 (T) 16 (Q) 20 (U) 17 (R) 8 (I) possible key

= −15 0 −7 4 17 ciphertext
-
key

= 11 (L) 0 (A) 19 (T) 4 (E) 17 (R) ciphertext
-
key (mod 26)

Elliptic curve cryptography


Based on discrete algorithm


Primary benefit: smaller key size


EX: 256
-
bit ECC public key is comparable to 3072
-
bit RSA
public key




Elliptical curve consists of the points
satisfying the equation y
2
=x
3
+ax +b


Elliptic curve cryptography


TO DATE: Hardest ECC scheme broken had 112
-
bit key
prime field and 109
-
bit key for the binary field case.
Broken in July 2009 (Prime) and 2004 (Binary).


Vulnerability:


Pollard's Rho attack
O(√n)
.


Side Channel attacks

Side Channel Attacks


Side channel attack
: an attack on a cryptosystem based on the
physical implementation leakages of the microprocessor


Leakages


Timing


Power consumed


Electromagnetic Radiation


Sound produced

Timing Attacks


Work backwards based on encryption algorithm


Easier if foe knows what crypto system hardware is being used


Useful against RSA, ElGamal, and Digital Signature Algorithm


Ex. Square and Multiply algorithm


Execution time O(k)


Where k is number of 1 bits in the key

x

=
C


for

j

= 1 to
n



x

= mod(
x
2
,
N
)


if

d
j

== 1


then

x

= mod(
xC
,
N
)

end if


next

j


return

x

C
d

mod

N

Side Channel Attacks


Power consumed


SPA


simple power analysis
http://www.cryptography.com/technology/dpa/dpa
-
video.html


DPA


differential power analysis


Electromagnetic radiation


Radio waves created by changes in electric current


Sound produced


Temperature changes in machines cause overheating and low level
noise emissions

Prevention of Side Channel Attacks


How do we make sure hackers don’t get this info?


Sound

Add extra noise


Timing

Make software run in constant time


Power


Make program PC secure (SPA)


Hardware modification, changing


encryption algorithm, blinding


(DPA)

Traffic Analysis


Traffic Analysis: examining message patterns to deduce
information


Who is signaling whom and the frequency


Greater the number of messages, more can be inferred


Used in military intelligence


ex.) rapid, short communications = negotiations


Chain of command

Prevention of Traffic Analysis


Traffic flow security = hides messages from adversaries


“dummy traffic”


fake sending messages


Continuous signal


Change callsigns (radio initials)


Encrypt address

Fake signal

THE END
(and hopefully the last we’ll ever have to hear of
cryptography)
Any Questions?