1 / 53

The Secrets of Keeping Secrets

The Secrets of Keeping Secrets. Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky porter@digitalme.com. Crypto—ASCII style. ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001 a = 1100001

jethro
Télécharger la présentation

The Secrets of Keeping Secrets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Secrets of Keeping Secrets Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky porter@digitalme.com

  2. Crypto—ASCII style • ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation • A = 1000001 • a = 1100001 • Because ASCII uses bits to represent letters, it’s a kind of cypher

  3. Transposition Cipher • One of the simplest transposition ciphers substitutes the first and second digits and the third and forth digits • Megan • ASCII— 1001101 1100101 1100111 1100001 1101110 • Cypher— 0110101 0011101 0011111 0011001 0010110 • 5 ) 1 % “

  4. Key-Based Algorithm The security of key-based algorithms is based on the secrecy of the algorithm, the key(s), or both

  5. ANQR1DBw 4DokTETykx LwQB/9JZe 7eCzXW 9iYVNOT HWjioKOI Dear Cindy, You are so beautiful! Private Key Cryptosystem(Symmetric) Same Encryption Key ANQR1DBw 4DokTETykx LwQB/9JZe 7eCzXW 9iYVNOT HWjioKOI Dear Cindy, You are so beautiful! Cypher Text Cypher Text Clear Text Clear Text

  6. Modified Substitution Cipher • Message = COOL • In ASCII • Key = MEGAN • Ciphertext Key longer than message is okay 1000010100111110011111001100 01101010011101001111100110010010110 1110111101001010100001010101

  7. Modified Substitution Cipher • Can be broken with simple techniques • Not secure SECURE

  8. Whitfield Diffie • Interested (obsessed!) with the key distribution problem • Imagined two strangers meeting on the net—wondered how they would send secret messages

  9. Martin Hellman • Was reluctant to even talk to Diffie • Eventually became Diffie’s crypto-partner • Solved the key exchange problem

  10. Cryptography: Algorithms and Keys • A method of encryption and decryption is called a cipher • Generally there are two related functions • Encryption • Decryption • All modern algorithms use a key to control encryption and decryption • Encryption key may be different from decryption key

  11. From the Minds of Diffie/Hellman • The postal problem... Demonstration

  12. Got here safely. To: Wilt Diffie Wow! I can see inside. I think I’ll take a look! Postman

  13. I’ll lock it this time Postman

  14. I can’t see either—I’ll lock it too! Hummm! Postman

  15. Postman

  16. Postman

  17. Postman

  18. Postman

  19. Postman

  20. Why the Postal Example Won’t Work • Alice’s key • abcdefghijklmnopqrstuvwxyz • EDIRCTOYNUWAPFLMBGJZHKQXVS • Bob’s key • Abcdefghijklmnopqrstuvwxyz • ZNAMSREVILYUCKOGJTBWDXQHPF • Message lost my hotel key • Encrypted with Alice’s key ALJZ PV YLZCA WCV • Encrypted with Bob’s key UOBW CP VOWSU YSP • Decrypted with Alice’s key HLDQ IM KLQJH VJM • Decrypted with Bob’s key VUMJ IC YUJLV XLC

  21. One-Way Functions • Diffie and Hellman were not interested in two-way functions, only solving the problem with one-way functions • Because they could imagine the postal example, there MUST be a solution

  22. Bob Alice sender receiver

  23. k k Types of AlgorithmsSymmetric (Encryption) Bob Alice Enck sender receiver encryption decryption M ciphertext ciphertext M Deck

  24. One-Way Function Demonstration

  25. 5 + 10 (mod 12) = 3 8 + 31 (mod 12) = 3

  26. Diffie/Hellman Key Exchange Technique Demonstration

  27. 56 29 7N mod (98219) 7N mod (98219) 729 mod (98219) = 75149 756 mod (98219) = 67665 67665 75149 6766529 mod (98219) 7514956 mod (98219) 40912 40912

  28. A Mathematical Genius?! • Whitfield Diffie is best known for his 1975 discovery of the concept of Public Key Cryptography

  29. Rivest ShamirAdleman

  30. pubkey privkey M ciphertext ciphertext M Encpubkey Decprivkey Types of AlgorithmsPublic Key (Asymmetric Encryption) sender receiver decryption encryption

  31. pubkey pubkey privkey Types of AlgorithmsPublic Key (Asymmetric Encryption) sender receiver decryption encryption M ciphertext ciphertext Encpubkey Dec pubkey

  32. pubkey pubkey pubkey privkey Types of AlgorithmsPublic Key (Asymmetric Encryption) sender receiver encryption M ciphertext decryption Encpubkey ciphertext TRASH! Dec pubkey

  33. Jna fq h5tunb89d`58jdf[835gj Encryption and Decryption M is the message, E is encryption, C is Ciphertext, D is decryption C M M D E The following identity must hold true D(C) = M, where C = E(M)

  34. Jna fq h5tunb89d`58jdf[835gj Secret Key Cryptography K K C M M S R D E K is the secret key shared by both the sender (S) and receiver (R) Symmetric Encryption

  35. Jna fq h5tunb89d`58jdf[835gj Public Key Cryptography KR(pub) KR(pri) C M M S R D E KR(pub) is Receiver’s public key and KR(pri) is Receiver’s private key Asymmetric Encryption

  36. The Math

  37. RSA works by using a mathematical function that is (comparatively) easy to compute while encrypting, but very difficult to reverse without knowing the private key • RSA works by selecting two large prime numbers

  38. RSA Key Generation • Pick large random primes p,q • Let p*q = n and =(p-1)(q-1) • Choose a random number e such that: 1<e< and gcd(e, )=1 (relative primes) • Calculate the unique number d such that 1<d< and d*e  1 (mod ) (d is inverse of e) • The public key is {e,n} and the private key is {d,n} • The factors p and q may be kept private or destroyed

  39. Pierre de Fermat • Discovered that—if you use a prime number for the modulus, then raising a number to the power (prime-1) is always 1 • m(p-1) mod p = 1 • According to Fermat, this works with any prime number p and any positive m that’s less than p, therefore 1 < m < p • What is 710 mod 11 The answer is 1

  40. Leonhard Euler (pronounced “Oiler”) • Discovered Fermat’s relationship held true when using the product of two primes as the modulus • n = pq • m(p-1)(q-1) mod n = 1 • Works so long as p and q are relative prime to one another • If p = 11 and q=5, what is [m(p-1)(q-1) mod 55] ?

  41. m(p-1)(q-1) mod n = 1 Euler: So... Fermat: m(p-1) mod p = 1

  42. So... Euler: m(p-1)(q-1) mod n = 1 m(p-1)(q-1) mod n Fermat: m(p-1) mod p = 1 m(p-1) mod p =

  43. RSA Key Generation • Pick large random primes p,q • p = 5, q = 11 • Let p*q = n and =(p-1)(q-1) • The encrypting modulus n = pq = 55 •  = (p-1)(q-1) = (4)(10) = 40 •  + 1 = e * d(we’re looking for both e and d) • 41 = e * d (but no two number multiplied together equal 41) • 41 is prime but, using modular math — 41 becomes 1 mod 40 • e * d = 1 mod 40

  44. RSA Key Generation • We’ll use 3 for e • 3 * d = 1 mod 40 • Using Extended Euclidian algorithm, d = 27

  45. Encrypting Using RSA (Review) • Step 1: generate two prime numbers, p and q • Step 2: Combine the primes n=pq • Step 3: Combine the primes another way, =(p-1)(q-1) • Step 4: Using , generate a key pair, e and d • Step 5: Using e, d, and n, encrypt and decrypt

  46. RSA Mechanical Overview • Basically • Alice: me mod n → c • Bob: cd mod n → m

  47. Encrypting/Decrypting, Step—by—Step • Lets encrypt the letter “G” (for Gary) • For simplicity sake, we’ll represent “g” as 7, the 7th letter of the alphabet • So, 7public key * encrypting modulus • 73 * mod 55 = 13 • To decrypt, 13private key * encrypting modulus • 1327 * mod 55 = 7

  48. Gary J Porter’s PGP Public Key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP Personal Security 7.0.3 mQGiBDtsK/URBAD+OujjPRvMu22fq9T78fRA2ijOzzKH9HeXHZ81x8C3D/wJF7ea 1ToD42sk6kV6+fcI2JGV4YrApXkzu7TfmU8T5eUxPsk4YY7q4ZP7JCmTVwPWeROJ ZH6QHjyBQUm792trCFbmuOl+t5PjY8TZwBBo4Hrm/kvgex+OfqzZEi4hlwCg/2YV HCcvjAKa/tfDgaq9ei9NZW8D/0WiVnOqZUSqlBfG69oi0PGWtRXiJqIKsZj6Ljtw qtxk3W5G+BqWOcI+Az3m2pGoaXzlz7z9n1iDx0ZufNzLu38/wh9FZe86817V9Y8X jvSTf0UY/T7+BbMNF1OquUz9BaSis+a6tvsoF1Ya/657IkLhCO4CEHOc+eggFtkV r+0eBACfHMZ4x5dxj+YtOV5eN5gxQcyjAB2NFBj+GFnBV2wezX3D6TaHpx3VwEZh AHDeSLySoRs6bmhmd16mVdsgE/u5Em49Sc1Y59WzJGwfKAis6hHhDt4Htyhum281 impMbkEZAxIgbQplWoUivxk8LwuLjMfrfdq0+WWeLF4fJUGWBLQkR2FyeSBKIFBv cnRlciA8cG9ydGVyQGRpZ2l0YWxtZS5jb20+iQBYBBARAgAYBQI7bCv1CAsDCQgH AgEKAhkBBRsDAAAAAAoJENkIAq1B47uW7F8AoNfRgtp+9IYs/gpcLxT8XVlul54f AKDH6bA2D4CR2l1sxW71RFIWEMX+CrkCDQQ7bCv1EAgA9kJXtwh/CBdyorrWqULz Bej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHT UPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq 01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O 9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcK ctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TIL OwACAggA7WTvMQ0WgywmeT2+ZdQTio1UvBtkLZTV5PBTWLnMXhSAL+JIY2D4xnP4 Coh+Mf2PuZ6c4IxpFVF/ywnekW2wX53qqWV0tjbTcbQ7lwkg276hQPUOfWU7UaZn cyxFznRPc2OiO6SpzIpcVHY1nJ8uLOvhSTU67vTOonNri5zlR/ev91SPK1azTjtQ W7jqb+v2z72Lxh/BgtDiFld8cXMmbHYdjZ9cPpW0JsKZ+tBwl2SsJXtopst4PYmw 2hoLYA0DS+Q0X8OIxROLxQXqinEaKhjP+s6XU+q9x85McR9mT8HaCdliE1W0yToL 2dLHnwEKBBDN5vLi8+SnHjTRNU/b7IkATAQYEQIADAUCO2wr9QUbDAAAAAAKCRDZ CAKtQeO7luHBAJ45z2IW9D0g/2pZVSHFwzTsDOob3QCg+6rozdE+M57CTDNQE5Ay uoxxTWE= =DeGR -----END PGP PUBLIC KEY BLOCK-----

  49. An eDirectory Public Key

  50. An eDirectory Private Key

More Related