540 likes | 819 Vues
The Secrets of Keeping Secrets. Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky porter@digitalme.com. Crypto—ASCII style. ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation A = 1000001 a = 1100001
E N D
The Secrets of Keeping Secrets Gary J Porter Senior Network Analyst MindWorks, Inc. of Kentucky porter@digitalme.com
Crypto—ASCII style • ASCII represents 27 bits (128) which can represent all of the English alphabet plus punctuation • A = 1000001 • a = 1100001 • Because ASCII uses bits to represent letters, it’s a kind of cypher
Transposition Cipher • One of the simplest transposition ciphers substitutes the first and second digits and the third and forth digits • Megan • ASCII— 1001101 1100101 1100111 1100001 1101110 • Cypher— 0110101 0011101 0011111 0011001 0010110 • 5 ) 1 % “
Key-Based Algorithm The security of key-based algorithms is based on the secrecy of the algorithm, the key(s), or both
ANQR1DBw 4DokTETykx LwQB/9JZe 7eCzXW 9iYVNOT HWjioKOI Dear Cindy, You are so beautiful! Private Key Cryptosystem(Symmetric) Same Encryption Key ANQR1DBw 4DokTETykx LwQB/9JZe 7eCzXW 9iYVNOT HWjioKOI Dear Cindy, You are so beautiful! Cypher Text Cypher Text Clear Text Clear Text
Modified Substitution Cipher • Message = COOL • In ASCII • Key = MEGAN • Ciphertext Key longer than message is okay 1000010100111110011111001100 01101010011101001111100110010010110 1110111101001010100001010101
Modified Substitution Cipher • Can be broken with simple techniques • Not secure SECURE
Whitfield Diffie • Interested (obsessed!) with the key distribution problem • Imagined two strangers meeting on the net—wondered how they would send secret messages
Martin Hellman • Was reluctant to even talk to Diffie • Eventually became Diffie’s crypto-partner • Solved the key exchange problem
Cryptography: Algorithms and Keys • A method of encryption and decryption is called a cipher • Generally there are two related functions • Encryption • Decryption • All modern algorithms use a key to control encryption and decryption • Encryption key may be different from decryption key
From the Minds of Diffie/Hellman • The postal problem... Demonstration
Got here safely. To: Wilt Diffie Wow! I can see inside. I think I’ll take a look! Postman
I’ll lock it this time Postman
I can’t see either—I’ll lock it too! Hummm! Postman
Why the Postal Example Won’t Work • Alice’s key • abcdefghijklmnopqrstuvwxyz • EDIRCTOYNUWAPFLMBGJZHKQXVS • Bob’s key • Abcdefghijklmnopqrstuvwxyz • ZNAMSREVILYUCKOGJTBWDXQHPF • Message lost my hotel key • Encrypted with Alice’s key ALJZ PV YLZCA WCV • Encrypted with Bob’s key UOBW CP VOWSU YSP • Decrypted with Alice’s key HLDQ IM KLQJH VJM • Decrypted with Bob’s key VUMJ IC YUJLV XLC
One-Way Functions • Diffie and Hellman were not interested in two-way functions, only solving the problem with one-way functions • Because they could imagine the postal example, there MUST be a solution
Bob Alice sender receiver
k k Types of AlgorithmsSymmetric (Encryption) Bob Alice Enck sender receiver encryption decryption M ciphertext ciphertext M Deck
One-Way Function Demonstration
5 + 10 (mod 12) = 3 8 + 31 (mod 12) = 3
Diffie/Hellman Key Exchange Technique Demonstration
56 29 7N mod (98219) 7N mod (98219) 729 mod (98219) = 75149 756 mod (98219) = 67665 67665 75149 6766529 mod (98219) 7514956 mod (98219) 40912 40912
A Mathematical Genius?! • Whitfield Diffie is best known for his 1975 discovery of the concept of Public Key Cryptography
pubkey privkey M ciphertext ciphertext M Encpubkey Decprivkey Types of AlgorithmsPublic Key (Asymmetric Encryption) sender receiver decryption encryption
pubkey pubkey privkey Types of AlgorithmsPublic Key (Asymmetric Encryption) sender receiver decryption encryption M ciphertext ciphertext Encpubkey Dec pubkey
pubkey pubkey pubkey privkey Types of AlgorithmsPublic Key (Asymmetric Encryption) sender receiver encryption M ciphertext decryption Encpubkey ciphertext TRASH! Dec pubkey
Jna fq h5tunb89d`58jdf[835gj Encryption and Decryption M is the message, E is encryption, C is Ciphertext, D is decryption C M M D E The following identity must hold true D(C) = M, where C = E(M)
Jna fq h5tunb89d`58jdf[835gj Secret Key Cryptography K K C M M S R D E K is the secret key shared by both the sender (S) and receiver (R) Symmetric Encryption
Jna fq h5tunb89d`58jdf[835gj Public Key Cryptography KR(pub) KR(pri) C M M S R D E KR(pub) is Receiver’s public key and KR(pri) is Receiver’s private key Asymmetric Encryption
RSA works by using a mathematical function that is (comparatively) easy to compute while encrypting, but very difficult to reverse without knowing the private key • RSA works by selecting two large prime numbers
RSA Key Generation • Pick large random primes p,q • Let p*q = n and =(p-1)(q-1) • Choose a random number e such that: 1<e< and gcd(e, )=1 (relative primes) • Calculate the unique number d such that 1<d< and d*e 1 (mod ) (d is inverse of e) • The public key is {e,n} and the private key is {d,n} • The factors p and q may be kept private or destroyed
Pierre de Fermat • Discovered that—if you use a prime number for the modulus, then raising a number to the power (prime-1) is always 1 • m(p-1) mod p = 1 • According to Fermat, this works with any prime number p and any positive m that’s less than p, therefore 1 < m < p • What is 710 mod 11 The answer is 1
Leonhard Euler (pronounced “Oiler”) • Discovered Fermat’s relationship held true when using the product of two primes as the modulus • n = pq • m(p-1)(q-1) mod n = 1 • Works so long as p and q are relative prime to one another • If p = 11 and q=5, what is [m(p-1)(q-1) mod 55] ?
m(p-1)(q-1) mod n = 1 Euler: So... Fermat: m(p-1) mod p = 1
So... Euler: m(p-1)(q-1) mod n = 1 m(p-1)(q-1) mod n Fermat: m(p-1) mod p = 1 m(p-1) mod p =
RSA Key Generation • Pick large random primes p,q • p = 5, q = 11 • Let p*q = n and =(p-1)(q-1) • The encrypting modulus n = pq = 55 • = (p-1)(q-1) = (4)(10) = 40 • + 1 = e * d(we’re looking for both e and d) • 41 = e * d (but no two number multiplied together equal 41) • 41 is prime but, using modular math — 41 becomes 1 mod 40 • e * d = 1 mod 40
RSA Key Generation • We’ll use 3 for e • 3 * d = 1 mod 40 • Using Extended Euclidian algorithm, d = 27
Encrypting Using RSA (Review) • Step 1: generate two prime numbers, p and q • Step 2: Combine the primes n=pq • Step 3: Combine the primes another way, =(p-1)(q-1) • Step 4: Using , generate a key pair, e and d • Step 5: Using e, d, and n, encrypt and decrypt
RSA Mechanical Overview • Basically • Alice: me mod n → c • Bob: cd mod n → m
Encrypting/Decrypting, Step—by—Step • Lets encrypt the letter “G” (for Gary) • For simplicity sake, we’ll represent “g” as 7, the 7th letter of the alphabet • So, 7public key * encrypting modulus • 73 * mod 55 = 13 • To decrypt, 13private key * encrypting modulus • 1327 * mod 55 = 7
Gary J Porter’s PGP Public Key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP Personal Security 7.0.3 mQGiBDtsK/URBAD+OujjPRvMu22fq9T78fRA2ijOzzKH9HeXHZ81x8C3D/wJF7ea 1ToD42sk6kV6+fcI2JGV4YrApXkzu7TfmU8T5eUxPsk4YY7q4ZP7JCmTVwPWeROJ ZH6QHjyBQUm792trCFbmuOl+t5PjY8TZwBBo4Hrm/kvgex+OfqzZEi4hlwCg/2YV HCcvjAKa/tfDgaq9ei9NZW8D/0WiVnOqZUSqlBfG69oi0PGWtRXiJqIKsZj6Ljtw qtxk3W5G+BqWOcI+Az3m2pGoaXzlz7z9n1iDx0ZufNzLu38/wh9FZe86817V9Y8X jvSTf0UY/T7+BbMNF1OquUz9BaSis+a6tvsoF1Ya/657IkLhCO4CEHOc+eggFtkV r+0eBACfHMZ4x5dxj+YtOV5eN5gxQcyjAB2NFBj+GFnBV2wezX3D6TaHpx3VwEZh AHDeSLySoRs6bmhmd16mVdsgE/u5Em49Sc1Y59WzJGwfKAis6hHhDt4Htyhum281 impMbkEZAxIgbQplWoUivxk8LwuLjMfrfdq0+WWeLF4fJUGWBLQkR2FyeSBKIFBv cnRlciA8cG9ydGVyQGRpZ2l0YWxtZS5jb20+iQBYBBARAgAYBQI7bCv1CAsDCQgH AgEKAhkBBRsDAAAAAAoJENkIAq1B47uW7F8AoNfRgtp+9IYs/gpcLxT8XVlul54f AKDH6bA2D4CR2l1sxW71RFIWEMX+CrkCDQQ7bCv1EAgA9kJXtwh/CBdyorrWqULz Bej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHT UPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq 01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O 9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcK ctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TIL OwACAggA7WTvMQ0WgywmeT2+ZdQTio1UvBtkLZTV5PBTWLnMXhSAL+JIY2D4xnP4 Coh+Mf2PuZ6c4IxpFVF/ywnekW2wX53qqWV0tjbTcbQ7lwkg276hQPUOfWU7UaZn cyxFznRPc2OiO6SpzIpcVHY1nJ8uLOvhSTU67vTOonNri5zlR/ev91SPK1azTjtQ W7jqb+v2z72Lxh/BgtDiFld8cXMmbHYdjZ9cPpW0JsKZ+tBwl2SsJXtopst4PYmw 2hoLYA0DS+Q0X8OIxROLxQXqinEaKhjP+s6XU+q9x85McR9mT8HaCdliE1W0yToL 2dLHnwEKBBDN5vLi8+SnHjTRNU/b7IkATAQYEQIADAUCO2wr9QUbDAAAAAAKCRDZ CAKtQeO7luHBAJ45z2IW9D0g/2pZVSHFwzTsDOob3QCg+6rozdE+M57CTDNQE5Ay uoxxTWE= =DeGR -----END PGP PUBLIC KEY BLOCK-----