1 / 17

Cryptography

Cryptography. How does it impact cyber security and why you need to know more?. Fermat. Alice computes g ab = ( g b ) a mod p , and Bob computes g ba = ( g a ) b mod p. y 2 = x 3 + Ax + B. C= M e % n. Euler. And why it can hurt you. What You Don't Know about Cryptography.

martinralexander
Télécharger la présentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography How does it impact cyber security and why you need to know more?

  2. Fermat Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p y2 = x3 + Ax + B C= Me % n Euler And why it can hurt you What You Don't Know about Cryptography Kerhoff

  3. 19 Books • 29 industry certifications • 2 Masters degrees • 6 Computer science related patents • Over 20 years experience, over 15 years teaching/training • Helped create CompTIA Security+, Linux+, Server+. Helped revise CEH v8 • Frequent consultant/expert witness • Teaches crypto around the world www.chuckeasttom.com chuck@chuckeasttom.com Who is the speaker?

  4. Provide data Confidentiality • Data integrity • Identification and Authentication • Non- repudiation What does crypto do for you?

  5. General description of symmetric crypto (AES, DES, Blowfish) • General description of assymetric (Diffie Hellman, RSA, DSA, and maybe ECC) • General description of digital signatures • General description of digital certificates • General description of protocols such as TLS What are the limits of most security professionals crypto knowledge

  6. Why learn crypto? • Kerkhoff’s principle • Bad crypto solutions • Dual_EC_DRBG backdoor • Is RSA Secure enough? Why?

  7. “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge” • -August Kerkhoff • The EnigmaDS story http://money.cnn.com/2011/09/02/technology/unhackable_code/ Kerkhoff’s Principle

  8. Windows SALT • What is SALT And why hashing needs it? • How does it go wrong? • Keep it secret • Has to be simple enough to be fast • Has to be complex enough to not be ‘guessable’ • Poor random number generators • How to select hard drive/file encryption Bad Crypto Solutions

  9. In 2013 Edward Snowden revealed that it had a backdoor however: • In 2004 suspicions of this where around the crypto community • In 2006 multiple papers are published suggesting this. • In 2006 Bruce Schneier blogged about it. • The Cyber Security community may have been in the dark on this issue, but the crypto community was not. Dual_EC_DRBG backdoor

  10. What can you do? • Can you prevent them even if you don’t know they are there? What about cryptographic backdoors?

  11. The most widely used asymmetric cryptographic algorithm, may not be secure enough. Problems with RSA

  12. Heninger and Shacham • Zhao and Qi • Yeh, Huang, Lin, and Chang • Hinek Is RSA Still Secure?

  13. Heninger and Shacham (2009) found that RSA implementations that utilized a smaller modulus were susceptible to cryptanalysis attacks. A smaller modulus can increase the efficiency of an RSA implementation, but as Heninger and Shacham (2009) showed, it may also decrease the efficacy. Heninger and Shacham

  14. Heninger and Shacham (2009) utilized the fact of the smaller modulus to reduce the set of possible factors, thus decreasing the time needed to factor the public key of an RSA implementation. It is in fact a common practice to use a specific modulus e = 216 + 1= 65537 (Heninger & Shacham, 2009). If an RSA Implementation is using this common value for e, then factoring the public key is a much simpler process Heninger and Shacham

  15. Zhao and Qi (2007) also utilized implementations that have a smaller modulus operator. The authors of this study also applied modular arithmetic, a subset of number theory, to analyzing weaknesses in RSA. Many implementations of RSA use a shorter modulus operator in order to make the algorithm execute more quickly. Zhao and Qi

  16. Hinek, M. (2009). Cryptanalysis of RSA and its variants. England: Chapman and Hall. • Heninger, N., Shacham, H. (2009). Reconstructing RSA private keys from random key bit. Advances in Cryptology Lecture Notes in Computer Science, 1 (1). doi:10.1007/978-3-642-03356-8_1. • Yeh, Y., Huang, T., Lin, H., Chang, Y. (2009). A study on parallel RSA factorization. Journal of Computers, 4 (2), 112-118. doi:10.4304/jcp.4.2.112-118 • Zhao, Y., Qi, W. (2007). Small private-exponent attack on RSA with primes sharing bits. Lecture Notes in Computer Science, 2007, 4779 (2007) 221-229. doi: 10.1007/978-3-540-75496-1_15 RSA Resources

  17. http://www.cryptocorner.com/ • Professor Dan Boneh’s course online https://class.coursera.org/crypto-preview/lecture • Modern Cryptography: Applied Mathematics for Encryption and Information Security by Chuck Easttom from McGraw Hill (out by August 2015) • Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier • Secret History: The Story of Cryptography by Bauer • Modern Cryptanalysis: Techniques for Advanced Code Breaking by Swenson How to learn more?

More Related