Encryption is key to safety online, but also important offline. But how does it work? This presentation will cover the basics and help you to be safer.
2. Ancient History
● Wax tablets – Herodotus
● Shaved head – Herodotus
● Both examples of Steganography (hidden writing)
– Steganos (Greek) = hidden
– Graphei (Greek) = writing
● Essentially security by obscurity
● More modern version = microdots
3. Encryption
● Kryptos (Greek) = hidden
● A message should be unreadable to someone
who finds it
● Employs a cipher
● Substitutes one symbol for another
● Not the same as a code!
4. Codes
● Codes do not try to obscure the message
● Examples:
– Morse code
– ASCII
● Codes transform one set of symbols into
another without trying to hide the meaning
5. Caesar Cipher
● Moved each letter a fixed number of spaces
● Same as ROT13
● HAL = IBM
● Not very secure, but then Caesar was dealing
with barbarians :)
● Trivial to break since there are only 25 schemes
to try.
6. Substitution Cipher
● Better than Caesar Cipher
● No fixed pattern to how symbols are substituted
● Think of the “brain teaser” puzzles in the
newspaper
● Obviously, these can be broken by ordinary
people with small effort
7. Statistical analysis
● The weakness of Substitution Ciphers is that
they are susceptible to statistical analysis
●
First shown by Al-Kindi in the 9th
century
● In English, letters have a certain frequency
– e,t,a,o,i,n,s,h,r,d,l,u....
● Letter q almost always followed by u, “the” is
most common three-letter word, and so on
8. Vigenere Square
● Uses a key word or phrase to create a different
substitution for each letter of the message
● But if reused could also be analyzed
● Charles Babbage showed that it could be
attacked statistically
9. One-Time Pads
● A series of unique Vigenere Squares
● Each one is used only once
● Absolutely secure
● But pain the butt to create
● And distribution is an issue
● If enemy gets it, no security
10. Mechanical solutions
● Captain Midnight Decoder Ring
● Rotate one disk against another
● Essentially just another Caesar Cipher
11. Enigma
● Decoder ring on steroids
● Multiple disks
● Settings change after each letter
● Poles figured out how to analyze
● Passed to Brits
● Bletchley Park & Turing
12. Enigma flawed
● First, essentially mechanical means there is a
way to attack
● Mechanical cannot be truly random
● No letter could be encrypted as itself
● Key turned out to be mathematics
13. Computers
● Originally created to break ciphers
● Collosus used against German Lorenz Cipher
● But computers could be used to create ciphers
as well
● By the 1960s it was clear that computers could
create unbreakable encryption schemes as
long users did not make a mistake
14. Key distribution
● But how to distribute keys securely?
● Same issue as with one-time pads
● Whitfield Diffie, Martin Hellman, and Ralph
Merkle solved that and created Diffie-Hellman-
Merkle Key Exchange
● Diffie later realized that publicly distributed keys
could be asymmetric
15. RSA
● Ron Rivest, Adi Shamior, and Leonard Adelman first
figured out how to do it practically
● Based on one-way function
● Easy to compute, impractical to reverse
● They used large prime numbers which they multiplied
together to get an even larger number
● Extremely large numbers are hard to factor, hence
the one-way
16. Key Pair
● RSA procedure creates two keys
● Each key can decrypt what the other key has
encrypted
● But no key can decrypt what it itself has
encrypted
17. Other Algorithms
● In addition to the RSA prime number algorithm
there are two well-known alternatives
● Discrete Logarithm
● Elliptical Curve
● Both are also “one-way” functions that are easy
to compute but impractical to reverse
18. Symmetric vs. Asymmetric Encryption
● Symmetric means the same key that encrypted
the message will also decrypt it
● Very efficient = can easily and quickly encrypt
and decrypt
● Key distribution is a problem
● Alice has to send Bob the key before sending
the encrypted message
● Eve can listen in and get the key
19. Public Key
● This is Asymmetric
● A key pair is generated
● One of the keys is designated as private, the
other public
● Arbitrary which is which
20. Key Distribution
● Public key gets around the key distribution
problem
● The Public key can be freely distributed
● But only the Private key can decrypt what the
Public key has encrypted
● But also requires a lot more resources
21. Symmetric Standard DES
● Data Encryption Standard (DES) developed by
IBM for the U.S. Government
● Employed several techniques still in use today
– Block Cipher
– XOR
● http://en.wikipedia.org/wiki/Data_Encryption_St
andard
22. Block Cipher
● A Block Cipher operates on a fixed-length block
of bits to transform them
● Plain text is turned into ciphertext block by
block
● Generally the transformation is repeated a
number times called rounds
● https://en.wikipedia.org/wiki/Block_cipher
23. XOR
● Most common transformation
● Stands for “Exclusive Or”
● In logic, means that either A is true or B is true,
but not both
● In circuit design, if either A or B is sending a
signal it is output, but if both are, nothing is
output
24. XOR in Cryptography
● The message and the key are expressed in
binary
● They are XORed together
● This essentially means adding without carrying
the 1
● If both A and B are 0, or both are 1, the result is
0. If one is zero and the other is 1, the result is
1
25. Coding
● Remember that a code is just a transparent
transform of information from one scheme to
another
● ASCII is such a code
● It takes letters and symbols and turns them into
binary numbers
● http://en.wikipedia.org/wiki/ASCII
26. Coding Example 1
● I want to send a message “cat”
● C=1100011
● A=1100001
● T=1110100
● CAT=110001111000011110100
● This is still transparent
27. Key
● Now I will choose a key to use, and I choose
“dog”
● D=1100100
● 0=1101111
● G=1100111
● DOG=110010011011111100111
29. XOR is reversible
● If you take the result text from the example, and
XOR it with the key, you get back the original
message
30. Encryption Algorithm
● Combines a number of transformations and
combines them in rounds
● For symmetric encryption needs to be
reversible
● XOR is always part of the process
31. DES
● Block size was initially 64-bits
● But one bit from each byte was devoted to
parity checking
● Effective length 56-bits, therefore
32. DES role
● Bruce Schneier said about it “”DES did more to
galvanize the field of cryptanalysis than
anything else. Now there was an algorithm to
study.”
● Standard against which all others were
compared
● Key length just too small
● Cracked in 22 hours in 1999
33. Triple DES
● Uses 3 independent 56-bit keys in a repeated
process
● Each block encrypted three times, once with
each key
● Probably safe for now
34. AES
● Advanced Encryption Standard
● Adopted in 2001 by NIST
● Considered best symmetric algorithm available
now
35. Rijndael Cipher
● Named for developers, Vincent Rijman and Joan
Daeman
● Basis of AES
● Block size of 128-bits
● Key sizes of 128, 192, or 256 bits are allowed
● Called AES-128, AES192, or AES-256
● As with all other algorithms, repeated rounds of
transformations
36. Symmetric Summed Up
● Fast and efficient
● Relies on a single shared key
● Does not require entropy because the key
needs only to be agreed, not random
37. Asymmetric Standards
● Solve the key distribution problem
● Requires entropy (randomness) along with one-
way functions
● Three kinds
– Multiplying large prime numbers
– Discrete logarithm
– Elliptic Curve
38. Prime Number Approach
● This is what RSA uses
● Two large prime numbers are multiplied together
● This is easy to do
● But factoring the result to get back the original primes
is computationally infeasible with current technology
● But research into factorization is ongoing, it is an
arms race
39. What numbers?
● Generally in the neighborhood of 1024 digits
● Must be randomly selected
● Should not be “near” each other
● Product is used to generate other prime
numbers which help form the key pair
● One is arbitrarily made private, the other public
40. Discrete Logarithm
● Involves finding an integer that solves a
logarithmic equation
● Used in Elgamal encryption and Diffie-Hellman-
Merkle Key Exchange
● Choosing the particular numbers for the
logarithmic equation is where the entropy comes in
● Diffie-Hellman-Merkle Key Exchange is used for
Perfect Forward Secrecy
41. Elliptic Curve
● Builds on Discrete Logarithm approach
● A curve with the right properties is chosen,
then a point on that curve
● Then you need to find the discrete logarithm of
that point
● Entropy comes in when choosing the point on
the curve
42. Issues with Elliptic Curve
● NIST has recommended 15 curves as suitable
● It appears NSA pushed one with weaknesses
as the default
● But Elliptic Curve done right is faster and more
efficient than RSA or general Discrete
Logarithm approaches
● So it should be the future.
43. Symmetric vs. Asymmetric
● Symmetric is fast and efficient, but needs no
entropy
● Symmetric has key exchange problems
● Asymmetric is resource-intensive, requires
randomness
● Asymmetric solves key exchange
44. Hybrid Approach
● Most public key crypto uses Asymmetric
encryption to distribute a Symmetric key
● So the inefficient algorithm is only used at the
beginning
● Everything after that is done with the efficient
Symmetric algorithm
45. Example: E-mail
● When you encrypt a message to someone, you
use a Symmetric key to encrypt a message
● Then you use their Public key to encrypt the
Symmetric key
● They get the message and use their Private key
to decrypt the Symmetric key
● Then they use the Symmetric key to decrypt the
message
46. See also
● SSL certificates
● SSH tunnels
● Generally, the same techniques are used over
and over
● So learn it once and you can quickly learn other
uses