alice & bob public key cryptography 101 - uncon dpc

Alice & Bob

DPC Uncon - May 2011Amsterdam - Netherlands

Public key cryptography 101

‣ http://joind.in/3466

Friday, May 20, 2011

Who am I?

Joshua Thijssen (32)Senior Software Engineer @ Enrise

Development in PHP, Python, Perl, C, Java....

Blogs: http://www.adayinthelifeof.nlhttp://www.enrise.com/blog

Email: joshua@enrise.com

Twitter: @jaytaph

What are we discussing?

‣ An introduction into public key encryption

‣ But first of all...

‣ Who are Alice and Bob???

Terminology (1)

Meet Alice,

and Bob.

Terminology (2)

Fictional characters who are representing either side of the (communication) line.

Person A(lice) is sending a message to person B(ob).

Terminology (3)

http://labs.google.com/sets?hl=en&q1=plaintext&q2=ciphertext&q3=cipher&q4=deterministic&q5=rsa&btn=Large+Set

http://www.wordle.net/create

Encryption history

Before we look at good encryptions,let’s take a look at some bad ones...

http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/

Encryption history (1)

“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26

‣ SUBSTITUTION SCHEME

Encrypted message: 12,1,13,5

“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26

Encrypted message: 12,1,13,5

“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26

=L,A,M,E

“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26

.... Z = (Z + key) mod 26

or:m = m + k mod 26

‣ CAESAREAN CIPHER

.... Z = (Z + key) mod 26

or:m = m + k mod 26

Message: L A M E

.... Z = (Z + key) mod 26

or:m = m + k mod 26

Message: L A M ECiphertext (key=1): M B N F

.... Z = (Z + key) mod 26

or:m = m + k mod 26

Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L D

.... Z = (Z + key) mod 26

or:m = m + k mod 26

Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L DCiphertext (key=26): L A M E

.... Z = (Z + key) mod 26

or:m = m + k mod 26

Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L DCiphertext (key=26): L A M ECiphertext (key=0): L A M E

.... Z = (Z + key) mod 26

or:m = m + k mod 26

Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L DCiphertext (key=26): L A M ECiphertext (key=0): L A M ECiphertext (key=13): Y N Z R (ROT13)

‣ FLAWS IN THESE CIPHERS

‣ Key is too easy to guess.

‣ Key has to be send to Bob.

‣ Deterministic.

‣ Prone to frequency analysis.

Frequency Analysis (1)

‣ The usage of every letter in the English (or any other language) can be represented by a percentage.

‣ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%.

http://www.gutenberg.org/cache/epub/14082/pg14082.txt

Once upon a midnight dreary, while I pondered, weak and weary,Over many a quaint and curious volume of forgotten lore—While I nodded, nearly napping, suddenly there came a tapping,As of some one gently rapping—rapping at my chamber door."'Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more."

Ah, distinctly I remember, it was in the bleak December,And each separate dying ember wrought its ghost upon the floor.Eagerly I wished the morrow;—vainly I had sought to borrowFrom my books surcease of sorrow—sorrow for the lost Lenore—For the rare and radiant maiden whom the angels name Lenore— Nameless here for evermore.

And the silken sad uncertain rustling of each purple curtainThrilled me—filled me with fantastic terrors never felt before;So that now, to still the beating of my heart, I stood repeating"'Tis some visitor entreating entrance at my chamber door—Some late visitor entreating entrance at my chamber door;— This it is and nothing more."

‣ EDGAR ALLAN POE: THE RAVEN

A small bit of text can result in differences, but still there are some letters we can deduce..

‣ “THE RAVEN”, FIRST PARAGRAPH

A small bit of text can result in differences, but still there are some letters we can deduce..

‣ “THE RAVEN”, FIRST PARAGRAPH

We can deduce almost all letters just without even CARING about the crypto algorithm used.

‣ “THE RAVEN”, ALL PARAGRAPHS

Encryption algorithms (1)

‣ SYMMETRICAL ALGORITHMS

‣ Previous examples were symmetrical encryptions.

‣ Same key is used for both encryption and decryption.

‣ Good symmetrical encryptions: AES, Blowfish, (3)DES

‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS

‣ How do we send over the key securely?

‣ O hai egg, meet chicken.

Public key encryption

Another encryption method:

asymmetrical encryption or public key encryption.

‣ FINALLY, WE HAVE ARRIVED...

Public key encryption (1)

Two keys instead of one:

public key - available for everybody. Can be published on your blog.

private key - For your eyes only!

http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg

‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR

It is NOT possible to decrypt the message with same key that is used to encrypt.

We can encrypt with either key.

‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION

‣ Can be used for encrypting data.

‣ Can be used for data validation and authentication (signing).

Symmetrical vs Asymmetrical (1)

Symmetrical

✓ quick.

✓ not resource intensive.

✓ useful for small and large messages.

✗ need to send over the key to the other side.

Asymmetrical

✓ no need to send over the (whole) key.

✓ can be used for encryption and validation (signing).

✗ very resource intensive.

✗ only useful for small messages.

Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical

encryption method.

Hybrid

✓ quick

✓ not resource intensive

✓ useful for small and large messages

✓ safely exchange key data

Hybrid

✓ quick

http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg

Hybrid

✓ quick

How does it work?

We will focus on the popular RSA, but there are other algorithms as well:

DH, DSS(DSA) etc...

How does it work? (1)

Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2

separate prime numbers.

Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2

separate prime numbers.

Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...

‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)

‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms).

‣ Good enough today != good enough tomorrow.

(it’s 13 and 17 btw)

“large” number: 221

but we cannot calculate its prime factors without brute force.There is no “formula” (like e=mc2)

Math example

‣ LET’S DO SOME MATH

Math example

This is mathness!

Math example

No, this is RSAAAAAAAA

Math example

‣ p = (large) prime number‣ q = (large) prime number (but not too close to p)

‣ n = p . q (= bit length of the rsa-key)

‣ φ = (p-1) . (q-1) (the φ thingie is called phi)

‣ e = gcd(e, φ) = 1‣ d = e^-1 mod φ‣ public key = tuple (n, e) ‣ private key = tuple (n, d)

Math example

Step 1: select primes P and Q

‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?

Math example

‣ P = 11

‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?

Math example

‣ P = 11

‣ Q = 3

‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?

Math example

Step 2: calculate N and Phi

‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?

Math example

‣ N = P . Q = 11 . 3 = 33

‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?

Math example

‣ N = P . Q = 11 . 3 = 33

‣ Phi = (11-1) . (3-1) = 10 . 2 = 20

‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?

Math example

Step 3: find e

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?

Math example

Step 3: find e

‣ e = 3 (Fermat prime: 3, 17, 65537)

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?

Math example

Step 3: find e

‣ e = 3 (Fermat prime: 3, 17, 65537)

‣ gcd(e, phi) = 1 ==> gcd(3, 20) = 1

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?

Math example

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?

Step 4: find d

Math example

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?

Step 4: find d

‣ Extended Euclidean Algorithm gives 7

Math example

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?

Step 4: find d

‣ brute force: (e.d mod n = 1)

Math example

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?

Step 4: find d

‣ brute force: (e.d mod n = 1)

3 . 1 = 3 mod 20 = 33 . 2 = 6 mod 20 = 63 . 3 = 9 mod 20 = 93 . 4 = 12 mod 20 = 123 . 5 = 15 mod 20 = 15

3 . 6 = 18 mod 20 = 183 . 7 = 21 mod 20 = 1 3 . 8 = 24 mod 20 = 43 . 9 = 27 mod 20 = 7

Math example

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7

Math example

That’s it:

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7

Math example

That’s it:

‣ public key = (n, e) = (33, 3)

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7

Math example

That’s it:

‣ public key = (n, e) = (33, 3)

‣ private key = (n, d) = (33, 7)

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7

Math example

The actual math is much more complex since we use very large numbers, but it all comes

down to these (relatively simple) calculations..

Encrypting & decrypting

Encrypting a message:c = me mod n

Decrypting a message:m = cd mod n

Encrypting & decrypting (1)

Encrypting a message: private key = (n,d) = (33, 7):

m = 13, 20, 15, 5

13^7 mod 33 = 720^7 mod 33 = 2615^7 mod 33 = 275^7 mod 33 = 14

c = 7, 26, 27,14

Decrypting a message: public key = (n,e) = (33, 3):

c = 7, 26, 27, 14

7^3 mod 33 = 1326^3 mod 33 = 2027^3 mod 33 = 1514^3 mod 33 =5

m = 13, 20, 15, 5

‣ A message is an “integer”, not a block of data.

‣ A message must be between 2 and n-1.

‣ Deterministic, so we must use a padding scheme to make it non-deterministic.

‣ Public Key Cryptography Standard #1

‣ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x).

‣ Got it flaws and weaknesses too. Always use the latest available version (v2.1)

‣ http://www.rsa.com/rsalabs/node.asp?id=2125

‣ PKCS#1 (v1.5) IN ACTION

Data = 4E636AF98E40F3ADCFCCB698F4E80B9F

The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green:0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F

After RSA encryption, the output is:3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE58B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B

http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes

Implementations of public keys in real life

http://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpgFriday, May 20, 2011

Web communication

public key encryption in

Web communications(aka: I never use my credit card for internet purchases. It’s not safe.

Instead, I gave it to the waiter who walked away with it into the kitchen for 5 minutes..)

Web communication (1)

‣ BACK IN TIME

Welcome to 1991: HTTP is plaintext. Everybody can be trusted. This page is under construction, here’s a photo of my cat and a link to geocities.

‣ BUT NOW...

‣ Free WiFi everywhere

‣ BUT NOW...

‣ Traffic snooping

‣ BUT NOW...

‣ Traffic snooping

‣ Authorization: Basic? (yes, VERY basic)

‣ USING HTTPS

‣ HTTP encapsulated by TLS (previously SSL).

‣ USING HTTPS

‣ More or less: an encryption layer on top of http.

‣ USING HTTPS

‣ More or less: an encryption layer on top of http.

‣ Hybrid encryption.

‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used).

‣ Symmetric encryption (AES-256, others)

‣ But both sides needs the same key, so we have the same problem as before: how do we send over the key?

‣ Key is exchanged in a public/private encrypted communication.

‣ Which public key?

‣ It is stored inside the server’s SSL certificate

‣ “GLOBAL” HTTPS HANDSHAKE

‣ Browser sends over its encryption methods.

‣ Browser sends over its encryption methods.‣ Server decides which one to use.

‣ Browser sends over its encryption methods.‣ Server decides which one to use.‣ Server send certificate(s).

‣ Browser sends over its encryption methods.‣ Server decides which one to use.‣ Server send certificate(s).‣ Client sends “session key” encrypted by the

public key found in the server certificate.

‣ Browser sends over its encryption methods.‣ Server decides which one to use.‣ Server send certificate(s).‣ Client sends “session key” encrypted by the

public key found in the server certificate.‣ Server and client uses the “session key” for

symmetrical encryption.

‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.

‣ SSL/TLS is a separate talk (it’s way more complex as this)

‣ http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Email communication

public key encryption in

Email communication

(aka: the worst communication method invented when it comes to privacy or secrecy, except for yelling)

Email communication (2)

http://torontoemerg.files.wordpress.com/2010/09/spam.gif

http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpg

‣ DID YOU EVER SEND/RECEIVE EMAILS LIKE THIS?

‣ Did Bill really send this email?

‣ Do we know for sure that nobody has read this email (before it came to us?)

‣ Do we know for sure that the contents of the message isn’t tampered with?

‣ We use signing!

Signing (1)

‣ Signing a message means adding a signature that authenticates the validity of a message.

Signing (1)

‣ Like md5 or sha1, so when the message changes, so will the signature.

Signing (1)

‣ Like md5 or sha1, so when the message changes, so will the signature.

‣ This works on the premise that Alice and only Alice has the private key that can create the signature.

Signing (2)

http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg

Signing (3)

‣ GPG / PGP: Application for signing and/or encrypting data (or emails).

Signing (3)

‣ Try it yourself with Thunderbird’s Enigmail extension.

Signing (3)

‣ Try it yourself with Thunderbird’s Enigmail extension.

‣ Public keys can be send / found on PGP-servers so you don’t need to send your keys to everybody all the time.

Signing (4)

Signing (5)

‣ ADVANTAGES OF SIGNING YOUR MAIL

‣ Everybody can send emails that ONLY YOU can read.

‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email

and that it is authentic.

and that it is authentic.‣ Why is this not the standard?

and that it is authentic.‣ Why is this not the standard?‣ No really, why isn’t it the standard?

Stupidity trumps everything:

Don’t loose your private key(s)

(as I did on multiple occasions)

http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpg

Other applications

‣ PUBLIC KEY ENCRYPTION IN OTHER FIELDS

PGP / GPG(encrypt / decrypt sensitive data)

OpenSSH(Secure connection to other systems)

IPSEC(VPN tunnels)

Software signing

‣ FOOTER TEXT

Any questions?

http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg

‣ THANK YOU FOR YOUR ATTENTION

Please rate my talk on joind.in: http://joind.in/3466

alice & bob public key cryptography 101 - uncon dpc

key mod

dciphertext key

eciphertext key

public key encryption

b n fciphertext key

encryption historybefore

b n f caesarean cipherfriday

e caesarean cipherfriday

Technology

tablas dpc

iamg2013 dpc

dpc project

introduction and progress of uncon...

dpc octubre

dpc15 uncon talk: how cyborg puppies can sniff out code...

dpc letter

what rabbitmq can do for you (phpnw14 uncon)

dpc procedure

lightspace dpc series optical distribution & splice...

dpc diciembre

dpc septiembre

presentación dpc

dpc agosto

delphi dpc

presentacion dpc

diplomna dpc

cryptography cryptography 1. activity what is cryptography ?...

trabalho dpc

acta de visita fiscal...dpc-413 – estrategia de...