teŽavnost: 200 new cryptography rafal lukawiecki strategic consultant rafal@projectbotticelli.co.uk...

Download TEŽAVNOST: 200 New Cryptography Rafal Lukawiecki Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on

Post on 21-Dec-2015

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • TEAVNOST: 200 New Cryptography Rafal Lukawiecki Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work from MSDN.
  • Slide 2
  • TEAVNOST: 2002 Objectives Explain the status and some of the problems of todays cryptography Discuss solutions for the problems Introduce the new APIs for using newer forms of cryptography
  • Slide 3
  • TEAVNOST: 2003 Agenda Cryptography of Present Cryptography of Tomorrow Cryptography in Windows Vista and Longhorn
  • Slide 4
  • TEAVNOST: 2004 Cryptography Primer
  • Slide 5
  • TEAVNOST: 2005 Symmetric Key Cryptography Encryption The quick brown fox jumps over the lazy dog AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8R\s@!q3 % The quick brown fox jumps over the lazy dog Decryption Plain-text input Plain-text output Cipher-text Same key (shared secret)
  • Slide 6
  • TEAVNOST: 2006 Symmetric Pros and Cons Strength: Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms) Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) Weakness: Must agree the key beforehand Securely pass the key to the other party
  • Slide 7
  • TEAVNOST: 2007 Public Key Cryptography Knowledge of the encryption key doesnt give you knowledge of the decryption key Receiver of information generates a pair of keys Publish the public key in a directory Then anyone can send him messages that only she can read
  • Slide 8
  • TEAVNOST: 2008 Public Key Encryption Encryption The quick brown fox jumps over the lazy dog Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMdrkveg Ms The quick brown fox jumps over the lazy dog Decryption Clear-text Input Clear-text Output Cipher-text Different keys Recipients public key Recipients private key private public
  • Slide 9
  • TEAVNOST: 2009 Public Key Pros and Cons Strength Solves problem of passing the key Allows establishment of trust context between parties Weakness: Extremely slow Susceptible to known ciphertext attack Problem of trusting public key (see later on PKI)
  • Slide 10
  • TEAVNOST: 20010 Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipients or agents public key (in certificate) in recovery policy 25m hidden at 221b Baker St. Access code is Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope Users public key (in certificate) RNG Randomly- Generated symmetric session key Symmetric encryption (e.g. AES) *#$fjda^ju539!3t t389E *&\@ 5e%32\^kd
  • Slide 11
  • TEAVNOST: 20011*#$fjda^ju539!3t t389E *&\@ 5e%32\^kd 25m hidden at 221b Baker St. Access code is 25m hidden at 221b Baker St. Access code is Symmetric decryption (e.g. AES) Digital Envelope Asymmetric decryption of session key (e.g. RSA) Symmetric session key Session key must be decrypted using the recipients private key Digital envelope contains session key encrypted using recipients public key Recipients private key Hybrid Decryption
  • Slide 12
  • TEAVNOST: 20012 Cryptography of Present
  • Slide 13
  • TEAVNOST: 20013 Todays Recommendation At present (June 2006), consider using the following cryptographic mechanisms available in Windows in preference to others: AES-128 (or AES-192, or AES-256) RSA 2048 (or longer) SHA-2 (i.e. SHA-256, or SHA-512) DSA (or SHA-2/RSA signatures)
  • Slide 14
  • TEAVNOST: 20014 DES, IDEA, RC2, RC5, Twofish Not Recommended Symmetric DES (Data Encryption Standard) is popular DO NOT USE DES! Keys very short: 56 bits Brute-force attack took 3.5 hours on a machine costing US$1m in 1993. Today it is done real-time Triple DES (3DES) more secure, but better options exist IDEA (International Data Encryption Standard) Deceptively similar to DES, and not from NSA 128 bit keys, OK but we have better ones RC2 & RC5 (by R. Rivest) RC2 is older and RC5 newer (1994) - similar to DES and IDEA Blowfish, Twofish OK, but not a standard B. Schneiers replacement for DES, followed by Twofish, one of the NIST competition finalists
  • Slide 15
  • TEAVNOST: 20015 Rijndael (AES) Recommended Current US standard Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000 Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. X-files stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction, again, deceptively similar to DES (S-boxes, XORs etc.) but really different
  • Slide 16
  • TEAVNOST: 20016 CAST and GOST Not used widely anymore avoid CAST Canadians Carlisle Adams & Stafford Tavares 64 bit key and 64 bit of data Chose your S-boxes Seems resistant to differential & linear cryptanalysis and only way to break is brute force (but key is a bit short!) GOST Soviet Unions version of DES but with a clearer design and many more repetitions of the process 256 bit key but really 610 bits of secret, so pretty much tank quality Backdoor? Who knows
  • Slide 17
  • TEAVNOST: 20017 Rely on Cryptosystems Indeed: never use just an algorithm, but an entire cryptosystem For example: If you use DES etc. in a simple loop to encrypt a stream of data you literally lose all security Instead: use a technique designed for adapting an algorithm to a streams of data, such as CBC (Cipher Block Chaining) Microsoft never implement just an algorithm always a complete cryptosystem, e.g. RSA-OAEP etc. Do it just by using built-in cryptographic systems, such as various Microsoft CSPs etc.
  • Slide 18
  • TEAVNOST: 20018 Dangerous Implementations Cryptographic applications from not-well- known sources Just downloaded libraries used by your in-house developers Insist on using built-in systems where possible: Microsoft OS: CAPI, CAPICOM, MS CSP etc. Smartcards: certified CSPs Elsewhere: FIPS-140-2 compliant implementations See csrc.nist.gov/cryptval
  • Slide 19
  • TEAVNOST: 20019 RC4 Generally Not Recommended Symmetric Fast, streaming encryption R. Rivest in 1994 Originally secret, but published on sci.crypt Related to one-time pad, theoretically most secure But! It relies on a really good random number generator And that is the problem Nowadays, we tend to use block ciphers in modes of operation that work for streams
  • Slide 20
  • TEAVNOST: 20020 RSA, DSA, ElGamal Asymmetric Slow and computationally expensive need a computer Security increasingly being questioned Rivest, Shamir, Adleman 1978 Popular and well researched Strength in todays inefficiency to factorise into prime numbers Some worries about key generation process in some implementations DSA (Digital Signature Algorithm) Mainly for digital signing, not for encryption, used in US Variant of Schnorr and ElGamal signature algorithm ElGamal Relies on complexity of discrete logarithms
  • Slide 21
  • TEAVNOST: 20021 MD5, SHA Hash functions part of the digital signature Goals: Not reversible: cant obtain the message from its hash Hash much shorter than original message Two messages wont have the same hash MD5 (R. Rivest) 512 bits hashed into 128 Mathematical model still unknown Recently (July 2004) broken, do not use on its own SHA (Secure Hash Algorithm) US standard based on MD5 SHA-0 broken (July 2004), SHA-1 probably too weak (partly broken, full break alleged by Chinese recently), use SHA-256 at least
  • Slide 22
  • TEAVNOST: 20022 Diffie-Hellman, SSL, Certs Methods for key exchange and transport DH (1976) always generates a new key- pair for each asymmetric session Certificates are the most common way to exchange public keys Foundation of Public Key Infrastructure (PKI) SSL uses a protocol to exchange keys safely, but also requires PKI
  • Slide 23
  • TEAVNOST: 20023 APIs of Today Microsoft CryptoAPI (CAPI) 2.0 is the interface to all CSPs Cryptographic Service Providers Built-in or smartcard-based.NET Framework 1.1 and 2.0 wraps most of the functionality of CAPI in classes: System.Security.Cryptography and its subclasses:.Pkcs.X509Certificates.XML Or you can use the CAPICOM library
  • Slide 24
  • TEAVNOST: 20024 Cryptography of Tomorrow
  • Slide 25
  • TEAVNOST: 20025 Quantum Cryptography? Method for generating and passing a secret key or a random stream Not for passing the actual data, but thats irrelevant Polarisation of light (photons) can be detected only in a way that destroys the direction (basis) So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable over up-to-120km dedicated fibre-optic link Seems pretty perfect, if a bit tedious and slow Practical implementations still use AES/DES etc. for actual encryption Magiq QPN: http://www.magiqtech.com/press/qpn.pdfhttp://www.magiqtech.com/press/qpn.pdf Dont confuse it with quantum computing, which wont be with us for at least another 50 years or so, or maybe longer
  • Slide 26
  • TEAVNOST: 20026 More Practical Solution US NSA and NIST recommendation as of Feb 2005 is to implement Suite-B protocols This is very rarely done in todays software Good news: Microsoft supports Suite-B in Windows Vista (and Longhorn Server) For all internal implementations Microsoft w

Recommended

View more >