applied cryptography
play

APPLIED CRYPTOGRAPHY: FROM ALGORITHMS TO LIBRARIES @ABSTRACTJ - PowerPoint PPT Presentation

Feb 23, 2024 •280 likes •1.03k views

APPLIED CRYPTOGRAPHY: FROM ALGORITHMS TO LIBRARIES @ABSTRACTJ GOAL OF THIS PRESENTATION ALGORITHMS An algorithm must be seen to be believed. Donald E. Knuth THIS TALK IS NOT ABOUT ALGORITHMS, ONLY SECURITY the state of being

  1. APPLIED CRYPTOGRAPHY: FROM ALGORITHMS TO LIBRARIES

  2. @ABSTRACTJ

  7. GOAL OF THIS PRESENTATION

  8. ALGORITHMS

  11. “ An algorithm must be seen to be believed. ― Donald E. Knuth

  17. THIS TALK IS NOT ABOUT ALGORITHMS, ONLY

  19. SECURITY “ the state of being free from danger or threat

  20. FEELING VS REALITY

  21. “ Cryptography is the art and science of encryption ― Cryptography Engineering

  22. “ The study of codes, or the art of writing and solving them. ― Oxford dictionaries

  23. HISTORICALLY FOCUSED ON SECRET COMMUNICATIONS

  25. VIGENÈRE CIPHER ~ 1553, Rome

  26. ENIGMA (1920)

  27. DES (1974) Key size 2 ⁵⁶ , block size 64 bits Short key sizes can be subject of brute force Should be avoided Broken in 22 hours

  28. DES (1974)

  29. LIMITED PROCESSING POWER

  30. TODAY

  31. TODAY

  32. TODAY

  33. BROADER SCOPE File integrity Random IDs API authentication Password storage JWTs Software updates Bank transactions

  34. ALGORITHMS Hashes Block ciphers Stream ciphers Digital signatures Message authentication codes Private key encryption Public key encryption

  35. CRYPTO WON'T SOLVE ALL OF YOUR PROBLEMS

  36. IT'S COMPLETELY TRICKY

  37. MOST PART OF THE TIME IS LIKE

  38. Source: Veracode

  39. Source: Stackover fl ow

  40. DON'T ROLL YOUR OWN CRYPTO

  41. “ A cryptosystem should be secure even if everything about the system, except the key, is public knowledge ― Kerckhoffs's principle

  44. HOW CRYPTO IS DONE TODAY?

  45. LIBRARIES Java Node.js & Web Ruby javax.crypto OpenSSL WebCrypto BouncyCastle libsodium sjcl Keyczar crypto-js Jasypt

  46. LET'S GET OUR HANDS DIRTY

  47. THE BADLY DESIGNED APP

  48. Hmmm, I wish I had an app to share my notes ALICE

  49. Why not? Count me in BOB

  50. I like it! EVE

  51. #1 STORY AS A USER OF THIS APP, ALICE WANTS TO CREATE AND SHARE NEW NOTES

  52. Barbecue tomorrow? Yes, please!

  53. Barbecue tomorrow 12 pm? Yes! Barbecue on Monday 9 am?

  54. #2 STORY AS A USER OF THIS APP, BOB WANTS TO VERIFY THE INTEGRITY OF ALICE'S FILES

  55. CWE-327 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM

  56. MD5 white.jpg e06723d4961a0a3f950e7786f3 766338 brown.jpg e06723d4961a0a3f950e7786f3 766338

  58. SHA-224 SHA-256 SHA-384 SHA-512 ARE ALL GOOD CHOICES

  59. BUT WHAT ABOUT INCLUDING A SALT?

  60. CWE-916 PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT

  62. #3 STORY AS A PARANOID, I WOULD LIKE NOT ONLY INTEGRITY, BUT ALSO AUTHENTICITY

  63. #4 STORY AS A USER OF THIS APP, I WANT TO ADD INTEGRITY, AUTHENTICITY, SECRECY AND PROTECT MY DATA

  64. Alice Bob

  65. MODES OF OPERATION

  66. ECB IS NOT SECURE Text Text Text Text Source: Wikipedia

  68. CBC Source: Wikipedia

  69. CTR Source: Wikipedia

  70. #5 STORY AS A USER I WANT TO HAVE PASSWORD PROTECTED ENTRIES

  71. #6 STORY AS SOMEONE VERY SOCIAL, I WANT TO SHARE MY ENTRIES WITH A FRIEND WITHOUT EXPOSING MY KEYS

  72. sK pK sK pK Bob Alice

  73. “ Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. It is about choice, and having the power to control how you present yourself to the world. Bruce Schneier

  74. THANK YOU! http://abstractj.org https://keycloak.org https://github.com/abstractj/krypto-playground

Recommend

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55 Cryptography usage Did you use any cryptography today? 2 / 55 Cryptography usage Did you use any

851 views • 83 slides
Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and

Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and

Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and Source Code in C , 2nd. Edition, Bruce Schneier, John Wiley & Sons, Inc. Outline Cryptographic Protocols Introduction Introduction

759 views • 45 slides
Classical Cryptography CS461/ECE422 Fall 2009 1 Reading CS Chapter 9 section 1 through 2.2

Classical Cryptography CS461/ECE422 Fall 2009 1 Reading CS Chapter 9 section 1 through 2.2

Classical Cryptography CS461/ECE422 Fall 2009 1 Reading CS Chapter 9 section 1 through 2.2 Applied Cryptography , Bruce Schneier Handbook of Applied Cryptography, Menezes, van Oorschot, Vanstone Available online

739 views • 43 slides
Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs A New Kind of Network Telecommunication companies like France Tlcom / Orange are

601 views • 36 slides
Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall:

Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall:

Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall: defini.ons of encryp.on Perfect secrecy CPA security CCA security Today Prac.cal construc.ons 9/9/2009 598MAN Applied Cryptography

490 views • 28 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com>

Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com>

Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com> Cryptography adoption criteria Conservative security assumptions Or graceful security degradation Reasonably compact serialisation

1.18k views • 22 slides
T riple Handshake: can cryptography, formal methods, and applied security be friends?

T riple Handshake: can cryptography, formal methods, and applied security be friends?

T riple Handshake: can cryptography, formal methods, and applied security be friends? http://miTLS.org Karthik Bhargavan Markulf Kohlweiss with Antoine Delignat-Lavaud, Cdric Fournet, Alfredo Pironti, Pierre-Yves Strub, Santiago Zanella

639 views • 46 slides
Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending secret messages to Basic Tools and Protocols each other. Eve Frank Beatrous Eve is always listening in (Eavesdropping) on Alices and Bobs

245 views • 7 slides
Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics & Optimization

Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics & Optimization

Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics & Optimization Centre for Applied Cryptographic Research June 17, 2016 CENTRE FOR APPLIED CRYPTOGRAPHIC RESEARCH (CACR) Motivation: Post-Quantum Cryptography

355 views • 16 slides
Authentication CS461/ECE422 1 Reading Chapter 10 from Handbook of Applied Cryptography

Authentication CS461/ECE422 1 Reading Chapter 10 from Handbook of Applied Cryptography

Authentication CS461/ECE422 1 Reading Chapter 10 from Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ about/chap10.pdf 2 Overview Basics of an authentication system Passwords Storage Selection

410 views • 38 slides
Public Key Cryptography G. Eric Moorhouse, UW Math References A.J. Menezes, P.C. van Oorschot

Public Key Cryptography G. Eric Moorhouse, UW Math References A.J. Menezes, P.C. van Oorschot

Public Key Cryptography G. Eric Moorhouse, UW Math References A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, Applied Cryptography, CRC Press, 1997. D.R. Stinson, Cryptography: Theory and Prac- tice, CRC Press, 1995. R.L. Rivest, A. Shamir

443 views • 20 slides
CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public Key to the world

273 views • 26 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
Key Management CS461/ECE422 Fall 2009 1 Reading Handbook of Applied Cryptography

Key Management CS461/ECE422 Fall 2009 1 Reading Handbook of Applied Cryptography

Key Management CS461/ECE422 Fall 2009 1 Reading Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ Section 11.3.2 attack on RSA signature Section 13.8.3 Key Escrow Chapter 10 in Computer Security: Art

985 views • 83 slides
Key Management CS461/ECE422 Fall 2010 1 Reading Handbook of Applied Cryptography

Key Management CS461/ECE422 Fall 2010 1 Reading Handbook of Applied Cryptography

Key Management CS461/ECE422 Fall 2010 1 Reading Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ Section 11.3.2 attack on RSA signature Section 13.8.3 Key Escrow Chapter 10 in Computer Security: Art

1.18k views • 88 slides
cryptography for trust and data services Sbastien Canard Orange Labs Applied Crypto Group

cryptography for trust and data services Sbastien Canard Orange Labs Applied Crypto Group

cryptography for trust and data services Sbastien Canard Orange Labs Applied Crypto Group December, 4th SDTA 2014 let me introduce you Alice she has a smartphone she works for a small company she makes use of public

406 views • 40 slides
Fast Multi-Precision Multiplication for Public-Key Cryptography on Embedded Microprocessors

Fast Multi-Precision Multiplication for Public-Key Cryptography on Embedded Microprocessors

Institute for Applied Information Processing and Communications (IAIK) Fast Multi-Precision Multiplication for Public-Key Cryptography on Embedded Microprocessors Michael Hutter and Erich Wenger CHES 2011 Institute for Applied Information

471 views • 30 slides
An Introduc+on to Applied Cryptography Chester Rebeiro IIT Madras CR CR Connected and Stored

An Introduc+on to Applied Cryptography Chester Rebeiro IIT Madras CR CR Connected and Stored

An Introduc+on to Applied Cryptography Chester Rebeiro IIT Madras CR CR Connected and Stored Everything is connected! Everything is stored! CR CR 2 Increased Security Breaches 81% more in 2015 CR CR

806 views • 28 slides
Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key,

Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key,

Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security.There are many attacks that break

527 views • 18 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides

More recommend