cryptography and security
play

Cryptography and Security How to keep your data safe (a bit) Chris - PowerPoint PPT Presentation

Jan 02, 2023 •438 likes •1.17k views

Cryptography and Security How to keep your data safe (a bit) Chris Wilson, Aptivate, AfNOG 2014 1 / 73 Credits Based on presentations by: Marcus Adomey (AfChix, Malawi, 2011) NSRC (NSRC-TENET Workshop, South Africa, 2013) You can access this

  1. Cryptography and Security How to keep your data safe (a bit) Chris Wilson, Aptivate, AfNOG 2014 1 / 73

  2. Credits Based on presentations by: Marcus Adomey (AfChix, Malawi, 2011) NSRC (NSRC-TENET Workshop, South Africa, 2013) You can access this presentation at: http://afnog.github.io/sse/crypto/presentation Download or edit this presentation on GitHub. 2 / 73

  3. Conventions Commands to enter are shown like this: ▸ openssl smime -encrypt -binary -aes-256-cbc - in message3.txt -out message3.txt.enc yourpartner.crt.pem ▸ openssl smime -decrypt -binary -in encrypted.zip.enc -out decrypted.zip -inkey private.key -passin pass:your_password Please note: Long command lines are wrapped for readability. Each ▸ triangle marks the start of a single command. 3 / 73

  4. What we can talk about What is security? (theory) What is cryptography? (theory) Public and private key crypto Hash functions Generating SSL certificates Running a mini Certificate Authority Practical exercises 4 / 73

  5. What do you care about? What is security? 5 / 73

  6. What do you care about? What is security? Trying to prevent some particular event. What do you want to prevent? What is the ? 6 / 73

  7. What do you care about? What is security? Trying to prevent some particular event. What do you want to prevent? What is the ? Is your data valuable to someone else? Are your systems valuable to someone else? Can someone cause expensive damage (e.g. death)? What prevents them from doing that? 7 / 73

  8. Examples of security measures Make a list of measures that you actually use. 8 / 73

  9. Examples of security measures Make a list of measures that you actually use. For example: Locks on doors Security lights Video cameras Passwords Dual signatures Thumb prints Credit card PIN Credit limits 9 / 73

  10. How secure are you? How would you crack the defensive measures that we just listed? 10 / 73

  11. Absolute security The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford Security is if: some users have additional rights (privileges) AND you cannot distinguish users using only laws of physics OR you cannot make it physically impossible to violate policy 11 / 73

  12. Living with insecurity be completely secure make individual attacks: More expensive More risky Less rewarding Beware the side effects (systems harder to use) Increase transparency more eyes on attackers more understanding of what security means 12 / 73

  13. Reducing specific risks Use encrypted communications Use multi-factor authentication Verify authenticity of messages Reduce risks (don't keep sensitive data) Increase risks for attackers (monitoring and logging) 13 / 73

  14. Goals of system security Why do you lock your doors? Confidentiality Integrity Authentication Access Control Verification Non-repudiation Availability 14 / 73

  15. Confidentiality (secrecy) 15 / 73

  16. Confidentiality (secrecy) Ensuring that no one can read the message except the intended receiver. Data is kept secret from those without the proper credentials, even if that data travels through an insecure medium. How does this prevent 16 / 73

  17. Integrity (anti-tampering) 17 / 73

  18. Integrity (anti-tampering) Assuring the receiver that the received message has not been altered in any way from the original. Preventing unauthorised or undetected changes to the protected system. 18 / 73

  19. Authentication 19 / 73

  20. Authentication The process of proving one's identity. The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak. Cryptography can help establish identity for authentication purposes (how?) 20 / 73

  21. Authentication The process of proving one's identity. The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak. Cryptography can help establish identity for authentication purposes (how?) Can prove that you possess a secret Or that you spent a LOT of energy to brute-force it 21 / 73

  22. Non-repudiation 22 / 73

  23. Non-repudiation A mechanism to prove that the sender really sent this message 23 / 73

  24. How do we use cryptography? 24 / 73

  25. How do we use cryptography? ssh/scp/sftp SSL/TLS/https pops/imaps/smtps VPNs dnssec wep/wpa digital signatures (software) certificates and pki DRM disk encryption 25 / 73

  26. Applied Cryptography Written by Bruce Schneier. Perhaps the best book around if you want to understand how cryptography works. https://www.schneier.com/book-applied.html 26 / 73

  27. Cryptographic Tools hashes/message digests MD5, SHA1, SHA256, SHA512 collisions entropy (randomness) keys symmetric/asymmetric (public/private) length creation distribution ciphers block/stream AES, 3DES, Blowfish, IDEA plaintext/ciphertext password/passphrase 27 / 73

  28. Ciphers → Ciphertext The foundation of all of cryptography: We start with . Something you can read. We apply a mathematical algorithm ( ) to it. The plaintext is turned in to . Almost all ciphers were secret until recently. Creating a secure cipher is HARD. 28 / 73

  29. Symmetric Ciphers (Conventional) is used to encrypt the document before sending and to decrypt it once it is received. Lost key = compromised/lost data This type of cipher system is efficient for large amounts of data Most are relatively simple to understand and implement 29 / 73

  30. Common Symmetric Ciphers DES (56 bits, 1977) 3DES (112 bits, 1998) AES (128-256 bits, 2001) IDEA (128 bit, 1991, patented until 2012) 30 / 73

  31. Problems with Conventional Cryptography Key Management How to get the same key to all users without risk of compromise? This is why "Public Key Cryptography" became popular. 31 / 73

  32. Public Key Cryptography are used to encrypt the document before sending and to decrypt it once it is received. Usually one key is public and the other private Anyone → private key holder (confidentiality) Private key holder → anyone (integrity) Examples: RSA, DSA 32 / 73

  33. Problems with Public Key Crypto Inefficient for large amounts of data Possible to brute-force the private key for a public key Theoretically possible to convert a public key back to private Solutions? 33 / 73

  34. Problems with Public Key Crypto Inefficient for large amounts of data Possible to brute-force the private key for a public key Theoretically possible to convert a public key back to private Solutions? Use public key crypto to encrypt the secret used to encrypt document Longer keys are harder to brute-force (e.g. 2048 bits, 4096 bits) Notice how long these are compared to symmetric cipher keys! Use a well-designed (unbroken) algorithm 34 / 73

  35. Hash Functions Algorithms that take any amount of input and return a fixed- size output string, which is called the hash value or . hash keys function hashes 00 John Smith 01 02 Lisa Smith 03 04 Sam Doe 05 : Sandra Dee 15 35 / 73

  36. Ideal hash function Has these properties: easy to compute the hash value for any given message infeasible to find a message that has a given hash infeasible to modify a message without changing its hash infeasible to find two different messages with the same hash What does mean? 36 / 73

  37. Perfect hash function A hash function that maps each valid input to a different hash value is said to be . What does that mean? How realistic is that? 37 / 73

  38. Hash Practical 1 Exercise Using this hash function: Add up all the letters and digits in the message (A=1, B=2, etc) Perform the following exercise: Write a short message to a partner Compute the hash Avoid giving away your working to make it harder Give the message and hash to your partner to verify Verify the message from your partner 38 / 73

  39. Hash Practical 1 Analysis Does this hash function meet our ideal properties? 1. easy to compute the hash value for any given message 2. infeasible to find a message that has a given hash 3. infeasible to modify a message without changing its hash 4. infeasible to find two different messages with the same hash 39 / 73

  40. Hash Practical 1 Analysis Not really! 1. Easy to compute. 2. Easy to find another message with the same hash (string of 1s) 3. Easy to modify a message without changing its hash (rearrange the letters) 40 / 73

  41. Hashes in real life ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/ISO- IMAGES/10.0/ Look at the CHECKSUM.MD5 and CHECKSUM.SHA256 files. What do they tell you? 41 / 73

  42. Hashes in real life ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/ISO- IMAGES/10.0/ Look at the CHECKSUM.MD5 and CHECKSUM.SHA256 files. What do they tell you? The checksums of the large binary files in that directory. Do you actually need to download this file from ftp.freebsd.org ? How would you check that your download is complete and not corrupt? How long are the hashes? How secure are they? 42 / 73

  43. Practicals 43 / 73

Recommend

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac https://speakerdeck.com/jmortega Security Conferences INDEX 1 Introduction to cryptography 2 PyCrypto and other libraries 3 Django Security 4 OWASP & Best Practices 5

882 views • 61 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven Center of Competence System Security and DRM 29.05.2008 Outline Products Domains, Telematics, Product Security Cryptography

432 views • 29 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 15ws 1 / 72 Outline Cryptography

903 views • 88 slides
Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this

Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this

Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Network Devices People Cryptography & Security In this course: Cryptography

634 views • 22 slides
Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography

Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography

CSE 127: Computer Security Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography Is: A tremendous tool The basis for many security mechanisms Is not: The solution to all security problems

702 views • 53 slides
Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Related textbooks Main reference: Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC, 2nd ed., 2014 Further reading: Markus Kuhn Christof Paar, Jan Pelzl: Understanding

794 views • 27 slides
Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

CSS441 Public Key Crypto Principles RSA Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

461 views • 29 slides
Security CSC 249 April 10, 2018 Network Security Symmetric Key Cryptography Caesar cipher DES

Security CSC 249 April 10, 2018 Network Security Symmetric Key Cryptography Caesar cipher DES

Security CSC 249 April 10, 2018 Network Security Symmetric Key Cryptography Caesar cipher DES and AES Public Key Cryptography 2 1 Cryptographic Keys Alices Bobs K A encryption decryption K B key key ciphertext encryption

381 views • 12 slides
Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to Modern Cryptography Chapman & Hall/CRC, 2008 Christof Paar, Jan Pelzl: Markus Kuhn Understanding Cryptography Springer, 2010

470 views • 20 slides
Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography

Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography

ISC conference, September 2009, Pisa, Italy Outline Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography The Theory of Obfuscation Brecht Wyseur (im)possibility results ISC 2009, September 2009

280 views • 3 slides
CSE 484 / CSE M 584 Computer Security: Cryptography TA:

CSE 484 / CSE M 584 Computer Security: Cryptography TA:

CSE 484 / CSE M 584 Computer Security: Cryptography TA: Adrian Sham adrsham@cs Original slides by Franzi [Examples/Images thanks to Wikipedia.] Lab 1

374 views • 22 slides
Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

CSS441 Internet Security Web Security TLS/SSL Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

832 views • 32 slides
Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Cryptography: Theory and Practice, Douglas Stinson, Chapman & Hall/CRC Network Security: Private

711 views • 56 slides
1 Cryptography basics Secret-key encryption Algorithms (E, D) are widely known Also

1 Cryptography basics Secret-key encryption Algorithms (E, D) are widely known Also

Security The security environment Basics of cryptography User authentication Chapter 9: Security Attacks from inside the system Attacks from outside the system Protection mechanisms Trusted systems CS 1550, cs.pitt.edu

538 views • 11 slides
RSA Cryptography basics of security / cryptography Bob encrypts message M into ciphertext

RSA Cryptography basics of security / cryptography Bob encrypts message M into ciphertext

RSA Cryptography basics of security / cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret) M = S(C) anyone else

796 views • 16 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

454 views • 11 slides

More recommend