P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg titulka PV181 Laboratory of security and applied cryptography Symmetric cryptography •Marek Sýs, Zdeněk Říha | PV181 1 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Cryptography - brief overview • 2 | PV181 Concept, goals, primitives, brief, P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Goals of Cryptography •Confidentiality (privacy) - preventing open access –ciphers •Authentication: 1.Entity – identity verification – various (password, MAC, …) 2.Data origin – identity of message originator – MAC •Integrity - preventing unauthorized modification –hash functions •Non-repundation - preventing denial of actions –digital signature 3 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Crypto primitives •Ciphers – encryption/decryption of data using key –Symmetric ciphers – same key for enc/dec –Asymmetric ciphers – different key for enc/dec •Random number generators (RNGs) –Key generation – •Hash functions – “unique” fingerprint of data • •Based on previous: MAC, PBKDF, Digital signature – • • • • • • • | PV181 4 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg encryption decryption message Encrypted message Alice Shared secret key Bob Adapted Network and Internetwork Security (Stallings) Decrypted original message | PV181 5 Symmetric cryptosystem P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg encryption decryption message Alice Public key of Bob Bob Adapted Source: Network and Internetwork Security (Stallings) Private key of Alice Encrypted message Decrypted original message | PV181 6 Asymmetric cryptosystem P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Random number generators •Used to generate: keys, IV, … 1.Truly RNG - physical process –aperiodic, slow 2.Pseudo RNG (PRNG) – software function –deterministic, periodic, fast – initialized by seed – fully determines random data •Combination often used: –truly RNG used to generate seed for PRNG –dev/urandom, dev/random in Linux, Fortuna scheme – • – – – 7 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Hash function •Cryptographic hash function •Input of arbitrary size •Output of fixed size: n bits (e.g. 256 bits). •Function is not injective (there are “collisions”). •Hash is a compact representative of input (also called imprint, (digital) fingerprint or message digest). •Hash functions often used to protect integrity. First the has is computed and then only the hash is protected (e.g. digitally signed). | PV181 8 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Standards •Everything defined in standard: •implementation, settings, usage, etc. •If you need something look into standard • •Different types: •FIPS PUB 197 – AES block cipher •RFC1321 – md5 hash function •NIST SP,… • • • • 9 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Implementation testing - test vectors •Examples of input/output (and also intermediate) for the reference implementation •MD5 defined in RFC 1321: –MD5(“”) = d41d8cd98f00b204e9800998ecf8427e –MD5(“message digest”) = f96b697d7cb7938d525… •AES defined in FIPS197: –Plaintext: 00112233445566778899aabbccddeeff –Key 000102030405060708090a0b0c0d0e0f –Ciphertext 69c4e0d86a7b0430d8cdb78070b4c55a – • • – – 10 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Symmetric cryptography • 11 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Block cipher •Input divided into blocks of fixed size (e.g 256 bits) –Padding - message is padded to complete last block – •Different modes of operation: –Insecure basic ECB mode – leaks info –Secure modes: CBC, OFB,CFB,CTR,… • •CBC, OFB,CFB need initialization –Initialization vector (IV) – must be known • • • • 12 | PV181 https://upload.wikimedia.org/wikipedia/commons/f/f0/Tux_ecb.jpg https://upload.wikimedia.org/wikipedia/commons/5/56/Tux.jpg Source: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Block ciphers - padding • • Standard method •ANSI X.923 •ISO 10126 •PKCS7 •ISO/IEC 7816-4 •Zero padding • • ... | DD DD DD DD DD DD DD DD | DD DD DD DD 81 A6 23 04 | ... | DD DD DD DD DD DD DD DD | DD DD DD DD 04 04 04 04 | ... | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 04 | ... | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 00 | ... | DD DD DD DD DD DD DD DD | DD DD DD DD 80 00 00 00 | | PV181 13 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Block ciphers: ECB vs CBC mode • 14 | PV181 ECB encryption.svg CBC encryption.svg Source: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Hash functions - examples •MD5 –Input: „Autentizace“. –Output: 2445b187f4224583037888511d5411c7 . –Output 128 bits, written in hexadecimal notation. –Input: „Cutentizace“. –Output: cd99abbba3306584e90270bf015b36a7. –A single bit changed in input → big change in output, so called “Avalanche effect” •SHA-1 –Input: „Autentizace“. –Output: 647315cd2a6c953cf5c29d36e0ad14e395ed1776 •SHA-256 –Input: „Autentizace“. –Output: a2eb4bc98a5f71a4db02ed4aed7f12c4ead1e7c98323fda8ecbb69282e4df584 | PV181 15 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Secure Hash Algorithm (SHA) •SHA-1 – NIST standard, collision found in 2016, 160 bits hash •SHA-2 –function family: SHA-256, SHA-384, SHA-512, SHA-224 –defined in FIPS 180-2 –Recommended •SHA-3 –New standard 2015 –Keccak sponge function family: SHAKE-128, SHA3-224, … –defined in FIPS 202, used in FIPS-202, SP 800-185 –Recomended – 16 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Password protection password hashing & salting 1.Clear password could be stolen: –store hash of password hash = H(password) –Checking: password is correct if hash matches 2.Attack (brute force or dictionary) –trying possible passwords “aaa”, “aab”…“zzz” – N tests –N test for single but also for 2,3,… passwords !!! 3.Slow down attack - increase password size: –random “salt” is added to password, 17 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Password protection password hashing & salting 18 | PV181 Výsledek obrázku pro password hashing Source: http://blog.conviso.com.br/worst-and-best-practices-for-secure-password-storage/ P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Key/password protection 19 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg PBKDF2 20 | PV181 Salt & # iterations KEY PBKDF2 key Password / Passphrase encrypted KEY P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Message authentication code (MAC) 21 | PV181 Výsledek obrázku pro message authentication code Source: https://www.tutorialspoint.com/cryptography/message_authentication.htm P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Instructions for the seminar • 22 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg OpenSSL access 23 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg OpenSSL materials •Books: –free ebook OpenSSL cookbook • •Useful links: –Manual: https://www.openssl.org/docs/man1.0.2 –https://wiki.openssl.org/index.php/Command_Line_Utilities –https://www.madboa.com/geek/openssl/ – – – 24 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg OpenSSL basics •Usage: –With cmd history(prefered): openssl commands params –Without: •openssl (enter) •commands params (without openssl) •Typical problems: –order of parameters –string: str or “str” (may represent string of 5 chars) •Help = non-recognized command – e.g. blablabla or help • • • • 25 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Symmetric crypto •OpenSSL commands: •dgst – hashing, MAC, signature •enc – encryption, base 64 encoding,… • •Hashed, encrypted, … data are not readable (not ASCII characters) hence we will use rather: –hex – byte encoded 2 chars from charset (0-9, A-F) –or base64 – 6 bits encoded by 1 char (A-Z, a-z, 0-9, +, /) •Padding is used (no padding, “=“, “==“) • • 26 | PV181 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Practical part •See instructions in Tasks01.txt in IS 27 | PV181