CYBER SECURITY: ESSENTIALS · • openssl command-line tools for almost all ciphers, hashes, and...
Transcript of CYBER SECURITY: ESSENTIALS · • openssl command-line tools for almost all ciphers, hashes, and...
CYBERSECURITY:ESSENTIALSDanielMedina—[email protected]
ADMINISTRATION
Notes:h)ps://medina.github.io
Anyonenewjoin?
NEWS
RECAP
CRYPTOGRAPHY
SUBSTITUTION
ASECRETMESSAGE
XPBZOBQJBPPXDB
What’sthekey?
TRANSPOSITION
ASECRETMESSAGE
RGAERESSTXESMXCA
What’sthekey?
ASECRETMESSAGEXX
AREGSESEETSXCMAX
RGAERESSTXESMXCA
RGAERESSTXESMXCA
TRANSPOSITION&
SUBSTITUTION
BITSBYTESCHARS
ASECRETMESSAGE
Sisacharacter
8-bitsbyteperchar
01010011
AND,OR,XOR
ONETIMEPAD
MessageXORKey=Encrypted
Length(KEY)==Length(MESSAGE)
ONETIMEPAD
Message=BUY_|SELL|HOLD Key=4randomchars
EncryptedMessage=XOR(M,K)
M = 1010011 1000101 1001100 1001100 K = 0110101 0100100 0011111 1010110 E = 1100110 1100001 1010011 0011010
ONETIMEPAD
Problems?
DES
F has subs, trans, xor
Certified for gov’t use:NIST FIPS PUB 46
Tampering:S-BoxesKey length (64/56 bits)
DES
What’sthekey?
(64-bits=>56-bits+8paritybits)
Problems?
AES:S$ckFigureGuide
DIFFIEHELLMANKX
Keyexchange
Solvethekey-sharingproblem
CryptoCharacters:
Alice&BobEve(passiveadversary)Mallory(aceveadversary)
Ilikethecookie-doughversionofthis…
RSA
RSA
Asymmetric System
Public Key
Private Key
A “hard” problem:factoring large #s
HASHFUNCTIONSMD5:128bits,`md5`or`opensslmd5`
'IleaveallmyfortunetoAlice'|md519755c81218340ed42f575bff3691c57'IleaveallmyfortunetoBob'|md54b67189b91f32b8a12f968ea1989a8fe
#Thiswouldbebad'IleaveallmyvastfortunetoEve'|md519755c81218340ed42f575bff3691c57
HASHFUNCTIONSSHA1:160bits,`shasum`or`opensslsha1`
echo'Hello,World'|shasum-a1#160bits4ab299c8ad6ed14f31923dd94f8b5f5cb89dfb54
echo'Hello,World'|shasum-a256#256bits8663bab6d124806b9727f89bb4ab9db4cbcc3862\f6bbf22024dfa7212aa4ab7d
echo'Hello,World'|shasum-a512#512bits44c4f73161332b2b058360310640c6704796ece7\6593e22ca32f76ccbc2c469d5b26ae64b996c781\65929ac1af7f9a0ae6132010c917f6b104196b86\48e108d3
HYBRIDS
Weknowabout:SymmetricKeyEncrypeonAsymmetricKeyEncrypeon
KeyExchangeHashFunceons
Howtomixandmatch?
SSL/TLS
ConfidentialityIntegrityAuthenticity
“Data in transit” security on the Internet
Increasingly attacked
SSL/TLS
Lotsofbackgroundreadingsonthechallenges• Heartbleed,comic(SSL/TLSvulnerability)• AAacksonSSL(iSecPartners)• SSLObservatory(EFF)• Themostdangerouscodeintheworld• SSLLabs/SSLLabsGradingChangesJanuary2017• RogueCAs:fakinggoogle.com,geknghacked,andgenerallyfailing
TOOLS
• opensslcommand-linetoolsforalmostallciphers,
hashes,andcombinaeons• Smallexercisewithopensslencrypeonmodes• SSLLabsprovidesexcellent“scoring”• SSLCheckerdecodecereficates• Let’sEncryptisafreeCAthatworkswithwebserverstogeneratecereficates
• Keybaseispublic/privatekeyhosengforpeople
OTHERCRYPTOREADINGS
• Crypto101,onlinebookunderdevelopment• SecurityEngineering,RossAnderson• TheDebianPRNGBug,HDMoore(2008)• RandomnessandtheNetscapeBrowser(1996)• WindowsNTran$ngsfromtheL0pht(1997)• Encryp$ngtheWeb,EFF
NSA,CIA,OTHERTLASThatcapability[oftheNSAandUSintelligencecommunity]atany$mecouldbeturnedaroundontheAmericanpeopleandnoAmericanwouldhaveanyprivacyleV.Therewouldbenoplacetohide.
Ifthisgovernmenteverbecameatyranny,thetechnologicalcapacitythattheintelligencecommunityhasgiventhegovernmentcouldenableittoimposetotaltyranny.Therewouldbenowaytofightback,becausethemostcarefulefforttocombinetogetherinresistancetothegovernment,nomaAerhowprivatelyitwasdone,iswithinthereachofthegovernmenttoknow.Suchisthecapacityofthistechnology.
Idon’twanttoseethiscountryevergoacrossthebridge.IknowthecapacitythatistheretomaketyrannytotalinAmerica,andwemustseetoitthatthisagencyandallagenciesthatpossessthistechnologyoperatewithinthelawandunderpropersupervisionsothatwenevercrossoverthatabyss.Thatistheabyssfromwhichthereisnoreturn
Sen.FrankChurch,1975,aquoteIknowfromDecryp$ngthePuzzlePalaceIusedtocallthisthe“scaryquote”.Nowit’scurrentevents.