Information security - Paylogic TechTalk 2014

Informa(on Security Tech Talk

Aug 4th 2014 Dirk Zi=ersteyn

Informa(on security

Three main goals

Keep your data secure

Make sure people can’t change your data

Make sure your informa(on stays available

Confiden(ality Integrity Availability

Availability

Subject for another talk

Confiden(ality and Integrity

Two sides of the same coin

If you can’t guarantee integrity, confiden(ality is useless, and vice-‐versa.

Cryptography

Confiden(ality Integrity (a bit)

Basic Terminology:

Encryp(on Plaintext Ke

y Ciphertext Decryp(on

Key

Plaintext

Basic Terminology:



Key

Plaintext

= Symmetric encryp(on

Basic Terminology:



Key

Plaintext

≠ Asymmetric encryp(on

Founda(ons Kerckhoffs (1835 – 1903) Shannon (1916 – 2001)

Auguste Kerckhoffs

La Cryptographie Militaire (1883)

Kerckhoffs’ principle The design of a system should not

require secrecy

The design of a system should not require secrecy

Kerckhoffs’ principle

and compromise of the system should not inconvenience the

correspondents


Open Source your method


Security is in the key

Claude Shannon

Perfect Secrecy Confusion Diffusion

Claude Shannon "Perfect Secrecy" is defined by requiring of a

system that after a cryptogram is intercepted by the enemy, the a posteriori probabilities of this cryptogram representing various messages be identically the same as

the a priori probabilities of the same messages before the interception

In other words:

The enemy learns nothing.

Claude Shannon

Confusion: Rela(on plaintext -‐ ciphertext

Claude Shannon

Diffusion: Posi(on of plaintext in ciphertext

Back in the days…

Caesar Cipher

caesar = alpha[n:] + alpha[:n]

caesar(‘Hello World’, 3) =

‘KHOOR ZRUOG’

Decrypt

Simple.

Decrypt

A li=le… too simple.

for i in range(26):

print caesar('KHOOR ZRUOG', i)

0: KHOOR ZRUOG 1: LIPPS ASVPH 2: MJQQT BTWQI 3: NKRRU CUXRJ 4: OLSSV DVYSK 5: PMTTW EWZTL 6: QNUUX FXAUM 7: ROVVY GYBVN 8: SPWWZ HZCWO 9: TQXXA IADXP 10: URYYB JBEYQ 11: VSZZC KCFZR 12: WTAAD LDGAS

13: XUBBE MEHBT 14: YVCCF NFICU 15: ZWDDG OGJDV 16: AXEEH PHKEW 17: BYFFI QILFX 18: CZGGJ RJMGY 19: DAHHK SKNHZ 20: EBIIL TLOIA 21: FCJJM UMPJB 22: GDKKN VNQKC 23: HELLO WORLD 24: IFMMP XPSME 25: JGNNQ YQTNF

ecuritysay oughthray obscurityyay

ecuritysay oughthray obscurityyay

They simply assumed no-‐one would think to decrypt it

(they even hardcoded the number by which is was shi`ed: 3)

KHOOR Z'RUOG! (Klingons never bluff)

They hoped people would think it was some language they did not understand

Improving Caesar shi`

Keyspace ≈ 26

Generalizing Caesar shi`

ABCDEFGHIJKLMNOPQRSTUVWXYZ

alpha = alpha[n:] + alpha[:n]

DEFGHIJKLMNOPQRSTUVWXYZABC

Subs(tu(on cipher

ABCDEFGHIJKLMNOPQRSTUVWXYZ

alpha = random.shuffle(alpha)

WGLOJTYUDZQXKVAFHMBPECRNIS

Subs(tu(on cipher

Keyspace ≈ 26!

403291461126605635584000000

Secure?

You intercept: MHT UTEKAVAMRPD PS RDUTJTDUTDET RZ MHT WZWAK DABT PS A ZMAMTBTDM AUPJMTU OG MHT EPDMRDTDMAK EPDNVTZZ PD CWKG 4, 1776, LHREH ADDPWDETU MHAM MHT MHRVMTTD ABTVREAD EPKPDRTZ, MHTD AM LAV LRMH NVTAM OVRMARD, VTNAVUTU MHTBZTKQTZ AZ MHRVMTTD DTLKG RDUTJTDUTDM ZPQTVTRND ZMAMTZ, ADU DP KPDNTV A JAVM PS MHT OVRMRZH TBJRVT. RDZMTAU MHTG SPVBTU A DTL DAMRPD - MHT WDRMTU ZMAMTZ PS ABTVREA. CPHD AUABZ LAZ A KTAUTV RD JWZHRDN SPV RDUTJTDUTDET, LHREH LAZ WDADRBPWZKG AJJVPQTU PD CWKG 2. A EPBBRMMTT PS SRQT HAU AKVTAUG UVASMTU MHT SPVBAK UTEKAVAMRPD, MP OT VTAUG LHTD EPDNVTZZ QPMTU PD RDUTJTDUTDET. MHT MTVB "UTEKAVAMRPD PS RDUTJTDUTDET" RZ DPM WZTU RD MHT UPEWBTDM RMZTKS. …

English le=er freq’s

Message le=er freq’s

Pre=y similar! English Message

abc dok

abcdefghijklmnopqrstuvwxyz dokutbnvrxcespalyhzmwqjfgi

Guessed key

dokutbnvrxcespalyhzmwqjfgi


aoeutsnhrcxkbdpjyvzmwqlfgi

Actual key

Guessed key

Similar enough to come close



Actual key

Guessed key

More work needed



Actual key

Guessed key

There are some pre=y big mismatches

Decoded with guessed key TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.

We’ve assumed it’s English TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.

So let’s find some English words

TRE DELCOHOTINA NM IADEWEADEALE IS TRE USUOC AOFE NM O STOTEFEAT ODNWTED BY TRE LNATIAEATOC LNAGHESS NA KUCY 4, 1776, PRILR OAANUALED TROT TRE TRIHTEEA OFEHILOA LNCNAIES, TREA OT POH PITR GHEOT BHITOIA, HEGOHDED TREFSECVES OS TRIHTEEA AEPCY IADEWEADEAT SNVEHEIGA STOTES, OAD AN CNAGEH O WOHT NM TRE BHITISR EFWIHE. IASTEOD TREY MNHFED O AEP AOTINA - TRE UAITED STOTES NM OFEHILO. KNRA ODOFS POS O CEODEH IA WUSRIAG MNH IADEWEADEALE, PRILR POS UAOAIFNUSCY OWWHNVED NA KUCY 2. O LNFFITTEE NM MIVE ROD OCHEODY DHOMTED TRE MNHFOC DELCOHOTINA, TN BE HEODY PREA LNAGHESS VNTED NA IADEWEADEALE. TRE TEHF "DELCOHOTINA NM IADEWEADEALE" IS ANT USED IA TRE DNLUFEAT ITSECM.

E T A O I N S H R D L C U M W F G Y P B V K J X Q Z

the DeLCOHOtINA NM IADeWeADeALe IS the USUOC AOFe NM O StOteFeAt ODNWteD BY the LNAtIAeAtOC LNAGHeSS NA KUCY 4, 1776, PhILh OAANUALeD thOt the thIHteeA OFeHILOA LNCNAIeS, theA Ot POH PIth GHeOt BHItOIA, HeGOHDeD theFSeCVeS OS thIHteeA AePCY IADeWeADeAt SNVeHeIGA StOteS, OAD AN CNAGeH O WOHt NM the BHItISh eFWIHe. IASteOD theY MNHFeD O AeP AOtINA - the UAIteD StOteS NM OFeHILO. KNhA ODOFS POS O CeODeH IA WUShIAG MNH IADeWeADeALe, PhILh POS UAOAIFNUSCY OWWHNVeD NA KUCY 2. O LNFFIttee NM MIVe hOD OCHeODY DHOMteD the MNHFOC DeLCOHOtINA, tN Be HeODY PheA LNAGHeSS VNteD NA IADeWeADeALe. the teHF "DeLCOHOtINA NM IADeWeADeALe" IS ANt USeD IA the DNLUFeAt ItSeCM.


the DeLCOrOtiNA NM iADeWeADeALe is the UsUOC AOFe NM O stOteFeAt ODNWteD bY the LNAtiAeAtOC LNAGress NA KUCY 4, 1776, PhiLh OAANUALeD thOt the thirteeA OFeriLOA LNCNAies, theA Ot POr Pith GreOt britOiA, reGOrDeD theFseCVes Os thirteeA AePCY iADeWeADeAt sNVereiGA stOtes, OAD AN CNAGer O WOrt NM the british eFWire. iAsteOD theY MNrFeD O AeP AOtiNA - the UAiteD stOtes NM OFeriLO. KNhA ODOFs POs O CeODer iA WUshiAG MNr iADeWeADeALe, PhiLh POs UAOAiFNUsCY OWWrNVeD NA KUCY 2. O LNFFittee NM MiVe hOD OCreODY DrOMteD the MNrFOC DeLCOrOtiNA, tN be reODY PheA LNAGress VNteD NA iADeWeADeALe. the terF "DeLCOrOtiNA NM iADeWeADeALe" is ANt UseD iA the DNLUFeAt itseCM.


the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, PhiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at Par Pith great britain, regarDeD theFseCVes as thirteen nePCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a neP natiNn - the UniteD states NM aFeriLa. KNhn aDaFs Pas a CeaDer in WUshing MNr inDeWenDenLe, PhiLh Pas UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY Phen LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.


the DeLCaratiNn NM inDeWenDenLe is the UsUaC naFe NM a stateFent aDNWteD bY the LNntinentaC LNngress Nn KUCY 4, 1776, whiLh annNUnLeD that the thirteen aFeriLan LNCNnies, then at war with great britain, regarDeD theFseCVes as thirteen newCY inDeWenDent sNVereign states, anD nN CNnger a Wart NM the british eFWire. insteaD theY MNrFeD a new natiNn - the UniteD states NM aFeriLa. KNhn aDaFs was a CeaDer in WUshing MNr inDeWenDenLe, whiLh was UnaniFNUsCY aWWrNVeD Nn KUCY 2. a LNFFittee NM MiVe haD aCreaDY DraMteD the MNrFaC DeLCaratiNn, tN be reaDY when LNngress VNteD Nn inDeWenDenLe. the terF "DeLCaratiNn NM inDeWenDenLe" is nNt UseD in the DNLUFent itseCM.


the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted bY the LNntinentaC LNngress Nn KuCY 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCY indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead theY MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCY aWWrNVed Nn KuCY 2. a LNFFittee NM MiVe had aCreadY draMted the MNrFaC deLCaratiNn, tN be readY when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.


the deLCaratiNn NM indeWendenLe is the usuaC naFe NM a stateFent adNWted by the LNntinentaC LNngress Nn KuCy 4, 1776, whiLh annNunLed that the thirteen aFeriLan LNCNnies, then at war with great britain, regarded theFseCVes as thirteen newCy indeWendent sNVereign states, and nN CNnger a Wart NM the british eFWire. instead they MNrFed a new natiNn - the united states NM aFeriLa. KNhn adaFs was a Ceader in Wushing MNr indeWendenLe, whiLh was unaniFNusCy aWWrNVed Nn KuCy 2. a LNFFittee NM MiVe had aCready draMted the MNrFaC deLCaratiNn, tN be ready when LNngress VNted Nn indeWendenLe. the terF "deLCaratiNn NM indeWendenLe" is nNt used in the dNLuFent itseCM.


the declaration oM indeWendence is the usual naFe oM a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart oM the british eFWire. instead they MorFed a new nation - the united states oM aFerica. Kohn adaFs was a leader in Wushing Mor indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee oM MiVe had already draMted the MorFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration oM indeWendence" is not used in the docuFent itselM.


the declaration of indeWendence is the usual naFe of a stateFent adoWted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly indeWendent soVereign states, and no longer a Wart of the british eFWire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in Wushing for indeWendence, which was unaniFously aWWroVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on indeWendence. the terF "declaration of indeWendence" is not used in the docuFent itself.


the declaration of independence is the usual naFe of a stateFent adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen aFerican colonies, then at war with great britain, regarded theFselVes as thirteen newly independent soVereign states, and no longer a part of the british eFpire. instead they forFed a new nation - the united states of aFerica. Kohn adaFs was a leader in pushing for independence, which was unaniFously approVed on Kuly 2. a coFFittee of fiVe had already drafted the forFal declaration, to be ready when congress Voted on independence. the terF "declaration of independence" is not used in the docuFent itself.


the declaration of independence is the usual name of a statement adopted by the continental congress on Kuly 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselVes as thirteen newly independent soVereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. Kohn adams was a leader in pushing for independence, which was unanimously approVed on Kuly 2. a committee of fiVe had already drafted the formal declaration, to be ready when congress Voted on independence. the term "declaration of independence" is not used in the document itself.


the declaration of independence is the usual name of a statement adopted by the continental congress on july 4, 1776, which announced that the thirteen american colonies, then at war with great britain, regarded themselves as thirteen newly independent sovereign states, and no longer a part of the british empire. instead they formed a new nation - the united states of america. john adams was a leader in pushing for independence, which was unanimously approved on july 2. a committee of five had already drafted the formal declaration, to be ready when congress voted on independence. the term "declaration of independence" is not used in the document itself.


Cracked!

So, let’s adap(ng it in a different way

Change the shi` each le=er

Plaintext: supersecretmessageyoushouldnotsee

Key:

donotlook

Repeat the key

supersecretmessageyoushouldnotsee

donotlookdonotlookdonotlookdonotl

Add plaintext and key

supersecretmessageyoushouldnotsee

donotlookdonotlookdonotlookdonotl --------------------------------- vicskdsqbhhzsldouobchgaziznqcggxp

+

This is the Vigenère Cipher

Named for Blaise de Vigenère (1523 – 1596)

This is the Vigenère Cipher

Actually invented by Giovan Bapsta Bellaso

(1505 – ??)

Also known as:

Le Chiffre Indéchiffrable (The Unbreakable Cipher)

Secure?

Brute Force:

possibili(es (n = 9 -‐> 10795636100592)

Frequency analysis?

Ciphertext English

First:

Guess the key length

Repeated words, repeated key

Key: ABCDABCDABCDABCDABCDABCDABCD Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB


VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR



VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]



VHVS -> VHVS = 18 -> [18, 9, 6, 3, 2, 1]

QUCE -> QUCE = 30 -> [30, 15, 10, 6, 5, 3, 2, 1]


[18, 9, 6, 3, 2, 1]

∩

[30, 15, 10, 6, 5, 3, 2, 1]

=

[6, 3, 2, 1]

When you assume You make an ass out of u and me

When you assume

There might not be any repeated words at the right spots

If the key length = 2 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABABABABABABABABABABABABABABABABABABABABABABABABABABABABA


udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl

AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB


udpwdnbijtlladfkhmajwvfhwhlxe hwjnighwcmjdpbavxckuyraunvbl

AAAAAAAAAAAAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBBBBBBBBBB

Should be a standard letter distribution

If the key length = 3 uhdwpjwndingbhiwjctmljldapdbfakvhxmcakjuwyvrfahuwnhvlbxle ABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABCABC

uwwibwtjabkxauvawvx hpnnhjmlpfvmkwrhnll djdgiclddahcjyfuhbe

AAAAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCCC

Should be a standard letter distribution

Let’s try this!

Encoded a plaintext with key ‘SECRET’

Split the ciphertext,


Sort characters by frequency


Sort characters by frequency Sum highest frequencies, second highest, etc.

secret

secret s e c r e t

Now that we know the key length, This is not that different from

subs(tu(on cipher

Cracked!

Principle is easy

Doing it by hand is tedious

Cracked!

smurfoncrack.com/pygenere/

source: smurfoncrack.com/pygenere/pygenere.py

Is there any truly secure method?

The One-‐Time pad

Looks like Vigenère.

The One-‐Time pad

Create a long key, without repeFFon

The One-‐Time pad

Create a long key, without repeFFon Securely share it between both par(es

The One-‐Time pad

To send a message:

Plaintext attackatdawn Key owbxelcixrql

------------ +

Ciphertext opuxgvcbarmy

And then:

And then:

Destroy the key

One-‐Time pad

This is provably perfectly secure

You can’t even brute force it!

This is provably perfectly secure opuxgvcbarmy owbxelcixrql

------------ -

attackatdawn

opuxgvcbarmy elqinoymwrku

------------ -

keepthepeace

This is provably perfectly secure

So why don’t we all use it?

Why we don’t use it:

You need to share the key securely, But how?

Out of band communica(on

How the spies did it Before the mission, they received a codebook

Out of band communica(on

How the spies did it But imprac(cal for ordinary use

In band communica(on

Safe channel through which to send the key

In band communica(on

Just use that channel to send the message.

They all have in common:

Confusion ✓ Diffusion ✗

Why do you need diffusion?

e.g. image encryp(on

Using a block cipher

Encodes blocks of data

Electronic Code Book (ECB)

Blocks with the same data are encoded as the same data

Encode this image with ECB:

24-‐bits bmp

“Encrypted”

(a`er header restora(on)

Cipher block chaining

Does do diffusion

Looks like noise.

Methods covered so far:

Brute Force Caesar Cipher



Founda(onal weakness Vigenère, Subs9tu9on, ECB

Next up:

Mad Science

Next up:

Mad Science Side channel a=acks

Tradi(onal model

E Plaintext

Key

Ciphertext

Key

Plaintext D

Side channel model

E Plaintext

Key

Ciphertext

Key

Plaintext D

Heat

Timing

Heat

Timing

Simple example def __eq__(self, other): if len(self) != len(other): return False for x,y in zip(self, other): if x != y: return False return True

Simple example if input == password: login()

else:

error()

Simple example 1000 * input = '-' Wall time: 817 µs 1000 * input = '--' Wall time: 2.14 ms 1000 * input = '---' Wall time: 806 µs

def __eq__(self, other): if len(self) != len(other):

return False

for x,y in zip(self, other):

if x != y:

return False

return True



return False


if x != y:

return False

return True

≈ 0.8ms



return False


if x != y:

return False

return True

≈ 2.1ms (1 iter)

Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms


return False


if x != y:

return False

return True

≈ 2.1ms (1 iter)

Simple example 1000 * input = 'a-' Wall time: 2.15 ms 1000 * input = 'b-' Wall time: 2.33 ms 1000 * input = 'c-' Wall time: 2.14 ms


return False


if x != y:

return False

return True

≈ 2.3ms (2 iter)

Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms


return False


if x != y:

return False

return True

≈ 2.3ms (2 iter)

Simple example 1000 * input = 'ba' Wall time: 2.33 ms 1000 * input = 'bb' LOGGED IN! (2.47 ms) 1000 * input = 'bc' Wall time: 2.32 ms


return False


if x != y:

return False

return True

≈ 2.5ms (2 iter)

Simple example This simple error has reduced your keyspace

From 26n to 26n

This isn’t really MAD science…

Power consump(on of a CPU during RSA computa(on.

0 1 …

Crypto is a minefield

h=p://w

ww.m

oserware.com

/2009/09/s(ck-‐figure-‐guide-‐to-‐advanced.html



Founda(onal weakness Vigenère, Subs9tu9on, ECB

Side channel a=acks Timing, Power Consump9on, Acous9c, etc.

Last but not least

Rubber-‐Hose Cryptanalysis

[..] In which a rubber hose is applied forcefully and frequently to the soles of the feet, un9l the

key to the cryptosystem is discovered

A process that can take a surprisingly short 9me and is quite computa9onally inexpensive

sci.crypt (1990)

What haven’t I covered? Asymmetric encryp(on

public – private key …

A lot of math

Diffie – Hellman key exchange Prime factoriza(on Ellip(c Curve crypto …

Integrety assurance HMAC …

Stream Ciphers Man in the middle AES, DES, Hashes Salts Etc.

MORE!!!

Great intro to a great encryp(on standard

A s(ck figure guide to AES

Mad science side-‐channel a=acks To Protect and Infect (Jacob Applebaum)

Awesome primer for InfoSec

History of the informa(on age

Information security - Paylogic TechTalk 2014

Internet

Transcript of Information security - Paylogic TechTalk 2014