Module — > ectives Cryptography và Cryptography Tools Types of Cryptography 4 Public Key Infrastructure PKI Ciphers SSL Secure Sockets Layer Digital Signature Disk Encryption Tools
Trang 2: A German security enthusiast has used rented computing resources to crack a
Thomas Roth used a GPU-based rentable computer resource to run a brute force attack to crack SHA1 hashes Encryption experts warned for at least five years SHA-1 could no longer be considered secure so what's noteworthy about Roth's project is not what he did or the approach he used, which was essentially based
on trying every possible combination until he found a hit, but the technology he used
xa November 18, 2010 16:15 GMT
SHA-1, although it is in the process of being phased out, still forms a component
of various widely-used security applications, including Secure Sockets Layer, Transport Layer Security and S/MIME protocols Roth claims to have cracked all the hashes from a 160-bit SHA-1 hash with a password of between one and six characters in around 49 minutes
http://www theregister.co.uk
All Rights Reserved Reproduction is Strictly Prohibited
Trang 3Module — > ectives
Cryptography và Cryptography Tools
Types of Cryptography 4 Public Key Infrastructure (PKI)
Ciphers SSL (Secure Sockets Layer) Digital Signature
Disk Encryption Tools
Message Digest Function: MDS Cryptography Attacks
Secure Hashing Algorithm (SHA) Cryptanalysis Tools
Copyright © by
All Rights Reserved Reproduction is Strictly Prohibited
Trang 4Algorithms Public Key
Trang 6m= Hash Function
WNWW
Hash function (message digests or one - way
encryption) uses no key for encryption and decryption
ATHENA.EDU.VN
Symmetric Encryption
This is my kbifkfnnfk x This is my
A/C number > Nkicimim > A/C number
All Rights Reserved
Copyright © by
Reproduction is Strictly Prohibited.
Trang 7Keys means that software a
companies will give copies of all ,
keys, (or at least enough of the key ,
that the remainder could be "
cracked) to the government
Trang 9Ciphers
Ciphers are algorithms used to encrypt or decrypt the data
essa it replaces bits, characters, or blocks of characters
with different bits, characters or blocks
The letters of the plaintext are shifted about to form the cryptogram
Trang 10
Advanced Encryption Standard ( )
AES Pseudocode
Cipher (byte in[4*Nb], byte out[4*Nb], word w[Nb* (Nr+1)]) begin
] ithas a1 ShiftRows (state)
nm AES is an bit block sie MixColumns (state)
iterated DIO 192
l hich of 128, w+round*Nb)
symmetric-key eee respectively SubBytes (state) encryption TH TẾ the for AES-128 Shif£tRows (state)
standard same defined AES-192 and AddRoundKey (state, w+Nr*Nb)
adopted by the : steps multiple A ES-256 out = state
All Rights Reserved Reproduction is Strictly Prohibited
Trang 11Data Encryption Standard (DES)
© DES, is the name of the Federal information
Processing Standard (FIPS) 46-3, which describes the data encryption algorithm (DEA)
© The DEA is a symmetric cryptosystem originally
designed for implementation in hardware
Trang 12A variable key lt is a RC6 adds two
size stream parameterized features to RC5: KG
cipher with byte- algorithm with a the inclusion of
oriented variable block Integer
operations, and size, a variable multiplication,
is based on the key size, anda and the use of
use of a random variable number four 4-bit
permutation of rounds The working registers
key size Is 128- instead of RC5”s bits two 2-bit
Copyright © by
All Rights Reserved Reproduction is Strictly Prohibited
WWW.A THENA.EDL | VN
Trang 13The and.ReTafeđSttừt ưa Schemes
Select a generator a of the unique cyclic group of order q in Z*
To compute a, select an element g in Z*,, and compute g!°//7 mod p
If a= 1, perform step five again with a different g Select a random a such that 1<a<q-1
Compute y = a? mod p The public key is (p, q, a, y) The private key is a
Trang 14RSA (Rivest Shamir Adleman)
and authentication system that uses an algorithm developed by Ron Rivest, Adi
Shamir, and Leonard Adleman
it uses modular arithmetic,
and elementary number theories to perform computations using two large prime numbers
RSA encryption is widely used and is the de-facto encryption standard
Trang 15Example of RSA Algorithm
Trang 16The RSA Signature Scheme
Algorithm Key generation for the RSA signature scheme
SUMMARY: each entity creates an RSA public key and a corresponding private key
Each entity A should do the following:
1 Generate two large distinct random primes p and g, each roughly the same size
2 Compute n = pq and @ = (p— 1)(q— 1)
3 Select a random integer e, 1 < e < @, such that gcd(e, @) = 1
4 Use the extended Euclidean algorithm (Algorithm 2.107) to compute the unique in- teger d 1 < d< ó such that eđ = | (mod @)
< A’s public Key is (mn, e): A’s private Key 1s d
Algorithm RSA signature generation and verification
SUMMARY: entity A signs a message m © M Any entity B can verify A’s signature and recover the message 77 from the signature
1 Signature generation Entity A should do the following:
(a) Compute m = R(m), an integer in the range |O,n — 1)
(b) Compute s = m? mod n
(c) A’s signature for m™ is s
2 Verification To verify A’s signature s and recover the message m, B should:
(a) Obtain A’s authentic public key (n, e)
Trang 17Message Digest (One-
way Bash) Functions
Message digest functions calculate a unique fixed-size bit string
representation called Hash Value of any arbitrary block of information
Note: Message digests are also called one-way bash functions because they produce values that are difficult to invert
Corte | Echical Maer All Rights Reserved Reproduction is Strictly Prohibited
Trang 18IMiessage Digest Function:
5E S48F8 259C7F DF7S0E 5597081 S44F33 DDCAD 7CFGSSF 78397D58 SB 5F S8068 47FD 04FED507091 F5F0S5D 3778 358E C20EED
902BA23D7CCS%5EA23%39CDA2EF1B27841 F1176C7967E 1DA2CA743D26DE SFIBOCO SFIBBDSECBOBSESES70EDBAS70SF 1404
CIAE 1SI6BEABCI 7EDEFBS821 20205331
SaveSFV | Save MD5 | [cose |
algorithms such as SHA-1 5
Trang 19En
su
message with a maximum length of
(2 — 1) bits, resembles the MD5
algorithm
It is a family of two similar hash
functions, with different block sizes,
namely SHA-256 that uses 32-bit words and SHA-512 that uses 64-bit
bài cryptographically secure one-way hash, kinh
I published by the National Institute of
Ss Standards and Technology as a U.S
public review process from non- government designers
Trang 20Whhat 1S (Secure Shell)?
Remote Communication Secure Channel Strong Authentication
SSH is a secure replacement ;""" ¿ we it provides an encrypted =
for telnet and the Berkeley ị F channel for remote logging,
r-utilities (rlogin, rsh,rcp, | `” oe command execution and file | ¥
Trang 21
Algorithms Public Key
Infrastructure(PKI) Disk
is Encryption
Cryptography Attacks
Trang 22IVID5 Hash Calculators: HashCalc, IVIDS5
Calculator and HashMyFiles
Trang 23Cryptography Tool: Advanced Encryption
Create New Key Pac
Add Key File
A re'a=e i1 ®S3_102%t(t n?kc ntceny
Move the mouse tarnddorrdy vathin thes window The longer you move the mouse, the better
tography Algorithms
Trang 24If JE[ | Steganos LockNote &, NCrypt XL
All Rights Reserved Reproduction is Strictly Prohibited
Trang 26Public Key Infrastructure (PKI)
\) sPublic Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures required to create, manage, distribute, use, store, and revoke digital certificates
onents or
*®
se"
A certificate management system for
A registration authority
(RA) that acts as the verifier for the certificate authority
One or more directories
where the certificates (with their public keys)
are held
Copyright © by Ê
All Rights Reserved Reproduction is Strictly Prohibited
Trang 27Public Key Infrastructure (PKI)
Certificate
Message in public key certificate signed with digital signature
Public Key Validation of electronic signature
» Enquires about public key certificate Private Key validity to validation authority
Copyright © by
All Rights Reserved Reproduction is Strictly Prohibited
Trang 28Certification
Poca prorke & trorte Offa ¬— “— —— Large 0 slap ee eaters
Get started with Inspire Beyond
Trust Online E-Commerce
— :
a Leam more Learn ngự heres v na
SHOP CERTIFICATES
BUY CERTIFICATES s`%& ertite `
>
> BUSES SR UTONS ^ a )ìọ #MTY#2%3%F WO( (/1⁄2M$
The First To Bring You a Full
Line of 2048 bit Certificates
Whether you buy, shop, or share online,
learn how to stay secure
' ee nf tee Pht ` tu cosze “ “Une eters lo :
ì
~~
Đi fcznaefscse Row ee A s
oe S35 Corvettes Symentec: The First Namne in Online Security 7 i
Ane etcaten Secer “rẽ Cusmess Vs
' vee Seve!
we : Sm oe = SS Cortefcates Sigreng CertMastes ar Cortfhcates +
earn mare
saw Renew 351 Certificates
Trang 29Tools
Cryptography Attacks
Trang 30Digital Signature
J Digital signature used asymmetric cryptography to simulate the security properties of a
signature in digital, rather than written form
4 Digital signature schemes involve two algorithms; a private key for signing the message and a
public key for verifying signatures
hash code to message
Information using his PRIVATE key § :
T9 srssssss.nss.nssnnssssssannssnssannssssssnnnssssssssssssssssmssseme > Ff — — ———Œ®®&œw==sðs=%s»sosss1=sessss=ssssssosmsw°
: : Decrypt message using
N22 at sonal ' 3 f- ⁄ JCeeesikesrsl Ss es
ent 1 I &-
ant
Encrypt message using Encrypt the symmetric key : Recipient decrypt one-time >
one-time symmetric key using recipient’s PUBLIC key : : symmetric key using his PRIVATE key :
DELIVER Vv VERIFY
x : ma as message and
: San no : a compare it
“NI xá ie une s cecateuweccestoud : < ỐC sesessessseees 212 4//4 sseeesee : Es ; ja wi ee teen e has
ss, Mail electronic envelopes Unlock the hash value mm 4 008 the mail
to the recipient using sender’s PUBLIC key
Copyright © by Ê
All Rights Reserved Reproduction is Strictly Prohibited
/VWW A TF IENA.EDI | VN
Trang 31SSL (Secure Sockets Layer)
© SSL is an application layer protocol developed by Netscape for managing the security of a
message transmission on the Internet
\ It uses RSA asymmetric (public key) encryption to encrypt data transferred over a SSL
connection
Client Hello message (includes SSL version, encryption algorithms, key exchange algorithms, and MAC algorithms)
Le ll êcếếếcêẳc co ee eee eee eee ee ee eee eee e eee ee eee eee ee eee ee ee eee
: Determines the SSL version and cipher suite to be used for the communication; : : sends Server Hello message (Session ID) and Certificate message (local certificate) )
: Vv : XÃ
< Sends a Server Hello Done message K»
Verifies the Digital certificate; generates a random premaster secret (Encrypted with server's public key) and sends Client Key Exchange message with the premaster secret
Ga * €
Sends a Change Cipher Spec message and also sends Finished message (hash of handshake message)
Computes the hash value of the exchanged handshake messages and compares the hash value with that received from the client; If the two match, the key and cipher suite negotiation succeeds Sends a Change
Cipher Spec message and also sends Finished message (hash of handshake message)
Copyright © by
All Rights Reserved Reproduction is Strictly Prohibited
VWWV.ATHENA.EDU.VN
Trang 32WWW.A
(TLS)
TLS is a protocol between a client and a server and
ensure privacy and integrity of information during transmission
Client Finished Message
aS, TLS Handshake sung Protocol
[Change Cipher Spec]
Server Finished Message
Trang 33Algorithms Public Key
Infrastructure(PKI) Cryptography
Tools
Cryptography Attacks
Trang 34usedtoprote.c — “ “.ê‹⁄Ạ - W_— 6= KẶỮẴẶẰ , keep it from falling into
confidentiality ofthedata -|) #6 0 ™ Sự the wrong hands
works in a similar way
as text message encryption and protects data even
: when the OS not active
: e
Fs _: Privacy ° DVD H
¡ Passphrase ï ran Ne DDNS : é = ỏ | Backup
St
& bu tàu - _ Volume Encryption
Hidden Volumes
Trang 35Disk Encryption Tool: TrueCrypt
Trang 37Algorithms Public Key
Trang 38Attacks
Cryptography attacks are based on the assumption that the cryptanalyst has
knowledge of the encrypted information
Trang 39Cryptography Attacks
Adaptive Chosen-plaintext Attack
Attacker uses this technique when he
Ciphertext-only Attack has free use of a piece of decryption
hardware, but is unable to extract the
decryption key from it
The attacker’s goal is to discover
an encrypted file) from a person by coercion or torture
Copyright © by Ê
All Rights Reserved Reproduction is Strictly Prohibited
Trang 40Cryptography Attacks
@ Attacker defines his own plaintext, @ The attacker’s goal is to discover the
feeds it into the cipher, and analyzes key used to encrypt the messages so the resulting ciphertext that other messages can be
deciphered and read
=
= Chosen-key Attack | Timing Attack
@ Itis based on repeatedly measuring
the exact execution times of modular
Trang 41Code Breaking Methodologies
xe Trickery and Deceit
It involves the use of social engineering techniques to extract cryptography keys
— One-Time Pad
A one-time pad contains many non- repeating groups of letters or number keys, which are chosen randomly
Brute-Force
| : Ñ
Cryptography keys are discovered
by trying every possible combination
Caan]
(me)
It is the study of the frequency of letters or groups of letters in a ciphertext
X
lt works on the fact that, in any given stretch
of written language, certain letters and combinations of letters occur with varying