Cryptography

# Cryptography
## DAY 3
### Kendall Giles
### 22/7/2019

---

---

# LICENSE

Some of this material in this presentation has been adapted and remixed from course materials from the [Virginia Cyber Range](https://virginiacyberrange.org/) by Dave Raymond and Prem Uppuluri. Other images and materials are cited accordingly. This course content is provided under an [Attribution-NonCommercial-ShareAlike 4.0 International Creative Commons License](https://creativecommons.org)

All logos used are the property of their respective trademark owners.  Their use in these educational materials is not authorized by, sponsored by, or associated with the trademark owners.  No endorsement of the trademark owners by the creator of or educational institution is given or should be inferred.

---

# WORKSHOP ORIENTATION

DAY 1: *Introduction to Cybersecurity*<br />

DAY 2: *Networking*<br />

DAY 4: *Hacking and Your Cybersecurity Future*<br />

---

# TODAY'S SCHEDULE

.small[
| TOPIC      | TIME     |
| :------ | :----------: |
| [The Need for Cryptography](#6) | 9:30-9:45 |
| [Classical Substitution Ciphers](#17) | 9:45-10:00 |
| [LAB:  Caesar Cipher Cryptanalysis](#22) | 10:00-10:15 |
| [BREAK](#24) | 10:15-10:30 |
| [Other Classical Ciphers](#25) | 10:30-11:15 |
| [LAB: Cryptography Explorations](#38) | 11:15-11:45 |
| [BREAK](#40) | 11:45-12:00 |
| [Final Classical Ciphers](#41) | 12:00-12:30 |
| [LUNCH BREAK](#46) | 12:30-14:15 |
| [Modern Cryptography](#47) | 14:15-14:30 |
| [Symmetric Cryptography](#52) | 14:30-15:00 |
| [BREAK](#64) | 15:00-15:15 |
| [Asymmetric Cryptography](#65) | 15:00-15:45|
| [LAB: Public and Private Key Generation](#80) | 15:45-16:00 |
| [BREAK](#82) | 16:00-16:15 |
| [Secure Hash Functions](#83) | 16:15-16:45 |
| [LAB: Secure Hash Function Demo](#91) | 16:45-17:00 |
]

---
#  Learning Objectives

+ Understand the evolution of cryptography and cryptographic systems
+ Describe the basic characteristics of cryptographic systems
+ Apply basic cryptanalysis techniques to decrypt simple ciphers
+ Describe what makes the one-time pad impervious to cryptanalysis
+ Describe common threats to confidentiality
+ Understand the benefits of encryption for confidentiality
+ Distinguish symmetric and asymmetric key cryptography and describe in what situations each are useful
+ Define key exchange, key management, and digital certificates
+ Describe hash functions and their uses

---

# The Need for Cryptography

---
class: center, middle
.center[<img src="crypto_assets/img/encrypted_toothbrush.png" style="width: 100%" />]

---

---

# The Need for Cryptography

---

#  What Cryptography Provides

+ Confidentiality
	+ Ensure message remains secret during transmission between parties
+ Integrity
	+ Ensure message is not altered while in transit between communicating partners
+ Authentication
	+ Verifies sender is who she says she is
+ Non-repudiation
	+ Proves that nobody but one sender could have sent a particular message

???
#  Why Cryptography?

???

#  Why Cryptography?

.highlight[+ Confidentiality
	+ Ensure message remains secret during transmission between parties]
+ Integrity
	+ Ensure message is not altered while in transit between communicating partners
+ Authentication
	+ Verifies sender is who she says she is
+ Non-repudiation
	+ Proves that nobody but one sender could have sent a particular message

---
#  Analogy – The Locked Box

+ Consider two people in different locations, **Alice** and **Bob**, who want to communicate in secret
+ A third person, **Eve**, wants to intercept that communication
.center[<img src="crypto_assets/img/alice_eve_bob.png" style="width: 80%" />]

---
#  Locked Box - Continued

+ Alice and Bob share a combination to a locked box
+ Alice and Bob can both open it, but Eve cannot

.center[<img src="crypto_assets/img/image6.jpeg" style="width: 50%" /><br />.small[http://www.blogwebdesignmicrocamp.com.br/programacao/qual-diferenca-entre-http-e-https/ ]]

---
#  Basic Terminology

+ *plaintext* - original message
+ *ciphertext* - coded message
+ *cipher* - algorithm for transforming plaintext to ciphertext 
+ *key* - info used in cipher known only to sender/receiver
+ *encipher (encrypt)* - converting plaintext to ciphertext 
+ *decipher (decrypt)* - recovering plaintext from ciphertext
+ *cryptography* - study of encryption principles/methods
+ *cryptanalysis (codebreaking)* - study of principles/methods of deciphering ciphertext without knowing the key
+ *cryptology* - field of both cryptography and cryptanalysis

---
#  Characterization of Crypto Systems

+ Cryptographic systems can be characterized along these three independent dimensions:
	+ type of encryption operations used
		+ Substitution/transposition/product
	+ number of keys used
		+ Single key or two keys
	+ way in which plaintext is processed
		+ Block/stream

---
#  Cryptanalysis

+ Typically the objective of an attacker is to recover the key in use rather than simply to recover the plaintext of a single ciphertext
+ There are two general approaches:
	+ Cryptanalytic attack
	+ Brute force attack

.center[<img src="crypto_assets/img/image7.png" style="width: 55%" /><br />.small[Image courtesy of xkcd : https://imgs.xkcd.com/comics/security.png ]]

---
#  Brute Force Search Example

+ Trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained
+ On average, half of all possible keys must be tried to achieve success.

---

# Classical Substitution Ciphers

---
#  Classical Substitution Ciphers

+ Letters of plaintext are replaced by other letters or by numbers or symbols
+ Or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

---
#  Caesar Cipher

.pull-left[
+ Shift (Rotate) letter by agreed-upon number
+ Recipient shifts back by the same number of letters
+ Used for hundreds of years after Caesar’s time!

<img src="crypto_assets/img/attack_at_dawn.png" style="width: 80%" />
]

---
#  Cryptanalysis of Caesar Cipher

.pull-left[
+ Only have 25 possible ciphers
	+ A maps to B, C, ... Z
+ Could simply try each in turn
+ A brute force search
	+ Given a ciphertext, just try all shifts of letters
]

---
#  Simple Cipher Wheels

---
class: center, middle

# LAB: Caesar Cipher Cryptanalysis

---

# LAB: Caesar Cipher Cryptanalysis

1) Go to this website: [https://www.xarg.org/tools/caesar-cipher/](https://www.xarg.org/tools/caesar-cipher/)

2) Enter this text into the textbox:

L rcple mzzv ez wplcy xzcp lmzfe ncjaezrclasj td Esp Nzop Mzzv : Esp Dntpynp zq Dpncpnj qczx Lyntpye Prjae ez Bflyefx Ncjaezrclasj mj Dtxzy Dtyrs

3) What is the message?

???

Key to Encrypt = 11
Key to Decrypt = 15

Message = "A great book to learn more about cryptography is The Code Book : The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh"

---

# Other Classical Ciphers

---
#  Monoalphabetic Cipher

+ Rather than just shifting the alphabet, could shuffle (jumble) the letters arbitrarily
+ Each plaintext letter maps to a different random ciphertext letter
+ Key is 26 letters long
+ Do we need to consider language characteristics?
+ Example:

.center[<img src="crypto_assets/img/monoalphabetic.png" style="width: 100%" />]
---
#  Language Redundancy and Cryptanalysis

+ Human languages are redundant
+ Frequency of use of letters is not equal
+ In English E is by far the most common letter,  followed by T, R, N, I, O, A, S
+ Other letters like Z, J, K, Q, X are fairly rare
+ Can create tables of single, double (digram), and triple letter (trigram) frequencies for various languages

---
#  Frequency Analysis

---
#  Frequency Analysis

+ Detailed by Muslim philosopher Al- Kindi in the 870’s
+ By analyzing letter frequencies and comparing them to standard frequencies in the language used, substitution ciphers are easily cracked
+ Other patterns are easily discovered as well
	+ 2-letter words
	+ 3-letter words
	+ Double letters
	
.center[<img src="crypto_assets/img/image14.jpeg" style="width: 25%" /><br />.small[Al-Kindi image courtesy of http://www.muslimheritage.com/article/al-kindi ]]

---
#  Polyalphabetic Cipher

+ Helps ‘flatten’ distribution of letter frequencies
+ A **keyword** is used – letters are shifted according to the corresponding letter in the keyword
+ **Vigenere** **cipher** is best example . . .

???

+ ***How is this cracked?***

---
#  Vigenere Cipher

+ Simplest polyalphabetic substitution cipher
+ Effectively multiple caesar ciphers
+ Key is multiple letters long `\(K = k_1 k_2 k_3 ... k_d\)`
+ `\(i^{th}\)` letter specifies `\(i^{th}\)` alphabet to use
+ Use each alphabet in turn
+ Repeat from start after `\(d\)` letters in message
+ Decryption simply works in reverse

.center[<img src="crypto_assets/img/image16.png" style="width: 15%" /><br />.small[Vigenere image courtesy of Wikipedia: https://en.wikipedia.org/wiki/Blaise_de_Vigenere]]

---
#  Security of Vigenere Cipher

+ Has multiple ciphertext letters for each plaintext letter
+ Hence letter frequencies are obscured but not totally lost
+ The key to breaking the Vigenere cipher is to identify the number of translation alphabets, and then attack each separately
	+ Number of translation alphabet depends on length of keyword

---
#  Kasiski Method

+ Method developed by Babbage / Kasiski
	+ Use two key insights
+ 1: Repetitions in ciphertext give clues to keyword length
	+ If two identical sequences of plaintext letters occur at a distance that is an integer multiple of keyword length, they will generate identical ciphertext sequences
+ 2: If keyword length is N, then cipher consists of N monoalphabetic substitution ciphers
	
---

# Kasiski Attack

* Goal of cryptanalyst is to discover length of keyword `\(n\)`
* Line up the ciphertext into `\(n\)` columns
* Each column is then treated as monoalphabetic substitution cipher--attack with frequency analysis

```text
key: abcdef
crypto is short for cryptography.
abcdefabcdefabcdefabcdefabcdefabc

key: abcde
crypto is short for cryptography.
abcdeabcdeabcdeabcdeabcdeabcdeabc
```

???
+ Use known frequency characteristics of plaintext language to attack each monoalphabetic cipher separately

---
#  One-Time Pad

+ Longer “shift words” and shorter messages make frequency analysis more difficult and making it harder it is to crack a message!
+ A **one-time** pad is a list of **random shifts;** selected shift sequence must be **longer than your message**
+ This is **uncrackable** , because of 2 important properties!
	+ Shifts will never fall into a pattern (because pad is longer than message)
	+ Frequency distribution is uniform (because shifts are random)

---
#  More One-Time Pad

+ Because the shifts are random and the list is as long as the message, every possible message (sequences of random letters OR a bunch of possible messages) are equally likely!
+ ***Problem solved, right? So what’s wrong with this?***

---
#  One-Time Pad (Cont)

+ Practical limitations
	+ Making large quantities of random keys
	+ Problem of key distribution and protection, where for every message to be sent, a key of equal length is needed by both sender and receiver.
+ Use of one-time pads
	+ British Special Operations Executive used OTPs in World War II
	+ Hotline between Moscow and Washington DC (established after the Cuban missile crisis) used a commercial one-time tape system

???

Problame on page 37: one-time pads is that both sides need to have the same pad.

How do you tranfer the pad?

And, if the pad is longer than the message, you are doubling (at least) the amount if data.

Not practical for a comptuter network and a way to enable digital purchases

---
#  Security of One-Time Pad

+ OTP has unconditional security
	+ OTP is information-theoretically secure (or ***provably*** secure)
	+ Unconditional security for encryption schemes is also called perfect secrecy
+ Ciphertext C gives absolutely no additional information about the plaintext
+ Example: Eve intercepts Alice’s ciphertext : “EQNVZ”
	+ Eve can find that key “XMCKL” would produce plaintext “HELLO”, but she would also find that key “TQURI” would produce plaintext “LATER”, equally plausible message

---

# LAB: Cryptography Explorations

---
#  LAB: Cryptography Explorations

Go to this URL:

[https://www.khanacademy.org/computing/computer-science/cryptography](https://www.khanacademy.org/computing/computer-science/cryptography)

+ Try these ‘explorations’:
	+ Frequency Fingerprint Exploration
  + Polyalphabetic Exploration
	+ Perfect Secrecy Exploration
	+ How Uniform Are You?

---

# BREAK

---
#  Transposition Ciphers

+ Substitution ciphers involve the substitution of a ciphertext symbol for a plaintext symbol
+ Transposition cipher
	+ Perform some sort of permutation on the plaintext letters
	+ Forms the second basic building block of ciphers
	+ Core idea is to rearrange the order of basic units (letters/bytes/bits) without altering their actual values

---
#  Row Transposition Cipher

+ A more complex transposition
+ Write letters of message in a rectangle, row by row
+ Permute order of columns
+ Read message off column by column

???

"Since transposition does not affect the frequency of individual symbols, simple transposition can be easily detected by the cryptanalyst by doing a frequency count. If the ciphertext exhibits a frequency distribution very similar to plaintext, it is most likely a transposition. This can then often be attacked by anagramming—sliding pieces of ciphertext around, then looking for sections that look like anagrams of English words, and solving the anagrams. Once such anagrams have been found, they reveal information about the transposition pattern, and can consequently be extended."

---
#  Product Cipher

+ Ciphers using substitutions or transpositions are not secure because they do not obscure language characteristics sufficiently
+ Hence consider using several ciphers in succession to make a stronger cipher
	+ two substitutions make a more complex substitution
	+ two transpositions make more complex transposition
	+ but a substitution followed by a transposition makes a  much stronger cipher
+ A substitution followed by a transposition is known as a Product Cipher
	+ Forms a bridge from classical to modern ciphers

---
#  Rotor Machines

+ Before modern ciphers, rotor machines were most common complex ciphers in use
+ Widely used in WW2
	+ German Enigma, Allied Hagelin, Japanese Purple
+ Implemented a very complex, varying substitution cipher
+ Used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted
+ With 3 cylinders have `\(26^3 =17576\)` alphabets

---
#  Rotor Machines of WWII

.pull-left[<img src="crypto_assets/img/image19.jpeg" style="width: 75%" /><br />.small[German Enigma machine, Images in the public domain – courtesy of https://Wikipedia.org]]

.pull-right[<img src="crypto_assets/img/image20.jpeg" style="width: 80%" /><br />.small[Allied C-52 ( Hagelin ) machine,Images in the public domain – courtesy of https://Wikipedia.org]]

---

# Alan Turing

.center[
<iframe width="560" height="315" src="https://www.youtube.com/embed/nuPZUUED5uk" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
]

???

"Alan Mathison Turing OBE FRS (/ˈtjʊərɪŋ/; 23 June 1912 – 7 June 1954) was a British mathematician, computer scientist, logician, cryptanalyst, philosopher and theoretical biologist.[6] Turing was highly influential in the development of theoretical computer science, providing a formalisation of the concepts of algorithm and computation with the Turing machine, which can be considered a model of a general-purpose computer.[7][8][9] Turing is widely considered to be the father of theoretical computer science and artificial intelligence.[10] Despite these accomplishments, he was never fully recognised in his home country during his lifetime, due to his homosexuality, which was then a crime in the UK, and because his work was covered by the Official Secrets Act."

https://en.wikipedia.org/wiki/Alan_Turing

---

# LUNCH BREAK

---

# Modern Cryptography

---
#  Threats to Confidentiality

+ Confidentiality: 
  + Ensuring information is disclosed only to those authorized to know it.
+ Threats to consider:
	+ Data in transit
		+ Packet sniffing / wiretap / surveillance
		+ Man-in-the-middle (MITM)
	+ Data at rest (DAR)
		+ File grabbing from a compromised system
		+ Stolen laptop
+ Cryptography can help by giving us PAIN

---
#  What Can We Enforce?  PAIN

+ **Privacy** – Transactions cannot be viewed by an unauthorized party.
+ **Authentication** – Assurance that an entity’s identity claim is valid.
+ **Integrity** – Assurance that  data has not been altered either intentionally or unintentionally.
+ **Non-repudiation** – Incontrovertible evidence of what occurred and who was involved.

---
#  Cryptography Concepts

+ *Plaintext*: The original message, not necessarily text.
+ *Ciphertext*: The transformed (encrypted) message, should resemble random noise.
+ *Encryption Algorithm*: Takes a plaintext plus an encryption key and returns a ciphertext .
+ *Decryption Algorithm*: Takes a ciphertext and a decryption key and returns the plaintext.
+ **Kerchoff’s Principle**: The security of the system cannot rely on keeping the algorithm(s) secret--> security through obscurity does not work.
	+ The keys are the part we keep secret and can be changed during normal operation.

---
#  Cryptography Process

---

# Symmetric Cryptography

---

#  Symmetric Cryptography

---

# How large is a good key size?

* These days a good key size is: 256 binary bits (i.e., in the form of 1s and 0s)
* Why 256 bits? 
  * In binary arithmetic, with 256 bits we can have a total of `\(2^{256}\)` possible choices for a key.
  * Assume an attacker can test  a billion keys per second (= `\(10^9\)` choices/second)
  * `\(2^{256}\)` keys will then take: `\(2^{256}/10^9\)` ~ `\(10^{77}/10^9 = 10^{68}\)`  seconds ~ `\(10^{16}\)` years! 
  * `\(10^{16}\)` years is a lot of years!! 
* So with a 256 bit key brute forcing through all the keys clearly takes a lot of time--for now!

---

# DES: Data Encryption Standard

* Originally developed in the 1970s by IBM with input from NSA
* Long a US government encryption standard — broad application, though now deemed insecure for many uses
* Symmetric-Key block cipher algorithm Encrypts 64-bit blocks using a 56-bit key
* 16 iterations: replacing blocks of bits (substitution), shuffling the bits (permutation), mingling in bits from the key (transformation)

---

# Interlude: XOR

---

# DES Algorithm

---

# DES, Double DES, Triple DES

* DES broken in 1999: 56-bit key is too small
* NIST withdrew DES as an encryption standard in 2005
* Double DES: C = E(K2, E(K1, M))
* Two encryptions with different 56-bit keys == work factor of one encryption with a 57-bit key
  * This just doubles the length of time to break this version
* Two-key Triple DES: C = E(K1, D(K2, E(K1, M)))
  * Encryption strength up to 80-bit key
  * `\(2^{80}/2^{56} = 2^{24}\)` —> more than 16 million times as long to break this version
* Triple DES: C = E(K3, E(K2, E(K1, M)))
  * Encryption strength up to 112-bit key

---

# AES (Advanced Encryption Standard)

* Original name is Rijndael, originally developed by two Belgian cryptographers Became standard for US government in 2001
* Symmetric-Key block cipher
* 10, 12, or 14 rounds for keys of 128, 192, and 256 bits respectively
* Is more flexible than DES: DES limited to 16 rounds — AES has no internal round limit
* Is approved for protecting Secret and Top Secret information
* Used by web browsers to encrypt/decrypt data
  * Yes! Your Facebook status update is encrypted with AES when it is sent over the network. 
  * Online tool: http://testprotect.com/appendix/AEScalc

---

# AES Algorithm

---

# Other Example Symmetric Algorithms

* Blowfish
  * https://www.schneier.com/blowfish.html
  * Online tool: http://sladex.org/blowfish.js/
---

#  Symmetric Key Summary

+ Both sides use the same key to encrypt & decrypt
	+ ‘Secret key cryptography’ or ‘shared secret’
+ Advantages
	+ Strong for shorter key lengths
	+ Fast – suitable for real-time and bulk encryption of high-speed communication systems
+ Disadvantages
	+ Key Distribution
	+ Key Management

---

# LAB: Symmetric Cryptography

---

# LAB: Mcrypt

* Mcrypt is a symmetric file and stream encryption utility for Linux and Unix that replaces the weaker crypt utility. Mcrypt can be used to encrypt files using several different symmetric encryption algorithms. By default it uses the Rijndael cipher, which is the algorithm on which the Advanced Encryption Standard (AES) is based.

* Mcrypt is not installed by default on your Kali Linux virtual machine. Open a terminal and use the Linux package manager to install this software at the command line as follows:

* **sudo apt-get update**
  * **sudo apt-get install mcrypt**
  
---

# LAB: About Mcrypt

* Although we will be using mcrypt in default mode, it is very powerful and full-featured. To see all of the command-line options available to mcrypt, use the following command:

**mcrypt --help**

* Mcrypt provides a variety of symmetric encryption techniques (you would use the -m option at the command line to access these). For a list of the various symmetric encryption modes available to mcrypt, use the following command:

**mcrypt --list**

---

# LAB: Using mcrypt

* Here is a link to Alice in Wonderland, by Lewis Carroll: [http://www.gutenberg.org/files/11/11-0.txt](http://www.gutenberg.org/files/11/11-0.txt) --> save as *aiw.txt*

* **head aiw.txt**

**mcrypt aiw.txt**

* **head aiw.txt.nc**

**rm aiw.txt**
  
**mcrypt -d aiw.txt.nc**

---

# Alice enters the 21st century

* Alice wants to register an account on her favorite social media site. Here’s what she does. Can you spot any security flaw(s)?

???

# BREAK

???

* RSA
  * Developed by Ron Rivest, Adi Shamir, and Leonard Adleman Public Key encryption algorithm
  * Keys are long: min 256 bits, often 1000 — 2000 bits
  * Encryption involves mathematical exponentiation — is much slower than DES and AES
  * Strength of algorithm is based on difficulty (time) of factoring large numbers: For a large positive integer `\(n\)`, there exist two prime numbers `\(p\)` and `\(q\)` such that `\(n=p \times q\)`
    * The problem is to find these two primes, given only `\(n\)`.

---

# Asymmetric Cryptography

---
#  Asymmetric Cryptography

---
#  Asymmetric Key

+ We use different (but related) keys for encryption and decryption
	+ ‘Public key cryptography’
	+ Sender encrypts with receiver’s public key
	+ Receiver decrypts with receiver’s private key
+ EXAMPLES: RSA Algorithm, Elliptic Curve Cryptography

---

# Encrypting messages for confidentiality

---

# Non-repudiation (digital signature)

* How can Alice, prove that she is the only one who could have signed a document?

* If Bob (or anyone else) successfully decrypts the SignedDocument with Alice’s Public key, it can only imply one thing: The document was encrypted using Alice’s private key. Since, Alice is the only one who has her private key, it must be Alice who signed the document--no one else could have signed the document.
* This also provides authentication that Alice is who she says she is.

???

KU: public
KR: private

---

# Confidentiality and Authentication

* How can Alice, achieve both confidentiality and digitally sign the document?

.center[<img src="crypto_assets/img/public_key_confidentiality_authentication.png" style="width: 80%" />]

---
#  Asymmetric Key: Advantages

+ Key distribution: Only the private key must be kept secret, the public key can be shared freely.
	+ Also supports authentication and non-repudiation via digital signatures
		+ Symmetric key supports Message Authentication Codes (MAC)
		
.center[<img src="crypto_assets/img/asymmetric_advantages.png" style="width: 90%" />]

---
#  Asymmetric Key: Disadvantages

+ Strength is dependent on the infeasibility of solving certain hard (as in NP) problems.
	+ e.g. Discrete logarithm, factoring large numbers
		+ Calculating `\(19*31=589\)` is easy, but given a large number and asked to determine its two prime factors is computationally difficult
		+ Note that in real systems, the product term is very large
	+ A mathematical breakthrough could provide a feasible way to solve the problem and break the encryption.
	+ Faster computers, quantum computers, etc. could facilitate breaking encryption.
+ Much slower than symmetric key. Not suitable for real-time or bulk encryption.
	+ We use asymmetric methods for digital signatures, for exchanging symmetric keys and for key agreement

???

* number theory is important
* the 589 is like the public key -- its two prime factors are like the secret key

---
#  MitM Attack Against Asymmetric Key Systems (1)

---
#  MitM Attack Against Asymmetric Key Systems (2)

---
#  Problem

+ How do we know we are really talking to the right party?
+ Anyone can send you a public key to use.
+ A digital signature only ties a message to a private key, not to a person.
+ .highlight[We need a way to bind a public/private key pair to a specific individual.]

---
#  Solution

+ Public Key Infrastructure (PKI)
	+ A trusted third party, a **certificate authority** (CA), vouches for the individuals and their keys.
	+ A **registration authority** (RA) issues **digital certificates** that bind key pairs to identities.
	+ Certificates can be created for people, organizations, or specific computers.
	+ The PKI includes mechanisms to issue, revoke, and verify certificates.

???

lide 65, add exa,ple CAs... or have a lab in which you look on your devices for a list of all the CAS?

KEY: there are CAs on that list you would not expect.  Want to be more secure?  You can delet4e some of them!

Slide 65: you might want to comment about regionality... your MS OS boughgt in the USA doews not have the same CAs as the laptop boungt in England or Turkey....

---
#  PKI

+ The issuer digitally signs the certificates, allowing us to verify their authenticity and integrity.
+ There may be multiple layers of certificates verifying others in a ‘**tree of trust**’ or ‘**web of trust**’.
+ A CA has one or more **root certificates** that we must trust implicitly.
+ Certificates have an expiration date. The CA may issue a **certificate revocation list** (CRL) of certificates that have not expired but should not be trusted.
+ “**Self-signed certificates** ”

???

"Public-key cryptography can be used to encrypt data communicated between two parties. This can typically happen when a user logs on to any site that implements the HTTP Secure protocol. In this example let us suppose that the user logs on to their bank's homepage www.bank.example to do online banking. When the user opens www.bank.example homepage, they receive a public key along with all the data that their web-browser displays. The public key could be used to encrypt data from the client to the server but the safe procedure is to use it in a protocol that determines a temporary shared symmetric encryption key; messages in such a key exchange protocol can be enciphered with the bank's public key in such a way that only the bank server has the private key to read them.

The rest of the communication then proceeds using the new (disposable) symmetric key, so when the user enters some information to the bank's page and submits the page (sends the information back to the bank) then the data the user has entered to the page will be encrypted by their web browser. Therefore, even if someone can access the (encrypted) data that was communicated from the user to www.bank.example, such eavesdropper cannot read or decipher it.

This mechanism is only safe if the user can be sure that it is the bank that they see in their web browser. If the user types in www.bank.example, but their communication is hijacked and a fake website (that pretends to be the bank website) sends the page information back to the user's browser, the fake web-page can send a fake public key to the user (for which the fake site owns a matching private key). The user will fill the form with their personal data and will submit the page. The fake web-page will then get access to the user's data.

This is what the certificate authority mechanism is intended to prevent. A certificate authority (CA) is an organization that stores public keys and their owners, and every party in a communication trusts this organization (and knows its public key). When the user's web browser receives the public key from www.bank.example it also receives a digital signature of the key (with some more information, in a so-called X.509 certificate). The browser already possesses the public key of the CA and consequently can verify the signature, trust the certificate and the public key in it: since www.bank.example uses a public key that the certification authority certifies, a fake www.bank.example can only use the same public key. Since the fake www.bank.example does not know the corresponding private key, it cannot create the signature needed to verify its authenticity."

sPage 66 ... self signed certs = certs whos CA is your own machine on which you made them.... every machine can generate self signed certs....

Problem: anyone who wants to trust the cert must manually install it... it is not part of a PKI

???

How to find list of trusted certs:

* mac os + ios: https://support.apple.com/en-us/HT209144

---
#  ‘Hybrid’ Cryptography

+ Most cryptosystems combine the flexibility of asymmetric with the efficiency of symmetric.
+ We generate a symmetric  ‘per-message’ or ‘session’ key and use it to encrypt the data. [fast]
+ We use an asymmetric method [slower] to:
	+ Encrypt the per-message key and attach it to the message
	+ Exchange (or agree upon) session keys
+ The receiver uses the asymmetric method to decrypt the per-message key and then uses that key to decrypt the data.

???

#  Digital Signatures

+ Sender computes a hash of the message. (e.g. MD5, SHA-1)
+ Sender encrypts the hash with his private key and attaches this ‘digital signature’ to the message.
	+ Typically use separate key pairs for encryption and signing.
+ Receiver computes the hash of the received message.
+ Receiver decrypts the digital signature with the sender’s public key; this returns the hash generated by sender.
+ If the hashes agree we know:
	+ The message was not altered, since the hashes agree. (Integrity)
	+ The message is authentic: only someone with the sender’s private key could have created the valid digital signature. (Authenticity)
	+ The sender cannot repudiate the message. (Non-repudiation)
+ If the hashes don’t agree, the message is a fake or corrupt.

???

Use?

#  Key Exchange

+ Two parties with no prior knowledge…
+ Establish a shared secret key…
+ Over an in insecure communication channel

*This is cool stuff, imagine two people in this room who have never talked before… They stand up and create a secret key with everyone in the room listening. How do they do that?*
+ e.g. Diffie – Hellman Key Exchange

#  Diffie-Helman Example

+ Alice and Bob agree on non-secret values, p =23, g =5
+ Alice: choose a secret *a* , calculate and transmit *A*
+ Bob: choose a secret *b* , calculate and transmit *B*
+ Both: independently compute the session key, *K*
![](crypto_assets/img/image13.png)

---
#  Cryptography Threats

+ Cryptanalysis – science of cracking codes, decoding secrets, breaking protocols
	+ Brute force
	+ Known/Chosen ciphertext attacks
	+ Chosen Plaintext attacks
	+ Timing attacks
	+ Side-channel attacks
+ Key disclosure
+ Broken algorithms
+ Poor implementation
+ User failures

???

#  Diffie-Hellman

+ Why can’t you just factor the keys by brute-force?
+ Security relies on the difficulty of computing logarithms in these fields
	+ discrete logarithms takes O(e log n log log n) operations

#  Key Management

+ How do I really know that a public key is your public key?
+ What happens when your private key is compromised and you need to revoke your public key?

---

# LAB: Public and private key generation

---

# LAB: Public and private key generation

On the Linux box provided with the Virginia Cyber Range, you can generate your own public and private keys. 
Using software called GPG (short for GNU Privacy Guard; GNU is short for “GNU’s not UNIX”). 
Follows a standard called OpenPGP (Open Pretty Good Privacy) standard. 
https://www.gnupg.org/

Generating a public/private key pair: On the terminal type: 
			gpg --gen-key

Frustration warning: GPG takes a while to generate keys as it requires a lot of entropy to generate random numbers. Be patient, or even better, use the mouse pointer and move it randomly repeatedly!

???
gpg --list-keys
export public key
gpg --armor --export alice@cyb.org

* https://www.gnupg.org/gph/en/manual/c14.html
* https://emailselfdefense.fsf.org/en/
* results will be in ~/.gnupg

gpg --list-keys
gpg --armor --export alice@cyb.org

Signal app used...

---

#  BREAK

---

#  Secure Hash Functions

---

# Hash Functions

> From Wikipedia: “A hash function is any function that can be used to map data of arbitrary size to data of fixed sizes. The values returned by a hash function are called hash values, hash codes, hash sums or simply hashes.”

.pull-left[
* Commonly used: data structure in software called hash table, used for fast lookup of data 
* Example from Wikipedia: 
.small["Assume we need to store data on 10000 students (with names like John Smith, Lisa Smith etc..)
If we maintain a list of 10000 students, in the worst case to look for a student we need to search 10000 entries. 
Solution: hash function: take each name and convert it into a number between 1-15 using some math function. 
E.g., John Smith becomes 02.
Store John Smith’s record at: 02. 
Collisions may occur: multiple names map to same number. But still search is fast, you are not searching 10000 records, but approximately 10000/15 records)."
]
]

---

# Hash Functions (2)

* We have seen hash functions in action in many places: 
  * E.g., in libraries: the numbering of books allows us to narrow our search to specific shelves/aisles.

* Hash functions are one way: 
  * E.g., h(“John Smith”) = 02. However, if you know 02, you cannot figure out the name John Smith.

---

# Secure Hash Functions

* The hash function, given some arbitrary input (e.g., Complete works of Shakespeare), generates a fixed size hash value.
  * Performs a one-way function H( ) on a message M, to return a fixed string H(M)
* Easy to compute for any given message M
* Infeasible to modify M without changing H(M)
* It should be very difficult (computationally infeasible) to find another input that generates the same hash value: ie find a message M for given H(M)
  * Infeasible H(M1) == H(M2) given M1  != M2
  * This is called collision resistance property.
 
---

# Collision Resistance

* It should be very difficult (computationally infeasible) to find another input that generates the same hash value.
* Secure hashes are used to detect if some data (e.g., a file) has been tampered. How?
  * Given a file, a secure hash function generates a fixed size “hash” value.
  * If an attacker tampers the file (e.g., by adding a virus to this), the hash value will be different – and the attack will be caught!
  * But what if the attacker does something intelligent? 
  * They tamper with the file such that the hash value is the same as the original. 
  * However, it should be computationally infeasible for the attacker to do this,  otherwise we are not using a secure hash function.

---

# Secure Hash Function Examples

* MD5: message digest 5. Try it out: http://onlinemd5.com/

* SHA-1 (secure hash algorithm 1) – produces 160 bit hash value: not so secure. Chrome, Firefox, IE and Safari will not accept this from 2017. SHA-2, SHA-3: hashes currently in use today.

* Here is a good introduction to hashes: http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

???

So, SHA1 or MD5 are still sued for bit correction... errors random in transit.

But, SHA3 should be used for non-repudiation... because someone could intelligenttly (not randomly) change data in transit in SH1

---

# Example Uses

* Downloading files online (software, music, movies etc.)
  * Hashes ensure you do not download a tampered file (e.g., a file with malicious software (malware) such as a virus inserted). 
  * If you ever received a download error – this could be the reason: the original hash did not match the downloaded file’s hash. 
  
* Creating cookies (e.g., session cookies)
  * When you login to a site, then for a certain duration of time, you can continue visiting the site without logging in again. 
  * This is with the help of session cookies. 
  * A session cookie is a hash of various sensitive data that lets you visit the site repeatedly for a certain time without re-entering username/password
  * Example session cookie: hash of (username, password, timestamp, IP address, geographic location of the user).

---
#  Cracking Hash Functions

.center[<img src="crypto_assets/img/hashtoolkit.png" style="width: 80%" /><br />.small[[http://hashtoolkit.com/](http://hashtoolkit.com/)]]

---

# LAB 6: Secure Hash Function Demo

---

# LAB: Downloading Software with a Secure Hash

* Example: https://www.r-project.org/

---

# Network Encryption
* Encryption protects only what is encrypted
* Encryption algorithms are difficult to create — do not try this at home 
* Strong encryption depends on strong and safeguarded keys 
* Encryption is not a silver bullet

---

# Link Encryption

.pull-left[
* Encryption of the physical link between two hosts — Link Layer
* Useful when the transmission line is the point of greatest vulnerability
* All application communications are encrypted automatically
]

# End-to-End Encryption

.pull-left[
* Encryption between two applications — Application Layer
* Protocol header fields necessary for routing are not encrypted
* Only messages from that application are encrypted
]

# SSH 1

* Remote machine administration: telnet, FTP, rlogin —> data sent in plaintext
* SSH: application layer protocol —> symmetric and public-key cryptography to create encrypted communications
  * The client connects to the server via a TCP session
  * The client and server exchange information: eg supported encryption methods and protocol version — each chooses a set of protocols that the other supports
  * The client and server initiate a secret-key exchange — shared secret key to encrypt communication (but not for authentication). This session key is used in conjunction with a chosen block cipher (typically AES, 3DES) to encrypt all further communications.
  
---

# Key Exchange

+ Two parties with no prior knowledge…
+ Establish a shared secret key…
+ Over an in insecure communication channel

---

# Diffie-Hellman Key Exchange

1. Alice and Bob publicly agree to use a modulus p = 23 and base g = 5 
2. Alice chooses a secret integer a = 4, then sends Bob A = `\(g^a\)` mod p
  * eg, A = `\(5^4\)` mod 23 = 4
3. Bob chooses a secret integer b = 3, then sends Alice B = `\(g^b\)` mod p
  * B = `\(5^3\)` mod 23 = 10
4. Alice computes s = `\(B^a\)` mod p
  * s = `\(10^4\)` mod 23 = 18
5. Bob computes s = `\(A^b\)` mod p
  * s = `\(4^3\)` mod 23 = 18 
6. Alice and Bob now share a secret (the number 18).

???

https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

---

# SSH 2

* The server sends the client a list of acceptable forms of authentication, which the client will try in sequence. The most common mechanism is to use a password or the following public-key authentication method:
    * Client sends the server its public key.
    * The server then checks if this key is stored in its list of authorized keys. If so, the server encrypts a challenge using the client’s public key and sends it to the client.
    * The client decrypts the challenge with its private key and responds to the server, proving its identity.
* Once authentication has been successfully completed, the server lets the client access appropriate resources, such as a command prompt.

---

# HTTPS

---

---
.center[<img src="crypto_assets/img/onion_routing.png" style="width: 90%" />]

---

???

#  Crypto System Examples

???
#  Data Encryption Standard (DES)

.pull-left[
+ Original US Government-approved **symmetric**  **key** algorithm for public use.
+ Obsolete: the 56-bit key is weak by today’s standards
+ Triple-DES (3DES) applies the DES algorithm to the data three times to achieve an effective key length of 168-bits.
+ 3DES is slow and all but obsolete, too.
]

???
#  Advanced Encryption Standard (AES)

+ The Rijndael Algorithm was chosen as the AES in 2001 to replace DES.
+ Efficient symmetric protocol, suitable for implementation both in hardware and software.
+ The key sizes of 128, 192, or 256 bits are strong enough for a LONG time to come.
+ Approved by NSA for top secret information and by NIST as part of FIPS-140.
+ [http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html](http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html)

???
#  RSA Cryptosystem

+ Rivest , Shamir, and Adleman
+ Used for, encryption, key agreement, and digital signatures.
+ Generates the public-private key pair from the product of two very large prime numbers. [p*q=n…and some other steps…]
+ Generating products is easy, factoring is hard.
+ The CAC (Common Access Card) contains RSA keys.
+ The public key is ( n,e ) and the private key is ( n,d )
+ To encrypt: `\(c = m^e \text{ mod } n\)`
+ To decrypt: `\(m = c^d \text{ mod } n\)`

???

#  Elliptic curve cryptography (ECC)

+ Works on the basis of elliptic curves (EC)
+ Given an EC and a number (the private key) it is easy to find  a point in a plane (the pubic key); however, given that point it is infeasible to determine the original number.
+ Benefits are:
	+ increased speed
	+ less memory
	+ smaller key sizes (160b vs. 1024b)
+ Security of algorithm is a concern.

# DAY 3 Takeaways