5 - 1 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 1 SANS GIAC LevelOne Security Essentials Introduction to Encryption I Hello, welcome to Introduction to Encryption I. Several people contributed to this course including Harish Bhatt, Stephen Northcutt, Mark Kern and Eric Cole. This is one of the most important classes we have the privilege to teach as part of GIAC. Encryption is real, it is crucial, it is a foundation of so much that happens. I guess you know that one of the SANS mottos is never teach anything in a class the student can’t use at work the next day. One of our goals in this course is to help you be aware of how cryptography is used in our world. But we are going to share a lot of hard earned pragmatic lessons and we hope they will help you. Without cryptography there is no e- commerce, no military presence on the Internet and no privacy for the citizens of the world. Encryption plays a key role in the current security landscape and anyone that works in the field of security must have a good understanding of what encryption is and how it works. 5 - 2 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 2 What is cryptography? • Cryptology means “hidden writing”. • Encryption is coding a message in such a way that its meaning is concealed. • Decryption is the process of transforming an encrypted message into its original form. • Plaintext is a message in its original form. • Ciphertext is a message in its encrypted form. Since this course is an introduction to encryption, we should cover what it is. Cryptography means “hidden writing”, and various forms of hidden writing have been used throughout history. One of the main goals of cryptography is to communicate with another party in such a way that if anyone else is listening, they cannot understand what you are saying. So, in its most basic form cryptography garbles text in such a way that anyone that intercepts the message cannot understand it. An excellent source to get a better appreciation for this field of study is The Code Breakers by David Kahn. This book gives a great background of how hidden writing has been used throughout history. Just to show you how far back this field goes, one of the first people to use encryption was Julius Caesar and the original cipher was called the Caesar cipher. He used a basic substitution similar to the encryption schemes that are used on the back of kids’ cereal boxes. But without the help of computers, they were very difficult to break. Now that we understand what the field of cryptography is, lets cover some basic terms. Encryption or encryption algorithms are used to code a message in such a way that its meaning is concealed. Once a message has been transformed with an encryption algorithm, the resulting message is called ciphertext. Since ciphertext contains a message in its encrypted form, the message does not “mean” anything, since it cannot be read in its native form. In order for the recipient of the ciphertext to be able to read the message, they need to decrypt the message. Decryption is the process of transforming an encrypted message back into its original plaintext form. 5 - 3 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 3 Why do I care about crypto? • It plays a key part in defense in depth • Encryption helps solve a lot of security issues • Department of Commerce no longer supports DES • NIST just announced the new AES (advanced encryption standard) • The “bad” guys are using it. – Distributed Denial of Service daemons protected by blowfish • Anyone working in security must understand encryption. Encryption is important since it play a key role in the protection of a company’s resources. If more people and companies used encryption on a regular basis, a lot of the security issues that we have today would go away. Remember, one of the golden rules of information security is defense in depth. The principle highlights the fact that you should never rely on a single mechanism to protect the security of your site. You need to use several defense mechanisms in conjunction, to have the proper level of security at your company. A firewall is a good starting point, but it needs to be combined with intrusion detection systems, host protection, virtual private networks, and encryption. As we write this course, there are a number of contemporary news stories about cryptography, England and Ireland can’t agree on a standard for instance, but that is hardly news. Export encryption laws are being relaxed, NIST announced the winner for its advanced encryption standard (AES), the patent expired on RSA, and the US Department of Commerce no longer supports DES! So if you have been staying up on the latest security news, you can’t but notice how important encryption is from an information security perspective. Almost every bank uses DES hardware to protect their financial transactions. These networks have been put in place for years and all of a sudden the hardware is invalid! What happened? One thing that happened is that there have been plans available on the Internet for years to build near-real-time decryption of DES. With the P6 chip you can do this for an investment of $200K. If $200K can attack billions and billions of dollars, it might just be worth it. What do you think? But the banks? How fast can they react? How fast can they replace their infrastructure? How exposed are they? Well the handwriting has been on the wall for a while now. In 1997, Rocke Verser broke a 56-bit challenge. At first blush it seemed DES was safe, this effort took four months to complete. This was only the beginning – in 1998 the Electronic Freedom Foundation computer nailed this key length in 56 hours. And the beat goes on. In the mean time the underground uses cryptography to protect what they are doing. For instance the ddos systems that attacked numerous businesses such as yahoo used encryption to protect their covert communication channels. If the bad guys are using it to break into sites, shouldn’t the good guys be using it to the protect their sites. Defenders and attackers alike, the information operations cyberscape of century 2K will rely on cryptography! 5 - 4 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 4 •Case Studies • The Challenge That We Face • Cryptosystems Fundamentals • Types of Cryptosystems • Real-World Implementations Course Objectives So let’s get into it! Who uses cryptography, who needs crypto? After we firmly establish the who and why, we will discuss the what! We will also cover how they work and the different types of systems. In this first course we will learn the requirements of a crypto system, we will look at some of the classic weaknesses, we will walk through some basic algorithms and we will learn a number of terms. Cryptography is more than the science of applying ciphers, it must also be an art, the devil is in the details in this sport. A cryptosystem is the algorithm, the keys, the plaintext, the whole nine yards! 5 - 5 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 5 •Case-In-Point: DVD “Encryption” • Proprietary algorithms are high-risk • “Tamperproof” hardware can be defeated with sufficient effort • Technical solutions usually do not satisfactorily address legal issues Security By Obscurity Is No Security! Gotta love DVD, it really brings “The Matrix” to full intensity. But there is a cryptography story here that has a couple of important lessons for all of us: - Never, ever believe in a “secret” cryptographic algorithm (unless you work for NSA). - Never, ever rely on technology (or anything else) as your only wall of defense. - Above all, do not ever attempt to write your own encryption system! You aren’t that smart! So what happened? The motion picture industry spent years developing a standard for encryption. Then they released it. Not the standard for review, but the product (DVD) that relied on the standard. Very quickly thereafter a couple technologists who go by the handles “Canman” and “SoupaFr0g” decoded the magic algorithm and released a program, a very popular program in some circles called DeCSS 1.2b that allows one to pull the decrypted data off the DVD disk and store and play it like any other multimedia file. Don’t want to pay $20.00 for “The Matrix”? No problem! Now, that really is what I call walking the path! And what to do now? Do you sue Canman for $63 quadrillion? 5 - 6 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 6 Beware of Over-Confidence •Case-In-Point: Large Key-Lengths • Simply using popular cryptographic algorithms, with large key lengths does not make your system secure! • What’s the weakest link? • Cryptanalytic compromises usually come from totally unexpected quarters! Case 2: In 1998, Stephen Northcutt served as the technical analyst to support a team of law enforcement agents to detect, investigate, apprehend, and convict a child pornographer. The interesting thing was the perpetrator used cryptography to transmit the data right past Stephen’s intrusion detection systems and evade the signature matching system. How did he get caught? Wasn’t hard. In Stephen’s classes, for years he as been trying to teach that “size does matter”! The first clue was that too much data was being transmitted. That stands out like a sore thumb. The next clue is that well-encrypted traffic has a signature – it is blander than vanilla pudding. You can detect an encrypted bitstream simply by sorting the bits and seeing if you have an even distribution. A good encryption algorithm enforces randomness to be resistant to known-plaintext and chosen-plaintext attacks. But if you examine the content, the payload bits in a normal connection, they are anything but random. So detection was easy. How do you attack the cryptography? You can imagine the agents! It is encrypted, we are done for, let’s just bring him in and question him, maybe we will get lucky! Lucky was much easier than that – we tossed one of his supplier machines and he had hard coded his key, game over! Key discipline is everything in this sport! 5 - 7 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 7 Simplicity is a “Good Thing” •Case-In-Point: eCommerce & eBusiness • Morphing your business into a dot.com can be a complex undertaking • Taking shortcuts in **any** aspect of the development of your eCommerce systems can introduce weak links • Security is a “process” .not a product! We can divide the students listening to this webcast into two primary groups: those who use government sponsored and developed encryption and those who don’t. The United States military uses NSA developed encryption for all classified and some additional communications. NSA provides more than just encryption hardware, they provide the keys and the rules, they have an entire infrastructure because they know there is more to protected communications than algorithms resistant to cryptanalysis. Then there is the rest of us, including most of the US military. We are all becoming “.coms” in some sense. Traditional catalog retailers are rushing to establish an Internet presence, universities rushing to offer on line courses and exams, and on it goes. Just like our criminal example on the previous slide, there are a number of places where things can go wrong when protecting information in transit and at rest. Cryptography provides us with a suite of tools that can help us with Confidentiality and Integrity though. Somehow people feel safer when the key is solid on their https connection, and so they are more willing to use their credit card. Personally, I am more concerned about the clerical worker being paid minimum wage to process all the orders at the end of the day with access to thousands of card numbers than I am about sniffers, but that is just me. 5 - 8 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 8 Credit Cards Over the Internet •Case-In-Point: How many people will use their credit card to buy merchandise on the Internet? How many people will pay for a meal with a credit card? • Which is riskier? – Perception vs. reality • Real risk is back end database, that possible stores credit cards unencrypted. • Understanding the threat is key. If you take a survey of a classroom of students and ask them how many people will use their credit card to buy merchandise over the Internet, around 60%-70%, would raise their hand. If you then asked them how many people would pay for a meal in a restaurant with a credit card, you usually get al least 90% of the class. Is paying for a meal more secure? Actually, no. It is just because people have been doing it for a longer time period, they perceive it to be more secure. But remember, perception and reality are two different things. Let’s look at these two scenarios for a minute. The next time you pay for a meal with a credit card, look down at your watch when the wait person takes your card to process it. Normally, a total stranger that you never met before takes your card into a back room and (on average) returns ten minutes later. Now, if that is not bad, it actually gets a little worse. Most people sign the bill, leave it on the table and exit the restaurant. Now, even if the wait staff picks it up, they now have a piece of paper that has all of your credit card information on it and your signature. What if someone else walks by the table and picks it up? Now you have even bigger problems. On the other hand, when you buy something on the Internet, you enter the credit card from the comfort of your own home, and the chance of someone intercepting it as it flies over the Ethernet is very slim and even if someone does, the data is encrypted so they would not be able to read it. In reality, the real threat to using credit cards in either scenario is where the credit cards are stored once they are received by the company. With a lot of online commerce, companies claim they are secure because they use SSL to protect the data. That might be true, but then they store the credit cards on a server that is connected to the Internet and the information is stored in plaintext. Now, from an attacker’s standpoint, you can either try to intercept an encrypted credit card - which would take a lot of work (if not an infinite amount of time) to crack it, and even if you do you only get one credit card. On the other hand, an attacker could break into the server with minimal effort and get a large amount of credit cards. 5 - 9 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 9 The Challenge That We Face Plain Text Plain Text Nialp Txet Nialp Txet Communications in the presence of adversaries… Confidentiality ! !! ! Integrity ! !! ! Authentication ! !! ! Non-Repudiation Insecure Network Encryption Decryption Cryptographic Algorithm Cryptographic Algorithm Encryption Key Adversary Adversary ? ? “Alice” “Bob” Decryption Key OK, so far we have discussed the need for cryptography and introduced practical applications of it in our case studies. Moving to next section of the course, we will take a closer look at what the real user requirements are. This slide gives us a reasonable overview. Bob and Alice wish to exchange information securely. Their cipher is built on the basic transformations, permutations and substitutions. The result of the cipher is that the message is transformed so that without knowledge of the cipher, of the key system it is hopefully unreadable. Both Bob and Alice have a number of requirements, but let’s restate one of them from the get go, the algorithm used must be a well known, established, scrutinized, tested, accepted method of encryption. I never cease to be amazed at the number of software authors that are also wanna-be cryptographers that generate some half-baked cryptosystem, include it with their product and folks actually use it! There is a very popular firewall product for instance that has its own encryption algorithm. Today we are going to learn about the major systems and avoid the “wanna bes”. Using a proper algorithm is your responsibility as an educated consumer. When you do choose your approach to encryption you take something on faith – that an adversary listening on an untrusted network cannot intercept communications and reverse engineer your key. This is done via a one way function, if we have message x we can compute f(x), but if they have f(x) it should be very hard to retrieve x. 5 - 10 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 10 Alice’s Perspective . Plain Text Nialp Txet Insecure Network Encryption Cryptographic Algorithm Adversary ? “Alice” Details of Cryptographic Algorithm must be publicly known and intensely scrutinized by the global cryptographic community It must be impossible to determine the Plaintext by simply examining the Ciphertext “Alice” must be trained in the proper use of the cryptosystem It must be possible for “Alice” to clearly indicate that she is the sender of the message, and to provide a mechanism for the recipient (“Bob”) to detect any tampering . Knowledge of the Key must be mandatory in order to successfully perform meaningful encryption and decryption operations Encryption Key So now we introduce Alice. Like all of us, she just wants it to work. She needs to be able to send a message to Bob and for it to have the same level of integrity it would have if she walked up and handed it to him. In addition to being unreadable by adversaries (confidentiality), we may have the following requirements: - Authentication: if Alice walks up to Bob and hands him a message, he knows the message is from Alice for sure. Alice may have a requirement of the crypto system to provide equivalent service. - Integrity: it should be possible to prove the message has not been tampered with, that this is the same exact message that Alice wrote to Bob. - Non-repudiation: the system should be able to prove that Alice and only Alice sent the message. The technology to do this is available, but for this system to work in practice, the non-technical issues are also important. Alice and every user of the system must be trained in its use and its limitation and have access to the keys and yet keep them protected and current. [...]... sensitive information Integrity is concerned with preventing, detecting, or deterring the improper modification of information An unauthorized person should not be able to modify data, or if they do, it must be detectable Authentication is involved with identifying who an individual is If you think you are talking to Eric, you should be able to authenticate that you are really communicating with Eric... Public keys widely distributed within digital certificates – Technical non-repudiation via digital signatures Public Directory (Digital Certificates) Bob’s Public Key Plain Text Nialp Txet Cryptographic Algorithm INSECURE NETWORK Examples: Bob’s Private Key Nialp Txet Plain Text Cryptographic Algorithm • RSA • El Gamal • ECC “Bob” “Alice” Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001... https://[host].[enterprise].com/ • Confidentiality: Triple-DES, RC4 • Integrity: MD5, SHA-1 • Authentication: RSA, Diffie-Hellman • Non-Repudiation: digital signature Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 31 The notion of a server-side certificate is a compelling one The software to handle the encryption is bundled into the browser, so it is as simple as clicking on a link marked “https” instead of “http”... lot of material, we have discussed the need for encryption, we have tried to show in a number of ways that it is a tool Like all tools it has flaws, encryption is not magic or even mysterious We have discussed some of the types of encryption and real world examples We hope you have enjoyed this introduction to encryption 5 - 32 Course Revision History Introduction to Encryption I – SANS GIAC LevelOne... using the same key – E.g Caesar Cipher, Shift Cipher, Substitution Cipher, Vigenere Cipher, Permutation (Transposition) Cipher Example: Rot-13 Wheel Key • a shift cipher • key=13 Plain Text Nialp Txet Block Cipher Algorithm GUESS Rot-13 THRFF Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 19 Cryptographic algorithms are called ciphers Classical cryptography books will break them into... national security, bank transactions or the location of your dog’s buried bone 5 - 26 Alice & Bob Choose a Cryptosystem? Block Cipher? Stream Cipher? Symmetric-Key Cryptosystem? Asymmetric-Key Cryptosystem? Increasing Sophistication Cryptographic Algorithm Cryptographic Algorithm Decryption Key Encryption Key Plain Text Encryption “Alice” Nialp Txet Nialp Txet Alice and Bob must agree on which cryptosystem...Goals of Encryption • “Alice” and “Bob” need a cryptosystem which can provide them with: Confidentiality Integrity of Data Authentication Non-Repudiation •“Cryptography is about communications in the presence of adversaries” (Rivest,1990) Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 11 Bob of course has the same requirements as Alice! On this slide we sum up our requirements of... system, confidentiality, integrity, authentication, and non-repudiation These are the main goals of a good encryption system It is important to keep in mind that no cryptographic algorithm is known to be “secure.” The first case study discussed a well known, failed, defeated cryptosystem The strength of a cryptosystem is its ability to withstand attack There are a number of attacks against cryptosystems,... will use while communicating with each other Decryption Plain Text “Bob” Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 27 So what’s wrong with this picture? Bob and Alice are very unlikely to go shopping for a crypto system! When we go shopping we buy firewalls and VPN’s and smart cards and authentication tokens, we rarely buy encryption systems by themselves If the encryption is implemented... channel Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 28 Keep in mind that while we are discussing encipherment and decipherment, we are discussing these in relation to exchanging keys This is not a system that you would want to use for bulk data encryption, the performance simply isn’t there Diffie-Helman and also Merkle came up with a way to handle key exchange and it scales to the kinds . discipline is everything in this sport! 5 - 7 Introduction to Encryption I – SANS GIAC LevelOne ©2000, 2001 7 Simplicity is a “Good Thing” •Case-In-Point:. “Public-Key” Encryption – Slow! …Public/private key pair – Public keys widely distributed within digital certificates – Technical non-repudiation via digital signatures