Nell’iperspazio con Rocket: il Framework Web di Rust!
Cryptology - Antônio Lacerda
1. I Workshop Interamericano de
Segurança de Software e Hardware
em Metrologia Legal
Antônio Lacerda
Researcher – Inmetro
Cryptology
2. I Workshop Interamericano de
Segurança de Software e Hardware
em Metrologia Legal
Antônio Lacerda
Inmetro's Researcher
Cryptography used to be an obscure science, of little relevance to
everyday life. Historically, it always had a special role in military and
diplomatic communications.
It's time for cryptography to step out of the shadows of spies and the
military, and step into the sunshine and be embraced by the rest of us.
(The Code Book, Simon Singh)
3. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Emitter Receiver
Communication
Channel
Normal Flow of Communication
4. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
What is Cryptology?
5. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptology is the science whose goal is to protect
communication against intentional and not allowed
interferences.
Cryptology is supported by several other areas: mathematics,
computer science, physics, psychologhy, philolgy etc.
Is Cryptology a branch of mathematics? I disagree!
6. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptology is a new old science!
Old because it is a millennial science.
In fact, “protection of sensitive information is a desire reaching
back to the beginnings of human culture” (Otto Horak).
New because the first time we saw an announced lecture series
under the open title “Cryptology” took place in German in 1981.
Before this, the few ones took place under the name “Special
Problems of Information Theory”.
7. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptology is divided in two (or four) subareas:
- Cryptography (and its counterparty: cryptanalysis)
- Steganography (and its counterparty: steganalysis)
From Greek:
- kryptos = hidden
- steganos = covered
8. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptography aims to protect the communication in a insecure
channel.
Emitter Receiver
Insecure Communication
Channel
Cryptanalisys aims to break the cryptography.
9. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Steganography aims to protect the existence of the
communication.
Emitter Receiver
Communication
Channel
Steganalisys aims to break the steganography and to discover
the existence of the communication.
10. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptography: overt secret writing
Steganography: covert secret writing
12. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
What is steganography?
Part of Cryptology involving knowledge and techniques to hide
or to camouflage a message inside another.
13. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Steganography
Steganography
14. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Steganography by kids:
Inglourious Bastards
Notting Hill
Mission: Impossible
Edward Scissorhands
True Lies
Raiders of the Lost Ark
October Sky
15. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Steganography by kids:
Inglourious Bastards
Notting Hill
Mission: Impossible
Edward Scissorhands
True Lies
Raiders of the Lost Ark
October Sky
16. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Ancient steganography:
- Tattooed messages on head of messengers.
- Messages in stomach of hunted animals.
- Messages on wood logs covered with wax.
17. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Modern steganography:
- Invisible inks.
- Microdots.
- LSB (Least Significant Bit).
- Covert channels.
18. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Modern steganography: Invisible ink
20. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
What is cryptography?
Part of cryptology involving knowledge and techniques to
transform information in its original form into an illegible form,
so that only the emitter and receiver can access the original
content by using a secret.
21. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Services provided by Cryptography:
- Confidentiality: To allow access only to authorized people.
- Integrity: To assure that the content of the message was not
modified.
- Authenticity: To assure that the emitter and receiver are who
they claim they are.
- Non-repudiation (non-retractability): The emitter cannot deny
he is the message sender.
22. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Attention
There isn't an algorithm that is capable to provide all
cryptographic services. For each service, you will need one or
more algorithms.
23. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Attacks to communication
24. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Emitter Receiver
Communication
Channel
Again: Normal Flow of Communication
Every modification in normal flow not allowed by emitter or
receiver is an attack.
25. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Interception
The attacker has access to the content of the message.
Interception is an attack against confidentiality.
Emitter Receiver
Attacker
26. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Modification
The attacker has access to the content of the message,
furthermore he/she modify the content of the message.
Modification is an attack against integrity.
Emitter Receiver
Attacker
27. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Fabrication
The attacker yields a message and send it to the receiver,
inserting counterfeit data.
Fabrication is an attack against authenticity.
Emitter Receiver
Attacker
28. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Interruption
The attacker interrupts the communication.
Interruption is an attack against availability.
Cryptology is useless in this case!
Emitter Receiver
Attacker
30. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Modification
The attacker has access to the content of the message,
furthermore he/she modify the content of the message.
Modification is an attack against integrity.
Emitter Receiver
Attacker
31. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
How to guarantee the integrity of a message against intentional
modification? Answer: Hash Function.
Integrity
32. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
In Portuguese:
Substantivo
1 - Prato feito de carne moída
misturada com batata assada
ou frita.
2 - Bagunça, confusão.
Verbo
1 - Cortar em pequenos
pedaços.
2 - Misturar, confundir.
What does “hash” means?
In English:
Noun
1 - A dish of chopped meat,
potatoes, and sometimes
vegetables, usually browned.
2 - Mess, confusion.
Verb
1 - To chop into pieces.
2 - To mix or mess up
33. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
In Portuguese:
função de confusão (strange!)
função de dispersão (it sounds better!)
função hash (it's more common.)
So what does “hash function” means?
34. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
It receives as input a sequence of bits, of any size (can be a
character, a string, or even a file) and generates another
sequence of bits of fixed length, called hash or digest.
The digest works as a security seal, because a simple change
in one of the input bits completely changes the original
digest.
A hash function is a one-way function. That is, it's not
possible to recover the original message from the digest.
Hash Function
35. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Nonsense!?
If the original data can not be recovered from the digest, then
why use hash functions?
Although it seems contradictory, it's exactly because this
feature that hash functions are so useful.
Hash Function
36. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
MD5 (Message-Digest algorithm 5): Algorithm of 128 bits
developd in 1991 by Ron Rivest.
SHA (Secure Hash Algorithm): A family of algorithms
developed by NIST and NSA.
Whirlpool: Algorithm developed by Paulo Barreto (USP) and
Vincent Rijmen (co-author of AES).
Some very known Hash Functions
37. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
MD5("Inmetro") = 0101001111101001000011010111000
101011110001000000101100110100010111100101111100
0010101110010100111000111010110011001001001010100
MD5("inmetro") = 0101101100110000101010010001100
110110111001001111101000011110000100110100000011
1100110101000000001100100101111011111100000010110
An example with MD5
38. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Bits 001-032: 0101.0011.1110.1001.0000.1101.0111.0001
Bits 001-032: 0101.1011.0011.0000.1010.1001.0001.1001
Bits 033-064: 0101.1110.0010.0000.0101.1001.1010.0010
Bits 033-064: 1011.0111.0010.0111.1101.0000.1111.0000
Bits 065-096: 1111.0010.1111.1000.0101.0111.0010.1001
Bits 065-096: 1001.1010.0000.0111.1001.1010.1000.0000
Bits 097-128: 1100.0111.0101.1001.1001.0010.0101.0100
Bits 097-128: 0110.0100.1011.1101.1111.1000.0001.0110
Result: 59 bits changed. 46% of bits affected. (Avalanche
Effect)
An example with MD5
40. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Interception
The attacker has access to the content of the message.
Interception is an attack against confidentiality.
Emitter Receiver
Attacker
41. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Confidentiality was the first service provided by Cryptology.
It can be reached by ciphers and codes.
Confidentiality
42. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Contrary to layman's perception, code and cipher are not
synonymous.
Cipher is a manipulation in the representation of the message.
Code is a manipulation in the meaning of the message.
Cipher X Code
43. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Confidentiality
by Code
44. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Replace each word or phrase in the original message with
another character or symbol (or a set of them).
The list of replacements is contained in a codebook.
Code is not flexible. If a codebook is leaked, then the emitter
and receiver must re-writing the entire codebook.
Code
45. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Morse code
NATO phonetic code
Q code
Bar code
QR code
Examples of Public Codes
46. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Famous example: Zimmermann Telegram
Arthur Zimmermann, State
Secretary for Foreign Affairs of
the German Empire, sent a
telegram to the German
ambassador in Mexico, asking
him to propose an alliance to
Mexico's president to attack the
USA.
The aim was to force the USA to
the World War I.
47. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Famous example: Zimmermann Telegram
The telegram is not ciphered; it is coded.
48. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Famous example: Zimmermann Telegram
49. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
The Zimmermann telegram was decoded by famous “Room 40”.
Room 40
↓
Government Code and Cypher School (GC&CS)
↓
Government Communications Headquarters (GCHQ)
51. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Confidentiality
by Cipher
52. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Imagine you have a message well represented. Then you
“mess” this representation in a pre-defined mean that permit
you recover the message in its original representation.
The pre-defined mean is called algorithm. Another input to this
algorithm is the key.
The key is the flexible part of a cipher.
Cipher
53. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Remember: Code is not flexible. If a codebook is leaked, then
the emitter and receiver must re-writing the entire codebook.
If a cipher key is leaked, then emitter and receiver must choose
another key without changing the algorithm.
Cipher X Code
58. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Actor Action Input
Emitter
cipher key
code codebook
Receiver
decipher key
decode codebook
Attacker cryptanalyze (or break) - - -
Encrypt = cipher or code.
Decrypt = decipher or decode.
59. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Substitution Cipher
60. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Example
original: i n m e t r o
ciphered: L Q P H W U R
Caesar Cipher (Substitution Cipher)
61. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Example 1:
key: i n m e t r o i n m e t r o i n
original: w e w e r e d i s c o v e r e d
ciphered: E R I I K V R Q F O S O V F M Q
Example 2:
key: d i m e l d i m e l d i m e l d
original: w e w e r e d i s c o v e r e d
ciphered: Z M I I C H L U W N R D Q V P G
Vigenere Cipher (Substitution Cipher)
63. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Vigenere Cipher (Substitution Cipher)
For a layman, the Vigenere cipher seems unbreakable.
In fact, an article in Scientific American, in 1917, considered the
Vigenere cipher impossible to be broken.
Now, less than a century later, Vigenere cipher is completely
breakable.
64. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Transposition Cipher
65. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
original:
we recovered the money, but we lost two men.
key: i n m e t r o
columns: w e r e c o v
e r e d t h e
m o n e y b u
t w e l o s t
t w o m e n z
ciphered: edelm wemtt reneo eroww veutz ohbsn ctyoe
Transposition Cipher
66. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Substitution and Transposition
to reach
Diffusion and Confusion
Apply many rounds of substitution and transposition to reach
diffusion and confusion.
Diffusion and confusion: two
concepts introduced by
Claude Shannon.
67. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Diffusion and Confusion
Confusion
Formal: It refers to making the relationship between the
ciphered message and the symmetric key as complex and
involved as possible.
Informal: It obscures the relationship between the original
message and ciphered message.
Diffusion
Formal: It refers to dissipating the statistical structure of
original message over bulk of ciphered message.
Informal: Each change in the original message or key affects
many parts of the ciphered message. (Avalanche Effect)
68. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptography – Conventional Model
emitter receivercipher decipher
key
source
secure channel
attacker
M MC C
K K
69. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Conventional Model
The same key used to cipher the message must be used to
decipher. Because of this, the conventional model was called
symmetric cryptography.
Then we have the first problem, the emitter and the receiver
must agree which key will be used.
If there is the possibility of personal and physical meeting,
sharing the key can be safely performed. But the secure
channel always was the weakest part.
Is another way of cryptography possible?
70. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Conventional Model
Is another way of cryptography possible? Is there an
asymmetric cryptography?
The response to this question became the Holy Grail of
Cryptology.
The scientific community had given up looking for this
response, classifying the problem as unsolvable.
Only fools would insist on such nonsense.
71. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
“The Fools”
Ralph Mekle – Martin Hellman – Whitfield Diffie
72. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
“The Fools”
Whitfield Diffie – Martin Hellman
73. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
The New Model
In 1976, Diffie and Hellman published their famous article “New
Directions in Cryptography”.
The article begins with “We stand today on the brink of a
revolution in cryptography”.
74. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
The New Model
The article deals with three problems:
- key exchange
- asymmetric cryptography
- digital signature
But the article presents solution only for the key exchange
problem.
Diffie and Hellman couldn't solve the other two problems.
But it doesn't matter! They broke the paradigm!
75. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
The New Model
They couldn't open the door, but they pointed the right door.
In fact, the two problems were resolved one year later, in 1977.
76. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
The RSA arises!
Shamir – Rivest – Adleman
77. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Asymmetric Cryptography
Since the beginning of Cryptology to modern times, almost all
cryptographic systems had been based on elementary tools of
substitution and permutation.
Asymmetric cryptography has changed this paradigm, because
it's based on mathematical functions.
78. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Asymmetric Cryptography
Diffie and Hellman algorithm has its strength based on the
difficulty to solve the discrete logarithm problem (DLP).
Whilst RSA algorithm has its strength based on the difficulty to
factorize big numbers.
Wait a moment! Why are those problems so difficult?
79. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Computational Complexity
In computer science we use techniques to predict how much
time a problem will take.
These main terms are used to express time growth:
Logarithmic growth
Linear growth
Polynomial growth
Exponencial growth
So the DLP and factorization of big numbers are examples of
exponential growth.
80. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Asymmetric Cryptography – Confidentiality
emitter receivercipher decipher
key
source
attacker
M C MC
Kpub Kpri
81. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Asymmetric Cryptography – Non-repudiation
emitter receivercipher decipher
key
source
attacker
M C MC
Kpri Kpub
M
82. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Asymmetric Cryptography – Non-repudiation
emitter receivercipher decipher
key
source
attacker
M C MC
Kpri Kpub
M
This is the basis for Digital Signature.
83. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Why the conventional model does not provide
non-repudiation?
emitter receivercipher decipher
key
source
secure channel
attacker
M MC C
K K
84. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Why the conventional model does not provide
non-repudiation?
emitter receivercipher decipher
key
source
secure channel
attacker
M MC C
K K
It provides protection against third party
forgeries, but do not protect against
contests between transmitter and receiver.
85. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Confidentiality X Authentication
Only with private/public key schemes is possible to solve the
problem of dispute between transmitter and receiver.
In fact, without asymmetric cryptography the electronic
commerce would not exist.
“The problem of authentication is perhaps an even more
serious barrier to the universal adoption of telecomrnunications
for business transactions than the problem of key distribution.
Authentication is at the heart of any system involving contracts
and billing. Without it, business cannot function.” (DH, New
Directions in Cryptography)
87. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
first common mistake
1) Asymmetric cryptography is safer than symmetric
cryptography.
The security of any cryptographic scheme depends on the size
of the key and the computational work involved to break the
cipher.
88. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
second common mistake
2) Asymmetric cryptography made symmetric cryptography
obsolete.
Due to the computational overhead of asymmetric cryptography,
symmetric cryptography is still far from becoming obsolete.
90. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Digital Signature
Digital signature is the apex of asymmetric cryptography.
It is the most refined service provided by modern cryptology.
91. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Asymmetric Cryptography – Non-repudiation
emitter receivercipher decipher
key
source
attacker
M C MC
Kpri Kpub
M
This is the basis for Digital Signature.
92. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Digital Signature
signer
verifiercipher decipher
key
source
attackerM
C HC
Kpri Kpub
Hash
H
Hash
H'
M M'
93. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptology at Inmetro
94. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Cryptology at Inmetro
Cryptology at Inmetro is in its beginning.
The group for security of software and hardware in measuring
instruments is new.
We foresee to use cryptology in many applications.
95. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
The Two Biggest Problems
96. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Second Big Problem
Brazil is a huge country!
More than 70 million electric energy measuring instruments in
the field.
How to control the software version in this kind of instrument in
the field?
97. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Second Big Problem
Brazil is a huge country!
More than 70 million electric energy measuring instruments in
the field.
How to control the software version in this kind of instrument in
the field?
Solution devised by Inmetro: Digital Signature of the binary file
corresponding to the approved software version.
98. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
ACryptology at Inmetro
99. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
First Big Problem
Brazil has more than 200.000 fuel dispensers.
A lot of frauds.
How to protect fuel dispensers against frauds?
100. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
First Big Problem
Brazil has more than 200.000 of fuel dispensers.
A lot of frauds.
How to protect fuel dispensers against frauds?
Solution devised by Inmetro: Digital Signature of measuring
data for each output.
101. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Questions to answer
102. I Workshop Interamericano de
Segurança de Software e
Hardware em Metrologia Legal
Shall we build a peculiar PKI (Public Key Infrastructure): a
metrological PKI?
If so, then must Inmetro be the TTD (Trusted Third Party)?
Can we associate cryptographic levels to risk levels?
Can we simplify the process of Digital Signature?