3. “비트 연산을 사용하여 조금 복잡한 것 몇 개 만들어 두고
패치할 때 마다 변경합니다.”
“정말 귀신 같은 수법이에요.”
익숙한 얘기들●
“中國 發 해커를 막을 수는 없으니
자주 로직과 키를 교체하고 있습니다.”
“56비트 키를 사용하여 암호화를 합니다.”
“md5로 Hash해서 사용하고 있습니다.”
“예전부터 가지고 있던 암호 알고리즘을 활용합니다.”
“이번에 암호 알고리즘을 다시 개발해요. 전부 고치려고요.”
4. “여기서는 간단한 비트 연산을
이용한 Crypt 클래스를
살펴 보겠습니다.
…
1바이트 단위로 KEY를
변경하면서 암호화를 하는 것이
핵심 로직 입니다.
모든 데이터를 1바이트씩
같은 키로 비트 연산을 한다고
가정할 때 그 키만 알아낸다면
쉽게 복호화를 할 수 있습니다.
그렇기 때문에 키를 변경시키는
공식을 넣어 약간 더 불법적으로
키를 알아내어 복호화를 하는 것
을 막아놓은 것입니다.”
간단한 암호화
Crypt 클래스
○
●
#include “Crypt.h”
const INT C1 = 52845;
const INT C2 = 22719;
const INT KEY = 72957;
BOOL CCrypt::Encrypt(Byte * source, BYTE
*destination, DWORD length)
{
DWORD i;
INT Key = KEY;
for (i=0; i<length; i++)
{
destination[i] = source[i]^Key >> 8;
Key = (destination[i] + Key) * C1 + C2;
}
return TRUE;
}
5. 온라인 게임에서 통신 암호화
상용 서버 엔진
○
●
비대칭키 알고리즘을 128bit RSA를, 대칭키 알고리즘으로 RC4를 쓰고 있습니
다. RSA는 매우 강력합니다. 하지만 계산량이 막대해서 모든 메시지를 암호화
하기에는 벅찹니다. 그래서 대칭키 알고리즘과 혼용합니다.
…
여기서 잠깐! 어떻게 암호화를 하는지 대놓고 공개해도 괜찮냐고요? 암호화
기법은 알고리즘을 공개해도 뚫지 못하는 데 그 가치가 있습니다. 이렇게 대
놓고 공개해도 안 뚫리니까 공개하는 거죠.
6.
7. 호아킴 데 포사
“열정은 모든 것을 사로 잡는다.
인생을 살아가면서 어떤 피라니아를
만나도 멈추거나 피하지 않고
그 목표를 향해 나아 갈수 있는
원동력은 바로 열정이다.
열정은 그 어떤 성공의 멘토보다 강렬하다.
그것은 끊임없이 앞으로 나아가게 하는
에너지이자 격려와도 같다.”
10. Game Design by Chris Crawford●
Creative Expression
Entertainment
Playthings
Challenges
Conflicts
Games
Art
money
Movies, Books, etc.
Toys
Puzzles
Competitions
beauty
non-interactive
no goals
no competitor
no attacks
interactive
goals
competitor
attacks allowed
17. Online Game Publishing Platform
Web
+ Web Servers
+ WAS
Client
+ Rendering Engine
+ User Interface
+ Artificial Intelligence
Infrastructure
+ Server
+ Storage
+ Network
+ Security
Server
+ Authentication/Billing
+ Game Server
+ Operation Tools
+ Cryptography
Database
+ In-game Character DB
+ User DB
+ Billing DB
Module
More complicated system than game●
21. Authentication●
• Passwords have been used with computers since
the earliest days of computing. MIT's CTSS was
introduced in 1961.
• Unix is a computer operating system originally
developed in 1969.
• Robert Morris contributed to early versions of UNIX.
He wrote the math library, the program crypt, and
the password encryption scheme used for user
authentication
From Wikipedia○
Account
theft
22. Authentication w/ multi login●
IP Block BOT BlockLOG
WEB
- 1st Authentication
Login Alarm
SMS, Email
Login Register1
IP Address
CAPTCHA
Anti-keylogging
PIN
OTP
CAPTCHA
GAME
- 2nd Authentication
Login Register2
MAC Address
23. Protocol of Internet Banking System●
공인인증서
암호
출금 계좌
비밀번호
OTP 비밀번호
이체
비밀번호
공인인증서
암호
Keystroke
logging
25. Completely Automated Public Turing test to tell Computers and Humans Apart
Protect from brute force attack
○
●
• Yahoo’s CAPTCHA,
using 191 images,
correctly identify in 176,
92% breaking!
By Greg Mori(1,2) and Jitendra Malik (1)
(1) UC Berkeley Computer Vision Group
(2) Simon Fraser University
27. Security
Server
+ Forgery Private Server
+ Intrusion Attack
Client
+ Hack Toolkits
+ Reverse Engineering
Web
+ SQL Injection
+ Cross Site Scripting
Network
+ Packet Analyze
The field of Security●
51. Alice BobEncrypter Decrypter
Key source
Secure channel
Oscar
x y x
K
x: plaintext
y: ciphertext
Encryption: transform x into y using key K, denoted eK..
Decryption: transform y back to x using key K, denoted dK
i.e., y=eK(x) and x=dK(y) thus, dK(eK(x)) = x.
K is the key for the encryption and decryption. Alice and Bob get the key K via
secure channel.
On the other hand, Oscar, who does not have the key K, can not decrypt y.
Typical cryptosystem●
54. Symmetric-key cryptography●
Stream
Cipher
Block
Cipher
RC4 is one of the most widely used stream cipher designs.
Panama, Sosemanuk, Salsa20, XSalsa20
Data Encryption Standard
Advanced Encryption Standard
SEED is a block cipher developed by the Korean Information Security Agency.
It is used broadly throughout South Korean industry, but seldom found elsewhere.
The AES1 conference votes were as follows:
CAST-256, CRYPTON, DEAL, DFC, E2,
FROG, HPC, LOKI97, MAGENTA,
MARS, RC6, Rijndael, SAFER+, Serpent, and
Twofish.
56. Stream cipher●
• Ciphers encrypt plaintext elements
using the same key, i.e.,
y=y1y2…=eK(x1)eK(x2)… .
Block ciphers
• Ciphers encrypt plaintext elements
using by generated keystream z=z1z2 …, i.e.,
y=y1y2…=ez1
(x1) ez2
(x2)… .
Stream ciphers
57. Stream cipher●
• Block cipher can be considered as a special case of
stream cipher where the keystream is constant:
zi =K for i 1
• Vigenere cipher is a periodic synchronous stream
cipher with period m:
- suppose K=(k1, k2 ,…,km) is the key in Vigenere cipher,
then the keystream is: z= k1k2…km k1k2…km k1k2…
63. Why Public-key cryptography●
1. The two communicants in secret key system
require the prior communication of key,
using a secure channel. It is very difficult to
achieve in practice. Unless the two
communicants meet together, phone call, post
mail, email, etc., are not secure.
2. Suppose there are n users and every pair of users
want to communicate. In secret-key system, it is
necessary that the total number of keys is
n(n-1)/2.
Very difficult to management and quite insecure.
64. Why Public-key cryptography●
However, in public-key system, every user selects
his/her
own private key and public key, and publicizes the
public key
but keep the private key secret.
Quite easy and very secure.
The main problem with public-key system is that it is
very slow.
65. Kerckhoff principle and attack levels●
• Kerckhoff principle:
– encryption/decryption algorithm is publicly known, but only the
key is secret.
– Breaking a cryptosystem (i.e., cryptanalysis) means figuring out
the key currently used.
• Attack levels:
– Ciphertext-only: the attacker possesses a string of ciphertext, y.
– Known plaintext: the attacker possesses a string of plaintext, x,
and the corresponding ciphertext, y.
– Chosen plaintext: the attacker has obtained temporary access to
the encryption machinery. Hence, he can choose a plaintext
string, x, and construct the corresponding ciphertext string, y.
– Chosen ciphertext: the attacker has obtained temporary access
to the decryption machinery. Hence, he can choose a ciphertext
string, y, and construct the corresponding plaintext string, x.
67. Secure Socket Layer●
• Brief history
– Netscape: SSL v2 (1995) SSL v3 (1996)
• Microsoft PCT(Private Communication Technique)
• IETF TLS(Transport Layer Security)
• Belongs to layer 4 (transport layer)
– In fact run on the top of layer 4: TCP
– Do not need to change OS
– TCP provides reliable transmission of packets
69. Secure Socket Layer functionality●
• Server authentication (by public certificate)
• Client authentication (Optional)
• Data encryption (by secret key system)
• Integrity protection (by MAC)
70. Why Secure Socket Layer●
• Confidentiality
– Encrypt data being sent between client and
server, so that passive adversary cannot read
sensitive data.
• Integrity Protection
– Protect against modification of messages by an
active adversary.
• Authentication
– Verify that a peer is who they claim to be.
Servers are usually authenticated, and clients
may be authenticated if requested by servers.
71. Structure Secure Socket Layer●
• Key exchange algorithms
• Encryption algorithms
• Hash algorithms
• Cipher suite
• Compression algorithms
• Cryptographic secret number extraction
• Session and connection
72. Handshake protocol●
ClientServer
Phase I Establishing Security Capabilities
Server authentication and key exchange
Phase III Client authentication and key exchange
Finalizing the handshake protocol
Phase II
Phase IV
78. 인증서
C의 개인키[A의 공개키 ]
A의 공개키[ K ]
K 세션키로 하는
대칭키 암호화 통신
브라우저 내에 있는 인증기
관의 공개키로 인증기관의
전자서명을 검증한 후, A의
공개키 획득
K
128bit
A의 공개키
A의 공개키A의 개인키
A의 공개키
인증기관C
웹A 인터넷상점이용자
C의 개인키 [A의 공개키]
C의 개인키 [A의 공개키]
K
How to work●
81. About Crypto++●
• Crypto++ Library 5.6.1, update 8/9/2010
– http://www.cryptopp.com/
– Crypto++ Library is a free C++ class library of cryptographic
schemes.
• License
– License of Crypto++ is somewhat unusual amongst open source
projects. A distinction is made between the library as a
compilation (i.e., collection), which is copyrighted by Wei Dai,
and the individual files in it, which are public domain.
– Because one purpose of the project is to act as a repository of
public domain (not copyrighted) cryptographic source code, the
code in Crypto++ was either written specifically for this project
by its contributors and placed in the public domain, or derived
from other sources that are public domain.
82. Algorithms●
algorithm type name
authenticated encryption schemes GCM, CCM, EAX
high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20
AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent, CAST-256
other block ciphers
IDEA, Triple-DES (DES-EDE2 and DES-EDE3), Camellia,
SEED, RC5, Blowfish, TEA, XTEA, Skipjack, SHACAL-2
block cipher modes of operation
ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB,
counter mode (CTR)
message authentication codes VMAC, HMAC, CMAC, CBC-MAC, DMAC, Two-Track-MAC
hash functions
SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-
512), Tiger, WHIRLPOOL, RIPEMD-128, RIPEMD-256,
RIPEMD-160, RIPEMD-320
public-key cryptography
RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin-Williams
(RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
padding schemes for public-key systems
PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2
and EMSA5
key agreement schemes
Diffie-Hellman (DH), Unified Diffie-Hellman (DH2),
Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV
insecure or obsolescent algorithms
retained for backwards compatibility
and historical value
MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL 3.0,
WAKE-OFB, DESX (DES-XEX3), RC2, SAFER, 3-WAY, GOST,
SHARK, CAST-128, Square
83. Platforms●
Crypto++ supports the following compilers:
• MSVC 6.0 - 2010
• GCC 3.3 - 4.5
• C++Builder 2010
• Intel C++ Compiler 9 - 11.1
• Sun Studio 12u1, Express 11/08, Express 06/10
84. high speed stream ciphers●
• PANAMA
– Algorithm Type: Stream Cipher
– Designers: Craig Clapp, Joan Daemen
– Published in: 1998
– Standards:
– Cryptanalysis status: not yet broken (note: this may be out of
date.)
– http://www.cryptolounge.org/wiki/PANAMA
• Sosemanuk
– Designers: Aline Gouget, Anne Canteaut, Come Berbain, Cédric
Lauradoux, Henri Gilbert, Hervé Sibert, Louis Goubin, Louis
Granboulan, Marine Minier, Nicolas Courtois, Olivier Billet,
Thomas Pornin
– Published in: 2005
– Standards: ESTREAM Portfolio (rev. 1) (2008)
– Cryptanalysis status: not yet broken (note: this may be out of
date)
– http://www.cryptolounge.org/wiki/Sosemanuk
85. high speed stream ciphers●
• Salsa20
– Algorithm Type: Stream Cipher
– Designers: Daniel J. Bernstein
– Published in: 2005
– Standards: ESTREAM Portfolio (rev. 1) (2008)
– Cryptanalysis status: not yet broken (note: this may be out of
date. please see papers section to see how up to date the
entries are)
– http://www.cryptolounge.org/wiki/Salsa20
86. Crypto++ 5.6.0 Benchmarks●
Algorithm
MiB Per
Second
Cycles Per
Byte
Microseconds to Cycles to
Setup Key and IV Setup Key and IV
Panama-LE 843 2.1 1.695 3103
Salsa20 408 4.3 0.39 714
Salsa20/12 643 2.7 0.483 884
Salsa20/8 887 2 0.481 881
Sosemanuk 727 2.4 1.24 2,269
AES/CTR (128-bit key) 139 12.6 0.698 1,277
AES/CTR (256-bit key) 96 18.2 0.756 1,383
AES/CBC (128-bit key) 109 16 0.569 1,041
AES/CBC (256-bit key) 80 21.7 0.619 1,133
Twofish/CTR 59 29.4 7.716 14,121
DES/CTR 32 54.7 8.372 15,320
SEED/CTR (1/2 K table) 29 59.2 0.762 1,394
* NOTE: All were coded in C++, compiled with Microsoft Visual C++ 2005 SP1 (whole program optimization, optimize for
speed), and ran on an Intel Core 2 1.83 GHz processor under Windows Vista in 32-bit mode
87. Protocol of X-Crypto●
Choose Crypto type
ClientServer
GetEncryptedSessionKey()
SetEncryptedSessionKey()
GetEncryptedIV()
Transfer Encrypted IV
Using by Session Key
Finish an initialization
SetEncryptedIV()
IntializeClient()
Transfer Session Key
Using by Server’s Public Key
Start Crypto-system
Using by Session Key & IV
Version 1.5○
90. “사용하시는 알고리즘은?
“프로토콜 어떻게 동작하나요?”
“RNG, IV 등에 대한 관리는 어떻게 되나요?”
“Key 사이즈와 Key 관리는 어떻게 되나요?”
“알고리즘은 교체할 수 있는 효율적인 프로토콜인가요?”
“평문과 암호화 기법을 사용한 것의 성능 차이는 어떻게 되나요?”
“프로토콜의 사용으로 동시 접속자 수용인원에 영향을 미치나요?”
“암호와 압축은 어떤 순서로 동작하나요?”
“프로토콜은 Replay Attack에 어떻게 동작하나요?”
Questionnaire●
91. “OPTION에 따라 서로 다른 암호 알고리즘 선택 사용 가능”
“Key 관리 자동화 툴”
The extended suggestions●
“Stream Cipher 추가”
“성능 측정 데이터에 따른 분석”
“TEST, TEST, TEST”
Version 2.0○
92. “프로토콜 설계는 쉬운 작업이 아니다.
Secure Socket Layer를 충분히 분석하여 익히자!”
“새로운 알고리즘이 필요한 것이 아니라
기존 알고리즘 중에서 나에게 적합한 것을 찾자!”
“Stream Cipher가 성능이 뛰어나다!”
“난수 생성, 키 교체 알고리즘 등 관리적인 면도 강화하자!”
“암호 분야 전문 지식이 부족하다면
3rd Party 솔루션을 사용하자 !”
Suggestion …●