Difference between revisions of "Training Historical and Modern Cryptography for Security Professionals"
From BruCON 2016
(→Trainers Biography) |
(→Course Contents) |
||
Line 13: | Line 13: | ||
=Course Contents= | =Course Contents= | ||
− | + | ==Introduction== | |
+ | * Bios | ||
+ | * Terminology | ||
+ | * Codes | ||
+ | * Steganography | ||
+ | |||
+ | ==Historical== | ||
+ | * General definitions | ||
+ | * Kerckhoff Principles | ||
+ | * Steganography vs. cryptography | ||
+ | * Codes & Natural Language | ||
+ | * Monoalphabetic substitution -- Caesar, Simple Sub, Atbash | ||
+ | ** Hands On Implementaion | ||
+ | ** History | ||
+ | ** Hands On Analysis | ||
+ | * Polyalphabetic Substitutions -- Alberti, Vigenere | ||
+ | ** Hands On Implementaion | ||
+ | ** History | ||
+ | ** Hands On Analysis | ||
+ | *One Time Pads | ||
+ | ** Hands On Implementaion | ||
+ | ** History | ||
+ | ** Hands On Analysis | ||
+ | * Mechanical Ciphers -- Jefferson Wheel, M-94, Enigma, Lorenz | ||
+ | ** High Level Implementaion | ||
+ | ** History | ||
+ | ** High Level Analysis | ||
+ | ** Transposition ciphers | ||
+ | ** Unsolved Ciphers | ||
+ | |||
+ | ==Modern== | ||
+ | ===Background=== | ||
+ | * One Time Pad | ||
+ | ** Shannon security | ||
+ | *** Hard to achieve in practice | ||
+ | ** Not actually secure, integrity not guaranteed | ||
+ | *** OTP is very malleable | ||
+ | ** Forms basis for stream ciphers | ||
+ | *** Stream ciphers use CSPRNG to reduce complexity of key exchange | ||
+ | |||
+ | * Code book ciphers | ||
+ | ** Broken by word-level frequency analysis | ||
+ | ** Forms basis for block ciphers | ||
+ | ** Pseudorandom function instead of code book | ||
+ | *** Electronic code book mode | ||
+ | |||
+ | * Decoder ring with shift | ||
+ | ** Polyalphabetic substitution | ||
+ | *** Chained Block Cipher mode | ||
+ | ** Forms basis for block ciphers | ||
+ | * Modes | ||
+ | * Hash algorithms | ||
+ | * HMAC | ||
+ | ===Mistakes and exploitation=== | ||
+ | * Encryption oracles | ||
+ | ** Also decryption oracle when encryption() == decryption() | ||
+ | *** Stream ciphers | ||
+ | *** CTR mode | ||
+ | *** OFB mode | ||
+ | * Decryption oracles | ||
+ | ** CBC-R technique applied to straight decryption oracle | ||
+ | * Key reuse | ||
+ | ** Stream ciphers | ||
+ | *** Flip bits | ||
+ | *** XOR multiple ciphertexts together | ||
+ | *** Offline known plaintext attack | ||
+ | ** Block ciphers | ||
+ | *** ECB dictionary | ||
+ | *** CBC IV recovery | ||
+ | *** Requires decryption oracle | ||
+ | *** CTR | ||
+ | *** Same exploitation as stream cipher | ||
+ | *** OFB, CFB | ||
+ | *Key as IV | ||
+ | *Unauthenticated encryption | ||
+ | ** ECB Mode | ||
+ | *** Block shuffling | ||
+ | ** CBC Mode | ||
+ | *** Bit flipping | ||
+ | *** Cut and paste attack | ||
+ | ** PCBC Mode | ||
+ | *** Bit flipping | ||
+ | ** OFB mode | ||
+ | *** Bit flipping | ||
+ | ** CFB mode | ||
+ | *** Bit flipping | ||
+ | ** Padding oracles | ||
+ | *** Only reveals validity of padding | ||
+ | *** Vaudenay EUROCRYPT 2002 | ||
+ | *** Padding methods compatible with attack | ||
+ | *** Block cipher modes compatible with attack | ||
+ | * Homebrew ciphers | ||
+ | * Homebrew HMAC | ||
+ | ** hash(secret || data) construction | ||
+ | ** hash(data || secret) construction | ||
+ | * Replay attacks | ||
=Prerequisites= | =Prerequisites= |
Revision as of 12:16, 25 July 2014
Contents
Historical and Modern Cryptography for Security Professionals by Chris Lytle & Dan Crowley
Course Description
With the recent renewed debate on the necessity of privacy, cryptography is once again in the public eye. Due to the gulf between classical cryptography and mechanized modern cryptography it can be difficult to know where to start in order to get an applicable background in cryptography for the modern security professional.
In this course, we'll start with the earliest and most important ciphers and cryptographic concepts and build on that knowledge using important ciphers from across the ages until we can talk about contemporary digital cryptosystems and finally, how to attack them. Over the course of this training we'll discuss the history of how ciphers came to be, what role they played, and how they fell. We will also implement these ciphers and cryptanalyze them. Attendees should bring a VMWare enabled laptop, all other materials will be provided.
Objectives
- Build a foundation for understanding of modern cryptography based on historical cryptography
- Provide practical experience in analyzing and breaking historical cryptography
- Develop an understanding of modern cryptographic concepts
- Introduce common mistakes made in modern cryptosystems and provide practical experience in exploiting them
Course Contents
Introduction
- Bios
- Terminology
- Codes
- Steganography
Historical
- General definitions
- Kerckhoff Principles
- Steganography vs. cryptography
- Codes & Natural Language
- Monoalphabetic substitution -- Caesar, Simple Sub, Atbash
- Hands On Implementaion
- History
- Hands On Analysis
- Polyalphabetic Substitutions -- Alberti, Vigenere
- Hands On Implementaion
- History
- Hands On Analysis
- One Time Pads
- Hands On Implementaion
- History
- Hands On Analysis
- Mechanical Ciphers -- Jefferson Wheel, M-94, Enigma, Lorenz
- High Level Implementaion
- History
- High Level Analysis
- Transposition ciphers
- Unsolved Ciphers
Modern
Background
- One Time Pad
- Shannon security
- Hard to achieve in practice
- Not actually secure, integrity not guaranteed
- OTP is very malleable
- Forms basis for stream ciphers
- Stream ciphers use CSPRNG to reduce complexity of key exchange
- Shannon security
- Code book ciphers
- Broken by word-level frequency analysis
- Forms basis for block ciphers
- Pseudorandom function instead of code book
- Electronic code book mode
- Decoder ring with shift
- Polyalphabetic substitution
- Chained Block Cipher mode
- Forms basis for block ciphers
- Polyalphabetic substitution
- Modes
- Hash algorithms
- HMAC
Mistakes and exploitation
- Encryption oracles
- Also decryption oracle when encryption() == decryption()
- Stream ciphers
- CTR mode
- OFB mode
- Also decryption oracle when encryption() == decryption()
- Decryption oracles
- CBC-R technique applied to straight decryption oracle
- Key reuse
- Stream ciphers
- Flip bits
- XOR multiple ciphertexts together
- Offline known plaintext attack
- Block ciphers
- ECB dictionary
- CBC IV recovery
- Requires decryption oracle
- CTR
- Same exploitation as stream cipher
- OFB, CFB
- Stream ciphers
- Key as IV
- Unauthenticated encryption
- ECB Mode
- Block shuffling
- CBC Mode
- Bit flipping
- Cut and paste attack
- PCBC Mode
- Bit flipping
- OFB mode
- Bit flipping
- CFB mode
- Bit flipping
- Padding oracles
- Only reveals validity of padding
- Vaudenay EUROCRYPT 2002
- Padding methods compatible with attack
- Block cipher modes compatible with attack
- ECB Mode
- Homebrew ciphers
- Homebrew HMAC
- hash(secret || data) construction
- hash(data || secret) construction
- Replay attacks
Prerequisites
Laptop with virtualization software
Trainers Biography
Daniel (aka "unicornFurnace") is a Senior Security Consultant for Trustwave's SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie. Daniel also holds the title of Baron in the micronation of Sealand.
Blog: https://blog.spiderlabs.com/
Chris is a Senior Security Consultant at Spider Labs. This one time, he hacked a computer. His likes include tacos, bad cryptography, weird hardware, and long walks on the beach.
Blog: https://blog.spiderlabs.com/
Mon. 22 - Tue. 23 September 2014 (09:00 - 17:00)