Math4Security

Julio López Fenner Departamento Ciencias de Computación e Informática (DCI), Universidad de La Frontera, Temuco, Chile

February 1 - 5th, 2021 English Week 2021, IUT2, Université Grenoble Alpes, Grenoble, France Have I Been Powned?

Figure 1: Have I been p[assword]owned? https://haveibeenpwned.com/

1 Cyberattacks Worldwide

Figure 2: https://threatmap.checkpoint.com/

2 Do I really need Math 4 CyberSec?

Figure 3: https://startacybercareer.com/do-i-need-math-for-cyber-security/ 3 Outline

What is Security?

Math 4 Crypto Computational Number Theory & Algebra Probability & Statistics Elliptic Curves

Math 4 Attacks

Emerging Topic: IoT

4 What is Security? Shutdown or the most secure system

5

Figure 4: https://techlawforum.files.wordpress.com/2017/03/internet-shutdowns.jpg Security

6 Digital Footprints and social engineering

Figure 5: https://www.teachthought.com/the-future-of-learning/11-tips-for-students-tomanage-their-digital-footprints/ 7 Social Engineering: OSINT

Figure 6: https://www.pcwdld.com/osint-tools-and-software

8 OSINT

https://www.pcwdld.com/osint-tools-and-software • Recon-ng: A web reconnaissance and OSINT framework written in Python. It can automate the process of information-gathering by thoroughly and quickly exploring the open-source information on the web. • Shodan: Search engine for interconnected or IoT devices. It can also be used to monitor databases to see if they have data leaks on public sites, and it can even find hidden video game servers within corporate networks. • Maltego: Computer forensics, GHDB (Google Hacking Database), etc.

9 10 Steps for Cybersecurity

Figure 7: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png 10 Information Security

Figure 8: https://www.techopedia.com/definition/10282/information-security-is 11 The Parkerian Hexad

Figure 9: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png

12 The CIA Triad

13

Figure 10: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png Parker 1998

Figure 11: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png 14 Vulnerabilities of Computing Systems

Figure 12: https://books.google.co.in/books/about/Security_in_Computing.html?id=O3VB-zspJo4C

15 Find the X!

16 Figure 13: https://www.tshirtsandallstore.com/63-thickbox_default/why-do-we-need-math.jpg Responsive or Preemptive?

Figure 14: http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418

17 Math for Cybersecurity

Entry level cyber security careers generally only require basic math concepts that are used in binary, cryptography or programming tasks, https://startacybercareer.com/do-i-need-math-for-cyber-security/

Contents

• Probability theory • Data Analysis & Statistics • Analysis of algorithms • Graph Theory • Complexity theory • Game Theory • Number theory • Visualization & String Analysis • Group theory • Linear Algebra

18 Math 4 Crypto Math 4 Crypto

Contents • Classical cryptographical constructions: Diffie Hellman Key exchange, discrete logarithm, RSA cryptosystems, digital signatures • Mathematical tools: primality testing, factorization algorithms, probability theory, information theory, collission algorithms • Innovations: Elliptic curves, latttice based cryptography, NTRU cryptosystems

19 The integers

20 Solving linear congruences

Divisibility Primality a divides b is a divisor of c is a Fundamental theorem of multiple of d is divisible by e with arithmetic: Every non-zero integer remainder r and integer division k. is a product of primes:

e1 e2 er b = k ·a+r, r ∈ {0, 1,... a−1}. n = ±p1 p2 ... pr .

The mod operator

a mod b := r ⇐⇒ a = q · b + r, 0 ≤ r < b

21 Solving linear congruences a · z = b mod n

22 Chinese remainder theorem

23 ∗ ∗ Residue Classes Zn and Euler’s phi function ϕ(n) := |Zn|

24 ∗ ∗ Residue Classes Zn and Euler’s phi function ϕ(n) := |Zn|

Zn = {[0], [1],... [n − 1]:[i] = i + nZ} the set of residue classes modulo n.

∗ −1 Zn = {α ∈ Zn : ∃α ⇐⇒ gcd(α, n) = 1}

the set of elements of Zn that have a multiplicative inverse.

n is prime n composite

∗ ∗ Zn = Zn \{[0]} Zn (Zn \{[0]}

25 Some properties of ϕ with primes

• ϕ(pe ) = pe − pe−1 = pe−1(p − 1)

e1 e2 er Qr • n = p1 · p2 ··· pr , then ϕ(n) = n i=1(1 − 1/pi ) ∗ ϕ(n) • Euler’s theorem: α ∈ Zn, then α = 1. p • Fermat’s little theorem: p prime, then for all α ∈ Zp: α = α. • Wilson’s theorem: p 6= 2 prime number: (p − 1)! = −1 mod p.

26 Long story short: What can we do with integers?

Caesar’s encryption or affine encryption

x 7→ x + k mod 26, k ∈ Z26 2 x 7→ a · x + b mod 26 k = (a, b) ∈ Z26

Block (stream) encryption Example: Blocks of 10 bits https://www.usna.edu/Users/cs/wcbrown/courses/S18SI335/notes/03/notes.html

27 Long story short: What can we do with integers?

Figure 15: https://cdn.ttgtmedia.com/rms/onlineImages/block_stream_cipher_01_mobile.jpg

28 RSA or Public Key

Figure 16: https://www.isites.info/PastConferences/ISITES2015/ISITES2015/papers/B7-ISITES2015ID28.pdf 29 RSA Key Gen

30 Kerkhoff’s principles

31 Secrecy of the Key not the Method!

Diffie-Hellman Key exchange

Figure 17: https://www.practicalnetworking.net/wp-content/uploads/2015/11/dh-revised.png 32 Other Applications

Signatures

Figure 18: https://www.tutorialspoint.com/cryptography/images/public_key_cryptography.jpg 33 Other Applications

Hash functions

Figure 19: http://i.stack.imgur.com/eCCob.png 34 Hash functions for Crypto

Figure 20: commons.wikimedia.com

35 Birthday Paradox

Figure 21: https://demonstrations.wolfram.com/BirthdayParadoxProbabilityEstimates/ 36 Salting the Hash

Figure 22: https://crackstation.net/hashing-security.htm

Needs Random Numbers (Cryptographically secure)

Figure 23: https://laughingsquid.com/cloudflare-wall-of-lava-lamps/

37 Elliptic curve cryptosystems (ECC)

ECC Procedure • Discovered 1985 by Miller & • y 2 = x 3 + ax + b Koblitz • Horizontal symmetry • Base upon logarithms in finite • Any vertical line intersect the fields curve at three points at most • Provides equivalent security as RSA with shorter Key lengths,

Figure 24: 38 https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/ The Diffie-Hellman Elliptic-Curve Key Exchange (DHEC)

• Alice and Bob first agree to use the same curve and a few other parameters, and then they pick a random point G on the curve. • Alice choose secret α, Bob choose secret β and each determine αG and βG which they interchange publicly. • The secret is S = α(βG) = β(αG)

Figure 25: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/

39 DHEC

DHEC uses a publicly known equation with large coefficients and modulus, for example, curve1559, which might very well be securing your browser right now.

Figure 26: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/

Elliptic-curve Diffie-Hellman allows microprocessors to securely determine a shared secret key while making it very difficult for a bad actor to determine that same shared key.

40 The NSA-Cryptography controversy of 2012

Figure 27: https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/comment-page-5/

41 NSA Backdoors?

• Random number generators: The Dual-EC-DBRG generator was based on an elliptic curve cryptosystem, ... was proposed as a standard by NIST (with the technical support of NSA) in 2006, and became a U.S. standard (NIST Special Publication 800-90A) in 2007. • Parameters for Dual-EC were specified as certain constants with no explanation or justification for those numbers. • “Based on public concerns and an evaluation of the algorithm, NIST is proposing the removal of the Dual Elliptic Curve Deterministic

Random Bit Generator.” https://www.nist.gov/news-events/news/2015/06/

nist-revises-key-computer-security-publication-random-number-generation • ISO blocks NSA’s latest IoT encryption systems amid murky tales of backdoors and bullying. Experts complain of shoddy tech specs and personal attacks https://www.theregister.co.uk/2018/04/25/nsa_iot_encryption/

42 NSA 2020?

Figure 28: https://searchsecurity.techtarget.com/news/252476828/NSA-reports-flaw-in-Windows-cryptography-core

Affects: HTTPS connections, signed files and emails and signed executable code.

Figure 29: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF 43 Splitting the bits: SMPC

Shamir’s secret sharing

Figure 30: https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing and https://image.cagle.com/195595/750/195595.png

44 Splitting the bits: SMPC

An example

Figure 31: https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing

45 SMPC

Figure 32: https://en.wikipedia.org/wiki/Secure_multi-party_computation

46 SMPC

Figure 33: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/

47 Millionnaire’s problem

Figure 34: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/

48 Protocols

• Zero knowledge proof’s: Prove to other parties that [something] is true without revealing anything about that [something] • (Shamir’s) (Threshold) Secret Sharing: A pre-configured amount of parties have to agree (threshold) to decrypt the answer before the answer can be decrypted. • Oblivious Transfer: Fragmented data is sent without revealing what and when part of the data is sent.

49 ZKP’s

50

Figure 35: https://101blockchains.com/zero-knowledge-proof/ ZKP’s (continued)

Figure 36: https://www.cryptologie.net/article/193/schnorrs-signature-and-non-interactive-protocols/

51 ZKP’s (continued)

Figure 37: https://www.cryptologie.net/article/193/schnorrs-signature-and-non-interactive-protocols/

52 Oblivious Transfer

Oblivious Transfer (OT): ”... a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred. Claude Crépeau showed that Rabin’s oblivious transfer is equivalent to 1-2 oblivious transfer”. • https://www.semanticscholar.org/topic/ Oblivious-transfer/333513 • https://en.wikipedia.org/wiki/Oblivious_transfer https://crypto.stanford.edu/~dabo/courses/cs355_ spring14/syllabus.html • https://www.cis.upenn.edu/~nadiah/courses/ cis800-02-f13/hemenway-otsmc.pdf (No lo veremos ahora) • https://github.com/mayank0403/ Oblivious-Transfer-and-Zero-Knowledge-Proof 53 1-out of 2 OT

• Alice has two messages, m0, m11 and wants to send exactly one of them to Bob. Bob does not want Alice to know which one he receives. • Alice generates an RSA key pair, comprising the modulus N, the public exponent e and the private exponent d.

• She also generates two random values, x0, x1 and sends them to Bob along with her public modulus and exponent. • Bob picks b to be either 0 or 1, and selects either the first or second

xb.

54 1-out of 2 OT (Contd.)

• Bob generates a random value k and blinds xb by computing e v = (xb + k ) mod N, which he sends to Alice.

• Alice doesn’t know (and hopefully cannot determine) which of x0 and x1 Bob chose. She applies both of her random values and comes d up with two possible values for k:k0 = (v − x0) mod N and d k1 = (v − x1) mod N. One of these will be equal to k and can be correctly decrypted by Bob (but not Alice), while the other will produce a meaningless random value that does not reveal any information about k.

55 1-out of 2 OT (Contd...)

• She combines the two secret messages with each of the possible 0 0 keys, m0 = m0 + k0 and m1 = m1 + k1, and sends them both to Bob. • Bob knows which of the two messages can be unblinded with k, so 0 he is able to compute exactly one of the messages mb = mb − k.

56 Some Applications

Figure 38: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/

57 Math 4 Attacks Attacks = preemptive defense

Attack is the secret of defense; defense is the planning of an at- tack. Sun Tzu, The Art of War

58 Attacks

Stream Ciphers Lattice Based • Linear Feedback Shift Registers • Lattice Reduction (LSFR) Keystream Generators • Coppersmith small roots • Correlation attacks, Maximum Likelihood • Algebraic • Non linear FSR’s • Cube Attacks

59 Emerging Topic: IoT IoT

IoT: A world of interconnected smart devices

Figure 39: https://www.edureka.co/blog/iot-applications/

Smart: appliances (fridge, dishwasher, coffe machine...)/ home (Intruder detection, doors, lights, heating...)/ health (Pace counter, heart rate,

rfids...)/ Transportation (air taxis, train...) 60 But...

• Loss of Privacy/control • Subversion potential • Mistaken Id. • other

Figure 40: Smart Home Environment 61 Future of encryption

• homomorphic encryption • honey - e • functional - e • quantum key - e

https://www.nsf.gov/discoveries/disc_videos.jsp?org=NSF& cntn_id=136673&media_id=79594

62 Thank You

Figure 41: Gary Larson: The far side 63 Further info

• An interview with Prof. Damgard on SMPC https://video.itu.dk/video/20232796/ ivan-damgard-secure-multi-party-computation-1 • SMPC in a nutshell https://www.reddit.com/r/instar/comments/8k6yir/ secure_multiparty_computation_smpc_in_a_nutshell/ • Gary Larson’s The far side: https://www.theverge.com/2019/12/17/21026417/ the-far-side-gary-larson-comic-website-first-time and https://www.thefarside.com/ • An article on homomorphic encryption 2016: Homomorphic Encryption Algorithms for Securing Data against Untrusted Cloud, G. Somani, S. Garg, International Journal of Advanced Research in Computer and Communication Engineering ISO 3297:2007 Certified, Vol. 5, Issue 7, July 2016

64