Math4Security
Julio López Fenner Departamento Ciencias de Computación e Informática (DCI), Universidad de La Frontera, Temuco, Chile
January 2020 English Week 2019, IUT2, Université Grenoble Alpes, Grenoble, France Outline
What is Security?
Math 4 Crypto Computational Number Theory & Algebra Probability & Statistics Elliptic Curves
Emerging Topic: IoT
1 What is Security? Shutdown or the most secure system
2
Figure 1: https://techlawforum.files.wordpress.com/2017/03/internet-shutdowns.jpg Security
3 Digital Footprints and social engineering
Figure 2: https://www.teachthought.com/the-future-of-learning/11-tips-for-students-tomanage-their-digital-footprints/ 4 Social Engineering: OSINT
Figure 3: https://www.pcwdld.com/osint-tools-and-software
5 OSINT
https://www.pcwdld.com/osint-tools-and-software • Recon-ng: A web reconnaissance and OSINT framework written in Python. It can automate the process of information-gathering by thoroughly and quickly exploring the open-source information on the web. • Shodan: Search engine for interconnected or IoT devices. It can also be used to monitor databases to see if they have data leaks on public sites, and it can even find hidden video game servers within corporate networks. • Maltego: Computer forensics, GHDB (Google Hacking Database), etc.
6 10 Steps for Cybersecurity
Figure 4: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png 7 Information Security
Figure 5: https://www.techopedia.com/definition/10282/information-security-is 8 The Parkerian Hexad
Figure 6: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png
9 The CIA Triad
10
Figure 7: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png Parker 1998
Figure 8: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png 11 Vulnerabilities of Computing Systems
Figure 9: https://books.google.co.in/books/about/Security_in_Computing.html?id=O3VB-zspJo4C
12 Find the X!
13 Figure 10: https://www.tshirtsandallstore.com/63-thickbox_default/why-do-we-need-math.jpg Responsive or Preemptive?
Figure 11: http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418
14 Math for Cybersecurity
Entry level cyber security careers generally only require basic math concepts that are used in binary, cryptography or programming tasks, https://startacybercareer.com/do-i-need-math-for-cyber-security/
Contents
• Probability theory • Data Analysis & Statistics • Analysis of algorithms • Graph Theory • Complexity theory • Game Theory • Number theory • Visualization & String Analysis • Group theory • Linear Algebra
15 Math 4 Crypto Math 4 Crypto
Contents • Classical cryptographical constructions: Diffie Hellman Key exchange, discrete logarithm, RSA cryptosystems, digital signatures • Mathematical tools: primality testing, factorization algorithms, probability theory, information theory, collission algorithms • Innovations: Elliptic curves, latttice based cryptography, NTRU cryptosystems
16 The integers
17 Solving linear congruences
Divisibility Primality a divides b is a divisor of c is a Fundamental theorem of multiple of d is divisible by e with arithmetic: Every non-zero integer remainder r and integer division k. is a product of primes:
e1 e2 er b = k ·a+r, r ∈ {0, 1,... a−1}. n = ±p1 p2 ... pr .
The mod operator
a mod b := r ⇐⇒ a = q · b + r, 0 ≤ r < b
18 Solving linear congruences a · z = b mod n
19 Chinese remainder theorem
20 ∗ ∗ Residue Classes Zn and Euler’s phi function ϕ(n) := |Zn|
21 ∗ ∗ Residue Classes Zn and Euler’s phi function ϕ(n) := |Zn|
Zn = {[0], [1],... [n − 1]:[i] = i + nZ} the set of residue classes modulo n.
∗ −1 Zn = {α ∈ Zn : ∃α ⇐⇒ gcd(α, n) = 1}
the set of elements of Zn that have a multiplicative inverse.
n is prime n composite
∗ ∗ Zn = Zn \{[0]} Zn (Zn \{[0]}
22 Some properties of ϕ with primes
• ϕ(pe ) = pe − pe−1 = pe−1(p − 1)
e1 e2 er Qr • n = p1 · p2 ··· pr , then ϕ(n) = n i=1(1 − 1/pi ) ∗ ϕ(n) • Euler’s theorem: α ∈ Zn, then α = 1. p • Fermat’s little theorem: p prime, then for all α ∈ Zp: α = α. • Wilson’s theorem: p 6= 2 prime number: (p − 1)! = −1 mod p.
23 Long story short: What can we do with integers?
Caesar’s encryption or affine encryption
x 7→ x + k mod 26, k ∈ Z26 2 x 7→ a · x + b mod 26 k = (a, b) ∈ Z26
Block (stream) encryption Example: Blocks of 10 bits https://www.usna.edu/Users/cs/wcbrown/courses/S18SI335/notes/03/notes.html
24 Long story short: What can we do with integers?
Figure 12: https://cdn.ttgtmedia.com/rms/onlineImages/block_stream_cipher_01_mobile.jpg
25 RSA or Public Key
Figure 13: https://www.isites.info/PastConferences/ISITES2015/ISITES2015/papers/B7-ISITES2015ID28.pdf 26 RSA Key Gen
27 Kerkhoff’s principles
28 Secrecy of the Key not the Method!
Diffie-Hellman Key exchange
Figure 14: https://www.practicalnetworking.net/wp-content/uploads/2015/11/dh-revised.png 29 Other Applications
Signatures
Figure 15: https://www.tutorialspoint.com/cryptography/images/public_key_cryptography.jpg 30 Other Applications
Hash functions
Figure 16: http://i.stack.imgur.com/eCCob.png 31 Hash functions for Crypto
Figure 17: commons.wikimedia.com
32 Birthday Paradox
Figure 18: https://demonstrations.wolfram.com/BirthdayParadoxProbabilityEstimates/ 33 Salting the Hash
Figure 19: https://crackstation.net/hashing-security.htm
Needs Random Numbers (Cryptographically secure)
Figure 20: https://laughingsquid.com/cloudflare-wall-of-lava-lamps/
34 Elliptic curve cryptosystems (ECC)
ECC Procedure • Discovered 1985 by Miller & • y 2 = x 3 + ax + b Koblitz • Horizontal symmetry • Base upon logarithms in finite • Any vertical line intersect the fields curve at three points at most • Provides equivalent security as RSA with shorter Key lengths,
Figure 21: 35 https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/ The Diffie-Hellman Elliptic-Curve Key Exchange (DHEC)
• Alice and Bob first agree to use the same curve and a few other parameters, and then they pick a random point G on the curve. • Alice choose secret α, Bob choose secret β and each determine αG and βG which they interchange publicly. • The secret is S = α(βG) = β(αG)
Figure 22: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/
36 DHEC
DHEC uses a publicly known equation with large coefficients and modulus, for example, curve1559, which might very well be securing your browser right now.
Figure 23: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/
Elliptic-curve Diffie-Hellman allows microprocessors to securely determine a shared secret key while making it very difficult for a bad actor to determine that same shared key.
37 The NSA-Cryptography controversy of 2012
Figure 24: https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/comment-page-5/
38 NSA Backdoors?
• Random number generators: The Dual-EC-DBRG generator was based on an elliptic curve cryptosystem, ... was proposed as a standard by NIST (with the technical support of NSA) in 2006, and became a U.S. standard (NIST Special Publication 800-90A) in 2007. • Parameters for Dual-EC were specified as certain constants with no explanation or justification for those numbers. • “Based on public concerns and an evaluation of the algorithm, NIST is proposing the removal of the Dual Elliptic Curve Deterministic
Random Bit Generator.” https://www.nist.gov/news-events/news/2015/06/
nist-revises-key-computer-security-publication-random-number-generation • ISO blocks NSA’s latest IoT encryption systems amid murky tales of backdoors and bullying. Experts complain of shoddy tech specs and personal attacks https://www.theregister.co.uk/2018/04/25/nsa_iot_encryption/
39 NSA 2020?
Figure 25: https://searchsecurity.techtarget.com/news/252476828/NSA-reports-flaw-in-Windows-cryptography-core
Affects: HTTPS connections, signed files and emails and signed executable code.
Figure 26: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF 40 Splitting the bits: SMPC
Shamir’s secret sharing
Figure 27: https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing and https://image.cagle.com/195595/750/195595.png
41 Splitting the bits: SMPC
An example
Figure 28: https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing
42 SMPC
Figure 29: https://en.wikipedia.org/wiki/Secure_multi-party_computation
43 SMPC
Figure 30: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/
44 Millionnaire’s problem
Figure 31: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/
45 Protocols
• Zero knowledge proof’s: Prove to other parties that [something] is true without revealing anything about that [something] • (Shamir’s) (Threshold) Secret Sharing: A pre-configured amount of parties have to agree (threshold) to decrypt the answer before the answer can be decrypted. • Oblivious Transfer: Fragmented data is sent without revealing what and when part of the data is sent.
46 ZKP’s
47
Figure 32: https://101blockchains.com/zero-knowledge-proof/ ZKP’s (continued)
Figure 33: https://www.cryptologie.net/article/193/schnorrs-signature-and-non-interactive-protocols/
48 ZKP’s (continued)
Figure 34: https://www.cryptologie.net/article/193/schnorrs-signature-and-non-interactive-protocols/
49 Oblivious Transfer
Oblivious Transfer (OT): ”... a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred. Claude Crépeau showed that Rabin’s oblivious transfer is equivalent to 1-2 oblivious transfer”. • https://www.semanticscholar.org/topic/ Oblivious-transfer/333513 • https://en.wikipedia.org/wiki/Oblivious_transfer https://crypto.stanford.edu/~dabo/courses/cs355_ spring14/syllabus.html • https://www.cis.upenn.edu/~nadiah/courses/ cis800-02-f13/hemenway-otsmc.pdf (No lo veremos ahora) • https://github.com/mayank0403/ Oblivious-Transfer-and-Zero-Knowledge-Proof 50 1-out of 2 OT
• Alice has two messages, m0, m11 and wants to send exactly one of them to Bob. Bob does not want Alice to know which one he receives. • Alice generates an RSA key pair, comprising the modulus N, the public exponent e and the private exponent d.
• She also generates two random values, x0, x1 and sends them to Bob along with her public modulus and exponent. • Bob picks b to be either 0 or 1, and selects either the first or second
xb.
51 1-out of 2 OT (Contd.)
• Bob generates a random value k and blinds xb by computing e v = (xb + k ) mod N, which he sends to Alice.
• Alice doesn’t know (and hopefully cannot determine) which of x0 and x1 Bob chose. She applies both of her random values and comes d up with two possible values for k:k0 = (v − x0) mod N and d k1 = (v − x1) mod N. One of these will be equal to k and can be correctly decrypted by Bob (but not Alice), while the other will produce a meaningless random value that does not reveal any information about k.
52 1-out of 2 OT (Contd...)
• She combines the two secret messages with each of the possible 0 0 keys, m0 = m0 + k0 and m1 = m1 + k1, and sends them both to Bob. • Bob knows which of the two messages can be unblinded with k, so 0 he is able to compute exactly one of the messages mb = mb − k.
53 Some Applications
Figure 35: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/
54 Emerging Topic: IoT IoT
IoT: A world of interconnected smart devices
Figure 36: https://www.edureka.co/blog/iot-applications/
Smart: appliances (fridge, dishwasher, coffe machine...)/ home (Intruder detection, doors, lights, heating...)/ health (Pace counter, heart rate,
rfids...)/ Transportation (air taxis, train...) 55 But...
• Loss of Privacy/control • Subversion potential • Mistaken Id. • other
Figure 37: Smart Home Environment 56 Future of encryption
• homomorphic encryption • honey - e • functional - e • quantum key - e
https://www.nsf.gov/discoveries/disc_videos.jsp?org=NSF& cntn_id=136673&media_id=79594
57 Thank You
Figure 38: Gary Larson: The far side 58