Math4Security

Julio López Fenner Departamento Ciencias de Computación e Informática (DCI), Universidad de La Frontera, Temuco, Chile

January 2020 English Week 2019, IUT2, Université Grenoble Alpes, Grenoble, France Outline

What is Security?

Math 4 Crypto Computational Number Theory & Algebra Probability & Statistics Elliptic Curves

Emerging Topic: IoT

1 What is Security? Shutdown or the most secure system

2

Figure 1: https://techlawforum.files.wordpress.com/2017/03/internet-shutdowns.jpg Security

3 Digital Footprints and social engineering

Figure 2: https://www.teachthought.com/the-future-of-learning/11-tips-for-students-tomanage-their-digital-footprints/ 4 Social Engineering: OSINT

Figure 3: https://www.pcwdld.com/osint-tools-and-software

5 OSINT

https://www.pcwdld.com/osint-tools-and-software • Recon-ng: A web reconnaissance and OSINT framework written in Python. It can automate the process of information-gathering by thoroughly and quickly exploring the open-source information on the web. • Shodan: Search engine for interconnected or IoT devices. It can also be used to monitor databases to see if they have data leaks on public sites, and it can even find hidden video game servers within corporate networks. • Maltego: Computer forensics, GHDB (Google Hacking Database), etc.

6 10 Steps for Cybersecurity

Figure 4: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png 7 Information Security

Figure 5: https://www.techopedia.com/definition/10282/information-security-is 8 The Parkerian Hexad

Figure 6: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png

9 The CIA Triad

10

Figure 7: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png Parker 1998

Figure 8: https://i.pinimg.com/originals/11/f9/ca/11f9caf74854ecba52b9d6067a7e6238.png 11 Vulnerabilities of Computing Systems

Figure 9: https://books.google.co.in/books/about/Security_in_Computing.html?id=O3VB-zspJo4C

12 Find the X!

13 Figure 10: https://www.tshirtsandallstore.com/63-thickbox_default/why-do-we-need-math.jpg Responsive or Preemptive?

Figure 11: http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418

14 Math for Cybersecurity

Entry level cyber security careers generally only require basic math concepts that are used in binary, cryptography or programming tasks, https://startacybercareer.com/do-i-need-math-for-cyber-security/

Contents

• Probability theory • Data Analysis & Statistics • Analysis of algorithms • Graph Theory • Complexity theory • Game Theory • Number theory • Visualization & String Analysis • Group theory • Linear Algebra

15 Math 4 Crypto Math 4 Crypto

Contents • Classical cryptographical constructions: Diffie Hellman Key exchange, discrete logarithm, RSA cryptosystems, digital signatures • Mathematical tools: primality testing, factorization algorithms, probability theory, information theory, collission algorithms • Innovations: Elliptic curves, latttice based cryptography, NTRU cryptosystems

16 The integers

17 Solving linear congruences

Divisibility Primality a divides b is a divisor of c is a Fundamental theorem of multiple of d is divisible by e with arithmetic: Every non-zero integer remainder r and integer division k. is a product of primes:

e1 e2 er b = k ·a+r, r ∈ {0, 1,... a−1}. n = ±p1 p2 ... pr .

The mod operator

a mod b := r ⇐⇒ a = q · b + r, 0 ≤ r < b

18 Solving linear congruences a · z = b mod n

19 Chinese remainder theorem

20 ∗ ∗ Residue Classes Zn and Euler’s phi function ϕ(n) := |Zn|

21 ∗ ∗ Residue Classes Zn and Euler’s phi function ϕ(n) := |Zn|

Zn = {[0], [1],... [n − 1]:[i] = i + nZ} the set of residue classes modulo n.

∗ −1 Zn = {α ∈ Zn : ∃α ⇐⇒ gcd(α, n) = 1}

the set of elements of Zn that have a multiplicative inverse.

n is prime n composite

∗ ∗ Zn = Zn \{[0]} Zn (Zn \{[0]}

22 Some properties of ϕ with primes

• ϕ(pe ) = pe − pe−1 = pe−1(p − 1)

e1 e2 er Qr • n = p1 · p2 ··· pr , then ϕ(n) = n i=1(1 − 1/pi ) ∗ ϕ(n) • Euler’s theorem: α ∈ Zn, then α = 1. p • Fermat’s little theorem: p prime, then for all α ∈ Zp: α = α. • Wilson’s theorem: p 6= 2 prime number: (p − 1)! = −1 mod p.

23 Long story short: What can we do with integers?

Caesar’s encryption or affine encryption

x 7→ x + k mod 26, k ∈ Z26 2 x 7→ a · x + b mod 26 k = (a, b) ∈ Z26

Block (stream) encryption Example: Blocks of 10 bits https://www.usna.edu/Users/cs/wcbrown/courses/S18SI335/notes/03/notes.html

24 Long story short: What can we do with integers?

Figure 12: https://cdn.ttgtmedia.com/rms/onlineImages/block_stream_cipher_01_mobile.jpg

25 RSA or Public Key

Figure 13: https://www.isites.info/PastConferences/ISITES2015/ISITES2015/papers/B7-ISITES2015ID28.pdf 26 RSA Key Gen

27 Kerkhoff’s principles

28 Secrecy of the Key not the Method!

Diffie-Hellman Key exchange

Figure 14: https://www.practicalnetworking.net/wp-content/uploads/2015/11/dh-revised.png 29 Other Applications

Signatures

Figure 15: https://www.tutorialspoint.com/cryptography/images/public_key_cryptography.jpg 30 Other Applications

Hash functions

Figure 16: http://i.stack.imgur.com/eCCob.png 31 Hash functions for Crypto

Figure 17: commons.wikimedia.com

32 Birthday Paradox

Figure 18: https://demonstrations.wolfram.com/BirthdayParadoxProbabilityEstimates/ 33 Salting the Hash

Figure 19: https://crackstation.net/hashing-security.htm

Needs Random Numbers (Cryptographically secure)

Figure 20: https://laughingsquid.com/cloudflare-wall-of-lava-lamps/

34 Elliptic curve cryptosystems (ECC)

ECC Procedure • Discovered 1985 by Miller & • y 2 = x 3 + ax + b Koblitz • Horizontal symmetry • Base upon logarithms in finite • Any vertical line intersect the fields curve at three points at most • Provides equivalent security as RSA with shorter Key lengths,

Figure 21: 35 https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/ The Diffie-Hellman Elliptic-Curve Key Exchange (DHEC)

• Alice and Bob first agree to use the same curve and a few other parameters, and then they pick a random point G on the curve. • Alice choose secret α, Bob choose secret β and each determine αG and βG which they interchange publicly. • The secret is S = α(βG) = β(αG)

Figure 22: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/

36 DHEC

DHEC uses a publicly known equation with large coefficients and modulus, for example, curve1559, which might very well be securing your browser right now.

Figure 23: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/

Elliptic-curve Diffie-Hellman allows microprocessors to securely determine a shared secret key while making it very difficult for a bad actor to determine that same shared key.

37 The NSA-Cryptography controversy of 2012

Figure 24: https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/comment-page-5/

38 NSA Backdoors?

• Random number generators: The Dual-EC-DBRG generator was based on an elliptic curve cryptosystem, ... was proposed as a standard by NIST (with the technical support of NSA) in 2006, and became a U.S. standard (NIST Special Publication 800-90A) in 2007. • Parameters for Dual-EC were specified as certain constants with no explanation or justification for those numbers. • “Based on public concerns and an evaluation of the algorithm, NIST is proposing the removal of the Dual Elliptic Curve Deterministic

Random Bit Generator.” https://www.nist.gov/news-events/news/2015/06/

nist-revises-key-computer-security-publication-random-number-generation • ISO blocks NSA’s latest IoT encryption systems amid murky tales of backdoors and bullying. Experts complain of shoddy tech specs and personal attacks https://www.theregister.co.uk/2018/04/25/nsa_iot_encryption/

39 NSA 2020?

Figure 25: https://searchsecurity.techtarget.com/news/252476828/NSA-reports-flaw-in-Windows-cryptography-core

Affects: HTTPS connections, signed files and emails and signed executable code.

Figure 26: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF 40 Splitting the bits: SMPC

Shamir’s secret sharing

Figure 27: https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing and https://image.cagle.com/195595/750/195595.png

41 Splitting the bits: SMPC

An example

Figure 28: https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing

42 SMPC

Figure 29: https://en.wikipedia.org/wiki/Secure_multi-party_computation

43 SMPC

Figure 30: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/

44 Millionnaire’s problem

Figure 31: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/

45 Protocols

• Zero knowledge proof’s: Prove to other parties that [something] is true without revealing anything about that [something] • (Shamir’s) (Threshold) Secret Sharing: A pre-configured amount of parties have to agree (threshold) to decrypt the answer before the answer can be decrypted. • Oblivious Transfer: Fragmented data is sent without revealing what and when part of the data is sent.

46 ZKP’s

47

Figure 32: https://101blockchains.com/zero-knowledge-proof/ ZKP’s (continued)

Figure 33: https://www.cryptologie.net/article/193/schnorrs-signature-and-non-interactive-protocols/

48 ZKP’s (continued)

Figure 34: https://www.cryptologie.net/article/193/schnorrs-signature-and-non-interactive-protocols/

49 Oblivious Transfer

Oblivious Transfer (OT): ”... a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred. Claude Crépeau showed that Rabin’s oblivious transfer is equivalent to 1-2 oblivious transfer”. • https://www.semanticscholar.org/topic/ Oblivious-transfer/333513 • https://en.wikipedia.org/wiki/Oblivious_transfer https://crypto.stanford.edu/~dabo/courses/cs355_ spring14/syllabus.html • https://www.cis.upenn.edu/~nadiah/courses/ cis800-02-f13/hemenway-otsmc.pdf (No lo veremos ahora) • https://github.com/mayank0403/ Oblivious-Transfer-and-Zero-Knowledge-Proof 50 1-out of 2 OT

• Alice has two messages, m0, m11 and wants to send exactly one of them to Bob. Bob does not want Alice to know which one he receives. • Alice generates an RSA key pair, comprising the modulus N, the public exponent e and the private exponent d.

• She also generates two random values, x0, x1 and sends them to Bob along with her public modulus and exponent. • Bob picks b to be either 0 or 1, and selects either the first or second

xb.

51 1-out of 2 OT (Contd.)

• Bob generates a random value k and blinds xb by computing e v = (xb + k ) mod N, which he sends to Alice.

• Alice doesn’t know (and hopefully cannot determine) which of x0 and x1 Bob chose. She applies both of her random values and comes d up with two possible values for k:k0 = (v − x0) mod N and d k1 = (v − x1) mod N. One of these will be equal to k and can be correctly decrypted by Bob (but not Alice), while the other will produce a meaningless random value that does not reveal any information about k.

52 1-out of 2 OT (Contd...)

• She combines the two secret messages with each of the possible 0 0 keys, m0 = m0 + k0 and m1 = m1 + k1, and sends them both to Bob. • Bob knows which of the two messages can be unblinded with k, so 0 he is able to compute exactly one of the messages mb = mb − k.

53 Some Applications

Figure 35: https://www.reddit.com/r/instar/comments/8k6yir/secure_multiparty_computation_smpc_in_a_nutshell/

54 Emerging Topic: IoT IoT

IoT: A world of interconnected smart devices

Figure 36: https://www.edureka.co/blog/iot-applications/

Smart: appliances (fridge, dishwasher, coffe machine...)/ home (Intruder detection, doors, lights, heating...)/ health (Pace counter, heart rate,

rfids...)/ Transportation (air taxis, train...) 55 But...

• Loss of Privacy/control • Subversion potential • Mistaken Id. • other

Figure 37: Smart Home Environment 56 Future of encryption

• homomorphic encryption • honey - e • functional - e • quantum key - e

https://www.nsf.gov/discoveries/disc_videos.jsp?org=NSF& cntn_id=136673&media_id=79594

57 Thank You

Figure 38: Gary Larson: The far side 58