Last active
August 29, 2015 13:56
-
-
Save japesinator/8845678 to your computer and use it in GitHub Desktop.
Stream Cipher Presentation for ISUSEC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
XOR, Stream Ciphers, and Crib dragging | |
Boolean Logic | |
``` | |
AND OR XOR | |
---- ---- ---- | |
TT|T TT|T TT|F | |
TF|F TF|T TF|T | |
FT|F FT|T FT|T | |
FF|F FF|F FF|F | |
``` | |
Properties of XOR: | |
* output is 50% T, 50% F. | |
* given only one random input, get random output | |
* structured data ^ random data == random data | |
* structured data ^ structured data != random data | |
* (a ^ b) ^ b == a | |
One Time Pads | |
* key is essentially random data | |
* size of key >= size of message | |
* E(k, m) = k ^ m | |
* D(c, m) = c ^ m | |
* perfect secrecy! | |
Problems: | |
* must first transmit a key of size >= the message | |
* to transmit x bits securely, you must first transmit >= x bits securely. | |
Solutions: | |
* pseudo-random generator | |
* takes 128/256/512/whatever bit key | |
* returns huge key | |
* if keysize is 128 bits and it takes .00001 s to generate a key and decrypt | |
* takes 8 * age of universe to try all keys | |
* actually a bit less b/c you probably won't have to try all keys, but still a while | |
Stream Ciphers: | |
Algorithm: | |
1. Take key k | |
2. Generate big key, k' | |
3. xor message with k' | |
4. send | |
Vulnerabilities: | |
* theoretically, none | |
* practically, several | |
* get the key! side-channel attack, compromised machine, bad protocol | |
* key reuse <- what we're doing today | |
* also how we broke WEP | |
Crib dragging: | |
* c1 ^ c2 == (m1 ^ k) ^ (m2 ^ k) == m1 ^ m2 | |
* we can say "if m1 contained $GUESS, m2 would look like $OTHER_STRING" | |
* if two messages are encrypted w/ the same key, we can break the encryption | |
* we can't always break it, but we can guess | |
* https://github.com/SpiderLabs/cribdrag | |
* see isusec.com for target strings |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment