cryptology - antônio lacerda

103
I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal Antônio Lacerda Researcher – Inmetro Cryptology

Upload: rodrigo-almeida

Post on 20-Jun-2015

390 views

Category:

Technology


0 download

DESCRIPTION

Palestra proferida por Antônio Lacerda no I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

TRANSCRIPT

Page 1: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Antônio LacerdaResearcher – Inmetro

Cryptology

Page 2: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Antônio LacerdaInmetro's Researcher

Cryptography used to be an obscure science, of little relevance to everyday life. Historically, it always had a special role in military and

diplomatic communications.

It's time for cryptography to step out of the shadows of spies and the military, and step into the sunshine and be embraced by the rest of us.

(The Code Book, Simon Singh)

Page 3: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Emitter ReceiverCommunication

Channel

Normal Flow of Communication

Page 4: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

What is Cryptology?

Page 5: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptology is the science whose goal is to protect communication against intentional and not allowed interferences.

Cryptology is supported by several other areas: mathematics, computer science, physics, psychologhy, philolgy etc.

Is Cryptology a branch of mathematics? I disagree!

Page 6: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptology is a new old science!

Old because it is a millennial science.

In fact, “protection of sensitive information is a desire reaching back to the beginnings of human culture” (Otto Horak).

New because the first time we saw an announced lecture series under the open title “Cryptology” took place in German in 1981.

Before this, the few ones took place under the name “Special Problems of Information Theory”.

Page 7: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptology is divided in two (or four) subareas:

- Cryptography (and its counterparty: cryptanalysis)

- Steganography (and its counterparty: steganalysis)

From Greek:- kryptos = hidden- steganos = covered

Page 8: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptography aims to protect the communication in a insecure channel.

Emitter ReceiverInsecure Communication

Channel

Cryptanalisys aims to break the cryptography.

Page 9: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Steganography aims to protect the existence of the communication.

Emitter ReceiverCommunication

Channel

Steganalisys aims to break the steganography and to discover the existence of the communication.

Page 10: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptography: overt secret writing

Steganography: covert secret writing

Page 11: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Steganography

Page 12: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

What is steganography?

Part of Cryptology involving knowledge and techniques to hide or to camouflage a message inside another.

Page 13: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Steganography

Steganography

Page 14: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Steganography by kids:

Inglourious BastardsNotting HillMission: ImpossibleEdward ScissorhandsTrue LiesRaiders of the Lost ArkOctober Sky

Page 15: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Steganography by kids:

Inglourious BastardsNotting HillMission: ImpossibleEdward ScissorhandsTrue LiesRaiders of the Lost ArkOctober Sky

Page 16: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Ancient steganography:

- Tattooed messages on head of messengers.

- Messages in stomach of hunted animals.

- Messages on wood logs covered with wax.

Page 17: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Modern steganography:

- Invisible inks.

- Microdots.

- LSB (Least Significant Bit).

- Covert channels.

Page 18: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Modern steganography: Invisible ink

Page 19: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptography

Page 20: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

What is cryptography?

Part of cryptology involving knowledge and techniques to transform information in its original form into an illegible form,

so that only the emitter and receiver can access the original content by using a secret.

Page 21: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Services provided by Cryptography:

- Confidentiality: To allow access only to authorized people.

- Integrity: To assure that the content of the message was not modified.

- Authenticity: To assure that the emitter and receiver are who they claim they are.

- Non-repudiation (non-retractability): The emitter cannot deny he is the message sender.

Page 22: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Attention

There isn't an algorithm that is capable to provide all cryptographic services. For each service, you will need one or

more algorithms.

Page 23: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Attacks to communication

Page 24: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Emitter ReceiverCommunication

Channel

Again: Normal Flow of Communication

Every modification in normal flow not allowed by emitter or receiver is an attack.

Page 25: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Interception

The attacker has access to the content of the message.

Interception is an attack against confidentiality.

Emitter Receiver

Attacker

Page 26: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

ModificationThe attacker has access to the content of the message, furthermore he/she modify the content of the message.

Modification is an attack against integrity.

Emitter Receiver

Attacker

Page 27: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

FabricationThe attacker yields a message and send it to the receiver,

inserting counterfeit data.

Fabrication is an attack against authenticity.

Emitter Receiver

Attacker

Page 28: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

InterruptionThe attacker interrupts the communication.

Interruption is an attack against availability.

Cryptology is useless in this case!

Emitter Receiver

Attacker

Page 29: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Integrity

Page 30: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

ModificationThe attacker has access to the content of the message, furthermore he/she modify the content of the message.

Modification is an attack against integrity.

Emitter Receiver

Attacker

Page 31: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

How to guarantee the integrity of a message against intentional modification? Answer: Hash Function.

Integrity

Page 32: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

In Portuguese:

Substantivo1 - Prato feito de carne moída misturada com batata assada ou frita.2 - Bagunça, confusão.

Verbo1 - Cortar em pequenos pedaços.2 - Misturar, confundir.

What does “hash” means?

In English:

Noun1 - A dish of chopped meat, potatoes, and sometimes vegetables, usually browned.2 - Mess, confusion.

Verb1 - To chop into pieces.2 - To mix or mess up

Page 33: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

In Portuguese:

função de confusão (strange!)

função de dispersão (it sounds better!)

função hash (it's more common.)

So what does “hash function” means?

Page 34: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

It receives as input a sequence of bits, of any size (can be a character, a string, or even a file) and generates another sequence of bits of fixed length, called hash or digest.

The digest works as a security seal, because a simple change in one of the input bits completely changes the original digest.

A hash function is a one-way function. That is, it's not possible to recover the original message from the digest.

Hash Function

Page 35: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Nonsense!?

If the original data can not be recovered from the digest, then why use hash functions?

Although it seems contradictory, it's exactly because this feature that hash functions are so useful.

Hash Function

Page 36: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

MD5 (Message-Digest algorithm 5): Algorithm of 128 bits developd in 1991 by Ron Rivest.

SHA (Secure Hash Algorithm): A family of algorithms developed by NIST and NSA.

Whirlpool: Algorithm developed by Paulo Barreto (USP) and Vincent Rijmen (co-author of AES).

Some very known Hash Functions

Page 37: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

MD5("Inmetro") = 0101001111101001000011010111000 1010111100010000001011001101000101111001011111000010101110010100111000111010110011001001001010100

MD5("inmetro") = 01011011001100001010100100011001101101110010011111010000111100001001101000000111100110101000000001100100101111011111100000010110

An example with MD5

Page 38: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Bits 001-032: 0101.0011.1110.1001.0000.1101.0111.0001Bits 001-032: 0101.1011.0011.0000.1010.1001.0001.1001

Bits 033-064: 0101.1110.0010.0000.0101.1001.1010.0010Bits 033-064: 1011.0111.0010.0111.1101.0000.1111.0000

Bits 065-096: 1111.0010.1111.1000.0101.0111.0010.1001Bits 065-096: 1001.1010.0000.0111.1001.1010.1000.0000

Bits 097-128: 1100.0111.0101.1001.1001.0010.0101.0100Bits 097-128: 0110.0100.1011.1101.1111.1000.0001.0110

Result: 59 bits changed. 46% of bits affected. (Avalanche Effect)

An example with MD5

Page 39: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Confidentiality

Page 40: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Interception

The attacker has access to the content of the message.

Interception is an attack against confidentiality.

Emitter Receiver

Attacker

Page 41: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Confidentiality was the first service provided by Cryptology.

It can be reached by ciphers and codes.

Confidentiality

Page 42: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Contrary to layman's perception, code and cipher are not synonymous.

Cipher is a manipulation in the representation of the message.

Code is a manipulation in the meaning of the message.

Cipher X Code

Page 43: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Confidentialityby Code

Page 44: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Replace each word or phrase in the original message with another character or symbol (or a set of them).

The list of replacements is contained in a codebook.

Code is not flexible. If a codebook is leaked, then the emitter and receiver must re-writing the entire codebook.

Code

Page 45: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Morse codeNATO phonetic codeQ codeBar codeQR code

Examples of Public Codes

Page 46: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Famous example: Zimmermann Telegram

Arthur Zimmermann, State Secretary for Foreign Affairs of the German Empire, sent a telegram to the German ambassador in Mexico, asking him to propose an alliance to Mexico's president to attack the USA.

The aim was to force the USA to the World War I.

Page 47: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Famous example: Zimmermann Telegram

The telegram is not ciphered; it is coded.

Page 48: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Famous example: Zimmermann Telegram

Page 49: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

The Zimmermann telegram was decoded by famous “Room 40”.

Room 40↓

Government Code and Cypher School (GC&CS)↓

Government Communications Headquarters (GCHQ)

Page 50: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Page 51: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Confidentialityby Cipher

Page 52: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Imagine you have a message well represented. Then you “mess” this representation in a pre-defined mean that permit you recover the message in its original representation.

The pre-defined mean is called algorithm. Another input to this algorithm is the key.

The key is the flexible part of a cipher.

Cipher

Page 53: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Remember: Code is not flexible. If a codebook is leaked, then the emitter and receiver must re-writing the entire codebook.

If a cipher key is leaked, then emitter and receiver must choose another key without changing the algorithm.

Cipher X Code

Page 54: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cipher

Cipher

Page 55: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Code

Code

Page 56: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Decipher

Decipher

Page 57: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Decode

Decode

Page 58: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Actor Action Input

Emittercipher key

code codebook

Receiverdecipher key

decode codebook

Attacker cryptanalyze (or break) - - -

Encrypt = cipher or code.Decrypt = decipher or decode.

Page 59: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Substitution Cipher

Page 60: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Exampleoriginal: i n m e t r ociphered: L Q P H W U R

Caesar Cipher (Substitution Cipher)

Page 61: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Example 1: key: i n m e t r o i n m e t r o i noriginal: w e w e r e d i s c o v e r e dciphered: E R I I K V R Q F O S O V F M Q

Example 2: key: d i m e l d i m e l d i m e l doriginal: w e w e r e d i s c o v e r e dciphered: Z M I I C H L U W N R D Q V P G

Vigenere Cipher (Substitution Cipher)

Page 62: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Page 63: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Vigenere Cipher (Substitution Cipher)

For a layman, the Vigenere cipher seems unbreakable.

In fact, an article in Scientific American, in 1917, considered the Vigenere cipher impossible to be broken.

Now, less than a century later, Vigenere cipher is completely breakable.

Page 64: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Transposition Cipher

Page 65: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

original:we recovered the money, but we lost two men.

key: i n m e t r ocolumns: w e r e c o v e r e d t h e m o n e y b u t w e l o s t t w o m e n z

ciphered: edelm wemtt reneo eroww veutz ohbsn ctyoe

Transposition Cipher

Page 66: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Substitution and Transpositionto reach

Diffusion and Confusion

Apply many rounds of substitution and transposition to reach diffusion and confusion.

Diffusion and confusion: two concepts introduced by Claude Shannon.

Page 67: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Diffusion and Confusion

ConfusionFormal: It refers to making the relationship between the ciphered message and the symmetric key as complex and involved as possible.Informal: It obscures the relationship between the original message and ciphered message.

DiffusionFormal: It refers to dissipating the statistical structure of original message over bulk of ciphered message.Informal: Each change in the original message or key affects many parts of the ciphered message. (Avalanche Effect)

Page 68: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptography – Conventional Model

emitter receivercipher decipher

keysource

secure channel

attacker

M MC C

K K

Page 69: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Conventional Model

The same key used to cipher the message must be used to decipher. Because of this, the conventional model was called symmetric cryptography.

Then we have the first problem, the emitter and the receiver must agree which key will be used.

If there is the possibility of personal and physical meeting, sharing the key can be safely performed. But the secure channel always was the weakest part.

Is another way of cryptography possible?

Page 70: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Conventional Model

Is another way of cryptography possible? Is there an asymmetric cryptography?

The response to this question became the Holy Grail of Cryptology.

The scientific community had given up looking for this response, classifying the problem as unsolvable.

Only fools would insist on such nonsense.

Page 71: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

“The Fools”

Ralph Mekle – Martin Hellman – Whitfield Diffie

Page 72: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

“The Fools”

Whitfield Diffie – Martin Hellman

Page 73: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

The New Model

In 1976, Diffie and Hellman published their famous article “New Directions in Cryptography”.

The article begins with “We stand today on the brink of a revolution in cryptography”.

Page 74: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

The New Model

The article deals with three problems:- key exchange- asymmetric cryptography- digital signature

But the article presents solution only for the key exchange problem.

Diffie and Hellman couldn't solve the other two problems.

But it doesn't matter! They broke the paradigm!

Page 75: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

The New Model

They couldn't open the door, but they pointed the right door.

In fact, the two problems were resolved one year later, in 1977.

Page 76: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

The RSA arises!

Shamir – Rivest – Adleman

Page 77: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Asymmetric Cryptography

Since the beginning of Cryptology to modern times, almost all cryptographic systems had been based on elementary tools of substitution and permutation.

Asymmetric cryptography has changed this paradigm, because it's based on mathematical functions.

Page 78: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Asymmetric Cryptography

Diffie and Hellman algorithm has its strength based on the difficulty to solve the discrete logarithm problem (DLP).

Whilst RSA algorithm has its strength based on the difficulty to factorize big numbers.

Wait a moment! Why are those problems so difficult?

Page 79: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Computational Complexity

In computer science we use techniques to predict how much time a problem will take.

These main terms are used to express time growth:

Logarithmic growthLinear growthPolynomial growthExponencial growth

So the DLP and factorization of big numbers are examples of exponential growth.

Page 80: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Asymmetric Cryptography – Confidentiality

emitter receivercipher decipher

keysource

attacker

M C MC

Kpub Kpri

Page 81: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Asymmetric Cryptography – Non-repudiation

emitter receivercipher decipher

keysource

attacker

M C MC

Kpri Kpub

M

Page 82: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Asymmetric Cryptography – Non-repudiation

emitter receivercipher decipher

keysource

attacker

M C MC

Kpri Kpub

M

This is the basis for Digital Signature.

Page 83: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Why the conventional model does not provide non-repudiation?

emitter receivercipher decipher

keysource

secure channel

attacker

M MC C

K K

Page 84: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Why the conventional model does not provide non-repudiation?

emitter receivercipher decipher

keysource

secure channel

attacker

M MC C

K K

It provides protection against third party forgeries, but do not protect against

contests between transmitter and receiver.

Page 85: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Confidentiality X Authentication

Only with private/public key schemes is possible to solve the problem of dispute between transmitter and receiver.

In fact, without asymmetric cryptography the electronic commerce would not exist.

“The problem of authentication is perhaps an even more serious barrier to the universal adoption of telecomrnunications for business transactions than the problem of key distribution. Authentication is at the heart of any system involving contracts and billing. Without it, business cannot function.” (DH, New Directions in Cryptography)

Page 86: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

avoiding mistakes

Page 87: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

first common mistake

1) Asymmetric cryptography is safer than symmetric cryptography.

The security of any cryptographic scheme depends on the size of the key and the computational work involved to break the cipher.

Page 88: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

second common mistake

2) Asymmetric cryptography made symmetric cryptography obsolete.

Due to the computational overhead of asymmetric cryptography, symmetric cryptography is still far from becoming obsolete.

Page 89: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Digital Signature

Page 90: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Digital Signature

Digital signature is the apex of asymmetric cryptography.

It is the most refined service provided by modern cryptology.

Page 91: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Asymmetric Cryptography – Non-repudiation

emitter receivercipher decipher

keysource

attacker

M C MC

Kpri Kpub

M

This is the basis for Digital Signature.

Page 92: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Digital Signature

signer

verifiercipher decipher

keysource

attackerM

C HC

Kpri Kpub

HashH

HashH'

M M'

Page 93: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptology at Inmetro

Page 94: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Cryptology at Inmetro

Cryptology at Inmetro is in its beginning.

The group for security of software and hardware in measuring instruments is new.

We foresee to use cryptology in many applications.

Page 95: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

The Two Biggest Problems

Page 96: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Second Big Problem

Brazil is a huge country!

More than 70 million electric energy measuring instruments in the field.

How to control the software version in this kind of instrument in the field?

Page 97: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Second Big Problem

Brazil is a huge country!

More than 70 million electric energy measuring instruments in the field.

How to control the software version in this kind of instrument in the field?

Solution devised by Inmetro: Digital Signature of the binary file corresponding to the approved software version.

Page 98: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

ACryptology at Inmetro

Page 99: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

First Big Problem

Brazil has more than 200.000 fuel dispensers.

A lot of frauds.

How to protect fuel dispensers against frauds?

Page 100: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

First Big Problem

Brazil has more than 200.000 of fuel dispensers.

A lot of frauds.

How to protect fuel dispensers against frauds?

Solution devised by Inmetro: Digital Signature of measuring data for each output.

Page 101: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Questions to answer

Page 102: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Shall we build a peculiar PKI (Public Key Infrastructure): a metrological PKI?

If so, then must Inmetro be the TTD (Trusted Third Party)?

Can we associate cryptographic levels to risk levels?

Can we simplify the process of Digital Signature?

Page 103: Cryptology - Antônio Lacerda

I Workshop Interamericano de Segurança de Software e Hardware em Metrologia Legal

Obrigado!