ublvicm6yk1qpzmst7yqcmkowbwagdniwcveosr4j or...

uBlvIcM6yK1QPzmsT7YqcmKOwBwaGDNIwcvEOSr4jor

‘Encryption’RICK JEFFRIES

NEBRASKA HIMSS 2019 SPRING MEETING

NEBRASKA HIMSS 2019 SPRING MEETING 1

Disclosure(s): Richard P. Jeffries – I have no actual or potential conflict of interestin relation to this program/presentation.

NEBRASKA HIMSS SPRING MEETING 2019 2

A Secret Message,A Crowded Room• Get a secret message passed to the front of the

room• Cannot meet with your friend ahead of time• Cannot speak privately


You yell to the back: “Use the two-lock box!”• Everyone can hear you• Everyone knows how the two-lock box is designed• You yell to the back “Here’s a key to use!”

• You provide precise dimensions• Everyone can hear you• Everyone knows how to make a key


The message is sent• Your friend writes a message, puts it in the two lock box• He uses the key with the dimensions you specified to lock

the box• He passes the box to the front• Everyone in the room can see the box, many pass the box• Everyone knows the key he used to lock it


The message arrives securely!• Your friend’s key can only lock the box

• You have a key that has a mathematical relationship to his key

• Your key can only unlock the box• The relationship is very hard to figure out and requires years of

long division of huge numbers

• You unlock the box and read the message

• The process can be reversed!


You now understand encryption!


What is encryption?• Encryption is the process of making a message

unreadable to an unauthorized recipient• Encryption presumes interception• The internet works on a series of intentional

interceptions


My desk at Cline Williams to Google –6 interceptions!

• Traceroute to www.google.com (216.58.218.196), 64 hops max, 52 byte packets

1 10.1.0.1 (10.1.0.1) 2.400 ms 3.555 ms 3.251 ms

2 10.1.0.254 (10.1.0.254) 1.671 ms 4.247 ms 1.343 ms

3 66.37.247.221 (66.37.247.221) 2.355 ms 2.817 ms 2.131 ms

4 66.37.238.16 (66.37.238.16) 1.878 ms 1.919 ms 2.056 ms

5 dalsbprj01-ae1.0.rd.dl.cox.net (68.1.2.109) 31.218 ms 44.839 ms 35.053 ms

6 72.14.212.233 (72.14.212.233) 17.082 ms 17.356 ms 17.687 ms

7 209.85.244.122 (209.85.244.122) 17.652 ms 17.639 ms 17.779 ms

8 209.85.246.213 (209.85.246.213) 17.534 ms 17.316 ms 17.578 ms

9 dfw06s47-in-f4.1e100.net (216.58.218.196) 17.374 ms 17.292 ms 17.420 ms


Making a message unreadable to an unauthorized recipient

A B C . . . Y Z

B C D . . . Z A


Let’s complicate that a little• Shift each letter by X• HELLO MJQQT

• X = 5


The anatomy of encryption:• “Shift each letter by X” is the “algorithm”

• Algorithm means “bunch of math”

• HELLO is the “plaintext”

• Input to the encryption algorithm

• MJQQZ is the “ciphertext”

• The output of the encryption algorithm

• 5 is the “key”

• The variable put into the algorithm


Why do we call it a key?The lock is the

algorithm. Just knowing how it works doesn’t help

much.

The key is the unique method for operating the lock. If you don’t have the key, you don’t open the lock.


Shannon’s maxim:• “The enemy knows the system”• The algorithms are all known

• i.e. all of the locks are made the same way• That’s the only way the internet can work• It’s only the security of the keys that keeps

information safe


A real world example: Coffee shop Wi-Fi• Your laptop can see the signal• You click and your computer asks for a code

• Key (usually a word or “passphrase”)

• You go ask the barista, the barista tells you• You input the code and access the internet

• Computer knows the algorithm; the key makes the data readable


Some basics of cryptographic safety• The key should not accompany the message

• The key should travel in a different channel from the message

• The key should be difficult to guess

• A longer key is always better


Key length, explained:• Keys become exponentially harder to guess with

length• Higher number of guesses better• Computers think in binary, so it’s an exponent of 2, or “bits”

• Long keys require a large number of guesses• Computers can guess very quickly


Key length and entropy• Entropy is chaos or randomness • Number-symbol-capital-lower increases entropy, but it isn’t everything

• Husker$1 = 35 bits of entropy• thefutureisbaconpants = 80 bits of entropy

• Each additional bit of entropy requires twice as many guesses• 1 coin flip – 2 possibilities• 2 flips – 4 possibilities• 3 flips – 8 possibilities• Possibilities = 2n, where n is the number of bits


Is 256-bit encryption 6.4 times better than 40-bit encryption?• 40-bit encryption (DES)

• 240 = 1,099,511,627,776 possible keys• Guessable within a couple of days by brute force

• 256-bit encryption (AES)• 2256 =

115792089237316195423570985008687907853269984665640564039457584007913129639936 possible keys

• A 65-digit number times more powerful than 40-bit • More than the number of atoms in the observable universe• Not currently crackable while fuel remains in the sun


Some password perspective• Husker$1 = 35 bits of entropy• thefutureisbaconpants = 80 bits of entropy• Difference is 245 possible combinations• thefutureisbaconpants is 3.45 trillion times harder to

guess• If the guessability of Husker$1 was represented by the head

of a pin, thefutureisbaconpants would be an object three times the size of the sun


Types of encryption• Disk encryption

• File encryption

• Wi-Fi encryption

• Connection encryption


Disk Encryption• Whole disk is encrypted • First thing your computer does is ask for key • Once key is supplied, all data is visible• Useful for:

• Physical security• Mobile devices

• Useless for:• “Always on” computer


File encryption• Individual files have individual keys

• Example: Adobe

• Useful for:• Preventing unauthorized access to specific data

• Sending thumb drives or other media through the mail

• Useless for:• Preventing unauthorized access to systems

• Large-scale work

• “Email encryption” is a form of file encryption


Wi-Fi encryption• Access to network (and internet) requires input of key• Useful for:

• Preventing unauthorized use of network• Preventing eavesdropping by persons outside network

• Useless for:• Preventing by others also connected to network• File security• Physical security


Wi-Fi encryption algorithms• WEP (Wired Equivalent Privacy)

• OUT OF DATE SINCE 2004

• WPA• Better• WPA + TKIP is breakable• WPA + AES is less so

• WPA2• Best


Why do I care?• Old routers are vulnerable routers

• Do you know how to check your connection type?

• Check your router security settings• If you don’t know how to do that, learn• Not a bad idea to check your work Wi-Fi also


Connection encryption• Sees that the data is encrypted from end to end• Useful for:

• Secure communications, such as banking• Vulnerable to:

• Use of outdated standards by sender• Useless for:

• Physical security • Someone who already has access to your computer


Types of connection encryption• VPN

• Creates “tunnel” through which all traffic passes• Very difficult to break

• HTTPS (the “lock” in your browser)• Creates reasonably secure connection for brief web

site visits


Conclusions:• Make sure your algorithm is good• Security of the key is everything• Use the right kind of encryption for the job• A longer key is always much better• Know who else has the key



Rick Jeffries

[email protected]

QUESTIONS?

ublvicm6yk1qpzmst7yqcmkowbwagdniwcveosr4j or...

Documents