diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/.gitignore b/docs/workshop/5-snake-oil-crypto/hands-on-support/.gitignore new file mode 100644 index 0000000..8930a2f --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/.gitignore @@ -0,0 +1 @@ +*.venv diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md new file mode 100644 index 0000000..aa83a95 --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md @@ -0,0 +1,2 @@ +Parts of this material (the key) has been borrowed to Sjoerd Langkemper +https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/ diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/checkPrivateKey.sh b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/checkPrivateKey.sh new file mode 100755 index 0000000..25baf10 --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/checkPrivateKey.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl rsa -in privateSmallKey.pem -text -check -noout diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage new file mode 100644 index 0000000..202b6fb --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage @@ -0,0 +1,6 @@ +n = 8464481006489090994506453371545747140045883416875197642486592854169 +print("Factorizing n = {}".format(n)) +p, q = factor(n) +print("p = {}".format(p[0])) +print("q = {}".format(q[0])) +print("{} * {} = {}".format(p[0], q[0], p[0]*q[0])) diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage.py b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage.py new file mode 100644 index 0000000..0f33160 --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage.py @@ -0,0 +1,13 @@ + + +# This file was *autogenerated* from the file crackSmallKey.sage +from sage.all_cmdline import * # import sage library + +_sage_const_8464481006489090994506453371545747140045883416875197642486592854169 = Integer(8464481006489090994506453371545747140045883416875197642486592854169); _sage_const_0 = Integer(0) +n = _sage_const_8464481006489090994506453371545747140045883416875197642486592854169 +print("Factorizing n = {}".format(n)) +p, q = factor(n) +print("p = {}".format(p[_sage_const_0 ])) +print("q = {}".format(q[_sage_const_0 ])) +print("{} * {} = {}".format(p[_sage_const_0 ], q[_sage_const_0 ], p[_sage_const_0 ]*q[_sage_const_0 ])) + diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/genPrivateKey.py b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/genPrivateKey.py new file mode 100755 index 0000000..bf7e9d5 --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/genPrivateKey.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python3 +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.hazmat.primitives import serialization +from cryptography import x509 + +def egcd(a, b): + if a == 0: + return (b, 0, 1) + else: + g, y, x = egcd(b % a, a) + return (g, x - (b // a) * y, y) + +def modinv(a, m): + gcd, x, y = egcd(a, m) + if gcd != 1: + return None # modular inverse does not exist + else: + return x % m + +n = 8464481006489090994506453371545747140045883416875197642486592854169 +p = 2209828846356855715679030504831459 +#p = 3830378547390089828095201542724691 +e = 3 + +q = int(n // p) +phi_n = (p-1)*(q-1) + +d = modinv(e, phi_n) +dmp1 = rsa.rsa_crt_dmp1(d, p) +dmq1 = rsa.rsa_crt_dmq1(d, q) +iqmp = rsa.rsa_crt_iqmp(p, q) +pn = rsa.RSAPublicNumbers(e, n) +compositen = rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, pn) +compositek = compositen.private_key(backend=default_backend()) +pem = compositek.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + ) +f = open("privateSmallKey.pem", "wb") +f.write(pem) +f.close() diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulus.sh b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulus.sh new file mode 100755 index 0000000..1709c7d --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulus.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl rsa -in ../smallkey.pem -pubin -modulus -noout diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh new file mode 100755 index 0000000..11ddc5b --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl rsa -in ../smallkey.pem -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/privateSmallKey.pem b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/privateSmallKey.pem new file mode 100644 index 0000000..3558698 --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/privateSmallKey.pem @@ -0,0 +1,6 @@ +-----BEGIN RSA PRIVATE KEY----- +MIGTAgEAAhxQYAN2VlMPtKrui/RsMRcuEm/IG9yv2ZJfsFiZAgEDAhw1lVekOYy1 +IxyfB/hIH/OVSn0/9RK1C2sDZSxDAg5s8/YaxE3yp2QRpeu54wIPALzaLJkj3k34 +5GA0rNxTAg5IoqQR2DP3GkK2bp0mlwIOfebIZhfpiVCYQCMd6DcCDhNdZhgUmUdJ +GqvHAVkq +-----END RSA PRIVATE KEY----- diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/smallkey.pem b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/smallkey.pem new file mode 100644 index 0000000..849cd2c --- /dev/null +++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/smallkey.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MDUwDQYJKoZIhvcNAQEBBQADJAAwIQIcUGADdlZTD7Sq7ov0bDEXLhJvyBvcr9mS +X7BYmQIBAw== +-----END PUBLIC KEY----- diff --git a/docs/workshop/5-snake-oil-crypto/soc.pdf b/docs/workshop/5-snake-oil-crypto/soc.pdf index 9640d15..ce6b80b 100644 Binary files a/docs/workshop/5-snake-oil-crypto/soc.pdf and b/docs/workshop/5-snake-oil-crypto/soc.pdf differ diff --git a/docs/workshop/5-snake-oil-crypto/soc.tex b/docs/workshop/5-snake-oil-crypto/soc.tex index 018dc1a..9027fd5 100644 --- a/docs/workshop/5-snake-oil-crypto/soc.tex +++ b/docs/workshop/5-snake-oil-crypto/soc.tex @@ -1,6 +1,7 @@ \documentclass{beamer} \usetheme[numbering=progressbar]{focus} \usepackage{tikz} +\usepackage{listings} \usetikzlibrary{positioning} \usetikzlibrary{shapes,arrows} \usepackage{transparent} @@ -198,6 +199,7 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.'' \begin{figure} \centering \includegraphics[width=\textwidth]{d4-ecb.pdf} + \caption{Image encrypted with AES-ECB} \end{figure} \end{frame} @@ -205,14 +207,20 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.'' \begin{frame} \frametitle{Semantic Security} -For instance AES-ECB is not semantically secure - An attacker can build a -codebook to crack it. - No Semantic Security without randomness + + IND-CPA should not leak information about the PlainText as long as the + key is secret: \begin{itemize} - \item + \item $C^1 = E(K, P^1)$, $C^2 = E(K, P^2)$, what are the couples? + \item the same message encrypted twice should return two different CipherText, + \item one way to achieve this is to introduce randomness in the + encryption process: $C = E(K ,R ,P )$ where R is fresh random bits, + \item C should not be distinguishable from random bits. \end{itemize} + {\bf No Semantic Security without randomness} + \end{frame} \begin{frame} @@ -261,12 +269,12 @@ codebook to crack it. \end{frame} - \begin{frame} \frametitle{Type of encryption} \begin{itemize} - \item + \item Symmetric encryption, + \item Asymmetric encryption. \end{itemize} \end{frame} @@ -413,16 +421,87 @@ codebook to crack it. \end{frame} +\begin{frame} + \frametitle{When cryptography helps investigations} + \begin{itemize} + \item crypto provides authentication mechanisms. + \item + \item + \item + \end{itemize} +\end{frame} + +\begin{frame} + \begin{center} + {\bf Hands-on: Understanding RSA} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{With only one key} + Several potential weaknesses: + \begin{itemize} + \item Key size too small: keys up to 1024 bits are breakable given the + right means, + \item + \item + \item + \item + \end{itemize} + +\end{frame} + + +\begin{frame} + \frametitle{With a bunch of keys} +\end{frame} \begin{frame} \begin{center} - {\bf Cryptography and Network captures} + {\bf Hands-on: Exploiting Weaknesses in RSA} \end{center} \end{frame} +\begin{frame} + \frametitle{Using Sage} +\end{frame} + +\begin{frame}[fragile] + \frametitle{Breaking small keys} + \begin{itemize} + \item Go into: + +\begin{lstlisting} +~/smallKey +\end{lstlisting} + + \item what is the key size of smallkey? + \item what is n? + \item what is the public exponent? + \item what is n in base10? + \item what are p and q? + + \end{itemize} + + \vspace{8mm} + {\bf Let's generate the private key.} + +\end{frame} + + +\begin{frame} + \frametitle{Using Snake-Oil-Crypto} +\end{frame} + + + + + + + \begin{frame} \begin{center} {\bf D4 passiveSSL Collection}