chg: [workshop] adds D4-logo in ecb

2019-11-16 11:45:37 +01:00 · 2019-11-16 11:45:37 +01:00 · b3062d750a
parent df9093ee95
commit b3062d750a
9 changed files with 120 additions and 8 deletions
--- a/docs/workshop/5-snake-oil-crypto/d4-ecb.pdf
+++ b/docs/workshop/5-snake-oil-crypto/d4-ecb.pdf
--- a/docs/workshop/5-snake-oil-crypto/scripts/body.bin
+++ b/docs/workshop/5-snake-oil-crypto/scripts/body.bin
--- a/docs/workshop/5-snake-oil-crypto/scripts/body.ecb.bin
+++ b/docs/workshop/5-snake-oil-crypto/scripts/body.ecb.bin
--- a/docs/workshop/5-snake-oil-crypto/scripts/d4-logo.ecb.ppm3
+++ b/docs/workshop/5-snake-oil-crypto/scripts/d4-logo.ecb.ppm3
--- a/docs/workshop/5-snake-oil-crypto/scripts/d4-logo.ppm
+++ b/docs/workshop/5-snake-oil-crypto/scripts/d4-logo.ppm
--- a/docs/workshop/5-snake-oil-crypto/scripts/gen_ecb.sh
+++ b/docs/workshop/5-snake-oil-crypto/scripts/gen_ecb.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+# Then take the header apart
+head -n 4 d4-logo.ppm > header.txt
+tail -n +5 d4-logo.ppm > body.bin
+# Then encrypt with ECB (experiment with some different keys)
+openssl enc -aes-128-ecb -nosalt -pass pass:"ANNA" -in body.bin -out body.ecb.bin
+# And finally put the result together and convert to some better format with Gimp
+cat header.txt body.ecb.bin > d4-logo.ecb.ppm3
--- a/docs/workshop/5-snake-oil-crypto/scripts/header.txt
+++ b/docs/workshop/5-snake-oil-crypto/scripts/header.txt
@ -0,0 +1,4 @@
+P6
+# Created by GIMP version 2.10.8 PNM plug-in
+500 500
+255
--- a/docs/workshop/5-snake-oil-crypto/soc.pdf
+++ b/docs/workshop/5-snake-oil-crypto/soc.pdf
--- a/docs/workshop/5-snake-oil-crypto/soc.tex
+++ b/docs/workshop/5-snake-oil-crypto/soc.tex
@ -97,7 +97,7 @@

 \begin{frame}[allowframebreaks]
        \frametitle{Attackers model}
-        Black Box - Attackers may only see inputs / outputs:
+        {\bf Black Box} - Attackers may only see inputs / outputs:
        \begin{itemize}
          \item {\bf Ciphertext-Only Attackers (COA) :} see only the ciphertext,
          \item {\bf Known-Plaintext Attackers (KPA):} see ciphertext and plaintext,
@ -109,10 +109,10 @@

        \framebreak

-        Grey Box - Attackers see cipher's implementation:
+        {\bf Grey Box} - Attackers see cipher's implementation:
        \begin{itemize}
          \item {\bf Side-Channel Attacks:} study the behavior of the
-            implementation, for instance {\bf timing attacks }\footnote{\url{https://cryptojedi.org/peter/data/croatia-20160610.pdf}}:
+            implementation, eg. {\bf timing attacks }\footnote{\url{https://cryptojedi.org/peter/data/croatia-20160610.pdf}}:
            \begin{itemize}

              \item Osvik, Shamir, Tromer~\cite{aes2006}: Recover AES-256 secret
@ -124,16 +124,14 @@
            \end{itemize}

        \framebreak
-        Most recent one: tpm-fail~\cite{244048}
+        Most recent timing attack: {\bf TPM-fail }~\cite{244048}

        \vspace{10 mm}

            \begin{figure}[h!]
-              \includegraphics[width=200px]{./tpmfail.png}
+              \includegraphics[width=250px]{./tpmfail.png}
            \end{figure}

-
-
        \framebreak

          \item {\bf Invasive Attacks:} 
@ -144,7 +142,7 @@
                \vspace{10 mm}

                \begin{figure}[h!]
-                  \includegraphics[width=200px]{./faultInjection.png}
+                  \includegraphics[width=250px]{./faultInjection.png}
                \end{figure}

        \framebreak
@ -163,8 +161,52 @@

 \end{frame}

+\begin{frame}
+        \frametitle{Security Notions}
+
+        \begin{itemize}
+          \item {\bf Indistinguishability (IND) :} Ciphertexts should be
+            indistinguishable from random strings,
+
+          \item {\bf Non-Malleability (MD):} ``Given a ciphertext $C_1 = E(K, P 1)$,
+it should be impossible to create another ciphertext, $C_2$ , whose corresponding
+plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
+
+        \end{itemize}
+
+        \vspace{1 mm}
+
+        Semantic Security (IND-CPA) is the most important security feature:
+        \begin{itemize}
+          \item Ciphertexts should be different when encryption is performed
+            twice on the same plaintext,
+          \item To achieve this, randomness is introduced into encryption /
+            decryption: 
+
+        \begin{itemize}
+          \item $C = E(P, K, R)$
+          \item $P = D(C, K, R)$
+        \end{itemize}
+
+        \end{itemize}
+       \end{frame}
+
+
 \begin{frame}
        \frametitle{Semantic Security}
+        \begin{figure}
+          \centering
+          \includegraphics[width=\textwidth]{d4-ecb.pdf}
+        \end{figure}
+        
+\end{frame}
+
+
+\begin{frame}
+        \frametitle{Semantic Security}
+For instance AES-ECB is not semantically secure - An attacker can build a
+codebook to crack it.
+        No Semantic Security without randomness

        \begin{itemize}
          \item
@ -172,6 +214,58 @@

 \end{frame}

+\begin{frame}
+        \frametitle{Randomness}
+
+For instance AES-ECB is not semantically secure - An attacker can build a
+codebook to crack it.
+        No Semantic Security without randomness
+
+        \begin{itemize}
+          \item
+        \end{itemize}
+
+\end{frame}
+
+
+
+
+\begin{frame}
+        \frametitle{Generating Randomness}
+
+        Random Number Generator:
+        \begin{itemize}
+          \item
+        \end{itemize}
+
+        Pseudo Random Number Generator:
+        \begin{itemize}
+          \item
+        \end{itemize}
+
+\end{frame}
+
+
+\begin{frame}
+        \frametitle{Entropy}
+
+        \begin{itemize}
+          \item
+        \end{itemize}
+
+\end{frame}
+
+\begin{frame}
+        \frametitle{How thinks can go wrong}
+        Some attacks requires less than CCA / CPA:
+        \begin{itemize}
+          \item Side Channel attacks as for instance Padding Oracle (Vaudenay Attacks)
+        \end{itemize}
+
+\end{frame}
+
+
+

 \begin{frame}
  \begin{center}