Cryptography:

What, how, and why?

Susan Sons

Chief Security Analyst, IU CACR

sesons@iu.edu

@hedgemage (sometimes)

This is not cryptography.

Real Crypto:

  • Is extremely commonplace: HTTPS, credit card transactions, SSH, GPG, OTR, digital signatures, some digital radio modes, your cell phone, cryptocurrencies
     
  • Is a pile of math aimed at making the people who know the key(s) more able to get at information than the people who don't.
     
  • Usually fails one of two ways:
    • All of our computers have become powerful enough that yesterday's math isn't hard enough any more.
    • The programmer in charge of putting that math into a program, and making sure that program relies on it correctly, screwed up.
  • Involves standing in front of a whiteboard arguing about algorithms a lot.  Or a chalkboard, for purists.

I AM NOT A CRYPTOGRAPHER

(but I keep one in my pocket)

Upcoming:

  • Current Events in Cryptography

  • Concepts in Modern Cryptography

  • Classical Cryptography

Current Events in Cryptography

(or WTF do I care about black magic?)

Cryptocurrencies

Cryptocurrencies such as Bitcoin, Litecoin, Ethereum, etc. are attempts to use blockchain technology to create a currency that is purely digital.

Ransomware

Ransomware is malware that will encrypt the contents of a computer or computers, demanding payment in exchange for they keys to decrypt.

Finance

The finance industry is incredibly dependent on cryptography, to protect transaction information in transit, to make transactions harder to fake, to keep traders honest about things as simple as what time it is.

Controversial Things Crypto Hackers Do

There are plenty of white- and grey-hat hackers out there using crypto in interesting ways, from trying to preserve the integrity of journalists' reporting from heavily censored places to helping persecuted groups communicate in secret, or farmers repair their tractors.

 

A cryptographer's toolkit these days contains tools for moving communications as well as money.

Concepts in Modern Crypto

(or how do I translate this confusing paper?)

When you want to learn more:

Hash
Key
Encrypt / Decrypt
Sign / Verify Signature

Symmetric Crypto

Use the same key to encrypt and decrypt.

 

Safe key exchange is hard.

 

Well-suited for storage applications or in combination with asymmetric cryptography.

Asymmetric Crypto

Keys come in pairs: a public key for encrypting/verifying and a private key for decrypting/signing.

 

You can publish a public key anywhere, but never share a private key.

 

Suited for general communications and integrity verification.

Alice, Bob, Carol, and Dave: people doing stuff

Eve: an eavesdropper

Mallory: a malicious attacker

Peggy: a prover

Trent: a trusted third party

Victor: a verifier

 

Classical Cryptography

(aka take out a pencil and learn how this works)

Hashing

A Simple Substitution Cipher

A Grid Cipher

Q&A

Thanks for coming!

This deck is licensed under a CC-BY license (do as you please with it but give me credit for my work).  Contact sesons@iu.edu for other uses.

Reach out if you have questions or want to learn more:

 

sesons@iu.edu

@hedgemage

https://security.engineering

Cryptography

By Susan Sons

Cryptography

Cryptography introduction from 2018 CACR Cybercamp.

  • 486
Loading comments...

More from Susan Sons