Monthly Archive 2021-04-13

ByEric GRAY

Encryption in 1 minute

Foundations of Encryption

As we prepare for the presentation on 27th of May by Johan Loos, it’s probably a good time to look at one of history’s great heroes Alan Turing.

Alan and his team (such as Joan Murray) were pioneers and were responsible for the decryption of the Nazi secret communications during the WWII via the Enigma machine. Alan’s work “On Computable Numbers” became the foundation of computer science as we know it. This work wasn’t truly recognized until many years after his death.

Brief History via Wikipedia: https://en.wikipedia.org/wiki/Alan_Turing

After the war Alan went on to create multiple computing machines before turning his attention to mathematical biology. If you haven’t see the remake movie about him during WW2 its worth checking out.

Encryption of Today

What Alan worked to break was symmetrical encryption where the same key is used to encrypted the clear text / plain text data and produce a coded message or a cipher text. This is still heavily used today but a stronger and more functional way of encryption is with asymmetrical encryption, with the combined use of public and private keys. Or, as per Javvad Malik as part of an ISC2 blog on encryption: “Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption to make the encrypted information readable again”

https://blog.isc2.org/.a/6a00e54f109b678834025d9b4256b8200c-pi

Malik goes on to discuss about how to turn princes into frogs, as an example of encryption and decryption via the two methods noted above.

https://blog.isc2.org/isc2_blog/2020/04/what-is-cryptography.html

RSA

RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977) is a crypto system that uses public and private keys to secure data via encryption. The RSA algorithm is possible by factoring of very large prime numbers and also (currently) has the benefit of not being easily broken.
You can check out the steps here: https://sites.google.com/site/danzcosmos/the-rsa-algorithm.

Johan will also cover the math behind it as well and its use in TLS (Transport layer Security).

Test Prep

Once you understand these basics you are one step closer to acing the CISSP exam! (But also CISSP-ISSAP, CCSP, SSCP, …). You will find a number of questions on encryption in the exams and I usually found that the more I understood about encryption the more interested I became. Hope that applies to you too.

Next, join us on May 27th at 19h to watch as Johan presents different types of RSA attacks in TLS communications. If you are new or well-aged in cyber security I’m sure you will take away something from this opportunity.

https://www.eventbrite.co.uk/e/tls-key-recovery-isc2-belux-chapter-online-webinar-tickets-150575057049

Bywebmaster

Book your seat at the next (ISC)² Belux Chapter event: TLS Key Recovery (2021-05-27 – 19h00)

Overview on how the RSA algorithm works Overview of the RSA attack used in this demo How to recover a private key of a TLS v1.2 session

About this Event

RSA is one of the most commonly used algorithm for providing confidentiality, integrity and authenticity of digital information. RSA is used to secure web traffic up to TLS 1.2. Today, web servers have a certificate which protects the traffic between a web server and a client browser. This certificate contains a public key of 1024 or 2048-bits. But what will happen when the key material of the certificate is not correctly generated? Are you still sure that traffic is protected and cannot be compromised?

Johan Loos will show you two different ways on how a RSA private key of a certificate can be ‘recovered’ when you only have access to the public key.

This session is based on Johan’s own research on RSA and focus on different types of RSA attacks. These attacks are demonstrated live using virtual machines. Johan wrote his own script in Python for the recovery of the cryptographic key material. This session is for people who wants to know more about RSA attacks, and how they can improve security.

About the speaker:

Johan is a freelance security researcher, security specialist, privacy and healthcare professional with interest in the area of IT security, information security, privacy, medical devices and cryptography. Johan is passionate about technology and evangelises security to organisations to take security seriously by implementing security and privacy by design principles.

Find Johan Loos on LinkedIn.

Overview of the session

  • Overview on how the RSA algorithm works
  • Overview of the RSA attack used in this demo
  • How to recover a private key of a TLS v1.2 session and decrypt TLS v1.2 traffic

Book your set at our Eventbrite page: https://ffwd2.me/ISC2Belux_20210527

This website uses cookies. By continuing to use this site, you accept our use of cookies.