Hands-On Ethical Hacking Hands-On Ethical Hacking and Network Defenseand Network Defense
22ndnd Edition Edition
Chapter 12Chapter 12CryptographyCryptography
Last modified 11-19-15
ObjectivesObjectives
Describe the history of cryptographyDescribe the history of cryptography
Describe symmetric and asymmetric Describe symmetric and asymmetric cryptography algorithmscryptography algorithms
Explain public key infrastructure (PKI)Explain public key infrastructure (PKI)
Describe possible attacks on Describe possible attacks on cryptosystemscryptosystems
Understanding Cryptography Understanding Cryptography BasicsBasics
Cryptography is the process of converting Cryptography is the process of converting plaintext into ciphertextplaintext into ciphertext– Plaintext: readable text (also called cleartext)Plaintext: readable text (also called cleartext)– Ciphertext: unreadable or encrypted textCiphertext: unreadable or encrypted text
Cryptography is used to hide information Cryptography is used to hide information from unauthorized usersfrom unauthorized users
Decryption is the process of converting Decryption is the process of converting ciphertext back to plaintextciphertext back to plaintext
History of CryptographyHistory of Cryptography
Substitution cipherSubstitution cipher– Replaces one letter with another letter based Replaces one letter with another letter based
on a keyon a key– Example: Julius CaesarExample: Julius Caesar’’s Ciphers Cipher
Used a key value of 3Used a key value of 3
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABC
ROT-13ROT-13
A CaesarA Caesarciphercipher
PerformingPerformingROT-13ROT-13twice undoestwice undoesitit
Obfuscation,Obfuscation,not Encryptionnot Encryption
From WikipediaFrom Wikipedia
History of Cryptography History of Cryptography (continued)(continued)
Cryptanalysis studies the process of Cryptanalysis studies the process of breaking encryption algorithmsbreaking encryption algorithms
When a new encryption algorithm is When a new encryption algorithm is developed, cryptanalysts study it and try to developed, cryptanalysts study it and try to break itbreak it– Or prove that it is impractical to break it (taking Or prove that it is impractical to break it (taking
much time and many resources) much time and many resources)
EnigmaEnigma
Used by the Used by the Germans during Germans during World War IIWorld War II– Replaced letters Replaced letters
as they were typedas they were typed– Substitutions were Substitutions were
computed using a computed using a key and a set of key and a set of switches or rotorsswitches or rotors
– Image from WikipediaImage from Wikipedia(link Ch 12a)(link Ch 12a)
SteganographySteganography
The process of hiding data in plain view in The process of hiding data in plain view in pictures, graphics, or textpictures, graphics, or text– Example: changing colors slightly to encode Example: changing colors slightly to encode
individual bits in an imageindividual bits in an image
The image on the left contains the image The image on the left contains the image on the right hidden in it (link Ch 12c)on the right hidden in it (link Ch 12c)
AlgorithmsAlgorithms
An algorithm is a mathematical function or An algorithm is a mathematical function or program that works with a keyprogram that works with a key
Security comes fromSecurity comes from– A strong algorithm—one that cannot be A strong algorithm—one that cannot be
reversed without the keyreversed without the key– A key that cannot be found or guessedA key that cannot be found or guessed
KeysKeys(not in textbook)(not in textbook)
A sequence of random bitsA sequence of random bits– The range of allowable values is called a The range of allowable values is called a
keyspacekeyspace
The larger the The larger the keyspacekeyspace, the more secure , the more secure the keythe key– 8-bit key has 28-bit key has 288 = 256 values in = 256 values in keyspacekeyspace– 24-bit key has 224-bit key has 22424 = 16 million values = 16 million values– 56-bit key has 256-bit key has 25656 = 7 x 10 = 7 x 101616 values values– 128-bit key has 2128-bit key has 2128128 = 3 x 10 = 3 x 1038 38 valuesvalues
Brute Force Brute Force (not in textbook)(not in textbook)
In 1997 a 56-bit key was broken by brute In 1997 a 56-bit key was broken by brute forceforce– Testing all possible 56-bit keysTesting all possible 56-bit keys– Used 14,000 machines organized via the Used 14,000 machines organized via the
InternetInternet– It took 3 monthsIt took 3 months– See link Ch 12dSee link Ch 12d
How Many Bits Do You Need?How Many Bits Do You Need? (not in textbook)(not in textbook)
How many keys could all the computers How many keys could all the computers on Earth test in a year?on Earth test in a year?– Pentium 4 processor: 10Pentium 4 processor: 109 9 cycles per secondcycles per second– One year = 3 x 10One year = 3 x 107 7 secondsseconds– There are less than 10There are less than 1010 10 computers on Earthcomputers on Earth
One per personOne per person
– 101099 x 3 x 10 x 3 x 1077 x 10 x 1010 = 10 = 3 x 103 x 102626 calculations calculations – 128 bits should be enough (3 x 10128 bits should be enough (3 x 1038 38 values)values)
Unless computers get Unless computers get muchmuch faster, or someone faster, or someone breaks the algorithmbreaks the algorithm
But if MooreBut if Moore’’s Law Continuess Law Continues (not in textbook)(not in textbook)
Suppose computers double in speed every Suppose computers double in speed every 2 years (link Ch 12zi)2 years (link Ch 12zi)– 1000x faster every 20 years 1000x faster every 20 years
2010:102010:102727 calcs/year calcs/year 90 bits 90 bits
2030:102030:103030 calcs/year calcs/year 100 bits100 bits
2050:102050:103333 calcs/year calcs/year 110 bits110 bits
2070:102070:103636 calcs/year calcs/year 120 bits120 bits
2090:102090:103939 calcs/year calcs/year 130 bits130 bits– 128 bits may not be enough (3 x 10128 bits may not be enough (3 x 1038 38 values)values)
Symmetric CryptographySymmetric Cryptography
One key encrypts and decrypts dataOne key encrypts and decrypts data
CleartextCleartext with with KeyKey makes makes CiphertextCiphertext
CiphertextCiphertext with with KeyKey makes makes CleartextCleartext
Winning Lotto #s: aWDHOP#@-w9
aWDHOP#@-w9 Winning Lotto #s:
Symmetric Cryptography Symmetric Cryptography AlgorithmsAlgorithms
Symmetric algorithms have one key that Symmetric algorithms have one key that encrypts and decrypts dataencrypts and decrypts data
AdvantagesAdvantages– Symmetric algorithms are fastSymmetric algorithms are fast– They are difficult to break if a large key size is They are difficult to break if a large key size is
usedused– Only one key neededOnly one key needed
Symmetric Cryptography Symmetric Cryptography AlgorithmsAlgorithms
DisadvantagesDisadvantages– Symmetric keys must remain secretSymmetric keys must remain secret– Difficult to deliver keys (key distribution)Difficult to deliver keys (key distribution)– Symmetric algorithms donSymmetric algorithms don’’t provide t provide
authenticityauthenticity or or nonrepudiationnonrepudiationYou canYou can’’t know for sure who sent the message, t know for sure who sent the message, since two people have the same keysince two people have the same key
Symmetric Cryptography Symmetric Cryptography AlgorithmsAlgorithms
Types of symmetric algorithmsTypes of symmetric algorithms– Stream ciphersStream ciphers
Operate on plaintext one bit at a timeOperate on plaintext one bit at a time
– Block ciphersBlock ciphersOperate on blocks of plaintextOperate on blocks of plaintext
DeCSSDeCSS
Commercial DVDs are encoded with a 40-Commercial DVDs are encoded with a 40-bit keybit key– ItIt’’s simple to crack it by brute forces simple to crack it by brute force– Three hackers did that in 1999Three hackers did that in 1999
See links Ch 12e, 12fSee links Ch 12e, 12f
– Legislation such as the DMCA made it illegal Legislation such as the DMCA made it illegal to publish the algorithmto publish the algorithm
See Illegal Prime Number (Link Ch 12g) See Illegal Prime Number (Link Ch 12g)
Data Encryption Standard Data Encryption Standard (DES)(DES)
National Institute of Standards and National Institute of Standards and Technology (NIST)Technology (NIST)– Wanted a means of protecting sensitive but Wanted a means of protecting sensitive but
unclassified dataunclassified data– Invited vendors in early 1970 to submit data Invited vendors in early 1970 to submit data
encryption algorithmsencryption algorithms
IBM proposed LuciferIBM proposed Lucifer– A 128-bit encryption algorithmA 128-bit encryption algorithm
Data Encryption Standard Data Encryption Standard (DES)(DES)
The National Security Agency (NSA) The National Security Agency (NSA) reduced the key size from 128 bits to 64 reduced the key size from 128 bits to 64 bits and created DESbits and created DES– Only 56 bits of the key are actually usedOnly 56 bits of the key are actually used
Data Encryption Standard Data Encryption Standard (DES) (continued)(DES) (continued)
In 1988, NSA thought the standard was at In 1988, NSA thought the standard was at risk to be brokenrisk to be broken
In 1997, a DES key was broken in 3 In 1997, a DES key was broken in 3 monthsmonths
In 1998, the EFF built a a computer system In 1998, the EFF built a a computer system that cracked a DES key in 3 daysthat cracked a DES key in 3 days– Link Ch 12hLink Ch 12h
Triple DES (3DES)Triple DES (3DES)
Triple Data Encryption System (3DES)Triple Data Encryption System (3DES)
3DES served as a quick fix to the 3DES served as a quick fix to the vulnerabilities of DESvulnerabilities of DES
3DES performs three DES encryptions 3DES performs three DES encryptions
225656 times stronger than DES times stronger than DES– More secure but slower to computeMore secure but slower to compute
See link Ch 12iSee link Ch 12i
Advanced Encryption Standard Advanced Encryption Standard (AES)(AES)
Became effective in 2002 as a standardBecame effective in 2002 as a standard– The process took 5 yearsThe process took 5 years
Block cipher that operates on 128-bit Block cipher that operates on 128-bit blocks of plaintextblocks of plaintext
Keys can be 128, 192, or 256 bitsKeys can be 128, 192, or 256 bits
Uses Rindjael algorithmUses Rindjael algorithm– Link Ch 12jLink Ch 12j
International Data Encryption International Data Encryption Algorithm (IDEA)Algorithm (IDEA)
Block cipher that operates on 64-bit blocks Block cipher that operates on 64-bit blocks of plaintextof plaintext
It uses a 128-bit keyIt uses a 128-bit key
Developed by Xuejia Lai and James Developed by Xuejia Lai and James MasseyMassey– Designed to work more efficiently in computers Designed to work more efficiently in computers
used at home and in businessesused at home and in businesses
IDEA is free for noncommercial useIDEA is free for noncommercial use– It is included in PGP encryption softwareIt is included in PGP encryption software
BlowfishBlowfish
Block cipher that Block cipher that operates on 64-bit operates on 64-bit blocks of plaintextblocks of plaintext
The key length can The key length can be as large as 448 be as large as 448 bitsbits
Developed by Bruce Developed by Bruce SchneierSchneier
RC5RC5
Block cipher that can operate on different Block cipher that can operate on different block sizes: 32, 64, and 128block sizes: 32, 64, and 128
The key size can reach 2048 bitsThe key size can reach 2048 bits
Created by Ronald L. Rivest in 1994 for Created by Ronald L. Rivest in 1994 for RSA Data SecurityRSA Data Security
Cracking RC5Cracking RC5
56-bit and 64-bit key RC5s have already 56-bit and 64-bit key RC5s have already been crackedbeen cracked
The RC5-72 project is underway, trying to The RC5-72 project is underway, trying to crack a 72-bit keycrack a 72-bit key– At the current rate, it will take 1000 years At the current rate, it will take 1000 years
Links Ch 12l, 12mLinks Ch 12l, 12m
Asymmetric Cryptography Asymmetric Cryptography AlgorithmsAlgorithms
Use two keys that are mathematically Use two keys that are mathematically relatedrelated– Data encrypted with one key can be Data encrypted with one key can be
decrypted only with the other keydecrypted only with the other key
Another name for asymmetric key Another name for asymmetric key cryptography is public key cryptographycryptography is public key cryptography– Public key: known by the publicPublic key: known by the public
– Private key: known only by ownerPrivate key: known only by owner
Asymmetric CryptographyAsymmetric Cryptography
CleartextCleartext with with Public KeyPublic Key makes makes CiphertextCiphertext
CiphertextCiphertext with with Private KeyPrivate Key makes makes CleartextCleartext
Winning Lotto #s: aWDHOP#@-w9
aWDHOP#@-w9 Winning Lotto #s:
Asymmetric CryptographyAsymmetric Cryptography
Provides message authenticity and Provides message authenticity and nonrepudiationnonrepudiation– Authenticity validates the sender of a Authenticity validates the sender of a
messagemessage– Nonrepudiation means a user cannot deny Nonrepudiation means a user cannot deny
sending a messagesending a message
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric algorithms are more scalable Asymmetric algorithms are more scalable but slower than symmetric algorithmsbut slower than symmetric algorithms– Scalable: can adapt to larger networksScalable: can adapt to larger networks– Each person needs only one key pairEach person needs only one key pair
Everyone can use the same public key to send you Everyone can use the same public key to send you datadata
Each person signs messages with their own Each person signs messages with their own private keyprivate key
RSARSA
Developed in 1977 by Developed in 1977 by Ronald L. Rivest, Adi Shamir, Ronald L. Rivest, Adi Shamir, and Leonard M. Adlemanand Leonard M. Adleman
The algorithm is based on The algorithm is based on the difficulty of factoring large the difficulty of factoring large numbersnumbers
The Secure Socket Layer The Secure Socket Layer (SSL) protocol uses the RSA (SSL) protocol uses the RSA algorithmalgorithm
Ron Rivest
Diffie-HellmanDiffie-Hellman
Developed by Whitfield Diffie Developed by Whitfield Diffie and Martin Hellmanand Martin Hellman
Does not provide encryption but Does not provide encryption but is used for key exchangeis used for key exchange– Two parties agree on a key without Two parties agree on a key without
ever sending it directly over the ever sending it directly over the networknetwork
– The numbers transmitted can be The numbers transmitted can be used to compute the key, but only used to compute the key, but only by the parties holding secret by the parties holding secret private numbersprivate numbers
Prevents sniffing attacksPrevents sniffing attacks
Whitfield Diffie
Elliptic Curve Cryptosystems Elliptic Curve Cryptosystems (ECC)(ECC)
It is an efficient algorithm requiring few It is an efficient algorithm requiring few resourcesresources– MemoryMemory– Disk spaceDisk space– BandwidthBandwidth
ECC is used for encryption as well as ECC is used for encryption as well as digital signatures and key distributiondigital signatures and key distribution
ElgamalElgamal
Public key algorithm used toPublic key algorithm used to– Encrypt dataEncrypt data– Create digital signatureCreate digital signature– Exchange secret keysExchange secret keys
Written by Taher Elgamal in 1985Written by Taher Elgamal in 1985
The algorithm uses discrete logarithm The algorithm uses discrete logarithm problemsproblems– Solving a discrete logarithm problem can take Solving a discrete logarithm problem can take
many years and require CPU-intensive operationsmany years and require CPU-intensive operations
From WikipediaLink Ch 12o
Digital Signature Standard Digital Signature Standard (DSS)(DSS)
Established by the NIST in 1991Established by the NIST in 1991– Ensures that digital signatures rather than Ensures that digital signatures rather than
written signatures can be verifiedwritten signatures can be verified
Federal government requirementsFederal government requirements– RSA and Digital Signature Algorithm (DSA) RSA and Digital Signature Algorithm (DSA)
must be used for all digital signaturesmust be used for all digital signatures– Hashing algorithm must be used to ensure the Hashing algorithm must be used to ensure the
integrity of the messageintegrity of the messageNIST required that the Secure Hash Algorithm (SHA) NIST required that the Secure Hash Algorithm (SHA) be usedbe used
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)
Developed by Phil Developed by Phil Zimmerman as a free e-Zimmerman as a free e-mail encryption programmail encryption program– Zimmerman was almost Zimmerman was almost
arrested for his innovationarrested for his innovation– Back in the mid-1990s, any Back in the mid-1990s, any
kind of kind of ““unbreakableunbreakable”” encryption was seen as a encryption was seen as a weapon and compared to weapon and compared to selling arms to the enemyselling arms to the enemy
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)
PGP is a free public key encryption PGP is a free public key encryption programprogram
It uses certificates similar to those in public It uses certificates similar to those in public key infrastructure (PKI)key infrastructure (PKI)– PGP does not use a centralized CAPGP does not use a centralized CA– Verification of a certificate is not as efficient Verification of a certificate is not as efficient
as PKIas PKI
Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) (continued)(continued)
Algorithms supported by PGPAlgorithms supported by PGP– IDEAIDEA– RSARSA– DSADSA– Message Digest 5 (MD5)Message Digest 5 (MD5)– SHA-1SHA-1
Secure Multipurpose Internet Secure Multipurpose Internet Mail Extension (S/MIME)Mail Extension (S/MIME)
Is another public key encryption standard Is another public key encryption standard used to encrypt and digitally sign e-mailused to encrypt and digitally sign e-mail
Can encrypt e-mail messages containing Can encrypt e-mail messages containing attachments attachments
Can use PKI certificates for authenticationCan use PKI certificates for authentication
S/MIME version 2 defined in RFC 2311S/MIME version 2 defined in RFC 2311
S/MIME version 3 defined in RFC 2633S/MIME version 3 defined in RFC 2633
Privacy-Enhanced Mail (PEM)Privacy-Enhanced Mail (PEM)
Internet standard that is compatible with Internet standard that is compatible with both symmetric and asymmetric methods both symmetric and asymmetric methods of encryptionof encryption
Can use the X.509 certificate standards Can use the X.509 certificate standards and encrypt messages with DESand encrypt messages with DES
Not used as much todayNot used as much today– MIME Object Security Services (MOSS) is a MIME Object Security Services (MOSS) is a
newer implementation of PEMnewer implementation of PEM
Hashing AlgorithmsHashing Algorithms
Take a variable-length message and Take a variable-length message and produce a fixed-length value called a produce a fixed-length value called a message digestmessage digest
A hash value is equivalent to a fingerprint A hash value is equivalent to a fingerprint of the messageof the message– If the message is changed later, the hash If the message is changed later, the hash
value changesvalue changes
Collisions Collisions
If two different messages produce the If two different messages produce the same hash value, it results in a collisionsame hash value, it results in a collision– A good hashing algorithm must be collision-A good hashing algorithm must be collision-
freefree
MD5 has known collisionsMD5 has known collisions– It was never approved by NIST for any It was never approved by NIST for any
purposepurpose
SHA-1SHA-1
SHA-1 is one of the most popular hashing SHA-1 is one of the most popular hashing algorithmsalgorithms– No known collisions as of 2015No known collisions as of 2015– But several attacks have been developed But several attacks have been developed
showing that SHA-1 is weaker than it should showing that SHA-1 is weaker than it should bebeSee link Ch 12qSee link Ch 12q
AOL = BadAOL = BadMicrosoft = GoodMicrosoft = Good
Why?Why?
Link Ch 12zrLink Ch 12zr
Link Ch 12zqLink Ch 12zq
Colleges Tested in 2014Colleges Tested in 2014
Link Ch 12zsLink Ch 12zs
Banks Tested in 2014Banks Tested in 2014
Link Ch 12ztLink Ch 12zt
New Issues in Asymmetric New Issues in Asymmetric EncryptionEncryption
Added 11-19-15Added 11-19-15
Our ultimate goal is to provide cost effective security against a potential quantum computer.
For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.– Aug., 2015 (Link Ch 12zu)
Slower, more secure
Faster, less secure
Digital SignaturesDigital Signatures
A hash value ensures that the message A hash value ensures that the message was not altered in transit (was not altered in transit (integrityintegrity))
Asymmetric encryption assures Asymmetric encryption assures authenticityauthenticity and and nonrepudiationnonrepudiation
Researchers believe that a SHA-1 collision could be found this year for $75,000 to $120,000– Link Ch 12zw (Oct, 2015)
Since a handful of primes are so widely reused, … Breaking a single, common 1024-bit prime would allow
NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally.
Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites.– Link Ch 12zx (Oct, 2015)
Collisions expected Collisions expected to be found in 2018to be found in 2018– Link Ch 12zoLink Ch 12zo
Symmetric AlgorithmsSymmetric Algorithms(Private-key)(Private-key)
NameName Key sizeKey size NotesNotes
DESDES 56 bits56 bits InsecureInsecure
3DES3DES 168 bits168 bits Being replaced by AESBeing replaced by AES
AESAES 128,192, or 256 128,192, or 256 US Govt classified infoUS Govt classified info
IDEAIDEA 128 bits128 bits Used in PGP, very Used in PGP, very securesecure
BlowfishBlowfish 32 to 448 32 to 448 Public domainPublic domain
RC5RC5 Up to 2040 Secure for 72-bits or Up to 2040 Secure for 72-bits or moremore
Asymmetric AlgorithmsAsymmetric Algorithms(Public-key)(Public-key)
NameName NotesNotes
Diffie-HellmanDiffie-Hellman Key exchg, not encryptionKey exchg, not encryption
RSARSA Secure, used by SSLSecure, used by SSL
ECCECC Efficient newer techniqueEfficient newer technique
ElgamalElgamal Used in GPG and PGPUsed in GPG and PGP
Hashing Algorithms Hashing Algorithms
NameName NotesNotesMD2MD2 Written for 8-bit machines, no longer secureWritten for 8-bit machines, no longer secureMD4MD4 No longer secureNo longer secureMD5MD5 Security is questionable nowSecurity is questionable nowSHA-1SHA-1 The successor to MD5, Used in:The successor to MD5, Used in:
TLS, SSL, PGP, SSH, S/MIME, IPsecTLS, SSL, PGP, SSH, S/MIME, IPsecNo longer completely secureNo longer completely secure
SHA-2SHA-2 Not yet broken, but no longer recommended.Not yet broken, but no longer recommended.
NIST is now developing a new algorithm to replace SHA.NIST is now developing a new algorithm to replace SHA.
Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Not an algorithmNot an algorithmA structure that consists of programs, A structure that consists of programs,
protocols, and security protocolsprotocols, and security protocolsUses public key cryptographyUses public key cryptographyEnables secure data transmission over the Enables secure data transmission over the
InternetInternet
PKI ComponentsPKI Components
Certificate: a digital document that verifies Certificate: a digital document that verifies the identity of an entitythe identity of an entity– Contains a unique serial number and must Contains a unique serial number and must
follow the X.509 standardfollow the X.509 standard
PKI ComponentsPKI Components
Public keys are issued by a certification Public keys are issued by a certification authority (CA)authority (CA)
A certificate that the CA issues to a A certificate that the CA issues to a company binds a public key to the company binds a public key to the recipientrecipient’’s private keys private key
Certificate Expiration and Certificate Expiration and RenewalRenewal
A period of validity is assigned to each A period of validity is assigned to each certificatecertificate– After that date, the certificate expiresAfter that date, the certificate expires
A certificate can be renewed with a new A certificate can be renewed with a new expiration date assignedexpiration date assigned– If the keys are still valid and remain If the keys are still valid and remain
uncompromiseduncompromised
Certificate Revocation and Certificate Revocation and SuspensionSuspension
Reasons to suspend or revoke a Reasons to suspend or revoke a certificatecertificate– A user leaves the companyA user leaves the company– A hardware crash causes a key to be lostA hardware crash causes a key to be lost– A private key is compromisedA private key is compromised
Revocation is permanentRevocation is permanentSuspension can be liftedSuspension can be lifted
Certificate Revocation and Certificate Revocation and SuspensionSuspension
Certificate Revocation List (CRL)Certificate Revocation List (CRL)– Contains all revoked and suspended Contains all revoked and suspended
certificatescertificates– Issued by CAsIssued by CAs
Backing Up KeysBacking Up Keys
Backing up keys is criticalBacking up keys is critical– If keys are destroyed and not backed up If keys are destroyed and not backed up
properly, encrypted business-critical properly, encrypted business-critical information might be irretrievableinformation might be irretrievable
The CA is usually responsible for backing The CA is usually responsible for backing up keysup keys– A key recovery policy is also part of the CAA key recovery policy is also part of the CA’’s s
responsibilityresponsibility
Microsoft Root CAMicrosoft Root CAYou can set up your own Certificate You can set up your own Certificate
Authority ServerAuthority ServerWindows Server 2003 or Windows 2000 Windows Server 2003 or Windows 2000
ServerServerInstall Certificate ServicesInstall Certificate Services
Microsoft Root CAMicrosoft Root CA
Specify options to generate certificates, Specify options to generate certificates, includingincluding– Cryptographic Service ProviderCryptographic Service Provider– Hash algorithmHash algorithm– Key lengthKey length
Understanding Cryptographic Understanding Cryptographic AttacksAttacks
Sniffing and port scanning are passive Sniffing and port scanning are passive attacks – just watchingattacks – just watching
Active attacks attempt to determine the Active attacks attempt to determine the secret key being used to encrypt plaintextsecret key being used to encrypt plaintext
Cryptographic algorithms are usually Cryptographic algorithms are usually publicpublic– Follows the open-source cultureFollows the open-source culture– Except the NSA and CIA and etc.Except the NSA and CIA and etc.
Birthday AttackBirthday Attack
If 23 people are in the room, what is the If 23 people are in the room, what is the chance that they all have different chance that they all have different birthdays?birthdays?
365365 364364 363363 363363 361361 360360 343 343 365 365
xx 365 365
xx 365 365
xx 365 365
xx 365 365
xx 365 365
x . . . x . . . 365 365
= 49% = 49% So thereSo there’’s a 51% chance that two of them s a 51% chance that two of them
have the same birthdayhave the same birthdaySee link Ch 12rSee link Ch 12r
Birthday AttackBirthday AttackIf there are N possible hash values, If there are N possible hash values,
– YouYou’’ll find collisions when you have ll find collisions when you have calculated 1.2 x sqrt(N) valuescalculated 1.2 x sqrt(N) values
SHA-1 uses a 160-bit keySHA-1 uses a 160-bit key– Theoretically, it would require 2Theoretically, it would require 28080
computations to breakcomputations to break– SHA-1 has no known collisions, but they are SHA-1 has no known collisions, but they are
expected to be found soonexpected to be found soon
Mathematical AttacksMathematical Attacks
Properties of the algorithm are attacked by Properties of the algorithm are attacked by using mathematical computationsusing mathematical computations
CategoriesCategories– Ciphertext-only attackCiphertext-only attack
The attacker has the ciphertext of several The attacker has the ciphertext of several messages but not the plaintextmessages but not the plaintext
Attacker tries to find out the key and algorithm Attacker tries to find out the key and algorithm used to encrypt the messagesused to encrypt the messages
Attacker can capture ciphertext using a sniffer Attacker can capture ciphertext using a sniffer program such as Ethereal or Tcpdumpprogram such as Ethereal or Tcpdump
Mathematical Attacks Mathematical Attacks
Categories Categories – Known plaintext attackKnown plaintext attack
The attacker has messages in both encrypted form The attacker has messages in both encrypted form and decrypted formsand decrypted forms
This attack is easier to perform than the ciphertext-This attack is easier to perform than the ciphertext-only attackonly attack
Looks for patterns in both plaintext and ciphertextLooks for patterns in both plaintext and ciphertext
– Chosen-plaintext attackChosen-plaintext attackThe attacker has access to plaintext and ciphertextThe attacker has access to plaintext and ciphertextAttacker has the ability to choose which message to Attacker has the ability to choose which message to
encryptencrypt
Mathematical AttacksMathematical Attacks
Categories (continued)Categories (continued)– Chosen-ciphertext attackChosen-ciphertext attack
The attacker has access to the ciphertext to be The attacker has access to the ciphertext to be decrypted and to the resulting plaintextdecrypted and to the resulting plaintext
Attacker needs access to the cryptosystem to Attacker needs access to the cryptosystem to perform this type of attackperform this type of attack
Brute Force AttackBrute Force Attack
An attacker tries to guess passwords by An attacker tries to guess passwords by attempting every possible combination of attempting every possible combination of lettersletters– Requires lots of time and patienceRequires lots of time and patience– Password-cracking programs that can use Password-cracking programs that can use
brute forcebrute forceJohn the RipperJohn the RipperCain and AbelCain and AbelOphcrackOphcrack
– Also uses memory to save time – Also uses memory to save time – ““Rainbow tablesRainbow tables””
Man-in-the-Middle AttackMan-in-the-Middle Attack
Victim sends public key to ServerVictim sends public key to Server– Attacker generates two Attacker generates two ““falsefalse”” key pairs key pairs– Attacker intercepts the genuine keys and Attacker intercepts the genuine keys and
send false keys outsend false keys out– Both parties send encrypted traffic, but not Both parties send encrypted traffic, but not
with the same keyswith the same keys
These false keys wonThese false keys won’’t be verified by a CAt be verified by a CA
Victim Attacker Server
Dictionary AttackDictionary Attack
Attacker uses a dictionary of known words Attacker uses a dictionary of known words to try to guess passwordsto try to guess passwords– There are programs that can help attackers There are programs that can help attackers
run a dictionary attackrun a dictionary attack
Programs that can do dictionary attacksPrograms that can do dictionary attacks– John the RipperJohn the Ripper– Cain and AbelCain and Abel
Replay AttackReplay Attack
The attacker captures data and attempts The attacker captures data and attempts to resubmit the captured datato resubmit the captured data– The device thinks a legitimate connection is in The device thinks a legitimate connection is in
effecteffectIf the captured data was logon information, If the captured data was logon information,
the attacker could gain access to a system the attacker could gain access to a system and be authenticatedand be authenticated
Most authentication systems are resistant Most authentication systems are resistant to replay attacksto replay attacks
FiresheepFiresheep
Replays cookies to access others' Replays cookies to access others' accounts on wireless networksaccounts on wireless networks
Password CrackingPassword Cracking
Password cracking is illegal in the United Password cracking is illegal in the United StatesStates– It is legal to crack your own password if you It is legal to crack your own password if you
forgot itforgot it
You need the hashed password fileYou need the hashed password file– /etc/passwd or /etc/shadow for *NIX/etc/passwd or /etc/shadow for *NIX– The SAM database in WindowsThe SAM database in Windows
Then perform dictionary or brute-force Then perform dictionary or brute-force attacks on the fileattacks on the file
Password cracking programsPassword cracking programs
John the RipperJohn the RipperHydra (THC)Hydra (THC)EXPECTEXPECTL0phtcrack and OphcrackL0phtcrack and OphcrackPwdump3v2Pwdump3v2Ophcrack does it all for you – gathering Ophcrack does it all for you – gathering
the SAM database and cracking itthe SAM database and cracking it
Recent SSL VulnerabilitiesRecent SSL Vulnerabilities
Sslstrip MITMSslstrip MITM– Convert secure connection Convert secure connection
to insecure oneto insecure one– Works on mixed-mode Works on mixed-mode
authentication pages like authentication pages like Twitter (link Ch 12zj)Twitter (link Ch 12zj)
– Written by Moxie Written by Moxie MarlinspikeMarlinspike
Recent SSL VulnerabilitiesRecent SSL Vulnerabilities
Wildcard certificatesWildcard certificates– *%00.evil.com*%00.evil.com– Fools browser (link Ch 12zk)Fools browser (link Ch 12zk)
Renegotiation vulnerabilityRenegotiation vulnerability– Can break any SSL/TLS session (Ch 12zl)Can break any SSL/TLS session (Ch 12zl)
Browsers often fail to check Certificate Browsers often fail to check Certificate Revocation ListsRevocation Lists
Untrustworthy CA entries in browserUntrustworthy CA entries in browser
Top Related