Encryption & Cryptography Encryption & Cryptography (What the chapter didn’t tell you) Practicum: Dell Computer Corporation (Planning Materiality and Tolerable.

Encryption & Cryptography

Encryption & Cryptography (What the chapter didn’t tell you)

Practicum: Dell Computer Corporation(Planning Materiality and Tolerable Misstatement)

Schedule (revised), Topic Readings Practicum

12-Sep-05 Identifying Computer Systems Chapter 2 Evaluating IT Benefits and Risks Jacksonville Jaguars

19-Sep-05 IS Audit Programs Chapter 3 The Job of the Staff Auditor A Day in the Life of Brent Dorsey

26-Sep-05 IS Security Chapter 4 Recognizing Fraud The Anonymous Caller

3-Oct-05 Utility Computing and IS Service Organizations

Chapter 5 Evaluating a Prospective Audit Client

Ocean Manufacturing

10-Oct-05 Physical Security Chapter 6 Inherent Risk and Control Risk Comptronix Corporation

17-Oct-05 Logical Security Chapter 7 & 8 Evaluating the Internal Control Environment

Easy Clean

24-Oct-05 IS Operations Chapter 9 Fraud Risk and the Internal Control Environment

Cendant Corporation

7-Nov-05 Controls Assessment Chapter 10 IT-based vs. Manual Accounting Systems

St James Clothiers

14-Nov-05 Encryption and Cryptography Chapter 11 Materiality / Tolerable Misstatement Dell Computer

21-Nov-05 Computer Forensics Chapter 12 Analytical Procedures as Substantive Tests

Burlington Bees

28-Nov-05 New Challenges from the Internet: Privacy, Piracy, Viruses and so forth

Chapter 13 Information Systems and Audit Evidence

Henrico Retail

Hash Functions (e.g., MD5, SHA-1) A hash function or hash

algorithm is a function for summarizing or probabilistically identifying data. Such a summary is known as a hash value or simply a hash, and the process of computing such a value is known as hashing

A fundamental property of all hash functions is that if two hashes (according to the same function) are different, then the two inputs were different in some way

The equality of two hash values does not guarantee the two inputs were the same.

Authentication

Authentication verifies that the message has not been altered, and verifies the identity of the receiver or sender

In Secure Sockets Layer (SSL) an authentication mechanism is used to verify the

identity of the server or client who provide a certificate that is digitally signed by a recognized certificate authority (CA)

The integrity of the data is verified by signing each SSL bulk message

Certificate authority

A certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties It is an example of a trusted third party CA's are characteristic of many public key infrastructure

(PKI) schemes There are many commercial CAs that charge for

their services Institutions and governments may have their own CAs, and

there are free CAs, for example, CAcert.

Issuing a certificate

A CA will issue a public key certificate which states that the CA attests that the public key contained

in the certificate belongs to the person, organization, server, or other entity noted in the certificate

A CA's obligation in such schemes is to verify an applicant's credentials,

so that users (relying parties) can trust the information in the CA's certificates

The usual idea is that if the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does indeed belong to whoever is identified in the certificate.

Subversion of CA

If the CA can be subverted, then the security of the system breaks down

For example, suppose an attacker, Mallory,

manages to get a certificate authority to issue a false certificate tying Alice to the wrong public key, known by Mallory

If Bob subsequently obtains and uses the public key in this certificate, the security of his communications could be compromised by Mallory for example, his messages could be decrypted, or he could be tricked into accepting forged signatures

Security Administration for CAs Commercial CAs often use a combination of authentication techniques

including leveraging government bureaus, the payment infrastructure, third parties databases and services, and custom heuristics

According to the American Bar Association outline on Online Transaction Management

the primary points of federal and state statutes that have been enacted regarding digital signatures

has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents."

In large-scale deployments Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA), so Bob's certificate may also include his CA's public key signed by a different

CA2, which is presumably recognizable by Alice This process typically leads to a hierarchy or mesh of CAs and CA

certificates.

Authorization certificate(different than a CA)

An authorization certificate also known as an attribute certificate

is a digital document that describes a written permission from the issuer to use a

service or a resource that the issuer controls or has access to use

The permission can be delegated.

A real life example of this can be found in the mobile software deployments by large service providers and are typically applied to platforms such as Microsoft

Smartphone, Symbian OS, J2ME, and others.

Public key certificate

A public key certificate (or identity certificate) is a certificate which uses a digital signature

to bind together a public key with an identity

information such as the name of a person or an organization, their address, and so forth

The certificate can be used to verify that a public key belongs to an individual

A certificate typically includes:1. The public key being signed.

2. A name, which can refer to a person, a computer or an organization

3. A validity period

4. The location (URL) of a revocation center

Use of Public key certificate

If Alice wants others to be able to send her secret messages, she need only publish her public key. Anyone possessing it can

then send her secure information. Unfortunately, Mallory can also publish a public key (for which

she knows the related private key) claiming it is Alice's and so receive at least some of the secret messages meant for her

But if Alice builds her public key into a certificate and has it digitally signed by a trusted third party (Trent),

anyone who trusts Trent can merely check the certificate to see whether Trent thinks the embedded public key is Alice's. In typical Public-

key Infrastructures (PKIs), Trent will be a CA, who is trusted by all participants.

In a web of trust, Trent can be any user, and whether to trust that user's attestation that a particular public

key belongs to Alice will be up to the person wishing to send a message to Alice

Secure Socket Layer The Secure Sockets Layer (SSL) is a protocol to exchange data securely

SSL uses the Internet (that is, TCP/IP), as its communication mechanism Commonly used browsers like IE, Firefox and Netscape, are equipped with SSL

clients When a Browser connects to a server securely,

for applications such as sending a credit card number or viewing bank account or stock trade information,

the session initiates an SSL handshake this is very computation intensive due to the use of public key encryption to exchange

the symmetric keys that will be used to encrypt the data The public key algorithms used in the handshake are RSA or Diffie-Hellman,

among others. Following the SSL handshake, there is encrypted data transfer

The SSL client in the browser encrypts the data and the SSL server on the Web server decrypts the data

The server response is encrypted by the server and decrypted by the browser The data is not only encrypted, but also digitally signed

Some of the items that make SSL secure for communications are: (1) the keys are never sent unencrypted, (2) the identities of the sender and receiver can be verified, and (3) the integrity of each message is authenticated

Password Cracking Password cracking is the process of recovering secret passwords from data

that has been stored in or transmitted by a computer system, typically, by repeatedly verifying guesses for the password

The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk), to gain unauthorized access to a system, or as a preventive measure by the system administrator to check for easily crackable passwords.

Passwords to access computer systems are usually stored in a database in order for the system to perform password verification

To enhance the privacy of passwords, the stored password verification data is generally produced

by applying a one-way function to the password, A hash function

Even though functions that create hashed passwords may be cryptographically secure,

possession of a hashed password provides a quick way to verify guesses for the password by applying the function to each guess,

and comparing the result to the verification data.

Cracking Methods Password cracking is recovery of one or more plaintext passwords from hashed

passwords

Password cracking requires that an attacker can gain access to a hashed password, either by reading the password verification database

e.g., via a Trojan Horse, virus program, or social engineering or intercepting a hashed password sent over an open network, or has some other way to rapidly and without limit test if a guessed password is

correct.

Without the hashed password, the attacker can still attempt access to the computer system in question with guessed passwords

However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceed

With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high.

Methods

There are many ways of obtaining passwords illicitly, social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, identity management system attacks and compromising host security

However, cracking usually involves guessing

Guessing Not surprisingly, many users choose weak passwords, usually one related to

themselves in some way. It may be: blank the word 'password' the user's name or login name the name of their significant other or another relative their birthplace or date of birth a pet's name automobile licence plate number and so on,

Some users even neglect to change the default password that came with their account on the computer system.

And some administrators neglect to change default account passwords provided by the operating system vendor or hardware supplier.

A famous example is the use of FieldService as a user name with Guest as the password. If not changed at system configuration time, anyone familiar with such systems will have 'cracked' an important password, and such service accounts often have higher access privileges than a normal user account.

The determined cracker can easily develop a computer program that accepts personal information about the user being attacked and generates common variations for passwords suggested by that information.

Dictionary attack A dictionary attack also exploits the tendency of people to choose weak

passwords,

Password cracking programs usually come equipped with "dictionaries", or word lists, with thousands or even millions of entries of several kinds, including:

words in various languages names of people places commonly used passwords

The cracking program encrypts each word in the dictionary, and simple modifications of each word, and checks whether any match an encrypted password. This is feasible because the attack can be automated and, on inexpensive modern

computers, several thousand possibilities can be tried per second

Guessing, combined with dictionary attacks, have been repeatedly and consistently demonstrated for several decades to be sufficient to crack perhaps as many as 50% of all account passwords on production systems.

Brute force attack Try every possible password up to some size,

This is known as a brute force attack.

As the number of possible passwords increases rapidly as the length of the password increases, this method is unlikely to be successful unless the password is relatively small

How small is too small? A common current recommendation is 8 or more randomly chosen characters combining letters,

numbers, and special (punctuation, etc) characters

Systems which limit passwords to numeric characters only, or upper case only, or, generally, which exclude possible password character choices make such attacks easier.

Using longer passwords in such cases (if possible on a particular system) can compensate for a limited allowable character set.

The real threat may be likely to be from smart brute-force techniques that exploit knowledge about how people tend to choose passwords.

Most commonly used hashes can be implemented using specialized hardware, allowing faster attacks. Large numbers of computers can be harnessed in parallel, each trying a separate portion of the search space. Unused overnight and weekend time on office computers can also be used for this purpose.

Precomputation Precomputation involves hashing each word in the dictionary or any search space of candidate passwords and storing the <plaintext, ciphertext> pairs in a way that enables

lookup on the ciphertext field This way, when a new encrypted password or is obtained, password

recovery is instantaneous

There exist advanced precomputation methods that are even more effective. By applying a time-memory tradeoff, a middle ground can be reached a search space of size N can be turned into an encrypted database of

size O(N2/3) in which searching for an encrypted password takes time O(N2/3).

The theory has recently been refined into a practical technique, and the online implementation at http://passcracking.com/ achieves impressive results on 8 character alphanumeric MD5 hashes.

Salting (a remedy)

The benefits of precomputation and memoization can be nullified by randomizing the hashing process

This is known as salting

When the user sets a password, a short string called the salt is suffixed to the password before

encrypting it; the salt is stored along with the encrypted password so that it can

be used during verification Since the salt is different for each user,

the attacker can no longer use a single encrypted version of each candidate password.

If the salt is long enough, the attacker must repeat the encryption of every guess for each user, and this can only be done after obtaining the encrypted

password record for that user.

Programs for password cracking

John the Ripper John the Ripper is password cracking software. Initially developed

for the UNIX operating system, It currently runs on fifteen different platforms.

It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects, and includes a customisable cracker.

The encrypted password formats which it can be run against include various DES formats, MD4, MD5, Kerberos AFS, and Windows LM hash. Additional modules have extended its ability to include passwords stored in LDAP, MySQL and others.

John is designed to discover weak passwords from the encrypted information in system files. It operates by taking text strings (usually from a file containing words found in a dictionary), encrypting it in the same format as the password being examined, and comparing the output to the encrypted string. It also offers a brute force mode.

Programs for password cracking

L0phtCrack

L0phtCrack is a password auditing and recovery application (now called LC5),

originally produced by L0pht Heavy Industries (later produced by @stake and now by Symantec, which acquired @stake in 2004)

It is used to test password strength and to recover lost Microsoft Windows passwords,

by using dictionary, brute-force, and hybrid attacks. It is one of the crackers' tools of choice