Hands-On Ethical Hacking and Network Defense Second Edition Chapter 12 Cryptography.

Hands-On Ethical Hacking and Network Defense

Second Edition

Chapter 12Cryptography

Objectives

• After reading this chapter and completing the exercises, you will be able to:– Summarize the history and principles of

cryptography– Describe symmetric and asymmetric encryption

algorithms– Explain public key infrastructure (PKI)– Describe possible attacks on cryptosystems

Hands-On Ethical Hacking and Network Defense, Second Edition 2

Understanding Cryptography Basics

• Cryptography – Process of converting plaintext into ciphertext

• Plaintext: readable text

• Ciphertext: unreadable or encrypted text

– Used to hide information from unauthorized users

• Decryption – Process of converting ciphertext back to plaintext


History of Cryptography

• Around for thousands of years– Encrypted Egyptian hieroglyphics– Book of Jeremiah was written using a cipher

• Substitution cipher– Replaces one letter with another letter

• Based on a key

– Example: Julius Caesar’s cipher• Key value of three


History of Cryptography (cont’d.)

• Cryptanalysis – Study of breaking encryption algorithms– When a new encryption algorithm is developed,

cryptanalysts study it and try to break it• Or prove it is impractical to break


The War Machines

• Enigma machine– Developed by Arthur Scherbius– Used by Germans during World War II– Enigma substituted each letter typed by an operator

• Substitutions were computed using a key and set of switches or rotors

– Code was broken by Polish cryptographers• Machine for breaking the code was called the Bombe


The War Machines (cont’d.)

• The Purple Machine– Developed by Japanese during World War II– Used techniques discovered by Herbert O. Yardley– Code was broken by William Frederick Friedman

• Known as the Father of U.S. Cryptanalysis

• Steganography – Process of hiding data in plain view in pictures,

graphics, or text


Understanding Symmetric and Asymmetric Algorithms

• Encryption algorithm – Mathematical function or program that works with a

key• Algorithm strength and key secrecy determine security

• Key – Sequence of random bits generated from a range of

allowable values, called a keyspace• The larger the keyspace, the more random sequenced

keys that can be created

• The more random keys that can be created, the more difficult to guess the key



Figure 12-1 Selecting random keys from a keyspace


Table 12-1 Symmetric, asymmetric, and hashing algorithms

Symmetric Algorithms

• One key encrypts and decrypts data– Advantages

• Faster

• Difficult to break if a large key size is used

• Only one key needed to encrypt and decrypt data

– Disadvantages• Challenging key management

• Difficult to deliver keys without risk of theft

• Does not support authenticity and nonrepudiation


Symmetric Algorithms (cont’d.)

• Types of symmetric algorithms– Stream ciphers

• Operate on plaintext one bit at a time

– Block ciphers• Operate on blocks of plaintext


Data Encryption Standard

• National Institute of Standards and Technology (NIST)– Wanted a means of protecting sensitive but

unclassified data• Invited vendors in early 1970 to submit data

encryption algorithms

• IBM proposed Lucifer– A 128-bit encryption algorithm– National Security Agency reduced key size to 64 bits

and created Data Encryption Algorithm (DES)


Data Encryption Standard (cont’d.)

• 1988: NSA thought the standard was at risk to be broken– Longevity and increasing power of computers

• 1998: Computer system was designed to break the encryption key in only three days


Triple DES

• Triple Data Encryption System (3DES)– Served as a quick fix for DES vulnerabilities– Performed original DES computation three times

with different keys• Made it much stronger than DES

– Takes longer to encrypt and decrypt data than DES


Advanced Encryption Standard

• NIST put out request for a new encryption standard– Required submittals for a symmetric block cipher be

capable of supporting 128-, 192-, and 256-bit keys

• Five finalists– Rijndael (winner)– MARS– RC6– Serpent– Twofish



International Data Encryption Algorithm

• Block cipher – Operates on 64-bit blocks of plaintext– Uses 128-bit key– Developed by Xuejia Lai and James Massey– Designed to work more efficiently in computers used

at home and in businesses– Free for noncommercial use

Blowfish

• Block cipher – Operates on 64-bit blocks of plaintext– Key length can be as large as 448 bits– Developed as a public-domain algorithm by Bruce

Schneier


RC4

• Most widely used stream cipher– Used in WEP wireless encryption– Finding the key with air-cracking programs is easy– Created by Ronald L. Rivest in 1987 for RSA

Security



RC5

• Block cipher – Operates on different block sizes: 32, 64, and 128– Key size can reach 2048 bits– Created by Ronald L. Rivest in 1994 for RSA

Security

Asymmetric Algorithms

• Use two mathematically related keys– Data encrypted with one key can only be decrypted

with the other

• Also called public key cryptography– Public key: key can be known by public– Private key: secret key known only by owner

• Provide message authenticity and nonrepudiation– Authenticity validates sender of message– Nonrepudiation means a user cannot deny sending a

message



Asymmetric Algorithms (cont’d.)

• How it works– User A encrypts a message with private key and

sends it to User B• User B decrypts the message with User A’s public key

• If confidentiality is major concern for User A– User A encrypts a message with User B’s public key

and sends it to User B• User B decrypts the message with his private key


RSA

• Developed in 1977 by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman

• First algorithm used for both encryption and digital signing– Based on difficulty of factoring large numbers– Uses a one-way function to generate a key

• Mathematical formula easy to compute in one direction

– Used by many browsers using Secure Socket Layer (SSL) protocol


Diffie-Hellman

• Developed by Whitfield Diffie and Martin Hellman– Does not provide encryption – Used to establish a secrete shared between two

parties• Though of as a key exchange

– If a key is intercepted during transmission, network is vulnerable to attack

• With a method of sharing a secret key, users secure electronic communication without fear of interception

Elliptic Curve Cryptography

• Used for:– Encryption– Digital signatures – Key distribution

• Efficient algorithm requiring few resources:– Memory– Disk space– Bandwidth


EIGamal

• Asymmetric algorithm

• Used to:– Generate keys – Encrypt data– Create digital signatures

• Written by Taher Elgamal in 1985– Uses discrete logarithm problems

• Solving a discrete logarithm problem can take many years and require CPU-intensive operations


Digital Signatures

• Asymmetric algorithms – Enables a public key to decrypt a message

encrypted with a private key– Public key can decrypt a message encrypted with a

private key • Only if message was encrypted by corresponding

private key’s holder



Figure 12-2 Using a digital signature

Digital Signature Standard

• Established by NIST in 1991– Ensures digital signatures can be verified

• Federal government requirements– RSA and Digital Signature Algorithm (DSA) must be

used for all digital signatures– Hashing algorithm must be used to ensure message

integrity• NIST required Secure Hash Algorithm (SHA)


Pretty Good Privacy

• Developed by Phil Zimmerman – Free e-mail encryption program– Zimmerman was almost arrested

• Any kind of “unbreakable” encryption was seen as a weapon and compared to selling arms to the enemy

• Internet standard for PGP messages is OpenPGP– Uses certificates similar to those in public key

infrastructure (PKI)• Does not use a centralized CA

• Verification of CA is not as efficient as PKI



Pretty Good Privacy (cont’d.)

• Algorithms supported by OpenPGP:– AES– IDEA– RSA– DSA– SHA

Secure Multipurpose Internet Mail Extension

• Another public key encryption standard – Used to encrypt and digitally sign e-mail– Can encrypt e-mail messages containing

attachments – Can use PKI certificates for authentication– Widely used for e-mail encryption

• Built into Microsoft Outlook


Sensitive Data Encryption

• Make it a policy to exchange test results and sensitive documents in encrypted form– Recommend doing so to clients

• Organizations might also need to encrypt data at rest– Data not moving through the network or being used

by OS


Hashing Algorithms

• Takes a variable-length message and produces a fixed-length value (i.e., message digest)– Like a fingerprint of the message– If message is changed, hash value changes

• Collisions– Two different messages produce same hash value

• A good hashing algorithm is collision free



Table 12-2 Hashing algorithms

Understanding Public Key Infrastructure

• Structure consisting of programs, protocols, and security protocols– Uses public key cryptography

• Components of PKI:– Certificate

• Verifies identities of two communicating entities

– Public keys • Issued by a certification authority (CA)

– Certificate that CA issues • Binds public key to recipient’s private key



Expiring, Revoking, and Suspending Certificates

• Period of validity is assigned to each certificate– After that date, certificate expires– Certificate can be renewed

• If keys are still valid and remain uncompromised

• Reasons to suspend or revoke a certificate:– User leaves the company– Hardware crash causes a key to be lost– Private key is compromised– Company no longer exists or supplied false

information

Expiring, Revoking, and Suspending Certificates (cont’d.)

• Certificate Revocation List (CRL)– Contains all revoked and suspended certificates

• Suspension of a certificate – One or more parties fail to honor agreements– Makes it easier to restore if parties come to an

agreement



Backing Up Keys

• Backing up keys is critical– If destroyed and not backed up, encrypted business-

critical information might be irretrievable

• CA is usually responsible for backing up keys– Also responsible for a key recovery policy

Microsoft Root CA

• Includes features in its server OSs for configuring a server as a CA – Instead of using a third-party CA

• Windows Server 2008 Add Roles Wizard– Administrator selects Active Directory Certificate

Services



Figure 12-10 Selecting Active Directory Certificate Services in the Add Roles Wizard


Figure 12-11 Selecting role services to install


Figure 12-12 Specifying a CA type


Figure 12-13 Configuring cryptography settings for a CA


Understanding Cryptographic Attacks

• Passive attacks– Using tools to eavesdrop or perform port scanning

• Active attacks – Attempt to determine secret key used to encrypt

plaintext

• Culprit and general public usually know the algorithm – Companies developing encryption algorithms realize

vulnerabilities may be discovered• Software engineers develop open-source code

Birthday Attack

• Old adage that if 23 people are in a room, 50% probability that two will share the same birthday– Birthday attacks

• Used to find same hash value for two different inputs

• Used to reveal any mathematical weaknesses in hashing algorithms

• SHA-1 – Uses a 160-bit key– Would require 263 computations


Mathematical Attacks

• Properties of algorithm are attacked by using mathematical computations

• Categories:– Ciphertext-only attack– Known plaintext attack– Chosen-plaintext attack– Chosen-ciphertext attack– Side-channel attack


Brute-Force Attack

• Attacker tries all possible keys in a keyspace– Uses a password-cracking program

• Attempts every possible combination of characters

– Can be launched on any kind of message digest



Man-in-the-Middle Attack

• Attackers place themselves between the victim computer and another host computer– Then intercept messages sent from victim to host

• Pretend to be the host computer

Dictionary Attack

• Attacker uses a dictionary of known words to try to guess passwords– There are programs that can help attackers run a

dictionary attack


Replay Attack

• Attacker captures data and attempts to resubmit the captured data– Device thinks a legitimate connection is in effect– If captured data was logon information, attacker

could gain access and be authenticated

• Many systems have countermeasures to prevent these attacks


Understanding Password Cracking

• Password cracking is illegal in the United States– It is legal to crack your own password if you forgot it

• If password uses common dictionary words – Most password-cracking programs can use a

dictionary file to speed up the process

• You must first obtain the password file from the system that stores user names and passwords– Stored in /etc/shadow file for *nix systems– Windows password hashes are stored


Understanding Password Cracking (cont’d.)

• Password cracking programs:– John the Ripper– Ophcrack– EXPECT– L0phtcrack– Pwdump6– Fgdump



Figure 12-14 Running Fgdump


Figure 12-15 Running John the Ripper with the 127.0.0.1.pwdump input file


Figure 12-16 Using John the Ripper parameters

Summary

• Cryptography – In existence for thousands of years

• Ciphertext– Data that has been encrypted

• Cleartext or plaintext– Data than can be intercepted and read by anyone

• Symmetric cryptography– Uses one key to encrypt and decrypt data

• Asymmetric cryptography– Uses two keys, one to encrypt and another decrypt


Summary (cont’d.)

• RSA – Uses only a one-way function to generate a key

• Digital Signature Standard (DSS)– Ensures that digital signatures can be verified

• OpenPGP– Free public key encryption standard

• Hashing algorithms – Used to verify data integrity

• Public key infrastructure (PKI)– Structure of components used to encrypt data


Summary (cont’d.)

• Digital certificate– Binds a public key to information about its owner

• Issued by a Certificate Authority (CA)

• Active attack– Attempts to determine secret key used to encrypt

plaintext

• Passive attack– Uses sniffing and scanning tools that don’t affect the

algorithm (key), message, or any parts of the encryption system


Hands-On Ethical Hacking and Network Defense Second Edition Chapter 12 Cryptography.

Documents

handson ethical hacking

random keys

random sequenced keys

world war iienigma

editionthe war machines

new encryption algorithm

editionunderstanding

world war iiused techniques