 Data States

20.1  Cryptography Components

CRYPTOGRAPHY  Cryptography Types

 XOR
CONCEPTS  One Time Pad
 GAK
 Data at Rest
 Stored on a hard drive, USB stick, CD/DVD, or any other type of electronic storage
medium
 Data in Transit
 Data is actively being transmitted on a network

 Data in Use
 Data is loaded into memory
 Is, or will shortly be, processed by the CPU

You can encrypt data in any of these states to increase confidentiality and trust
 The process of converting ordinary plain text into unintelligible text and vice-versa
 When encrypted, the data can be safely stored, used, or transmitted across a
network
 Even if it is stolen or intercepted, the attacker cannot read it
 Used to protect data confidentiality
 Unencrypted data (plain text)
 Algorithm (cipher)
 Key
 Ciphertext (encrypted text)
 AKA algorithm
 A mathematical formula for scrambling data
 Block cipher
 Data is encrypted in fixed-size blocks (typically 64 bits)
 Plain text is converted into cipher text one block at a time
 Often some output from one encrypted block is added to the encryption of the next block
 Good for large amounts of data
 E.g. files, data at rest

 Stream cipher
 Data encrypted in a continuous stream
 Uses XOR to encrypt data one bit, byte, or character at a time
 Typically faster than block ciphers
 Requires fewer resources and less complex circuitry
 Good for real-time communications
 Symmetric Encryption
 Uses the same key for both encryption and decryption

 Asymmetric Encryption
 Uses one key for encryption and a different key for decryption

 Hashing
 One way encryption
 Fixed length output for any length input
 No key
 Meant for data integrity
 Data is not encrypted
 Hashed output accompanies the data for anyone to verify
 A boolean logic operation that is widely used in cryptography
 Used in generating parity bits for error checking and fault tolerance
 Also used by stream ciphers such as RC4 to encrypt a bytestream
 The output is True (or 1) if and only if the two inputs are different
 The output is false (or 0) if the two inputs have the same value
 Example:
 What will be the result if you apply XOR to the following binary values:
11001100
01101010
10100110 Polymorphic shellcode encrypts its code using XORing.
The shellcode is then later decrypted and executed.
 An encryption technique that cannot be cracked
 Every message is encrypted with a different pre-shared key
 Only the involved parties know the keys

 Ensures that there is no pattern in the key for an attacker to guess or find
 Even if one message is decrypted, all other messages remain secure

 Requires two identical copies of the pad be produced and distributed securely
before use
 Was popular during World War II

Do not confuse a One Time Pad with the modern One Time Password (OTP).
The One Time Pad is for encryption, using a different key for each message.
The One Time Password is time-limited, and used to authenticate the user or device for a
single session. It is typically sent to a user’s mobile phone via SMS.
 GAK requires software companies to provide the government with enough copies
of their keys that the remaining keys could be deciphered
 The government guarantees they will keep the keys secure
 The government guarantees the keys will only be used if there is a court-issued
warrant
 Similar to the government’s right to wiretap phones
 20.2  Symmetric Encryption Types
SYMMETRIC  Block Cipher

ENCRYPTION  Stream Cipher

 The same key is used to encrypt and decrypt
 Used extensively to protect data at rest
 Provides confidentiality
 Excellent for bulk data encryption
 Is fast with good performance
 Less resource intensive than asymmetric encryption – easier on smaller devices!
 Uses the same key to encrypt and decrypt
 Key is at risk
 You must share the key in advance
 If the key is compromised, all files are at risk of loss of confidentiality
 Block cipher
 Takes a block of plaintext bits
 Generates a block of ciphertext bits
 Generally the same size
 The size of block is fixed in the given scheme
 The choice of block size does not directly
affect to the strength of encryption scheme
 The strength of cipher depends up on the key
length
 DES
 Archetypal block cipher
 Transforms fixed-length blocks of plaintext into ciphertext bit strings of equal length
 Inherently weak with current technology
 Has already been broken
 3DES
 DES process repeated 3 times to increase encryption strength

 AES (the current US government standard)

 Symmetric-key algorithm designed to secure unclassified, sensitive U.S. government
documents
 Iterated block cipher designed to keep doing the same operation repeatedly
 Block size of 128 bits
 AES key sizes:
 128 for AES-128
 192 for AES-192
 256 for AES-256
 Blowfish
 64 bit block cipher
 32 – 448 bit key length
 Faster than DES

 Twofish
 128 bit block cipher
 128 – 256 bit key length

 RC2, RC5, RC6

 64 – 128 bit block cipher
 Each iteration has increased the key size
 RC6 supports 2040 bit keys
 Processes an individual bit, byte, or character of plaintext at a time
 Do not divide the data into discrete blocks

 At the transmitting end, XOR each bit of:

 your plaintext continuous stream + a pseudo-random sequence

 At the receiving end, use the same symmetric key and XOR to decrypt
 Often faster than block ciphers
 Also useful when transmission errors are likely to occur
 They have little or no error propagation
 RC4
 Popular stream cipher
 Used in Wi-Fi WEP
 Key length 40 – 2048 bits

 PKZIP
 File archive/compression program that uses a stream cipher to encrypt files
 You regularly perform backups of your critical servers
 You can’t afford to send the backup tapes to an off-site vendor for long-term
storage and archiving
 Instead, you store the backup tapes in a safe in your office
 Security auditors tell you it’s safer to store the backup tapes off-site
 Your manager wants to take the tapes home in her briefcase every night
 What can she do to secure those tapes while in transit?
 Encrypt the backup tapes
 For good measure, have her carry them in a lockbox and not just her briefcase

In this scenario, the data is still considered to be “at rest”.

Even though someone is physically carrying the storage media to another location, the data
itself is not being transmitted across a network where it can be intercepted by a sniffer
 20.3  Asymmetric Encryption Types
 Key Pairs
ASYMMETRIC  Algorithms

ENCRYPTION  Key Exchange

 Protocols that Use Asymmetric Encryption
 Also known as Public Key Cryptography
 You have a pair of keys
 Public key to encrypt
 Private key to decrypt
 Keys are mathematically related

 Excellent for protecting the symmetric encryption key

 Asymmetric encryption is slow
 Use symmetric encryption to encrypt the data
 Then protect the symmetric encryption key with an asymmetric key pair

 Provides confidentiality and integrity

 You request (or create your own) public/private key pair
 You can freely give away your public key to anyone
 You must carefully guard the private key
 Never let anyone else have access to it
 Two keys that are mathematically related
 Encrypt with public key  Digitally sign with the private key
 Decrypt with related private key  Verify with the public key
 Asymmetric Encryption
PUBLIC Different PRIVATE
KEY Key KEY

ENCRYPTION DECRYPTION

ORIGINAL TEXT SCRAMBLED DATA ORIGINAL TEXT

 RSA
 De facto Internet encryption standard
 Based on the practical difficulty of factoring the product of two large prime numbers
 The factoring problem

 Diffie-Hellmann
 Used for exchanging asymmetric keys
 Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange
process
 ECC
 Based on the algebraic structure of elliptic curves over finite fields
 Can achieve the same level of security provided while using a shorter key length.
 An ECC 256 = RSA 3072
 Good for devices that have lower computing power
 Smart cards
 Mobile devices
RSA Elliptic Curve
Diffie-Hellman
 PGP/GPG
 SSL/TLS
 S/MIME
 SSH
 Internet Key Exchange (IKE) for IPSEC
20.4 PUBLIC  Trading Keys

KEY  Diffie-Hellmann
 PGP
EXCHANGE  SSH Key Generation
 Alice has an asymmetric key pair
 She can give Bob a copy of her public key
 Bob can then use her public key to send her an
encrypted message
 Alice will then use her private key to decrypt

 Alice can also use her private key to digitally

sign messages
 Bob can use her public key to verify the signature
 Protocol for automatically exchanging public keys
 The first widely used method of safely developing and exchanging keys over an
insecure channel
 Largely replaced by RSA, which has its own key exchange algorithm and can digitally
sign certificates
 Diffie-Hellman Groups are used to determine the strength of the key used in the Diffie-
Hellman key exchange process
 Higher Diffie-Hellman Group numbers are more secure
 But higher groups also require additional cpu power

 Commonly used DH Groups:

 DH Group 1: 768-bit group
 DH Group 2: 1024-bit group
 DH Group 5: 1536-bit group
 DH Group 14: 2048-bit group
 DH Group 15: 3072-bit group
 System for creating asymmetric key pairs and trading public keys
 Provides authentication and cryptographic privacy
 Used for digital signing, data compression, and to encrypt/decrypt emails,
messages, files, and directories
 You can search MIT’s PGP Public Key Server
 Use information about the person such as their email address
 If someone’s public key is found, you can download it and put it on your key ring

 PGP was sold to Symantec in 2010

 Open source replacement is GPG
 Tools such as PuTTY can create a key
pair
 You can then use the generated public
key to establish an SSH session
  Public Key Infrastructure
 PKI Components
20.5 PKI  PKI Process
 Certificate Authorities
 Key Escrow
 PKI is an arrangement that ”binds” public keys with respective identities of entities
 Such as people, organizations, devices, services

 PKI is a set of roles, policies, hardware, software and procedures

 Used to create, manage, distribute, use, store and revoke digital certificates and manage
public-key encryption
 Used to facilitate the secure electronic transfer of information for a range of
network activities including:
 e-commerce, internet banking, confidential email

 PKI is required for activities where:

 Simple passwords are an inadequate authentication method
 More rigorous proof is required to confirm the identity of the parties involved in the
communication
 The information being transferred needs to be validated
 Certificate Authority (CA)
 AKA Certification Authority
 A service that registers and issues certificates
 May be automated or manual

 Registration Authority
 A role that may be delegated by a CA to assure valid and correct registration
 Responsible for accepting requests for digital certificates and authenticating the entity
making the request
 Validation Authority
 Validates the identity of an entity bearing a certificate

 Certificates
 A document issued by the CA
 Contains the issued public key
 Is accompanied by a private key
 A public key on a document
 Includes some metadata about the key

 Issued to the user, device, or service by a certification authority

 When initially issued to the user/device the certificate is accompanied by an
encrypted private key
 The user/device downloads the certificate
 When they install the certificate on their device, it installs both keys in the device’s
keystore
 Apps that need to use asymmetric encryption can then obtain access to the keys
 User creates private and public keys using any
available tool
 User self-signs document with public key
 Document delivered to receiver
 Public keys are traded
 A temporary symmetric session key is created
 The session key is protected by our public keys,
which can only be decrypted by our private
keys
CA
 A Root CA is the highest authority
 It issues certificates to digitally sign
subordinate CAs
 The subordinate CAs issue certificates to
users and clients
 VeriSign
 Digicert
 Godaddy
 Microsoft
 COMODO
 Norton Symantec
 Thawte
 Entrust
 A special component of PKI
 A copy of a private key is stored to provide third-party access and to facilitate
recovery operations
 The private key is held in escrow, or stored, by a third party
 A key that is lost or compromised by its original user(s) may be used to decrypt
encrypted material
 Allows restoration of the original material to its unencrypted state
 Keys held in escrow can also be divided into parts
 Each part is stored by a different entity
 All parts must be retrieved and put together to recreate the private key
 This reduces the risk of fraud and collusion
20.6 DIGITAL  Digital Signature
 Digital Signature Process
SIGNATURES  Digital Signature Schemes
 Uses asymmetric cryptography
 Simulates security properties of a written signature in digital form
 Created with the user’s private key
 Accompanies the file/network packet/code
 Proves the integrity and identity of the files/network packets/code it signs
 RSA
 Used by various apps including:
 MS Office
 Adobe Acrobat Pro
 DNS Servers and clients using DNSSEC
 Online services like DocuSign

 Digital Signature Algorithm (DSA)

 Specific by FIPS 186-2
 Used to generate and verify digital signatures
 For unclassified, sensitive applications
 You cannot move or copy a digital signature from one document to another
 Each document/packet/file must have its own signature
 The signature is a hash of the original document encrypted with the private key of the
signing party
 The digital signature must be unforgeable and authentic
 You can be legally liable for documents that contain your digital signature
 Both the sender and receiver must have the ability to use the digital signatures
 For example: DNSSEC is a specification that allows a DNS server to attach digital signatures to DNS
records
 In reality, since DNSSEC is an add-on capability, most Internet clients are not configured to use it
  Hash
 Algorithms
20.7 HASHING  Hashing in Cyber Forensics
 Pass-the-Hash
 Any function that can be used to map data of arbitrary size to data of fixed size
 Used to assure integrity of a file, packet, or any other stored or transmitted data
 Creates a one-way “encryption”
 Does not require a key
 Does not modify the original file/data
 Produces a fixed-length output, regardless of the size of the input
 The values returned by a hash function are called hash values, hash codes, digests,
or simply hashes
 Any slight change to the input dramatically changes the output
 Used to securely store passwords
 Computationally infeasible to decrypt
 Resistant to collisions
 Two different inputs must not create the same output

A collision attack is an attempt to find two input strings of a

hash function that produce the same hash result.
 Original message: hello
 Message Digest MD2/MD4/MD5 – 128 bit
 MD5 32 hex numbers - 5d41402abc4b2a76b9719d911017c592

 Secure Hash Algorithm

 SHA-1 – 160 bit - 40 hex numbers - aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
 SHA-2:
 SHA-256 - 64 hex numbers 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
 SHA-384 - 96 hex numbers
59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de
828684f
 SHA-512 - 128 hex numbers
75d527c368f2efe848ecf6b073a36767800805e9eef2b1857d5f984f036eb6df891d75f72d9b154518c1cd5883
5286d1da9a38deba3de98b5a53e5ed78a84976
 SHA-3
 The latest version of SHA
 Same hash lengths as SHA-2
 Internal structure is significantly different
 Currently the strongest hashing algorithm

 RIPEMD – 160 bit - 40 hex numbers 108f07b8382412612c048d07d13f814118445acd

 LAN Manager (LM)
 A weak implementation of DES
 Password is restricted to a maximum of 14 characters
 Converts passwords to uppercase
 Any password less than 14 characters is “NULL padded” to bring it to 14 characters
 The 14 characters are then split into two 7-byte halves
 Each half is used to create a 56-bit DES key
 The DES keys are used to encrypt their respective half of the password
 The two password halves are concatenated to create a 14-byte LM hash
 The NULL padding is easy to identify, even when encrypted
 Hashes are sent in clear text over the network.
 Still used for backward compatibility

 NT Hash
 Unicode characters
 128 bit
 Unsalted MD4
 The first thing that must be done after acquiring a forensic disk image is to:
 Create a hash digest of the source drive and destination image file
 Ensure they are identical

 A critical step in the presentation of evidence will be to prove:

 Analysis has been performed on an identical image to the data present on the physical
media
 Neither data set has been tampered with

 The standard means of proving this is to create a cryptographic hash (fingerprint)

of the disk contents and any derivative images made from it
 When comparing hash values, you need to use the same algorithm used to create
the reference value
 A hacking technique that allows an attacker to authenticate without the password
 The username and password are not entered normally at a login screen
 Instead, the password hash is provided over the network using a special app

 Used when a password is too difficult to crack

 Requires the attacker to obtain the password hash ahead of time
 Hashes can be dumped from memory using tools such as:
 Mimikatz, psexec, Metasploit meterpreter, fgdump, pwdump, cachedump, etc.
 20.8 COMMON  Primary Use Cases
 Disk

CRYPTOGRAPHY  Email
 Network Communications
USE CASES  VPN
 Encryption
 Protect Confidentiality

 Hashing
 Protect Integrity

 Digital Signatures
 Authenticate
 Protect Authenticity
 Non-repudiation
Disk encryption protects data at rest
 File system encryption
 Encrypt file system pointers that tell the OS where to find a file

 File encryption
 Specific files or folders are themselves encrypted

 Full disk encryption

 Secures all data stored on your hard drives
 automatically and transparently
 Includes swap files and hidden files
 Does not require any user intervention
 Does not protect data in transit
 Data is unencrypted before it is:
 attached to an email
 transmitted over the network
 copied to a USB stick
 Microsoft BitLocker
 Broadcom Symantec Endpoint Encryption
 Apple FileVault
 Check Point Harmony Endpoint
 ESET PROTECT
 McAfee Complete Data Protection
 Trend Micro Endpoint Encryption
 Micro Focus ZENworks Full Disk Encryption
 Rohde And Schwarz (R&S) Trusted Disk
 Sophos Central Device Encryption
 Moo travels a lot
 He worries that his laptop containing confidential documents might be stolen
 What do you suggest to address his concerns?
 Use full disk encryption on his laptop to protect his data
 EMAIL  Encrypting Email
ENCRYPTION
 You can use an online secure email provider or your local email client
 Obtain or create a certificate (public key)
 Select the certificate in the email client
 Alternatively, upload the certificate to the email provider

 In an enterprise environment, users’ certificates are distributed and managed by

the email server and/or directory service
 SMTP does not encrypt by default
 STARTTLS is the SMTP command to transmit email over TLS
 NETWORK  SSH

COMMUNICATION  SSL/TLS
 OpenSSL
ENCRYPTION
 Layer 7 protocol for secure remote logins and data transfer
 TCP 22
 Replacement for telnet and Berkeley remote-utilities
 Includes Secure Copy (SCP) and Secure FTP (SFTP) for data transfer
 Provides encrypted channel to be use for remote login, file transfers, and
command execution
 Provides very strong user and host-to-host authentication
 Provides secure communication over the internet
 Layer 6 Protocol that establishes a secure connection between a client and server
 Used to secure confidentiality and integrity of data transmissions over the Internet
 Particularly used by HTTPS to encrypt web traffic
 Server proves its identity to the client
 Server provides its public key to client

 Allows a client and server to:

 Authenticate each other
 Choose an encryption algorithm
 Exchange public keys
 Create a temporary session key

 Uses RSA asymmetric encryption

 Last version was SSL 3.0
 Has been replaced by TLS
 No longer considered secure
 Most modern browsers no longer support SSL
Public key
 The successor to SSL
 Fixes SSL security vulnerabilities
 Uses stronger encryption algorithms
 Can work over different ports
 More standardized
 Can support emerging encryption algorithms

 Currently at version 1.3

 A general purpose cryptography library
 Open-source implementation of the SSL and TLS protocols
 Performs encryption/decryption

 Includes tools for generating:

 Generating RSA private keys
 Certificate Signing Requests (CSRs)
 Checksums

 Can manage certificates

 Widely used by Internet servers and the majority of HTTPS websites
  IPSEC
VPN  L2TP

ENCRYPTION  PPTP
 SSL
 AKA IP Security
 The strongest of the VPN protocols
 Most widely used
 Works at Layer 3 (IP only)

 Encrypts and authenticates data sent over a network

 Provides:
 Origin authenticity through source authentication
 Data integrity through hash functions
 Confidentiality through encryption
 Has two Layer 3 protocols:
 Authentication Header (AH)
 Digitally signs IP header to guarantee packet integrity
 No payload encryption
 MD5+HMAC, SHA+HMAC
 Protocol ID 51
 Encapsulating Security Payload (ESP)
 Encrypts the payload using DES, 3DES, or AES
 Also adds digitally signed UDP header to the payload to guarantee payload integrity
 Protocol ID 50
 You can use either or both protocols
HMAC includes the private
 Includes a key exchange protocol:
key in the message digest
 ISAKMP
to prove identity
 Used to secure the IPSEC key exchange process
 UDP 500
 Transport mode
 End-to-end encryption
 VPN created between hosts
 Good for:
 Protecting clear text protocols
 Client-server connections across the Internet
 Server-server connections in the LAN, DMZ, or between the DMZ and LAN

 Tunnel mode
 Gateway-gateway encryption
 Routers / Firewalls
 The entire original IP packet is protected by IPSec
 IPSec wraps the original packet, encrypts it, adds a new IP header and sends it to the other side
of the VPN tunnel (IPSec peer)
 Hosts have no knowledge that their traffic is being sent through the tunnel
 Good for connecting sites across the Internet
AH digital signature only -- no encryption
 Encryption and digital signature

Transport mode

Tunnel mode
 Layer 2 Tunneling Protocol
 TCP 1701

 Encapsulates but does not encrypt

 Can carry any payload: IP, IPX, NetBEUI
 Depends on IPSEC ESP for IP encryption
 IPSEC over L2TP
 UDP 500 (IKE)

 Can encapsulate but not encrypt other protocols

 Point-to-Point Tunneling Protocol
 TCP port 1723
 Protocol ID 47 (GRE)
 Combination of Generic Routing Encapsulation (GRE) and PPP
 Can carry various payloads (IP, IPX, NetBEUI)
 Weak encryption
 No digital signatures
 Very easy to implement
 Not a traditional VPN
 No tunneling/encapsulation

 Uses SSL/TLS to encrypt the payload only

 Firewall friendly
 Requires an SSL VPN Gateway to terminate the tunnel (decrypt)
 20.9  Encryption Tools
 Tools for Mobile
CRYPTOGRAPHY  PGP

TOOLS  Hashing Tools

 AutoKrypt
 Cryptainer LE Free Encryption Software
 Steganos LockNote
 AxCrypt
 CryptoForge
 Ncrypt XL
 ccrypt
 WinAES
 EncryptOnClick
 GNU Privacy Guard (GPG)
 A command line tool to use various OpenSSL cryptography functions
 Uses SSL v2/v3 and TLS v1
 Key features:
 Key rotation and versioning
 Safe default algorithms, key lengths, and modes
 Automated generation of ciphertext signatures and initialization vectors
 Python, Java, and C++ implementations
 Java international support
 Secret Space Encryptor
 CryptoSymm
 Cipher Sender
 System for creating asymmetric key pairs and trading public keys
 Provides authentication and cryptographic privacy
 Used for digital signing, data compression, and to encrypt/decrypt emails,
messages, files, and directories
 You can download someone’s public key and put it on your key ring
 Was sold to Symantec in 2010
 Open source replacement is GPG
 There are various online or downloadable PGP/GPG apps you can use
 Microsoft Hash Tool  RIPEMD Calculator
 md5sum  Whirlpool Calculator
 sha256sum  NTLM Calculator
 CRC Calculator  CrackStation
 SHA Calculator  HashCalc
 MD2 Calculator  MD5 Calculator
 MD4 Calculator  HashMyFiles
 MD5 Calculator  MD5 Hash Calculator
 MD6 Hash Generator  Hash Droid
 Adler-32 Calculator  Hash Calculator

There are also any number of online sites that will perform hashing for you
 Command line hashing calculators for Linux
 Windows version can be downloaded

MD5 output: md5sum somefile.txt

32 hex numbers c6779ec2960296ed9a04f08d67f64422 somefile.txt
128 bit

sha1sum somefile.txt
SHA1 output:
da39a3ee5e6b4b0d3255bfef95601890afd80709 somefile.txt
40 hex numbers
160 bit
sha1sum somefile.txt > somefile.txt.sha1
cat somefile.txt.sha1
da39a3ee5e6b4b0d3255bfef95601890afd80709 somefile.txt
 20.10  Code Breaking Methodologies
 Computational Resources

CRYPTOGRAPHY  Hash Collisions

 Crypto Attacks
ATTACKS  Cryptanalysis Countermeasures
 Trickery and Deceit
 Social Engineering

 Brute Force
 Try combinations until you crack it

 Frequency Analysis
 Look for repeat patterns

 Meet-in-the-Middle
 Examine encrypted and unencrypted text to figure out the key

 Side Channel
 Examine emissions from electronic circuitry to determine corresponding algorithm
activity
 Attacks can be characterized by the resources they require
 Time:
 The number of computation steps (e.g., test encryptions) that must be performed

 Memory:
 The amount of storage required to perform the attack

 Data:
 The quantity and type of plaintexts and ciphertexts required for an approach
 One of the most essential tools in cryptanalysis
 Leverages GPU-powered parallel processing across multiple compute nodes
 A Graphical Processing Unit (GPU) is a built-in CPU on a video card
 The GPU offloads computationally-intensive tasks such as video rendering from the CPU
 It can also be used in cryptanalysis

 You can also use the cloud to provide extensive compute resources
 You can even distribute your cracking across a bot army!
 An attempt to find two input strings of a hash function that produce the same hash
result
 Because hash functions have infinite input length and a predefined output length
 There is inevitably going to be the possibility of two different inputs that produce the
same output hash
 A strong hashing algorithm is resistant to collisions
 A severe memory handling bug
 Affects OpenSSL versions 1.0.1 through 1.0.1f
 Exists in the implementation of the TLS Heartbeat Extension
 Heartbeats are used to keep the TLS session alive

 Could be used to reveal up to 64 KB of the application's memory with every

heartbeat
 By reading the memory of the web server, attackers could access sensitive data,
including the server's private key
 CVE-2014-0160
 A webserver security vulnerability
 Takes advantage of SSL fallback
 CVE-2014-3566
 The attacker tricks the server and client into
downgrading the connection
 From TLS 1.2 to the less-secure SSL 3.0
1. The attacker inserts themselves as man-in-the-middle between client and server
2. The attacker falsely drops connections, tricking the server into assuming that the
client does not support TLS 1.2
3. As the client and the server communicate using SSL 3.0, the attacker can use the
POODLE attack to decrypt selected parts of the communication and steal
confidential information
 To make sure that the POODLE attack succeeds, the attacker uses social engineering to
trick the user into running a Java script in their browser
 Ciphertext Only
 The cryptanalyst has access only to a collection of ciphertexts or code texts

 Known plaintext attack

 The analyst may have access to some or all the plaintext of the ciphertext
 The goal is to discover the key used to encrypt the message and decrypt the message
 Once the key is identified, an attacker can decode all messages that had been encrypted by
utilizing that key
 Chosen plaintext attack
 The analyst either knows the encryption algorithm or has access to the device used to do the
encryption
 The analyst can encrypt the ‘chosen plaintext’ with the targeted algorithm to obtain data about
the key
 Adaptive Chosen Plaintext
 Like a chosen-plaintext attack, except the attacker can choose subsequent plaintexts based on
information learned from previous encryptions
 Related-key attack
 Like a chosen-plaintext attack
 Except the attacker can obtain ciphertexts encrypted under two different keys
 The keys are unknown, but the relationship between them is known
 For example, two keys differ by one bit

 Man-in-the-middle attack
 The attacker finds a way to insert themselves into the communication channel between two
parties who wish to exchange public keys
 The attacker then performs a key exchange with each party
 The original parties believe they are exchanging keys with each other
 The two parties end up utilizing keys that are familiar to the attacker

 Integral cryptanalysis attack

 Uses sets of plaintexts
 Part of the plaintext is kept constant
 The rest of the plaintext is modified
 This attack can be especially useful when applied to block ciphers that are based on
substitution-permutation networks
 A type of known plaintext attack
 Uses two known assets:
 a plaintext block
 an associated ciphertext block

 The attacker uses both assets to decipher the key

 The attack involves working from either end of the encryption chain toward the
middle
 As opposed to trying brute-force permutations from one end of the encryption process to
the other.
 Common attack against Data Encryption Standard (DES)
 Can break ciphers that use two or more keys for multiple encryption using the same
algorithm (2DES, 3DES)
Compute
Compute
and store
decryptions
mappings

Compare from two directions

 Electronic circuitry always “leaks” various forms of radiant energy as it processes
signals and executes commands
 A side-channel attack takes advantage of observable external changes (side-
channel properties) in the circuitry during processing:
 Heat generated, power consumed, execution time
 These changes happen at different times during algorithm execution

 If an attacker can run their own code on the encryption/decryption hardware

 They can more quickly figure out what the different physical changes indicate
 CrypTool
 An open-source project that produces e-learning programs and a web portal for learning
about cryptanalysis and cryptographic algorithms.
 Cryptol
 Analyzes algorithms and implementations
 Initially designed for the NSA
 Is also widely used by private firms

 EverCrack
 A GPL open-source software that mainly deals with monoalphabetic substitution and
transposition ciphers
 Its cryptanalysis engine supports multiple languages

 Ganzúa
 An open-source cryptanalysis tool used for classical polyalphabetic and monoalphabetic
ciphers
 Lets users outline nearly complete arbitrary cipher and plain alphabets

Cryptanalysis is the process of deciphering encrypted messages without being told the key
 John-the-Ripper
 Supports hundreds of hash and cipher types
 Can use large word lists

 Hashcat
 Performs dictionary and brute force password attacks
 Utilizes both a computer’s GPU as well as CPU for high performance

 Rainbow Tables
 Specialized dictionary list
 Pre-computed hashes

 There are various online password cracking services you can use
 You can also try social engineering to trick the user into divulging their password
 Extraction of cryptographic secrets from a person by coercion or torture
There are a number of strategies that you can employ to protect your cryptosystem
 Choose stronger cryptographic algorithms where practical

 Use longer keys or key stretching to counter a brute force attack

 Carefully protect private keys
 Encrypt the keys and store locally
 Do not store in the cloud
 Never hard-code a cryptographic key in an application

 If the computer system has limited resources, consider using algorithms that provide comparable protection while
using less compute power
 E.g., Elliptic Curve Cryptography (ECC) over RSA

 Ensure application developers use well-vetted crypto frameworks

 Do not attempt to “roll your own” encryption in application development

 Use bug bounties and public challenges to help vet your algorithm
 Having thousands of security researchers enthusiastically trying to break your cryptosystem will reveal its weaknesses more
quickly than any other method
 A publicly known algorithm that no one has been able to crack is likely to be stronger than a secret algorithm that has been
minimally tested
 Use compensating controls to reduce the risk of side-channel attacks
 Example: use TEMPEST shielding prevent electrical emanations from being intercepted
 20.11
CRYPTOGRAPHY  Review

REVIEW
 INTRO TO
 Encryption happens at OSI Layer 6 (Presentation Layer)

ETHICAL
 Data has three possible states:
 at rest (stored on storage media), in transit (being transmitted across a network), in use (in RAM)

HACKING
 Cryptography is the conversion of data into jumbled code to keep it safe

REVIEW
 Cryptography components are:
 Plain text + key + cipher (algorithm) = ciphertext

 “Plain text” is a generic term often used to describe any unencrypted data

 A key is anything that can be reduced to a number

 Also called a secret
 The longer the key, the stronger the encryption
 A key can be made longer by adding a salt or Initialization Vector to it

 A cipher is a mathematical formula that uses the key to encrypt the data

 Ciphertext is data that has been encrypted

 INTRO TO
 Symmetric encryption uses same key for encryption and decryption
 It must be known to both parties and agreed upon in advance

ETHICAL
 If it becomes compromised, everything encrypted with it is also considered to be compromised

 Symmetric algorithms include DES, 3DES, AES

HACKING
 DES and 3DES are no longer considered secure
 AES is the current standard

REVIEW
 Symmetric encryption has relatively good performance, and is used to encrypt large
amounts of data

 A block cipher divides the data into chunks

 Encrypts each chunk one at a time
 It is well suited for encrypting large amounts of data

 A stream cipher uses a key that is being continuously, randomly

generated
 It XOR’s the key bits against the data bits, producing a stream of encrypted bits
 It is well suited to encrypt realtime data such as realtime voice/video or
network (Wi-Fi) transmissions
 INTRO TO
 Asymmetric encryption uses a public/private key pair to encrypt/decrypt
 The two keys are mathematically related

ETHICAL
 You freely give away the public key
 You carefully guard the private key from unauthorized disclosure

 In asymmetric encryption, you encrypt with one key (typically the public key)

HACKING
 Then decrypt with the other (typically the private key)

 In order to send someone data that only they can read, you must use THEIR public key to encrypt it

REVIEW
 They will then use their private key to decrypt the data

 Diffie-Hellmann or RSA are two popular key exchange algorithms used to securely trade public keys across
the network
 The most popular asymmetric algorithm in use today is RSA
 It is based on large factors (prime numbers)

 ECC is another popular asymmetric algorithm

 It is based on the algebraic structure of elliptic curves over finite fields
 It provides the same level of protection as RSA while consuming considerably fewer resources
 It is the preferred choice for small devices such as smart cards and mobile/wireless devices

 Because RSA encryption is computationally expensive, a client and server will trade
public keys
 They will then use those keys to jointly create a temporary symmetric session key
 Even if the transmission is intercepted, without one of the private keys an attacker cannot
decrypt the message

INTRO TO
A certificate is a public key on a document
ETHICAL
 It is accompanied by a protected private key

You can use your private key to digitally sign data

HACKING

 This proves authenticity
 Others can verify the signature by using the public key from your certificate
REVIEW
 You can be legally held liable if others use your private key to impersonate you

 You can generate your own public/private key pairs or certificates

 Public Key Infrastructure uses well-known certificate authorities (CA)
to issue certificates to the general public
 These certificates are trusted by everyone because operating systems ship
with certificates from the well-known Root CAs
 Thus the chain of authenticity can be proven all the way up to the issuing CA
 INTRO TO
 Hashing creates a fixed-length output from a variable input



ETHICAL
It proves data integrity
In general, hashing does not use a key in the hashing process
A hash is computationally infeasible to decrypt

HACKING
User passwords are typically stored as hashes in an operating system file
 Hashing algorithms should be resistant to collisions

REVIEW
 A collision is where two different inputs produce the same output

 Popular hashing algorithms include MD5, SHA1, SHA256, LM, NTLM

 HMAC is another hashing algorithm that adds the user’s private key to
the data before it is hashed
 This proves both authenticity and integrity

 There are many practical uses for cryptography in data storage,

network transmission, e-commerce, VPNs, email, etc.
 There are many ways to try to break encryption
 If you cannot break the encryption, try social engineering or coercion