Upload
edward
View
31
Download
1
Embed Size (px)
DESCRIPTION
Encryption & Cryptography. Encryption & Cryptography (What the chapter didn’t tell you) Practicum: Dell Computer Corporation (Planning Materiality and Tolerable Misstatement). Schedule (revised). - PowerPoint PPT Presentation
Citation preview
Encryption & Cryptography
Encryption & Cryptography (What the chapter didn’t tell you)
Practicum: Dell Computer Corporation(Planning Materiality and Tolerable Misstatement)
Schedule (revised), Topic Readings Practicum
12-Sep-05 Identifying Computer Systems Chapter 2 Evaluating IT Benefits and Risks Jacksonville Jaguars
19-Sep-05 IS Audit Programs Chapter 3 The Job of the Staff Auditor A Day in the Life of Brent Dorsey
26-Sep-05 IS Security Chapter 4 Recognizing Fraud The Anonymous Caller
3-Oct-05 Utility Computing and IS Service Organizations
Chapter 5 Evaluating a Prospective Audit Client
Ocean Manufacturing
10-Oct-05 Physical Security Chapter 6 Inherent Risk and Control Risk Comptronix Corporation
17-Oct-05 Logical Security Chapter 7 & 8 Evaluating the Internal Control Environment
Easy Clean
24-Oct-05 IS Operations Chapter 9 Fraud Risk and the Internal Control Environment
Cendant Corporation
7-Nov-05 Controls Assessment Chapter 10 IT-based vs. Manual Accounting Systems
St James Clothiers
14-Nov-05 Encryption and Cryptography Chapter 11 Materiality / Tolerable Misstatement Dell Computer
21-Nov-05 Computer Forensics Chapter 12 Analytical Procedures as Substantive Tests
Burlington Bees
28-Nov-05 New Challenges from the Internet: Privacy, Piracy, Viruses and so forth
Chapter 13 Information Systems and Audit Evidence
Henrico Retail
Hash Functions (e.g., MD5, SHA-1) A hash function or hash
algorithm is a function for summarizing or probabilistically identifying data. Such a summary is known as a hash value or simply a hash, and the process of computing such a value is known as hashing
A fundamental property of all hash functions is that if two hashes (according to the same function) are different, then the two inputs were different in some way
The equality of two hash values does not guarantee the two inputs were the same.
Authentication
Authentication verifies that the message has not been altered, and verifies the identity of the receiver or sender
In Secure Sockets Layer (SSL) an authentication mechanism is used to verify the
identity of the server or client who provide a certificate that is digitally signed by a recognized certificate authority (CA)
The integrity of the data is verified by signing each SSL bulk message
Certificate authority
A certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties It is an example of a trusted third party CA's are characteristic of many public key infrastructure
(PKI) schemes There are many commercial CAs that charge for
their services Institutions and governments may have their own CAs, and
there are free CAs, for example, CAcert.
Issuing a certificate
A CA will issue a public key certificate which states that the CA attests that the public key contained
in the certificate belongs to the person, organization, server, or other entity noted in the certificate
A CA's obligation in such schemes is to verify an applicant's credentials,
so that users (relying parties) can trust the information in the CA's certificates
The usual idea is that if the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does indeed belong to whoever is identified in the certificate.
Subversion of CA
If the CA can be subverted, then the security of the system breaks down
For example, suppose an attacker, Mallory,
manages to get a certificate authority to issue a false certificate tying Alice to the wrong public key, known by Mallory
If Bob subsequently obtains and uses the public key in this certificate, the security of his communications could be compromised by Mallory for example, his messages could be decrypted, or he could be tricked into accepting forged signatures
Security Administration for CAs Commercial CAs often use a combination of authentication techniques
including leveraging government bureaus, the payment infrastructure, third parties databases and services, and custom heuristics
According to the American Bar Association outline on Online Transaction Management
the primary points of federal and state statutes that have been enacted regarding digital signatures
has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents."
In large-scale deployments Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA), so Bob's certificate may also include his CA's public key signed by a different
CA2, which is presumably recognizable by Alice This process typically leads to a hierarchy or mesh of CAs and CA
certificates.
Authorization certificate(different than a CA)
An authorization certificate also known as an attribute certificate
is a digital document that describes a written permission from the issuer to use a
service or a resource that the issuer controls or has access to use
The permission can be delegated.
A real life example of this can be found in the mobile software deployments by large service providers and are typically applied to platforms such as Microsoft
Smartphone, Symbian OS, J2ME, and others.
Public key certificate
A public key certificate (or identity certificate) is a certificate which uses a digital signature
to bind together a public key with an identity
information such as the name of a person or an organization, their address, and so forth
The certificate can be used to verify that a public key belongs to an individual
A certificate typically includes:1. The public key being signed.
2. A name, which can refer to a person, a computer or an organization
3. A validity period
4. The location (URL) of a revocation center
Use of Public key certificate
If Alice wants others to be able to send her secret messages, she need only publish her public key. Anyone possessing it can
then send her secure information. Unfortunately, Mallory can also publish a public key (for which
she knows the related private key) claiming it is Alice's and so receive at least some of the secret messages meant for her
But if Alice builds her public key into a certificate and has it digitally signed by a trusted third party (Trent),
anyone who trusts Trent can merely check the certificate to see whether Trent thinks the embedded public key is Alice's. In typical Public-
key Infrastructures (PKIs), Trent will be a CA, who is trusted by all participants.
In a web of trust, Trent can be any user, and whether to trust that user's attestation that a particular public
key belongs to Alice will be up to the person wishing to send a message to Alice
Secure Socket Layer The Secure Sockets Layer (SSL) is a protocol to exchange data securely
SSL uses the Internet (that is, TCP/IP), as its communication mechanism Commonly used browsers like IE, Firefox and Netscape, are equipped with SSL
clients When a Browser connects to a server securely,
for applications such as sending a credit card number or viewing bank account or stock trade information,
the session initiates an SSL handshake this is very computation intensive due to the use of public key encryption to exchange
the symmetric keys that will be used to encrypt the data The public key algorithms used in the handshake are RSA or Diffie-Hellman,
among others. Following the SSL handshake, there is encrypted data transfer
The SSL client in the browser encrypts the data and the SSL server on the Web server decrypts the data
The server response is encrypted by the server and decrypted by the browser The data is not only encrypted, but also digitally signed
Some of the items that make SSL secure for communications are: (1) the keys are never sent unencrypted, (2) the identities of the sender and receiver can be verified, and (3) the integrity of each message is authenticated
Password Cracking Password cracking is the process of recovering secret passwords from data
that has been stored in or transmitted by a computer system, typically, by repeatedly verifying guesses for the password
The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk), to gain unauthorized access to a system, or as a preventive measure by the system administrator to check for easily crackable passwords.
Passwords to access computer systems are usually stored in a database in order for the system to perform password verification
To enhance the privacy of passwords, the stored password verification data is generally produced
by applying a one-way function to the password, A hash function
Even though functions that create hashed passwords may be cryptographically secure,
possession of a hashed password provides a quick way to verify guesses for the password by applying the function to each guess,
and comparing the result to the verification data.
Cracking Methods Password cracking is recovery of one or more plaintext passwords from hashed
passwords
Password cracking requires that an attacker can gain access to a hashed password, either by reading the password verification database
e.g., via a Trojan Horse, virus program, or social engineering or intercepting a hashed password sent over an open network, or has some other way to rapidly and without limit test if a guessed password is
correct.
Without the hashed password, the attacker can still attempt access to the computer system in question with guessed passwords
However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceed
With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high.
Methods
There are many ways of obtaining passwords illicitly, social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, identity management system attacks and compromising host security
However, cracking usually involves guessing
Guessing Not surprisingly, many users choose weak passwords, usually one related to
themselves in some way. It may be: blank the word 'password' the user's name or login name the name of their significant other or another relative their birthplace or date of birth a pet's name automobile licence plate number and so on,
Some users even neglect to change the default password that came with their account on the computer system.
And some administrators neglect to change default account passwords provided by the operating system vendor or hardware supplier.
A famous example is the use of FieldService as a user name with Guest as the password. If not changed at system configuration time, anyone familiar with such systems will have 'cracked' an important password, and such service accounts often have higher access privileges than a normal user account.
The determined cracker can easily develop a computer program that accepts personal information about the user being attacked and generates common variations for passwords suggested by that information.
Dictionary attack A dictionary attack also exploits the tendency of people to choose weak
passwords,
Password cracking programs usually come equipped with "dictionaries", or word lists, with thousands or even millions of entries of several kinds, including:
words in various languages names of people places commonly used passwords
The cracking program encrypts each word in the dictionary, and simple modifications of each word, and checks whether any match an encrypted password. This is feasible because the attack can be automated and, on inexpensive modern
computers, several thousand possibilities can be tried per second
Guessing, combined with dictionary attacks, have been repeatedly and consistently demonstrated for several decades to be sufficient to crack perhaps as many as 50% of all account passwords on production systems.
Brute force attack Try every possible password up to some size,
This is known as a brute force attack.
As the number of possible passwords increases rapidly as the length of the password increases, this method is unlikely to be successful unless the password is relatively small
How small is too small? A common current recommendation is 8 or more randomly chosen characters combining letters,
numbers, and special (punctuation, etc) characters
Systems which limit passwords to numeric characters only, or upper case only, or, generally, which exclude possible password character choices make such attacks easier.
Using longer passwords in such cases (if possible on a particular system) can compensate for a limited allowable character set.
The real threat may be likely to be from smart brute-force techniques that exploit knowledge about how people tend to choose passwords.
Most commonly used hashes can be implemented using specialized hardware, allowing faster attacks. Large numbers of computers can be harnessed in parallel, each trying a separate portion of the search space. Unused overnight and weekend time on office computers can also be used for this purpose.
Precomputation Precomputation involves hashing each word in the dictionary or any search space of candidate passwords and storing the <plaintext, ciphertext> pairs in a way that enables
lookup on the ciphertext field This way, when a new encrypted password or is obtained, password
recovery is instantaneous
There exist advanced precomputation methods that are even more effective. By applying a time-memory tradeoff, a middle ground can be reached a search space of size N can be turned into an encrypted database of
size O(N2/3) in which searching for an encrypted password takes time O(N2/3).
The theory has recently been refined into a practical technique, and the online implementation at http://passcracking.com/ achieves impressive results on 8 character alphanumeric MD5 hashes.
Salting (a remedy)
The benefits of precomputation and memoization can be nullified by randomizing the hashing process
This is known as salting
When the user sets a password, a short string called the salt is suffixed to the password before
encrypting it; the salt is stored along with the encrypted password so that it can
be used during verification Since the salt is different for each user,
the attacker can no longer use a single encrypted version of each candidate password.
If the salt is long enough, the attacker must repeat the encryption of every guess for each user, and this can only be done after obtaining the encrypted
password record for that user.
Programs for password cracking
John the Ripper John the Ripper is password cracking software. Initially developed
for the UNIX operating system, It currently runs on fifteen different platforms.
It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects, and includes a customisable cracker.
The encrypted password formats which it can be run against include various DES formats, MD4, MD5, Kerberos AFS, and Windows LM hash. Additional modules have extended its ability to include passwords stored in LDAP, MySQL and others.
John is designed to discover weak passwords from the encrypted information in system files. It operates by taking text strings (usually from a file containing words found in a dictionary), encrypting it in the same format as the password being examined, and comparing the output to the encrypted string. It also offers a brute force mode.
Programs for password cracking
L0phtCrack
L0phtCrack is a password auditing and recovery application (now called LC5),
originally produced by L0pht Heavy Industries (later produced by @stake and now by Symantec, which acquired @stake in 2004)
It is used to test password strength and to recover lost Microsoft Windows passwords,
by using dictionary, brute-force, and hybrid attacks. It is one of the crackers' tools of choice