Upload
cameron-miller
View
222
Download
3
Tags:
Embed Size (px)
Citation preview
Objectives
• After reading this chapter and completing the exercises, you will be able to:– Summarize the history and principles of
cryptography– Describe symmetric and asymmetric encryption
algorithms– Explain public key infrastructure (PKI)– Describe possible attacks on cryptosystems
Hands-On Ethical Hacking and Network Defense, Second Edition 2
Understanding Cryptography Basics
• Cryptography – Process of converting plaintext into ciphertext
• Plaintext: readable text
• Ciphertext: unreadable or encrypted text
– Used to hide information from unauthorized users
• Decryption – Process of converting ciphertext back to plaintext
Hands-On Ethical Hacking and Network Defense, Second Edition 3
History of Cryptography
• Around for thousands of years– Encrypted Egyptian hieroglyphics– Book of Jeremiah was written using a cipher
• Substitution cipher– Replaces one letter with another letter
• Based on a key
– Example: Julius Caesar’s cipher• Key value of three
Hands-On Ethical Hacking and Network Defense, Second Edition 4
History of Cryptography (cont’d.)
• Cryptanalysis – Study of breaking encryption algorithms– When a new encryption algorithm is developed,
cryptanalysts study it and try to break it• Or prove it is impractical to break
Hands-On Ethical Hacking and Network Defense, Second Edition 5
The War Machines
• Enigma machine– Developed by Arthur Scherbius– Used by Germans during World War II– Enigma substituted each letter typed by an operator
• Substitutions were computed using a key and set of switches or rotors
– Code was broken by Polish cryptographers• Machine for breaking the code was called the Bombe
Hands-On Ethical Hacking and Network Defense, Second Edition 6
The War Machines (cont’d.)
• The Purple Machine– Developed by Japanese during World War II– Used techniques discovered by Herbert O. Yardley– Code was broken by William Frederick Friedman
• Known as the Father of U.S. Cryptanalysis
• Steganography – Process of hiding data in plain view in pictures,
graphics, or text
Hands-On Ethical Hacking and Network Defense, Second Edition 7
Understanding Symmetric and Asymmetric Algorithms
• Encryption algorithm – Mathematical function or program that works with a
key• Algorithm strength and key secrecy determine security
• Key – Sequence of random bits generated from a range of
allowable values, called a keyspace• The larger the keyspace, the more random sequenced
keys that can be created
• The more random keys that can be created, the more difficult to guess the key
Hands-On Ethical Hacking and Network Defense, Second Edition 8
Hands-On Ethical Hacking and Network Defense, Second Edition 9
Figure 12-1 Selecting random keys from a keyspace
Hands-On Ethical Hacking and Network Defense, Second Edition 10
Table 12-1 Symmetric, asymmetric, and hashing algorithms
Symmetric Algorithms
• One key encrypts and decrypts data– Advantages
• Faster
• Difficult to break if a large key size is used
• Only one key needed to encrypt and decrypt data
– Disadvantages• Challenging key management
• Difficult to deliver keys without risk of theft
• Does not support authenticity and nonrepudiation
Hands-On Ethical Hacking and Network Defense, Second Edition 11
Symmetric Algorithms (cont’d.)
• Types of symmetric algorithms– Stream ciphers
• Operate on plaintext one bit at a time
– Block ciphers• Operate on blocks of plaintext
Hands-On Ethical Hacking and Network Defense, Second Edition 12
Data Encryption Standard
• National Institute of Standards and Technology (NIST)– Wanted a means of protecting sensitive but
unclassified data• Invited vendors in early 1970 to submit data
encryption algorithms
• IBM proposed Lucifer– A 128-bit encryption algorithm– National Security Agency reduced key size to 64 bits
and created Data Encryption Algorithm (DES)
Hands-On Ethical Hacking and Network Defense, Second Edition 13
Data Encryption Standard (cont’d.)
• 1988: NSA thought the standard was at risk to be broken– Longevity and increasing power of computers
• 1998: Computer system was designed to break the encryption key in only three days
Hands-On Ethical Hacking and Network Defense, Second Edition 14
Triple DES
• Triple Data Encryption System (3DES)– Served as a quick fix for DES vulnerabilities– Performed original DES computation three times
with different keys• Made it much stronger than DES
– Takes longer to encrypt and decrypt data than DES
Hands-On Ethical Hacking and Network Defense, Second Edition 15
Advanced Encryption Standard
• NIST put out request for a new encryption standard– Required submittals for a symmetric block cipher be
capable of supporting 128-, 192-, and 256-bit keys
• Five finalists– Rijndael (winner)– MARS– RC6– Serpent– Twofish
Hands-On Ethical Hacking and Network Defense, Second Edition 16
Hands-On Ethical Hacking and Network Defense, Second Edition 17
International Data Encryption Algorithm
• Block cipher – Operates on 64-bit blocks of plaintext– Uses 128-bit key– Developed by Xuejia Lai and James Massey– Designed to work more efficiently in computers used
at home and in businesses– Free for noncommercial use
Blowfish
• Block cipher – Operates on 64-bit blocks of plaintext– Key length can be as large as 448 bits– Developed as a public-domain algorithm by Bruce
Schneier
Hands-On Ethical Hacking and Network Defense, Second Edition 18
RC4
• Most widely used stream cipher– Used in WEP wireless encryption– Finding the key with air-cracking programs is easy– Created by Ronald L. Rivest in 1987 for RSA
Security
Hands-On Ethical Hacking and Network Defense, Second Edition 19
Hands-On Ethical Hacking and Network Defense, Second Edition 20
RC5
• Block cipher – Operates on different block sizes: 32, 64, and 128– Key size can reach 2048 bits– Created by Ronald L. Rivest in 1994 for RSA
Security
Asymmetric Algorithms
• Use two mathematically related keys– Data encrypted with one key can only be decrypted
with the other
• Also called public key cryptography– Public key: key can be known by public– Private key: secret key known only by owner
• Provide message authenticity and nonrepudiation– Authenticity validates sender of message– Nonrepudiation means a user cannot deny sending a
message
Hands-On Ethical Hacking and Network Defense, Second Edition 21
Hands-On Ethical Hacking and Network Defense, Second Edition 22
Asymmetric Algorithms (cont’d.)
• How it works– User A encrypts a message with private key and
sends it to User B• User B decrypts the message with User A’s public key
• If confidentiality is major concern for User A– User A encrypts a message with User B’s public key
and sends it to User B• User B decrypts the message with his private key
Hands-On Ethical Hacking and Network Defense, Second Edition 23
RSA
• Developed in 1977 by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman
• First algorithm used for both encryption and digital signing– Based on difficulty of factoring large numbers– Uses a one-way function to generate a key
• Mathematical formula easy to compute in one direction
– Used by many browsers using Secure Socket Layer (SSL) protocol
Hands-On Ethical Hacking and Network Defense, Second Edition 24
Diffie-Hellman
• Developed by Whitfield Diffie and Martin Hellman– Does not provide encryption – Used to establish a secrete shared between two
parties• Though of as a key exchange
– If a key is intercepted during transmission, network is vulnerable to attack
• With a method of sharing a secret key, users secure electronic communication without fear of interception
Elliptic Curve Cryptography
• Used for:– Encryption– Digital signatures – Key distribution
• Efficient algorithm requiring few resources:– Memory– Disk space– Bandwidth
Hands-On Ethical Hacking and Network Defense, Second Edition 25
EIGamal
• Asymmetric algorithm
• Used to:– Generate keys – Encrypt data– Create digital signatures
• Written by Taher Elgamal in 1985– Uses discrete logarithm problems
• Solving a discrete logarithm problem can take many years and require CPU-intensive operations
Hands-On Ethical Hacking and Network Defense, Second Edition 26
Digital Signatures
• Asymmetric algorithms – Enables a public key to decrypt a message
encrypted with a private key– Public key can decrypt a message encrypted with a
private key • Only if message was encrypted by corresponding
private key’s holder
Hands-On Ethical Hacking and Network Defense, Second Edition 27
Hands-On Ethical Hacking and Network Defense, Second Edition 28
Figure 12-2 Using a digital signature
Digital Signature Standard
• Established by NIST in 1991– Ensures digital signatures can be verified
• Federal government requirements– RSA and Digital Signature Algorithm (DSA) must be
used for all digital signatures– Hashing algorithm must be used to ensure message
integrity• NIST required Secure Hash Algorithm (SHA)
Hands-On Ethical Hacking and Network Defense, Second Edition 29
Pretty Good Privacy
• Developed by Phil Zimmerman – Free e-mail encryption program– Zimmerman was almost arrested
• Any kind of “unbreakable” encryption was seen as a weapon and compared to selling arms to the enemy
• Internet standard for PGP messages is OpenPGP– Uses certificates similar to those in public key
infrastructure (PKI)• Does not use a centralized CA
• Verification of CA is not as efficient as PKI
Hands-On Ethical Hacking and Network Defense, Second Edition 30
Hands-On Ethical Hacking and Network Defense, Second Edition 31
Pretty Good Privacy (cont’d.)
• Algorithms supported by OpenPGP:– AES– IDEA– RSA– DSA– SHA
Secure Multipurpose Internet Mail Extension
• Another public key encryption standard – Used to encrypt and digitally sign e-mail– Can encrypt e-mail messages containing
attachments – Can use PKI certificates for authentication– Widely used for e-mail encryption
• Built into Microsoft Outlook
Hands-On Ethical Hacking and Network Defense, Second Edition 32
Sensitive Data Encryption
• Make it a policy to exchange test results and sensitive documents in encrypted form– Recommend doing so to clients
• Organizations might also need to encrypt data at rest– Data not moving through the network or being used
by OS
Hands-On Ethical Hacking and Network Defense, Second Edition 33
Hashing Algorithms
• Takes a variable-length message and produces a fixed-length value (i.e., message digest)– Like a fingerprint of the message– If message is changed, hash value changes
• Collisions– Two different messages produce same hash value
• A good hashing algorithm is collision free
Hands-On Ethical Hacking and Network Defense, Second Edition 34
Understanding Public Key Infrastructure
• Structure consisting of programs, protocols, and security protocols– Uses public key cryptography
• Components of PKI:– Certificate
• Verifies identities of two communicating entities
– Public keys • Issued by a certification authority (CA)
– Certificate that CA issues • Binds public key to recipient’s private key
Hands-On Ethical Hacking and Network Defense, Second Edition 36
Hands-On Ethical Hacking and Network Defense, Second Edition 37
Expiring, Revoking, and Suspending Certificates
• Period of validity is assigned to each certificate– After that date, certificate expires– Certificate can be renewed
• If keys are still valid and remain uncompromised
• Reasons to suspend or revoke a certificate:– User leaves the company– Hardware crash causes a key to be lost– Private key is compromised– Company no longer exists or supplied false
information
Expiring, Revoking, and Suspending Certificates (cont’d.)
• Certificate Revocation List (CRL)– Contains all revoked and suspended certificates
• Suspension of a certificate – One or more parties fail to honor agreements– Makes it easier to restore if parties come to an
agreement
Hands-On Ethical Hacking and Network Defense, Second Edition 38
Hands-On Ethical Hacking and Network Defense, Second Edition 39
Backing Up Keys
• Backing up keys is critical– If destroyed and not backed up, encrypted business-
critical information might be irretrievable
• CA is usually responsible for backing up keys– Also responsible for a key recovery policy
Microsoft Root CA
• Includes features in its server OSs for configuring a server as a CA – Instead of using a third-party CA
• Windows Server 2008 Add Roles Wizard– Administrator selects Active Directory Certificate
Services
Hands-On Ethical Hacking and Network Defense, Second Edition 40
Hands-On Ethical Hacking and Network Defense, Second Edition 41
Figure 12-10 Selecting Active Directory Certificate Services in the Add Roles Wizard
Hands-On Ethical Hacking and Network Defense, Second Edition 42
Figure 12-11 Selecting role services to install
Hands-On Ethical Hacking and Network Defense, Second Edition 44
Figure 12-13 Configuring cryptography settings for a CA
Hands-On Ethical Hacking and Network Defense, Second Edition 45
Understanding Cryptographic Attacks
• Passive attacks– Using tools to eavesdrop or perform port scanning
• Active attacks – Attempt to determine secret key used to encrypt
plaintext
• Culprit and general public usually know the algorithm – Companies developing encryption algorithms realize
vulnerabilities may be discovered• Software engineers develop open-source code
Birthday Attack
• Old adage that if 23 people are in a room, 50% probability that two will share the same birthday– Birthday attacks
• Used to find same hash value for two different inputs
• Used to reveal any mathematical weaknesses in hashing algorithms
• SHA-1 – Uses a 160-bit key– Would require 263 computations
Hands-On Ethical Hacking and Network Defense, Second Edition 46
Mathematical Attacks
• Properties of algorithm are attacked by using mathematical computations
• Categories:– Ciphertext-only attack– Known plaintext attack– Chosen-plaintext attack– Chosen-ciphertext attack– Side-channel attack
Hands-On Ethical Hacking and Network Defense, Second Edition 47
Brute-Force Attack
• Attacker tries all possible keys in a keyspace– Uses a password-cracking program
• Attempts every possible combination of characters
– Can be launched on any kind of message digest
Hands-On Ethical Hacking and Network Defense, Second Edition 48
Hands-On Ethical Hacking and Network Defense, Second Edition 49
Man-in-the-Middle Attack
• Attackers place themselves between the victim computer and another host computer– Then intercept messages sent from victim to host
• Pretend to be the host computer
Dictionary Attack
• Attacker uses a dictionary of known words to try to guess passwords– There are programs that can help attackers run a
dictionary attack
Hands-On Ethical Hacking and Network Defense, Second Edition 50
Replay Attack
• Attacker captures data and attempts to resubmit the captured data– Device thinks a legitimate connection is in effect– If captured data was logon information, attacker
could gain access and be authenticated
• Many systems have countermeasures to prevent these attacks
Hands-On Ethical Hacking and Network Defense, Second Edition 51
Understanding Password Cracking
• Password cracking is illegal in the United States– It is legal to crack your own password if you forgot it
• If password uses common dictionary words – Most password-cracking programs can use a
dictionary file to speed up the process
• You must first obtain the password file from the system that stores user names and passwords– Stored in /etc/shadow file for *nix systems– Windows password hashes are stored
Hands-On Ethical Hacking and Network Defense, Second Edition 52
Understanding Password Cracking (cont’d.)
• Password cracking programs:– John the Ripper– Ophcrack– EXPECT– L0phtcrack– Pwdump6– Fgdump
Hands-On Ethical Hacking and Network Defense, Second Edition 53
Hands-On Ethical Hacking and Network Defense, Second Edition 55
Figure 12-15 Running John the Ripper with the 127.0.0.1.pwdump input file
Hands-On Ethical Hacking and Network Defense, Second Edition 56
Figure 12-16 Using John the Ripper parameters
Summary
• Cryptography – In existence for thousands of years
• Ciphertext– Data that has been encrypted
• Cleartext or plaintext– Data than can be intercepted and read by anyone
• Symmetric cryptography– Uses one key to encrypt and decrypt data
• Asymmetric cryptography– Uses two keys, one to encrypt and another decrypt
Hands-On Ethical Hacking and Network Defense, Second Edition 57
Summary (cont’d.)
• RSA – Uses only a one-way function to generate a key
• Digital Signature Standard (DSS)– Ensures that digital signatures can be verified
• OpenPGP– Free public key encryption standard
• Hashing algorithms – Used to verify data integrity
• Public key infrastructure (PKI)– Structure of components used to encrypt data
Hands-On Ethical Hacking and Network Defense, Second Edition 58
Summary (cont’d.)
• Digital certificate– Binds a public key to information about its owner
• Issued by a Certificate Authority (CA)
• Active attack– Attempts to determine secret key used to encrypt
plaintext
• Passive attack– Uses sniffing and scanning tools that don’t affect the
algorithm (key), message, or any parts of the encryption system
Hands-On Ethical Hacking and Network Defense, Second Edition 59