![Page 1: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/1.jpg)
Cyber Security Basics,Threat Pragmatics & Cryptography
Network Security Workshop
29-31 May 2017
Phnom Penh, Cambodia
![Page 2: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/2.jpg)
Overview
• Security Overview• Threat Pragmatics
• Cryptography Basics
2
![Page 3: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/3.jpg)
Drawing some correlations
3
![Page 4: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/4.jpg)
Why Security?
• The Internet was initially designed for connectivity – Trust was assumed– Security protocols added on top of the TCP/IP with time
• The Internet has become fundamental to our daily activities (business, work, and personal)
• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources
4
![Page 5: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/5.jpg)
Internet Evolution
Security (threats and challenges) changes as the Internet evolves!
LAN connectivity Content driven (email, web, music, video)
Data on the Cloud
5
![Page 6: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/6.jpg)
Recent Incidents• WannaCry Ransomware (May 2017)
– As of 12 May, 45K attacks across 74 countries– Remote code execution in SMBv1 using EternalBlue exploit
• TCP 445, or via NetBIOS (UDP/TCP 135-139)
– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
– Exploit released on 14 April 2017
6
![Page 7: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/7.jpg)
Recent Incidents• SHA-1 is broken (Feb 23, 2017)
– colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
7
![Page 8: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/8.jpg)
Recent Incidents• San Francisco Rail System Hacker Hacked
(Nov 2016)– Ransomware attack on San Francisco public transit gave
everyone a free ride ([email protected])• Encrypts boot sectors (ransom for decryption) - Mamba
– Java vulnerability not patched (Security Alert CVE-2015-4852 since Nov 2015 from Oracle )
8
![Page 9: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/9.jpg)
Recent Incidents
• Dyn cyberattack (Oct 2016)– With an estimated throughput of 1.2 terabits per second– DDoS by IOT devices (Mirai botnet)– malicious queries!
9
![Page 10: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/10.jpg)
Recent Incidents• Cloudbleed (Sept 2016)
– Again a buffer overflow like Heartbleed affecting Cloudflare– Coding bug (Layer 8 problem!):
• inserted an == instead of >= in the source code of cf-html (html parser), causing a buffer overflow
– Problem: HTTP requests read past the buffer and kept reading from other memory spaces• Session tokens• Encryption keys• POST data• Passwords
– cached by search engines L• https://github.com/pirate/sites-using-cloudflare
10
![Page 11: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/11.jpg)
www.shodan.io
11
• Find any internet connected device
![Page 13: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/13.jpg)
Who are they? (Attack Motivation)
• Nation states want SECRETS
• Organized criminals want MONEY
• Protesters or activists want ATTENTION
• Hackers and researchers want KNOWLEDGE
13
Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html
![Page 14: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/14.jpg)
Threats, Vulnerability, and Risks
• Threat– circumstance or event with potential to cause harm to a
networked system
• Vulnerability– A weakness that can be exploited
• Software bugs• Design flaws• Configuration mistakes• Lack of encryption
• Risk– The likelihood that a particular vulnerability will be exploited
14
![Page 15: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/15.jpg)
The Threat Matrix
15
Degree of Focus
Opportunistic hacks
Joy hacks Targeted attacks
Advanced Persistent Threats
Source: Thinking Security – Steve M. Bellovin
![Page 16: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/16.jpg)
Joy Hacks
• For fun - with little skill using known exploits
• Minimal damage - especially unpatched machines
• Random targets – anyone they can hit
• Most hackers start this way – learning curve
16
![Page 17: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/17.jpg)
Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques
• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry?
• Most phishers, virus writers, etc.
17
![Page 18: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/18.jpg)
Targeted Attacks
• Have a specific target!
• Research the target and tailor attacks– physical reconnaissance
• At worst, an insider (behind all your defenses)– Not so happy
• Tools like “spear-phishing”
• May use 0-days
18
![Page 19: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/19.jpg)
Advanced Persistent Threats
• Highly skilled (well funded) - specific targets– Mostly 0-days
• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)
• May use non-cyber means:– burglary, bribery, and blackmail
• Note: many lesser attacks blamed on APTs
19
![Page 20: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/20.jpg)
Are you a Target?
• Biggest risk?– assuming you are not interesting enough!
• Vendors and their take on security:– Underwhelming– Overwhelming
20
![Page 21: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/21.jpg)
Defense Strategies
• Depends on what you’re trying to protect
• Tactics that keep out teenagers won’t keep out a well-funded agency
• But stronger defenses are often much more expensive, and cause great inconvenience
21
![Page 22: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/22.jpg)
What Are You Protecting?
• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets
• Hardware, software, data, people, documents
– Who would be interested?
• Place a Value on the asset– Different assets require different level of protection– Security measures must be in proportion with asset value
• How much can you afford?
• Determine Likelihood of breaches– threats and vulnerabilities ?
22
![Page 23: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/23.jpg)
Against Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for known holes:– Up to date system patches– Up to date antivirus database
• Ordinary enterprise-grade firewalls will also repel them
23
![Page 24: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/24.jpg)
Opportunistic Hacks
• Sophisticated techniques used
• You need multiple layers of defense– Up to date patches and anti-virus– Firewalls– Intrusion detection– Lots of attention to log files
24
![Page 25: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/25.jpg)
Targeted Attacks
• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance– Security policies and procedures matter a lot
• How do you respond to phone callers?• What do people do with unexpected attachments?• USB sticks in the parking
• Hardest case: disgruntled employee or ex-employee– Already behind your defenses– Think Manning & Snowden
25
![Page 26: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/26.jpg)
Advanced Persistent Threats
• L very very hard defend against!
• Use all of the previous defenses
• There are no sure answers
• Pay special attention to policies and procedures
• Investigate all oddities
26
![Page 27: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/27.jpg)
Example of Security Controls
27
Category Example of Controls Purpose
Policy & Procedure
Cyber Security Policy, IncidentHandling Procedure
Make everyone aware of theimportance of security, define role and responsibilities (pre and post incident), understandscope of the problem
Technical Firewall, Intrusion DetectionSystem, AV, Logging Systems
Prevent and detect potentialattacks, mitigate risk of breach
Physical CCTV, Locks, Biometrics, Secure working space
Prevent physical theft of information assets or unauthorized physicalaccess
![Page 28: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/28.jpg)
Goals of Information Security
Confidentiality Integrity Availability
SEC
UR
ITY
prevents unauthorized use or disclosure of
information
safeguards the accuracy and
completeness of information
authorized users have reliable and timely access to
information
28
![Page 29: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/29.jpg)
Access Control
• To permit or deny the use of resource(s)
• All about:– Authentication (who is the user)– Authorization (who is allowed to use what)– Accountability (what did the user do)
![Page 30: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/30.jpg)
Authentication
• Verify a user’s identity• “user” may refer to:
– A person – An application or process– A machine or device
• Identification comes before authentication– Ex: username to establish user’s identity
• To prove identity, a user must present either:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan,
signature or voice)
![Page 31: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/31.jpg)
Strong Authentication
• An absolute requirement
• Two-factor authentication – Passwords (something you know)– Tokens (something you have)
• Examples:– Passwords– Tokens– PINs– Biometrics– Certificates
![Page 32: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/32.jpg)
Two-factor Authentication• At least two authentication ‘factors’ to prove user’s
identity– something you know
• Username/password
– something you have• Token using a one-time password (OTP)
• OTP is generated using device in physical possession of the user– generated each time and expires after some time– through applications installed on mobile device
• Multi-factor authentication is also common
![Page 33: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/33.jpg)
Authorization
• Defines the user’s rights and permissions on a system
• Typically done after user has been authenticated• Grants a user access to a particular resource and
what actions he is permitted to perform on that resource
• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type
![Page 34: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/34.jpg)
Authorization Concepts
• Authorization Creep– When users may possess unnecessarily high access
privileges within an organization
• Default to Zero– Start with zero access and build on top of that
• Need to Know Principle– Least privilege; give access only to information that the user
absolutely need
• Access Control Lists– List of users allowed to perform particular access to an
object (read, write, execute, modify)
![Page 35: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/35.jpg)
Accountability
• What did the user do with the resource?
• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action
• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems
![Page 36: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/36.jpg)
Overview
• Security Overview
• Threat Pragmatics • Cryptography Basics
36
![Page 37: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/37.jpg)
Target
• Targets could be:– Network infrastructure– Network services– Application services– End user machines
• What’s at risk?
![Page 38: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/38.jpg)
Attacks on Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
38
![Page 39: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/39.jpg)
Layer 2 Attacks
• ARP Spoofing
• MAC attacks
• DHCP attacks
• VLAN hopping
39
![Page 40: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/40.jpg)
ARP Spoofing
ARP Cache poisoned. Machine A connects to Machine D (not C)
I want to connect to 10.0.0.3. I don’t know the
MAC address
10.0.0.1AA-AA-AA-AA-AA-AA
10.0.0.2BB-BB-BB-BB-BB-BB
10.0.0.3CC-CC-CC-CC-CC-CC
10.0.0.4DD-DD-DD-DD-DD-DD
ARP Request
ARP Reply
Wait, I am 10.0.0.3!
I am 10.0.0.3. This is my MAC address
40
![Page 41: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/41.jpg)
MAC Flooding
• Exploits the limitation of all switches
• CAM stores mapping of individual MAC addresses to source ports.
• Attacker floods the CAM table using spoofed source MAC addresses
41
![Page 42: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/42.jpg)
DHCP Attacks
• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed
MAC address simultaneously.
• DHCP Spoofing– Rogue DHCP
42
![Page 43: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/43.jpg)
Layer 3 Attacks
• ICMP Attacks– ICMP Smurf/Flood– Ping of death
• Control plane attacks
43
![Page 44: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/44.jpg)
ICMP Flood/Smurf
NetworkBroadcast Address
Victim
Other forms of ICMP attack:-Ping of death
Attacker
Echo request Echo request
Echo reply to actual destination
44
![Page 45: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/45.jpg)
Routing Attacks
• Malicious route insertion– Poison routing table
• Distance Vector – Announce 0 (hop count-16 for RIPv2) distance to all other
nodes (count to infinity!)• Blackhole traffic
• Link State – drop links randomly (convergence)– Malicious routes to eavesdrop
• BGP attacks– Originate someone's prefix– Tamper the path information
45
![Page 46: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/46.jpg)
TCP Attacks
• SYN Flood –attacker sends SYN requests in succession to a target
• Causes a host to retain enough state for bogus half-connections such that there are no resources (memory) left to establish new legitimate connections.
46
![Page 47: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/47.jpg)
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets without replying with the ACK packet
• Finite queue size for incomplete connections
ServerCONNECTION ESTABLISHED
SYN
SYN+ACK
ACK
47
![Page 48: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/48.jpg)
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets – Does not send ACK packet
• Finite queue size for incomplete connections
Server(Victim)
Attacker
OPEN CONNECTIONS
SYN
SYN+ACK
ACK?
48
![Page 49: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/49.jpg)
Application Layer Attacks
• Scripting vulnerabilities
• Cookie poisoning
• Buffer overflow
• Hidden field manipulation
• Parameter tampering
• Cross-site scripting
• SQL injection
49
![Page 50: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/50.jpg)
Layer 7 DDoS Attack
• Traditional DoS attacks focus on L3 and L4
• On L7, a DoS attack targets applications disguised as legitimate packets
• The aim is to exhaust application resources (bandwidth, ports, protocol weakness)
• Includes:– Slowloris– RUDY (R-U-Dead Yet)
• POST request with long content length and write forms slowly
– LOIC/HOIC (Low/high orbit Ion canon)• TCP/UDP/HTTP requests (H-only HTTP with scripts)
50
![Page 51: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/51.jpg)
Layer 7 DDoS – Slowloris
• Incomplete HTTP requests– No blank line in request header (\r\n)
• Properties– Low bandwidth– Keep threads active
• Only affects threaded web servers (Apache)• Doesn’t work through load balancers
– Keepalives to reset timeout
51
![Page 52: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/52.jpg)
DNS Changer
• Anyone who controls your DNS controls what you see!
• How: – infect computers with a malicious software (malware) – This malware changes the user’s DNS settings with that of
the attacker’s DNS servers– Points the DNS configuration to DNS resolvers in specific
address blocks and use it for their criminal enterprise
52
![Page 53: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/53.jpg)
DNS Cache Poisoning
• Caching incorrect resource record that did not originate from authoritative DNS sources.
• Result: – connection (web, email, network) is redirected to another
target (controlled by the attacker)
53
![Page 54: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/54.jpg)
DNS Cache Poisoning
(pretending to be the authoritative
zone)
ns.example.comWebserver
(192.168.1.1)
DNS Caching Server
Client
I want to access www.example.com
1
QID=645712
QID=64569
QID=64570
QID=64571
www.example.com 192.168.1.1
match!
www.example.com 192.168.1.993
3
Root/GTLD
QID=64571
54
![Page 55: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/55.jpg)
Amplification Attacks
• Exploiting UDP protocol to return large amplified amounts of data– Small request, large reply
• Examples:– DNS– NTP– SMTP
55
![Page 56: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/56.jpg)
DNS Amplification Attack
• A type of reflection attack combined with amplification– Source of attack is reflected off other machine(s)– Traffic received is bigger (amplified) than the traffic sent by
the attacker
• UDP packet’s source address is spoofed
56
![Page 57: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/57.jpg)
DNS Amplification
Bots
57
Attacker
ns.example.com
Victim
Open DNS Resolvers
Root/GTLD
www.example.com 192.168.1.1
Queries (ANY) withspoofed IP - Victim’s IP
dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec
![Page 58: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/58.jpg)
NTP Amplification
• UDP 123
• NTP versions older than v4.2.7p26 vulnerable to “monlist” attack– Made easier by Open NTP servers (time.google.com)– Monlist fetches the MRU list of NTP associationsntpdc -C –n monlist <NTP-Server-IP>
• Several incidents in 2014– Use mrulist instead of monlist (requires proof)– Upgrade NTP (ntpd) server
58
![Page 59: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/59.jpg)
Wireless Attacks
• WEP (wired equivalent privacy) – first go at wireless security
• 104-bit WEP key:– 50% of the time broken with 45k packets– 95% of the time with 85k packets (in less than 60 seconds)
• Use WPA2 (wired protected access)– WPA – 256-bit key– WPA2 - AES
59
Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007
![Page 60: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/60.jpg)
Wireless Attacks- MITM
• Creates a fake access point and have clients authenticate to it instead of a legitimate one.
• Capture traffic (usernames, passwords)
60
![Page 61: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/61.jpg)
Security - Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
IEEE 802.1X, PPP & PPTP
IPsec
TLS, SSL, SSH
HTTPS, DNSSEC, PGP, SMIME
61
![Page 62: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/62.jpg)
BCP 38• Since 1998!
– https://tools.ietf.org/html/bcp38
• Only allow traffic with valid source addresses to– Leave your network (only those from your address space)– To enter your network (only from your customer’s address
space)
• uRPF verifies both source address and incoming interface with FIB entries– ip/ipv6 verify unicast reverse-path
62
![Page 63: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/63.jpg)
Link-Layer Security
• Dynamic ARP Inspection– Check IP to MAC binding
• Port Security
• 802.1X
63
![Page 64: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/64.jpg)
Transport Layer Security
• Secure Socket Layer (SSL)• Secure Shell (SSH)• SYN Cookies
– MD5 hash (source IP, source port, dest IP, dest port and ISN in SYN)
– Send in its SYN-ACK – no need for state for half-open connections in memory
64
Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1
Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies
![Page 65: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/65.jpg)
Application Layer Security
• HTTPS
• PGP (Pretty Good Privacy)
• SMIME (Secure Multipurpose Internet Mail Extensions)
• TSIG and DNSSEC
• Wireless Encryption - WEP, WPA, WPA2
65
![Page 66: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/66.jpg)
Overview
• Network SecurityFundamentals
• Threat Pragmatics
• Cryptography Basics
66
![Page 67: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/67.jpg)
Cryptography
67
• All about hiding information in plain sight!
![Page 68: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/68.jpg)
Cryptography• Cryptography deals with creating documents that
can be shared secretly over public communication channels
• Other terms closely associated– Cryptanalysis = code breaking– Cryptology
• Kryptos (hidden or secret) and Logos (description) = secret speech / communication
• combination of cryptography and cryptanalysis
• Cryptography is a function of plaintext and a cryptographic key
C = F(P,k) Notation:Plaintext (P)Ciphertext (C)Cryptographic Key (k)
68
![Page 69: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/69.jpg)
Terminology
• Cryptography : the practice and study of hiding information
• Cryptanalysis : to find some weakness or insecurity in a cryptographic scheme
• Encryption : the method of transforming data (plain text) into an unreadable format
• Plaintext - the “scrambled” format of data after being encrypted
69
![Page 70: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/70.jpg)
Cryptosystem Terminology
• Decryption : the method of turning cipher text back into plaintext
• Encryption Algorithm : a set of rules or procedures that dictates how to encrypt and decrypt data, also called encryption cipher
• Key : (cryptovariable) a value used in the encryption process to encrypt and decrypt
70
![Page 71: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/71.jpg)
Key is the key
• The key length is the measure in bits and the key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776
71
![Page 72: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/72.jpg)
• Assume everyone knows your encryption/decryption algorithm
• Security of encryption lies in the secrecy of the keys, not the algorithm! – Kerckhoff’s principle
• How do we keep them safe and secure?
72
Key is the key
![Page 73: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/73.jpg)
Work Factor
• The amount of processing power and time to break a crypto system
• No system is unbreakable
• Make it too expensive to break
73
![Page 74: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/74.jpg)
Encryption
• Scramble plaintext to ciphertext using a cryptographic key
• Used all around us– Application Layer – used in secure email, database sessions,
and messaging– Session layer – Secure Socket Layer (SSL) or Transport
Layer Security (TLS)– Network Layer –IPsec
74
![Page 75: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/75.jpg)
Encryption and Decryption
Plaintext Ciphertext Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Encryption Key Decryption Key
75
![Page 76: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/76.jpg)
Symmetric Key Algorithm
• Same key to encrypt and decrypt information– Both sender and receiver needs to know the key
• Also known as a secret-key algorithm– The key must be kept a “secret” to maintain security
• Follows the more traditional form of cryptography with key lengths ranging from 40 to 256 bits.
• Examples:– DES, 3DES, AES, RC4, RC6, Blowfish
76
![Page 77: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/77.jpg)
Same shared secret key
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
Shared Key Shared Key
Symmetric Encryption
77
![Page 78: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/78.jpg)
Symmetric Key AlgorithmSymmetric Algorithm Key SizeDES 56-bit keys
Triple DES (3DES) 112-bit and 168-bit keys
AES 128, 192, and 256-bit keys
IDEA 128-bit keys
RC2 40 and 64-bit keys
RC4 1 to 256-bit keys
RC5 0 to 2040-bit keys
RC6 128, 192, and 256-bit keys
Blowfish 32 to 448-bit keys
Note: Longer keys are more difficult to crack, but more computationally expensive.
78
![Page 79: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/79.jpg)
Asymmetric Key Algorithm
• Also called public-key cryptography
• Public-Private key pair– Encrypt with one key and decrypt with the other
• Keep private-key private• Anyone can see the public-key
• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa.
• Examples:– RSA, DSA, Diffie-Hellman, ElGamal, PKCS
79
![Page 80: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/80.jpg)
Asymmetric Encryption
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
Public Key Private Key
Different keys
80
![Page 81: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/81.jpg)
Asymmetric Key Algorithms
• RSA (512-2048 bits)– the first and still most common implementation
• DSA (512-1024)– provides capability for authentication of messages
• Diffie-Hellman (512, 1024, 2048 bits) – used for secret key exchange only
• ElGamal (512-1024)– used for key exchange (similar to DH)
81
![Page 82: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/82.jpg)
Hash Functions
• produces a condensed representation of a message
• takes an input message of arbitrary length and outputs fixed-length code– The fixed-length output is called the hash or message digest
• A form of signature that uniquely represents the data
• Uses: – Verifying file integrity – Digitally signing documents– Hashing passwords
82
![Page 83: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/83.jpg)
Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used
• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5
• Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME, IPsec) L
– SHA-256, SHA-384, SHA-512 produce longer hash values
83
![Page 84: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/84.jpg)
Digital Signature
• Encrypted hash of a message appended to the message– used to prove the identity of the sender and the integrity of
the packet
84
![Page 85: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/85.jpg)
Digital Signature Process
• Hash the data
• Encrypt the hash with the sender’s private key
• Append the signature to the data
DATA HASH SIGNATURE
MD5/SHA PRIVATE KEY
85
SIGNATURE
![Page 86: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/86.jpg)
Verification - Receiver• Hash the received data
– with the same hashing algorithm
• Decrypts the signature using the sender’s public key
• Compare the hashes– If match, the data was not modified and signed by the
sender
DATAHASH
HASH
MD5/SHA-1
86
PUBLIC KEYSIGNATURE
![Page 87: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/87.jpg)
Example
87
https://www.gpg4win.org (MSWIN) https://www.gpgtools.org (OS X)
![Page 88: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/88.jpg)
PKI / PGP Primer
• 🔑 Public Key• 🗝 Private Key
• 📝 Message
• 📝+🔑 = 🔒✉ Encrypted
• 🔒✉+🗝 = 🔓📝 Decrypted• 📝+🗝 = 🔏✉ Signed
• 🔏✉ + 🔑 = 👤 Authenticated
88
![Page 89: Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who controls your DNS controls what you see! •How: –infect computers with a malicious](https://reader033.vdocuments.us/reader033/viewer/2022041823/5e5f795bc8c31c2a8602441e/html5/thumbnails/89.jpg)
89