review for exam 3 © abdou illia – spring 2012. the elements of cryptography
TRANSCRIPT
Review For Exam 3
© Abdou Illia – Spring 2012
The Elements of Cryptography
3
Cryptography?
Traditionally, cryptography refers to The practice and the study of encryption Transforming information in order to prevent
unauthorized people to read it.
Today, cryptography goes beyond encryption/decryption to include Techniques for making sure that encrypted
messages are not modified en route Techniques for secure
identification/authentication of communication partners.
4
Your knowledge about Cryptography
Which of the following security issues is addressed by cryptographic systems?
a) Confidentiality; i.e. protection against eavesdroppingb) Authentication; i.e. assurance parties involved in a
communication are who they claim to bec) Message integrity; i.e. assurance that messages are not
altered en routed) Availability; i.e. making sure that communication systems
are not shut down by intruders.e) All of the above
5
Basic Terminology 1
Network
Plaintext“Hello”
Ciphertext “11011101”
Ciphertext “11011101”Plaintext“Hello”
DecryptionAlgorithm
Interceptor
Party A
Party B
Plaintext: original message to be sent. Could be text, audio, image, etc. Encryption/Decryption Algorithm: mathematical tool (software) used to
encrypt or decrypt Key: A string of bits used by to encrypt the plaintext or decrypt the ciphertext Ciphertext: encrypted message. Looks like a random stream of bits
+ Decryption key
EncryptionAlgorithm
+ Encryption key
HelloHello
6
Basic Terminology 2 Encryption:
Converting plaintext into ciphertext using algorithms and keys The size of the ciphertext is proportional to the size of the plaintext Ciphertext is reversible to plaintext
Symmetric Key Encryption: Same key is used both for encryption and decryption Keys are usually identical or trivially identical*
Asymmetric Key Encryption: Also called Public/Private Key Encryption Two different keys are used: one for encryption, one for decryption
Party A Party B
Party AParty B
* Trivially identical means simple transformation could lead from one key to the another.
Flexcrypt: http://www.flexcrypt.com/flexcryptfree.html
7
Your knowledge about Cryptography
1) Based on how symmetric encryption systems work, which of the following is the worst thing to happen?
a) An attacker gets a copy of the encryption and decryption algorithms
b) An attacker gets the decryption key
c) a and b are equally damaging
2) Which of the following presents more challenge for exchanging keys between partners?a) Asymmetric encryption
b) Symmetric encryption
c) A and b are equally challenging
8
Exhaustive search and Key length
Key Length in bits Number of possible keys (2key length in bits)
1 2
2 4
4 16
8 256
16 65536
56 72057594037927900
112 5192296858534830000000000000000000 or 5.1923E+33
168 3.74144E+50
256 1.15792E+77
512 1.3408E+154
Attacker could use the right algorithm and do an exhaustive search (i.e. try all possible keys) in order to decrypt the ciphertext
Most attacks require the capture of large amount of ciphertext Every additional bit in the length of the key doubles the search time
9
Your knowledge about Cryptography
4) If you increase the key length from 56 bits to 66 bits. How much more key combinations an attacker who captures enough ciphertext will have to try in order to decipher the captured ciphertext using the appropriate algorithm?
_______________________________________
5) Assuming that it takes 7 days to try all possible combinations of a 56 bit key, how much time it would take to try all possible combinations when the key length is increased to 58 bits?
________________
10
Weak vs. Strong Keys Symmetric Key Encryption
Usually used for customer e-business Keys with lengths of less than 100 bits are considered weak
today. Keys with lengths of more than 100 bits are considered
strong today.
Asymmetric Key Encryption Usually used for B2B financial e-business Key pairs must be much longer (1024 bits and more)
because of the disastrous consequences of breaking the decryption key Key Length in bits Number of possible keys (2key length in bits)
1 2
2 4
16 65536
56 72057594037927900
112 5192296858534830000000000000000000 or 5.1923E+33
168 3.74144E+50
256 1.15792E+77
512 1.3408E+154
11
Your knowledge about Cryptography
6) Most attacks require the capture of large amount of ciphertext, which can take a certain amount of time. Beside using strong keys what else can be done to make it harder to crack the key?
Symmetric Key Encryption
13
Symmetric Key Encryption methods Two categories of methods
Stream cipher: algorithm operates on individual bits (or bytes); one at a time Block cipher: operates on fixed-length groups of bits called blocks
Only a few symmetric methods are used today
Methods Year approved Comments
Data Encryption Standard - DES 1977 1998: Electronic Frontier Foundation’s Deep Crack breaks a DES key in 56 hours
DES-Cipher Block Chaining
Triple DES – TDES or 3DES 1999
Advanced Encryption Standard – AES 2001 Its versions among the most used today
Other symmetric encryption methods
IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish
14
Data Encryption Standard (DES)
DES EncryptionProcess
64-Bit CiphertextBlock
64-Bit DES Symmetric Key(56 bits + 8 redundant bits)64-Bit Plaintext
Block
DES is a block encryption method, i.e. uses block cipher DES uses a 64 bit key; actually 56 bits + 8 bits computable
from the other 56 bits Problem: same input plaintext gives same output ciphertext
15
DES-Cipher Block Chaining
First64-Bit Plaintext Block
DES EncryptionProcess
Second64-Bit Plaintext Block
First64-Bit Ciphertext Block
InitializationVector (IV)
DES EncryptionProcess
Second64-Bit Ciphertext Block
DES Key
DES Key
DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder
An 64-bit initialization vector is used for first block
16
Triple DES (3DES)
Sender Receiver
Encrypts original plaintext with the1st key
Decrypts ciphertext withthe 3d key
Decrypts output of firststep with the 2nd key
Encrypts output of thefirst step with the 2nd key
Encrypts output of secondstep with the 3d key; givesthe ciphertext to be sent
Decrypts output of secondstep with the 1st key; givesthe original plaintext
168-Bit Encryption with Three 56-Bit Keys
1st
2nd
3rd
3rd
2nd
1st
17
Triple DES (3DES)
Sender Receiver
Encrypts plaintext with the1st key
Decrypts ciphertext withthe 1st key
Decrypts output with the 2nd key
Encrypts output with the2nd key
Encrypts output with the1st key
Decrypts output with the1st key
112-Bit Encryption With Two 56-Bit Keys
1st
2nd
1st
1st
2nd
1st
18
Your knowledge about Cryptography
7) Based on the way DES and 3DES work, which of the following is true?a) 3DES requires more processing time than DES
b) Compared 3DES, DES requires more RAM
c) Both a and b
8) Given the increasing use of hand-held devices, 3DES will be more practical than DES.
a) True
b) False
19
Advanced Encryption Standard - AES
Developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau of the names of the inventors
Offers key lengths of 128 bit, 192 bit, and 256 bit Efficient in terms of processing power and RAM
requirements compared to 3DES Can be used on a wide variety of devices including:
Cellular phones PDAs Etc.
Asymmetric Key Encryption
21
Public Key Encryption For confidentiality
Party A Party BDecrypt with
Party A’s Private KeyEncrypt with
Party A’s Public Key
Encrypt withParty B’s Public Key
Decrypt withParty B’s Private Key
EncryptedMessage
EncryptedMessage
Each Party uses other party’s public key for encryption Each Party uses own private key for decryption No need to exchange private key, but key needs to be very
strong (512+ bit. Most today’s key are at least 1024 bit)
22
Public Key Encryption methods
Asymmetric encryption methods are used both for Encryption in order to provide confidentiality Digital signature in order to provide partners’ authentication
Methods Year proposed Comments
RSA by Ron Rivest, Adi Shamir, and Leonard Adleman
1977 1995: First attack in lab conditions was reported
Elliptic Curve Cryptosystem - ECC 1985 Becoming widely used
Other symmetric encryption methods:
Dieffe-Hellman, El-Gamal
23
Basic Terminology 3 Hashing:
Mathematical process for converting inputs into fixed-length outputs Hash function:
Algorithm that does the hashing. Uses an input + a shared secret or password. Example: Message Digest 5 (MD5), Secure Hash Algorithm (SHA).
Hash: Fixed-length output of the hashing
24
Encryption Versus Hashing
Encryption
Uses a key as aninput to an encryption method
Output is similar inlength to input
Reversible; ciphertextcan be decryptedback to plaintext
Use of Key
Length of Result
Reversibility
Hashing
Password is usually addedto text; the two arecombined, and thecombination is hashed
Output is of a fixedshort length, regardless of input
One-way function; hashcannot be “de-hashed” back to the original string
MD5 (Message-Digest algorithm 5)
A widely used cryptographic hash function used to hash inputs (typed texts or files) in order to generate hash values (called checksums, message digest, or output)
An MD5 hash value is typically expressed as a 16-hexadecimal number like 912df11644fccac439b6fc5f80af5cdb
Each hex number is 8 bits MD5 generates a 128-bit hash value regardless of the
input length. Commonly used to check the integrity of files like
downloaded software programs
25
SHA1 (Secure Hash Algorithm 1)
A widely used cryptographic hash function used to hash inputs (typed texts or files) in order to generate hash values (called checksums, message digest, or output)
A SHA1 hash value is typically expressed as a 20-hexadecimal number like 79054025255fb1a26e4bc422aef54eb4
SHA1 generates a 160-bit hash value regardless of the input length
Commonly used to check the integrity of files like downloaded software programs
26
Application Security: General apps &Web service
28
Applications and Buffer Overflow
Buffer Overflow is the biggest issue in application coding
Buffer overflow leads to Buffer Overflow Attacks
Buffers are RAM areas where data is stored temporarily
If an attacker sends more data than the programmer had allocated to a buffer, a buffer might overflow, overwriting an adjacent section of RAM
RAMBuffer1 Buffer2
Buffer7Buffer3 Buffer4 Buffer6Buffer5
29
Buffer Overflow Attack
Occurs when ill-written programs allow data destined to a memory buffer to overwrite instructions in adjacent memory register that contains instructions.
If the data contains malware, the malware could run and creates a DoS
Example of input data: ABCDEF LET JOHN IN WITHOUT PASSWORD
29
Buffer Instructions
1 2 3 4 5 6
Run Program
Accept input
Buffer Instructions
1 2 3 4 5 6
A B C D E F LET JOHN IN WITHOUT PASSWORD
Run Program
Accept input
30
Stack entry: data buffer & Return address registry
Stack Entry and Buffer Overflow
ReturnAddress
1. Write ReturnAddress
2. Add Datato Buffer
Data Buffer5. Start of
Attacker data
3. Direction ofData Writing
4. OverwriteReturn Address
When a program must put one subprogram on hold to call another, it writes the return address in RAM areas called stack entries
The called subprogram may add data to the buffer to the point it overwrites the return address
If the added buffer data is Attack code, this will be a buffer overflow attack
http://www.metacafe.com/watch/1452134/buffer_overflow_attacks_explained_with_beer/
31
Preventing Buffer Overflow Use Language tools that provide automatic bounds checking
such as Perl, Python, and Java instead lower level language (C, C++, Assembly, etc). However, this is usually not possible or practical because
almost all modern OS are written in the C language. Eliminate The Use Of Flawed Library Functions like gets(),
strcpy, and strcmp that fail to check the length or bounds of their arguments.
Design And Build Security Within Code
Use Source Code Scanning Tools. Example: PurifyPlus Software Suite can perform a
dynamic analysis of Java, C, or C++ source code.
// replace le following line
Strcpy (buffer2, strng2);
// by
Strcpy (buffer2, string2, 8)
For instance, this simple change informs strcpy() that it only has an eight byte destination buffer and that it must discontinue raw
copy at eight bytes.
32
Web service security
33
Webservice & E-Commerce apps
Web applications could be the target of many types of attacks like: Directory browsing
Traversal attacks
Web defacement
Using HTTP proxy to manipulate interaction between client and server
IIS IPP Buffer Overflow
Browser attacks
Time configuration
34
Web sites’ directory browsing
If Directory Browsing is disabled on a web server: User cannot get access to list of files in the directory by
knowing or guessing directory names
35
Directory browsing
If Directory Browsing enabled on a web server: User can get access to the list of files in the directory by
knowing or guessing directory names
36
Traversal Attack
Normally, paths start at the WWW root directory
Adding ../ (Windows) or ..\ (Unix) in an HTTP request might take the attacker up a level, out of the WWW root directory.
Example: http://website.com ../../
Example: http://castle.eiu.edu/~a_illia/BUS3500/Brief/Case1/../
If attacker traverses to Command Prompt directory in Windows 2000 or NT, he can execute any command with system privileges
37
IIS IPP Buffer Overflow
The Internet Printing Protocol (IPP) service included in IIS 5.0 and earlier versions is vulnerable to buffer overflow and traversal attacks
The jill.c program was developed to launch the attack using:
GET NULL.printer HTTP/1.0
Host: 420-byte jill.c code to launch the command shell
IIS server responds launching the command shell (C:\WINNT\SYSTEM32\>) giving the attacker SYSTEM privileges.
38
Browser Attacks
Malicious links User must click on them to execute (but not
always)
Common file extensions are hidden by default in some operating systems.
attack.txt.exe seems to be attack.txt
39
Browser Attacks (Cont.) Common Attacks
Redirection to unwanted webpage Scripts might change the registry, home page Some scripts might “trojanize” your DNS error-
handling routine when you mistype a URL Pop-up windows Web bugs; i.e. links that are nearly invisible,
can be used to track users at a website
Domain names that are common misspellings of popular domain names
Microsoff.com, www.whitehouse.com (a porn site)
40
Host Hardening
Computer Hardware & Software
Computer Hardware
Operating System
Web service software (IIS, Apache, ...)Web browser
Productivity Software
Client & server
application programs
Your knowledge about Host hardening
Which of the following is most likely to make a computer system unable to perform any kind of work or provide any service?
a) Client application programs get hacked
b) Server application programs (web service software, database service, network service, etc.) get hacked
c) The operating system get hacked
d) The connection to the network/Internet get shut down
OS market share
OS Vulnerability test2010 by omnired.com
OS tested: Win XP, Win Server 2003, Win Vista Ultimate, Mac OS Classic, OS X 10.4 Server, OS X 10.4 Tiger FreeBSD 6.2, Solaris 10, Fedora Core 6, Slackware 11.0, Suse Enterprise
10, Ubuntu 6.10 Tools used to test vulnerabilities:
Scanning tools (Track, Nessus) Network mapping (Nmap command) All host with OS installation defaults
Results Microsoft's Windows and Apple's OS X are ripe with remotely accessible
vulnerabilities and allow for executing malicious code The UNIX and Linux variants present a much more robust exterior to the
outside Once patched, however, both Windows and Apple’s OS are secure.
Your knowledge about Host hardening
You performed an Out-of-the-box installation of Windows XP and Linux FreeBSD 6.2 on two different computers. Which computer is more likely to be secure ?
a) Windows XPb) Linux FreeBSD 6.2c) They will have the same level of security
What needs to be done, first, in order to prevent a hacker from taking over a server with OS installation defaults that has to be connected to the Internet?
a) Lock the server roomb) Configure the firewall to deny all inbound traffic to the serverc) Download and install patches for known vulnerabilities
Security Baseline
Because it’s easy to overlook something in the hardening process, businesses need to adopt a standard hardening methodology: standard security baseline
Need to have different security baseline for different kind of host; i.e. Different security baselines for different OS and
versions Different security baselines for different types of server
applications (web service, email service, etc.) Different security baselines for different types of client
applications.
Options for Security Baselines
Organization could use different standards OS vendors’ baselines and tools
e.g. Follow MS Installation procedure and use Microsoft Baseline Security Analyzer (MBSA)
Standards Agencies baselines e.g. CobiT* Security Baseline
Company’s own security baselines Security Baseline to be implemented by
Server administrators known as systems admin
* Control Objectives for Information and Related Technology
Elements of Hardening
Physical security Secure installation and configuration Fix known vulnerabilities Remove/Turn off unnecessary services (applications) Harden all remaining applications Manage users and groups Manage access permissions
For individual files and directories, assign access permissions to specific users and groups
Back up the server regularly Advanced protections
According to
baseline
Example of Security Baseline for Win XP Clients OS Installation
Create a single partition on HDD Format disk using NTFS file system Install Win XP and Service Pack 3
Fixing OS vulnerabilities Download and install latest patches Turn on Windows’ Automatic Updates checking
Configure Windows Firewall Block incoming connections except KeyAccess and Remote
Assistance Turn off unnecessary services
Turn off Alerter, Network Dynamic Data Exchange, telnet Application Installation
Centrally assign applications using group policies Fixing applications’ vulnerabilities
Turn on each application’s automatic update checking
Hardening servers The 5 ‘P’ s of security and compliance: Proper Planning Prevents Poor
Performance Plan the installation
Identify The purpose of the server. Example: provides easy & fast access to Internet
services The services provided on the server Network service software (client and server) The users or types of users of the server
Determine Privileges for each category of users If and how users will authenticate How appropriate access rights will be enforced Which OS and server applications meet the requirements The security baseline(s) for installation & deployment
Install, configure, and secure the OS according to the security baseline Install, configure, and secure server software according to sec. baseline Test the security Add network defences Monitor and Maintain
Hardening servers (cont.)
Choose the OS that provides the following: Ability to restrict admin access (Administrator vs. Administrators) Granular control of data access Ability to disable services Ability to control executables Ability to log activities Host-based firewall Support for strong authentication and encryption
Disable or remove unnecessary services or applications If no longer needed, remove rather than disable to prevent re-enabling Additional services increases the attack vector More services can increase host load and decrease performance Reducing services reduces logs and makes detection of intrusion easier
Hardening servers (cont.)
Configure user authentication Remove or disable unnecessary accounts
(e.g. Guest account) Change names and passwords for default accounts Disable inactive accounts Assign rights to groups not individual users Don't permit shared accounts if possible Configure time sync Enforce appropriate password policy Use 2-factor authentication when necessary Always use encrypted authentication
UNIX / Linux Hardening
Many versions of UNIX No standards guideline for hardening
User can select the user interface Graphic User Interface (GUI) Command-Line Interfaces (CLIs) or shells
CLIs are case-sensitive with commands in lowercase except for file names
UNIX / Linux Hardening
Three ways to start services
Start a service manually (a) through the GUI, (b) by typing its name in the CLI, or (c) by executing a batch file that does so
Using the inetd program to start services when requests come in from users
Using the rc scripts to start services automatically at boot up
Inetd = Internet daemon; i.e. a computer program that runs in the background
UNIX / Linux Hardening
Program A
Program B
Program C
Program D
inetd
Port 23 Program APort 80 Program BPort 123 Program CPort 1510 Program D
1. Client RequestTo Port 123
4. Start and Process
This Request
3. Program C 2. Port 123
/etc/inetd.config
Starting services upon client requests Services not frequently used are dormant Requests do not go directly to the service Requests are sent to the inetd program which is started at server boot up
UNIX / Linux Hardening
Turning On/Off unnecessary Services In UNIX
Identifying services running at any moment
ps command (process status), usually with –aux parameters, lists running programs
Shows process name and process ID (PID)
netstat tells what services are running on what ports
Turning Off Services In UNIX kill PID command is used to kill a particular process
kill 47 (If PID=47)
Advanced Server Hardening Techniques
File Integrity Checker
Creates snapshot of files: a hashed signature (message digest) for each file
After an attack, compares post-hack signature with snapshot
This allows systems administrator to determine which files were changed
Tripwire is a file integrity checker for Linux/UNIX, Windows, etc.: www.tripwire.com (ftp://coast.cs.purdue.edu/pub/tools/unix)
Advanced Server Hardening Techniques
File 1File 2…Other Files inPolicy List
File 1File 2…Other Files inPolicy List
File 1 SignatureFile 2 Signature……
File 1 SignatureFile 2 Signature……
Tripwire
Tripwire
1.EarlierTime
2.After
Attack
Post-Attack Signatures
3. Comparison to Find Changed Files
Reference Base
File Integrity problem: many files change for legitimate reasons. So it is difficult to know which ones the attacker changed.
Other types of host that can be Hardened Internetwork Operating System (IOS)
For Cisco Routers, Some Switches, Firewalls Even cable modems with web-based
management interfaces
59
Which of the following is true about Application Security? If a server application (or service) is no longer needed, it
should be turned off Fewer applications on a computer, fewer attack
opportunities Use good security baselines to install and configure apps Do not install application centrally using group policies Add application layer authentication by requiring users to
provide credentials to run application programs Implement cryptographic authentication for sensitive
apps If a server application (or service) is no longer needed, it
should be removed Do not turn on each applications’ automatic update checking