Cryptography

Terminology Algorithm Ciphertext Plaintext or cleartext Nonrepudiation Mathematical rules used for encryption and decryption Ciphertext Data in encrypted format Plaintext or cleartext Data in readable format Nonrepudiation Sender cannot deny sending the message, receiver cannot deny receiving it

Cryptosystem Encipher Decipher Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext Cryptanalysis Practice of obtaining plaintext from ciphertext without a key Encipher Act of converting plaintext to ciphertext Decipher Act of converting ciphertext to plaintext

Key Key Clustering Keyspace Work factor Sequence of bits and instructions that governs the act of encryption and decryption Key Clustering Instance when two different keys generate the same ciphertext from the same plaintext Keyspace Possible values used to construct keys Work factor Estimated time, effort, and resources necessary to break a cryptosystem

Strength of Cryptosystems Strength refers to the work factor to break an encryption algorithm or key Strength increases by: Using a large keyspace Using a large key length Making sure the key is not predictable (truly random) Using a mathematically thorough and complex algorithm

Cipher Types Substitution cipher Transposition cipher Replaces bit, bytes, or blocks of characters with different values Transposition cipher Rearranges bits, bytes, or blocks of characters Both are vulnerable to frequency analysis Certain words occur more frequently than others (the, a, and) so there will be patterns in the ciphertext

Concealment cipher Ciphertext is hidden in another message or file Steganography Act of hiding messages in graphic images Least significant bit in each byte is replaced with message without degrading the image enough to be detected Messages can also be hidden in sound files and in media slack space, free space, or clusters marked bad

U.S. Government & Crypto National Security Agency (NSA) conducts research and regulates encryption algorithms NSA funded research has yielded most of the encryption techniques we use today NSA supports key escrows, where private key is held by a separate entity and available to law enforcement Fair cryptosystems go one step further and break the private key into 2 or more pieces that are held by multiple entities

Encryption Methods Symmetric cryptography Both parties use the same secret key for encryption and decryption Strengths Very fast Hard to break with large key size Weaknesses Secure exchange of secret keys is difficult Difficulty of managing many keys limits scalability Provides confidentiality, but not authenticity or nonrepudiation

Asymmetric cryptography Message is encrypted using one key and decrypted using a different key (one way function) Used in public key cryptography, one key held by a person is called the private key, one widely known key is called the public key Can insure confidentiality Sender encrypts message using receivers public key (Secure Message Format) Can provide authentication (digital signature) Sender encrypts message using their own private key (Open Message Format) Can provide confidentiality and authentication Sender encrypts message using their own private key then encrypts the ciphertext using the receivers public key (Secure and Signed Format) Weaknesses Much slower than symmetrical systems

Symmetric Cipher Types Block cipher Message is divided into blocks of bits Blocks go through mathematical substitution and/or transposition algorithms Stream cipher Each bit or byte is transformed individually using keystream data The same plaintext bit or byte will yield a different cyphertext bit or byte

Symmetric Cryptosystems Data Encryption Standard (DES) 56-bit key Considered weak Triple-DES (3DES) 168-bit key 256 time stronger than DES Modes Electronic Code Book (ECB) Mode Block cipher method where a given plaintext block will always yield the same ciphertext Incorporates padding to make sure blocks are of a specific size Cipher Block Chaining (CBC) Mode Block cipher method algorithm utilizes a value from the previous block so that different ciphertext is produced for an identical plaintext block Cipher Feedback (CFB) Mode Block cipher where previous data block is combined with the next block Output Feedback (OFB) Mode Similar to CFB mode except It is working as a stream cipher

Advanced Encryption Standard (AES) NSA replacement for 3DES to protect sensitive unclassified data Rijndael Algorithm (developed by Daemon & Rijmen) 128-bit, 192-bit, 256-bit keys International Data Encryption Algorithm (IDEA) 128-bit key Similar to DES but much stronger Not an open standard (costs $ to use) Blowfish Variable key length to 448-bit RC5 Variable key length to 2048-bit

Asymmetric Cryptosystems RSA Most popular asymmetric system Used in SSL and PGP El Gamal Elliptical Curve Cryptosystem (ECC) Similar to RSA, but takes less computing power for encryption

Hybrid Cryptosystem - PKI Public Key Infrastructure (PKI) All crypto components necessary to support confidentiality, nonrepudiation, and integrity among dispersed groups of users Defined by the X.509 ISO Standard SSL uses PKI Random session key is created by sender (by browser in SSL protocol) Sender encrypts message with session key (with SSL, session key will be used to encrypt all traffic between the server and the browser) Sender encrypts session key with receivers public key Public key is provided to sender by a trusted Certificate Authority (CA) The CA has verified the identity of the key holder and has bound an identifying certificate to the key Sender transmits message ciphertext and session key ciphertext Receiver decrypts session key ciphertext using private key (nonrepudiation, integrity) Receiver decrypts message using session key (confidentiality)

Hashes Known one-way function that takes a variable length string and creates a fixed length hash value Identical string yields exactly the same hash value No other string will yield an identical hash value Hash value is also called a message digest Used to create a fingerprint of a message or file MD2, MD4, MD5 128-bit hash value Secure Hash Algorithm (SHA) 160-bit hash value

Digital Signatures An encrypted hash value Message has a one-way hash run on it Hash value is encrypted using senders private key Message and encrypted hash value (digital signature) is transmitted Receiver runs same one-way hash function on message Receiver decrypts transmitted digital signature using senders public key and compares it to the receiver generated hash value If they agree, message has not been modified (integrity) and was sent by private key holder (authentication) If the whole message is encrypted, confidentiality is achieved SHA is commonly used for digital signatures

Communications Encryption Link encryption All data, headers, trailers, routing data are encrypted between two points Packets are decrypted at each hop Advantages Works without user intervention All data is encrypted Disadvantages More points of vulnerability Key distribution is a challenge End-to-end encryption Data is encrypted, headers, trailers, routing data is not Data is only decrypted at the destination Advantages Keys only need to be shared at origin and destination Data stays encrypted from start to finish Disadvantages Headers and routing data are readable Origin and destination must agree on encryption

E-mail Security Privacy-Enhanced Mail (PEM) Pretty Good Privacy (PGP) Internet standard for protecting email Message is DES encrypted Authenticated using MD5 Key management using RSA X.509 standard (PKI) used for key distribution Pretty Good Privacy (PGP) Widely used email cryptosystem Public keys are distributed using “web of trust” model – users sign others public keys and distribute them or user accepts public key directly from a trusted sender List of public keys are called key ring

Web Security Secure Sockets Layer (SSL) HTTPS Protects the entire communication channel between the browser and the server SSL can be used for other communication protocols like FTP or SMTP HTTPS SSL over HTTP

Remote Terminal Security Secure Shell (SSH) Creates an encrypted tunnel between two computers Provides authentication and confidentiality Includes a built-in key sharing mechanism Commonly used with unix, routers, switches Popular Windows clients: PuTTY SecureCRT

Attacks Man-in-the-Middle Attack Dictionary Attack Replay Attack Attacker inserts himself in the middle of a secure communications path and intercepts all communications. Sender believes they are communicating with the receiver when they are actually communicating with the attacker, and the attacker is communicated with the receiver. Dictionary Attack Passwords are commonly stored as one-way hash values Attacker can one-way hash an entire dictionary of words and compare the hash values to the hashed passwords, likely finding at least one match Replay Attack Attacker captures transmitted encrypted credentials and sends those same strings to the server at a later time to impersonate the user

Homework Read chapter 9 Visit the www.sans.org reading room. Select and read 4 articles of your choice (I recommend you look for ones that will help you do your security audit group project). Write a one paragraph summary of each article and include the URL of each document.