Review For Exam 3 © Abdou Illia – Spring 2013

The Elements of Cryptography

3 Cryptography? Traditionally, cryptography refers to The practice and the study of encryption Transforming information in order to prevent unauthorized people to read it. Today, cryptography goes beyond encryption/decryption to include Techniques for making sure that encrypted messages are not modified en route Techniques for secure identification/authentication of communication partners.

4 Your knowledge about Cryptography 1) Which of the following do cryptographic systems protect? a) Data stored on local storage media (like hard drives) from access by unauthorized users. b) Data being transmitted from point A to point B in a network c) Both a and b

5 Your knowledge about Cryptography 2) Which of the following security issues is addressed by cryptographic systems? a) Confidentiality; i.e. protection against eavesdropping b) Authentication; i.e. assurance parties involved in a communication are who they claim to be c) Message integrity; i.e. assurance that messages are not altered en route d) Availability; i.e. making sure that communication systems are not shut down by intruders. e) All of the above

6 Basic Terminology 1 Network Plaintext “Hello” Ciphertext “ ” Plaintext “Hello” Decryption Algorithm Interceptor Party A Party B Plaintext: original message to be sent. Could be text, audio, image, etc. Encryption/Decryption Algorithm: mathematical tool (software) used to encrypt or decrypt Key: A string of bits used by to encrypt the plaintext or decrypt the ciphertext Ciphertext: encrypted message. Looks like a random stream of bits + Decryption key Encryption Algorithm + Encryption key

7 Basic Terminology 2 Encryption: Converting plaintext into ciphertext using algorithms and keys The size of the ciphertext is proportional to the size of the plaintext Ciphertext is reversible to plaintext Symmetric Key Encryption: Same key is used both for encryption and decryption Keys are usually identical or trivially identical* Asymmetric Key Encryption: Also called Public/Private Key Encryption Two different keys are used: one for encryption, one for decryption Party A Party B Party A Party B * Trivially identical means simple transformation could lead from one key to the another. Flexcrypt:

8 Your knowledge about Cryptography 3) Based on how symmetric encryption systems work, which of the following is the worst thing to happen? a) An attacker gets a copy of the encryption and decryption algorithms b) An attacker gets the decryption key c) a and b are equally damaging 4) Which of the following presents more challenge for exchanging keys between partners? a) Asymmetric encryption b) Symmetric encryption c) A and b are equally challenging

9 Exhaustive search and Key length Key Length in bitsNumber of possible keys (2 key length in bits ) or E E E E+154 Attacker could use the right algorithm and do an exhaustive search (i.e. try all possible keys) in order to decrypt the ciphertext Most attacks require the capture of large amount of ciphertext Every additional bit in the length of the key doubles the search time Every additional bit in the length of the key doubles the requirements in terms of minimum processor’s speed to crack the key.

10 Your knowledge about Cryptography 4)If you increase the key length from 56 bits to 66 bits. How much more key combinations an attacker who captures enough ciphertext will have to try in order to decipher the captured ciphertext using the appropriate algorithm? _______________________________________ 5)Assuming that it takes 7 days to try all possible combinations of a 56 bit key, how much time it would take to try all possible combinations when the key length is increased to 58 bits? ________________

11 Weak vs. Strong Keys Symmetric Key Encryption Usually used for customer e-business Keys with lengths of less than 100 bits are considered weak today. Keys with lengths of more than 100 bits are considered strong today. Asymmetric Key Encryption Usually used for B2B financial e-business Key pairs must be much longer (512 bit and more) because of the disastrous consequences of breaking the decryption key Key Length in bits Number of possible keys ( 2 key length in bits ) or E E E E+154

12 Your knowledge about Cryptography 6)Most attacks require the capture of large amount of ciphertext, which can take a certain amount of time. Beside using strong keys what else can be done to make it harder to crack the key? Answer: change the key very often

Symmetric Key Encryption

14 Symmetric Key Encryption methods Two categories of methods Stream cipher: algorithm operates on individual bits (or bytes); one at a time Block cipher: operates on fixed-length groups of bits called blocks Only a few symmetric methods are used today MethodsYear approvedComments Data Encryption Standard - DES : Electronic Frontier Foundation’s Deep Crack breaks a DES key in 56 hours DES-Cipher Block Chaining Triple DES – TDES or 3DES1999 Advanced Encryption Standard – AES2001Its versions among the most used today Other symmetric encryption methods IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish

15 Data Encryption Standard (DES) DES Encryption Process 64-Bit Ciphertext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) 64-Bit Plaintext Block DES is a block encryption method, i.e. uses block cipher DES uses a 64 bit key; actually 56 bits + 8 bits computable from the other 56 bits Problem: same input plaintext gives same output ciphertext

16 DES-Cipher Block Chaining First 64-Bit Plaintext Block DES Encryption Process Second 64-Bit Plaintext Block First 64-Bit Ciphertext Block Initialization Vector (IV) DES Encryption Process Second 64-Bit Ciphertext Block DES Key DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder An 64-bit initialization vector is used for first block

17 Triple DES (3DES) SenderReceiver Encrypts original plaintext with the 1 st key Decrypts ciphertext with the 3d key Decrypts output of first step with the 2 nd key Encrypts output of the first step with the 2 nd key Encrypts output of second step with the 3d key; gives the ciphertext to be sent Decrypts output of second step with the 1 st key; gives the original plaintext 168-Bit Encryption with Three 56-Bit Keys 1st 2nd 3rd 2nd 1st

18 Triple DES (3DES) SenderReceiver Encrypts plaintext with the 1 st key Decrypts ciphertext with the 1 st key Decrypts output with the 2 nd key Encrypts output with the 2 nd key Encrypts output with the 1 st key Decrypts output with the 1 st key 112-Bit Encryption With Two 56-Bit Keys 1st 2nd 1st 2nd 1st

19 Your knowledge about Cryptography 7) Based on the way DES and 3DES work, which of the following is true? a) 3DES requires more processing time than DES b) Compared 3DES, DES requires more RAM c) Both a and b 8) Given the increasing use of hand-held devices, 3DES will be more practical than DES. a)True b)False

20 Advanced Encryption Standard - AES Developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau of the names of the inventors Offers key lengths of 128 bit, 192 bit, and 256 bit Efficient in terms of processing power and RAM requirements compared to 3DES Can be used on a wide variety of devices including Cellular phones PDAs Etc.

Asymmetric Key Encryption

22 Public Key Encryption For confidentiality Party A Party B Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Encrypted Message Encrypted Message Each Party uses other party’s public key for encryption Each Party uses own private key for decryption No need to exchange private key, but key needs to be very strong (512+ bit)

23 Public Key Encryption methods Asymmetric encryption methods are used both for Encryption in order to provide confidentiality Digital signature in order to provide partners’ authentication MethodsYear proposedComments RSA by Ron Rivest, Adi Shamir, and Leonard Adleman : First attack in lab conditions was reported Elliptic Curve Cryptosystem - ECC1985Becoming widely used Other symmetric encryption methods: Dieffe-Hellman, El-Gamal

24 Basic Terminology 3 Hashing: Mathematical process for converting inputs into fixed-length outputs Hash function: Algorithm that does the hashing. Uses an input + a shared secret or password. Example: MD5, Secure Hash Algorithm. Hash: Fixed-length output of the hashing

25 Encryption Versus Hashing Encryption Uses a key as an input to an encryption method Output is similar in length to input Reversible; ciphertext can be decrypted back to plaintext Use of Key Length of Result Reversibility Hashing Password is usually added to text; the two are combined, and the combination is hashed Output is of a fixed short length, regardless of input One-way function; hash cannot be “de-hashed” back to the original string

26 Hashing & Public Key for authentication Asymmetric Key Encryption is also used for authentication Usually used along with hashing ConfidentialityAuthentication Public Key Encryption Sender encrypts with receiver’s public key. Receiver decrypts with the receiver’s own private key. Sender (supplicant) encrypts with own private key. Receiver (verifier) decrypts with the public key of the true party, usually obtained from a Certificate Authority. HashingUsed in MS-CHAP for initial authentication and in HMACs for message-by-message authentication Hashing and Public Key for authentication very used in cryptographic systems like SSL/TLS or IPSec

27 Cryptographic Systems Packaged set of cryptographic countermeasures used for protecting dialogues Example: Secure Socket Layer/Transport Layer Security – SSL/TLS used in secured webservice Each cryptographic system includes a variety of security standards (algorithms, hashing methods, security parameters) that comm. partners needs to “agree” on. Typical Process: Handshaking stages Ongoing communication stage: Message-by-Message authentication

28 Cryptographic Systems (cont.) Packaged set of cryptographic countermeasures used for protecting dialogues

29 MS-CHAP * Hashing for Authentication * Microsoft’s version of Challenge Handshake Authentication Protocol CHAP is an authentication hashing scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients 1)After the completion of the link establishment phase, the server sends a "challenge" message to the client. 2)The client responds with a value calculated using a one-way hash function, such as an MD5 or SHA (Secure Hash Algorithm). 3)The server checks the response against its own calculation of the expected hash value. If the values match, the server acknowledges the authentication; otherwise it should terminate the connection. 4)At random intervals the server sends a new challenge to the peer and repeats steps 1 through 3. Shared secret

MD5 (M essage -D igest algorithm 5) A widely used cryptographic hash function used to hash inputs (typed texts or files) in order to generate hash values (called checksums, message digest, or output) An MD5 hash value is typically expressed as a 16- hexadecimal number like 912df11644fccac439b6fc5f80af5cdb Each hex number is 8 bits MD5 generates a 128-bit hash value regardless of the input length. Commonly used to check the integrity of files like downloaded software programs 30

SHA1 (Secure Hash Algorithm 1) A widely used cryptographic hash function used to hash inputs (typed texts or files) in order to generate hash values (called checksums, message digest, or output) A SHA1 hash value is typically expressed as a 20-hexadecimal number like fb1a26e4bc422aef54eb4 SHA1 generates a 160-bit hash value regardless of the input length Commonly used to check the integrity of files like downloaded software programs 31

Application Security: General apps &Web service

33 General Applications Security Issues

34 Which of the following is true about Application Security? A. If a server application (or service) is no longer needed, it should be turned off B. Fewer applications on a computer means fewer attack opportunities C. Use good security baselines to install and configure apps D. Do not install application centrally using group policies E. Add application layer authentication by requiring users to provide credentials to run application programs F. Implement cryptographic authentication for sensitive apps G. If a server application (or service) is no longer needed, it should be removed H. Do not turn on each applications’ automatic update checking

35 Applications and Buffer Overflow Buffers are RAM areas where data is stored temporarily Buffer overflow occurs when data spill from one buffer to the next Buffer Overflow is the biggest issue in application coding If an attacker sends more data than the programmer had allocated to a buffer, a buffer might overflow, overwriting an adjacent section of RAM  Buffer overflow attacks RAM Buffer1Buffer2 Buffer7Buffer3Buffer4Buffer6Buffer5 OUTDOOR

36 Buffer Overflow Attack Occurs when ill-written programs allow data destined to a memory buffer to overwrite instructions in adjacent memory register that contains instructions. If the data contain malware, the malware could run and creates a DoS Example of input data: ABCDEF LET JOHN IN WITHOUT PASSWORD 36 BufferInstructions Print Run Program Accept input BufferInstructions ABCDEFLET JOHN IN WITHOUT PASSWORD Run Program Accept input

37 Preventing Buffer Overflow Use Languages/tools that provide automatic bounds checking such as Perl, Python, and Java instead lower level language (C or Assembly, etc). However, this is usually not possible or practical because almost all modern OS are written in the C language. Eliminate The Use Of Flawed Library Functions like gets(), strcpy, and strcmp that fail to check the length or bounds of their arguments. Design And Build Security Within Code Use Source Code Scanning Tools. Example: PurifyPlus Software Suite can perform a dynamic analysis of Java, C, or C++ source code. // replace le following line strcpy (buffer2, strng2); // by strcpy (buffer2, string2, 8) For instance, this simple change informs strcpy() that it only has an eight byte destination buffer and that it must discontinue raw copy at eight bytes. Key Principle: Never Trust User Input

38 Web service security

39 Webservice & E-Commerce apps Web applications could be the target of many types of attacks like: Directory browsing Traversal attacks Web defacement Using HTTP proxy to manipulate interaction between client and server IIS IPP Buffer Overflow Browser attacks Time configuration

40 Web sites’ directory browsing Web server with Directory Browsing disabled User cannot get access to list of files in the directory by knowing or guessing directory names

41 Web site with directory browsing Web server with Directory Browsing enabled User can get access to the list of files in the directory by knowing or guessing directory names

42 Traversal Attack Normally, paths start at the WWW root directory Adding../ (Windows) or..\ (Unix) in an HTTP request might take the attacker up a level, out of the WWW root directory. Example: Example: If attacker traverses to Command Prompt directory in Windows 2000 or NT, he can execute any command with system privileges

43 Traversal Attacks (Cont.) Preventing traversal attacks Companies filter out../ and..\ using URL scanning software Attackers respond with hexadecimal and UNICODE representations for../ and..\ ASCII Character Chart with Decimal, Binary and Hexadecimal Conversions NameCharacterCodeDecimalBinaryHex Start of HeadingSOHCtrl A Space Exclamation Point!Shift Plus+Shift = B Period E Forward Slash// F Tilde~Shift’ E

44 IIS IPP Buffer Overflow The Internet Printing Protocol (IPP) service included in IIS 5.0 and earlier versions is vulnerable to buffer overflow attacks The jill.c program was developed to launch the attack using: GET NULL.printer HTTP/1.0 Host: 420-byte jill.c code to launch the command shell IIS server responds launching the command shell (C:\WINNT\SYSTEM32\>) giving the attacker SYSTEM privileges.

45 IIS IPP Buffer Overflow (cont.) Link to jill.c code Code compilable using gcc jill.c –o jill on Linux Precompiled version (jill-win32.c) and executable (jill-win32.exe) available at ftp://ftp.technotronic.com/ newfiles/jill-win32.exe. This executable file is ready to run on a Windows machine.

46 IIS IPP Buffer Overflow (cont.) Source:

47 Login Screen Bypass Attack Website user gets a login screen Instead of logging in, user enters a URL to bypass the login screen and gain access without authorization.

48 Browser Attacks Malicious links User must click on them to execute (but not always) Common extensions are hidden by default in some operating systems.  attack.txt.exe seems to be attack.txt

49 General Applications Security Issues

50 Applications Security:

51 operation SMTP to Send Sending Client Receiving Client Sender’s SMTP Server (port 25) Local POP Server (port 110) Receiver’s SMTP Server (port 25) Local POP Server (port 110) POP to dwnld sends using stand-alone -client to 2) client connects to SMTP server at mail.source.com (port 25) to pass the message. 3)SMTP server breaks address in two parts (receiver and destination.com). If destination.com is same as source.com, SMTP server uses delivery agent to pass message to Local POP server. If not, message is sent to receiver’s SMTP server. 4)Receiver’s SMTP server uses delivery agent to pass message to Local POP server. 5)When receiver connect, they download message to local computer. Simple Mail Transfer Protocol (SMTP) to transmit mail in real time to a user’s mail server or between mail servers Post Office Protocol –POP- to download mail to receiver when the receiver capable of downloading mail If SMTP server at source.com can’t connect to server at destination.com, message goes in a waiting queue at source.com. Server will periodically try to send (like every 15 minutes). After 4 hrs, server send an to sender with a notice

52 operation SMTP to Send Sending Client Receiving Client Sender’s SMTP Server (port 25) Local POP Server (port 110) Receiver’s SMTP Server (port 25) Local IMAP Server (port 143) IMAP to read, search, etc. Internet Mail Access Protocol (IMAP) is more advanced mail protocol: The remains on server transmit mail in real time to a user’s mail server or between mail server and not downloaded to receiver’s computer Mails can be organized in folders on server. Mails can be read from any computer. Can download s’ copy to work off-line without erasing from server. User can reply offline. The next time user connects, the replies are sent

53 Security issues Given what you know about operation and s in general, what are the main security and privacy issues associated with E- mail service? Spams Harassment (sexual, racial, etc.) Sending sensitive information Confidentiality

54 Security issues Given what you know about spams and sending inappropriate content (abusive , harassment, etc.), what can be done to control these issues? Answer: filtering

55 Security: Filtering filtering can be done at all three levels Extrusion filtering: filtering for sending intellectual property out of corporation.

56 Security: Encryption Encryption Not widely used because of lack of clear standards IETF has not been able to settle upon a single standard because of in-fighting Three standards are used SSL/TLS S/MIME PGP

57 Security Encryption SSL/TLS only requires a digital certificate for servers. End-to-end encryption only if all parties involved use SSL/TLS. Secure/Multipurpose Internet Mail -S/MIME- uses digital signatures, which require receiver to know sender’s public key. PGP uses trust among circles of friends: If A trusts B, and B trusts C, A may trust C’s list of public keys End-to-end encryption