Embed Size (px)
Citation preview
In this chapter, we will learn about cryptography, various types of cryptography, ciphers, cryptography tools, Public Key Infrastructure (PKI), and digital signature. We will discuss about SSL (Secure Sockets Layer), disk encryption, and disk encryption tools. This chapter focuses on AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA. 18.1 Understand cryptography, learn various types of cryptography, and understand ciphers Exam Focus: Understand cryptography, learn various types of cryptography, and understand ciphers. Objective includes:
Understand cryptography. Learn various types of cryptography. Understand ciphers.
Cryptography Cryptography is a technique of encrypting and decrypting messages. When the text is encrypted, it is unreadable by humans but when it is decrypted, it is readable. Cryptography is necessary to protect email messages, credit card information, and corporate data. The terms used in cryptography are as follows:
Plaintext: Plaintext can be read by a user. Ciphertext: Ciphertext can be converted to a non-readable format. Encryption: Encryption is the process of creating ciphertext from plaintext. Decryption: Decryption is the process of converting ciphertext to plaintext. Cipher: Cipher is an algorithm that is used to encrypt and decrypt text. Key: Key is an element used in the technology of encrypting and decrypting text.
Goals of cryptography The following are the goals of cryptography:
1. Confidentiality: It makes sure that the message remains private and cannot be accessed by any unauthorized user when transmitted between two or more parties. There are two types of cryptosystems that ensure message confidentiality. They are as follows:
o Symmetric key cryptosystem: It uses the shared key that is available to all the users of the cryptosystem.
o Public key cryptosystem: It makes use of a combination of public and private keys for each user of the cryptosystem.
2. Integrity: It makes sure that the message remains unaltered when transmitted between two or more parties. If the goal of integrity is attained, the recipient is ensured that the received message is identical to the message that was sent.
3. Authentication: It verifies the user's identity.4. Non-repudiation: It assures the recipient that the message was really sent by the sender
and someone is not masquerading as the sender.
Types of cryptography The following are the types of cryptography:
Symmetric encryption: It is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses the symmetric encryption key algorithm to encrypt data.
Asymmetric encryption: It is a type of encryption that uses two keys, i.e., a public key and a private key pair for data encryption. The public key is available to everyone, while the private or secret key is available only to the recipient of the message. For example, when a user sends a message or data to another user, the sender uses the public key to encrypt the data. The receiver uses his private key to decrypt the data.
Hash function: It does not use any key for encryption and decryption. A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption.
Public Key Encryption The Public Key Encryption, also called asymmetric encryption, was first publicly proposed by Diffie and Hellman in 1976. Public Key Encryption is more secure than non-public key encryption. It is based on the mathematical functionality rather than on the simple operations on bit patterns. It uses two separate keys. It has five stages as follows:
Plain Text: It is the original message. Encryption Algorithm: It performs different transformations on plain text. Public and Private Key: It is the input to the encryption algorithm. Cipher Text: It is the scrambled message as an output. Decryption Algorithm: It performs on cipher text and gives the original message as an
output.
Government Access to Keys (GAK) Government Access to Keys (GAK) implies that software companies will give copies of all keys or at least some keys using which the remaining keys can be cracked to the government. The government promises that they will securely keep the keys and will only use them when a warrant will be issued by a court to do so. Ciphers
Ciphers are algorithms that are used for encrypting or decrypting the data. The following are classical ciphers:
Substitution cipher: In cryptography, a substitution cipher is a method of encryption in which units of plaintext are replaced with ciphertext according to a regular system. The units may be single letter, pairs of letters, triplets of letters, mixtures of the all, and so forth. The receiver deciphers the text by performing an inverse substitution.
Transposition cipher: In cryptography, a transposition cipher is a method of encryption in which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. The units are commonly characters or groups of characters. In the transposition cipher, the order of the units is changed.
Modern ciphers are classified based on the type of key used and on the type of input data.
The following are classifications of modern ciphers based on the type of key used:
Private key: It involves the use of same key for encryption and decryption. Public key: It involves the use of two different keys for encryption and decryption.
The following are classifications of modern ciphers based on the type of input data:
Block cipher: It is a symmetric key cipher that operates on blocks of messages. It encrypts an entire message block at the same time. Transposition ciphers are examples of block ciphers. Each block cipher has a mode of operation that functions as a stream cipher. The more complicated columnar transposition cipher operates on an entire message, and uses the transposition algorithm and a secret keyword to encrypt the entire message.
Stream cipher: It is a symmetric key cipher that operates on each character, or bit of a message. It encrypts one character per bit at a time. Caesar cipher and one-time pad are the examples of a stream cipher. One-time pad is a stream cipher since it independently operates on each letter of the plaintext message. Significant computational resources are required by the stream ciphers.
Twofish Twofish is a symmetric key block cipher. It operates on 128-bits block size and uses key sizes up to 256 bits. It uses pre-computed key-dependent S-boxes and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key, and the other half of the key is used to modify the encryption algorithm. It borrows some elements from the pseudo-Hadamard transform (PHT) from the SAFER family of ciphers. Blowfish Blowfish is a symmetric 64-bit block cipher that can support key lengths up to 448 bits. It is included in a large number of cipher suites and encryption products. It was designed in 1993 by
Bruce Schneier and is freely available for anyone to use. This has contributed to its popularity in cryptographic software. Boomerang attack A boomerang attack is a method for the cryptanalysis of block ciphers. The attack is based on differential cryptanalysis. In differential cryptanalysis, an attacker exploits how differences in the input to a cipher (the plaintext) can affect the resultant difference at the output (the ciphertext). A high-probability "differential" (that is, an input difference that will produce a likely output difference) is needed that covers all, or nearly all, of the cipher. The boomerang attack allows differentials to be used which cover only part of the cipher. 18.2 Understand AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA Exam Focus: Understand AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA. Objective includes:
Gain insights on Advanced Encryption Standard (AES). Understand RC4, RC5, RC6 Algorithms. Examine RSA (Rivest Shamir Adleman). Explain Message Digest Function: MD5. Understand Secure Hashing Algorithm (SHA).
Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) is an encryption standard that comprises three block ciphers, AES-128, AES-192, and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information. It is an iterated block cipher. It involves the repetition of the same defined steps multiple times. Data Encryption Standard Data Encryption Standard (DES) is the name of the Federal Information Processing Standard (FIPS) 46-3. It is a 64 bit block cipher. It includes four modes of operation: Electronic Codebook mode, Cipher Block Chaining mode, Cipher Feedback mode, and Output Feedback mode. All the DES modes function on 64 bits of plaintext at a time in order to generate 64-bit blocks of ciphertext. DES uses the 56 bit long key.
The various modes of Data Encryption Standards are as follows:
Electronic Codebook (ECB) mode: It is the least secure mode. In this mode, DES uses secret keys to encrypt the 64-bit block. It produces the same encrypted block if the algorithm encounters the same block multiple times.
Cipher Block Chaining (CBC) mode: In this mode, before encryption, each block of unencrypted text is XORed with the block of ciphertext immediately preceding it.
Cipher Feedback (CFB) mode: In this mode, the preceding block of ciphertext is encrypted using the DES algorithm. This block is then XORed with the next block of plaintext in order to achieve the next block of ciphertext. Errors propagating in this mode corrupt the next transmitted block.
Output Feedback (OFB) mode: In this mode, DES functions in almost the same manner as it does in the CFB mode. The plaintext with the seed value is XORed by DES, instead of XORing an encrypted version of the previous preceding block of ciphertext.
3DES 3DES, also referred to as triple DES, is a mode of the Data Encryption Standard (DES) encryption algorithm. 3DES uses three 64-bit keys to encrypt data thrice. Primarily, it encrypts data with a 64-bit key. Then, the output data is again encrypted with the second 64-bit key. Finally, the third 64-bit key is used for encryption. DES uses the block cipher method to break a data file into 64-bit blocks, which are then encrypted. Triple Data Encryption Algorithm (TDEA) The Triple Data Encryption Algorithm (TDEA) was proposed by Tuchman and first came into existence in functional applications in 1985. The Triple DEA algorithm uses three keys and executes the DES algorithm three times. It follows an encrypt-decrypt-encrypt (EDE) sequence as follows:
C = E<;sub>k3 [ Dk2 [ Ek1 [P] ] ] where C = Cipher Text P = Plain Text Ek [X] = encryption of X using key K Dk [Y] = decryption of Y using key K RC2 RC2 is a block cipher designed by Ron Rivest in 1987, and the other ciphers designed by Rivest include RC4, RC5, and RC6. RC2 is a 64-bit block cipher with a variable size key. Its 18 rounds are arranged as a source-heavy Feistel network with 16 rounds of one type punctuated by two rounds of another type. RC4 RC4 is a stream cipher designed by Ron Rivest. It is used in many applications including Transport Layer Security (TLS), Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), etc. RC4 is fast and simple. However, it has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, nonrandom or related keys are used, or a single keystream is used twice. Some ways of using RC4 can lead to very insecure cryptosystems such as WEP. RC5 RC5 is a block cipher algorithm with a variable block size (32, 64, or 128 bits), key size (0 to 2040 bits), and number of rounds (0 to 255). 12-round RC5 (with 64-bit blocks) can be easily
cracked by using a differential attack of 244 chosen plaintexts. Hence, 18-20 rounds of RC5 are suggested as sufficient protection. RC6 RC6 is a cryptographic symmetric key algorithm, which is derived from the RC5 algorithm. RC6 proper has a block size of 128 bits. It also supports key sizes of 128, 192, and 256 bits. Unlike RC5, RC6 does use an extra multiplication operation in order to make the rotation dependent on every bit in a word. Digital Signature Algorithm Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. DSA is a public key algorithm. The secret key operates on the message hash generated by SHA-1. To verify a signature, one recomputes the hash of the message, uses the public key to decrypt the signature, and then compares the results. The key size is variable from 512 to 1024 bits; it is adequate for the current computing capabilities as long as a user uses more than 768 bits. RSA Algorithm RSA is an Internet encryption and authentication system. It uses an algorithm developed by Ron, Rivest, Adi Shamir, and Leonard Adleman. It uses modular arithmetic and elementary number theories in order to perform computations using two large prime numbers. The RSA algorithm is an example of the public key algorithm in which the public key is generated from the private key. In the RSA algorithm, the public and private keys are generated as follows:
1. Choose two large prime numbers p and q of equal lengths, and compute n=p*q.2. Choose a random public key e such that e and (p-1)*(q-1) are relatively prime.3. Calculate e*d=1*mod[(p-1)*(q-1)]. Here, d is a private key.4. Calculate d=e^(-1)*mod[(p-1)*(q-1)].5. Now (e,n) and (d,n) are the public and private keys respectively.
Message digest A message digest is a number, which is created algorithmically from a file and represents that file uniquely. Message digest functions calculate a unique fixed-size bit string representation known as a hash value of any arbitrary block of information. If the file changes, the message digest also changes. Message digest is a compact digital signature for an arbitrarily long stream of binary data. It is used to determine whether the file has been modified. Additionally, message digests also help to identify duplicate files. As message digests produce values that are difficult to invert, they are also known as one-way functions. MD5 The MD5 Message-Digest Algorithm is a cryptographic hash function that produces a 128-bit (16-byte) hash value. The following types of attacks can be performed on the MD5 algorithm:
1. Collision Attack: A collision attack can be used to find collisions within seconds on a computer with a 2.6Ghz Pentium 4 processor. An attacker can use the chosen-prefix
collision attack to produce a collision for two chosen arbitrarily different inputs within hours, using off-the-shelf computing hardware.
2. Rainbow Attack: Various MD5 rainbow tables are published online, which can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking.
EAP-MD5 EAP-MD5 is the only IETF Standards Track-based EAP method. It does not provide server authentication. It offers minimal security; the MD5 hash function is vulnerable to dictionary attacks, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only provides authentication of the EAP peer to the EAP server but not mutual authentication. By not providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle attacks. EAP-MD5 support was first included in Windows 2000 and deprecated in Windows Vista. Secure Hash Algorithm (SHA) The Secure Hash Algorithm (SHA) is a cryptographic hash algorithm that generates a fixed-length digital representation (message digest) of an input data sequence of any length. The SHA algorithm is very secure, as it is computationally very difficult to find a message that corresponds to a given message digest. In this algorithm, any change to a message will result in a completely different message digest. There are five SHA algorithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. SHA1 hash function The SHA-1 hash function differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function; this was done, according to NSA, to correct a flaw in the original algorithm which reduced its cryptographic security. However, NSA did not provide any further explanation or identify the flaw that was corrected. Weaknesses have subsequently been reported in both SHA-0 and SHA-1. SHA-1 appears to provide greater resistance to attacks, supporting the NSA's assertion that the change increased the security. SHA-1 (as well as SHA-0) produces a 160-bit digest from a message with a maximum length of (264 - 1) bits. SHA-1 is based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.
The above image exhibits one iteration within the SHA-1 compression function. A, B, C, D, and E are 32-bit words of the state; F is a nonlinear function that varies; denotes a left bit rotation by n places; n varies for each operation. Wt is the expanded message word of round t, Kt is the round constant of round t. denotes addition modulo . SSH Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over insecure channels. It is a secure replacement for telnet and the Berkeley r-utilities. It uses public key encryption as the main method for user authentication. SSH secures connections over the Internet by encrypting passwords and other data. It provides an encrypted channel for the following:
Remote logging Command execution File transfer
SSH delivers strong host-to-host and user authentication, and a secure communication over the Internet. It also protects networks against IP spoofing, packet spoofing, password sniffing, and eavesdropping. SSH uses TCP port 22 as the default port and operates at the Application layer. The SSH protocol has the following three components:
1. Transport layer protocol2. User authentication protocol3. Connection protocol
Diffie-Hellman Encryption Diffie-Hellman encryption was developed by Diffie and Hellman in 1976 and published in the paper "New Directions in Cryptography." It is a key agreement protocol (also called exponential key agreement) that allows two users to exchange a secret key over an insecure medium (such as
the Internet) without any prior secrets. The original protocol had two system parameters, i.e., p and g. They are both public and may be used by all users in a system. The Diffie-Hellman key exchange was vulnerable to a man-in-the-middle attack, as the Diffie-Hellman key exchange does not authenticate the participants. The current form of the Diffie-Hellman protocol (also known as the authenticated Diffie-Hellman key agreement protocol, or the Station-to-Station (STS) protocol), was developed by Diffie, Van Oorschot, and Wiener in 1992 to overcome the man-in-the-middle attack. This is achieved by allowing the two parties to authenticate themselves to each other by the use of digital signatures and public-key certificates. The Diffie-Hellman protocol is an example of a much more general cryptographic technique, the common element being the derivation of a shared secret value (that is, key) from one party's public key and another party's private key. The parties' key pairs may be generated as new at each run of the protocol as in the original Diffie-Hellman protocol. The public keys may be certified so that the parties can be authenticated and there may be a combination of these attributes. 18.3 Identify cryptography tools, and understand Public Key Infrastructure (PKI), and digital signature Exam Focus: Identify cryptography tools, and understand Public Key Infrastructure (PKI), and digital signature. Objective includes:
Identify cryptography tools. Understand Public Key Infrastructure (PKI). Identify digital signature.
Cryptographic tools The following are cryptographic tools:
CommuniCrypt File: It is a file encryption/decryption tool with the strongest AES algorithm. It can generate the hash of the source file as a password for symmetric encryption.
CryptoForge: It is easy-to-use file encryption software for personal and professional security. It permits a user to protect the privacy of sensitive files, folders, or messages by encrypting them with up to four strong encryption algorithms.
Steganos LockNote: It encrypts everything that is important to a user on laptops, PCs, USB sticks, CDs, and DVDs.
NCrypt XL: It is a tool used to encrypt every cell inside a MS Excel spreadsheet. It uses standard algorithms such as AES and DES. The encryption is text based, and any display format is retained. Encryption and decryption is performed by inserting a proper password or pass phrase. Every single worksheet may be encrypted completely or by selecting one or more of its columns.
AxCrypt: It is the leading open source file encryption software for Windows. It integrates seamlessly with Windows in order to compress, encrypt, decrypt, store, send, and work with individual files.
ccrypt: It is a utility used to encrypt and decrypt files and streams. It is based on the Rijndael cipher.
AutoKrypt: It is data encryption software. It is designed for automation. It automatically encrypts or decrypts files and folders on a schedule. Encryption methods include password-based secret key, password-based public key, password-based private key, OpenPGP password, and Open PGP public and private key.
Cypherix: It is a comprehensive solution used to protect sensitive data on any Windows PC, desktop, laptop, hard disk or removable drive such as USB flash drive, memory stick, etc.
Public key infrastructure A public key infrastructure enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message.
The user authentication using PKI involves the following:
1. A user applies for a certificate.2. The registration authority requests for issuing the certificate.3. The certificate authority gives the public key certificate to the user.4. The certificate authority updates information to the validation authority.5. The user sends a message in the public key certificate signed with the digital signature to
the party with which he wants to communicate. The party validates the electronic signature and enquires about the validity of the public key certificate from the validation authority.
6. The party sends the public key certificate to the validation authority.7. The validation authority sends the determined result to the party.
Components of PKI The following are the components of PKI:
A certificate management system to generate, distribute, store and verify certificates A certificate authority that is responsible for issuing and verifying digital certificates One or more directories where certificates with their public keys are held A registration authority that verifies the certificate authority
PGP Pretty Good Privacy (PGP) is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients. PGP is effective, easy to use, and free. Therefore, it is one of the most common ways to protect messages on the Internet. Digital Signature
A digital signature is a personal authentication method based on encryption and authorization codes. It is used for signing electronic documents. A digital signature not only validates the sender's identity, but also ensures that the document's content has not been altered. Digital signature schemes involve the following algorithms:
A private key for signing the message A public key for verifying signatures
Secure Electronic Transaction (SET) Secure Electronic Transaction (SET) is a standard protocol for secure electronic transactions, such as credit card payments, over the Internet. SET uses 56-bit Data Encryption Standard (DES) encryption and requires digital signatures to verify the identities of all parties involved in a transaction. This form of business is effective over the Internet because individuals or organizations receive only relevant information. For example, a vendor does not receive the actual credit card number during a transaction but is simply informed that the bank has approved the transaction. 18.4 Understand SSL, disk encryption, and cryptography attacks Exam Focus: Understand SSL, disk encryption, and cryptography attacks. Objective includes:
Describe SSL (Secure Sockets Layer). Examine disk encryption. Identify disk encryption tools.
Secure Sockets Layer (SSL) Secure Sockets Layer (SSL) is an application layer protocol. It was developed by Netscape to manage the security of a message transmission on the Internet. It is used to transmit private documents via the Internet. SSL uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity. Using the SSL protocol, clients and servers can communicate in a way that prevents eavesdropping and tampering of data on the Internet. Many Web sites use the SSL protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:. By default, SSL uses port 443 for secured communication. TLS Transport Layer Security (TLS) is an Application layer protocol that uses a combination of public and symmetric key processing to encrypt data. It sets up a secure connection between a client and a server. It ensures privacy and integrity of information during transmission. It makes use of the RSA algorithm having 1024 and 2048 bit strengths. The following are the layers of TLS:
TLS Record Protocol: It is used to provide a secured connection using an encryption method.
TLS Handshake Protocol: It allows the authentication between the client and server and permits the client and server to transfer an encryption algorithm and cryptographic keys before data exchange.
Protected Extensible Authentication Protocol (PEAP) Protected Extensible Authentication Protocol, Protected EAP, is a method to securely transmit authentication information, including passwords, over wired or wireless networks. PEAP uses server-side public key certificates to authenticate the server. It then creates an encrypted SSL/TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping. Disk encryption Disk encryption protects confidentiality of the data that is stored on a computer disk. It works like text message encryption. Even when the OS is not active, disk encryption protects data. You can safeguard any information to burn onto the disk and prevent it from being used by unauthorized person by using an encryption program for your disk. DriveCrypt, BitLocker, ShareCrypt, DriveCrypt Plus Pack, PocketCrypt, Master Voyager, FreeOTFE / FreeOTFE4PDA, and FreeOTFE Explorer are disk encryption tools. TrueCrypt TrueCrypt is an open source disk encryption tool. It provides disk or USB flash drive encryption for Linux and Windows operating systems. It has the following features:
It creates a virtual encrypted disk within a file and mounts it as a real disk. It provides the following encryption algorithms:
o AES-256o Serpento Twofish
It can also encrypt a partition or drive in which the operating system is installed. It provides two levels of plausible deniability in case an enemy forces it to reveal the
password:o Hidden volume and hidden operating systemo 2nd layer of encryption for sensitive contents
CryptoHeaven CryptoHeaven is a tool that supports 2048 to 4096 bit asymmetric and 256-bit symmetric key encryption with no third party key holder. It provides secure Internet connections, secure instant messaging, secure mail, secure file sharing, secure online storage, etc. CryptoHeaven claims that it does not store any personal information, such as names, addresses, credit card numbers, etc. It enables the user's computer to be free from any type of snooping and interference by any government agency or other authority.
WinMagic SecureDoc WinMagic SecureDoc is disk encryption software that is applicable to hard disks, USB drives, CDs, and DVDs on Windows operating systems. It has the following types of access mechanisms:
Hardware tokens Passwords Smart cards Biometrics
Cryptanalysis tools The following are cryptanalysis tools:
Cryptanalysis: It is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.
Ganzua: It is a cryptanalysis tool used for monoalphabetic and polyalphabetic ciphers that can work with almost any set of characters.
CryptoBench: It provides a source of strong cryptographic transformations to help in the cryptanalysis process of common cryptographic schemes.
JCrypTool: It allows students, teachers, developers, and anyone else interested in cryptography to apply and analyze cryptographic algorithms in a modern, easy-to-use application.
AlphaPeeler: It is a crypto educational tool that includes frequency analysis, mono-alphabetic substitution, Caesar, transposition, Vigenere, and Playfair cipher. The following are professional features of AlphaPeeler: DES, Gzip, MD5, SHA1, SHA256, RIPEMD-16, RSA, and secret share files.
Cryptographic attacks Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in such areas as the code, cipher, cryptographic protocol, or key management scheme in the cryptographic algorithm. In cryptography attacks, an assumption is made that the cryptanalyst has knowledge of the encrypted information. The following are the cryptographic attacks usually performed by an attacker:
Known plaintext attack: In a known plaintext attack, the attacker should have both the plaintext and ciphertext of one or more messages. These two items are used to extract the cryptographic key and recover the encrypted text.
Ciphertext only attack: In this attack, the attacker obtains encrypted messages that have been encrypted using the same encryption algorithm. For example, the original version of WEP used RC4, and if sniffed long enough, the repetitions would allow a hacker to extract the WEP key. Such types of attacks do not require the attacker to have the plaintext because the statistical analysis of the sniffed log is enough.
Man-in-the-middle attack: In this form of attack, the attacker places himself in the middle of the communications flow between two parties. Once an attacker enters the
communications flow, he is able to perform a ciphertext only attack, exchange bogus keys, etc.
Replay attack: In this type of attack, the attacker tries to repeat or delay a cryptographic transmission. A replay attack can be prevented using session tokens.
Chosen plaintext attack: In a chosen plaintext attack, the attacker somehow picks up the information to be encrypted and takes a copy of it with the encrypted data. This is used to find patterns in the cryptographic output that might uncover vulnerability or reveal a cryptographic key.
Chosen ciphertext attack: In this type of attack, the attacker can choose the ciphertext to be decrypted and can then analyze the plaintext output of the event. The early versions of RSA used in SSL were actually vulnerable to this attack.
Adaptive chosen plaintext attack: It is used by an attacker when he has free use of a piece of decryption hardware, but cannot extract the decryption key from it.
Rubber hose attack: It involves extraction of cryptographic secrets by torturing a person.
Timing attack: A timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. It is based on repeatedly measuring the exact execution times of modular exponentiation operations. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.
Information can leak from a system through measurement of the time it takes to respond to certain queries. How much such information can help an attacker depends on many variables: crypto system design, the CPU running the system, the algorithms used, assorted implementation details, timing attack countermeasures, the accuracy of the timing measurements, etc.
Code breaking methodologies The following are code breaking methodologies:
Trickery and deceit: Social engineering techniques are used to extract cryptography keys.
Brute-force: Cryptography keys are found by trying every possible combination. One-time pad: The one-time pad algorithm has an unbreakable encryption scheme. It
does not use the repeated pattern of alphabetic substitution. This prevents the cryptanalysts from breaking the codes. The following conditions are required to ensure the integrity of the one-time pad algorithm:
o The encryption key must be generated randomly.o The one-time pad must be physically shielded against disclosures because the
enciphered messages can be easily decrypted if the enemy gets access to a copy of the pad.
o The one-time pad must not be reused. If the pads are reused, the cryptanalysts can determine the key values of the message.
o The length of the key must be the same as the message to be encrypted, as each key element encodes only one character of the message.
Frequency analysis: It is considered as the study of the frequency of letters or group of letters in a ciphertext.
Brute force attack A brute force attack tries to defeat a cryptographic scheme by trying a large number of possible keys until the correct encryption key is found. It is a high resource and time intensive process. A brute force attack becomes successful depending on the length of the key, time constraint, and system security mechanisms. Meet-in-the-middle attack The meet-in-the-middle attack is a cryptographic attack. This attack can be used against cryptographic algorithms that use multiple keys for encryption. The meet-in-the-middle attack attempts to find a value in each of the ranges and domains of the composition of two functions such that the forward mapping of one through the first function is the same as the inverse image of the other through the second function.
The meet-in-the-middle attack takes less time than an exhaustive attack. It can be used for forging signatures on mixed-type digital signature schemes. Online MD5 decryption tools The following are online MD5 decryption tools:
md5 md5crack MD5 Decryptor Hash Cracking Tool Hash Cracker Passcracking
Chapter Summary In this chapter, we learned about cryptography, various types of cryptography, ciphers, cryptography tools, Public Key Infrastructure (PKI), and digital signature. We also discussed SSL (Secure Sockets Layer), disk encryption, and disk encryption tools. This chapter focused on AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA.Glossary Asymmetric encryption Asymmetric encryption is a type of encryption that uses two keys, i.e., a public key and a private key pair for data encryption. Block cipher
A block cipher is a symmetric key cipher that operates on blocks of messages. It encrypts an entire message block at the same time. Brute force attack A brute force attack tries to defeat a cryptographic scheme by trying a large number of possible keys until the correct encryption key is found. Ciphers Ciphers are algorithms that are used for encrypting or decrypting the data. Cryptographic attacks Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in such areas as the code, cipher, cryptographic protocol, or key management scheme in the cryptographic algorithm. Cryptography Cryptography is a technique of encrypting and decrypting messages. DES Data Encryption Standard Digital signature Digital signature is a personal authentication method based on encryption and authorization codes. It is used for signing electronic documents. Disk encryption Disk encryption protects confidentiality of the data that is stored on a computer disk. Message digest A message digest is a number, which is created algorithmically from a file and represents that file uniquely. Public key infrastructure A public key infrastructure enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. Secure Hash Algorithm The Secure Hash Algorithm (SHA) is a cryptographic hash algorithm that generates a fixed-length digital representation (message digest) of an input data sequence of any length. Secure Shell Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over insecure channels. SET
Secure Electronic Transaction Snow.exe Snow.exe is a Steganography tool that is used to hide secret data within text file Stream cipher Stream cipher is a symmetric key cipher that operates on each character, or a bit of a message. Symmetric encryption Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Transport Layer Security Transport Layer Security (TLS) is an Application layer protocol that uses a combination of public and symmetric key processing to encrypt data. TrueCrypt TrueCrypt is an open source disk encryption tool. It provides disk or USB flash drive encryption for Linux and Windows operating systems. Twofish Twofish is a symmetric key block cipher which operates on 128-bits block size and uses key sizes up to 256 bits. Twofish A symmetric key block cipher which operates on 128-bits block size and uses key sizes up to 256 bits. Twofish-128 A symmetric key block cipher which operates on 128-bits
