Cyber Security

Compiled info

1
Objective

To apprise about cyber threats and establishment of

cyber security infrastructure

2
Layout

 Cyber Concepts
 Cyber Threats
 Cyber Attacks
 Cyber Defense
 Establishing Cyber Labs
 Learning Resources

3
A Brief History of the World

4
Cyber Age & Cyber war

 "Every age has its own kind of war, its own

limiting conditions and its own peculiar
preconceptions."

The Prussian philosopher

Karl von Clauswitz
5
What is Cyber Space

Cyberspace is a worldwide network of computers/

devices and the equipment that connects them, which
by its very design is free and open to the public

6
What is Cyberspace?

Essential Databases Transportation Energy and Power

E-Government Banking and stock Water and sewerage

Public Networks Military networks Nuclear Power Plants

Cyber Domain is Ubiquitous 7

Terminologies
 Vulnerability: Any weakness
 Attack: Exploitation of a vulnerability
 Threat: The possibility of Attack
 Risk: The possibility of exploitation
 Malware: All pieces of code exploiting the system
integrity for some malicious objectives
 Cyber Attack: Any action compromising the
security of information owned by an organization
 Cyber Weapon: Any s/w or h/w or user used for
Cyber attack

8
The Aim of Cyber Attacks

 Passive attacks  Active attacks

 Eavesdropping  Message loss
(Loss of Privacy)  Message modification
 Data Exfiltration  Message insertion
 Detect Remote  Message replay
Location  Un authorized Access
 Denial-of-Service

9
Cyber Weapons and Attacks real situation
10
Cyber Weapon Design
Classical Weapon Architecture
A missile is comprised of three basic elements.
• Delivery vehicle (rocket engine), followed by
• Navigations system (to get to the target) and
• Payload (component to cause damage)

As it turns out, the same three elements now appear in

the design of cyber weapons.

11
Cyber Weapon Design
Cyber Weapon – Delivery Vehicle
Numerous ways to deliver cyber weapons to targets
▪ USB
▪ Emails with malicious code embedded or attached
▪ Web sites having malicious links & downloads
▪ Manual delivery (via Hacking) to place malicious
payload on a target computer, system or network
▪ Counterfeit hardware, software
▪ Electronics components to deliver cyber weapons

12
Cyber Weapon Design
Cyber Weapon – Navigation System
System vulnerabilities are primary navigation systems in
cyber weapons to allow malicious payload to reach a
specific point inside a computer, system or network.
▪ Vulnerabilities provide entry points for the
payload
▪ Security exposures allow exploitation/
compromise of system integrity
▪ Exploitations allow unauthorized remote access
and control over the system

13
Cyber Weapon Design
Cyber Weapon – Payload
Cyber weapon payload (explosive) can be a program:
▪ To copy information off of the computer and send
it to an external source
▪ To erase/alter information stored on the system
▪ To allow remote access/Control so that
computer can be controlled/directed over the
internet
“Bot/botnet” is an example to allow remote use of
computer by an unauthorized individual/org

14
Cyber Weapons Economics

What does a stealth bomber cost? $1.5 to $2 billion

What does a stealth fighter cost? $80 to $120 million

What does an cruise missile cost? $1 to $2 million

What does a cyber weapon cost? $300 to $50,000

And it can render all above systems USELESS !!
15
Compelling Challenges

 Vast amounts of information

 Hyper connectivity
 Extreme Mobility
 COTS technology
 Cloud computing
 Social networks
 GIS enabled hardware
 Deliberate attacks

16
 Cyber Threats

17
Who is vulnerable?
 Financial institutions and banks
 Internet service providers
 Pharmaceutical companies
 Government and defense agencies
 Contractors to various government agencies
 Multinational corporations
 ANYONE ON THE NETWORK

18
Common Cyber Threats 19

• Key Loggers
• Social Engineering • Hacking
• Insider Threats • Malicious code
• Vendors & Employees • Weak Algos
• DoS

• Access Controls
• Natural Disasters
 Most Common Insider Threats
 Personal Gain
 Modifying or stealing confidential/sensitive information
 Business Advantage / Traitor
 Theft of trade secrets or customer information
 To share with a foreign government or organization
 Sabotage of an organization’s data systems or network

Solution: Segregation of duties, Monitoring, Irregular audits

20
Malware

 Software designed specifically to

 Damage or disrupt a system
 Malware can be classified into several
categories, depending on propagation
and concealment
 Viruses, Worms, Trojan horses, Spyware,
Adware, Scareware, and other malicious
programs
 It can take the form of
 Executable code, Scripts, Active content

21
 Worm
 Automatic propagation without human assistance
 An independent program; doesn’t need a host document
 Propagates using computer networks
 It harms open network connections, consume bandwidth

 Virus
 Human-assisted propagation (e.g., open email
attachment)
 Virus damages a local machine only

22
Backdoors
 Hidden feature or command in a program
 Allows unwanted actions
 Allow unauthorized access to your system

Logic bomb
 Starts when a specific event occurs
 It releases a virus, worm or other code to attack a
system
23
Trojan
 A user/administrator installs by being misled into
thinking that it only performs wanted functionality
 However, the program also contains hidden
functionality, which the user does not want.

24
Rats
 Remote Access Trojans
 Lets the criminal view, change, monitor, record or
control your computer through internet
 Find your files, view, copy or delete them
 Create popups, capture video, audio and send to
criminals
 Record typing and send information to other computer
 Run or end a program, process or connection on your
computer
 Use your PC as part of a Zombie Army or Bot

25
Rootkit
 A Stealth program to maintain persistent and
undetectable presence on the machine
 Modifies the host OS to hide its process from being
visible in the list of processes

26
Spyware
 Spies on the user to collect info and display popup
ads based on that collected info
 Change configuration of your computer
 Slows down the computer to make it non-functional
 It makes use of the memory used by background
processes to keep a close watch on users

27
Adware
 Software that display banners and popup ads on the
computer
 Can be harmful or harmless
 Adware can contain Spyware
 Adware gathers information on what the user
searches the Web for, and report third-party

28
29
Spam
 Junk or unwanted email
 How to reduce spam
 Delete junk email without opening
them
 Don’t reply to them
 Don’t give personal info in an email or instant message
 Don’t buy anything or give charity promoted through
spam

30
Phishing
 Attackers send fake request as if from a bank, or
other institution asking for personal information
 You click on a link in the email
 It takes you to a fake website imitating the institution
 If you give personal info, it results in Identity Theft

31
Social Engineering
 Use of social tricks or psychology to gain access to
secured systems
 Trick people into revealing passwords and other
information
 Hacker calls a company pretending to be an employee
in order to learn secrets about an internal network

32
“Amateurs hack systems, professionals hack people. They
(professional hackers) play on security flaws in people,
not in systems.”

Bruce Schneier
(Living Legend in Cyber security)

33
 Global Cyber Attacks

34
 Stuxnet Worm
• June 2010

 Attacks
SCADA
system using
Siemens
Control SW
Step 7
 1000 nuclear
centrifuges
 Over 60,000
computers

Iran’s Natanz Nuclear Plant is destroyed 35

US Stealth Drone RQ-170
• December
2011

• Noise generation and

Jamming of the
Communication Link
• Hack the US drone’s GPS
navigation system

Iran’s Downing of US Drone

 Dragon Fly
2011, 2013

• 1000 Western Energy Firms

• ICS (Industrial Control System)
• Defense and Aviation Companies
• Electricity Generation Firms
• Petroleum Pipeline Operators
• Spam email campaigns
• Spying of Nation States

The Industrial Control System and Energy Sector of

84 American and European Nations are compromised!
Denial of Service
 Last September, Israeli jets bombed a suspected nuclear installation
in northeastern Syria. Among the many mysteries still surrounding
that strike was the failure of a Syrian radar--supposedly state-of-
the-art--to warn the Syrian military of the incoming assault. It
wasn't long before military and technology bloggers concluded that
this was an incident of electronic warfare--and not just any kind.
 Post after post speculated that the commercial off-the-shelf
microprocessors in the Syrian radar might have been purposely
fabricated with a hidden ”backdoor” inside. By sending a
preprogrammed code to those chips, an unknown antagonist had
disrupted the chips' function and temporarily blocked the radar.

“The Hunt for the kill switch”, Adee 2008, IEEE SPECTRUM

38
 Denial of Service
 A kill switch is any manipulation of the chip's software or hardware
that would cause the chip to die outright--to shut off an F-35's
missile-launching electronics, for example.
 Depending on the adversary's degree of sophistication, a kill switch
might be controlled to go off at a set time, under certain
circumstances, or at random. As an example of the latter, Stanford
electrical engineering professor Fabian Pease muses, ”I'd nick the
[chip's] copper wiring.” The fault, almost impossible to detect,
would make the chip fail early, due to electromigration: as current
flowed through the wire, eventually the metal atoms would migrate
and form voids, and the wire would break. ”If the chip goes into a
defense satellite, where it's supposed to work for 15 years but fails
after six months, you have a very expensive, inoperative satellite,”
Pease says.

“The Hunt for the kill switch”, Adee 2008, IEEE SPECTRUM
39
Denial of Service
Trojans may affect service by exhausting scarce resources
such as bandwidth, computation, and battery power and
note that physical effects that disable or alter the
configuration of a device could be temporary or
permanent.

“Towards a comprehensive and systematic classification of hardware Trojans”, by

Rajenderan et al, Proceedings of 2010 IEEE International Symposium

40
Leak Information

Information could be leaked by means such as radio

frequency, optical, thermal, power and timing side-channels
and also via interfaces such as RS232 and JTAG.
 Leakage of encryption keys is possible via wireless
transmission amplitude or frequency margins that occur
due to process variations
 Leakage of secret from a HW, obtained through a radio
over 4 feet away

Demonstrated during the 2008 Cyber Security Awareness

Week (CSAW) Embedded System Challenge held at the
Polytechnic Institute of NYU
41
The last word!
 “The only truly secure system is the one that is
powered off, cast in a block of concrete, and sealed in
a lead-lined room with armed guards and even then I
have my doubts.”

E. H. Spafford
Associate Professor
Dept of Computer Science
Purdue University

42
 Cyber Defence
(From system to network)

43
PLANNING

“The beginning is the most important

part of the work.”

Plato

44
“My access to Motorola, Nokia, ATT, Sun depended
upon the willingness of people to bypass policies
and procedures that were in place for years
before I compromised them successfully.”

Kevin Mitnick
(A great hacker of our times)

45
What is “Security”
 “Security” is the quality or state of being secure
 to be free from danger.
 Types of Security
 Physical security
 Protects the physical items, objects or areas of an
organization from unauthorized access and misuse
 Personal security
 Protects the individual or group of individuals who are
authorized to access the organization and its operations
 Operations security
 Protects the details of a particular operation or series of
activities

46
What is “Security”
 Communications security
 Protects the organization’s communications media,
technology, and content
 Network security
 Protects the networking components, connections, and
contents
 Information Security
 Protects the information and its critical elements,
including the systems and hardware that use, store, or
transmit that information

47
Why an organization needs Security

▪ To protect the organization’s ability to function

▪ To enable the safe operation of applications
implemented on the organization’s IT systems
▪ To protect the data the organization collects and
uses
▪ To safeguard the technology assets in use at the
organization.

48
Security and Accessibility
 Security should balance
 protection and availability

Security Access

Two
Extremes

“Have unrestricted access

“Complete security of an
to a system”
information system”

the system is available to

would not allow anyone
anyone, anywhere, anytime,
access at any given time.
through any means.

49
 Cyber Security

Cyber Security is like the brakes

in your car.

Their function is to slow you down

BUT
Their purpose is to allow you to go
fast.

50
 Cyber/Information Security
– Security is not about the People alone

– Security is not about the Process alone

– Security is not about the Technology alone

51
 Cyber Security Services

 Confidentiality
 Integrity
 Authentication
 Digital Signature
 Non-Repudiation
 Availability

52
 Establishing Cyber Security Labs

53
Labs of Cyber Security

1) Network Security Lab

2) Forensic / Malware Analysis Lab
3) Data Security Lab

54
 Network Security Lab

55
 A Computer Network

56
 Computer Network components

57
Computer Network Components and
Devices
 Network Interface Card (NIC)
 Hub
 Switches
 Router
 Modem
 Cables and connectors
 Software
 Servers

58
Security Components
 Confidentiality: Need access control, Cryptography,
Existence of data
 Integrity: No change, content, source, prevention
mechanisms, detection mechanisms
 Availability: Denial of service attacks,
 Confidentiality, Integrity and Availability (CIA)

59
Threats
 Disclosure, alteration, and denial (DAD)
 Disclosure or unauthorized access: snooping, passive
wiretapping,
 Deception or acceptance of false data: active
wiretapping (data modified), man-in-the-middle attack,
Masquerading or spoofing (impersonation), repudiation of
origin (denying sending), denial of receipt
 Disruption or prevention of correct operation
 Usurpation or unauthorized control of some part of
a system: Delay, Infinite delay ⇒ Denial of service

60
Security Policy
 Statement of what is and what is not allowed
 Security Mechanism: Method, tool or procedure for
enforcing a security policy

61
Elements of Network Security Policy
1. Purchasing guidelines: Required security features
2. Privacy Policy: files, emails, keystrokes
3. Access Policy: Connecting to external systems,
installing new software
4. Accountability Policy: Responsibilities of
users/staff/management.Audit capability.
5. Authentication Policy: password policy
6. Availability statement: redundancy and recovery
issues
7. Maintenance Policy: Remote maintenance? How?
8.Violations Reporting Policy: What and to whom?
9. Supporting Information: Contact information,
handling outside

62
 Security Issues
 Goals: Prevention, Detection, Recovery
 Assurance: Assurance requires detailed specs of desired/ undesired
behavior, analysis of design of hardware/software, and arguments or
proofs that the implementation, operating procedures, and maintenance
procedures work.
 Operational Issues: Benefits of protection vs. cost of
designing/implementing/using the mechanisms
 Risk Analysis: Likelihood of potential threats
 Laws: Sys Admins can't read user's file without permission.
 Customs: DNA samples for authentication, SSN as passwords
 Organizational Priorities: Security not important until an incident
 People Problems: Insider attacks

63
Steps in Cracking a Network
 Information Gathering: Public sources/tools.
 Port Scanning: Find open TCP ports.
 Network Enumeration: Map the network. Servers
and workstations. Routers, switches, firewalls.
 Gaining Access: Keeping root/administrator access
 Modifying: Using access and modifying information
 Leaving a backdoor: To return at a later date.
 Covering tracks

64
 Hacker Categories
 Hacker - Cleaver programmer
 Cracker - Illegal hacker
 Script Kiddies - Starting hacker. May not target a
specific system. Rely on tools written by others.
 White Hat Hackers - Good guys.Very knowledgeable.
Hired to find a vulnerability in a network. Write own
software.
 Black Hat Hackers - Bad guys. Desire to cause harm to
a specific system. Write own software.
 Cyber terrorists - Motivated by political, religious, or
philosophical agenda.

65
Types of Attacks
 Denial of Service (DoS): Flooding with traffic/requests
 Buffer Overflows: Error in system programs. Allows
hacker to insert his code in to a program.
 Malware
 Brute Force: Try all passwords.
 Port Scanning:
⇒ Disable unnecessary services and close ports
 Network Mapping

66
Security Mechanisms
 Encipherment
 Digital Signature
 Access Control
 Data Integrity
 Authentication Exchange
 Traffic Padding
 Routing Control
 Notarization

67
Honey Pots
 Trap set for a potential system cracker
 All the services are simulated
 Honey pot raises alert allowing administrator to
investigate

68
Network Security Audit
1. Pre-Audit Contact: Study security policy
2. Initial Meeting: Discuss scopes and objectives of audit
3. Risk Assessment: Find vulnerabilities.
4. Physical security Audit: locked doors, etc.
5. Network Configuration Audit: What devices are on the network?
6. Penetration testing: attempts to crack the security
7. Backup recovery audit: Simulates a disaster to check recovery
procedures
8. Employee audit: Passive monitoring of employee activities to verify
policy enforcement
9. Reporting: Preparation of Audit Report and presentation to the
management.

69
Activities performed in the Network
Lab
 Penetration Analysis / Testing Exercises
 Intrusion Detection / Handling Exercises
 Cyberwarfare related Projects

70
 Tools for Network Monitoring and
Analysis
Tool Name Description
WireShark A network protocol analyser and capture utility, captured data can easily
be sent to another application for analysis or filtered
within WireShark itself
Pandora FMS To keep an eye on your servers applications and communications. . It can
be configured to create alerts based on specific events and send
notifications to administrators
Angry IP Angry IP scanner scans IP addresses and ports finding live hosts and
Scanner providing you with information about them
Microsoft It is used to capture packet data to analyze network traffic. It has support
Network for over three hundred public and Microsoft propriety protocols as well
Monitor as a wireless monitor mode.
Fiddler Fiddler captures HTTP between computers and the Internet to help with
debugging, to see incoming and outgoing data including encrypted HTTPS
traffic, allowing you to test your website performance or the security of
your web applications
Network Network Miner is classed as a network forensics analysis tool and is used
Miner
71 to capture packets it then extract files and images from that data allowing
you to reconstructed his actions.
Tools for Network Monitoring & Analysis
(Cont’d)
Tool Name Description
Capsa free Another tool for monitoring troubleshooting and analyzing network
traffic is Capsa free, not only does it have over 300 protocols and the
ability to create and customize them but its dashboard also allows to see
a summary of traffic stays TCP UDP conversations and packet analysis.
Total Network Total Network Monitor watches over your host and services, notifying
Monitor you when something requires your attention it colorful interface lets you
see what's wrong at a glance
xirrus xirrus wifi inspector manages connections locate devices detect rogue
wifi inspector access point and has connection speed quality tests
zenoss core Zenoss core keeps an eye on the application's servers, storage,
networking and virtualization to give performance and availability stats. It
also has an advance notification system.
GFI LanGuard GFI LanGuard allows to automate the detection, downloading, and
deployment of missing patches for all computers and devices, and fix
vulnerabilities before they can be exploited

72
Open Source Tools
Tool name URL
DNS Checker https://dnschecker.org/network-tools.php
➢ Domain DNS Validation
➢ Reverse DNS Lookup
➢ DNS Lookup
➢ NS Lookup
➢ MX Lookup
➢ Flush DNS
IP Tools ➢ What is my IP Address
➢ IP location Lookup
➢ Trace Email
➢ IP Blacklist Checker
➢ IP to decimal Converter
➢ Resolve IP to Hostname
➢ Lookup IP Whois
➢ IPv4 to IPv6
Developer Tools ➢ Password Generator
➢ HTTP Header Check
➢ Check Website OS
➢ MD5 and Base64 Generator
Network Tools ➢ TCP and UDP Port Scanner
➢ MAC Address Loopup
➢ ASN Whois lookup 73
 Forensic Investigation/ Malware
Analysis Lab

74
Digital Forensics
 A branch of CS pertaining law based method for
investigation.
 Collection and analysis of the digital data

 Categories
 Computer Forensics
 Cyber Forensics
 Digitized Document
 Software Forensics

75
Digital Forensic Process

76
Forensic Investigation Plan
 Incident and Investigation review
 Determine the intent and scope of investigation
 Determine legal restrictions
 Determine the limits of the investigator’s authority
 Determine what the client wants from the investigation
 Determine resource availability
 Determine the escalation procedures
 Determine liaison and reporting requirements
 Document known facts and initial incident time-line
 Determine facts of the incident

77
Forensic Investigation Plan (cont ...)
 Identification and Preservation
 Incident scene security
 Evidence identification
 Photograph the incident scene
 Search Warrant processing

78
Forensic Investigation Plan (cont ...)
 Data Collection
 Process incident scene and collect physical evidence
 Seize physical computer evidence
 Process incident scene for digital evidence
 Collect data from live system
 Collect special content data
 Review Forensic Workstation and Procedures
 Collect data/hard drives from powered-down system
 Review forensic documentation
 Review collected evidence for anomalies
 Review collected evidence for prospective leads

79
Forensic Investigation Plan (cont ...)

 Examination
 Before proceeding to examination
 Create appropriate number of evidence back-ups
 Identify any deleted partitions or unused disk space
 Retrieve time zone settings
 Determine OS
 Retrieve user profile information (names, login accounts
details, etc.)
 Use certified forensic work media and hard drives
 Process forensic image working copy
 Create digital evidence processing file structure on work
media
 Process raw digital evidence
80
Forensic Investigation Plan (cont ...)
 Examination (Cont’d)
 Physical data extraction and logical file separation
 Extract allocated data
 Extract unallocated data
 Extract swap space (Unix)
 Process memory dumps or images

 Refine digital evidence

 Identify and process composite files
 Identify and process encrypted/password protected files
 Data reduction
 Generate file lists and hash values

81
Forensic Investigation Plan (cont ...)
 Process Refined Digital Evidence
 Categorize files
 Construct mismatch file list
 Collect and document hidden data
 Create and document investigative leads
 Analysis
 Temporal analysis
 Relational analysis
 Functional analysis
 Evidence analysis

82
Forensic Investigation Plan (cont ...)
 Presentation
 Organize forensic documentation
 Develop Forensic Presentation
 Create Forensic Report

83
Lab Environment
 Ample space for case discussion among investigators
 Controlled atmospheric temperature
 Proper lighting with life safety measures
 Security and surveillance
 Workstations/laptops/computer for forensic & non-forensic
activities
 Cables
 DD (IDE, SCSI, SATA), Mother Board cables, LAN cables, USB
 Devices
 Additional hard drives , RAMs, USB drives , backup storage SAN,
Laptop HDD connectors , SCSI cards, network cards, VGA/HDMI
connectors, monitors, power supplies , keyboards mouse, laptop
charger, batteries, RW-CD/DVD
 Forensic tools

84
Lab Environment (cont …)
 Licensed applications software
 MS-Office, Adobe, CorelDraw, Data Bases Software and
Operating System CDs like Win7,Vista, 8, 10, Server 200X ,
Password cracking tools, write blocker software and
hardware
 Computer seizure power supply
 UPS
 Safe locker
 Storage shelves
 Printer, phones
 Log Book
 Reference study material
 Internet connectivity
85
Open Source data recovery tools
ITEM NOc DESCRIPTION

1 Pandora Recovery

2 Recuva

3 EaseUs Data Recovery

4 Recover My Files

5 GetDataBack

6 eSupport UndeletePlus

7 Pro-discovery

8 Safetools

9 Cofee

10 Data Recovery

11 Puran File Recovery

12 Get Data Back

86
Commercial software for Forensic
Lab
ITEM NO. DESCRIPTION

1 AccessData

2 FTK

3 Guidance EnCase for evidence analysis;

4 VM Ware Workstation to run virtual machines;

5 OfficeRecovery Ultimate,

6 EasyRecovery and

7 GetDataBack for data recovery;

8 AccessData DNA/PRTK for decryption and password cracking;

9 StegAlyzerAS and StegAlyzerSS for steganography analysis;

10 WinHex Specialist and Xways Forensics for hex editor;

11 Mobile Master Corporate Edition,

12 AccessData Mobile Phone Examiner for mobile forensics examination

Computer Accessories

ITEM NO QTY DESCRIPTION

1 10 DLT Tape Drive
2 10 DLT Cleaning Tapes
3 2 SCSI2 Cable
4 1 Digital Camera with media card
5 2 Digital Camera batteries packs (new or recharged)

88
Determining Floor Plans for
Computer Forensics Labs

89
Determining Floor Plans for
Computer Forensics Labs (continued)

90
Determining Floor Plans for Computer
Forensics Labs (continued)

91
 Malware Analysis Lab

92
Malware Analysis Process (cont…)
 Malware Analysis Techniques
 Surface Analysis
 Behavioral Analysis
 Code Analysis
 Static Code Analysis
 Dynamic Code Analysis
 Volatile memory Analysis

93
Architecture of Malware Analysis Lab
 Allocate physical or virtual systems for the analysis
lab

94
Architecture of Malware Analysis Lab

 Install and run behavioral analysis tools

 File system and registry monitoring
 Process monitoring
 Network monitoring
 Change detection
 Install and run code-analysis tools
 Disassembler and debugger
 Memory dumper

95
Tools for Malware Analysis
 BgInfo  TCPView
 MD5sums  Hfind
 PSfile  WinHex
 RootkitRevealer  Reverse Engineering
 Nmap Compiler
 Winalysis  ProcDump 32
 Strings  Windbg
 Debugview  Livekd

96
Approaches to Malware Analysis
 Process-driven Approach
 Goal-driven Approach
 Hybrid approach

97
Process-driven approach

98
Goal-driven approach

99
Malware Analysis Reporting
 Summary of the analysis
 Identification
 Characteristic
 Dependencies
 Behavioral and code analysis findings
 Supporting figures
 Incident recommendations
 Repeatable process
 Create Mindmaps

100
Other Requirements
 Trainings
 Certifications
 Seminars/Conferences

101
 Cryptology Lab

102
Terminology
 Alice – Sender of the message
 Bob – Receiver
 Eve – Eavesdropper or unintended party
 Plaintext – Message to be sent
 Ciphertext – Coded message
 Encryption – Coding of message
 Decryption – Decoding the message
 Cryptology – Science of study of ciphers
 Cryptography – Science (or art) of encrypted
communication between Alice and Bob, such that even if Eve
intercepts the ciphertext, she won’t be able to make any sense
of it.
 Cryptosystem – A term given to the system which turns a
plaintext into ciphertext and back.

103
Cryptographic Lab
 Cryptology is divided into
 1) Cryptography
 2) Cryptanalysis

 Cryptography
 deals with the creation of ciphers and cryptosystems.
 Cryptanalysis
 deals with the breaking of ciphers and cryptosystems.
 Cryptanalysis can be done by various approaches or
attacks like brute force, chosen plaintext and man in the
middle attack.
 Web-based cryptanalysis tools are also available that
can break the cryptosystems, teach about network security
and test the cryptosystems in general.

104
Cryptanalysis Tools
 Brute force attack
 brute force means exhausting very possibility until a
match is found. Even in classic cryptography, brute force
attack is considered time-consuming.
 Chosen plaintext attack
 By examining the plaintext – ciphertext pair, the
attacker can easily guess the encryption key
 Man in the middle attack

105
 Web based Cryptanalysis Tools
Tool name Description
CrypTool an e – learning tool explaining cryptanalysis and cryptography. CrypTool aims at making
people understand network security threats and working of cryptology. It includes
asymmetric ciphers like RSA, elliptic curve cryptography. CrypTool1 (CT1) experiments
with different algorithms and runs on Windows. It was developed in C++ language
EverCrack An open source GPL software, EverCrack deals chiefly with mono – alphabetic
substitution and transposition ciphers. It was initially developed in C language.It is
currently concentrating on online web – based applications. Now, the programming is
kernel based i.e. deciphering complex ciphers for the kernel.
Cryptol A software development firm named Galois Inc. developed Cryptol. It is a learning tool
as well as a way to analyze algorithms and implementations. Originally designed for NSA,
this tool is now used by private firms. The programming language is used for all aspects
of developing and using cryptography
AlphaPeeler AlphaPeeler is a freeware / non-commercial software product for educational and
personal use.Its development started in 1997, and AlphaPeeler 1.0 was deployed in June
1998. It includes MD5, SHA – 1, RSA key generation, RIPEMD – 16, etc
Crypto It is a software that performs various cryptanalytic functions. It can generate 14
Bench cryptographic hashes and two checksums. It can encrypt with 29 different secret key or
symmetric schemes. It can Encrypt, Decrypt, Sign, and Verify with six different public key
or asymmetric schemes
Web based Cryptanalysis Tools (Cont’d)
Tool name Description
Ganzúa Ganzúa (the Spanish word for lockpick) is a cryptanalysis tool for
monoalphabetic and polyalphabetic ciphers that can work with almost any set of
characters. It is a Java application; it may be executed on Mac OS X, Linux or
Windows.
Elcomsoft Elcomsoft Distributed Password Recovery (EPDR) installs “agents” on as many
Distributed computers as possible. These agents use brute force attack to recover the lost
Password Recovery password
Jipher Cryptanalysis tool that can be used to attack old ciphers. Additional can be used
to analyze cookies
Advanced Archive This tool supports the dictionary based attacks, plaintext attacks and the brute –
Password Recovery force attacks. It has a multilingual interface and strong AES encryption support.
Passwords for .zip, .arj , .rar & .ace extensions can be cracked
CalcChecksum CalcChecksum is a simple utility for calculating various checksums easily with a
graphical user interface
Kismet Kismet is an 802.11b network sniffer and network dissector. It is capable of
sniffing using most wireless cards, automatic network IP block detection via UDP,
ARP, and DHCP packets, and Cisco equipment lists
Web based Cryptanalysis Tools (Cont’d)
Tool name Description
Lepton’s Crack Lepton’s Crack is a generic password cracker. It is easily customizable with a simple
plugin system and allows system administrators to review the quality of the
passwords being used on their systems
Audio – Audio-entropyd reads sound from a stereo soundcard, takes the difference between
entropyd the left and right channels and feeds the result (via a secure hash) to the /dev/random
entropy pool
Crypto Bench Crypto Bench is a software that performs various cryptanalytic functions. It can
generate 14 cryptographic hashes and two checksums. It can encrypt with 29
different secret key or symmetric schemes. It can encrypt, decrypt, sign and verify
with six different public key or asymmetric schemes.
 Cyber Security Learning
Resources

109
 Courses and Certifications
Title Description URL
Cybrary Online library for information security domains https://www.cybrary.it
edX https://www.edx.org
Coursera https://www.coursera.org
Open online course provider
MOOC http://mooc.org/
Future Learn https://www.futurelearn.com
Udemy Global marketplace for teaching and learning https://www.udemy.com
Pluralsight Video training courses for software developers, IT https://www.pluralsight.com
administrators, and creative professionals
ITProTV eLearning offering a variety of IT courses https://www.itpro.tv

Code Academy Online resource for learning code https://www.codecademy.com

Station X Cyber security courses https://www.stationx.net/
Infosec Institute Provides certification-based training courses https://www.infosecinstitute.com/
TechExam.net Preparation material for cybersecurity certifications https://community.infosecinstitute.com
Preparation Community
Cybersecurity Course covers all the fundamental aspects of https://www.coursera.org/specializations/
Specialization by the cybersecurity in the creation of secure systems using cyber-security
University of Maryland cryptography
US Department of Courses focusing on providing structured courses on the https://ics-cert-training.inl.gov/learn
Homeland Security security of industrial control systems
Open Security Training Cybersecurity-related course matter which ranges from http://opensecuritytraining.info/Training.h
basic lessons on Android Security Testing to Advanced x86 tml
Virtualization courses
MIT Open CourseWare Courses range from network and computer security https://ocw.mit.edu/index.htm
to advanced cryptography and cryptanalysis
Cybersecurity and CISSP Course provides working knowledge about network https://mooc.kennesaw.edu/courses/cybe
by KSU security, cryptography, access control and other rsecurity.php
fundamental aspects of cybersecurity and CISSP
SANS Cyber Aces Online Online course that teaches the core concepts needed to https://www.cyberaces.org
assess, and protect information security systems.
 Video Lectures
Title Description URL
Khan Academy eLearning platform https://www.khanacademy.org
The PCSecurity https://www.youtube.com/user/ThePCSecurity/videos
Security Now https://www.youtube.com/user/TWiTSecurityNow/videos
Kaspersky Lab https://www.youtube.com/user/Kaspersky/videos
Youtube channel
Black Hat https://www.youtube.com/user/BlackHatOfficialYT/videos
Security Weekly https://www.youtube.com/user/SecurityWeeklyTV/videos
Cyber Security https://www.youtube.com/channel/UCUXouXpc6T-
sqPafAPegVTQ/videos
 Guidelines, Standards and
Frameworks
Title Description URL
ISO 27001/27002
CIS Critical Security Controls
Cyber Security
NIST Framework for Improving N/A
Framework
Critical Infrastructure Security
PCI DSS
ISACA IT governance. www.isaca.org
ISO 27001/27002 Cyber Security
CIS Critical Security Controls N/A
Framework
 Webinars, Blogs and Podcasts
Title Description URL
TED Talks on cybersecurity Influential videos from expert https://www.ted.com
speakers.
Stanford University’s Webinars and videos. https://computersecurity.stanford.e
cybersecurity webinars du
Schneier on Security Cyber security blogs and articles https://www.schneier.com
covering encryption, National
Security and more
Krebs on Security Cyber Security Blogs. https://krebsonsecurity.com

BrightTALK’s webinar stream https://www.brighttalk.com/commu

nity/it-security
Webinars and videos
BeyondTrust’s webinar https://www.beyondtrust.com/reso
offerings urces/webcasts
Risky Business Podcasts https://risky.biz/about/
 Tools and Applications
Title Description URL
Github Community of developers to discover, share, and build https://github.com
software

Exploit DB Exploits,Vulnerability Reports, Security Articles, Tutorials https://www.exploit-db.com

and more

CVE CVE security vulnerability database/information source https://www.cvedetails.com

Details
 Paper Repository
Title Description URL
SANS Reading Room InfoSec Reading Room Computer security research https://www.sans.org/reading-room/
and whitepapers

Springboard’s Online course that offers 40 plus resources across 9 https://www.springboard.com/resources

Foundations of core modules and thoroughly explains the most /learning-paths/cybersecurity-
Cybersecurity basic aspects of cybersecurity foundations/
Security Ebooks by Cyber Security ebooks https://www.oreilly.com/security/free/
O’Reilly Media
Whitepapers by Centre Meaningful information about the emerging https://www.cisecurity.org/resources
for Internet Security cybersecurity threats and their mitigation
Whitepapers and Good source for whitepapers, guides, and research https://www.comptia.org
Research Journals by related to technology
CompTIA
 Thank You

116