Certified Ethical Hacker

Lesson 7
Cryptographic Attacks and
Defenses
Lesson 7
Objectives

After reading this chapter you will be able to:

 Describe cryptography
 Explain symmetric and asymmetric encryption
 Describe how popular encryption algorithms work
 Define hashing and discuss the difference
between MD5 and SHA
 Explain digital signatures, steganography, digital
certificates, and PKI
 Know encryption cracking tools
 Functions of Cryptography

 The process to conceal the content of a message from everyone except

the people that know the key
 Encryption: Converting plain text into cipher text
 Authentication:
– Most common type is username and password.
 Integrity:
– Information remains unchanged.
 Confidentiality:
– Information is private while in storage or in transit.
– Achieved through encryption.
 Nonrepudiation:
– Ensures that the sender of data receives proof of delivery and the recipient is
assured of the sender’s identity.
– Achieved through digital signatures, digital certificates, and message
authentication codes.
 History of Cryptography

 Used throughout the ages by

– Spartans.
– Ancient Hebrews used a basic cryptographic system called ATBASH.
– Julius Caesar:
• Caesar cipher
• Simple substitution cipher
 Items used in cryptosystems:
– Algorithm
– Plaintext
– Ciphertext
– Cryptographic key
– Substitution cipher
– Symmetric encryption
– Asymmetric encryption
– Encryption
 Algorithms

 Set of rules used to encrypt and decrypt data.

 Used along with the key to encrypt the data.
 Plaintext encrypted with a different key or a different
algorithm produces different ciphertext.
 Modern systems use two types of algorithms:
– Symmetric:
• Uses the same key to encrypt and decrypt the
data
– Asymmetric:
• Uses different keys for encryption and decryption
 Symmetric Encryption

 The older of the two forms of encryption

 Uses a single shared secret key for encryption and decryption:
– Plaintext is encrypted with the key and then transmitted to the recipient who
uses the same key to decrypt it.
– Fast and hard to break if a large key is used.
– Disadvantages:
• Key distribution
• Does not provide authentication, only confidentiality
 Symmetric algorithms:
– DES
– Blowfish
– Rijndael
– RC4
– RC5
– SAFER
 Data Encryption Standard (DES)

 Developed by National Bureau of Standards

(NBS) – now NIST.
 Based on Lucifer algorithm developed by IBM
but modified to use 56-bit key.
 Must be recertified every 5 years.
 By 1993 outlived its usefulness, and NIST
began to look for new algorithm to replace it.
 In 1998 the Electronic Frontier Foundation
(EFF) cracked it in 23 hours.
 Data Encryption Standard (DES)
cont.
 Functions as a block cipher.
 Segments the input data into blocks.
 Processes 64-bit plaintext at a time, outputs 64 bits of ciphertext, and
works as a substitution cipher.
 Uses 56-bit key; the remaining bits are used for parity.
 Uses the same key to encrypt and decrypt the data.
 Performs 16 rounds on every 64-bit block.
 Has four modes or types, each with a different strength:
– Electronic Codebook mode (ECB)
– Cipher Block Changing mode (CBC)
– Cipher Feedback mode (CFB)
– Output Feedback mode (OFB)
 3DES was implemented to extend the usefulness of DES:
– Uses two or three keys; each key is 168 bit
 Advances Encryption Standard
(AES ) and Rivest Cipher (RC)
 In 2002 NIST replaced DES with Rijndael:
– Iterated block cipher supporting variable keys and block
lengths of 128, 192, or 256 bit
– Considered fast and simple and uses a four-step, parallel
series of rounds
 Rivest cipher (RC):
– General term for family of ciphers designed by Ron Rivest
– RC2: Variable key size and 64-bit block cipher
– RC4: Stream cipher
– RC5: Block cipher with rounds ranging from 0 to 255 and keys
from 0 to 2,040 bits
– RC6: Variable key size and rounds
 Asymmetric Encryption (Public
Key Encryption)
 Requires two keys:
– Public key: Given to anyone
– Private key: Kept a secret
 Uses difficult mathematical problems: Trapdoor function
 RSA:
– Developed in 1977 at MIT
– Uses two large prime numbers and works on the principle of factoring them
– Used for encryption and digital signatures
– Used by Internet Explorer and Firefox
 Diffie-Hellman:
– Developed for use as a key exchange protocol
– Used in SSL and IPsec
– Vulnerable to main-in-the-middle attack
 El Gamal:
– Used for encryption and digital signatures
– Based on the difficulty of solving discrete logarithm problems
 Elliptic Curve Cryptosystem (ECC):
– Requires less processing power: Used in PDAs and cell phones
 Hashing

 Takes a variable amount of data and uses an

algorithm to produce a fixed length hash value
 Used to provide integrity
 Collision:
– When two or more different files produce the same
hash value
 MD5:
– Produces 128-bit hash value
 SHA-1
– Produces 160- bit message digest
 Digital Signatures

 The application of asymmetric encryption for

authentication
 Similar to a real signature
– Validates the integrity of the document and identity
of the sender
 Uses five basic steps
 Steganography

 Hiding information in plain sight.

 Messages can be hidden in images, sound
files, other files, and white space.
 The file in which the data is hidden is called a
carrier.
 The actual amount of information hidden
depends on the size of the carrier file.
 Steganography programs can also use
encryption when hiding the message.
 Steganography Tools
 Tools hiding messages in documents
– Snow
 Tools hiding messages in sound files
– Steghide
– MP3Stego
 Tools hiding messages in pictures
– S-Tools
– ImageHide
– OutGuess
– WbStego
– JP Hide and Seek
 Steganalysis
– Discovering and extracting steganography content
 Digital Watermark

 Commercial application of steganography.

 Acts as a type of digital fingerprint and can be used to
verify the owner of the work.
 Could be used in cases of intellectual property theft to
show proof of ownership.
 Adobe Photoshop includes capability to add
watermarks.
 Digital Certificates
 Used to prove the identity of the owner.
 Similar to a passport .
 Issued by certificate authority:
– VeriSign
– Entrust
– Thawte
 Contain the following information:
– Identification information such as username, serial number,
and the validity dates of the certificate
– The public key of the certificate folder
– The digital signature of the signature authority
 X.509 is the standard for digital certificates.
 Public Key Infrastructure (PKI)

 Framework that consists of hardware, software, and

policies used to manage, create, store, and distribute
keys and digital certificates
 Components:
– The Certificate Authority (CA)
– The Certificate Revocation List (CRL)
– The Registration Authority (RA)
– Certificate Server
– X.509 Standard
 Trust Models

 Single Authority trust:

– Uses a single third-party central agency.
– The agency provides the trust, the authority, and any keys
issued by that authority.
 Hierarchical trust:
– The top layer of trust is the root CA.
– Root CA issues certificates to intermediate CAs.
– Intermediate CAs issue certificates to leaf CAs.
– Leaf CAs issue certificates to user.
 Web of trust:
– Consists of many supporters that sign each other’s certificates.
– PGP uses the web of trust model.
 Protocols, Standards, and
Applications
 Secure MIME (S/MIME):
– Supports X.509 digital certificates and RSA encryption
 Pretty Good Privacy (PGP):
– Similar to PKI but does not have a CA.
– Builds a web of trust.
– Users sign and issue their own keys.
 Secure Shell (SSH):
– Permits secure remote access over a network
 Secure Socket Layer (SSL):
– Provides security and privacy on the Internet
– Uses RSA public key cryptography
 IPsec:
– Can be used in tunnel and transport mode
 Point-to-point tunneling protocol (PPTP):
– Widely used in VPNs
 Encrypted File System (EFS):
– Developed by Microsoft to encrypt NTFS files and folders
 Bitlocker
– Works with Trusted Platform Model to encrypt hard or removable drives
 Encryption Cracking and Tools

 Types of cryptographic attacks:

– Known plaintext attack
– Ciphertext-only attack
– Man-in-the-middle attack
– Replay attack
– Chosen plaintext
– Chosen ciphertext
 Weak Encryption

 Weak encryption methods:

– XOR
– Base64
– Uuencode
 Encryption Cracking Tools

 Crtptanalysis
 CryptoBench
 JCryptTool
 AlphaPeeler
 Ganzua
 Crank
 EverCrack
 Passcracking
 Distributed Network Attack (DNA)
 John the Ripper
 Command Line Scripter
 CryptoHeaven
Lesson 7
Summary
 Define cryptography and know how it works.
 Know the difference between symmetric and asymmetric
encryption.
 Know how common algorithms work.
 Explain digital signatures and digital certificates.
 Define hashing.
 Understand steganography.
 Understand Public Key Infrastructure.
 Know encryption protocols.
 Explain basic cryptographic attacks.
 Know encryption cracking tools.