Professional Documents
Culture Documents
Module 19
C r y p to g r a p h y
M o d u le 19
CEH
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s v M o d u le 19: C r y p t o g r a p h y E x a m 3 1 2 -5 0
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
01 October 2012
The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many as 30 Australian businesses have now asked police for help coping with attacks in a matter of days. According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves. Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total. In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about 2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices. The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week. Worryingly, this attack used 256-bit encryption, to all intents and purposes impossible to crack if the key has not been exposed during the attack. "A lot of businesses can't afford the interruptions to their trade and will pay straight away," detective superintendent Brian Hay of Queensland's fraud and corporate crime group told press.
http://news.techworld.com
Copyright by
S e c u r it y N e w s .1* R a n s o m M a lw a r e H it s A u s t r a lia a s 30 B u s in e s s e s A tta c k e d Source: http://news.techworld.com The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many as 30 Australian businesses have now asked police for help coping with attacks in a matter of days. According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves. Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total. In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about 2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices. The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week.
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Worryingly, this attack used, to all intents and purposes impossible to crack if the key has not been exposed during the attack. "A lot of businesses can't afford the interruptions to their trade and will pay straight away/' detective superintendent Brian Hay of Queensland's fraud and corporate crime group told press. Ransom malware has become a serious issue during 2012, although its effect on businesses is rarely recorded. Most of the data that has become public has been in the form of police warnings based on attacks against consumers. Most attacks simply attempt to engineer users into believing their files are encrypted when they are not or make more general threats, often to report victims to national police for nonexistent crimes. The use of industrial-strength encryption is rare although this sort of technique is actually where the form started as long ago in 2006 with a piece of malware called 'Cryzip. In August, the FBI said it had been "inundated" with ransom malware reports from consumers, not long after the UK's Police Central e-Crime Unit (PCeU) publicised an identical spate of attacks that had affected over a thousand PCs in the UK. In the past the few security companies that have investigated the issue have pinned the blame on a single cabal of Russian criminals that seem able to operate with impunity. Now the same tactics appear to have spread to gangs in nearby countries such as the Ukraine and Romania. The suspicion is that some security vendors say little about the problem because not only is their software unable to stop infections but they can't always unlock the files after the fact either.
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le
O b je c tiv e s
1
CEH
J J J J J J J
C ry p to g rap h y E ncryption A lg o rith m s Ciphers W h a t Is SSH (S ecure Shell)? C ry p to g rap h y Tools Public Key In fra s tru c tu re (PKI) C ertificatio n A u th o ritie s
'J J J J J J J
D igital S ign atu re Disk Encryption Disk E ncryption Tool C ry p to g rap h y Attacks C od e B reaking M e th o d o lo g ie s C ryptanalysis Tools O n lin e M D 5 D ecryp tio n Tools
Copyright by
ft:
M o d u le O b je c t iv e s
Having dealt with various security concerns and countermeasures in the preceding modules, it is obvious that cryptography, as a security measure, is here to stay. This module will familiarize you with: s S S 0 S S S Cryptography Encryption Algorithms Ciphers What Is SSH (Secure Shell)? Cryptography Tools Public Key Infrastructure (PKI) Certification Authorities Digital Signature Disk Encryption Disk Encryption Tool Cryptography Attacks Code Breaking Methodologies Cryptanalysis Tools Online MD5 Decryption Tools
Ethical Hacking and Countermeasures Copyright by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le
F lo w
C EH
V V
X
M o d u le F lo w
To understand cryptography security measures, let's begin with cryptography and its associated concepts.
Cryptography Concepts
|*jiH
Encryption Algorithms
Cryptography Tools
Email Encryption
Disk Encryption
Cryptography Attacks
0^)
Cryptanalysis Tools
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
r y p
t o
r a
C E H
C r y p t o g r a p h y is t h e c o n v e r s i o n o f d a t a i n t o a s c r a m b l e d c o d e t h a t is d e c r y p t e d a n d s e n t a c r o s s a p r i v a t e o r p u b lic n e tw o rk
Cryptography is used to protect confidential data such as email messages, chat sessions, web transactions, personal data, corporate data, e-commerce applications, etc.
Objectives
J J
C onfidentiality Integrity
J J
E n c ry p tio n
>* Ciphertext
D e c ry p tio n
..............> Plaintext
C o p y rig h t b y
Process
Plaintext
Ciphertext
C ry p to g ra p h y
Everyone has secrets, and when it is necessary to transfer that secret information from one person to another, it's very important to protect that information or data during the transfer. Cryptography takes plaintext and transforms it into an unreadable form (ciphertext) for the purpose of maintaining security of the data being transferred. It uses a key to transform it back into readable data when the information reaches its destination. The word crypto is derived from the Greek word kryptos. Kryptos was used to depict anything that was concealed, hidden, veiled, secret, or mysterious. Graph is derived from graphia, which means writing; hence, cryptography means the art of "the secret writing." Cryptography is the study of mathematical techniques involved in information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography transforms plaintext messages to ciphertext (encrypted messages) by means of encryption. Modern cryptography techniques are virtually unbreakable, though it is possible to break encrypted messages by means of cryptanalysis, also called code breaking. There are four main objectives of cryptography:
C o n fid e n tia lity
According to the International Standards Organization (ISO), confidentiality is "ensuring that the information/data can be accessed only by those authorized." Confidentiality is the
M o d u le 19 P ag e 2788 Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
term used to describe the prevention of revealing information to unauthorized computers or users. Any breach in confidentiality may lead to both financial and emotional distress. There have been instances of organizations going bankrupt due to a system breach by rival organizations. Moreover, personal information in the wrong hands can ruin the lives of system users. Therefore, only authorized users should possess access to information.
In te g r ity
Integrity is ensuring that the information is accurate, complete, reliable, and is in its original form/' Valuable information is stored on the computer. Any data corruption/modification can reduce the value of the information. The damage that data corruption/modification can do to an organization is unfathomable. Integrity of the data is affected when an insider (employee) of an organization or an attacker deletes/alters important files or when malware infects the computer. Although it may be possible to restore the modified data to an extent, it is impossible to restore the value and reliability of the information. Examples of violating the data integrity include: 9 9 A frustrated employee deleting important files and modifying the payroll system Vandalizing a website and so on
A u th e n t ic a t io n
------ Authenticity is "the identification and assurance of the origin of information." It is important to ensure that the information on the system is authentic and has not been tampered with. It is also important to ensure that the computer users or those who access information are who they claim to be.
N o n r e p u d ia tio n
In digital security, nonrepudiation is the means to ensure that a message transferred has been sent and received by the persons or parties who actually intended to. Let us assume that party A is sending a message M with the signature S to the party B. Then party A cannot deny the authenticity of its signature S. It can be obtained through the use of: 9 Digital signatures: A digital signature functions as unique identifier for an individual, like a written signature. It is used to ensure that a message or document is electronically signed by the person. Confirmation services: It is possible to indicate that messages are received and/or sent by creating digital receipts. These digital receipts are generated by the message transfer agent.
............ >
C ip h e r te x t
Encryption D e c ry p tio n ^
L j
P la in te x t
M o d u le 19 P ag e 2789
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
y p e s
r y p
t o
r a
E H
(rtifwd itkKJl
1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------S y m m e tric E n cry p tio n Symmetric encryption (secret-key, shared-key, and private-key) uses the same key for encryption as it does for decryption
D e a rJ o h n , A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t
Symmetric Encryption
E n c ry p tio n D e c ry p tio n
| ..........
D e a rJ o h n , T h isism y A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t
D e a rJ o h n , A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t
Asymmetric encryption (public-key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys
C o p y rig h t b y
'C m
T y p e s
o f C ry p to g ra p h y
' "'The following are the two types of cryptography: 9 e Symmetric encryption (secret key cryptography) Asymmetric encryption (public key cryptography)
S y m m e tr ic E n c r y p t io n
'
The symmetric encryption method uses the same key for encryption and decryption. As shown in the following figure, the sender uses a key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver decrypts the ciphertext with the same key that is used for encryption and reads the message in plaintext. As a single secret key is used in this process symmetric encryption is also known as secret key cryptography. This kind of cryptography works well when you are communicating with only a few people.
M o d u le 19 P ag e 2 7 9 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
S y m m e tr ic E n c r y p tio n
Encryption
D e ar John, This is m y A /C n u m b e r 7 9 7 439283 0
f^ )
3
............
D ecryption
D e a rJ o h n ,
A /C n u m b e r 797 439283 0
Plain text
C iphertext
Plain text
FIGURE 19.2: Symmetric Encryption method The p r o b le m w ith th e se cre t key is tr a n s fe r r in g it o ve r th e large n e tw o r k or Internet w h ile p re v e n tin g it fr o m falling into th e w ro n g hands. In th is process, a n y o n e w h o k n o w s th e secret key can d e c ry p t th e message. This p r o b le m can be fixed by a s y m m e t r ic e n c r y p tio n . A s y m m e t r ic E n c r y p tio n ' 1 A s y m m e tr ic c r y p to g r a p h y uses d iffe re n t keys fo r e n c r y p tio n and d e c ry p tio n . In this
ty p e o f c ry p to g ra p h y , an end user on a p u b lic o r priva te n e tw o r k has a pair o f keys: a pu blic key fo r e n c r y p tio n and a p riv a te key fo r d e c ry p tio n . Here, a p r iv a te k e y c a n n o t be d e riv e d fro m th e p u b lic key. The a s y m m e tr ic c ry p to g ra p h y m e th o d has be e n p ro v e n t o be se cu re ag ainst attackers. th e re c e ive r d e c o d e s th e m e ssag e using a r a n d o m key g e n e r a te d by th e s e n d e r 's p u b lic key. A s y m m e t r ic E n c r y p tio n
Encryption
D ear John, This is m y A /C n u m b e r 7974392830
In
Decryption
D e arJo hn,
Plain text
Ciphertext
Plain text
M o d u le 19 P ag e 2791
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
G o v e rn m e n t A c c e s s
to
K e y s
(G A K )
E H
Government Access to Keys means that software companies will give copies of all keys, (or at least enough of the key that the remainder could be cracked) to the government
th\s \ssue
0n'y U seS
C u r t i s s u e s
and*ill
a
Sa *arram to do so
K e y s p ro v id e s
a u th o riz e d p e rso n n e l, u n d e r stip u la te d co n d itio n s , and can d e c ry p t th e data. The d a ta r e c o v e r y key s fo r e n c ry p tin g and d e c ry p tin g th e data are n o t sim ilar, but th e y in fo rm a m e th o d t o d e te r m in e th e e n c r y p tio n and d e c r y p tio n keys. T h e y in clu d e a key e s c ro w (used to refer th e sa fe g u ard th e data keys), key archive, key backup, and data r e c o v e r y system . Key r e c o v e ry sy ste m s have g a in e d p r o m in e n c e due to th e de sire o f g o v e r n m e n t in te llig e n c e and law e n fo r c e m e n t ag e n cie s to g u a r a n te e th e y have access t o th e e n c r y p te d in fo rm a tio n w it h o u t th e k n o w le d g e o r c o n s e n t o f e n c r y p tio n users. A w e ll-d e s ig n e d c ry p to s y s t e m p ro v id e s s e c u rity by re co v e rin g th e e n c r y p te d da ta w it h o u t p r o p e r in fo rm a tio n a b o u t th e c o r r e c t key. The m a in te n a n c e o f such h ig h - s e c u r ity m e asu re s m ay cause p r o b le m s to th e o w n e r o f th e e n c ry p te d data if th e o w n e r lo ses th e key. The e ve n tu a l goal o f g o v e r n m e n t- d r iv e n re c o v e r y e n c ry p tio n , as state d in th e US D e p a r tm e n t o f C o m m e r c e 's re c e n t e n c ry p tio n re gulatio n s, "E n v is io n s a w o r ld w id e key m anagement in fra stru c tu re w ith th e use o f key e sc ro w an d key re c o v e ry e n c r y p tio n ite m s." The C lip p e r Chip is a hardw are-based c r y p to g r a p h ic d e v ice used to se cu re private
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
p o l ic i e s , s e c u r i t y c a p a b i l i t i e s , a n d f u t u r e c a n n o t b e k n o w n .
M o d u le 19 P ag e 2793
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
l e
l o
E H
C o p y rig h t b y
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y and th e co n ce p ts associated w ith it. N ow w e w ill discuss e n c ry p tio n key c o n c e p ts o f c ry p to g ra p h y . T here are m any m echanism s, i.e, e n c ry p tio n a lg o rith m s , th a t a llo w yo u to e n c ry p t th e p la in te x t.
C ry p to g ra p h y C on ce p ts
p i 1 1 1 :1 1 1 1
E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
Em ail E n c ry p tio n
Disk E n c ry p tio n
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
This s e ctio n describes cip he rs and v a rio u s e n c ry p tio n a lg o rith m s such as AES, DES, RC4, RC5, RC6, DSA, RSA, M D 5 , and SSH.
M o d u le 19 P ag e 2794
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
C ip h e r s C ry p to g ra p h y re fe rs to se cre t w r itin g and a cip h e r is n o th in g m o re th a n an a lg o rith m used fo r b o th e n c ry p tio n as w e ll as d e c ry p tio n . The tra d itio n a l m e th o d o f e n codin g and d e co d in g used to be in a d iffe r e n t fo rm a t, w h ic h p ro v id e d n u m b e rin g fo r each le tte r o f th e a lp h a b e t and used to e nco d e th e given message. If th e a tta c k e r also kn e w th e n u m b e rin g s yste m , he o r she cou ld d eco de it. In c ry p to g ra p h y , th e c ip h e r a lg o rith m used fo r e n co d in g is kn o w n as e n cip h e rin g and de co d in g is k n o w n as d e c ip h e rin g . Example: a b c d e f g h...z a re g iven in codes o f n u m e ric a l n u m b e rs, such as 1 2 3 4 5...26. The m essage can be e n co d e d based on th is e xam ple and can be d ecode d as w e ll. In a c ip h e r, th e m essage a p pe a rs as p la in te x t b u t has been enco d e d th ro u g h a key. Based on th e re q u ire m e n ts th e key co uld be a sym b o l o r som e o th e r fo rm o f te x t. If th e m essage is h ig h ly c o n fid e n tia l, th e n th e key is re s tric te d to th e se n d e r and re c ip ie n t, b u t in som e cases in open d o m ain s, som e keys a re shared w ith o u t a ffe c tin g th e m ain data. T he re are v a rio u s typ e s o f ciph ers:
M o d u le 19 P ag e 2795
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
vv (! IT O W j
C la s s ic a l C ip h e r s Classical ciphers are th e m o st basic ty p e o f cip h e rs th a t o p e ra te on a lp h a b e t le tte rs , such as A-Z. These are usually im p le m e n te d e ith e r by hand o r w ith sim p le m e ch a n ica l
S u b s titu tio n c ip h e r: The u n its o f p la in te x t are replaced w ith c ip h e rte x t. It replaces bits, cha ra cters, o r blocks o f ch a ra c te rs w ith d iffe re n t bits, ch a ra cte rs, o r blocks.
Jjy
p ro v id e m essage secrecy, in te g rity , and a u th e n tic a tio n o f th e sender. The m o d e rn cip h e rs are ca lcu la te d w ith th e help o f a o n e -w a y m a th e m a tic a l fu n c tio n th a t is capable o f fa c to rin g large p rim e n u m b e rs . M o d e rn ciph ers are again classified in to tw o cate g o rie s based on th e ty p e o f key and th e in p u t d ata . T hey are: Based on th e ty p e o f k e y used
9
P u b lic -k e y c ry p to g ra p h y (a s y m m e tric key a lg o rith m ): T w o d iffe re n t keys are used fo r e n c ry p tio n and d e c ry p tio n .
R L
C H *)-
Based on th e ty p e o f in p u t d a ta
9
size w ith an u n v a ry in g tra n s fo rm a tio n sp e cifie d by a s y m m e tric key. 9 S tre a m c ip h e rs : Refer to s y m m e tric key ciphers. This is o b ta in e d by c o m b in in g th e p la in te x t d ig its w ith a key s tre a m (p s e u d o ra n d o m cip h e r d ig it stre a m ).
M o d u le 19 P ag e 2 7 9 6
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
D a ta
E n c r y p tio n
S ta n d a r d
(D E S )
C E H
The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56-bit key
1 Hm U
H3
D E S is the archetypal block cipher an algorithm that takes a fixed-length string of plaintext bits and transforms it into a ciphertext bitstring of the same length
Due to the inherent weakness of D E S with today's technologies, some organizations repeat the process three times (3DES) for added strength, until they can afford to update their equipment to AES capabilities
C o p y rig h t b y
D a ta E n c r y p tio n S ta n d a r d (D E S ) - rrY =r |* --------- DES is th e nam e o f th e Federal in fo rm a tio n Processing S tandard (FIPS) 4 6 -3 th a t describes th e data e n c ry p tio n a lg o rith m (DEA). It is a s y m m e tric c ry p to s y s te m d e sig n e d fo r im p le m e n ta tio n in h a rd w a re and used fo r sin g le -u se r e n c ry p tio n , such as to s to re file s on a hard disk in e n c ry p te d fo rm . DES gives 72 q u a d rillio n o r m o re possible e n c ry p tio n keys and choses a ra n d o m key fo r each m essage to be e n c ry p te d . T ho u g h DES is co n sid e re d to be s tro n g e n c ry p tio n , a t p re se n t, trip le DES is used by m any o rg a n iz a tio n s . T rip le DES applies th re e keys successively.
M o d u le 19 P ag e 2797
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
A d v a n c e d
X l U l J I
E n c r y p tio n
S ta n d a rd t
_ t H
ttfciul lUchM
UrtifW4
AES is a symmetric-key algorithm for securing sensitive but unclassified material by U.S. government agencies
C ip h e r b e g in
AES P s e u d o c o d e
(b y te in [4 * N b ], b y te o u t[4 * N b ]
w o rd w [N b * (N r+ 1 ) ] )
AES is an iterated block cipher, which works by repeating the same operation multiple times
b y te s ta te
s t a t e [ 4 , Nb] = in
A d d R o u n d K e y ( s t a t e , w) fo r ro u n d = 1 s te p 1 to N r-1
S u b B y te s (s ta te ) S h if tR o w s ( s ta te )
M ix C o lu m n s ( s ta t e ) A d d R o u n d K e y ( s ta te , end fo r w + ro u n d * N b )
128,192, and 256 bits, respectively for AES128, AES-192, and AES-256
S u b B y te s (s ta te ) S h if tR o w s ( s ta te ) A d d R o u n d K e y ( s ta te , w + N r*N b ) out = s ta te
C o p y rig h t b y
A d v a n c e d
E n c r y p tio n
S ta n d a rd
(A E S )
The A dvan ced E n c ry p tio n S tandard (AES) is a N a tio n a l In s titu te o f S ta n d a rd s and T e c h n o lo g y s p e c ific a tio n fo r th e e n c ry p tio n o f e le c tro n ic data. It can be used to e n c ry p t d ig ita l in fo rm a tio n such as te le c o m m u n ic a tio n s , fin a n c ia l, and g o v e rn m e n t data. AES consists o f a s y m m e tric -k e y a lg o rith m , i.e., b o th e n c ry p tio n and d e c ry p tio n are p e rfo rm e d using th e sam e key. It is an ite ra te d block c ip h e r th a t w o rk s by re p e a tin g th e d e fin e d steps m u ltip le tim e s. This has a 1 2 8 -b it block size, w ith key sizes o f 128, 192, and 256 bits, re sp e ctive ly, fo r AES-128, AES-192, and AES-256. AES P seudo co de In itia lly , th e c ip h e r in p u t is c o p ie d in to th e in te rn a l sta te and th e n an in itia l ro u n d key is added. The s ta te is tra n s fo rm e d by ite ra tin g a ro u n d fu n c tio n in a n u m b e r o f cycles. Based on th e block size and key le n g th , th e n u m b e r o f cycles m ay vary. O nce ro u n d in g is c o m p le te d , th e fin a l sta te is co pie d in to th e c ip h e r o u tp u t. C ip h e r w [N b * (N r+ 1 )]) b e g in b y t e s t a t e [4 , s ta te = in Nb] ( b y te i n [4 * N b ], b y te out [4 * N b ], w o rd
M o d u le 19 P ag e 2798
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
AddR oundKey
(s ta te ,
w)
M o d u le 19 P ag e 2799
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
R C 4 ,
R C 5 ,
R C 6
lg o r it h m
C E H
A variable key size stream cipher with byteoriented operations, and is based on the use of a random permutation
It is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. The key size is 128-bits
R C 6 is a symmetric key block cipher derived from R C 5 with two additional features:
Uses Integ er m ultip lica tio n Uses fo u r 4 -b it w o rking registers (RC5 uses tw o 2 -b it registers)
C o p y rig h t b y
R C 4 , R C 5 , a n d R C 6 A lg o r ith m s The e n c ry p tio n a lg o rith m s d e v e lo p e d by RSA S e cu rity are: RC4 RC4 is a stre a m c ip h e r fo r RSA S ecurity, w h ic h Rivest designed. It is a va ria b le key-size stre a m c ip h e r w ith b y te -o rie n te d o p e ra tio n s and is based on th e use o f a ra n d o m p e rm u ta tio n . A cco rd in g to som e analysis, th e p e rio d o f th e c ip h e r is like ly to be g re a te r th a n 10100. For each o u tp u t b yte , e ig h t to sixte e n system o p e ra tio n s are used, w h ic h m eans th e c ip h e r can ru n fa s t in s o ftw a re . In d e p e n d e n t analysts have had a ca re fu l and c ritic a l look at th e a lg o rith m , and it is co n sid e re d secure. P roducts like RSA SecurPC use th is a lg o rith m fo r file e n c ry p tio n . Rc4 is also used fo r safe c o m m u n ic a tio n s like tr a ffic e n c ry p tio n , w h ic h secures w e b site s and fro m secure w e b s ite s w ith SSL p ro to c o l. RC5 RC5 is a b lo c k c ip h e r k n o w n fo r its s im p lic ity . Ronald Rivest designed it. This a lg o rith m has a v a ria b le b lo ck size and key size and a v a ria b le n u m b e r o f ro u n d s. The choices fo r th e block-size are 32 bits, 64 bits, and 128 bits. The ite ra tio n s range fr o m 0 to 255; w h erea s th e key sizes have a range fro m 0 to 2040 bits. It has th re e ro u tin e s : key e xpansio n, e n c ry p tio n , and d e c ry p tio n . RC6
M o d u le 19 P ag e 2 8 0 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
It is a block c ip h e r th a t is based on RC5. Like in RC5, th e block size, th e key size, and th e n u m b e r o f ro u n d s are v a ria b le in th e RC6 a lg o rith m . The key-size ranges fro m 0 b its to 2040. In a d d itio n to RC5, RC6 has tw o m o re fe a tu re s , w h ic h are th e a d d itio n o f in te g e r m u ltip lic a tio n and th e usage o f fo u r 4 - b it w o rk in g re g iste rs as an a lte rn a tiv e to RC5 s tw o 2 -b it registers.
M o d u le 19 P ag e 2801
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
T h e
D S A
a n d
R e la te d
S ig n a tu r e C E H
S c h e m e s
Digital Signature
_ 9 The digital signature is computed using a set of rules (i.e., the D SA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified
1. 2. 3.
Select a p rim e n u m b e r q such th a t 2159 < q < 2160 Choose t so th a t 0 < t 8 Select a p rim e n u m b e r p such th a t 2511*64' < p < 2512*64' w ith th e a d d itio n a l p ro p e rty th a t q divides (p-1) Select a g e n e ra to r a o f th e u n iq u e cyclic group o f o rd e r q in Z *p To co m p u te a , select an e le m e n t g in and co m p u te m od p
4. 5. 6. 7. 8.
If a = 1, p e rfo rm step fiv e again w ith a d iffe re n t g Select a ran d o m a such th a t 1 < a < q-1 C om pute y= a m od p
C o p y rig h t b y
T h e
D S A
a n d
R e la te d
S ig n a tu r e
S c h e m e s
A d ig ita l s ig n a tu re is a m a th e m a tic a l schem e used fo r th e a u th e n tic a tio n o f a d ig ita l m essage. D ig ital S ignature A lg o rith m (DSA) is in te n d e d fo r its use in th e U.S. Federal In fo rm a tio n Processing S tandard (FIPS 186) called th e D ig ita l S ig n a tu re S ta n d a rd (DSS). DSA w as a c tu a lly p ro p o s e d by th e N a tio n a l In s titu te o f S tandards and T e ch n o lo g y (NIST) in A ugust 1991. NIST m ade th e U.S. P a te nt 5 ,2 31,6 68 th a t covers DSA a va ila b le w o rld w id e fre e ly . It is th e fir s t d ig ita l s ig n a tu re schem e reco gn ized by any g o v e rn m e n t. A d ig ita l s ig n a tu re a lg o rith m includes a sig n a tu re g e n e ra tio n process and a s ig n a tu re
v e rific a tio n process. S ig n a tu re G e n e ra tio n Process: The p riv a te key is used to k n o w w h o has signed it. S ig n a tu re V e rific a tio n Process: T he p u b lic key is used to v e rify w h e th e r th e g iven d ig ita l s ig n a tu re is g e n u in e o r n o t. As to th e p o p u la rity o f o n lin e sh o p p in g g row s, e -p a y m e n t system s and va rio u s o th e r e le c tro n ic p a y m e n t m odes re ly on v a rio u s system s like DSA. B e n e fits o f DSA: e e Less chances o f fo rg e ry as it is in th e case o f w r itte n s ig n a tu re , Q uick and easy m e th o d o f business tra n s a c tio n s , Fake c u rre n c y p ro b le m can be d ra s tic a lly reduced.
M o d u le 19 P ag e 2802
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
C o p y rig h t b y
R S A ( R iv e s t S h a m ir A d le m a n ) RSA is a p u b lic -k e y c ry p to s y s te m . It uses m o d u la r a rith m e tic and e le m e n ta ry n u m b e r th e o rie s to p e rfo rm c o m p u ta tio n s using tw o large p rim e n u m b e rs. RSA e n c ry p tio n is w id e ly used and is th e d e -fa c to e n c ry p tio n sta n d a rd . Ron Rivest, Adi S ham ir, and Leona rd A d le m a n fo rm u la te d RSA, a p u b lic key c ry p to s y s te m fo r e n c ry p tio n and a u th e n tic a tio n . It is usu a lly used w ith a se cre t key c ry p to s y s te m , like DES. The RSA system is w id e ly used in a v a rie ty o f p ro d u cts, p la tfo rm s , and in d u s trie s . M a n y o p e ra tin g system s like M ic ro s o ft, A p p le , Sun, and N ovell bu ild th e RSA a lg o rith m s in to th e existing versions. It can also be fo u n d on h a rd w a re secured te le p h o n e s , on E th e rn e t n e tw o rk cards, and on s m a rt cards. C o nsid er th a t A lice uses th e RSA te c h n iq u e to send Bob a message. If A lice d e sire s to c o m m u n ic a te w ith B ob , she e n cryp ts th e m essage using a ra n d o m ly chosen DES key and sends it to Bob. Then she w ill lo o k up Bob's p u b lic key and use it to e n c ry p t th e DES key. The RSA d ig ita l e n ve lo p e , w h ic h is se n t to Bob by A lice, consists o f a D E S -encrypted message and R S A -encrypted DES key. W he n Bob receives th e d ig ita l en ve lo p e , he w ill d e c ry p t th e DES key w ith his p riv a te key, and th e n use th e DES key to d e c ry p t th e m essage itse lf. This system c o m b in e s th e high s pe ed o f DES w ith th e ke y m a n a g e m e n t c o n v e n ie n c e o f th e RSA s y s te m . The w o rk in g o f RSA is as fo llo w s : T w o large p rim e n u m b e rs are ta ke n (say "a " and " b " ), and th e ir p ro d u c t is d e te rm in e d (c = ab, w h e re "c " is called th e m o d u lu s). A n u m b e r " e " is chosen such th a t it is less th a n "c " and re la tiv e ly p rim e to ( a - l) ( b - l) , w h ic h m eans th a t " e " and ( a - l) ( b -
M o d u le 19 P ag e 2803
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
1) have no c o m m o n fa c to rs e xce pt 1. A p a rt fro m th is, a n o th e r n u m b e r " f " is chosen such th a t (e f - 1) is d iv is ib le by ( a - l) ( b - l) . The values " e " and " f " a re called th e p u b lic and p riv a te e xp o n e n ts, re s p e c tiv e ly . The p u b lic key is th e p a ir (c, e); th e p riv a te key is th e p a ir (c, f). It is co n sid e re d to be d iffic u lt to o b ta in th e p riv a te key f" fro m th e p u b lic key (c, e). H o w e ve r, if so m e o n e can fa c to r " c " in to "a " and " b " , th e n he o r she can d e cip h e r th e p riv a te key " f" . The s e c u rity o f th e RSA system is based on th e a ssu m p tio n th a t such fa c to rin g is d iffic u lt to ca rry o u t, and th e re fo re , th e c ry p to g ra p h ic te c h n iq u e is safe.
M o d u le 19 P ag e 2804
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
x a m
p le
o f R S A
lg o r it h m
C E H
P Q PQ E D
= 61 = 53 =3233 = 17 =2753
<= f i r s t
p r im e
(d e s tro y (d e s tro y to
t h is t h is
a f t e r c o m p u t in g E a n d a f t e r c o m p u t in g E and
D) D)
o th e rs ) t h is t h is to o th e rs )
exponent exponent
( g iv e (k e e p
s e c re t!)
Y o u r p u b lic Y o u r p r iv a t e The
(E ,P Q ). D. is : e n c ry p t(T ) = = ( T AE ) m o d PQ m od 3 2 3 3 m o d PQ m od 3 2 3 3
e n c r y p t io n
fu n c tio n
(T "1 7 ) = (C AD )
The
d e c r y p t io n
fu n c tio n
is :
d e c ry p t(C ) =
(0 *2 7 5 3 ) t h is :
To
e n c ry p t
th e =
p la in te x t ( 1 2 3 A1 7 )
v a lu e
123,
do
e n c r y p t (1 2 3 )
m od 3 2 3 3
= 3 3 7 5 8 7 9 1 7 4 4 6 6 5 3 7 1 5 5 9 6 5 9 2 9 5 8 8 1 7 6 7 9 8 0 3 m od 32 3 3 = 855 To d e c ry p t th e = = c ip h e r te x t v a lu e 855, do t h is :
d e c r y p t (8 5 5 )
(8 5 5 *2 7 5 3 ) 123
m od 3 2 3 3
I
C o p y rig h t b y
E x a m p le
o f R S A A lg o r ith m
RSA re ta in s its s e c u rity th ro u g h th e a p p a re n t d iffic u lty in fa c to rin g large c o m p o s ite s . Yet th e re is a p o s s ib ility o f d isco v e rin g th e p o ly n o m ia l tim e fa c to rin g a lg o rith m using th e advance n u m b e r th e o ry . T h ere a re th re e fa c to rs th a t can a g g ra va te th e path to w a rd s c o m p ro m is in g RSA se cu rity. The advances in clu d e fa c to rin g te c h n iq u e , c o m p u tin g p o w e r, and decrease in th e e x p e n d itu re o f th e h a rd w a re . The w o rk in g o f RSA as exp la in e d b e fo re is illu s tra te d in th e fo llo w in g exa m p le . For P = 61 and Q = 53, PQ = 3233. Taking a p u blic e x p o n e n t, E = 17, and a p riv a te e x p o n e n t, D = 2753, it can be e n c ry p te d in to plain te x t 123 as s h ow n as fo llo w s : P = 61 Q = 53 <= fir s t p rim e n u m b e r (d e s tro y th is a fte r c o m p u tin g E and D) <= second p rim e n u m b e r (d e s tro y th is a fte r c o m p u tin g E and D)
D = 2753 <= p riv a te e x p o n e n t (keep th is s e c re t!) Y our p u b lic key is (E,PQ). Y our p riv a te key is D.
M o d u le 19 P ag e 2805
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
The e n c ry p tio n fu n c tio n is: e n cry p t(T ) = (TAE) m od PQ = (TA17) m od 3233 The d e c ry p tio n fu n c tio n is: decrypt(C ) = (CAD) m od PQ = (CA2753) m od 3233 To e n c ry p t th e p la in te x t va lu e 123, do th is : e n c ry p t(1 2 3 ) = (1 2 3 A17) m od 3233 = 3 3 7 5 8 7 9 1 7 4 4 6 6 5 3 7 1 5 5 9 6 5 9 2 9 5 8 8 1 7 6 7 9 8 0 3 m od 3233 = 855 To d e c ry p t th e c ip h e r te x t valu e 855, do th is : d e c ry p t(8 5 5 ) = (8 5 5 *2 7 5 3 ) m o d 3233 = 123
M o d u le 19 P ag e 2 8 0 6
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
T h e
R S A
ig n a t u r e
S c h e m
E H
U r t i f w d t f e M J l N m I m
A lg o rith m K e y g e n e ra tio n fo r th e R S A s ig n a tu re s c h e m e
S U M M A R Y : e a c h e n t it y c r e a te s a il R S A p u b lic k e y a n d a c o r r e s p o n d in g p r iv a t e k e y . E a c h e n t it y A s h o u ld d o th e f o l lo w in g : 1 . G e n e r a te t w o la r g e d is tin c t r a n d o m p r im e s 2 . C o m p u te
and
q.
e a c h r o u g h ly th e s a m e s iz e .
n = pq
and<j> =
{p
1 <
l ) ( q 1 ).
3 . S e le c t a r a n d o m in t e g e r
e,
th a t g c d ( e , ^ ) =
1.
4 . U s e th e e x t e n d e d E u c lid e a n a l g o r it h m ( A l g o r it h m 2 . 10 ) t o c o m p u t e t lie u n iq u e in te g e r 5.
d.
1 <
<
<p. s u c h
t lia t
1 (m o d 0 ) .
A 's
p u b lic k e y is ( f t , c ) .
's p r iv a t e k e y is
d.
s s ig n a t u r e a n d
m H
(b) Compute = hd mod n (c) A s signal me for m is s. 2. Verification To verity A '* signature .<and recover the message m. H should: ( a ) O b t a in A \ a u t h e n t ic p u b lic k e y ( n , p ) .
( b ) C'o m p u t e
.1 1
m ) . a n in t e g e r in th e r a n g e [ 0 ,
11
1]
m = s*
m o rl n
(c) Verify that m M r : if not. reject the signature. (d) Recover rn = R 1(in ).
C o p y rig h t b y
|p S |\ ------
T h e
R S A S ig n a tu r e
S c h e m e
RSA is used fo r b o th p u b lic key e n c ry p tio n and fo r a d ig ita l sig n a tu re (to sign a
m essage). The RSA s ig n a tu re schem e is th e firs t te c h n iq u e used to g e n e ra te d ig ita l s ig n a tu re s . It is a d e te rm in is tic d ig ita l sig n a tu re schem e th a t p ro vid e s m essage re c o v e ry fro m th e s ig n a tu re its e lf. It is th e m o s t p ra c tic a l and v e rs a tile te c h n iq u e a va ilable . RSA in volve s b o th a p u b lic key and a p riv a te key. The p u b lic key, as th e nam e in d ica te s, m eans any person can use it fo r e n c ry p tin g m essages. The messages th a t are e n c ry p te d w ith th e p u b lic key can o n ly be d e c ry p te d w ith th e help o f th e p riv a te key. C onsider th a t John e n c ry p ts his d o c u m e n t M using his p riv a te key SA, th e re b y cre a tin g a s ig n a tu re Sj0hn(M ). John sends M along w ith th e sig n a tu re Sj0hn(M ) to A lice. A lice d e cryp ts th e d o c u m e n t using A lic e 's p u b lic key, th e re b y v e rify in g J o h n 's s ig n a tu re . RSA ke y g e n e ra tio n The p ro c e d u re fo r RSA key g e n e ra tio n is c o m m o n fo r all th e RSA-based s ig n a tu re schem es. To g e n e ra te an RSA key pair, i.e., b o th an RSA p u b lic ke y and c o rre s p o n d in g p riv a te key, each e n tity A s h o u ld do th e fo llo w in g : 9 9 Select tw o large d is tin c t p rim e s p and q a rb itra rily , each o f ro u g h ly th e sam e b it le n g th C o m p u te n=pq and (j> = (p -l)(q -l)
M o d u le 19 P ag e 2807
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
9 9 9
Choose a random integer e l<e< < > such that get(e, (J))= l Use the extended Euclidean algorithm in order to compute the unique integer d, l<d< ( j ) such that ed= 1 (mod < j > ) The public key of A is (n, e) and private key is d
Destroy p and q at the end of the key generation The RSA signature is generated and verified in the following way.
S ig n a tu re g e n e ra tio n
In order to sign a message m, A does the following: 9 9 9 Compute m* =R(m) an integer in [0, n-1] Compute s = m d mod n A's signature for m is s
S ig n a tu re v e rific a tio n In o rd e r to v e rify A's s ig n a tu re s and re c o v e r m essage m, B sh o u ld do th e fo llo w in g : 9 9 9 9 O b ta in A's a u th e n tic p u b lic key C o m p u te m * = se m od n V e rify th a t m * is in M r; if n o t, re je c t th e s ig n a tu re R ecover m = R 1(m *) (e, n)
M o d u le 19 P ag e 2808
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
M e s s a g e F u n c tio n s
D ig e s t ( O n e - w a y
H a s h )
r |
g u
U r t m w tillm l N m I m
c 1a
rtf* rV 1
Hash functions calculate a unique fixed-size bit string representation called a message digest of any arbitrary block of L. information
a l4 0 9 2 a f9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a
M e s s a g e D ig e st F u n c tio n
Note:
M essage digests are also called one-way bash functions because they cannot be reversed
C o p y rig h t b y
M e s s a g e I I L
D ig e s t ( O n e - w a y H a s h ) F u n c tio n s
a single large n u m b e r, ty p ic a lly b e tw e e n 128- and 2 5 6 -b its in le n g th . M essage d igest fu n c tio n s c a lcu la te a u n iq u e fix e d -s iz e b it s trin g re p re s e n ta tio n called hash v a lu e o f any a rb itra ry block o f in fo rm a tio n . The best m essage dig est fu n c tio n s c o m b in e th e s e m a th e m a tic a l p ro p e rtie s . Every b it o f th e message d ig e s t fu n c tio n is in flu e n c e d by e ve ry b it o f th e fu n c tio n 's in p u t. If any given b it o f th e fu n c tio n 's in p u t is chan ge d, e v e ry o u tp u t b it has a 50 p e rc e n t chance o f changing. G iven an in p u t file and its c o rre s p o n d in g m essage digest, it sh o u ld be in fe a sib le to fin d a n o th e r file w ith th e sam e m essage d ig est value. M essage digests are also called o n e -w a y bash fu n c tio n s because th e y p ro d u ce values th a t are d iffic u lt to in v e rt, re s is ta n t to a tta c k , m o s tly u n iq u e , and w id e ly d is trib u te d . M essage d ig e s t fu n c tio n s :
e
e e 9
HMAC
MD2 MD4 MD5
SHA
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le 19 P ag e 2809
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
SHA-1
a l4 0 9 2 a f9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a
D ocum ent
Hash V alue
M o d u le 19 P ag e 2 8 1 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
M e s s a g e
D ig e s t F u n c tio n : M D 5
H is a hash fu n c tio n th a t is a tra n s fo rm a tio n th a t accepts a v a ria b le o f any size as an in p u t, m , and re tu rn s a s trin g o f a c e rta in size. This is called th e hash va lu e h. i.e. h=H (m ). The fu n d a m e n ta l re q u ire m e n ts fo r th e c ry p to g ra p h ic hash fu n c tio n s are: 9 9 In p u t o f any le n g th O u tp u t o f a fix e d le n g th
A nd H (x), can be easily c o m p u te d fo r any va lu e o f x and it m ust be o n e -w a y (i.e., it c a n n o t be in v e rte d and it has an in fe a s ib le c o m p u ta tio n fo r th e given in p u t) and co llis io n fre e . H is co n sid e re d to be a w e a k c o llis io n fre e hash fu n c tio n if th e given m essage x is in fe a s ib le to fin d a m essage y, so th a t H (x) =H (y). It is a co llisio n fre e hash fu n c tio n if it is in fe a sib le to fin d any tw o m essages x and y such th a t H (x) =H (y). The m ain ro le o f a c ry p to g ra p h ic hash fu n c tio n is to p ro v id e d ig ita l signatures. Hash fu n c tio n s are re la tiv e ly fa s te r th a n d ig ita l sig n a tu re a lg o rith m s ; hence, its c h a ra c te ris tic fe a tu re is to c a lcu la te th e s ig n a tu re o f th e d o c u m e n t's hash value, w h ic h is s m a lle r th a n th e d o c u m e n t. th e source o f th e d o c u m e n t. M D 2, M D 4, and M D 5 a lg o rith m s th a t R ive st d e ve lo p e d are m e ssa g e -d ig e st a lg o rith m s th a t are used in d ig ita l sig n a tu re a p p lic a tio n s , w h e re th e d o c u m e n t is com pressed se cu re ly b e fo re being In a d d itio n , a dig est can be used p u b lic ly w ith o u t m e n tio n in g th e c o n te n ts o f th e d o c u m e n t and
M o d u le 19 P ag e 2811
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
signed w ith th e p riv a te key. The a lg o rith m s m e n tio n e d here can be o f v a ria b le le n g th b u t w ith th e re s u lta n t m essage d ig est o f 1 2 8 -b it. The s tru c tu re s o f all th re e a lg o rith m s a p p e a r to be s im ila r, th o u g h th e design o f M D 2 is re a so n a b ly d iffe r e n t fro m M D 4 and M D 5. M D2 w as designed fo r th e 8 - b it m achines, w h e re a s th e M D 4 and M D 5 w e re d esigne d fo r th e 3 2 -b it m achines. The message is added w ith extra bits to m ake sure th a t th e le n g th o f th e bits is d iv is ib le by 512. A 6 4 -b it b in a ry m essage is added to th e m essage. D e v e lo p m e n t o f a tta cks on ve rsion s o f M D 4 has progressed ra p id ly and D o b b e rtin sh o w e d h o w collisio n s fo r th e fu ll v e rs io n o f M D 4 c o u ld be fo u n d in u n d e r a m in u te on a ty p ic a l PC. M D 5 is re la tiv e ly secure b u t is s lo w e r th a n M D 4. This a lg o rith m has fo u r d iffe re n t rounds, w h ic h are designed w ith s lig h t d iffe re n c e s th a n th a t o f M D 4, b u t b o th th e m essage-digest size and p ad d in g re q u ire m e n ts re m a in th e same. B ru te F o rc e o f M D 5 t_ 3 ) The e ffe c tiv e n e s s o f th e hash fu n c tio n can be d e fin e d by checking th e o u tp u t
p ro d u c e d w h e n an a rb itra ry in p u t m essage is ra n d o m ize d . T here are tw o types o f b ru te -fo rc e a tta c k s fo r o n e -w a y hash fu n c tio n : N orm al b ru te fo rc e and b irth d a y a tta ck. Exam ples o f a fe w m essage digests are: 9 e c h o " T h e re i s CHF1500 i n th e b lu e b o " I md5sum
F ile _] batch_renam e.png 1 1change_attributes.htm l 1change_attributes.png change_case.htm l Q change_case.png 1 1checksum verify,png _J convert.htm l 1convert, png LJ convert_menu.png r 1file_com parator.htm l
[J file_com parator.png
clipboard,hint
S ize 14 472 8 574 7 957 8 756 G821 8117 9 289 7 080 8 735 8 575 17 787
C R C 18528C0A 58101E09 2531F C 3E FC 41186B 2D34D339 3D8D9801 BE535A89 D 760C FC 6 638F8F0F 44ED5DC4 D 1G F0E 2B
M D5 EAF2C 712FG E537AE1FEFD 3FA1A4F4AAB E18D 9F81C C F9A300F79321E8C 7G 8E021 5E8A 8FB259C 7FDF790E5597C8154AF38 DDCAD7CF08BF7897D5B8B5F9806B47FD 04FED507091F5F095D977B358EC 20EED AC 8AFE99B76BD1022AC 7B2E34A7E1C 49 902BA23D7C C95EA2999CDA2EF1B 27B 41 F117G C79G 7E1D A2C A743D 26D E9F1B0C 0 3F1BBD5E0B0B9E86970EDBA9705F14D4 959981C 3E7D7559C 9EE77965302A6E0A C1AE151G BEABC 17ED EFB58212D 2C 5331
-1
Save S F V ...
Save M D 5...
C lose
FIGURE 1 9 .6 : C h e ck su m v e rifie r
M o d u le 19 P ag e 2812
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
S e c u re
H a s h in g
A lg o r ith m
(S H A )
C E H
0 It is an algorithm for generating cryptographically secure one-way hash, published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard 0
SHA1
SHA2
0
r
SHA3
0 SHA-3 uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly perm uted
0
\
/ --------------------------------------- \
It produces a 160-bit digest from a message with a maximum length of (2s4 - 1) bits, and resembles the MD5 algorithm
0 It is a family of two similar hash functions, with different block sizes, namely SHA-256 that uses 32-bit words and SHA-512 th at uses 64-bit words s ,__________________________>
S e c u re
H a s h in g
A lg o r ith m
(S H A )
The Secure Hash A lg o rith m (SHA), sp e cifie d in th e Secure Hash S ta n d a rd (SHS), was d e v e lo p e d by NIST, and p u b lishe d as a fe d e ra l in fo rm a tio n -p ro c e s s in g sta n d a rd (FIPS PUB 180). It is an a lg o rith m fo r g e n e ra tin g a c ry p to g ra p h ic a lly secure o n e -w a y hash. SHA is p a rt o f th e C apstone P ro je ct. C apstone is th e U.S. g o v e rn m e n t's lo n g -te rm p ro je c t to d e v e lo p a set o f s ta nd a rd s fo r p u b lic ly a v a ila b le c ry p to g ra p h y , as a u th o riz e d by th e C o m p u te r S e cu rity A ct o f 1987. The basic o rg a n iz a tio n s th a t are re sp o n sib le fo r C apstone are NIST and th e NSA. SHA is s im ila r to th e M D 4 m essage-dig est a lg o rith m fa m ily o f hash fu n c tio n s , w h ic h w as de ve lo p e d by Rivest. The a lg o rith m accepts a message o f 264 b its in le n g th and a 1 6 0 -b it m essage o u tp u t d igest is p ro d u c e d , th a t is designed to c o m p lic a te th e searching o f th e te x t, w h ic h is s im ila r to th e given hash. The a lg o rith m is s lig h tly s lo w e r th a n M D 5, b u t th e la rg e r m essage digest makes it m o re secure against b ru te -fo rc e c o llis io n and in ve rsio n attacks. The fo llo w in g are th e c ry p to g ra p h ic hash fu n c tio n s designed by th e N a tio n a l S e c u rity A gency (NSA):
M o d u le 19 P ag e 2813
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
SHA1 S H A l p rod uces a 1 6 0 -b it digest fro m a message w ith a m a x im u m le n g th o f (264 - 1) bits, and resem b les th e M D 5 a lg o rith m . n n P
s h a
SHA2 is a fa m ily o f tw o s im ila r hash fu n c tio n s , w ith d iffe re n t b lo ck sizes, n a m e ly SHA256 th a t uses 3 2 -b it w o rd s and SHA-512 th a t uses 6 4 -b it w o rd s. SHA3 SHA3 is a fu tu r e hash fu n c tio n sta n d a rd s till in d e v e lo p m e n t, chosen in a p u b lic re v ie w
Roun ds
Operations
Collision found
SHA-0
160
512
32
80
+ ,a n d , ,x o r, r o t
or
Yes
SHA-1
160
160
512
264- l
32
80
or,
SHA-2
SHA256/224 SHA512/384
256/224
256
512
2s4- 1
32
64
+,
and,
or,
N one
xor, s h r,ro t
512/384
512
1024
2128-1
128
80
None
M o d u le 19 P ag e 2814
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
h a t
I s
S S H
( S e c u r e
S h e ll) ?
C E H
Remote Communication
SSH is a secure replacem ent for telnet and the Berkeley remote-utilities (rlogin, rsh, rep, and rdist)
S ecure Channel
It provides an encrypted channel for rem ote logging, command execution and file transfers
Provides strong host-tohost and user authentication, and secure communication over an insecure Internet
MS or UNIX client
SSH Tunnel
MS or UNIX server
Note: SSH2 is a m ore secure, e ffic ie n t, and p o rta b le v e rsion o f SSH th a t includes SFTP, an SSH2 tu n n e le d FTP
C o p y rig h t b y
W h a t Is
S S H (S e c u re
S h e ll) ?
Secure Shell is a p ro g ra m th a t is used to log o n to a n o th e r c o m p u te r over th e n e tw o rk , to tra n s fe r file s fro m on e c o m p u te r to a n o th e r. It o ffe rs good a u th e n tic a tio n and a secure c o m m u n ic a tio n channe l o v e r inse cu re m edia. It m ig h t be used as a re p la c e m e n t f o r te ln e t, log in, rsh, and rep. In SSH2, s ftp is a re p la c e m e n t fo r ftp . In a d d itio n , SSH o ffe rs secure c o n n e c tio n s and secure tra n s fe rrin g o f TCP co n n e ctio n s. SSH1 and SSH2 are c o m p le te ly d iffe re n t p ro to c o ls . SSH1 e n c ry p ts th e user's server and hosts keys to a u th e n tic a te w h e re SSH2 o n ly uses h o s t keys, w h ic h are d iffe re n t packets o f keys. SSH2 is m o re secure th a n SSH1. It s h o uld be n o te d th a t th e SSH1 and SSH2 p ro to c o ls are in fa c t d iffe re n t and n o t c o m p a tib le w ith each o th e r. SSH2 is m o re secure and has an im p ro v e d p e rfo rm a n c e th a n SSH1 and is also m ore p o rta b le th a n SSH1. The SSH1 p ro to c o l is n o t being d e v e lo p e d a n ym o re , as SSH2 is th e sta n d a rd . Som e o f th e m ain fe a tu re s o f SSH1 are as fo llo w s : 9 9 9 9 SSH1 is m o re v u ln e ra b le to atta cks due to th e presence o f s tru c tu ra l w eaknesses It is an issue o f th e m a n -in -th e -m id d le a tta ck It is s u p p o rte d by m any p la tfo rm s It s u p p o rts hosts a u th e n tic a tio n
M o d u le 19 P ag e 2 8 1 5
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UllCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
9 9
SSH c o m m u n ic a tio n s s e c u rity m a in ta in s SSH1 and SSH2 p ro to c o ls . It a u th e n tic a te s w ith th e help o f o ne o r m o re o f th e fo llo w in g : 9 9 Q 9 Password (th e /e tc /p a s s w d o r /e tc /s h a d o w in UNIX) User p u b lic -k e y (RSA o r DSA, d e p e n d in g on th e release) K erberos (fo r SSH1) H ost-based (.rho sts o r /e tc /h o s ts , e q u iv in SSH1 o r p u b lic key in SSH2)
S ecure S hell p ro te c ts a g a in st: 9 A re m o te host sending o u t packets th a t p re te n d to com e fro m a n o th e r tru s te d host (IP s p o o fin g ). SSH p ro te c ts against a s p o o fe r on th e local n e tw o rk , w h o can p re te n d to be th e user's r o u te r to th e o u ts id e . 9 A host p re te n d in g th a t an IP packet com es fro m a n o th e r tru s te d h o s t (IP source ro u tin g ). 9 9 9 9 An a tta c k e r fo rg in g d o m a in nam e server re co rd s (DNS sp o o fin g ). C a p tu rin g o f passw ords and o th e r data by th e in te rm e d ia te hosts. E x p lo ita tio n o f da ta by th e pe o p le w h o c o n tro l th e in te rm e d ia te hosts. A tta c k in g by lis te n in g to X a u th e n tic a tio n d a ta and s p o o fin g c o n n e c tio n s to th e X l l server.
M S o r U N IX c lie n t
SSH T u n n e l
U N IX s e r v e r
M o d u le 19 P ag e 2 8 1 6
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
C o p y rig h t b y
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y co n ce p ts and va rio u s e n c ry p tio n a lg o rith m s . N ow it is tim e to discuss h o w c ry p to g ra p h y is usu a lly p e rfo rm e d . T here are m any c ry p to g ra p h ic to o ls re a d ily ava ila b le in th e m a rk e t th a t can help yo u to secure y o u r d a ta ..
C ry p to g ra p h y C on cep ts
tiTTri' !;:! 1
E n c ry p tio n A lg o rith m s
r n ;<
C ry p to g ra p h y T oo ls
Em ail E n c ry p tio n
Disk E n c ry p tio n
[/< ? ?
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
M o d u le 19 P ag e 2817
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
M D 5 M D 5
H a s h
C a lc u la t o r s : H a s h C a lc , H a s h M y F ile s C E H
C a lc u la to r a n d
HashCalc
Data Focmat: | F ie
l- l" l
M D 5 C a lc u la to r
1 - 1
~^\
HMAC
| T ext string
MP5Pgeat
R r P M D5 M D4 SHA1 Ia00bc7f604c8810068ece4fa743ld8ab747246da?f2e7fc1 | | |2ae58ce465094805e474d7f29afcc5a2 |4S8764dd3Sdf7cba3acb3b9&8Gb371c4 Upper Zcse
Compare To
h t t p : / / w w w .b u llz ip .c o m
9
r T P r
R IP E M 0 16 0 |cc36f3c53ec530l6cde4aded58f9ldd4288aadb PANAMA TIGER M D2 AOLER32 CRC32 eOonkey/ eMule 3 r : 1 t c MS-wi ' WnOurrp^xe | | 1313434191573c907bedfec6clefldG8d ffc H ashM yliies Ed* V.M. Opium* U j] Hrfp etf * ) J| SHA1 U ib M W X & x .. CRC32 I3WC9I9 SHA-2S6 61677dWfcb3C34f J SHA-512 cMSWZc: L=J *
3 -1 * 1 0 F4rn*m*
S J a v g S o ft
Close
Help
a Ur[() 1Selected
EC-G(U(ICil. All
M D 5 " 1 h J a n d
H a s h
C a lc u la t o r s : H a s h C a lc , M D 5
C a lc u la to r ,
H a s h M y F ile s
H ashing is one fo rm o f c ry p to g ra p h y in w h ic h a m essage d igest fu n c tio n is used to c o n v e rt p la in tte x t in to its e q u iv a le n t hash value. This m essage digest fu n c tio n uses d iffe re n t hash a lg o rith m s to c o n v e rt p la in te x t in to hash values. M a n y M D 5 hash ca lcu la to rs are re a d ily a va ila b le in th e m a rk e t. Exam ples o f M D 5 hash c a lc u la to rs in clu d e : H a s h C a lc Source: h ttp ://w w w .s la v a s o ft.c o m The HashCalc u tility a llo w s y o u to c o m p u te message digests, checksum s, and HMACs fo r file s, as w e ll as fo r te x t and hex strings. It a llo w s yo u to ca lc u la te hash values using d iffe re n t typ e s o f hashing a lg o rith m s such as M D 2 , M D 4 , M D 5 , SHA-1, SHA-2 (256, 384, 512), RIPEM D -160, P A N A M A , TIGER, ADLER32, and CRC32. You ju s t need to se lect th e file and hash a lg o rith m fo r c a lc u la tin g th e hash v a lu e o f a p a rtic u la r file .
M o d u le 19 P ag e 2818
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
HashCalc
D ata Fo rm a t: F ile r HM AC D ata Key F o rm a t: K ey:
W MD5
r M D4
W SHA1 W SHA256
r SHA384 9HA512
r
r r
W RIPEMD160 cc3Gf3c53ec530f6cde4acfed56f9fdd4288aadb
PANAM A TIGER 313434(91573c907bedfec6cfeffd88d
17 M D2 r ADLER3 2
W CRC32
! eD onkey/ eM ule
SlavaSo fl
9d988947
Calculate ~ |
Close
H elp
A
FIGURE 19.8: HashCalc screenshot M D 5 C a lc u la to r Source: h ttp ://w w w .b u llz ip .c o m M D 5 C a lc u la to r a llo w s you to c a lc u la te th e M D5 hash va lu e o f th e selected file . The M D 5 D igest fie ld o f th e u tility c o n ta in s th e ca lcu la te d hash value. You ju s t need to se le ct a file o f w h ic h th e hash v a lu e needs to be c a lc u la te d . You can also c o m p a re tw o hash values w ith th is to o l.
M o d u le 19 P ag e 2819
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
M o d u le 19 P ag e 2 8 2 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
The H ashM yFiles u tility a llo w s you to ca lcu la te th e M D 5 and SHA1 hashes o f one o r m o re files. You can co p y th e M D 5 /S H A 1 hashes lis t in to th e c lip b o a rd , o r save it in to a te x t/h tm l/x m l file . It can also be la u nch e d fro m th e c o n te x t m enu o f W in d o w s E xplorer, and d isp la y th e M D 5/S H A 1 hashes o f th e se le cted file o r fo ld e r. J
File Edit View AJ O ptions 0 n MD5 6d 1e45e2c 31 bc23128... Help J b es5 j -n SHA1 f4ab6245f49f39a... de8908a9f285ef... b8e9071047812a... 4bff1ac2754868... d59bc54721951. 26f9f8eef8b1a4a... CRC32 135fe919 b2eed8fa b1c6a363 bff76bc0 2bd6f421 4bfdc0e1 SHA-256 616e77d86fcb3036f5... ce5ed388b8388dc254... e5fe23c0351 e49355e... 901b80c494496db883... 2525041 dca2bd37240... bc3bf487938ff6d16c6... SHA-512 c0936bf0<3 cf8c1de709 e989b51eai 265601346S c911378fa9 056103cbd: _S _ l Filename
HashMyFiles
>
readme.txt f
Jcain and abel_. . b2a72fadf 1d0550b743... ^ n g re p -1 .4 5 -w i.. , (7 t setup_kismet_... W 1n 0ump.exe H w i'c s h a rk -w in .. 1f0e7c2a66af01 e0237... 62927d4d9215eaace9... 7b50683722d9efd3dc... 04aac70dc7b30ae8e8...
------------------------ 1
M o d u le 19 P ag e 2821
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
C r y p to g r a p h y E n c r y p tio n
T o o l: A d v a n c e d C E H
P a c k a g e
z-LEI
^9
a
: a-C :
CEMTaxs tCBKS Modiie 02 Fooqpma^g and Re P CB*.3 MoAJe 03 Scdnnrxj r*et>Y0fk CB*8 MoAJe04&xMraeon { ,. C&IxS MoAieOS Syttrra H*dang C&*SMo&Je07Wusesdnd W orns a C&K8 MoAie 18Cryptography
C
11 Pubk<*
of6(1
1 6 (
> S R 3 c ------1
^ CEn-Toob t ^ CE-/8 M aauie 02 Footarkitng andR*camakerK t A, CE*vS M odule 03 5c3mna Netvwles t ^ Stoaiie 04 Emwraton ! , CE:v8 M odule 05 SystemHacktto t- i, C&vS Mnajie 07 vrjaes and v/orrre a i. CEH-/8 M ocW e 18 Crvptocraph 4 . Advance Enaybton Package # espO*E i ft f.e.deot | < Sc Fie.dctx.a-pl ^ i, WSCBlQJator t J| New Slder
E-wJ
Erojplon =UJ.e, |
6 06
_ ]3 1
J| ttttc Jc
3*
t-
3 :
ataoiith*: D C S x T Pad % , ** r , ta r a N it [ D*!* ^W X7tpton Svrr*y r 9ndKm . SiitCttpjtMdci ?Cuwtfddtr Q CiBttm : Purt ftp, Souftehto I Ddcte uebtLer erypt arxrvsfen J
S Swurty M r*
< *a v * i . . r * * 1
^soro:
D O -.V C & Tocfe'iC CM v* M odule :8 C ryptoarsph!W Jvdnoe &1crypttonPadages l r dx> [13 K B] 5>S4r-fteFie.docx.p [18KBJ 0 :)one Froceatd 1 fie:. Succeeded: L Paled: 0 0 :aniK 1SKB.A.nagr s p r r d :: 8K B , *
http://www.aeppro.com
C o p y rig h t b y
E n c r y p tio n
P a c k a g e
A dva nce d E n cryp tio n Package is file e n c ry p tio n s o ftw a re th a t helps yo u m a in ta in th e priva cy o f y o u r in fo rm a tio n by a llo w in g yo u to p a s s w o rd -p ro te c t files. It is able to p e rfo rm e n c ry p tio n , d e c ry p tio n , and s e lf-d e c ry p tin g file c re a tio n , file D e le te /W ip e , Zip m a n a g e m e n t, e n c ry p tio n key m a n a g e m e n t, and file e m a ilin g . Its fe a tu re in c lu d e s : 9 9 s 9 S tro n g an d p ro v e n a lg o rith m s are used to p ro te c t y o u r se n sitive d o c u m e n ts It can e n c ry p t file s as w e ll as te x t P e rform s secure file d e le tio n A b ility to c re a te e n c ry p te d s e lf-e x tra c tin g file to send it as e m a il a tta c h m e n t
M o d u le 19 P ag e 2822
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
CnoffW
*> l- M O f1 0 . * U rtp
s^O t
4 CfH Tooh >, CD.3 ModJe 02 Foafennana and fteconnaiiaence > C tH ^ Ho&M 03 Scamng Meteor** C9*/6 MQdLie 04 (tuner adan > COt. 3 rtxXJ* O SSnlen Madang > CBM H odie 07 Wuees and Warns J ik CH. SModL* UOyptorac*> a J ( x3vr<e enaypoen Package Odetc Ca<
I -1 L 1
|^W tfic.d0o1 |
0 i , *CSGHcUaa > > Nn> fc*de
I-
SarceHes
C Sho* al V *
*art
C *
9 1 0
* al fin
a h lis
< C urrent****
C Custom:
3d
a
M o d u le 19 P ag e 2823
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All R ights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
C r y p to g r a p h y
T o o l:
c u
B C T e x tE n c o d e r
--------------
BCTextEncoder encrypts confidential text in your message It uses strong and approved symmetric and public key algorithms for data encryption It uses public key encryption methods as well as password-based encryption
P ta n * x t : 2 B ----------------------------------------------Cneafeby: casswd 1 ------------- :
= = y g i
E n c o d e d t*xfc 796 B
____ B E G IN B < O O S > *SSACE V e o n : 9 C T . * t c o d l * * t v v . l.0 0 .
is s tz s s g r -
C o p y rig h t b y
C r y p t o g r a p h y T o o l: B C T e x tE n c o d e r
\M > /* v
BC TextEncoder a llo w s you to e n c ry p t and d e c ry p t th e c o n fid e n tia l m essages fo r secure e m ail o r ch a t c o m m u n ic a tio n s . It uses p u b lic key e n c ry p tio n m e th o d s as w e ll as p assw ord-ba sed e n c ry p tio n and s tro n g and a p p ro v e d s y m m e tric and p u b lic key a lg o rith m s fo r d a ta e n c ry p tio n . You s im p ly need to choose th e te x t yo u w a n t to e n c ry p t and sp e cify th e passw ord and th e n click th e b u tto n to e nco de it.
M o d u le 19 P ag e 2824
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
L J n
Encode by:
password
vj
Encode
Cryptography is the converson o f data n to a scrairWed code that 5 decrypted and sent across a private or pubfc n et* a
Encoded text: 796 B BEGIN ENCODED MESSAGE verson: BCTextEncodef U ttty v. 1.00.6
Decode
vy<CQMCFp +xNnjMtgK QXeyfay bXGj F > WMsVWr*)nv<yvnltf> +voOMEi QpS&eGOxlohC 3IZdwcT6H lTXggla83r fVh9n XrbVc *qVft^LTTU IraUyOeXO 0r1dtZlvlX5zgyg8Np9H0u90tYH lFC]M0evWe02UI-FgTTBAy/sXl2Hnh3Se lu 1 u Aa 5qA vx/2T NpVtM Q + a H TORI 50 /fri IScsCL Sit /[*,ytxJJw23 v> AowEv8RI6dnr>8EFOS2Rt 1WU B ENC00ED MESSAGE
6 .5 3
+.100
M o d u le 19 P ag e 2825
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
r y p
t o
r a
o o ls
C E H
NCrypt XL
http://w w w .littlelite.net
Steganos LockNote
https://www.steganos.com
r
&
C o p y rig h t b y
ccrypt
http://ccrypt.sou reef orge. net
AxCrypt
h ttp://w w w .axantum.com
WinAES
http://fatlyz.com
AutoKrypt
h ttp://w w w .hiteksoftware.com
EncryptOnClick
http://www.2brightsparks.com
b F 3
CryptoForge
h ttp://w w w .cryptoforge.com
C r y p t o g r a p h y T o o ls T h ere are v a rio u s c ry p to g ra p h ic to o ls th a t yo u can use fo r e n c ry p tin g and d e c ry p tin g y o u r in fo rm a tio n , file s , etc. These to o ls im p le m e n t d iffe re n t typ e s o f ava ila b le e n c ry p tio n a lg o rith m s :
9 9 9 9 9 9 9 9
C o m m u n iC ry p t File E n c ry p tio n T o o ls ava ila b le a t h ttp ://w w w .c o m m u n ic r y p t.c o m Steganos L ockN o te a v a ila b le a t h ttp s ://w w w .s te g a n o s .c o m A xC rypt a v a ila b le at h ttp ://w w w .a x a n tu m .c o m A u to K ry p t a va ila b le a t h ttp ://w w w .h ite k s o ftw a r e .c o m C ryptoF orge a v a ila b le at h ttp ://w w w .c ry p to fo rg e .c o m N C rypt XL a v a ila b le a t h tt p : //w w w .little lite .n e t C crypt ava ila b le a t h ttp ://c c ry p t.s o u rc e fo rg e .n e t WinAES a v a ila b le at h ttp ://fa tly z .c o m E ncryptO nC lick a v a ila b le a t h ttp ://w w w .2 b rig h ts p a rk s .c o m GNU Privacy G uard a v a ila b le a t h ttp ://w w w .g n u p g .o rg
9
9
M o d u le 19 P ag e 2 8 2 6
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
l e
l o
E H
C o p y rig h t b y
tr 7
M o d u le
F lo w
e n c ry p tio n a lg o rith m s in c ry p to g ra p h y . In a d d itio n to th e c ry p to g ra p h ic s e c u rity m echanism s discussed so fa r, th e re is o ne m o re in fra s tru c tu re in te n d e d to exchang e d a ta and m o n e y over th e In te rn e t securely: PKI (P ublic Key In fra s tru c tu re ). C ry p to g ra p h y C on cep ts mwm 1 1 :1 1 1 1 E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
Em ail E n c ry p tio n
Disk E n c ry p tio n
l/ < ? 7
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
m
This s e ctio n pro vid e s in fo rm a tio n a b o u t Public Key In fra s tru c tu re (PKI) and th e ro le o f each c o m p o n e n ts o f PKI in th e s e c u rity p u b lic key e n c ry p tio n . Let's s ta rt w ith w h a t is Public Key In fra s tru c tu re (PKI)?
M o d u le 19 P ag e 2827
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
P u b lic
K e y
In fr a s tr u c tu r e
( P K I)
E H
J Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates
End User
R e quests, m a n a g e s , a n d uses c e r tific a te s
C o p y rig h t b y
EG-G*ancil. All
P u b lic
K e y In fra s tru c tu re
(P K I)
Public Key In fra s tru c tu re (PKI) is a s e c u rity a rc h ite c tu re d e ve lo p e d to increase th e c o n fid e n tia lity o f in fo rm a tio n being exchanged o ve r th e in secure In te rn e t. It includes h a rd w a re , s o ftw a re , p e o ple , policie s, and p ro ce d u re s re q u ire d to cre a te , m anage, d is trib u te , use, s to re , and revo ke d ig ita l c e rtific a te s . In c ry p to g ra p h y , th e PKI helps to bind p u b lic keys w ith c o rre s p o n d in g user id e n titie s by m eans o f a c e rtific a te a u th o r ity (CA). The fo llo w in g are th e c o m p o n e n ts o f PKI: 9 9 A c e rtific a te a u th o r ity (CA) th a t issues and v e rifie s d ig ita l c e rtific a te s A c e rtific a te m a n a g e m e n t system fo r g e n e ra tio n , d is trib u tio n , storage, and v e rific a tio n o f c e rtific a te s 9 9 One o r m o re d ire c to rie s w h e re th e c e rtific a te s (w ith th e ir p u b lic keys) are h e ld A re g is tra tio n a u th o rity (RA) th a t acts as th e v e rifie r fo r th e c e rtific a te a u th o r ity
M o d u le 19 P ag e 2828
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
P u b lic
K e y
In fr a s tr u c tu r e
( P K I)
(Contd)
C E H
pq
P u b lic K ey P r i v a t e K ey <Z==
> >
0 1
C o p y rig h t b y
P u b lic a
K e y In fra s tru c tu re
(P K I) (C o n td )
The p u b lic key c ry p to s y s te m uses a p a ir o f a p u b lic key and a p riv a te key to assure secure c o m m u n ic a tio n o v e r th e In te rn e t. In p u b lic key c ry p to s y s te m a u th e n tic a tio n , it is im p o rta n t to c o n n e c t th e c o rre c t person and th e p u b lic key. This is acco m p lish e d w ith th e help o f P ublic Key In fra s tru c tu re (PKI). A s y m m e tric (p u b lic key) c ry p to g ra p h y is th e fo u n d a tio n te c h n o lo g y o f PKI, w h e n s e n d e r and re ce ive r agreed upon a se cre t c o m m u n ic a tio n using p u blic key e n c ry p tio n w ith a d ig ita l s ig n atu re . The fig u re th a t fo llo w s show s h o w a message gets d ig ita lly signed by th e o rg a n iz a tio n in v o lv e d in a u th e n tic a tio n and c e rtific a tio n by m eans of PKI. In p u b lic key cryp to syste m s, th e co rre s p o n d e n c e b e tw e e n a p u b lic key and th e p riv a te key is ta k e n care by th e c e rtific a tio n a u th o r ity (CA), i.e., based on th e p u b lic key th e CA d e te rm in e s th e o w n e r o f th e re s p e c tiv e p riv a te key. In itia lly , th e user requests th e c e rtific a tio n a u th o rity fo r b in d in g his o r her p u blic key; a c e rtific a tio n a u th o r ity d ig ita lly signs it and issues a p u b lic key c e rtific a te to th e user. It binds th e user's id e n tity w ith th e user's p u b lic key. In b e tw e e n th e user and th e CA, th e re exists an o rg a n iz a tio n , th e R e g istra tio n A u th o rity (RA). The jo b o f th e RA is to v e rify th e id e n tity o f th e user re q u e s tin g th e c e rtific a te fa c e -to -fa c e . T here exists a n o th e r a u th o rity in PKI, i.e., th e v a lid a tio n a u th o rity (VA). The jo b o f th e VA is to check w h e th e r th e c e rtific a te w as issued by t r u s tw o r th y a CA o r n o t, i.e., is it v a lid o r n o t. The sen d e r and re c e iv e r can th e n e xchang e a secret m essage using p u b lic key c ry p to g ra p h y .
M o d u le 19 P ag e 2829
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
R e q u e s t f o r is s u in g - ~ c e rtific a te .* ^
<
D e te r m i n e d R e s u lt
U se r a p p lie s fo r is s u in g c e r t i f i c a t e
u
User
H "
M e s s a g e in p u b lic k e y c e r t i f i c a t e s ig n e d w i t h d ig ita l s ig n a t u r e r > > V a lid a tio n o f e le c tro n ic s ig n a tu r e E n q u ire s a b o u t p u b lic k e y c e r tific a te v a lid ity t o v a l i d a t i o n a u t h o r i t y
/ --------------------------- P u b lic K e y P r iv a te K ey ^
1 J 1
M o d u le 19 P ag e 2 8 3 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
e r t if ic a t io n
u t h o r it ie s
C E H
Crt1fW 4 itfciul Nm Im
Q th a M te
B U YCER TFICATES
th e m o s t v is ib le w e b s ite s e c u r ity
h t t p : / / w w w . c o m o d o . c o m
S
Symantec N o rto n
h t t p : / / w w w . t h a w t e . c o m
h t t p : / / w w w . v e r i s i g n . c o m
C o p y rig h t b y
h t t p : / / w w w . e n t r u s t . n e t
EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
C e r tific a tio n
A u th o r itie s
C e rtific a tio n a u th o ritie s are th e e n titie s th a t issue d ig ita l ce rtific a te s . The fo llo w in g are som e o f th e c e rtific a te a u th o ritie s : C om odo Source: h ttp ://w w w .c o m o d o .c o m C o m o do o ffe rs a c o m p le te range o f PKI d ig ita l c e rtific a te s w ith stro n g SSL e n c ry p tio n a va ilable . It ensures s ta n d a rd s o f c o n fid e n tia lity , system re lia b ility , and p e rtin e n t business practices as ju d g e d th ro u g h q u a lifie d in d e p e n d e n t a u d its. The PKI (P ublic Key In fra s tru c tu re ) m a n a g e m e n t s o lu tio n s o ffe re d by C o m o d o in c lu d e C o m o d o C e rtific a te M a n a g e r and C o m o d o EPKI M a n a g e r. A v a ila b le D ig ita l C e rtific a te s : Q 9 9 9 E xtended v a lid a tio n (EV)-SSL M u lti-d o m a in EV SSL W ild c a rd SSL U n ifie d c o m m u n ic a tio n s (UC) In tel Pro Series
M o d u le 19 P ag e 2831
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
9 9 9 9
COMODO
Creating Trust Online*
IR e s o u rc e sI n e w s ro o mI C a re e rs I C o n ta c tU sI S u p p o rt I L o flm I E -C o m m e rc e
Mil I I
P ro d u c t*
H o m e&H o m eO ffic e
I
S m a lloU M e O m a im dB u usies! M k e s s
L a rg eE a te rp iise
P a rta e is S o c ia lM e O a
rR TinciW ^^
>H O M IC O M P U IM G
>B U S M tS SS O iU T lO M S
fC O M M fR C iS O iU T lO M S
FIGURE 19.14: Comodo screenshot th w a te Source: h ttp ://w w w .th a w te .c o m th a w te is a C e rtific a tio n A u th o rity , th w a te o ffe rs SSL and code signing d ig ita l c e rtific a te s to secure servers, p ro vid e s data e n c ry p tio n , a u th e n tic a te s users, p ro te c ts privacy, and assures o n lin e id e n tifie s th ro u g h s trin g e n t a u th e n tic a tio n and v e rific a tio n processes. The SSL c e rtific a te s o ffe re d by th w a te in clu d e W ild c a rd SSL C e rtifica te s, SAN /U C C e rtifica te s, SGC SuperC erts, and E xtended V a lid a tio n SSL C e rtifica te s.
( t) th a w te
S h o oU m c sD mD im T ru s te dS *eS e a la n d
In s p ire T r u s t O n lin e
th e m o s t v is ib le w e b s ite s e c u r ity
* * w tjh m m g ra e w W L x a m AM s m a a e e tyT n e n rte Cj X J
M o d u le 19 P ag e 2832
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
Source: h ttp ://w w w .v e ris ig n .c o m V eriSign A u th e n tic a tio n Services, n o w p a rt o f S ym antec Corp. o n lin e w ith co n fid e n c e . SSL C e rtific a te s : 0 0 0 0 0 0 0 0 Secure Site Pro w ith EV Secure Site w ith EV Secure Site Pro Secure Site M a naged PKI fo r SSL SSL fo r th e E n te rp rise SSL P a rtn e r P rogram s S ym antec C e rtific a te In te llig e n c e C e n te r (NASDAQ: SYMC), p rovides
Morton
v/^ N o rto n
V
SECURED
BUY BUY iw v
5S t CartifKAt S ym n1>c'a M M Cod S *g **n g ir inai S S IC *(W lC U | Trvl C mM Notion<Ux u!d sal
VERISIGN Cyber security and *vaMtatty productsyour taiuww retr* on Managed DNS DDoS Proec*on
O fffc n w *
^ N o rto n
FIGURE 19.16: Verisign screenshot E n tru s t Source: h ttp ://w w w .e n tr u s t.n e t E n tru st pro vid e s id e n tity -b a s e d s e c u rity so lu tio n s th a t e m p o w e r e n te rp rise s, co n su m ers,
citizens, and th e w e b . E n tru s t's s o lu tio n s in clu d e stro n g a u th e n tic a tio n , fra u d d e te c tio n , d ig ita l c e rtific a te s , SSL, and PKI. E n tru st can d e p lo y a p p ro p ria te s e c u rity s o lu tio n s to help p ro te c t d ig ita l id e n titie s and in fo rm a tio n at m u ltip le p o in ts to address e v e r-e v o lv in g th re a ts .
M o d u le 19 P ag e 2833
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
$ 1 8 6 HH $249
t IT W ra n
Q 3Q ) LocJtia
$725/ year
$373...
Q 3 ua
S ta n d a rdS S LC rtM c a tM *
C*1 1 fc*WD*v*r
$155...
M o d u le 19 P ag e 2834
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
l e
l o
C o p y rig h t b y
M o d u le
F lo w
A t p re se n t, m o s t businesses use em ail as th e m a jo r source o f c o m m u n ic a tio n as it is sim p le and easy to c o m m u n ic a te o r share in fo rm a tio n . These em ails m ay c o n ta in s e n s itiv e in fo r m a tio n a b o u t th e ir p ro je cts, update s, etc. If th is in fo rm a tio n fa lls in to th e w ro n g hands, th e n th e o rg a n iz a tio n s m ay fa ce huge losses. This risk can be a vo id e d by e n c ry p tin g th e e m ail messages. Email e n c ry p tio n is th e m eans to tra n s fe r th e p la in te x t m essage in to an u n re a d a b le fo rm .
M o d u le 19 P ag e 2835
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
C ry p to g ra p h y C on cep ts
bpt
Ilhli 1 1
E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
Em ail E n c ry p tio n
Disk E n c ry p tio n
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
This s e ctio n focuses on v a rio u s e m a il s e c u rity m echanism s such as d ig ita l s ig n a tu re s , SSL, and TLS.
M o d u le 19 P ag e 2 8 3 6
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
i g
i t a
i g n a t u r e
C E H
Digital signature used asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form
A digital signature may be further protected, by encrypting the signed email for confidentiality
M l
V
j r
OPEN . /...................
Recipient decrypt one-tim e symmetric key using his PRIVATE key ....................................... .......................... ...................................
V E R IF Y m * , j fit?
Unlock the hash value using sender's PUBLIC key
-------
' l i f
Rehash the message and compare it with the hash value attached with the mail
C o p y rig h t b y
c ry p to g ra p h y , w h ic h
d ig ita l
s ig n a tu re . The tw o typ e s o f keys in p u b lic key c ry p to g ra p h y are th e p riv a te key (w h ic h is k n o w n o n ly to th e signer and used to c re a te th e d ig ita l sig n a tu re ) and th e p u b lic key (w h ich is m ore w id e ly k n o w n and is used by a re ly in g p a rty to v e rify th e d ig ita l signature). A hash fu n c tio n is a process, o r an a lg o rith m , th a t is used in cre a tin g and v e rify in g a d ig ita l s ig n a tu re . This a lg o rith m creates a d ig ita l re p re s e n ta tio n o f a m essage, w h ic h is also k n o w n as a " fin g e r p r in t." This fin g e rp rin t is o f a "hash v a lu e " o f a s ta n d a rd le n g th , w h ic h is m uch s m a lle r th a n th e message, b u t is u n iq u e to it. If any change is m ade to th e m essage, it w ill a u to m a tic a lly p ro d u c e a d iffe re n t hash re s u lt; it is n o t possible to d e rive th e o rig in a l m essage fro m th e hash va lu e in case o f a secure hash fu n c tio n , w h ic h is also kn o w n as a o n e -w a y hash fu n c tio n . The hash re s u lt o f th e o rig in a l m essage and th e hash fu n c tio n th a t is used to c re a te th e d ig ita l s ig n a tu re are re q u ire d to v e rify th e d ig ita l s ig n a tu re . W ith th e help o f th e p u b lic key and th e n e w re s u lt, th e v e rifie r checks: 9 If th e d ig ita l s ig n a tu re is cre a te d w ith th e re la te d p riv a te key. If th e new hash re s u lt is th e sam e as th e o rig in a l hash re s u lt, w h ic h w as c o n v e rte d in to a d ig ita l s ig n a tu re d u rin g th e s ig n in g process.
M o d u le 19 P ag e 2837
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
To c o rre la te th e key p a ir w ith th e re sp e ctive signer, th e c e rtific a tio n a u th o rity presents a c e rtific a te th a t is an e le c tro n ic re cord o f th e p u b lic as th e su b je ct o f th e c e rtific a te , and c o n firm s th e id e n tity o f th e sign er as th e re la te d p riv a te key o w n e r. The fu tu re signer is called th e su b sc rib e r. T he m ain fu n c tio n o f a c e rtific a te is to bind a p a ir o f p u b lic and p riv a te keys to a p a rtic u la r subscribe r. The re c ip ie n t o f th e c e rtific a te relies on a d ig ita l sig n a tu re cre a te d by th e su b sc rib e r na m ed in th e c e rtific a te . The p u b lic key listed can be used to v e rify th a t th e p riv a te key is used to c re a te th e re la te d d ig ita l s ig n a tu re . The c e rtific a tio n a u th o rity d ig ita lly signs th e c e rtific a te to assure th e a u th e n tic ity o f b o th th e p u b lic key and th e s u b scrib e r's id e n tity . The a u th o rity 's d ig ita l sig n a tu re on th e c e rtific a te can be v e rifie d w ith th e help o f th e p u b lic key o f th e c e rtific a tio n a u th o rity re co rd e d in a n o th e r c e rtific a te , w h ic h belongs to a n o th e r c e r tific a tio n 's a u th o rity . This c e rtific a te can be a u th e n tic a te d w ith th e he lp o f a n o th e r p u b lic key re c o rd e d in a n o th e r c e rtific a te and so on. The re p o s ito ry can be m ade to pu b lish th e c e rtific a te ; th e p u b lic key and its id e n tity are a va ila b le fo r v e rific a tio n o f th e c e rtific a te . The re trie v a l and v e rific a tio n o f th e d ig ita l sig n a tu re is m ade w ith th e h e lp o f an o n lin e database called re p o s ito rie s , w h ic h h olds th e c e rtific a te s and o th e r in fo rm a tio n . The c e rtific a tio n a u th o rity m ay suspend o r re vo ke th e c e rtific a te .
S IG N
A p p e n d t h e s igned hash
AC CEPT
P L, 11 no 01
C o n fid e n tia l In fo rm a tio n
1U
- unn f
co d e t o m essage
0 1001110
1100 001 1 111 oo
00 k
-i
O P EN V D e c ry p t m essage using o n e -tim e s y m m e tric k ey
SEAL
J& i
Encrypt m assage using o n e *tim e s y m m e tric k e y En cryp t th e s y m m e tric key using r e c ip ie n t's PUBLIC k ey
* U ,
...............
DELIVER
VERIFY
11 n o 01 P H 11 M a il ele c tro n ic e n v e lo p e s to t h e re cip ie n t U n lo ck th e hash v a lu e using se n d er's PUBLIC k e y :
-V..
v a lu e a t t a c h e d w ith t h e m ail
M o d u le 19 P ag e 2838
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
S S L
( S e c u r e
S o c k e ts
L a y e r )
C E H
B SSL is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet B It uses RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections
C lie n t H ello m e s s a g e ( in c lu d e s SSL v e rs io n , r a n d o m ly g e n e r a t e d d a ta , e n c ry p tio n a lg o rith m s , s e s s io n ID, k ey e x c h a n g e a lg o rith m s , c o m p r e s s io n a lg o rith m s , a n d MAC a lg o rith m s )
D e te r m in e s t h e SSL v e r s io n a n d e n c r y p tio n a lg o r ith m s t o b e u s e d f o r t h e c o m m u n ic a tio n ; s e n d s S e rv e r H ello m e s s a g e (S e ssio n ID) a n d C e rtif ic a te m e s s a g e (local c e r tific a te )
S e n d s a S e rv e r H ello D o n e m e s s a g e
S e n d s a C h a n g e C ip h e r S p e c m e s s a g e a n d a ls o s e n d s F in is h e d m e s s a g e ( h a s h o f h a n d s h a k e m e s s a g e )
C o p y rig h t b y
EG-G*ancil. All
S S L (S e c u re
S o c k e ts L a y e r )
SSL is a c ro n y m fo r Secured Sockets Layer, d e ve lo p e d by N etscape. It is a p ro to c o l fo r sending p riv a te d o c u m e n ts o ve r th e In te rn e t. It w o rk s w ith th e he lp o f th e p riv a te key to e n c ry p t data th a t is tra n s fe rre d ove r an SSL c o n n e c tio n . The m ain m o tiv e beh in d designing th e SSL p ro to c o l is to p ro v id e p riva cy b e tw e e n tw o c o m m u n ic a tin g a p p lic a tio n s , such as a c lie n t and a server. M o re o v e r, th e p ro to c o l is designed to a u th e n tic a te th e se rve r and th e c lie n t; SSL re q u ire s a re lia b le tr a n s p o r t p ro to c o l such as TCP fo r d a ta tra n s m is s io n and re c e p tio n . A ny a p p lic a tio n -la y e r p ro to c o l th a t is h ig h e r th a n SSL, such as HTTP, FTP, and TELNET, can be layered on to p o f SSL tra n s p a re n tly . The SSL acts as an a rb itr a to r b e tw e e n th e e n c ry p tio n a lg o rith m and session key, and also v e rifie s th e d e s tin a tio n se rve r b e fo re th e tra n s m is s io n and re c e p tio n o f data. The c o m p le te data o f th e a p p lic a tio n p ro to c o l is e n c ry p te d , to ensure s e cu rity. It also o ffe rs cha nn e l s e c u rity w h ic h has th re e basic p ro p e rtie s : 9 It has a p riv a te ch a n n e l, w h e re th e messages are e n c ry p te d a fte r th e sim p le handshake th a t de fin e s th e se cre t key. 9 The ch an n e l is a u th e n tic a te d . The se rve r e n d p o in ts are alw ays a u th e n tic a te d b u t th e c lie n t e n d p o in ts are o p tio n a lly a u th e n tic a te d . 9 The ch an n e l is re lia b le . The tra n s m is s io n has an in te g rity check.
M o d u le 19 P ag e 2839
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
An SSL session is re s p o n s ib le fo r th e SSL h a n d sh a ke p ro to c o l to o rganize th e states o f th e server and clie n ts, th u s e n su rin g th e co n siste n cy o f th e p ro to c o l sta te m achines (th e states are n o t e x a c tly p a ra lle l). T he re are tw o d iffe re n t ty p e s o f states: o p e ra tin g and pe n d in g . In a d d itio n to th e tw o states, tw o a d d itio n a l state s are also m a in ta in e d ; th e read and w r ite states. W h e n th e se rve r o r c lie n t o b ta in s th e c ip h e r spec message, th e m essage is co p ie d in to a c u rre n t read s ta te fro m th e p en d in g read s ta te . In a s im ila r w ay, w h e n th e data is tra n s m itte d fro m th e se rve r o r c lie n t, it tra n s m its a changed c ip h e r spec message, and copies th e m essage in to th e w r ite c u rre n t sta te fro m th e p e n d in g w r ite sta te . A fte r th e c o m p le tio n o f th e h a n d sh a ke a rb itr a tio n , th e server and c lie n t exchange th e changed spec m essage and th e c o m m u n ic a tio n is based on th e n e w ly agreed u p o n c ip h e r spec. An SSL m ay in c lu d e m any secure c o n n e c tio n s , and it m ig h t have m u ltip le c o n c u rre n t sessions. The e le m e n ts in c lu d e d in session sta te are as fo llo w s : S e s s io n I d e n t i f i e r Session id e n tifie r is a ra n d o m sequence o f bytes tra n s m itte d by th e se rve r to id e n tify an a c tiv e o r p re s u m a b le session sta te : 9 9 9 Peer C e rtific a te - X 509.v3[X 509] is th e c e rtific a te o f th e peer and m ay be nu ll. C om pression M e th o d - Is th e a lg o rith m used to com press data p rio r to e n c ry p tio n . C ipher Spec - E n u m erate s th e b u lk d a ta e n c ry p tio n and M AC a lg o rith m s . It also defines c ry p to g ra p h ic a ttrib u te s like th e size o f th e hash. 9 9 M a s te r S ecret - Is th e 4 8 -b y te se cre t shared b e tw e e n th e c lie n t and server. Is R esum able - A fla g specifies w h e th e r a n e w session can be s ta rte d .
The e le m e n ts o f th e c o n n e c tio n s ta te a re as fo llo w s : 9 Server and c lie n t ra n d o m - Is th e sequences o f bytes, w h ic h are selected by th e server and th e c lie n t fo r e ve ry c o n n e c tio n . 9 Server w r ite MAC secre t - Is th e secret used in MAC o p e ra tio n s on data w ritte n by th e server. 9 C lie nt w r ite MAC se cre t - Is th e secret used in MAC o p e ra tio n s on data w ritte n by th e c lie n t. 9 Server w r ite key - Is th e huge c ip h e r key fo r data e n c ry p te d by th e se rve r and d e c ry p te d by th e c lie n t. 9 C lie nt w r ite key - Is th e c ip h e r key fo r data e n c ry p te d by th e c lie n t and d e c ry p te d by th e server. 9 In itia liz a tio n v e c to rs - In CBC (C ipher Block Chain) m o d e w h e n th e block cip h e r is used, an in itia liz a tio n v e c to r is m anaged fo r e ve ry key. It is s ta rte d by th e SSL handshake p ro to c o l and is used to m ake th e fir s t c ip h e r te x t. te x t is used w ith th e s u b s e q u e n t re c o rd . The last c ip h e r te x t b lo c k o f e ve ry
M o d u le 19 P ag e 2 8 4 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
Sequence numbers - Every party maintains a different and unique sequence of numbers for the transmission and reception of messages for every connection. The appropriate sequence is set to zero depending on the party that sends and receives cipher spec.
S S L H a n d s h a k e P r o to c o l F lo w
The SSL handshake protocol works on top of the SSL record layer. These processes that are executed in the three handshake protocol are summarized as follows: 9 The client sends a hello message to the server and the server must respond to the hello message with a hello message, or else the connection will fail due to the occurrence of a fatal error. The attributes that are established due to the server and client hello are: protocol version, session ID , cipher suite, and compression method. After the connection is established, the server sends a certificate to the client for authentication. In addition, a server-key exchange message might be sent. Ifthe server is authenticated, the client may be requested for the certificate, if that is appropriate to the cipher suite selected. The server sends a hello done message, to inform that the handshake phase is complete and waits for the client's response. If the client receives a certificate request message, the client must respond to the message by sending a certificate message or "no certificate" alert.The client-key exchange message is sent and the content of the message depends on the public-key algorithm between the server hello and client hello. If the certificate sent by the client has signing ability, a digitally signed certificate verifies the message, and is transmitted. The client transmits the changed cipher spec message and copies the pending cipher spec into the current cipher spec. The client sends a message to initiate the completion of the message under the new algorithm, keys, and secrets. In response the server replies by sending its own changed cipher spec message, transfers the pending cipher spec to the current cipher spec, and initiates the completion of the message under the new cipher spec. This is the point of completion of the handshake and the server starts to exchange the application layer data.
9 9
The message of the previous session or the replica of an existing session is as follows: The client initiates the communication by sending a hello message with the session I of the session that is to be resumed. The server checks its cache to look for the match of the session ID ; if it finds a match it re-establishes the session under the specified session state with same session ID . This is the point where both the server and the client exchange the changed spec messages and proceed directly to the finished messages. After re-establishment, the server and the client exchange the data at the application layer. If the session I is not found, the server creates a new session ID, and the SSL client and server carry out a complete handshake.
M o d u le 19 P ag e 2841
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
Client Hello m essage (includes S S I version, encryption algorithms, key exchange algorithms, and M AC algorithms) Determines the S S Lversion and cipher suite to be used for the communication; sends Server Hello m essage (Session ID ) and Certificate m essage (local certificate)
i....
........
Sends aServer Hello Done m essage Verifies the Digital certificate; generates a random premaster secret (Encrypted with server's public key) and sends Client Key Exchange m essage with the premaster secret
tv
A i
S ends aChange Cipher Spec m essage and also sends Finished m essage (hash of handshake m essage) Computes the hash value of the exchanged handshake m essages and compares the hash value with that received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends aChange Cipher Spec m essage and also sends Finished m essage (hash of handshake m essage) FIGURE 19.19: Depicting S S L Handshake Protocol Flow
M o d u le 19 P ag e 2842
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
T r a n s p o r t L a y e r S e c u r ity
(T L S )
C E H
TLS is a protocol to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission It uses the R S Aalgorithm with 1024 and 2048 bit strengths
nwn
C o p y rig h t b y
T r a n s p o r t L a y e r S e c u r ity (T L S ) TLS is a p ro to c o l to e sta b lish a secure c o n n e c tio n b e tw e e n a c lie n t and a server and e nsure priva cy and in te g rity o f in fo rm a tio n d u rin g tra n sm issio n . It is a c ry p to g ra p h ic p ro to c o l in te n d e d to p ro v id e in fo rm a tio n s e c u rity o v e r th e In te rn e t. The TLS e n c ry p ts th e n e tw o rk c o n n e c tio n seg m e nts a t th e a p p lic a tio n la ye r fo r th e tra n s p o rt layer. It uses a s y m m e tric c ry p to g ra p h y fo r key exchange, s y m m e tric e n c ry p tio n fo r c o n fid e n tia lity , and message a u th e n tic a tio n codes fo r m essage in te g rity . W ith th e help o f TLS, y o u can reduce som e o f th e risks such as ta m p e rin g , m essage fo rg e ry m ail c o m m u n ic a tio n s , and e a v e sd ro p p in g d u rin g tra n s m is s io n o f e le c tro n ic m ails o r in fo rm a tio n . TLS p ro to c o l consists o f tw o layers: Q 9 TLS re c o rd p ro to c o l TLS handshake p ro to c o l T L S R e c o rd P ro to c o l The e n c ry p tio n , TLS re c o rd p ro to c o l p ro vid e s secure c o m m u n ic a tio n s . It is in te n d e d fo r
(o p tio n a l)
o f packets. O nce th e
h a n d sh a ke
M o d u le 19 P ag e 2843
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
process is d on e, th e n re c o rd layer fu n c tio n s can be called a t any tim e w h e n e v e r th e re is a need to send o r re ceive d a ta . It is re sp o n sib le fo r securing a p p lic a tio n data and also v e rify in g its in te g rity and o rig in o f th e data. TLS R ecord P ro to c o l m anages th e fo llo w in g : 9 9 9 D ivid in g and re a sse m b lin g messages C om pressing and d e co m p re ssin g blocks (o p tio n a l) A p p ly in g MAC (M essage A u th e n tic a tio n Code) and v e rify in g in c o m in g messages based on MAC 9 E ncryp ting and d e c ry p tin g m essages
H it
-251
p a ra m e te rs fo r th e re c o rd la yer, a u th e n tic a tio n . This also n e g o tia te s a session co n sistin g o f session id e n tifie r, pe er c e rtific a te , c o m p re ssio n m e th o d , c ip h e r spec, m a ste r secret, and in fo rm a tio n a b o u t re s u m in g a c o n n e c tio n . The fig u re th a t fo llo w s show s th e process o f c lie n ta u th e n tic a te d TLS handshake:
Client Certificate Client key exchange Certification verify [Change Cipher Spec] Client Finished Message
H an d sh ak e P ro to c o l
Hello Server Server Certificate Server key Exchange Certificate Request Server Hello Done
R e c o rd P ro to c o l
A p p lic a tio n
D ata
A p p lic a tio n
D ata
FIGURE 19.20: Showing the client-authenticated TLS handshake process A handsh ake p ro to c o l exchanges a series o f m essage in b e tw e e n a c lie n t and a se rve r fo r a secure c o n n e c tio n . In itia lly , th e c lie n t sends a " h e llo " to th e server. The server, in response to th e c lie n t, sends "h e llo ." D uring th is p e rio d , th e s e c u rity c a p a b ilitie s in c lu d in g p ro to c o l ve rsio n , co m p re s s io n m e th o d , c ip h e r s u ite , session ID, and in itia l ra n d o m num ber have been e sta b lish e d . Then th e s e rv e r m ay send a c e rtific a te and key exchange and re quests a c e rtific a te . N ow , th e se rve r signals th e end o f th e h e llo m essage. In response to th e c e rtific a te re q u e s t by th e se rve r, th e c lie n t sends th e c e rtific a te and key exchange. The c lie n t th e n sends c e rtific a te v e rific a tio n . B oth th e c lie n t and se rve r exchange th e ir c ip h e r s u ite and fin is h th e handshake p ro to c o l.
M o d u le 19 P ag e 2 8 4 4
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
C o p y rig h t b y
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y , th e need fo r c ry p to g ra p h y , c ry p to g ra p h ic e n c ry p tio n a lg o rith m s , c ry p to g ra p h y to o ls , PKI, and em a il e n c ry p tio n . In a d d itio n to all th e se e n c ry p tio n m e th o d s , th e re is o n e m o re e n c ry p tio n m e th o d : disk e n c ry p tio n .
C ry p to g ra p h y C on cep ts
tiTTri' Blhlill
E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
^ ^ 5
Em ail E n c ry p tio n
Disk E n c ry p tio n
[/< ? ?
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
M o d u le 19 P ag e 2845
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
i s
c r y p
t i o
C E H
Confidentiality
Encryption
a
*
rotection s
Disk encryption protects confidentiality of the data stored on disk by converting it into an unreadable code using disk encryption software or hardware
Disk encryption works in a similar way as text message encryption and protects data even when the OS not active
____________________ J
With the use of an encryption program for your disk, you can safeguard any information to burn onto the disk, and keep it from falling into the wrong hands
1 ------------------------j.---------------------1 |
1 ............................ 1 .........................
# Passphrase
^ Hidden Volumes
+ DVD
Priv acy
Volume Encryption
Blue Ray
Backup
(it 1 1 1
D is k - 3 E n c r y p tio n
th a t c a n n o t be d e c ip h e re d by u n a u th o riz e d persons. You can use d is k e n c ry p tio n s o ftw a re or h a rd w a re to e n c ry p t e ve ry b it o f in fo rm a tio n th a t is w r itte n on th e disk. Disk e n c ry p tio n w o rks s im ila r to te x t message e n c ry p tio n . W ith th e use o f an e n c ry p tio n p ro g ra m fo r th e user's disk, th e user can safeguard any, and all, in fo rm a tio n b u rn e d o n to th e disk and save it fro m fa llin g in to w ro n g hands. A c o m p u te r disk is a ro u n d plate o n to w h ic h data is re c o rd e d a n d /o r b u rn e d . I f t h e user needs to sto re in fo rm a tio n on a disk, and keep it safe, it is re c o m m e n d e d th a t an e n c ry p tio n p ro g ra m be used. E n cryp tio n s o ftw a re , fo r disks, scram bles th e in fo rm a tio n b u rn e d on th e disk in to an ille g ib le code. It is o n ly a fte r th e disk in fo rm a tio n is d e c ry p te d , th a t it can be read a n d /o r used. E ncryption fo r disks is useful w h e n th e user needs to send sensitive in fo rm a tio n th ro u g h th e m ail. For instance, th e user needs to m ail his o r her frie n d a disk, b u t ca n n o t ta ke th e risk o f it being s to le n and th e in fo rm a tio n is being c o m p ro m is e d . In th is case, th e user could sim p ly e n c ry p t th e in fo rm a tio n on th e disk and th e n re st assured, even if th e disk is lost o r stolen, th e in fo rm a tio n on it w o u ld n o t be c o m p ro m is e d . In a d d itio n , disk e n c ry p tio n in fo rm a tio n fro m
M o d u le 19 P ag e 2 8 4 6
re a l-tim e exchange o f
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
e n c ry p te d fo rm , th e chances o f th e in fo rm a tio n being c o m p ro m is e d are m in im ize d . The o n ly w a y th e a tta c k e r can access th e in fo rm a tio n is by d e c ry p tin g th e m essage, w h ic h can o n ly be d on e via th e a u th e n tic a tio n process. F u rth e rm o re , th e e n c ry p tio n s o ftw a re in sta lle d on one's system ensures th e s e c u rity o f th e system . Thus, it is re c o m m e n d e d to in s ta ll e n c ry p tio n s o ftw a re on system s th a t ho ld va lu a b le in fo rm a tio n a n d /o r are exposed to u n lim ite d data tra n s fe r in o rd e r to p ro te c t th e data and in fo rm a tio n fro m c o m p ro m is e .
M o d u le 19 P ag e 2847
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
D is k
E n c r y p tio n
T o o l: T r u e C r y p t
C E H
Urti*W itkHil lUckw
D is k
S o u rc e:
E n c r y p tio n
T o o l: T r u e C r y p t
T ru e C ry p t is s o ftw a re th a t a llo w s y o u to e stablish and m a in ta in an e n c ry p te d v o lu m e (data sto ra g e device). No data s to re d on an e n c ry p te d v o lu m e can be read (d e c ry p te d ) w ith o u t using th e c o rre c t p a s s w o rd /k e y file (s ) o r c o rre c t e n c ry p tio n keys. The e n tire file syste m is e n c ry p te d (e.g., file nam es, fo ld e r nam es, c o n te n ts o f e ve ry file , fre e space, m eta data, etc). M a in F e atures:
9 9 9 9
9
Creates a virtual encrypted disk within a file and mounts it as a real disk Encrypts an entire partition or storage device such as USB flash drive or hard drive Encrypts a partition or drive where Windows is installed (pre-boot authentication)
E n cryp tio n can be h a rd w a re -a c c e le ra te d on m o d e rn processors Provides p la u sib le d e n ia b ility , in case an a d ve rsa ry fo rce s yo u to reveal th e passw ord H idden v o lu m e (s te g a n o g ra p h y ) and h id d e n o p e ra tin g system
M o d u le 19 P ag e 2848
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
L=l!
M ytn frrttttn
Volum eT ype
\r S ta n d a rdtru e C ryp tv o lu m e|
M o d u le 19 P ag e 2849
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
i s k
E n c r y p t io n i s k
T o o l:
G iliS o f t
F u l l D
E n c r y p t io n
G*S0ft
full Disk
u c40 * *
Full Disk
E n c r y p tio n
---------------------
dako
t e m it K f Y r t r t
M lK n m ls A
D is k
E n c r y p tio n
T o o l:
G iliS o ft F u ll D is k
E n c r y p tio n
S ource: h tt p :/ /w w w .g ilis o ft .c o m
G iliS o ft Full Disk E n c r y p tio n a llo w s y o u t o e n c r y p t all d isk p a r t i t i o n s , in c lu d in g t h e s y s te m p a r t i t i o n . T h r o u g h p a s s w o r d p r o t e c t i n g a disk, d isk p a r t i t i o n , o r o p e r a t i n g s y s te m la u n c h , t h e p r o g r a m d is a b le s a n y u n a u t h o r i z e d r e a d i n g / w r i t i n g a c t i v i t y o n y o u r d isk o r PC a n d r e s tr ic ts access a n d la u n c h o f s p e c ific disks a nd files. It p r o v id e s a u t o m a t i c s e c u r it y f o r all i n f o r m a t i o n o n e n d p o i n t h a r d d riv e s , in c lu d in g u ser d a ta , o p e r a t i n g s y s te m file s, a n d t e m p o r a r y a nd e ra s e d files. For m a x i m u m d a ta p r o t e c t i o n , m u l t i - f a c t o r p r e - b o o t a u t h e n t i c a t i o n e n s u re s u s e r i d e n t it y , w h i l e e n c r y p t i o n p r e v e n t s d a ta loss f r o m t h e f t .
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
OtiSod
G a s o n 4 *<
UalD^ii I
E n ay p tn gth ec o m p u te r'sw* < Mc a ne n s u reth a t th ed a ta n o tte a ka fte r th ed s fco > c o m p u te ra Jdtct th elo c a ld a ky o uw a n ttoe n a y p tfro mth efo lo w n gto t. 1 D riv e s 0C:\ [S y s te m ] F :\ t*\ 1 E n c ry p tio np o rtio n 1 1
IE n c ry p tio np o rtio n
f : 0C :C 5rttor) 0 :
Hot Encrypted
_ J L *7 0 0 s_
4 ,8 3 8 0 0 % 0 % 0 %
1 1
NqI [n c rv p tc d
F u lln c n r 0 tc d
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
i s k
n c r y p t i o n
T o o l s
C E H
(rtifWd ItkNjI Nm Im
DriveCrypt
h ttp ://w w w .s e c u rs ta r.c o m
ShareCrypt
h ttp ://w w w .s e c u rs ta r.c o m
PocketCrypt
h t t p : / / w w w . s e c u rs t a r . c o m
H D
E
: Im l S Ih b i
DiskCryptor
h t t p : / / d is k c r y p t o r .n e t
alertsec
h t tp : //w w w . a le r ts e c .c o m
b I s i1
1 ----------R-Crypto
h ttp ://w w w .r-tt.c o m
-ta f D is k E n c r y p tio n T o o ls
In a d d i t i o n t o T r u e C r y p t a n d G i l i S o f t F u ll D is k E n c r y p t i o n , t h e r e a r e m a n y o t h e r d is k to o ls is
e n c r y p t i o n t o o l s t h a t a l l o w y o u t o f u l l y e n c r y p t a ll d a t a . A l is t o f d i s k e n c r y p t i o n m e n tio n e d b e lo w as f o l l o w s . A ll t h e s e t o o l s have a c o m m o n
g o a l , i.e., e n c r y p t i n g a d is k
p a r t i t i o n . B u t e n v i r o n m e n t o r p u r p o s e m a y c h a n g e . If o n e t o o l is i n t e n d e d t o c r e a t e a v i r t u a l e n c r y p t e d d is k o f t h e t a r g e t d is k p a r t i t i o n , th e n th e o t h e r m a y be i n t e n d e d t o e n c r y p t d a ta on P o c k e t PCs r u n n i n g W i n d o w s M o b i l e a n d s o o n :
9 9 9 9 9 9 9 9 9
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le
F lo w
C ry p to g ra p h y C on cep ts
1 1 1 :1 1 1 1
tPffrj
E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
Em ail E n c ry p tio n
Disk E n c ry p tio n
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C ryptographyA ttacks
J
C E H
Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted info rm ation
C h o s e n -k e y a tta c k
r #-
C h o s e n - c ip h e r te x t
a tta c k
C r y p to g r a p h y ) J )
A tta c k s
(b re a k s t h e c i p h e r t e x t ) w i t h o u t t h e s u b v e r ts t h e c y r p t o g r a p h ic
s y s te m 's s e c u r it y by e x p l o i t i n g th e
c r y p t o g r a p h ic p r o t o c o l o r k e y m a n a g e m e n t s c h e m e .
C r y p t o g r a p h y a t t a c k s a re b ase d o n t h e
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C ryptographyA ttacks
( C o n t d ) Ciphertext-only Attack
Attacker has access to the cipher text; goal of this attack to recover encryption key from the ciphertext
C E H
M
Chosen-plaintext Attack
Attacker defines his own plaintext, feeds it into the cipher, and analyzes the resulting ciphertext
L*
Known-plaintext Attack
Attacker has knowledge of some part of the plain text; using this information the key used to generate ciphertext is deduced so as to decipher other messages
GO
C r y p to g r a p h y
A tta c k s
( C o n td )
A tta c k e rs gain access to th e c o n t e n t o f th e e n c r y p te d m e ssag e th ro u g h c r y p ta n a ly s is by d e f e a tin g th e c r y p t o g r a p h ic s e c u r ity a lg o r it h m s , even w it h o u t th e k n o w le d g e o f e n c ry p tio n details. T h o u g h th e a lg o rith m s are stro n g and are re sistant to all attacks, the d e m a n d s o f practical c ry p to s y s te m easily in tr o d u c e v u ln e ra b ilitie s. These v u ln e r a b ilitie s are th e so u rc e s o f v a rio u s c ry p to g ra p h y attacks. As discussed pre v io usly , th e r e are e ight type s o f c ry p to g ra p h y attacks. All th e s e attacks try e ith e r to re trie ve th e key or e xp o se th e plain text. T h e se attacks are d istin g u ish e d based on th e in fo rm a tio n a v a ilab le t o th e c ry p ta n a ly s t t o m o u n t an atta ck . The m ain goal o f atta c k e rs in all the cases is to d e c ry p t th e n e w pieces o f e n c r y p t e d message w it h o u t ad d itio n a l in fo rm a tio n .
y C ip h e rte x t o n ly a tta c k
A c ip h e rte x t o nly attack is o n e o f th e basic types o f active attacks b e c a u se it is very easy fo r th e a tta c k e r to get c ip h e rte x t by s n iffin g th e tra ffic o f an y in d iv id u al. In th is ty p e o f attack, t h e a tta ck e r w ill have access o nly to c ip h e rte x ts o f several messages, all o f w h ic h w e r e e n c r y p te d using th e s a m e e n c r y p tio n a lg o rith m . Finding th e key used fo r e n c r y p tio n is th e m ain o b je ctiv e o f the a tta c k e r as it a llo w s th e a tta ck e r to d e c o d e all the m e ssag es e n cry p te d w ith th e re sp e c tive key.
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
A d a p tiv e c h o s e n - p la in te x t a tta c k A n a d a p t i v e c h o s e n - c i p h e r t e x t is t h e c o l l a b o r a t i v e v e r s i o n o f t h e c h o s e n - p l a i n t e x t a tta c k . In t h i s t y p e o f a tta c k , t h e a t t a c k e r ch o se s f u r t h e r c i p h e r t e x t s b ase d o n p r i o r re s u lts . H e r e t h e c r y p t a n a l y s t n o t o n l y c h o o s e s t h e p la i n t e x t t h a t is e n c r y p t e d b u t can also m o d i f y his o r h e r c h o ic e b ase d o n t h e r e s u lts o f t h e p r e v io u s e n c r y p t i o n . C h o s e n - c ip h e r te x t a tta c k In a c h o s e n - c i p h e r t e x t a tta c k , t h e a t t a c k e r c h o o s e s s o m e p a r t o f c i p h e r t e x t t o be d e c r y p t e d a n d tr i e s t o f i n d o u t t h e c o r r e s p o n d i n g d e c r y p t e d p la i n t e x t . T his is u s u a lly d o n e w i t h t h e h e lp o f a d e c r y p t i o n o r a c le (a m a c h in e t h a t d e c o d e d t h e t e x t w i t h o u t d is c lo s in g t h e key). Basically, th is t y p e o f a t ta c k is a p p lic a b le t o p u b l i c - k e y c r y p t o s y s t e m s . T his a t ta c k is h a r d e r t o p e r f o r m w h e n c o m p a r e d t o o t h e r a tta c k s , a n d t h e a t t a c k e r n e e d s t o h a v e c o m p l e t e c o n t r o l o f s y s te m c o n t a i n i n g c r y p t o s y s t e m in o r d e r t o c a r r y o u t t h i s a tta c k . R u b b e r h o se a tta c k In a r u b b e r h o se a tta c k , t h e a t t a c k e r e x tr a c ts t h e s e c r e t key f r o m th e u ser by
t h r e a t e n i n g , b l a c k m a i l i n g , o r t o r t u r i n g h im o r h e r u n til t h e key is h a n d e d o v e r .
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C ryptographyA ttacks
( C o n t d )
Atta cker o b ta in s th e p la in texts co rre sp o n d in g to an a rb itra ry set o f cip h e rte x ts o f his o w n c h o o sin g
^g
Urtifwd |
\\
ilkitjl IlM hM
E xtractio n o f cry p to g ra p h ic secrets (e.g. th e p a ssw o rd to a n e n cry p ted file) fro m a p e rso n by c o e rc io n o r to rtu re
C r y p to g r a p h y
A tta c k s
( C o n td )
C h o s e n - p la in te x t (L cJ ^ _ This is m o r e p o w e r f u l t h a n a p la i n t e x t a t ta c k . In t h i s t y p e o f a tta c k e r , t h e a t t a c k e r n o t o n ly has access t o t h e c i p h e r t e x t a n d a s s o c ia te d p l a i n t e x t f o r s e v e ra l m essages, b u t also c h o o s e s t h e p la i n t e x t t h a t is e n c r y p t e d , a n d o b t a in s t h e r e s u lt in g c i p h e r t e x t . K n o w n -p la in te x t a tta c k --------In a k n o w n - p l a i n t e x t a tta c k , t h e a t t a c k e r has access t o t h e c i p h e r t e x t o f o n e o r m o r e
m essa ge s as w e l l as access t o t h e r e s p e c tiv e p la i n t e x t . W i t h t h e h e lp o f b o t h th e s e i te m s , t h e c r y p t o g r a p h i c key can e a sily e x tr a c te d . T h e a t t a c k e r can r e c o v e r t h e r e m a i n in g e n c r y p t e d , z ip p e d file s w i t h t h e h e lp o f t h e e x t r a c t e d key. In g e n e r a l, m o s t p e o p le s t a r t t h e i r m e ssa g e s w i t h t h e s a m e t y p e o f b e g in n in g n o te s such as g re e tin g s a nd clo se w i t h th e same ty p e o f e n d in g su ch as s p e c ific s a lu ta tio n s , c o n ta c t
i n f o r m a t i o n , n a m e , etc. A t t a c k e r s can use t h is as an a d v a n t a g e t o la u n c h k n o w n - p l a i n t e x t a tta c k s . H e re t h e a t t a c k e r has s o m e p la i n t e x t (i.e., t h e d a ta t h a t a re t h e s a m e o n e a ch m ess a ge ) a n d can c a p t u r e an e n c r y p t e d m essa ge , a n d t h e r e f o r e c a p t u r e t h e c i p h e r t e x t . O n c e t h e f e w p a r ts o f t h e m essa ge re d is c o v e r e d , t h e r e m a i n in g ca n e a s ily be a c c o m p lis h e d w i t h t h e h e lp o f re v e rs e e n g in e e r in g , f r e q u e n c y a na lysis , o r b r u t e f o r c e a t t e m p t s .
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C h o s e n k e y a tta c k cLi L A c h o s e n key a t t a c k is a g e n e r a liz a t io n o f t h e c h o s e n - t e x t a t t a c k . In th is a tta c k , t h e a t t a c k e r has s o m e k n o w l e d g e a b o u t t h e r e l a t io n s h i p b e t w e e n t h e d i f f e r e n t keys, b u t c a n n o t c h o o s e t h e key. T im in g A tta c k A t i m i n g a t t a c k also is k n o w n as a side c h a n n e l a tta c k . In t h is ty p e o f a tta c k , t h e a tta c k e r tr ie s to c o m p ro m is e a c ry p to s y s te m by a n a ly z in g th e tim e ta ke n to e x e c u te c r y p to g r a p h ic a lg o r ith m s .
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C o d e
r e a k i n g
e t h o d o l o g i e s
C E H
Brute-Force
I t in v o lv e s t h e u s e o f s o c ia l e n g in e e r in g t e c h n iq u e s t o e x tr a c t c ry p to g ra p h y ke ys
C r y p t o g r a p h y k e y s a r e d is c o v e r e d b y t r y in g e v e r y p o s s ib le c o m b in a t io n
eSl
Frequency Analysis
I t is t h e s t u d y o f t h e f r e q u e n c y o f le t t e r s o r g r o u p s o f le t t e r s in a c ip h e r t e x t I t w o r k s o n t h e f a c t t h a t , in a n y g iv e n s t r e t c h o f w r i t t e n la n g u a g e , c e r t a i n l e t t e r s a n d c o m b i n a t i o n s o f le t t e r s o c c u r w i t h v a r y in g f r e q u e n c ie s
C o d e
B r e a k in g
M e th o d o lo g ie s
T he s t r e n g t h o f an e n c r y p t i o n a l g o r i t h m is m e a s u r e d , in la rg e p a r t by c r y p ta n a ly s ts , by u sin g v a r io u s a v a ila b le are: 0 0 0 0 B r u te - F o r c e F re q u e n c y A n aly sis T r ic k e r y a n d D e c e it O n e - T im e Pad B ru te -F o rc e C o d e - b re a k e rs , o r c r y p ta n a ly s ts , w a n t t o r e c o v e r t h e p la i n t e x t o f a m e s s a g e w i t h o u t k n o w i n g t h e r e q u i r e d k e y in a d v a n c e . T h e y m a y f i r s t t r y t o r e c o v e r t h e key, o r g o a f t e r t h e m e s s a g e its e lf. O n e o f t h e f a m i l i a r w a y s o f t h e c r y p t a n a l y t i c t e c h n i q u e is b r u t e - f o r c e a t ta c k o r an e x h a u s tiv e s e a rch , ( w h e r e t h e keys a re g u e s s e d by t r y i n g e v e r y p o s s ib le c o m b in a t i o n ) . T h e e f fic ie n c y o f t h e b r u t e - f o r c e d e p e n d s o n t h e h a r d w a r e c o n f i g u r a t io n . U sag e o f f a s te r p ro c e s s o rs m e a n s t e s t i n g m o r e keys p e r s e c o n d . M ic h a e l W e i n e r , p u t f o r t h a b r u t e - f o r c e a tta c k code b r e a k in g te c h n i q u e s . T h e v a r io u s c o d e -b re a k in g te c h n iq u e s th a t a re
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
o n t h e DES w i t h t h e h e lp o f s p e c ia lly d e s ig n e d c o m p u t e r s w i t h c r y p t o g r a p h e r s s o u n d in g t h e o ld s t a n d a r d 's d e a t h kn e ll. M o r e o v e r , t h e c o m b i n a t i o n o f a d v a n c e d f a c t o r i n g a nd t h e f a s t e r c o m p u t e r s used in t h e r e c e n t a tta c k s o n R SA -129, m a k e s a lg o r i t h m s a p p e a r w e a k . T h e NSA t h a t has t o p c o m p u t i n g p o w e r is t h e c e n t e r o f t h e b r u t e - f o r c e a tta c k . F re q u e n c y A n a ly s is F re q u e n c y a na lys is o f t h e l e t te r s m a k e s t h e b r u t e - f o r c e m e t h o d n o t a s u it a b le m e t h o d f o r a t t a c k in g t h e c ip h e r . For e x a m p le t h e l e t t e r " e " is t h e c o m m o n w o r d in th e English la n g u a g e a n d t h e l e t t e r " k " a p p e a rs c o m m o n l y in t h e c ip h e r t e x t , it can b e c o n c l u d e d r e a s o n a b ly t h a t k=e, a n d so o n. E n c r y p te d s o u r c e c o d e s a r e m o r e e x p o s e d t o t h e a tta c k s b e c a u s e f e w w o r d s lik e " # d e f i n e , " " s t r u c t , " " e ls e ," a n d " r e t u r n " a re r e p e a t e d f r e q u e n t l y . F re q u e n c y a n a ly s is w a s f i r s t used by p ap a l c o u r t s in t h e M i d d l e Age, w h i c h b u i l t f r e q u e n c y ta b le s f o r L a tin a n d Ita lia n w o r d s . S o p h is tic a t e d c r y p t o s y s t e m s a r e r e q u i r e d t o m a i n t a i n t h e s e c u r it y o f t h e m essages. fe jj T r ic k e r y a n d D e c e it T h e r e has a lw a y s b e e n a n e e d f o r a h ig h level o f m a t h e m a t i c a l a nd c r y p t o g r a p h ic skills, b u t t r i c k e r y a n d d e c e it h a v e a lo n g h is t o r y in c o d e - b r e a k i n g as w e l l t h e v a lu e o f t h e e n c r y p t e d d a ta m u s t be b e l o w t h e c o s t e n t i t l e d t o b re a k t h e a l g o r i t h m . In t h e m o d e r n w o r l d , c o m p u t e r s a re f a s t e r a n d c h e a p e r , t h e r e f o r e it w o u l d be b e t t e r t o c h e c k t h e lim i t s o f t h e s e t w o p aram eters. _ O n e -tim e P a d It is c o n s id e r e d t h a t a n y c i p h e r can be c r a c k e d if s u f f i c i e n t t i m e a n d r e s o u rc e s a re p r o v id e d . But th e re is an e x c e p tio n c a lle d a o n e -tim e pad, w h ic h is c o n s id e r e d to be
u n b r e a k a b l e e v e n a f t e r i n f i n i t e re s o u r c e s a re p r o v id e d . A o n e - t i m e pad c o n ta in s m a n y n o n - r e p e a t i n g g r o u p s o f l e t t e r s o r n u m b e r keys, w h i c h are c h o s e n r a n d o m l y . T he se a re t h e n p a s te d t o g e t h e r o n a pad. Bob e n c r y p ts o n l y o n e p la i n t e x t c h a r a c t e r w i t h th e pad a n d A lice d e c r y p t s e a ch a nd e v e r y c h a r a c t e r o f t h e c i p h e r t e x t w i t h t h e h e lp o f t h e s a m e key c h a r a c te r s f r o m an i d e n t ic a l pad. A f t e r t h e use, t h e c h a r a c te r s a re s e c u r e ly r e m o v e d f r o m t h e pad. T h e m a j o r d r a w b a c k o f t h e o n e - t i m e p a d d i n g is th e le n g t h o f t h e pads. T h e le n g t h o f key is s a m e as t h e l e n g t h o f t h e m essa ge , w h i c h m a k e s it i m p o s s i b l e t o e n c r y p t a n d s e n d la rg e messages. T h e S o v ie t spies c o m m o n l y used o n e - t i m e pads d u r in g t h e C old W a r . T h e a g e n t c a r r ie d th e e n c r y p t e d m e s s a g e t o t h e fie ld , le a v in g t h e id e n t ic a l pad a t t h e h e a d q u a r t e r s . T h e w e l l - k n o w n , o n e - t i m e p a d d in g w a s used o n t h e c o m m u n i c a t i o n lin e s b e t w e e n M o s c o w a n d W a s h i n g t o n .
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C E H
S u c c e s s o f b r u te fo r c e a tta c k d e p e n d s o n le n g t h o f t h e k e y , t im e c o n s t r a in t , a n d s y s t e m s e c u r i t y m e c h a n is m s
P o w e r/C o s t
4 0 b it s (5 c h a r )
5 6 b i t (7 c h a r )
6 4 b i t (8 c h a r )
1 2 8 b i t (1 6 c h a r )
$ 2K (1 PC. Can be achieved by an individual) $ 100K (this can be achieved by a company) $ IM (Achieved by a huge organization or a state)
1.4 min
73 days
50 years
10"20 years
2 sec
35 hours
1 year
10" 19 years
0.2 sec
3.5 hours
37 days
10* 18 years
E s t im a t e T im e f o r S u c c e s s f u l B r u t e f o r c e A t t a c k
B ru te -fo rc e
A tta c k
It is v e r y d i f f i c u l t t o c ra c k c r y p t o g r a p h ic s y s te m s as t h e y h a v e n o p ra c tic a l w e a k n e s s e s t o e x p lo it . Bu t, it is n o t im p o s s ib le . C r y p t o g r a p h i c s y s te m s use c r y p t o g r a p h i c a l g o r i t h m s t o e n c r y p t a m essa ge . T h e s e c r y p t o g r a p h ic a l g o r i t h m s use a key t o e n c r y p t o r d e c r y p t m essages. In c y r p t o g r a p h y , t h is ke y is t h e i m p o r t a n t p a r a m e t e r t h a t s p e c ifie s t h e t r a n s f o r m a t i o n o f p la in te x t o c i p h e r t e x t a n d v ic e v e rsa . If y o u a re a b le t o guess o r f i n d t h e k e y used f o r d e c r y p t i o n t h e n y o u ca n d e c r y p t t h e m essa ge s a n d re a d it in c le a r t e x t ; 1 2 8 - b i t k e y s a re c o m m o n l y used and c o n s id e r e d s tr o n g . F ro m s e c u r it y p e r s p e c tiv e s t o a v o id th e key b e in g g ue ssed , t h e
d e c r y p t i o n . A t t e m p t t o d e c r y p t t h e m e s s a g e w i t h all p o s s ib le keys u n til y o u d is c o v e r t h e key used f o r e n c r y p t i o n . This m e t h o d o f d is c o v e r in g a key is u s u a lly ca lle d a b r u t e - f o r c e a tta c k . In a b r u t e - f o r c e a tta c k , t h e a t t a c k e r tr i e s e v e r y p o s s ib le k e y u n til t h e m e s s a g e can b e d e c r y p t e d . B u t t h is n e e d s a h u g e a m o u n t o f p ro c e s s in g p o w e r f o r d e t e r m i n i n g t h e key used t o s e c u re c r y p t o g r a p h ic c o m m u n i c a t i o n s . For a n y n o n - f l a w e d p r o t o c o l , t h e a v e r a g e t i m e n e e d e d t o f i n d t h e key in a b r u t e - f o r c e a t t a c k d e p e n d s o n t h e le n g t h o f t h e key. If t h e ke y le n g t h is s m a ll, t h e n it w ill t a k e less t i m e t o fin d t h e key. If k e y le n g t h is la rg e r, th e n it w ill t a k e m o r e t i m e t o d is c o v e r t h e key. A b r u t e - f o r c e a t t a c k w i ll be su ccessfu l if a n d o n l y i f e n o u g h t i m e is g iv e n f o r d is c o v e r in g t h e ke y. H o w e v e r , t h e t i m e is r e l a t iv e t o t h e le n g t h o f t h e key. T h e d i f f i c u l t y o f a b r u t e - f o r c e a t ta c k d e p e n d s o n v a r io u s issues, such as:
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
9 9 9 9
For e x a m p le , i f a s y s te m c o u ld b r u t e f o r c e a DES 5 6 - b i t k e y in o n e s e c o n d , t h e n f o r an AES 1 2 8 b it k e y it ta k e s a p p r o x i m a t e l y 1 4 9 t r i l l i o n y e a rs t o b r u t e fo r c e . T o p e r f o r m a b r u t e - f o r c e a tta c k , t h e t i m e is d o u b l e d f o r e v e r y a d d it io n a l b it o f ke y le n g th ; t h e r e a s o n b e h in d it is t h a t th e n u m b e r o f p o t e n t ia l keys is d o u b le d . A b r u t e - f o r c e a t t a c k is, h o w e v e r , m o r e c e r t a i n t o a c h ie v e re s u lts . E s tim a te T i m e f o r Successful B r u te - Force A t t a c k P o w e r/C o s t 4 0 b it s (5 ch a r) 5 6 b i t (7 ch a r) 6 4 b i t (8 ch a r) 1 2 8 b it (1 6 ch a r)
$ 2 K ( 1 PC. C a n b e a c h ie v e d b y a n in d iv id u a l) $ 1 0 0 K (th is can b e a c h ie v e d b y a com pany) $ 1 M (A c h ie v e d b y a huge o rg a n iz a tio n o r a s ta te ) TABLE 19.2: Time estimation for successful Brute-Force Attaack 0.2 Sec 3.5 H o u rs 3 7 Days 1 0 A18 Years 2 Sec 35 H o u rs 1 Year 1 0 A19 Years 1.4 m in 73 Days 5 0 Years 1 0 A2 0 Years
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
M D
e e t - in - t h e - M i g i t a l
id d le
A t t a c k
o n
r c
(trW M
E H
IU kjI H.k
S ig n a t u r e
S c h e m e s
J The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle J It can be used for forging signatures even on digital signatures that use multiple-encryption scheme
John"
E n c ry p te d w it h 1* keyl
I n t e r m e d ia t e C ip h e r te x t 1
D e c ry p te d w it h 1 ke y 2
" A v B r ;
I n t e r m e d ia t e C ip h e r te x t 2
D e c ry p te d w it h 2 nd k e y 2
"A v B r"
I n t e r m e d ia t e C ip h e r te x t 2
D e c ry p te d w it h 2s6,h k e y 2
"A v B r"
P la in t e x t
C ip h e r te x t
M e e t i n t h e M i d d l e S c h e m e s
A tta c k
o n
D ig it a l S ig n a tu re
A m e e t - i n - t h e - m i d d l e a t t a c k is t h e b e s t a t t a c k m e t h o d f o r c r y p t o g r a p h ic a lg o r i t h m s using m u l t i p l e keys f o r e n c r y p t i o n . T his a t t a c k re d u c e s t h e n u m b e r o f b r u t e fo r c e p e r m u t a t i o n s n e e d e d t o d e c o d e t e x t t h a t has b e e n e n c r y p t e d by m o r e t h a n o n e key a n d is c o n d u c t e d m a i n l y f o r f o r g i n g s ig n a t u r e s o n m ix e d t y p e d ig ita l s ig n a tu r e s . A m e e t - i n - t h e - m i d d l e a t t a c k uses sp ace t i m e t r a d e - o f f ; it is also k n o w n as b i r t h d a y a t t a c k b e c a u s e it e x p lo its t h e m a t h e m a t i c s b e h in d t h e b i r t h d a y p a r a d o x . It ta k e s less t i m e t h a n an e x h a u s tiv e a tta c k . It is ca lle d a m e e t - i n - t h e M i d d l e a t ta c k b e c a u s e th is a t t a c k w o r k s by e n c r y p t i n g f r o m o n e e n d a n d d e c r y p t i n g f r o m t h e o t h e r e n d , t h u s m e e t i n g in t h e m id d le . In t h e m e e t - i n - t h e - m i d d l e a tta c k , t h e a t t a c k e r uses a k n o w n p la i n t e x t m es sa g e . T h e a t t a c k e r has access t o b o t h t h e p la i n t e x t as w e l l as t h e r e s p e c tiv e e n c r y p t e d te x t . C o n s id e r an e x a m p le w h e r e t h e p la in t e x t is " J o h n " a n d t h e r e s u lt in g d o u b l e DES e n c r y p t e d m e s s a g e is " A v B r . " In o r d e r t o r e c o v e r b o t h t h e keys, i.e. k e y l a n d ke y 2 , t h a t a re used f o r e n c r y p t i o n , t h e a t t a c k e r p e r f o r m s a b r u t e - f o r c e a t ta c k o n k e y l u sin g all 2 5" d i f f e r e n t Single DES p o s s ib le keys t o e n c r y p t t h e p la i n t e x t o f " J o h n " a n d saves e a ch key a n d t h e r e s u lt in g i n t e r m e d i a t e c i p h e r t e x t in a ta b le . T h e a t t a c k e r c o n d u c t s b r u t e f o r c e o n ke y 2 , d e c r y p t i n g " A v B r " u p t o 2 % t i m e s . T h e a t t a c k is su cc e ssfu l, when th e second b ru te -fo rc e a tta c k g ive s th e same r e s u lt as t h a t of th e
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
John
E n c r y p t e d w it h I s' k e y l
"AvBr"
John
E n c r y p t e d w it h 2 nd k e y l
D e c r y p t e d w it h 2 " key2
"AvBr"
] }
John" Plaintext
E n c r y p t e d w it h
2 5 d k e y l
D e c r y p t e d w it h 2 s6 1 < key2
"AvBr" Ciphertext
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
Email Encryption
y .\ t
Cryptography Attacks
|<ar
Cryptanalysis Tools
M o d u le -------
F lo w
C ry p to g ra p h y C on cep ts
gTffni 1 1 : 1 1 1 1
E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
Em ail E n c ry p tio n
Disk E n c ry p tio n
C ry p to g ra p h y A tta c k s
C ry p ta n a lysis T ools
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
r y p t a n a l y s i s
T o o l:
r y p T o o l
E H
3
In d iv. P r o c e d u re s A nalysts O p tio n s W in d o w H elp
x r n in g C r y p T o o l is a ! fre e e -_ le a
p r o g r a m in t h e a r e a o f c ry p to g ra p h y a n d
IDEA...
c r y p t o a n a ly s i s S u b p r o j e c t s o f C r y p T o o l: e S
S hift S trg * R
RC4... DES (ECB). DES (C B Q ... T rip le DES (ECB} . T rip le DES (C B Q ... R ijn d ae l (AES)... F u rth e r A lg o rith m s AES (setf e x tra c t n g )...
T h e C ry p T o o l p o r ta l is a c e n t r a l i z e d p l a c e for
C ry p T o o l 1 (C T 1 ) C ry p T o o l 2 (C T 2 ) J C ry p T o o l (JCT) C r y p T o o l- O n lin e (C TO )
B! 00000000 0300030c 030C 0318 ODOCOD24 03000330 0 3 0C 0 33 C 03000348 03000354 03 0C 0 36 C 0300036C 00000076 00000384 00000390 0 3 0C 0 39 C n n n n n ru p E43 AD 93 6B DD 96 BE DA
H |d
U O X .. r g Q sn . : . $. . I - $ 6 (C / KW cH F VO A 4-BV C b . . 1 k.q . . xVK. .82 . . r + .X P . . . . . . VZ. x b*09I 0 . _ [ . . vAH . . r . : .0 j... ..................... *. k -< n . ]... 9 r ^
2k
1:1 C:227
?227
h t t p: / / ww w .c r yp t oo l .o r g
2k
F3 96 C8 63 F3
A4 A6 81 SA D6 B2 SB 03 31 U C7 8B EA B9 91 B9 bE 1 7 9
1 il
C r y p ta n a ly s is
T o o l:
C ry p T o o l
S o u rce : h t t p : / / w w w . c r y p t o o l . o r R
The CrypTool project develops e-learning programs in the area of cryptography and cryptanalysis. It consists of four different subprojects: They are (CT1, CT2, JCT. CTO) related to the CrypTool software in various facets for different purposes.
9
CrypTool 1 (CT1) was the first version of CrypTool. It was released in 1998 and allows to experiment with different cryptographic algorithms. CT 1 has two successors. CrypTool 2 (CT2) supports visual programming and execution of cascades of cryptographic procedures.
JC ry p T o o l (JCT) w h i c h is p l a t f o r m - i n d e p e n d e n t .
9 9
CrypTool-Online (CTO) was released in spring 2009. This tool allows trying out different algorithms in a browser/smartphone. Another subproject is the international crypto cipher challenge "IV 1TC 3," offering cryptographic riddles of different levels.
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
C r y p T o o l 1.4.31 B e ta 5 [V S 2 0 1 0 ] - U n n a m e d !
File Edit V ie w J^Encr^pt^Dec^ptJ D igital Si g n jt u t e v P ^ Indiv. P ro ce d ure s A n ,ly s is O p tio n s W in d o w H elp
D [B # |rf' U
S y m m e tn c (classic)
TABLE 19.24: CrypTool Screenshot RC2 encryption of <Unnamed1 >, key <00>
00000000 0000000c 00000018 00000024 00000030 0000003C 00000048 00000054 00000060 0000006C 00000078 00000084 00000090 0000009C nnnnnrufi EC 40 AD 9B 6B DD 96 BE DA 2A F3 96 C8 6B F9 55 73 49 C8 4F 62 98 A9 E6 97 30 0A 00 2D R4 4F 6E 3D C9 41 FB 78 7A 8B BA 02 72 F0 3C R9 23 09 B7 4B 12 9C 57 CE DA DA 5F 81 8B 91 17 16 A2 23 57 AE E4 4B 2B 57 D6 5B 3A EA B9 39 IB 3A B5 87 2A A4 A6 81 5A B2 03 C7 B9 6E 5n A4 9D 36 E2 2B C2 E6 58 IB 62 8B 30 84 DD 1R 72 FI 28 96 42 6C B7 50 B2 24 77 6A C8 5D 3R E4 24 43 71 57 98 99 A0 88 4F B9 BB BD ID 7? 67 El 6D 48 CC 6B 94 94 EC 40 76 F8 2A F8 ?9 D4 CE 2F 46 09 0B 38 8C 78 49 41 E4 FB C3 nr> IB A7 BC E3 43 71 7A F4 Al FC 4E 08 9D DF fin
fe n
I-
0 0 .UO#. . . r .g ..
* 6 ( C * *+ B U C l . k . q
.. K V .. qHF
kO A . .b . . z .+
. .xV K
XP
82
VZ *
x b$0<?I.
*
. 0 . _ [ . . w . vAN . . r . : . Oj . . . . k ; ; < n ; i ;
.
91
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
CryptoBench o
h t t p : / / w w w . a d d a r io . o r g
(f)
AlphaPeeler
h t t p : / / a lp h a p e e l e r . s o u r c e fo r g e , n e t
JCrypTool
h t t p : / / w w w . c r y p to o l. o r g
Ganzua
h t tp ://g a n z u a .s o u rc e fo rg e .n e t
mediggo
h t t p : / / c o d e , g o o g le , c o m
EverCrack
h ttp ://e v e r c ra c k .s o u r c e fo r g e .n e t
SubCyphe
. . J h ttp o ::////w ww w w .. e essc c le p iu s llc . c o m
C r y p ta n a ly s is
T o o ls
In a d d i t i o n t o C ry p T o o l, m a n y t o o l s t h a t a l l o w y o u t o p e r f o r m c r y p ta n a ly s is a re a v a ila b le : 9 9 9 9 9 9 9 9 9 9 C r y p to B e n c h a v a ila b le a t h t t p : / / w w w . a d d a r i o . o r g JC ry p T o o l a v a ila b le a t h t t p : / / w w w . c r y p t o o l . o r g Ganzua a v a ila b le a t h t t p : / / g a n z u a . s o u r c e f o r g e . n e t C ra n k a v a ila b le a t h t t p : / / c r a n k . s o u r c e f o r g e . n e t Ev e rC rack a v a ila b le a t h t t p : / / e v e r c r a c k . s o u r c e f o r g e . n e t A lp h a P e e le r a v a ila b le a t h t t p : / / a l p h a p e e l e r . s o u r c e f o r g e . n e t D r a ft C r y p t o A n a ly z e r a v a ila b le a t h t t p : / / w w w . l i t e r a t e c o d e . c o m L in e a r H ull C ry p ta n a ly s is o f PRESENT a v a ila b le a t h t t p : / / w w w . e c r y p t . e u . o r g M e d ig g o a v a ila b le a t h t t p : / / c o d e . g o o g l e . c o m S u b C y p h e r a v a ila b le a t h t t p : / / w w w . e s c l e p i u s l l c . c o m
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
n l i n e
e c r y p t i o n
T o o ls
C E H
MD5 Decrypt
h t t p : / / w w w . m d 5 d e c r y p t. o r g
OnlieHashCrack.com
h t t p : / / w w w . o n li n e h a s h c r a c k . c o m
f if t h
MD5Cracker
h ttp ://m d 5 c ra c k .com
MD5Decrypter.co.uk
h ttp ://w w w .m d 5 d e c ry p te r.c o .u k
* i
Md5.My-Addr.com
h ttp ://m d 5 .m y -a d d r.c o m
Hash Cracker
h t t p : / / w w w . h a s h - c r a c k e r. c o m
cmd5.org
h ttp ://w w w .c m d 5 .o rg
MD5Decrypter
h ttp ://w w w .m d 5 d e c ry p te r.c o m
!I
T o o ls
rW Jn
N |p |
O n lin e
M D 5
D e c r y p tio n
O n lin e M D 5 d e c r y p t i o n t o o l s a l l o w y o u t o re a d t h e e n c r y p t e d m essages in c le a r t e x t . All y o u n e e d t o d o is s u m b i t th e M D 5 hash o f t h e m e s s a g e t h a t y o u w a n t t o rea d t o an o n l i n e M D 5 d e c r y p t o r . It d e c r y p ts t h e M D 5 hash v a lu e a n d s im p ly g ive s y o u t h e o r ig in a l m essa ge t h a t has b e e n e n c r y p t e d . T h e s e t o o l s e l i m in a t e t h e n e e d f o r in s t a llin g M D 5 d e c r y p t o r s . M a n y o n l i n e M D 5 d e c r y p t i o n t o o l s a re r e a d ily a v a ila b le : 9 9 9 9 Q 9 Q e M D 5 D e c r y p t a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t . o r g M D 5 C r a c k e r a v a ila b le a t h t t p : / / m d 5 c r a c k . c o m M D 5 Hash C ra c k e r a v a ila b le a t h t t p : / / w w w . t m t o . o r g Hash C ra c k e r a v a ila b le a t h t t p : / / w w w . h a s h - c r a c k e r . c o m IV ID 5 D e c rv p te r a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t e r . c o m O n lie H a s h C r a c k .c o m a v a ila b le a t h t t p : / / w w w . o n l i n e h a s h c r a c k . c o m M D 5 D e c r y p t e r . c o . u k a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t e r . c o . u k M d 5 . M y - A d d r . c o m a v a ila b le a t h t t p : / / m d 5 . m y - a d d r . c o m c m d 5 . o r g a v a ila b le a t h t t p : / / w w w . c m d 5 . o r g C r y p t a n d D e c r y p t O n lin e T o o l C o n v e r s io n a v a ila b le a t h t t p : / / m y e a s y w w w . a p p s p o t . c o m
Ethical Hacking and Countermeasures Copyright by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited.
fertMM
C E H
IthKJi lUckM
Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted information Public K ey Infrastructure (PK I) is a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates
r rrr
M o d u le
S u m m a ry
C r y p t o g r a p h y is t h e c o n v e r s io n o f d a ta i n t o a s c r a m b le d c o d e t h a t is d e c r y p t e d a nd s e n t across a p r i v a t e o r p u b lic n e t w o r k .
U sing P u b lic Key I n f r a s t r u c t u r e (PKI), a n y o n e can se nd a c o n f i d e n t i a l m e s s a g e using p u b lic in fo rm a tio n , w h ic h can o n ly be d e c ry p te d w ith a p riv a te key in th e so le p o sse ssio n o f t h e i n t e n d e d r e c ip ie n t .
9 9
T he SH A a l g o r i t h m ta k e s a m e ssa g e o f a r b i t r a r y le n g t h as i n p u t a n d o u t p u t s a 1 6 0 - b i t m e s s a g e d ig e s t o f t h e in p u t .
Ethical Hacking and Countermeasures Copyright by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.