CEHv8 Module 19 Cryptography

C ry p to g ra p h y
Module 19
Ethical Hacking and Countermeasures Cryptography
Exam 3 12 -5 0 Certified Ethical Hacker
C r y p to g r a p h y
M o d u le 19
Engineered by Hackers. Presented by Professionals.
CEH
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s v M o d u le 19: C r y p t o g r a p h y E x a m 3 1 2 -5 0
Module 19 Page 2783
Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
R a n so m M a lw a re H its A u s tr a lia a s 3 0 B u s in e s s e s A tta c k e d
01 October 2012
The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many as 30 Australian businesses have now asked police for help coping with attacks in a matter of days. According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves. Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total. In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about 2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices. The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week. Worryingly, this attack used 256-bit encryption, to all intents and purposes impossible to crack if the key has not been exposed during the attack. "A lot of businesses can't afford the interruptions to their trade and will pay straight away," detective superintendent Brian Hay of Queensland's fraud and corporate crime group told press.
http://news.techworld.com
Copyright by
EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
S e c u r it y N e w s .1* R a n s o m M a lw a r e H it s A u s t r a lia a s 30 B u s in e s s e s A tta c k e d Source: http://news.techworld.com The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many as 30 Australian businesses have now asked police for help coping with attacks in a matter of days. According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves. Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total. In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about 2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices. The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week.
Module 19 Page 2784
Worryingly, this attack used, to all intents and purposes impossible to crack if the key has not been exposed during the attack. "A lot of businesses can't afford the interruptions to their trade and will pay straight away/' detective superintendent Brian Hay of Queensland's fraud and corporate crime group told press. Ransom malware has become a serious issue during 2012, although its effect on businesses is rarely recorded. Most of the data that has become public has been in the form of police warnings based on attacks against consumers. Most attacks simply attempt to engineer users into believing their files are encrypted when they are not or make more general threats, often to report victims to national police for nonexistent crimes. The use of industrial-strength encryption is rare although this sort of technique is actually where the form started as long ago in 2006 with a piece of malware called 'Cryzip. In August, the FBI said it had been "inundated" with ransom malware reports from consumers, not long after the UK's Police Central e-Crime Unit (PCeU) publicised an identical spate of attacks that had affected over a thousand PCs in the UK. In the past the few security companies that have investigated the issue have pinned the blame on a single cabal of Russian criminals that seem able to operate with impunity. Now the same tactics appear to have spread to gangs in nearby countries such as the Ukraine and Romania. The suspicion is that some security vendors say little about the problem because not only is their software unable to stop infections but they can't always unlock the files after the fact either.
All contents IDG2012 By: John EDunn

http://news.techworld.com/security/3401328/ransom-malware-hits-australia-as-30businesses-attacked/
Module 19 Page 2785
M o d u le
O b je c tiv e s
1
CEH
J J J J J J J
C ry p to g rap h y E ncryption A lg o rith m s Ciphers W h a t Is SSH (S ecure Shell)? C ry p to g rap h y Tools Public Key In fra s tru c tu re (PKI) C ertificatio n A u th o ritie s
'J J J J J J J
D igital S ign atu re Disk Encryption Disk E ncryption Tool C ry p to g rap h y Attacks C od e B reaking M e th o d o lo g ie s C ryptanalysis Tools O n lin e M D 5 D ecryp tio n Tools
Copyright by
EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
ft:
M o d u le O b je c t iv e s
Having dealt with various security concerns and countermeasures in the preceding modules, it is obvious that cryptography, as a security measure, is here to stay. This module will familiarize you with: s S S 0 S S S Cryptography Encryption Algorithms Ciphers What Is SSH (Secure Shell)? Cryptography Tools Public Key Infrastructure (PKI) Certification Authorities Digital Signature Disk Encryption Disk Encryption Tool Cryptography Attacks Code Breaking Methodologies Cryptanalysis Tools Online MD5 Decryption Tools
Module 19 Page 2786
Ethical Hacking and Countermeasures Copyright by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le
F lo w
C EH
V V
X
M o d u le F lo w
To understand cryptography security measures, let's begin with cryptography and its associated concepts.
Cryptography Concepts
|*jiH
Encryption Algorithms
Cryptography Tools
Public Key Infrastructure (PKI)
Email Encryption
Disk Encryption
Cryptography Attacks
0^)
Cryptanalysis Tools
This section describes cryptography and the types of cryptography.
Module 19 Page 2787
Ethical Hacking a n d C o u n te rm e a s u re s C ry p to g ra p h y
Exam 3 1 2 -5 0 C ertified Ethical H acker
r y p
t o
r a
C E H
C r y p t o g r a p h y is t h e c o n v e r s i o n o f d a t a i n t o a s c r a m b l e d c o d e t h a t is d e c r y p t e d a n d s e n t a c r o s s a p r i v a t e o r p u b lic n e tw o rk
Cryptography is used to protect confidential data such as email messages, chat sessions, web transactions, personal data, corporate data, e-commerce applications, etc.
Objectives
J J
C onfidentiality Integrity
J J
A uthentication N o n-R epudiation
E n c ry p tio n
>* Ciphertext
D e c ry p tio n
..............> Plaintext
C o p y rig h t b y
Process
Plaintext
Ciphertext
EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
C ry p to g ra p h y
Everyone has secrets, and when it is necessary to transfer that secret information from one person to another, it's very important to protect that information or data during the transfer. Cryptography takes plaintext and transforms it into an unreadable form (ciphertext) for the purpose of maintaining security of the data being transferred. It uses a key to transform it back into readable data when the information reaches its destination. The word crypto is derived from the Greek word kryptos. Kryptos was used to depict anything that was concealed, hidden, veiled, secret, or mysterious. Graph is derived from graphia, which means writing; hence, cryptography means the art of "the secret writing." Cryptography is the study of mathematical techniques involved in information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography transforms plaintext messages to ciphertext (encrypted messages) by means of encryption. Modern cryptography techniques are virtually unbreakable, though it is possible to break encrypted messages by means of cryptanalysis, also called code breaking. There are four main objectives of cryptography:
C o n fid e n tia lity
According to the International Standards Organization (ISO), confidentiality is "ensuring that the information/data can be accessed only by those authorized." Confidentiality is the
M o d u le 19 P ag e 2788 Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
term used to describe the prevention of revealing information to unauthorized computers or users. Any breach in confidentiality may lead to both financial and emotional distress. There have been instances of organizations going bankrupt due to a system breach by rival organizations. Moreover, personal information in the wrong hands can ruin the lives of system users. Therefore, only authorized users should possess access to information.
In te g r ity
Integrity is ensuring that the information is accurate, complete, reliable, and is in its original form/' Valuable information is stored on the computer. Any data corruption/modification can reduce the value of the information. The damage that data corruption/modification can do to an organization is unfathomable. Integrity of the data is affected when an insider (employee) of an organization or an attacker deletes/alters important files or when malware infects the computer. Although it may be possible to restore the modified data to an extent, it is impossible to restore the value and reliability of the information. Examples of violating the data integrity include: 9 9 A frustrated employee deleting important files and modifying the payroll system Vandalizing a website and so on
A u th e n t ic a t io n
------ Authenticity is "the identification and assurance of the origin of information." It is important to ensure that the information on the system is authentic and has not been tampered with. It is also important to ensure that the computer users or those who access information are who they claim to be.
N o n r e p u d ia tio n
In digital security, nonrepudiation is the means to ensure that a message transferred has been sent and received by the persons or parties who actually intended to. Let us assume that party A is sending a message M with the signature S to the party B. Then party A cannot deny the authenticity of its signature S. It can be obtained through the use of: 9 Digital signatures: A digital signature functions as unique identifier for an individual, like a written signature. It is used to ensure that a message or document is electronically signed by the person. Confirmation services: It is possible to indicate that messages are received and/or sent by creating digital receipts. These digital receipts are generated by the message transfer agent.
............ >
C ip h e r te x t
Encryption D e c ry p tio n ^
L j
P la in te x t
FIGURE 1 9 .1 : Illu stra tin g c r y p to g ra p h y p r o c e s s
M o d u le 19 P ag e 2789
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
y p e s
r y p
t o
r a
E H
(rtifwd itkKJl
1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------S y m m e tric E n cry p tio n Symmetric encryption (secret-key, shared-key, and private-key) uses the same key for encryption as it does for decryption
D e a rJ o h n , A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t
Symmetric Encryption
E n c ry p tio n D e c ry p tio n
G u u ih ifh o fn kb ifkfn n fk N k lc lm lm *& }_( )_

C ip h e rte x t
| ..........
D e a rJ o h n , T h isism y A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t
Asym m etric Encryption

E n c ry p tio n D e c ry p tio n
A s y m m e tric E n cryp tio n

D e a rJ o h n , T h isism y A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t ^
D e a rJ o h n , A /Cn u m b e r 7 9 7 4 3 9 2 8 3 0
P la in t e x t
G u u ih ifh o fn kb ifkfn n fk N k lc lm lm A & )LL

C ip h e rte x t
Asymmetric encryption (public-key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys
C o p y rig h t b y
'C m
T y p e s
o f C ry p to g ra p h y
' "'The following are the two types of cryptography: 9 e Symmetric encryption (secret key cryptography) Asymmetric encryption (public key cryptography)
S y m m e tr ic E n c r y p t io n
'
The symmetric encryption method uses the same key for encryption and decryption. As shown in the following figure, the sender uses a key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver decrypts the ciphertext with the same key that is used for encryption and reads the message in plaintext. As a single secret key is used in this process symmetric encryption is also known as secret key cryptography. This kind of cryptography works well when you are communicating with only a few people.
M o d u le 19 P ag e 2 7 9 0
S y m m e tr ic E n c r y p tio n
Encryption
D e ar John, This is m y A /C n u m b e r 7 9 7 439283 0
f^ )
G u u ih ifh o fn LkifW K D IIK nnflr nnTK N k lc lm lm
3
............
D ecryption
D e a rJ o h n ,
A /C n u m b e r 797 439283 0
Plain text
C iphertext
Plain text
FIGURE 19.2: Symmetric Encryption method The p r o b le m w ith th e se cre t key is tr a n s fe r r in g it o ve r th e large n e tw o r k or Internet w h ile p re v e n tin g it fr o m falling into th e w ro n g hands. In th is process, a n y o n e w h o k n o w s th e secret key can d e c ry p t th e message. This p r o b le m can be fixed by a s y m m e t r ic e n c r y p tio n . A s y m m e t r ic E n c r y p tio n ' 1 A s y m m e tr ic c r y p to g r a p h y uses d iffe re n t keys fo r e n c r y p tio n and d e c ry p tio n . In this
ty p e o f c ry p to g ra p h y , an end user on a p u b lic o r priva te n e tw o r k has a pair o f keys: a pu blic key fo r e n c r y p tio n and a p riv a te key fo r d e c ry p tio n . Here, a p r iv a te k e y c a n n o t be d e riv e d fro m th e p u b lic key. The a s y m m e tr ic c ry p to g ra p h y m e th o d has be e n p ro v e n t o be se cu re ag ainst attackers. th e re c e ive r d e c o d e s th e m e ssag e using a r a n d o m key g e n e r a te d by th e s e n d e r 's p u b lic key. A s y m m e t r ic E n c r y p tio n
Encryption
D ear John, This is m y A /C n u m b e r 7974392830
In
a s y m m e tr ic c ry p to g ra p h y, th e s e n d e r e n c o d e s th e m essage w ith th e help o f a p u b lic key and
G u u ih ifh o fn k b ifk fn n fk N klc lm lm
Decryption
D e arJo hn,
This is m y A/C n u m b e r 7974392830
Plain text
Ciphertext
Plain text
FIGURE 19.3: Asymmetric Encryption method
G o v e rn m e n t A c c e s s
to
K e y s
(G A K )
E H
Government Access to Keys means that software companies will give copies of all keys, (or at least enough of the key that the remainder could be cracked) to the government
th\s \ssue
0n'y U seS
C u r t i s s u e s
and*ill
a
Sa *arram to do so
II R ig h ts R e s e r v e d . R e p r o d u c tio n is S tr ic tly P r o h ib ite d .
G o v e r n m e n t A c c e s s to A key e s c ro w e n c r y p tio n sy ste m
K e y s p ro v id e s
(G A K ) th e d e cry p tin g c a p a b ility to ce rtain
a u th o riz e d p e rso n n e l, u n d e r stip u la te d co n d itio n s , and can d e c ry p t th e data. The d a ta r e c o v e r y key s fo r e n c ry p tin g and d e c ry p tin g th e data are n o t sim ilar, but th e y in fo rm a m e th o d t o d e te r m in e th e e n c r y p tio n and d e c r y p tio n keys. T h e y in clu d e a key e s c ro w (used to refer th e sa fe g u ard th e data keys), key archive, key backup, and data r e c o v e r y system . Key r e c o v e ry sy ste m s have g a in e d p r o m in e n c e due to th e de sire o f g o v e r n m e n t in te llig e n c e and law e n fo r c e m e n t ag e n cie s to g u a r a n te e th e y have access t o th e e n c r y p te d in fo rm a tio n w it h o u t th e k n o w le d g e o r c o n s e n t o f e n c r y p tio n users. A w e ll-d e s ig n e d c ry p to s y s t e m p ro v id e s s e c u rity by re co v e rin g th e e n c r y p te d da ta w it h o u t p r o p e r in fo rm a tio n a b o u t th e c o r r e c t key. The m a in te n a n c e o f such h ig h - s e c u r ity m e asu re s m ay cause p r o b le m s to th e o w n e r o f th e e n c ry p te d data if th e o w n e r lo ses th e key. The e ve n tu a l goal o f g o v e r n m e n t- d r iv e n re c o v e r y e n c ry p tio n , as state d in th e US D e p a r tm e n t o f C o m m e r c e 's re c e n t e n c ry p tio n re gulatio n s, "E n v is io n s a w o r ld w id e key m anagement in fra stru c tu re w ith th e use o f key e sc ro w an d key re c o v e ry e n c r y p tio n ite m s." The C lip p e r Chip is a hardw are-based c r y p to g r a p h ic d e v ice used to se cu re private
c o m m u n ic a t io n s by s im u lta n e o u s ly a u th o riz in g g o v e r n m e n t agents to o b ta in th e keys upon giving it, v ag ue ly t e r m e d "le g a l a u t h o r iz a t io n . "

T h e k e y s a r e s p l i t b e t w e e n t w o g o v e r n m e n t e s c r o w a g e n c ie s . T h is h e l p s t h e g o v e r n m e n t in a c c e s s in g p r i v a t e c o m m u n i c a t i o n c h a n n e l s . A d e v i c e c a l l e d C l i p p e r is u s e d t o e n c r y p t v o i c e c o m m u n i c a t i o n s a n d a s i m i l a r d e v i c e c a l l e d C a p s t o n e is u s e d t o e n c r y p t t h e d a t a . T h e N a t i o n a l S e c u r i t y A g e n c y (N S A ) is a s e c r e t US m i l i t a r y i n t e l l i g e n c e a g e n c y r e s p o n s i b l e f o r c a p tu rin g fo re ig n g o ve rn m e n t c o m m u n ic a tio n s , and c ra c k in g th e codes o fp ro te c te d
t r a n s m i s s i o n s t h a t a r e d e v e l o p e d w i t h a n a l g o r i t h m k n o w n as S k i p j a c k . T h e S k ip j a c k a l g o r i t h m uses 8 0 - b i t k e ys. C ry p t a n a ly z in g re q u ire s s e a rc h in g t h r o u g h all keys,
w h i c h m a k e s i t s i x t e e n m i l l i o n t i m e s as h a r d t o b r e a k as DES. F r o m t h e u s e r ' s v i e w p o i n t , a n y k e y e s c r o w s y s t e m d i m i n i s h e s s e c u r i t y . It p u t s t h e p o t e n t i a l f o r access t o th e u s e r 's c o m m u n i c a t i o n s in t h e hands o f e scro w a g e n c ie s , w h o s e in te n tio n s ,
p o l ic i e s , s e c u r i t y c a p a b i l i t i e s , a n d f u t u r e c a n n o t b e k n o w n .
l e
l o
E H
C o p y rig h t b y
EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n Is S tric tly P ro h ib ite d .
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y and th e co n ce p ts associated w ith it. N ow w e w ill discuss e n c ry p tio n key c o n c e p ts o f c ry p to g ra p h y . T here are m any m echanism s, i.e, e n c ry p tio n a lg o rith m s , th a t a llo w yo u to e n c ry p t th e p la in te x t.
C ry p to g ra p h y C on ce p ts
p i 1 1 1 :1 1 1 1
E n c ry p tio n A lg o rith m s
C ry p to g ra p h y T o ols
P ublic Key In fra s tru c tu re (PKI)
Em ail E n c ry p tio n
Disk E n c ry p tio n
C ry p to g ra p h y A tta c k s
C ry p ta n a ly s is T ools
This s e ctio n describes cip he rs and v a rio u s e n c ry p tio n a lg o rith m s such as AES, DES, RC4, RC5, RC6, DSA, RSA, M D 5 , and SSH.
C ip h e r s C ry p to g ra p h y re fe rs to se cre t w r itin g and a cip h e r is n o th in g m o re th a n an a lg o rith m used fo r b o th e n c ry p tio n as w e ll as d e c ry p tio n . The tra d itio n a l m e th o d o f e n codin g and d e co d in g used to be in a d iffe r e n t fo rm a t, w h ic h p ro v id e d n u m b e rin g fo r each le tte r o f th e a lp h a b e t and used to e nco d e th e given message. If th e a tta c k e r also kn e w th e n u m b e rin g s yste m , he o r she cou ld d eco de it. In c ry p to g ra p h y , th e c ip h e r a lg o rith m used fo r e n co d in g is kn o w n as e n cip h e rin g and de co d in g is k n o w n as d e c ip h e rin g . Example: a b c d e f g h...z a re g iven in codes o f n u m e ric a l n u m b e rs, such as 1 2 3 4 5...26. The m essage can be e n co d e d based on th is e xam ple and can be d ecode d as w e ll. In a c ip h e r, th e m essage a p pe a rs as p la in te x t b u t has been enco d e d th ro u g h a key. Based on th e re q u ire m e n ts th e key co uld be a sym b o l o r som e o th e r fo rm o f te x t. If th e m essage is h ig h ly c o n fid e n tia l, th e n th e key is re s tric te d to th e se n d e r and re c ip ie n t, b u t in som e cases in open d o m ain s, som e keys a re shared w ith o u t a ffe c tin g th e m ain data. T he re are v a rio u s typ e s o f ciph ers:
vv (! IT O W j
C la s s ic a l C ip h e r s Classical ciphers are th e m o st basic ty p e o f cip h e rs th a t o p e ra te on a lp h a b e t le tte rs , such as A-Z. These are usually im p le m e n te d e ith e r by hand o r w ith sim p le m e ch a n ica l
d e vice s. These are n o t v e ry re lia b le . T here are tw o typ e s o f classical ciphers:

9
S u b s titu tio n c ip h e r: The u n its o f p la in te x t are replaced w ith c ip h e rte x t. It replaces bits, cha ra cters, o r blocks o f ch a ra c te rs w ith d iffe re n t bits, ch a ra cte rs, o r blocks.
T ra n s p o s itio n c ip h e r: The le tte rs o f th e p la in te x t are s h ifte d to fo rm th e c ry p to g ra m . The c ip h e rte x t is a p e rm u ta tio n o f th e p la in te x t.
Jjy
M o d e r n C ip h e r s M o d e rn cip h e rs are designed to w ith s ta n d a w id e range o f a tta c k s . M o d e rn ciphers
p ro v id e m essage secrecy, in te g rity , and a u th e n tic a tio n o f th e sender. The m o d e rn cip h e rs are ca lcu la te d w ith th e help o f a o n e -w a y m a th e m a tic a l fu n c tio n th a t is capable o f fa c to rin g large p rim e n u m b e rs . M o d e rn ciph ers are again classified in to tw o cate g o rie s based on th e ty p e o f key and th e in p u t d ata . T hey are: Based on th e ty p e o f k e y used
9
P riv a te -k e y c ry p to g ra p h y (s y m m e tric key a lg o rith m ): The sam e key is used fo r
e n c ry p tio n and d e c ry p tio n .

9
P u b lic -k e y c ry p to g ra p h y (a s y m m e tric key a lg o rith m ): T w o d iffe re n t keys are used fo r e n c ry p tio n and d e c ry p tio n .
R L
C H *)-
Based on th e ty p e o f in p u t d a ta
9
B lock c ip h e rs : Refer to an a lg o rith m o p e ra tin g on block (g ro u p o f bits) o f fixe d
size w ith an u n v a ry in g tra n s fo rm a tio n sp e cifie d by a s y m m e tric key. 9 S tre a m c ip h e rs : Refer to s y m m e tric key ciphers. This is o b ta in e d by c o m b in in g th e p la in te x t d ig its w ith a key s tre a m (p s e u d o ra n d o m cip h e r d ig it stre a m ).
M o d u le 19 P ag e 2 7 9 6
D a ta
E n c r y p tio n
S ta n d a r d
(D E S )
C E H
The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56-bit key
1 Hm U
H3
D E S is the archetypal block cipher an algorithm that takes a fixed-length string of plaintext bits and transforms it into a ciphertext bitstring of the same length
Due to the inherent weakness of D E S with today's technologies, some organizations repeat the process three times (3DES) for added strength, until they can afford to update their equipment to AES capabilities
C o p y rig h t b y
D a ta E n c r y p tio n S ta n d a r d (D E S ) - rrY =r |* --------- DES is th e nam e o f th e Federal in fo rm a tio n Processing S tandard (FIPS) 4 6 -3 th a t describes th e data e n c ry p tio n a lg o rith m (DEA). It is a s y m m e tric c ry p to s y s te m d e sig n e d fo r im p le m e n ta tio n in h a rd w a re and used fo r sin g le -u se r e n c ry p tio n , such as to s to re file s on a hard disk in e n c ry p te d fo rm . DES gives 72 q u a d rillio n o r m o re possible e n c ry p tio n keys and choses a ra n d o m key fo r each m essage to be e n c ry p te d . T ho u g h DES is co n sid e re d to be s tro n g e n c ry p tio n , a t p re se n t, trip le DES is used by m any o rg a n iz a tio n s . T rip le DES applies th re e keys successively.
Exam 3 1 2-50 C ertified Ethical H acker
A d v a n c e d
X l U l J I
E n c r y p tio n
S ta n d a rd t
_ t H
ttfciul lUchM
UrtifW4
AES is a symmetric-key algorithm for securing sensitive but unclassified material by U.S. government agencies
C ip h e r b e g in
AES P s e u d o c o d e
(b y te in [4 * N b ], b y te o u t[4 * N b ]
w o rd w [N b * (N r+ 1 ) ] )
AES is an iterated block cipher, which works by repeating the same operation multiple times
b y te s ta te
s t a t e [ 4 , Nb] = in
A d d R o u n d K e y ( s t a t e , w) fo r ro u n d = 1 s te p 1 to N r-1
S u b B y te s (s ta te ) S h if tR o w s ( s ta te )
It has a 128-bit block size, with key sizes of
M ix C o lu m n s ( s ta t e ) A d d R o u n d K e y ( s ta te , end fo r w + ro u n d * N b )
128,192, and 256 bits, respectively for AES128, AES-192, and AES-256
S u b B y te s (s ta te ) S h if tR o w s ( s ta te ) A d d R o u n d K e y ( s ta te , w + N r*N b ) out = s ta te
C o p y rig h t b y
A d v a n c e d
E n c r y p tio n
S ta n d a rd
(A E S )
The A dvan ced E n c ry p tio n S tandard (AES) is a N a tio n a l In s titu te o f S ta n d a rd s and T e c h n o lo g y s p e c ific a tio n fo r th e e n c ry p tio n o f e le c tro n ic data. It can be used to e n c ry p t d ig ita l in fo rm a tio n such as te le c o m m u n ic a tio n s , fin a n c ia l, and g o v e rn m e n t data. AES consists o f a s y m m e tric -k e y a lg o rith m , i.e., b o th e n c ry p tio n and d e c ry p tio n are p e rfo rm e d using th e sam e key. It is an ite ra te d block c ip h e r th a t w o rk s by re p e a tin g th e d e fin e d steps m u ltip le tim e s. This has a 1 2 8 -b it block size, w ith key sizes o f 128, 192, and 256 bits, re sp e ctive ly, fo r AES-128, AES-192, and AES-256. AES P seudo co de In itia lly , th e c ip h e r in p u t is c o p ie d in to th e in te rn a l sta te and th e n an in itia l ro u n d key is added. The s ta te is tra n s fo rm e d by ite ra tin g a ro u n d fu n c tio n in a n u m b e r o f cycles. Based on th e block size and key le n g th , th e n u m b e r o f cycles m ay vary. O nce ro u n d in g is c o m p le te d , th e fin a l sta te is co pie d in to th e c ip h e r o u tp u t. C ip h e r w [N b * (N r+ 1 )]) b e g in b y t e s t a t e [4 , s ta te = in Nb] ( b y te i n [4 * N b ], b y te out [4 * N b ], w o rd
AddR oundKey
(s ta te ,
w)
f o r ro u n d = 1 s t e p 1 t o N r - 1 S u b B y te s ( s t a t e ) S h if t R o w s ( s t a t e ) M ix C o lu m n s ( s t a t e ) A d dR o u n d K e y( s t a t e , e nd f o r S u b B y te s ( s ta te ) S h if t R o w s ( s t a t e ) A d d R o un d K ey( s t a t e , o u t = s ta te e nd w+N r*N b) w + ro u n d *N b )
R C 4 ,
R C 5 ,
R C 6
lg o r it h m
C E H
A variable key size stream cipher with byteoriented operations, and is based on the use of a random permutation
It is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. The key size is 128-bits
R C 6 is a symmetric key block cipher derived from R C 5 with two additional features:
Uses Integ er m ultip lica tio n Uses fo u r 4 -b it w o rking registers (RC5 uses tw o 2 -b it registers)
C o p y rig h t b y
R C 4 , R C 5 , a n d R C 6 A lg o r ith m s The e n c ry p tio n a lg o rith m s d e v e lo p e d by RSA S e cu rity are: RC4 RC4 is a stre a m c ip h e r fo r RSA S ecurity, w h ic h Rivest designed. It is a va ria b le key-size stre a m c ip h e r w ith b y te -o rie n te d o p e ra tio n s and is based on th e use o f a ra n d o m p e rm u ta tio n . A cco rd in g to som e analysis, th e p e rio d o f th e c ip h e r is like ly to be g re a te r th a n 10100. For each o u tp u t b yte , e ig h t to sixte e n system o p e ra tio n s are used, w h ic h m eans th e c ip h e r can ru n fa s t in s o ftw a re . In d e p e n d e n t analysts have had a ca re fu l and c ritic a l look at th e a lg o rith m , and it is co n sid e re d secure. P roducts like RSA SecurPC use th is a lg o rith m fo r file e n c ry p tio n . Rc4 is also used fo r safe c o m m u n ic a tio n s like tr a ffic e n c ry p tio n , w h ic h secures w e b site s and fro m secure w e b s ite s w ith SSL p ro to c o l. RC5 RC5 is a b lo c k c ip h e r k n o w n fo r its s im p lic ity . Ronald Rivest designed it. This a lg o rith m has a v a ria b le b lo ck size and key size and a v a ria b le n u m b e r o f ro u n d s. The choices fo r th e block-size are 32 bits, 64 bits, and 128 bits. The ite ra tio n s range fr o m 0 to 255; w h erea s th e key sizes have a range fro m 0 to 2040 bits. It has th re e ro u tin e s : key e xpansio n, e n c ry p tio n , and d e c ry p tio n . RC6
M o d u le 19 P ag e 2 8 0 0
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
It is a block c ip h e r th a t is based on RC5. Like in RC5, th e block size, th e key size, and th e n u m b e r o f ro u n d s are v a ria b le in th e RC6 a lg o rith m . The key-size ranges fro m 0 b its to 2040. In a d d itio n to RC5, RC6 has tw o m o re fe a tu re s , w h ic h are th e a d d itio n o f in te g e r m u ltip lic a tio n and th e usage o f fo u r 4 - b it w o rk in g re g iste rs as an a lte rn a tiv e to RC5 s tw o 2 -b it registers.
T h e
D S A
a n d
R e la te d
S ig n a tu r e C E H
S c h e m e s
Digital Signature Algorithm

F IP S 186-2 specifies the Digital Signature Algorithm (D SA) that may be used in the generation and verification of digital signatures for sensitive, unclassified applications
e
Digital Signature
_ 9 The digital signature is computed using a set of rules (i.e., the D SA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified
1. 2. 3.
Select a p rim e n u m b e r q such th a t 2159 < q < 2160 Choose t so th a t 0 < t 8 Select a p rim e n u m b e r p such th a t 2511*64' < p < 2512*64' w ith th e a d d itio n a l p ro p e rty th a t q divides (p-1) Select a g e n e ra to r a o f th e u n iq u e cyclic group o f o rd e r q in Z *p To co m p u te a , select an e le m e n t g in and co m p u te m od p
Each e n tity crea te s a public key and corresponding private key
4. 5. 6. 7. 8.
If a = 1, p e rfo rm step fiv e again w ith a d iffe re n t g Select a ran d o m a such th a t 1 < a < q-1 C om pute y= a m od p
The p u b lic key is (p, q, a, y). The p riv a te key is a.
C o p y rig h t b y
T h e
D S A
a n d
R e la te d
S ig n a tu r e
S c h e m e s
A d ig ita l s ig n a tu re is a m a th e m a tic a l schem e used fo r th e a u th e n tic a tio n o f a d ig ita l m essage. D ig ital S ignature A lg o rith m (DSA) is in te n d e d fo r its use in th e U.S. Federal In fo rm a tio n Processing S tandard (FIPS 186) called th e D ig ita l S ig n a tu re S ta n d a rd (DSS). DSA w as a c tu a lly p ro p o s e d by th e N a tio n a l In s titu te o f S tandards and T e ch n o lo g y (NIST) in A ugust 1991. NIST m ade th e U.S. P a te nt 5 ,2 31,6 68 th a t covers DSA a va ila b le w o rld w id e fre e ly . It is th e fir s t d ig ita l s ig n a tu re schem e reco gn ized by any g o v e rn m e n t. A d ig ita l s ig n a tu re a lg o rith m includes a sig n a tu re g e n e ra tio n process and a s ig n a tu re
v e rific a tio n process. S ig n a tu re G e n e ra tio n Process: The p riv a te key is used to k n o w w h o has signed it. S ig n a tu re V e rific a tio n Process: T he p u b lic key is used to v e rify w h e th e r th e g iven d ig ita l s ig n a tu re is g e n u in e o r n o t. As to th e p o p u la rity o f o n lin e sh o p p in g g row s, e -p a y m e n t system s and va rio u s o th e r e le c tro n ic p a y m e n t m odes re ly on v a rio u s system s like DSA. B e n e fits o f DSA: e e Less chances o f fo rg e ry as it is in th e case o f w r itte n s ig n a tu re , Q uick and easy m e th o d o f business tra n s a c tio n s , Fake c u rre n c y p ro b le m can be d ra s tic a lly reduced.
DSA, w ith its uses and b e n e fits , m ay b rin g re v o lu tio n a ry changes in th e fu tu re .
C o p y rig h t b y
R S A ( R iv e s t S h a m ir A d le m a n ) RSA is a p u b lic -k e y c ry p to s y s te m . It uses m o d u la r a rith m e tic and e le m e n ta ry n u m b e r th e o rie s to p e rfo rm c o m p u ta tio n s using tw o large p rim e n u m b e rs. RSA e n c ry p tio n is w id e ly used and is th e d e -fa c to e n c ry p tio n sta n d a rd . Ron Rivest, Adi S ham ir, and Leona rd A d le m a n fo rm u la te d RSA, a p u b lic key c ry p to s y s te m fo r e n c ry p tio n and a u th e n tic a tio n . It is usu a lly used w ith a se cre t key c ry p to s y s te m , like DES. The RSA system is w id e ly used in a v a rie ty o f p ro d u cts, p la tfo rm s , and in d u s trie s . M a n y o p e ra tin g system s like M ic ro s o ft, A p p le , Sun, and N ovell bu ild th e RSA a lg o rith m s in to th e existing versions. It can also be fo u n d on h a rd w a re secured te le p h o n e s , on E th e rn e t n e tw o rk cards, and on s m a rt cards. C o nsid er th a t A lice uses th e RSA te c h n iq u e to send Bob a message. If A lice d e sire s to c o m m u n ic a te w ith B ob , she e n cryp ts th e m essage using a ra n d o m ly chosen DES key and sends it to Bob. Then she w ill lo o k up Bob's p u b lic key and use it to e n c ry p t th e DES key. The RSA d ig ita l e n ve lo p e , w h ic h is se n t to Bob by A lice, consists o f a D E S -encrypted message and R S A -encrypted DES key. W he n Bob receives th e d ig ita l en ve lo p e , he w ill d e c ry p t th e DES key w ith his p riv a te key, and th e n use th e DES key to d e c ry p t th e m essage itse lf. This system c o m b in e s th e high s pe ed o f DES w ith th e ke y m a n a g e m e n t c o n v e n ie n c e o f th e RSA s y s te m . The w o rk in g o f RSA is as fo llo w s : T w o large p rim e n u m b e rs are ta ke n (say "a " and " b " ), and th e ir p ro d u c t is d e te rm in e d (c = ab, w h e re "c " is called th e m o d u lu s). A n u m b e r " e " is chosen such th a t it is less th a n "c " and re la tiv e ly p rim e to ( a - l) ( b - l) , w h ic h m eans th a t " e " and ( a - l) ( b -
1) have no c o m m o n fa c to rs e xce pt 1. A p a rt fro m th is, a n o th e r n u m b e r " f " is chosen such th a t (e f - 1) is d iv is ib le by ( a - l) ( b - l) . The values " e " and " f " a re called th e p u b lic and p riv a te e xp o n e n ts, re s p e c tiv e ly . The p u b lic key is th e p a ir (c, e); th e p riv a te key is th e p a ir (c, f). It is co n sid e re d to be d iffic u lt to o b ta in th e p riv a te key f" fro m th e p u b lic key (c, e). H o w e ve r, if so m e o n e can fa c to r " c " in to "a " and " b " , th e n he o r she can d e cip h e r th e p riv a te key " f" . The s e c u rity o f th e RSA system is based on th e a ssu m p tio n th a t such fa c to rin g is d iffic u lt to ca rry o u t, and th e re fo re , th e c ry p to g ra p h ic te c h n iq u e is safe.
x a m
p le
o f R S A
lg o r it h m
C E H
P Q PQ E D
= 61 = 53 =3233 = 17 =2753
<= f i r s t
p r im e
num ber num ber t h is
(d e s tro y (d e s tro y to
t h is t h is
a f t e r c o m p u t in g E a n d a f t e r c o m p u t in g E and
D) D)
< = s e c o n d p r im e < = m o d u lu s <= p u b lic <= p r iv a t e key key is is ( g iv e
o th e rs ) t h is t h is to o th e rs )
exponent exponent
( g iv e (k e e p
s e c re t!)
Y o u r p u b lic Y o u r p r iv a t e The
(E ,P Q ). D. is : e n c ry p t(T ) = = ( T AE ) m o d PQ m od 3 2 3 3 m o d PQ m od 3 2 3 3
e n c r y p t io n
fu n c tio n
(T "1 7 ) = (C AD )
The
d e c r y p t io n
fu n c tio n
is :
d e c ry p t(C ) =
(0 *2 7 5 3 ) t h is :
To
e n c ry p t
th e =
p la in te x t ( 1 2 3 A1 7 )
v a lu e
123,
do
e n c r y p t (1 2 3 )
m od 3 2 3 3
= 3 3 7 5 8 7 9 1 7 4 4 6 6 5 3 7 1 5 5 9 6 5 9 2 9 5 8 8 1 7 6 7 9 8 0 3 m od 32 3 3 = 855 To d e c ry p t th e = = c ip h e r te x t v a lu e 855, do t h is :
d e c r y p t (8 5 5 )
(8 5 5 *2 7 5 3 ) 123
m od 3 2 3 3
I
C o p y rig h t b y
E x a m p le
o f R S A A lg o r ith m
RSA re ta in s its s e c u rity th ro u g h th e a p p a re n t d iffic u lty in fa c to rin g large c o m p o s ite s . Yet th e re is a p o s s ib ility o f d isco v e rin g th e p o ly n o m ia l tim e fa c to rin g a lg o rith m using th e advance n u m b e r th e o ry . T h ere a re th re e fa c to rs th a t can a g g ra va te th e path to w a rd s c o m p ro m is in g RSA se cu rity. The advances in clu d e fa c to rin g te c h n iq u e , c o m p u tin g p o w e r, and decrease in th e e x p e n d itu re o f th e h a rd w a re . The w o rk in g o f RSA as exp la in e d b e fo re is illu s tra te d in th e fo llo w in g exa m p le . For P = 61 and Q = 53, PQ = 3233. Taking a p u blic e x p o n e n t, E = 17, and a p riv a te e x p o n e n t, D = 2753, it can be e n c ry p te d in to plain te x t 123 as s h ow n as fo llo w s : P = 61 Q = 53 <= fir s t p rim e n u m b e r (d e s tro y th is a fte r c o m p u tin g E and D) <= second p rim e n u m b e r (d e s tro y th is a fte r c o m p u tin g E and D)
PQ = 3233 <= m o d u lu s (give th is to o th e rs) E = 17 <= p u b lic e x p o n e n t (give th is to o th e rs )
D = 2753 <= p riv a te e x p o n e n t (keep th is s e c re t!) Y our p u b lic key is (E,PQ). Y our p riv a te key is D.
The e n c ry p tio n fu n c tio n is: e n cry p t(T ) = (TAE) m od PQ = (TA17) m od 3233 The d e c ry p tio n fu n c tio n is: decrypt(C ) = (CAD) m od PQ = (CA2753) m od 3233 To e n c ry p t th e p la in te x t va lu e 123, do th is : e n c ry p t(1 2 3 ) = (1 2 3 A17) m od 3233 = 3 3 7 5 8 7 9 1 7 4 4 6 6 5 3 7 1 5 5 9 6 5 9 2 9 5 8 8 1 7 6 7 9 8 0 3 m od 3233 = 855 To d e c ry p t th e c ip h e r te x t valu e 855, do th is : d e c ry p t(8 5 5 ) = (8 5 5 *2 7 5 3 ) m o d 3233 = 123
M o d u le 19 P ag e 2 8 0 6
T h e
R S A
ig n a t u r e
S c h e m
E H
U r t i f w d t f e M J l N m I m
A lg o rith m K e y g e n e ra tio n fo r th e R S A s ig n a tu re s c h e m e
S U M M A R Y : e a c h e n t it y c r e a te s a il R S A p u b lic k e y a n d a c o r r e s p o n d in g p r iv a t e k e y . E a c h e n t it y A s h o u ld d o th e f o l lo w in g : 1 . G e n e r a te t w o la r g e d is tin c t r a n d o m p r im e s 2 . C o m p u te
and
q.
e a c h r o u g h ly th e s a m e s iz e .
n = pq
and<j> =
{p
1 <
l ) ( q 1 ).
3 . S e le c t a r a n d o m in t e g e r
e,
e < < f> . such ed =
th a t g c d ( e , ^ ) =
1.
4 . U s e th e e x t e n d e d E u c lid e a n a l g o r it h m ( A l g o r it h m 2 . 10 ) t o c o m p u t e t lie u n iq u e in te g e r 5.
d.
1 <
<
<p. s u c h
t lia t
1 (m o d 0 ) .
A 's
p u b lic k e y is ( f t , c ) .
's p r iv a t e k e y is
d.
A lg o rith m R S A s ig n a tu re g e n e ra tio n a n d v e rific a tio n

S I J M M A R Y : e n tity A s ig n s a m e s s a g e m #= A n y e n t it y I i c a n recover the message m from the signature. 1. Signature generation Entity ^ 4should do the following ( a ) C o m p u te v e r ity
s s ig n a t u r e a n d
m H
(b) Compute = hd mod n (c) A s signal me for m is s. 2. Verification To verity A '* signature .<and recover the message m. H should: ( a ) O b t a in A \ a u t h e n t ic p u b lic k e y ( n , p ) .
( b ) C'o m p u t e
.1 1
m ) . a n in t e g e r in th e r a n g e [ 0 ,
11
1]
m = s*
m o rl n
(c) Verify that m M r : if not. reject the signature. (d) Recover rn = R 1(in ).
C o p y rig h t b y
|p S |\ ------
T h e
R S A S ig n a tu r e
S c h e m e
RSA is used fo r b o th p u b lic key e n c ry p tio n and fo r a d ig ita l sig n a tu re (to sign a
m essage). The RSA s ig n a tu re schem e is th e firs t te c h n iq u e used to g e n e ra te d ig ita l s ig n a tu re s . It is a d e te rm in is tic d ig ita l sig n a tu re schem e th a t p ro vid e s m essage re c o v e ry fro m th e s ig n a tu re its e lf. It is th e m o s t p ra c tic a l and v e rs a tile te c h n iq u e a va ilable . RSA in volve s b o th a p u b lic key and a p riv a te key. The p u b lic key, as th e nam e in d ica te s, m eans any person can use it fo r e n c ry p tin g m essages. The messages th a t are e n c ry p te d w ith th e p u b lic key can o n ly be d e c ry p te d w ith th e help o f th e p riv a te key. C onsider th a t John e n c ry p ts his d o c u m e n t M using his p riv a te key SA, th e re b y cre a tin g a s ig n a tu re Sj0hn(M ). John sends M along w ith th e sig n a tu re Sj0hn(M ) to A lice. A lice d e cryp ts th e d o c u m e n t using A lic e 's p u b lic key, th e re b y v e rify in g J o h n 's s ig n a tu re . RSA ke y g e n e ra tio n The p ro c e d u re fo r RSA key g e n e ra tio n is c o m m o n fo r all th e RSA-based s ig n a tu re schem es. To g e n e ra te an RSA key pair, i.e., b o th an RSA p u b lic ke y and c o rre s p o n d in g p riv a te key, each e n tity A s h o u ld do th e fo llo w in g : 9 9 Select tw o large d is tin c t p rim e s p and q a rb itra rily , each o f ro u g h ly th e sam e b it le n g th C o m p u te n=pq and (j> = (p -l)(q -l)
9 9 9
Choose a random integer e l<e< < > such that get(e, (J))= l Use the extended Euclidean algorithm in order to compute the unique integer d, l<d< ( j ) such that ed= 1 (mod < j > ) The public key of A is (n, e) and private key is d
Destroy p and q at the end of the key generation The RSA signature is generated and verified in the following way.
S ig n a tu re g e n e ra tio n
In order to sign a message m, A does the following: 9 9 9 Compute m* =R(m) an integer in [0, n-1] Compute s = m d mod n A's signature for m is s
S ig n a tu re v e rific a tio n In o rd e r to v e rify A's s ig n a tu re s and re c o v e r m essage m, B sh o u ld do th e fo llo w in g : 9 9 9 9 O b ta in A's a u th e n tic p u b lic key C o m p u te m * = se m od n V e rify th a t m * is in M r; if n o t, re je c t th e s ig n a tu re R ecover m = R 1(m *) (e, n)
M e s s a g e F u n c tio n s
D ig e s t ( O n e - w a y
H a s h )
r |
g u
U r t m w tillm l N m I m
c 1a
rtf* rV 1
Hash functions calculate a unique fixed-size bit string representation called a message digest of any arbitrary block of L. information
a l4 0 9 2 a f9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a
M e s s a g e D ig e st F u n c tio n
Note:
M essage digests are also called one-way bash functions because they cannot be reversed
C o p y rig h t b y
M e s s a g e I I L
D ig e s t ( O n e - w a y H a s h ) F u n c tio n s
M essage d ig e s t fu n c tio n s d is till th e in fo rm a tio n c o n ta in e d in a file (sm all o r large) in to
a single large n u m b e r, ty p ic a lly b e tw e e n 128- and 2 5 6 -b its in le n g th . M essage d igest fu n c tio n s c a lcu la te a u n iq u e fix e d -s iz e b it s trin g re p re s e n ta tio n called hash v a lu e o f any a rb itra ry block o f in fo rm a tio n . The best m essage dig est fu n c tio n s c o m b in e th e s e m a th e m a tic a l p ro p e rtie s . Every b it o f th e message d ig e s t fu n c tio n is in flu e n c e d by e ve ry b it o f th e fu n c tio n 's in p u t. If any given b it o f th e fu n c tio n 's in p u t is chan ge d, e v e ry o u tp u t b it has a 50 p e rc e n t chance o f changing. G iven an in p u t file and its c o rre s p o n d in g m essage digest, it sh o u ld be in fe a sib le to fin d a n o th e r file w ith th e sam e m essage d ig est value. M essage digests are also called o n e -w a y bash fu n c tio n s because th e y p ro d u ce values th a t are d iffic u lt to in v e rt, re s is ta n t to a tta c k , m o s tly u n iq u e , and w id e ly d is trib u te d . M essage d ig e s t fu n c tio n s :
e
e e 9
HMAC
MD2 MD4 MD5
SHA
SHA-1
a l4 0 9 2 a f9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a
D ocum ent
M e ssa g e D igest F un ctio n
Hash V alue
FIGURE 19.5: SHA1 a Message digest function
M o d u le 19 P ag e 2 8 1 0
M e s s a g e
D ig e s t F u n c tio n : M D 5
H is a hash fu n c tio n th a t is a tra n s fo rm a tio n th a t accepts a v a ria b le o f any size as an in p u t, m , and re tu rn s a s trin g o f a c e rta in size. This is called th e hash va lu e h. i.e. h=H (m ). The fu n d a m e n ta l re q u ire m e n ts fo r th e c ry p to g ra p h ic hash fu n c tio n s are: 9 9 In p u t o f any le n g th O u tp u t o f a fix e d le n g th
A nd H (x), can be easily c o m p u te d fo r any va lu e o f x and it m ust be o n e -w a y (i.e., it c a n n o t be in v e rte d and it has an in fe a s ib le c o m p u ta tio n fo r th e given in p u t) and co llis io n fre e . H is co n sid e re d to be a w e a k c o llis io n fre e hash fu n c tio n if th e given m essage x is in fe a s ib le to fin d a m essage y, so th a t H (x) =H (y). It is a co llisio n fre e hash fu n c tio n if it is in fe a sib le to fin d any tw o m essages x and y such th a t H (x) =H (y). The m ain ro le o f a c ry p to g ra p h ic hash fu n c tio n is to p ro v id e d ig ita l signatures. Hash fu n c tio n s are re la tiv e ly fa s te r th a n d ig ita l sig n a tu re a lg o rith m s ; hence, its c h a ra c te ris tic fe a tu re is to c a lcu la te th e s ig n a tu re o f th e d o c u m e n t's hash value, w h ic h is s m a lle r th a n th e d o c u m e n t. th e source o f th e d o c u m e n t. M D 2, M D 4, and M D 5 a lg o rith m s th a t R ive st d e ve lo p e d are m e ssa g e -d ig e st a lg o rith m s th a t are used in d ig ita l sig n a tu re a p p lic a tio n s , w h e re th e d o c u m e n t is com pressed se cu re ly b e fo re being In a d d itio n , a dig est can be used p u b lic ly w ith o u t m e n tio n in g th e c o n te n ts o f th e d o c u m e n t and
signed w ith th e p riv a te key. The a lg o rith m s m e n tio n e d here can be o f v a ria b le le n g th b u t w ith th e re s u lta n t m essage d ig est o f 1 2 8 -b it. The s tru c tu re s o f all th re e a lg o rith m s a p p e a r to be s im ila r, th o u g h th e design o f M D 2 is re a so n a b ly d iffe r e n t fro m M D 4 and M D 5. M D2 w as designed fo r th e 8 - b it m achines, w h e re a s th e M D 4 and M D 5 w e re d esigne d fo r th e 3 2 -b it m achines. The message is added w ith extra bits to m ake sure th a t th e le n g th o f th e bits is d iv is ib le by 512. A 6 4 -b it b in a ry m essage is added to th e m essage. D e v e lo p m e n t o f a tta cks on ve rsion s o f M D 4 has progressed ra p id ly and D o b b e rtin sh o w e d h o w collisio n s fo r th e fu ll v e rs io n o f M D 4 c o u ld be fo u n d in u n d e r a m in u te on a ty p ic a l PC. M D 5 is re la tiv e ly secure b u t is s lo w e r th a n M D 4. This a lg o rith m has fo u r d iffe re n t rounds, w h ic h are designed w ith s lig h t d iffe re n c e s th a n th a t o f M D 4, b u t b o th th e m essage-digest size and p ad d in g re q u ire m e n ts re m a in th e same. B ru te F o rc e o f M D 5 t_ 3 ) The e ffe c tiv e n e s s o f th e hash fu n c tio n can be d e fin e d by checking th e o u tp u t
p ro d u c e d w h e n an a rb itra ry in p u t m essage is ra n d o m ize d . T here are tw o types o f b ru te -fo rc e a tta c k s fo r o n e -w a y hash fu n c tio n : N orm al b ru te fo rc e and b irth d a y a tta ck. Exam ples o f a fe w m essage digests are: 9 e c h o " T h e re i s CHF1500 i n th e b lu e b o " I md5sum
e 4 1 a 3 2 3 b d f2 0 e a d a fd 3 f0 e 4 f7 2 0 5 5 d 3 6 e c h o " T h e re i s CHF1500 i n th e b lu e b o x " I md5sum
7 a 0 d a 8 6 4 a 4 1 fd 0 2 0 0 a e 0 a e 9 7 a fd 3 2 7 9 d Q e c h o 1,T h e re i s CHF1500 i n th e b lu e b o x . " I md5sum
2 d b lf f 7 a 7 024 530 9 e 9 f2 1 6 5 c 6 c 3 4 9 9 9 d t? e c h o "T h e re is CHF1500 i n th e b lu e b o x . " I md5sum
86c524 497a99824 8 9 7 c c f2 c d 7 4 e d e 5 0 f The sam e te x t a lw ays p ro du ce s th e sam e M D 5 code.

C a lc u la te CRC & MD5
J n j x j
F ile _] batch_renam e.png 1 1change_attributes.htm l 1change_attributes.png change_case.htm l Q change_case.png 1 1checksum verify,png _J convert.htm l 1convert, png LJ convert_menu.png r 1file_com parator.htm l
[J file_com parator.png
clipboard,hint
S ize 14 472 8 574 7 957 8 756 G821 8117 9 289 7 080 8 735 8 575 17 787
C R C 18528C0A 58101E09 2531F C 3E FC 41186B 2D34D339 3D8D9801 BE535A89 D 760C FC 6 638F8F0F 44ED5DC4 D 1G F0E 2B
M D5 EAF2C 712FG E537AE1FEFD 3FA1A4F4AAB E18D 9F81C C F9A300F79321E8C 7G 8E021 5E8A 8FB259C 7FDF790E5597C8154AF38 DDCAD7CF08BF7897D5B8B5F9806B47FD 04FED507091F5F095D977B358EC 20EED AC 8AFE99B76BD1022AC 7B2E34A7E1C 49 902BA23D7C C95EA2999CDA2EF1B 27B 41 F117G C79G 7E1D A2C A743D 26D E9F1B0C 0 3F1BBD5E0B0B9E86970EDBA9705F14D4 959981C 3E7D7559C 9EE77965302A6E0A C1AE151G BEABC 17ED EFB58212D 2C 5331
-1
Save S F V ...
Save M D 5...
C lose
FIGURE 1 9 .6 : C h e ck su m v e rifie r
S e c u re
H a s h in g
A lg o r ith m
(S H A )
C E H
0 It is an algorithm for generating cryptographically secure one-way hash, published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard 0
SHA1
SHA2
0
r
SHA3
0 SHA-3 uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly perm uted
0
\
/ --------------------------------------- \
It produces a 160-bit digest from a message with a maximum length of (2s4 - 1) bits, and resembles the MD5 algorithm
0 It is a family of two similar hash functions, with different block sizes, namely SHA-256 that uses 32-bit words and SHA-512 th at uses 64-bit words s ,__________________________>
Copyright by EC-Crancil. A ll Rights Reserved. Reproduction is Strictly Prohibited.
S e c u re
H a s h in g
A lg o r ith m
(S H A )
The Secure Hash A lg o rith m (SHA), sp e cifie d in th e Secure Hash S ta n d a rd (SHS), was d e v e lo p e d by NIST, and p u b lishe d as a fe d e ra l in fo rm a tio n -p ro c e s s in g sta n d a rd (FIPS PUB 180). It is an a lg o rith m fo r g e n e ra tin g a c ry p to g ra p h ic a lly secure o n e -w a y hash. SHA is p a rt o f th e C apstone P ro je ct. C apstone is th e U.S. g o v e rn m e n t's lo n g -te rm p ro je c t to d e v e lo p a set o f s ta nd a rd s fo r p u b lic ly a v a ila b le c ry p to g ra p h y , as a u th o riz e d by th e C o m p u te r S e cu rity A ct o f 1987. The basic o rg a n iz a tio n s th a t are re sp o n sib le fo r C apstone are NIST and th e NSA. SHA is s im ila r to th e M D 4 m essage-dig est a lg o rith m fa m ily o f hash fu n c tio n s , w h ic h w as de ve lo p e d by Rivest. The a lg o rith m accepts a message o f 264 b its in le n g th and a 1 6 0 -b it m essage o u tp u t d igest is p ro d u c e d , th a t is designed to c o m p lic a te th e searching o f th e te x t, w h ic h is s im ila r to th e given hash. The a lg o rith m is s lig h tly s lo w e r th a n M D 5, b u t th e la rg e r m essage digest makes it m o re secure against b ru te -fo rc e c o llis io n and in ve rsio n attacks. The fo llo w in g are th e c ry p to g ra p h ic hash fu n c tio n s designed by th e N a tio n a l S e c u rity A gency (NSA):
SHA1 S H A l p rod uces a 1 6 0 -b it digest fro m a message w ith a m a x im u m le n g th o f (264 - 1) bits, and resem b les th e M D 5 a lg o rith m . n n P
s h a
SHA2 is a fa m ily o f tw o s im ila r hash fu n c tio n s , w ith d iffe re n t b lo ck sizes, n a m e ly SHA256 th a t uses 3 2 -b it w o rd s and SHA-512 th a t uses 6 4 -b it w o rd s. SHA3 SHA3 is a fu tu r e hash fu n c tio n sta n d a rd s till in d e v e lo p m e n t, chosen in a p u b lic re v ie w
process fro m n o n -g o v e rn m e n t designers. C o m pa rison o f SHA fu n c tio n s (SHAO, S H A l & SHA2)
Algorithm and variant
O utput size (bits)
Interna 1 hash sum (bits) 160
Size o f block (bits)
M axim um size of message (bits) 264- i
Size of w ord (bits)
Roun ds
Operations
Collision found
SHA-0
160
512
32
80
+ ,a n d , ,x o r, r o t
or
Yes
SHA-1
160
160
512
264- l
32
80
+,and, xor, rot
or,
Theoretica 1 attacks (251)
SHA-2
SHA256/224 SHA512/384
256/224
256
512
2s4- 1
32
64
+,
and,
or,
N one
xor, s h r,ro t
512/384
512
1024
2128-1
128
80
+,and, or, xor, shr, rot
None
TABLE 19.1: Comparison between SHA-0, SHA-1 & SHA-2 functions
h a t
I s
S S H
( S e c u r e
S h e ll) ?
C E H
Remote Communication
SSH is a secure replacem ent for telnet and the Berkeley remote-utilities (rlogin, rsh, rep, and rdist)
S ecure Channel
It provides an encrypted channel for rem ote logging, command execution and file transfers
S trong A u th e n tic a tio n
Provides strong host-tohost and user authentication, and secure communication over an insecure Internet
MS or UNIX client
SSH Tunnel
MS or UNIX server
Note: SSH2 is a m ore secure, e ffic ie n t, and p o rta b le v e rsion o f SSH th a t includes SFTP, an SSH2 tu n n e le d FTP
C o p y rig h t b y
EG-Gtnncil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P r o h ib ite d .
W h a t Is
S S H (S e c u re
S h e ll) ?
Secure Shell is a p ro g ra m th a t is used to log o n to a n o th e r c o m p u te r over th e n e tw o rk , to tra n s fe r file s fro m on e c o m p u te r to a n o th e r. It o ffe rs good a u th e n tic a tio n and a secure c o m m u n ic a tio n channe l o v e r inse cu re m edia. It m ig h t be used as a re p la c e m e n t f o r te ln e t, log in, rsh, and rep. In SSH2, s ftp is a re p la c e m e n t fo r ftp . In a d d itio n , SSH o ffe rs secure c o n n e c tio n s and secure tra n s fe rrin g o f TCP co n n e ctio n s. SSH1 and SSH2 are c o m p le te ly d iffe re n t p ro to c o ls . SSH1 e n c ry p ts th e user's server and hosts keys to a u th e n tic a te w h e re SSH2 o n ly uses h o s t keys, w h ic h are d iffe re n t packets o f keys. SSH2 is m o re secure th a n SSH1. It s h o uld be n o te d th a t th e SSH1 and SSH2 p ro to c o ls are in fa c t d iffe re n t and n o t c o m p a tib le w ith each o th e r. SSH2 is m o re secure and has an im p ro v e d p e rfo rm a n c e th a n SSH1 and is also m ore p o rta b le th a n SSH1. The SSH1 p ro to c o l is n o t being d e v e lo p e d a n ym o re , as SSH2 is th e sta n d a rd . Som e o f th e m ain fe a tu re s o f SSH1 are as fo llo w s : 9 9 9 9 SSH1 is m o re v u ln e ra b le to atta cks due to th e presence o f s tru c tu ra l w eaknesses It is an issue o f th e m a n -in -th e -m id d le a tta ck It is s u p p o rte d by m any p la tfo rm s It s u p p o rts hosts a u th e n tic a tio n
M o d u le 19 P ag e 2 8 1 5
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UllCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
9 9
It s u p p o rts va rie d a u th e n tic a tio n P e rfo rm a n c e o f SSH2 is b e tte r th a n SSH1
SSH c o m m u n ic a tio n s s e c u rity m a in ta in s SSH1 and SSH2 p ro to c o ls . It a u th e n tic a te s w ith th e help o f o ne o r m o re o f th e fo llo w in g : 9 9 Q 9 Password (th e /e tc /p a s s w d o r /e tc /s h a d o w in UNIX) User p u b lic -k e y (RSA o r DSA, d e p e n d in g on th e release) K erberos (fo r SSH1) H ost-based (.rho sts o r /e tc /h o s ts , e q u iv in SSH1 o r p u b lic key in SSH2)
S ecure S hell p ro te c ts a g a in st: 9 A re m o te host sending o u t packets th a t p re te n d to com e fro m a n o th e r tru s te d host (IP s p o o fin g ). SSH p ro te c ts against a s p o o fe r on th e local n e tw o rk , w h o can p re te n d to be th e user's r o u te r to th e o u ts id e . 9 A host p re te n d in g th a t an IP packet com es fro m a n o th e r tru s te d h o s t (IP source ro u tin g ). 9 9 9 9 An a tta c k e r fo rg in g d o m a in nam e server re co rd s (DNS sp o o fin g ). C a p tu rin g o f passw ords and o th e r data by th e in te rm e d ia te hosts. E x p lo ita tio n o f da ta by th e pe o p le w h o c o n tro l th e in te rm e d ia te hosts. A tta c k in g by lis te n in g to X a u th e n tic a tio n d a ta and s p o o fin g c o n n e c tio n s to th e X l l server.
M S o r U N IX c lie n t
SSH T u n n e l
U N IX s e r v e r
FIGURE 19.7: Secure shell tunneling
M o d u le 19 P ag e 2 8 1 6
C o p y rig h t b y
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y co n ce p ts and va rio u s e n c ry p tio n a lg o rith m s . N ow it is tim e to discuss h o w c ry p to g ra p h y is usu a lly p e rfo rm e d . T here are m any c ry p to g ra p h ic to o ls re a d ily ava ila b le in th e m a rk e t th a t can help yo u to secure y o u r d a ta ..
C ry p to g ra p h y C on cep ts
tiTTri' !;:! 1
r n ;<
C ry p to g ra p h y T oo ls
[/< ? ?
This se ctio n lists and describes v a rio u s c ry p to g ra p h ic to o ls .
M D 5 M D 5
H a s h
C a lc u la t o r s : H a s h C a lc , H a s h M y F ile s C E H
C a lc u la to r a n d
HashCalc
Data Focmat: | F ie
l- l" l
M D 5 C a lc u la to r
1 - 1
Data:____________________________________________ |C .\Pf 0flfam Files (x86)\Ha$hCalc\HashCalc.chm Key Format Key; *|
~^\
HMAC
| T ext string
MP5Pgeat
R r P M D5 M D4 SHA1 Ia00bc7f604c8810068ece4fa743ld8ab747246da?f2e7fc1 | | |2ae58ce465094805e474d7f29afcc5a2 |4S8764dd3Sdf7cba3acb3b9&8Gb371c4 Upper Zcse
Compare To
17 SHA256 r r SHA384 SHA512
h t t p : / / w w w .b u llz ip .c o m
9
r T P r
R IP E M 0 16 0 |cc36f3c53ec530l6cde4aded58f9ldd4288aadb PANAMA TIGER M D2 AOLER32 CRC32 eOonkey/ eMule 3 r : 1 t c MS-wi ' WnOurrp^xe | | 1313434191573c907bedfec6clefldG8d ffc H ashM yliies Ed* V.M. Opium* U j] Hrfp etf * ) J| SHA1 U ib M W X & x .. CRC32 I3WC9I9 SHA-2S6 61677dWfcb3C34f J SHA-512 cMSWZc: L=J *
3 -1 * 1 0 F4rn*m*
MOS 6dl45e2c3lbc23128. Ie7c2*faf0l0237... &9i?cUcN21Srac v9.. 7b50683722d9dd3<k... 0iMc70dc7b30ac6...
68* 9071047812... blc6a3S3 4b1*c27S4868.. bf(76bcO dMb<5472l95L. 2M6M21 26WBeef8b1a4 .. 4bfdc0e1
5fc23c:35!e49355e.. 901b80c4ft449&db3&1 . 2525041dci2ba372^0 . c9H3T2fa9 bc3H4a?93*f6dl6c6 . OS6lOJcbd
S J a v g S o ft
Close
Help
a Ur[() 1Selected
> Hirson f reeware. n r.o :'v .w
h ttp ://w w w .s la v a s o ft.c o m C o p y rig h t b y
h ttp : //w w w .n ir s o ft.n e t
EC-G(U(ICil. All
R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
M D 5 " 1 h J a n d
H a s h
C a lc u la t o r s : H a s h C a lc , M D 5
C a lc u la to r ,
H a s h M y F ile s
H ashing is one fo rm o f c ry p to g ra p h y in w h ic h a m essage d igest fu n c tio n is used to c o n v e rt p la in tte x t in to its e q u iv a le n t hash value. This m essage digest fu n c tio n uses d iffe re n t hash a lg o rith m s to c o n v e rt p la in te x t in to hash values. M a n y M D 5 hash ca lcu la to rs are re a d ily a va ila b le in th e m a rk e t. Exam ples o f M D 5 hash c a lc u la to rs in clu d e : H a s h C a lc Source: h ttp ://w w w .s la v a s o ft.c o m The HashCalc u tility a llo w s y o u to c o m p u te message digests, checksum s, and HMACs fo r file s, as w e ll as fo r te x t and hex strings. It a llo w s yo u to ca lc u la te hash values using d iffe re n t typ e s o f hashing a lg o rith m s such as M D 2 , M D 4 , M D 5 , SHA-1, SHA-2 (256, 384, 512), RIPEM D -160, P A N A M A , TIGER, ADLER32, and CRC32. You ju s t need to se lect th e file and hash a lg o rith m fo r c a lc u la tin g th e hash v a lu e o f a p a rtic u la r file .
HashCalc
D ata Fo rm a t: F ile r HM AC D ata Key F o rm a t: K ey:
311 C:\ProgramFiles (x86)\HashCalc\HashCalc.chm

Text string3 J I
2ae58ce4G5094805e474d7f29alcc5a2
W MD5
r M D4
W SHA1 W SHA256
r SHA384 9HA512
2207aa578b207b5d80574ad8b3a5d59a3d885be2 a00bc7f604c8810068ece4fa743fd6ab74724G da7f2e7fc1
r
r r
W RIPEMD160 cc3Gf3c53ec530f6cde4acfed56f9fdd4288aadb
PANAM A TIGER 313434(91573c907bedfec6cfeffd88d
17 M D2 r ADLER3 2
W CRC32
! eD onkey/ eM ule
SlavaSo fl
9d988947
Calculate ~ |
Close
H elp
A
FIGURE 19.8: HashCalc screenshot M D 5 C a lc u la to r Source: h ttp ://w w w .b u llz ip .c o m M D 5 C a lc u la to r a llo w s you to c a lc u la te th e M D5 hash va lu e o f th e selected file . The M D 5 D igest fie ld o f th e u tility c o n ta in s th e ca lcu la te d hash value. You ju s t need to se le ct a file o f w h ic h th e hash v a lu e needs to be c a lc u la te d . You can also c o m p a re tw o hash values w ith th is to o l.
M o d u le 19 P ag e 2 8 2 0
H a s h M y F ile s Source: h ttp ://w w w .n ir s o ft.n e t
The H ashM yFiles u tility a llo w s you to ca lcu la te th e M D 5 and SHA1 hashes o f one o r m o re files. You can co p y th e M D 5 /S H A 1 hashes lis t in to th e c lip b o a rd , o r save it in to a te x t/h tm l/x m l file . It can also be la u nch e d fro m th e c o n te x t m enu o f W in d o w s E xplorer, and d isp la y th e M D 5/S H A 1 hashes o f th e se le cted file o r fo ld e r. J
File Edit View AJ O ptions 0 n MD5 6d 1e45e2c 31 bc23128... Help J b es5 j -n SHA1 f4ab6245f49f39a... de8908a9f285ef... b8e9071047812a... 4bff1ac2754868... d59bc54721951. 26f9f8eef8b1a4a... CRC32 135fe919 b2eed8fa b1c6a363 bff76bc0 2bd6f421 4bfdc0e1 SHA-256 616e77d86fcb3036f5... ce5ed388b8388dc254... e5fe23c0351 e49355e... 901b80c494496db883... 2525041 dca2bd37240... bc3bf487938ff6d16c6... SHA-512 c0936bf0<3 cf8c1de709 e989b51eai 265601346S c911378fa9 056103cbd: _S _ l Filename
HashMyFiles
>
readme.txt f
Jcain and abel_. . b2a72fadf 1d0550b743... ^ n g re p -1 .4 5 -w i.. , (7 t setup_kismet_... W 1n 0ump.exe H w i'c s h a rk -w in .. 1f0e7c2a66af01 e0237... 62927d4d9215eaace9... 7b50683722d9efd3dc... 04aac70dc7b30ae8e8...
< 6 file(s), 1 Selected
------------------------ 1
> HirSoft Freew are, h ttp ://w w w .
FIGURE 19.10: HashMyFiles screenshot
C r y p to g r a p h y E n c r y p tio n
T o o l: A d v a n c e d C E H
P a c k a g e
A dvancedErx1bnPacûtf 2012ftcfewbnj v?.67 T ridV aiaon

3 EUal Cc* k w Ifc U * 5* | W*J Opiate Jed? | L J ** Delete O 1 I
z-LEI
^9
a
: a-C :
CEMTaxs tCBKS Modiie 02 Fooqpma^g and Re P CB*.3 MoAJe 03 Scdnnrxj r*et>Y0fk CB*8 MoAJe04&xMraeon { ,. C&IxS MoAieOS Syttrra H*dang C&*SMo&Je07Wusesdnd W orns a C&K8 MoAie 18Cryptography
C
11 Pubk<*
of6(1
1 6 (
> J HD5 Cakddtsr :
> S R 3 c ------1
lijjJ Sarnpie He.dooc I
^ CEn-Toob t ^ CE-/8 M aauie 02 Footarkitng andR*camakerK t A, CE*vS M odule 03 5c3mna Netvwles t ^ Stoaiie 04 Emwraton ! , CE:v8 M odule 05 SystemHacktto t- i, C&vS Mnajie 07 vrjaes and v/orrre a i. CEH-/8 M ocW e 18 Crvptocraph 4 . Advance Enaybton Package # espO*E i ft f.e.deot | < Sc Fie.dctx.a-pl ^ i, WSCBlQJator t J| New Slder
E-wJ
Erojplon =UJ.e, |
Mods: P=aa>ord | PisCACrd ) P*dC f l ) -------Aaah: ......... sdete:
6 06
_ ]3 1
J| ttttc Jc
3*
t-
3 :
ataoiith*: D C S x T Pad % , ** r , ta r a N it [ D*!* ^W X7tpton Svrr*y r 9ndKm . SiitCttpjtMdci ?Cuwtfddtr Q CiBttm : Purt ftp, Souftehto I Ddcte uebtLer erypt arxrvsfen J
S Swurty M r*
< *a v * i . . r * * 1
^soro:
D O -.V C & Tocfe'iC CM v* M odule :8 C ryptoarsph!W Jvdnoe &1crypttonPadages l r dx> [13 K B] 5>S4r-fteFie.docx.p [18KBJ 0 :)one Froceatd 1 fie:. Succeeded: L Paled: 0 0 :aniK 1SKB.A.nagr s p r r d :: 8K B , *
http://www.aeppro.com
C o p y rig h t b y
EG-GlOOCil. All R ig h ts R e s e r v e d . R e p r o d u c tio n Is S tric tly P ro h ib ite d .
C r y p t o g r a p h y T o o l: A d v a n c e d Source: h ttp ://w w w .a e p p ro .c o m
E n c r y p tio n
P a c k a g e
A dva nce d E n cryp tio n Package is file e n c ry p tio n s o ftw a re th a t helps yo u m a in ta in th e priva cy o f y o u r in fo rm a tio n by a llo w in g yo u to p a s s w o rd -p ro te c t files. It is able to p e rfo rm e n c ry p tio n , d e c ry p tio n , and s e lf-d e c ry p tin g file c re a tio n , file D e le te /W ip e , Zip m a n a g e m e n t, e n c ry p tio n key m a n a g e m e n t, and file e m a ilin g . Its fe a tu re in c lu d e s : 9 9 s 9 S tro n g an d p ro v e n a lg o rith m s are used to p ro te c t y o u r se n sitive d o c u m e n ts It can e n c ry p t file s as w e ll as te x t P e rform s secure file d e le tio n A b ility to c re a te e n c ry p te d s e lf-e x tra c tin g file to send it as e m a il a tta c h m e n t
Ad/anced Erxryôr Packag 2012 FWanwnal v7&5 Tm IVw

t O .C : flpiona loan tfa Cnoypt | Ocorpt
CnoffW
aon P lcto oa l A 67 TiiiJV^nicw
*> l- M O f1 0 . * U rtp
sÔ t
4 CfH Tooh >, CD.3 ModJe 02 Foafennana and fteconnaiiaence > C tH ^ Ho&M 03 Scamng Meteor** C9*/6 MQdLie 04 (tuner adan > COt. 3 rtxXJ* O SSnlen Madang > CBM H odie 07 Wuees and Warns J ik CH. SModL* UOyptorac*> a J ( x3vr<e enaypoen Package Odetc Ca<
I -1 L 1
|^W tfic.d0o1 |
0 i , *CSGHcUaa > > Nn> fc*de
I-
?ad fie. * 1 er cyp<
SarceHes
C Sho* al V *
*art
Set Output Potter <* QmntfoWer C Custom:
C *
9 1 0
* al fin
a h lis
< C urrent****
C Custom:
3d
a
Q 0 Van Toob'CSH9 Mo0Je 18C YptogracvV ar tnayptcn PaOcageV
S a *0 eH e < * [lW ] S w pitH a.d0C X .M ptI8K B j

0 Oone > k k m < 1 Succeeded: 1. Pa*ed: 0 2) Pr0CMM4 a B Aveage g< 3 18 KB/(
FIGURE 19.11: Advanced Encryption Package protecting files using passwords
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All R ights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
T o o l:
c u
B C T e x tE n c o d e r
--------------
BCTextEncoder encrypts confidential text in your message It uses strong and approved symmetric and public key algorithms for data encryption It uses public key encryption methods as well as password-based encryption
P ta n * x t : 2 B ----------------------------------------------Cneafeby: casswd 1 ------------- :
= = y g i
E n c o d e d t*xfc 796 B
____ B E G IN B < O O S > *SSACE V e o n : 9 C T . * t c o d l * * t v v . l.0 0 .
is s tz s s g r -
C o p y rig h t b y
EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P r o h ib ite d
C r y p t o g r a p h y T o o l: B C T e x tE n c o d e r
\M > /* v
Source: h ttp ://w w w .je tic o .c o m
BC TextEncoder a llo w s you to e n c ry p t and d e c ry p t th e c o n fid e n tia l m essages fo r secure e m ail o r ch a t c o m m u n ic a tio n s . It uses p u b lic key e n c ry p tio n m e th o d s as w e ll as p assw ord-ba sed e n c ry p tio n and s tro n g and a p p ro v e d s y m m e tric and p u b lic key a lg o rith m s fo r d a ta e n c ry p tio n . You s im p ly need to choose th e te x t yo u w a n t to e n c ry p t and sp e cify th e passw ord and th e n click th e b u tto n to e nco de it.
BCTextEncoder Utility v. 1.00.6

File Edit Key Options Help
L J n
Decoded plan text: 2 8 B
Encode by:
password
vj
Encode
Cryptography is the converson o f data n to a scrairWed code that 5 decrypted and sent across a private or pubfc n et* a
Encoded text: 796 B BEGIN ENCODED MESSAGE verson: BCTextEncodef U ttty v. 1.00.6
Decode
vy<CQMCFp +xNnjMtgK QXeyfay bXGj F > WMsVWr*)nv<yvnltf> +voOMEi QpS&eGOxlohC 3IZdwcT6H lTXggla83r fVh9n XrbVc *qVft^LTTU IraUyOeXO 0r1dtZlvlX5zgyg8Np9H0u90tYH lFC]M0evWe02UI-FgTTBAy/sXl2Hnh3Se lu 1 u Aa 5qA vx/2T NpVtM Q + a H TORI 50 /fri IScsCL Sit /[*,ytxJJw23 v> AowEv8RI6dnr>8EFOS2Rt 1WU B ENC00ED MESSAGE
6 .5 3
+.100
FIGURE 19.12: BCTextEncoder encrypting and decrypting confidential messages
r y p
t o
r a
o o ls
C E H
CommuniCrypt File Encryption Tools

http://www.communicrypt.com
NCrypt XL
http://w w w .littlelite.net
Steganos LockNote
https://www.steganos.com
r
&
C o p y rig h t b y
ccrypt
http://ccrypt.sou reef orge. net
AxCrypt
h ttp://w w w .axantum.com
WinAES
http://fatlyz.com
AutoKrypt
h ttp://w w w .hiteksoftware.com
EncryptOnClick
http://www.2brightsparks.com
b F 3
CryptoForge
h ttp://w w w .cryptoforge.com
GNU Privacy Guard

http://w w w .gnupg. org
C r y p t o g r a p h y T o o ls T h ere are v a rio u s c ry p to g ra p h ic to o ls th a t yo u can use fo r e n c ry p tin g and d e c ry p tin g y o u r in fo rm a tio n , file s , etc. These to o ls im p le m e n t d iffe re n t typ e s o f ava ila b le e n c ry p tio n a lg o rith m s :
9 9 9 9 9 9 9 9
C o m m u n iC ry p t File E n c ry p tio n T o o ls ava ila b le a t h ttp ://w w w .c o m m u n ic r y p t.c o m Steganos L ockN o te a v a ila b le a t h ttp s ://w w w .s te g a n o s .c o m A xC rypt a v a ila b le at h ttp ://w w w .a x a n tu m .c o m A u to K ry p t a va ila b le a t h ttp ://w w w .h ite k s o ftw a r e .c o m C ryptoF orge a v a ila b le at h ttp ://w w w .c ry p to fo rg e .c o m N C rypt XL a v a ila b le a t h tt p : //w w w .little lite .n e t C crypt ava ila b le a t h ttp ://c c ry p t.s o u rc e fo rg e .n e t WinAES a v a ila b le at h ttp ://fa tly z .c o m E ncryptO nC lick a v a ila b le a t h ttp ://w w w .2 b rig h ts p a rk s .c o m GNU Privacy G uard a v a ila b le a t h ttp ://w w w .g n u p g .o rg
9
9
M o d u le 19 P ag e 2 8 2 6
l e
l o
E H
C o p y rig h t b y
tr 7
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y , va rio u s e n c ry p tio n a lg o rith m s , an d th e use o f
e n c ry p tio n a lg o rith m s in c ry p to g ra p h y . In a d d itio n to th e c ry p to g ra p h ic s e c u rity m echanism s discussed so fa r, th e re is o ne m o re in fra s tru c tu re in te n d e d to exchang e d a ta and m o n e y over th e In te rn e t securely: PKI (P ublic Key In fra s tru c tu re ). C ry p to g ra p h y C on cep ts mwm 1 1 :1 1 1 1 E n c ry p tio n A lg o rith m s
l/ < ? 7
m
This s e ctio n pro vid e s in fo rm a tio n a b o u t Public Key In fra s tru c tu re (PKI) and th e ro le o f each c o m p o n e n ts o f PKI in th e s e c u rity p u b lic key e n c ry p tio n . Let's s ta rt w ith w h a t is Public Key In fra s tru c tu re (PKI)?
P u b lic
K e y
In fr a s tr u c tu r e
( P K I)
E H
J Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates
Certificate Management System

G e n e ra te s , d is tr ib u te s , s to re s , a n d v e r ifie s c e r tific a te s
Certificate Authority (CA)

Issues a n d v e rifie s d ig ita l c e rtific a te s
D ig ita l C e rtific a te s E sta b lis h e s c re d e n tia ls o f a p e rs o n w h e n d o in g o n lin e tra n s a c tio n s
Registration Authority (RA)

A c ts as t h e v e r if ie r f o r th e c e r tific a te a u t h o r it y
End User
R e quests, m a n a g e s , a n d uses c e r tific a te s
C o p y rig h t b y
EG-G*ancil. All
R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .
P u b lic
K e y In fra s tru c tu re
(P K I)
Public Key In fra s tru c tu re (PKI) is a s e c u rity a rc h ite c tu re d e ve lo p e d to increase th e c o n fid e n tia lity o f in fo rm a tio n being exchanged o ve r th e in secure In te rn e t. It includes h a rd w a re , s o ftw a re , p e o ple , policie s, and p ro ce d u re s re q u ire d to cre a te , m anage, d is trib u te , use, s to re , and revo ke d ig ita l c e rtific a te s . In c ry p to g ra p h y , th e PKI helps to bind p u b lic keys w ith c o rre s p o n d in g user id e n titie s by m eans o f a c e rtific a te a u th o r ity (CA). The fo llo w in g are th e c o m p o n e n ts o f PKI: 9 9 A c e rtific a te a u th o r ity (CA) th a t issues and v e rifie s d ig ita l c e rtific a te s A c e rtific a te m a n a g e m e n t system fo r g e n e ra tio n , d is trib u tio n , storage, and v e rific a tio n o f c e rtific a te s 9 9 One o r m o re d ire c to rie s w h e re th e c e rtific a te s (w ith th e ir p u b lic keys) are h e ld A re g is tra tio n a u th o rity (RA) th a t acts as th e v e rifie r fo r th e c e rtific a te a u th o r ity
C ry p to g ra p h ic keys can be d e liv e re d se cu re ly b e tw e e n users by PKI.
P u b lic
K e y
In fr a s tr u c tu r e
( P K I)
(Contd)
C E H
C e rtific a tio n A u th o rity (CA)
pq
R egistration A u th o rity (RA)
P u b lic K ey P r i v a t e K ey <Z==
> >
V a lid a tio n o f e le c tr o n ic s ig n a t u r e E n q u ir e s a b o u t p u b lic k e y c e r tif ic a te v a lid ity t o v a lid a tio n a u t h o r i t y
0 1
C o p y rig h t b y
P u b lic a
K e y In fra s tru c tu re
(P K I) (C o n td )
The p u b lic key c ry p to s y s te m uses a p a ir o f a p u b lic key and a p riv a te key to assure secure c o m m u n ic a tio n o v e r th e In te rn e t. In p u b lic key c ry p to s y s te m a u th e n tic a tio n , it is im p o rta n t to c o n n e c t th e c o rre c t person and th e p u b lic key. This is acco m p lish e d w ith th e help o f P ublic Key In fra s tru c tu re (PKI). A s y m m e tric (p u b lic key) c ry p to g ra p h y is th e fo u n d a tio n te c h n o lo g y o f PKI, w h e n s e n d e r and re ce ive r agreed upon a se cre t c o m m u n ic a tio n using p u blic key e n c ry p tio n w ith a d ig ita l s ig n atu re . The fig u re th a t fo llo w s show s h o w a message gets d ig ita lly signed by th e o rg a n iz a tio n in v o lv e d in a u th e n tic a tio n and c e rtific a tio n by m eans of PKI. In p u b lic key cryp to syste m s, th e co rre s p o n d e n c e b e tw e e n a p u b lic key and th e p riv a te key is ta k e n care by th e c e rtific a tio n a u th o r ity (CA), i.e., based on th e p u b lic key th e CA d e te rm in e s th e o w n e r o f th e re s p e c tiv e p riv a te key. In itia lly , th e user requests th e c e rtific a tio n a u th o rity fo r b in d in g his o r her p u blic key; a c e rtific a tio n a u th o r ity d ig ita lly signs it and issues a p u b lic key c e rtific a te to th e user. It binds th e user's id e n tity w ith th e user's p u b lic key. In b e tw e e n th e user and th e CA, th e re exists an o rg a n iz a tio n , th e R e g istra tio n A u th o rity (RA). The jo b o f th e RA is to v e rify th e id e n tity o f th e user re q u e s tin g th e c e rtific a te fa c e -to -fa c e . T here exists a n o th e r a u th o rity in PKI, i.e., th e v a lid a tio n a u th o rity (VA). The jo b o f th e VA is to check w h e th e r th e c e rtific a te w as issued by t r u s tw o r th y a CA o r n o t, i.e., is it v a lid o r n o t. The sen d e r and re c e iv e r can th e n e xchang e a secret m essage using p u b lic key c ry p to g ra p h y .
V a lid a tio n Updates Inform ation A u th o r ity (VA)
R e q u e s t f o r is s u in g - ~ c e rtific a te .* ^
<
P u b lic K ey P u b lic K ey C e r tif ic a te C e r tif ic a te
D e te r m i n e d R e s u lt
U se r a p p lie s fo r is s u in g c e r t i f i c a t e
u
User
H "
M e s s a g e in p u b lic k e y c e r t i f i c a t e s ig n e d w i t h d ig ita l s ig n a t u r e r > > V a lid a tio n o f e le c tro n ic s ig n a tu r e E n q u ire s a b o u t p u b lic k e y c e r tific a te v a lid ity t o v a l i d a t i o n a u t h o r i t y
/ --------------------------- P u b lic K e y P r iv a te K ey ^
1 J 1
FIGURE 19.13: Public Key Infrastructure (PKI)
M o d u le 19 P ag e 2 8 3 0
e r t if ic a t io n
u t h o r it ie s
C E H
Crt1fW 4 itfciul Nm Im
Q th a M te
The First To B ring Y ou a F u ll Line of 2048-bit C ertificates
se curity trusted by is around the w orld

T h U idS M S u im
B U YCER TFICATES
th e m o s t v is ib le w e b s ite s e c u r ity
h t t p : / / w w w . c o m o d o . c o m
S
Symantec N o rto n
h t t p : / / w w w . t h a w t e . c o m
Game check. New name. Still the gold standard.
h t t p : / / w w w . v e r i s i g n . c o m
C o p y rig h t b y
h t t p : / / w w w . e n t r u s t . n e t
C e r tific a tio n
A u th o r itie s
C e rtific a tio n a u th o ritie s are th e e n titie s th a t issue d ig ita l ce rtific a te s . The fo llo w in g are som e o f th e c e rtific a te a u th o ritie s : C om odo Source: h ttp ://w w w .c o m o d o .c o m C o m o do o ffe rs a c o m p le te range o f PKI d ig ita l c e rtific a te s w ith stro n g SSL e n c ry p tio n a va ilable . It ensures s ta n d a rd s o f c o n fid e n tia lity , system re lia b ility , and p e rtin e n t business practices as ju d g e d th ro u g h q u a lifie d in d e p e n d e n t a u d its. The PKI (P ublic Key In fra s tru c tu re ) m a n a g e m e n t s o lu tio n s o ffe re d by C o m o d o in c lu d e C o m o d o C e rtific a te M a n a g e r and C o m o d o EPKI M a n a g e r. A v a ila b le D ig ita l C e rtific a te s : Q 9 9 9 E xtended v a lid a tio n (EV)-SSL M u lti-d o m a in EV SSL W ild c a rd SSL U n ifie d c o m m u n ic a tio n s (UC) In tel Pro Series
9 9 9 9
G eneral p u rp o se SSL Secure Email - S /M IM E C lie nt a u th e n tic a tio n C o d e s ig n in g
COMODO
Creating Trust Online*
IR e s o u rc e sI n e w s ro o mI C a re e rs I C o n ta c tU sI S u p p o rt I L o flm I E -C o m m e rc e
Mil I I
P ro d u c t*
H o m e&H o m eO ffic e
I
S m a lloU M e O m a im dB u usies! M k e s s
L a rg eE a te rp iise
P a rta e is S o c ia lM e O a
T h e F irs t T o B ring Y ou a Full Line o f 2 0 4 8 -b it C e rtific a te s

E x p lo r e O u r S S L C e r tif ic a te s
Swura Sw M o w m Secure W it tl* Convereon MS UcfMOfi 2007^ Secure a Webserver
rR TinciW ^^
> fftttP ftO O U C T S
>H O M IC O M P U IM G
>B U S M tS SS O iU T lO M S
fC O M M fR C iS O iU T lO M S
FIGURE 19.14: Comodo screenshot th w a te Source: h ttp ://w w w .th a w te .c o m th a w te is a C e rtific a tio n A u th o rity , th w a te o ffe rs SSL and code signing d ig ita l c e rtific a te s to secure servers, p ro vid e s data e n c ry p tio n , a u th e n tic a te s users, p ro te c ts privacy, and assures o n lin e id e n tifie s th ro u g h s trin g e n t a u th e n tic a tio n and v e rific a tio n processes. The SSL c e rtific a te s o ffe re d by th w a te in clu d e W ild c a rd SSL C e rtifica te s, SAN /U C C e rtifica te s, SGC SuperC erts, and E xtended V a lid a tio n SSL C e rtifica te s.
( t) th a w te
urity trusted by ound the world

O n c o s w rw h a tS S I* a n dw h yy o un e e dt
G e t s ta rte d w ith S S L
S h o oU m c sD mD im T ru s te dS *eS e a la n d
In s p ire T r u s t O n lin e
J u s to n eS A Nc e rtA c a te c a ns e c u rem u ltip le
S im p lify SSL S e c u rity
BUY CERTIFICATES S S IC e rtific a te s C o d eS ig n in gC e rtific a te s
th e m o s t v is ib le w e b s ite s e c u r ity
* * w tjh m m g ra e w W L x a m AM s m a a e e tyT n e n rte Cj X J
FIGURE 19.15: thawte screenshot V e r is ig n
Source: h ttp ://w w w .v e ris ig n .c o m V eriSign A u th e n tic a tio n Services, n o w p a rt o f S ym antec Corp. o n lin e w ith co n fid e n c e . SSL C e rtific a te s : 0 0 0 0 0 0 0 0 Secure Site Pro w ith EV Secure Site w ith EV Secure Site Pro Secure Site M a naged PKI fo r SSL SSL fo r th e E n te rp rise SSL P a rtn e r P rogram s S ym antec C e rtific a te In te llig e n c e C e n te r (NASDAQ: SYMC), p rovides
s o lu tio n s th a t a llo w co m p a n ie s and co n su m e rs to engage in c o m m u n ic a tio n s and c o m m e rc e
" *, >ym a n te c Product a Srvtc
VeriSign Authentication Services
Morton
v/^ N o rto n
V
S a m e ch e ck . New nam e. S t ill th e g o ld s t a n d a r d .

Th same security, services and support youve come to trust from VeriSign are now brought to you by Symantec. wnat it mean* for you > Trust from Search to Browse to Buy Boost your sue traffic and conversions with powerful trust features Free wh every SSL Protect Your Site. Crow Your Business. Newfeatures fromSym antec SSL m ake your W eOvtr easy to trust and easy to secure
SECURED
pow ered by VeriSign
BUY BUY iw v
5S t CartifKAt S ym n1>c'a M M Cod S *g **n g ir inai S S IC *(W lC U | Trvl C mM Notion<Ux u!d sal
VERISIGN Cyber security and *vaMtatty productsyour taiuww retr* on Managed DNS DDoS Proec*on
O fffc n w *
^ N o rto n
Domain Name Services are available from Vanstgn at Ven>onin< oom
FIGURE 19.16: Verisign screenshot E n tru s t Source: h ttp ://w w w .e n tr u s t.n e t E n tru st pro vid e s id e n tity -b a s e d s e c u rity so lu tio n s th a t e m p o w e r e n te rp rise s, co n su m ers,
citizens, and th e w e b . E n tru s t's s o lu tio n s in clu d e stro n g a u th e n tic a tio n , fra u d d e te c tio n , d ig ita l c e rtific a te s , SSL, and PKI. E n tru st can d e p lo y a p p ro p ria te s e c u rity s o lu tio n s to help p ro te c t d ig ita l id e n titie s and in fo rm a tio n at m u ltip le p o in ts to address e v e r-e v o lv in g th re a ts .
E VU u lti-O o m a in S S LC *rw > c a t*

fto
$ 1 8 6 HH $249
t IT W ra n
Q 3Q ) LocJtia
$725/ year
$373...
Q 3 ua
S ta n d a rdS S LC rtM c a tM *
C*1 1 fc*WD*v*r
$155...
FIGURE 19.17: Entrust screenshot
l e
l o
C o p y rig h t b y
EG-GMMCil. All R ig h ts R e s e r v e d . R e p r o d u c tio n Is S tric tly P ro h ib ite d .
M o d u le
F lo w
A t p re se n t, m o s t businesses use em ail as th e m a jo r source o f c o m m u n ic a tio n as it is sim p le and easy to c o m m u n ic a te o r share in fo rm a tio n . These em ails m ay c o n ta in s e n s itiv e in fo r m a tio n a b o u t th e ir p ro je cts, update s, etc. If th is in fo rm a tio n fa lls in to th e w ro n g hands, th e n th e o rg a n iz a tio n s m ay fa ce huge losses. This risk can be a vo id e d by e n c ry p tin g th e e m ail messages. Email e n c ry p tio n is th e m eans to tra n s fe r th e p la in te x t m essage in to an u n re a d a b le fo rm .
bpt
Ilhli 1 1
This s e ctio n focuses on v a rio u s e m a il s e c u rity m echanism s such as d ig ita l s ig n a tu re s , SSL, and TLS.
M o d u le 19 P ag e 2 8 3 6
i g
i t a
i g n a t u r e
C E H
Digital signature used asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form
A digital signature may be further protected, by encrypting the signed email for confidentiality
M l
V
j r
OPEN . /...................
Decrypt message using one-tim e symmetric key
Recipient decrypt one-tim e symmetric key using his PRIVATE key ....................................... .......................... ...................................
V E R IF Y m * , j fit?
Unlock the hash value using sender's PUBLIC key
-------
' l i f
Rehash the message and compare it with the hash value attached with the mail
C o p y rig h t b y
D i g i t a l S ig n a tu r e A d ig ita l sig n a tu re is a c ry p to g ra p h ic m eans of a u th e n tic a tio n . Public key
c ry p to g ra p h y , w h ic h
uses an a s y m m e tric ke y a lg o rith m , is used fo r cre a tin g th e
d ig ita l
s ig n a tu re . The tw o typ e s o f keys in p u b lic key c ry p to g ra p h y are th e p riv a te key (w h ic h is k n o w n o n ly to th e signer and used to c re a te th e d ig ita l sig n a tu re ) and th e p u b lic key (w h ich is m ore w id e ly k n o w n and is used by a re ly in g p a rty to v e rify th e d ig ita l signature). A hash fu n c tio n is a process, o r an a lg o rith m , th a t is used in cre a tin g and v e rify in g a d ig ita l s ig n a tu re . This a lg o rith m creates a d ig ita l re p re s e n ta tio n o f a m essage, w h ic h is also k n o w n as a " fin g e r p r in t." This fin g e rp rin t is o f a "hash v a lu e " o f a s ta n d a rd le n g th , w h ic h is m uch s m a lle r th a n th e message, b u t is u n iq u e to it. If any change is m ade to th e m essage, it w ill a u to m a tic a lly p ro d u c e a d iffe re n t hash re s u lt; it is n o t possible to d e rive th e o rig in a l m essage fro m th e hash va lu e in case o f a secure hash fu n c tio n , w h ic h is also kn o w n as a o n e -w a y hash fu n c tio n . The hash re s u lt o f th e o rig in a l m essage and th e hash fu n c tio n th a t is used to c re a te th e d ig ita l s ig n a tu re are re q u ire d to v e rify th e d ig ita l s ig n a tu re . W ith th e help o f th e p u b lic key and th e n e w re s u lt, th e v e rifie r checks: 9 If th e d ig ita l s ig n a tu re is cre a te d w ith th e re la te d p riv a te key. If th e new hash re s u lt is th e sam e as th e o rig in a l hash re s u lt, w h ic h w as c o n v e rte d in to a d ig ita l s ig n a tu re d u rin g th e s ig n in g process.
To c o rre la te th e key p a ir w ith th e re sp e ctive signer, th e c e rtific a tio n a u th o rity presents a c e rtific a te th a t is an e le c tro n ic re cord o f th e p u b lic as th e su b je ct o f th e c e rtific a te , and c o n firm s th e id e n tity o f th e sign er as th e re la te d p riv a te key o w n e r. The fu tu re signer is called th e su b sc rib e r. T he m ain fu n c tio n o f a c e rtific a te is to bind a p a ir o f p u b lic and p riv a te keys to a p a rtic u la r subscribe r. The re c ip ie n t o f th e c e rtific a te relies on a d ig ita l sig n a tu re cre a te d by th e su b sc rib e r na m ed in th e c e rtific a te . The p u b lic key listed can be used to v e rify th a t th e p riv a te key is used to c re a te th e re la te d d ig ita l s ig n a tu re . The c e rtific a tio n a u th o rity d ig ita lly signs th e c e rtific a te to assure th e a u th e n tic ity o f b o th th e p u b lic key and th e s u b scrib e r's id e n tity . The a u th o rity 's d ig ita l sig n a tu re on th e c e rtific a te can be v e rifie d w ith th e help o f th e p u b lic key o f th e c e rtific a tio n a u th o rity re co rd e d in a n o th e r c e rtific a te , w h ic h belongs to a n o th e r c e r tific a tio n 's a u th o rity . This c e rtific a te can be a u th e n tic a te d w ith th e he lp o f a n o th e r p u b lic key re c o rd e d in a n o th e r c e rtific a te and so on. The re p o s ito ry can be m ade to pu b lish th e c e rtific a te ; th e p u b lic key and its id e n tity are a va ila b le fo r v e rific a tio n o f th e c e rtific a te . The re trie v a l and v e rific a tio n o f th e d ig ita l sig n a tu re is m ade w ith th e h e lp o f an o n lin e database called re p o s ito rie s , w h ic h h olds th e c e rtific a te s and o th e r in fo rm a tio n . The c e rtific a tio n a u th o rity m ay suspend o r re vo ke th e c e rtific a te .
S IG N
A p p e n d t h e s igned hash
AC CEPT
P L, 11 no 01
C o n fid e n tia l In fo rm a tio n
1U
- unn f
co d e t o m essage
0 1001110
1100 001 1 111 oo
00 k
-i
O P EN V D e c ry p t m essage using o n e -tim e s y m m e tric k ey
S e n d e r signs hash code using his PRIV ATE k e y
SEAL
J& i
Encrypt m assage using o n e *tim e s y m m e tric k e y En cryp t th e s y m m e tric key using r e c ip ie n t's PUBLIC k ey
* U ,
...............
R e c ip ie n t d e c ry p t o n e -tim e s y m m e tric k e y using his PRIV ATE key
DELIVER
VERIFY
11 n o 01 P H 11 M a il ele c tro n ic e n v e lo p e s to t h e re cip ie n t U n lo ck th e hash v a lu e using se n d er's PUBLIC k e y :
-V..
v a lu e a t t a c h e d w ith t h e m ail
FIGURE 19.18: Digital signatures
S S L
( S e c u r e
S o c k e ts
L a y e r )
C E H
B SSL is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet B It uses RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections
C lie n t H ello m e s s a g e ( in c lu d e s SSL v e rs io n , r a n d o m ly g e n e r a t e d d a ta , e n c ry p tio n a lg o rith m s , s e s s io n ID, k ey e x c h a n g e a lg o rith m s , c o m p r e s s io n a lg o rith m s , a n d MAC a lg o rith m s )
D e te r m in e s t h e SSL v e r s io n a n d e n c r y p tio n a lg o r ith m s t o b e u s e d f o r t h e c o m m u n ic a tio n ; s e n d s S e rv e r H ello m e s s a g e (S e ssio n ID) a n d C e rtif ic a te m e s s a g e (local c e r tific a te )
S e n d s a S e rv e r H ello D o n e m e s s a g e
V e rifie s t h e D igital c e r tif ic a te ; g e n e r a t e s a r a n d o m p r e m a s te r s e c r e t (E n c ry p te d w ith s e r v e r 's p u b lic key) a n d s e n d s C lie n t K ey E x c h a n g e m e s s a g e w ith t h e p r e m a s te r s e c r e t
S e n d s a C h a n g e C ip h e r S p e c m e s s a g e a n d a ls o s e n d s F in is h e d m e s s a g e ( h a s h o f h a n d s h a k e m e s s a g e )
H ash v a lu e is c a lc u la te d f o r t h e e x c h a n g e d h a n d s h a k e m e s s a g e s a n d t h e n c o m p a r e d t o t h e h a s h v a lu e r e c e iv e d f r o m t h e c lie n t; If t h e t w o m a tc h , t h e k e y a n d c ip h e r s u ite n e g o tia tio n s u c c e e d s . S e n d s a C h a n g e C ip h e r S p e c m e s s a g e a n d a ls o s e n d s F in ish e d m e s s a g e ( h a s h o f h a n d s h a k e m e s s a g e )
C o p y rig h t b y
EG-G*ancil. All
R ig h ts R e s e r v e d . R e p r o d u c tio n Is S tric tly P ro h ib ite d .
S S L (S e c u re
S o c k e ts L a y e r )
SSL is a c ro n y m fo r Secured Sockets Layer, d e ve lo p e d by N etscape. It is a p ro to c o l fo r sending p riv a te d o c u m e n ts o ve r th e In te rn e t. It w o rk s w ith th e he lp o f th e p riv a te key to e n c ry p t data th a t is tra n s fe rre d ove r an SSL c o n n e c tio n . The m ain m o tiv e beh in d designing th e SSL p ro to c o l is to p ro v id e p riva cy b e tw e e n tw o c o m m u n ic a tin g a p p lic a tio n s , such as a c lie n t and a server. M o re o v e r, th e p ro to c o l is designed to a u th e n tic a te th e se rve r and th e c lie n t; SSL re q u ire s a re lia b le tr a n s p o r t p ro to c o l such as TCP fo r d a ta tra n s m is s io n and re c e p tio n . A ny a p p lic a tio n -la y e r p ro to c o l th a t is h ig h e r th a n SSL, such as HTTP, FTP, and TELNET, can be layered on to p o f SSL tra n s p a re n tly . The SSL acts as an a rb itr a to r b e tw e e n th e e n c ry p tio n a lg o rith m and session key, and also v e rifie s th e d e s tin a tio n se rve r b e fo re th e tra n s m is s io n and re c e p tio n o f data. The c o m p le te data o f th e a p p lic a tio n p ro to c o l is e n c ry p te d , to ensure s e cu rity. It also o ffe rs cha nn e l s e c u rity w h ic h has th re e basic p ro p e rtie s : 9 It has a p riv a te ch a n n e l, w h e re th e messages are e n c ry p te d a fte r th e sim p le handshake th a t de fin e s th e se cre t key. 9 The ch an n e l is a u th e n tic a te d . The se rve r e n d p o in ts are alw ays a u th e n tic a te d b u t th e c lie n t e n d p o in ts are o p tio n a lly a u th e n tic a te d . 9 The ch an n e l is re lia b le . The tra n s m is s io n has an in te g rity check.
An SSL session is re s p o n s ib le fo r th e SSL h a n d sh a ke p ro to c o l to o rganize th e states o f th e server and clie n ts, th u s e n su rin g th e co n siste n cy o f th e p ro to c o l sta te m achines (th e states are n o t e x a c tly p a ra lle l). T he re are tw o d iffe re n t ty p e s o f states: o p e ra tin g and pe n d in g . In a d d itio n to th e tw o states, tw o a d d itio n a l state s are also m a in ta in e d ; th e read and w r ite states. W h e n th e se rve r o r c lie n t o b ta in s th e c ip h e r spec message, th e m essage is co p ie d in to a c u rre n t read s ta te fro m th e p en d in g read s ta te . In a s im ila r w ay, w h e n th e data is tra n s m itte d fro m th e se rve r o r c lie n t, it tra n s m its a changed c ip h e r spec message, and copies th e m essage in to th e w r ite c u rre n t sta te fro m th e p e n d in g w r ite sta te . A fte r th e c o m p le tio n o f th e h a n d sh a ke a rb itr a tio n , th e server and c lie n t exchange th e changed spec m essage and th e c o m m u n ic a tio n is based on th e n e w ly agreed u p o n c ip h e r spec. An SSL m ay in c lu d e m any secure c o n n e c tio n s , and it m ig h t have m u ltip le c o n c u rre n t sessions. The e le m e n ts in c lu d e d in session sta te are as fo llo w s : S e s s io n I d e n t i f i e r Session id e n tifie r is a ra n d o m sequence o f bytes tra n s m itte d by th e se rve r to id e n tify an a c tiv e o r p re s u m a b le session sta te : 9 9 9 Peer C e rtific a te - X 509.v3[X 509] is th e c e rtific a te o f th e peer and m ay be nu ll. C om pression M e th o d - Is th e a lg o rith m used to com press data p rio r to e n c ry p tio n . C ipher Spec - E n u m erate s th e b u lk d a ta e n c ry p tio n and M AC a lg o rith m s . It also defines c ry p to g ra p h ic a ttrib u te s like th e size o f th e hash. 9 9 M a s te r S ecret - Is th e 4 8 -b y te se cre t shared b e tw e e n th e c lie n t and server. Is R esum able - A fla g specifies w h e th e r a n e w session can be s ta rte d .
The e le m e n ts o f th e c o n n e c tio n s ta te a re as fo llo w s : 9 Server and c lie n t ra n d o m - Is th e sequences o f bytes, w h ic h are selected by th e server and th e c lie n t fo r e ve ry c o n n e c tio n . 9 Server w r ite MAC secre t - Is th e secret used in MAC o p e ra tio n s on data w ritte n by th e server. 9 C lie nt w r ite MAC se cre t - Is th e secret used in MAC o p e ra tio n s on data w ritte n by th e c lie n t. 9 Server w r ite key - Is th e huge c ip h e r key fo r data e n c ry p te d by th e se rve r and d e c ry p te d by th e c lie n t. 9 C lie nt w r ite key - Is th e c ip h e r key fo r data e n c ry p te d by th e c lie n t and d e c ry p te d by th e server. 9 In itia liz a tio n v e c to rs - In CBC (C ipher Block Chain) m o d e w h e n th e block cip h e r is used, an in itia liz a tio n v e c to r is m anaged fo r e ve ry key. It is s ta rte d by th e SSL handshake p ro to c o l and is used to m ake th e fir s t c ip h e r te x t. te x t is used w ith th e s u b s e q u e n t re c o rd . The last c ip h e r te x t b lo c k o f e ve ry
M o d u le 19 P ag e 2 8 4 0
Sequence numbers - Every party maintains a different and unique sequence of numbers for the transmission and reception of messages for every connection. The appropriate sequence is set to zero depending on the party that sends and receives cipher spec.
S S L H a n d s h a k e P r o to c o l F lo w
The SSL handshake protocol works on top of the SSL record layer. These processes that are executed in the three handshake protocol are summarized as follows: 9 The client sends a hello message to the server and the server must respond to the hello message with a hello message, or else the connection will fail due to the occurrence of a fatal error. The attributes that are established due to the server and client hello are: protocol version, session ID , cipher suite, and compression method. After the connection is established, the server sends a certificate to the client for authentication. In addition, a server-key exchange message might be sent. Ifthe server is authenticated, the client may be requested for the certificate, if that is appropriate to the cipher suite selected. The server sends a hello done message, to inform that the handshake phase is complete and waits for the client's response. If the client receives a certificate request message, the client must respond to the message by sending a certificate message or "no certificate" alert.The client-key exchange message is sent and the content of the message depends on the public-key algorithm between the server hello and client hello. If the certificate sent by the client has signing ability, a digitally signed certificate verifies the message, and is transmitted. The client transmits the changed cipher spec message and copies the pending cipher spec into the current cipher spec. The client sends a message to initiate the completion of the message under the new algorithm, keys, and secrets. In response the server replies by sending its own changed cipher spec message, transfers the pending cipher spec to the current cipher spec, and initiates the completion of the message under the new cipher spec. This is the point of completion of the handshake and the server starts to exchange the application layer data.
9 9
The message of the previous session or the replica of an existing session is as follows: The client initiates the communication by sending a hello message with the session I of the session that is to be resumed. The server checks its cache to look for the match of the session ID ; if it finds a match it re-establishes the session under the specified session state with same session ID . This is the point where both the server and the client exchange the changed spec messages and proceed directly to the finished messages. After re-establishment, the server and the client exchange the data at the application layer. If the session I is not found, the server creates a new session ID, and the SSL client and server carry out a complete handshake.
Client Hello m essage (includes S S I version, encryption algorithms, key exchange algorithms, and M AC algorithms) Determines the S S Lversion and cipher suite to be used for the communication; sends Server Hello m essage (Session ID ) and Certificate m essage (local certificate)
i....
........
Sends aServer Hello Done m essage Verifies the Digital certificate; generates a random premaster secret (Encrypted with server's public key) and sends Client Key Exchange m essage with the premaster secret
tv
A i
S ends aChange Cipher Spec m essage and also sends Finished m essage (hash of handshake m essage) Computes the hash value of the exchanged handshake m essages and compares the hash value with that received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends aChange Cipher Spec m essage and also sends Finished m essage (hash of handshake m essage) FIGURE 19.19: Depicting S S L Handshake Protocol Flow
T r a n s p o r t L a y e r S e c u r ity
(T L S )
C E H
TLS is a protocol to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission It uses the R S Aalgorithm with 1024 and 2048 bit strengths
nwn
TLS Handshake Protocol

It a l l o w s t h e c l i e n t a n d
Hello Server
TLS Record Protocol

It p r o v i d e s s e c u r e d
Server C ertificate Server key Exchange Client C ertificate C lient key exchange C ertification verify [Change C ipher Spec] C lient Finished Message [Change C ipher Spec] Server Finished Message H a n d s h a k e P ro to c o l R e c o rd P ro to c o l A p p lic a tio n D a ta < > A p p lic a tio n D a ta C ertificate Request Server H ello Done
se rv e r to a u th e n tic a te e a c h o th e r, se le c t e n c ry p tio n a lg o rith m , a n d e x c h an g e sy m m e tric key p rio r to d a ta e x c h a n g e
c o n n e ctio n s w ith an en cry p tio n m e th o d su c h a s D ata E n c ry p tio n S t a n d a r d (D ES)
C o p y rig h t b y
T r a n s p o r t L a y e r S e c u r ity (T L S ) TLS is a p ro to c o l to e sta b lish a secure c o n n e c tio n b e tw e e n a c lie n t and a server and e nsure priva cy and in te g rity o f in fo rm a tio n d u rin g tra n sm issio n . It is a c ry p to g ra p h ic p ro to c o l in te n d e d to p ro v id e in fo rm a tio n s e c u rity o v e r th e In te rn e t. The TLS e n c ry p ts th e n e tw o rk c o n n e c tio n seg m e nts a t th e a p p lic a tio n la ye r fo r th e tra n s p o rt layer. It uses a s y m m e tric c ry p to g ra p h y fo r key exchange, s y m m e tric e n c ry p tio n fo r c o n fid e n tia lity , and message a u th e n tic a tio n codes fo r m essage in te g rity . W ith th e help o f TLS, y o u can reduce som e o f th e risks such as ta m p e rin g , m essage fo rg e ry m ail c o m m u n ic a tio n s , and e a v e sd ro p p in g d u rin g tra n s m is s io n o f e le c tro n ic m ails o r in fo rm a tio n . TLS p ro to c o l consists o f tw o layers: Q 9 TLS re c o rd p ro to c o l TLS handshake p ro to c o l T L S R e c o rd P ro to c o l The e n c ry p tio n , TLS re c o rd p ro to c o l p ro vid e s secure c o m m u n ic a tio n s . It is in te n d e d fo r
a u th e n tic a tio n , and co m p re ssio n
(o p tio n a l)
o f packets. O nce th e
h a n d sh a ke
process is d on e, th e n re c o rd layer fu n c tio n s can be called a t any tim e w h e n e v e r th e re is a need to send o r re ceive d a ta . It is re sp o n sib le fo r securing a p p lic a tio n data and also v e rify in g its in te g rity and o rig in o f th e data. TLS R ecord P ro to c o l m anages th e fo llo w in g : 9 9 9 D ivid in g and re a sse m b lin g messages C om pressing and d e co m p re ssin g blocks (o p tio n a l) A p p ly in g MAC (M essage A u th e n tic a tio n Code) and v e rify in g in c o m in g messages based on MAC 9 E ncryp ting and d e c ry p tin g m essages
The o u tg o in g e n c ry p te d d a ta fro m th e re co rd p ro to c o l is s e n t to TCP la ye r fo r tra n s p o rt.
H it
-251
T L S H a n d s h a k e P ro to c o l The TLS handshake p ro to c o l is re sp o n sib le fo r peers to agree upon s e c u rity
p a ra m e te rs fo r th e re c o rd la yer, a u th e n tic a tio n . This also n e g o tia te s a session co n sistin g o f session id e n tifie r, pe er c e rtific a te , c o m p re ssio n m e th o d , c ip h e r spec, m a ste r secret, and in fo rm a tio n a b o u t re s u m in g a c o n n e c tio n . The fig u re th a t fo llo w s show s th e process o f c lie n ta u th e n tic a te d TLS handshake:
Client Certificate Client key exchange Certification verify [Change Cipher Spec] Client Finished Message
H an d sh ak e P ro to c o l
Hello Server Server Certificate Server key Exchange Certificate Request Server Hello Done
[Change Cipher Spec] Server Finished Message
R e c o rd P ro to c o l
A p p lic a tio n
D ata
A p p lic a tio n
D ata
FIGURE 19.20: Showing the client-authenticated TLS handshake process A handsh ake p ro to c o l exchanges a series o f m essage in b e tw e e n a c lie n t and a se rve r fo r a secure c o n n e c tio n . In itia lly , th e c lie n t sends a " h e llo " to th e server. The server, in response to th e c lie n t, sends "h e llo ." D uring th is p e rio d , th e s e c u rity c a p a b ilitie s in c lu d in g p ro to c o l ve rsio n , co m p re s s io n m e th o d , c ip h e r s u ite , session ID, and in itia l ra n d o m num ber have been e sta b lish e d . Then th e s e rv e r m ay send a c e rtific a te and key exchange and re quests a c e rtific a te . N ow , th e se rve r signals th e end o f th e h e llo m essage. In response to th e c e rtific a te re q u e s t by th e se rve r, th e c lie n t sends th e c e rtific a te and key exchange. The c lie n t th e n sends c e rtific a te v e rific a tio n . B oth th e c lie n t and se rve r exchange th e ir c ip h e r s u ite and fin is h th e handshake p ro to c o l.
M o d u le 19 P ag e 2 8 4 4
C o p y rig h t b y
M o d u le
F lo w
So fa r, w e have discussed c ry p to g ra p h y , th e need fo r c ry p to g ra p h y , c ry p to g ra p h ic e n c ry p tio n a lg o rith m s , c ry p to g ra p h y to o ls , PKI, and em a il e n c ry p tio n . In a d d itio n to all th e se e n c ry p tio n m e th o d s , th e re is o n e m o re e n c ry p tio n m e th o d : disk e n c ry p tio n .
tiTTri' Blhlill
^ ^ 5
[/< ? ?
This s e c tio n describes disk e n c ry p tio n and disk e n c ry p tio n to o ls .
i s
c r y p
t i o
C E H
Confidentiality
Encryption
a
*
rotection s
Disk encryption protects confidentiality of the data stored on disk by converting it into an unreadable code using disk encryption software or hardware
Disk encryption works in a similar way as text message encryption and protects data even when the OS not active
____________________ J
With the use of an encryption program for your disk, you can safeguard any information to burn onto the disk, and keep it from falling into the wrong hands
1 ------------------------j.---------------------1 |
1 ............................ 1 .........................
# Passphrase
^ Hidden Volumes
+ DVD
Priv acy
Volume Encryption
Blue Ray
Backup
Copyright by EC-G(U(ICil. All Rights Reserved. Reproduction is Strictly Prohibited.
(it 1 1 1
D is k - 3 E n c r y p tio n
Disk e n c ry p tio n is th e process o f securing data by tra n s fe rrin g it in to un re a d a b le code
th a t c a n n o t be d e c ip h e re d by u n a u th o riz e d persons. You can use d is k e n c ry p tio n s o ftw a re or h a rd w a re to e n c ry p t e ve ry b it o f in fo rm a tio n th a t is w r itte n on th e disk. Disk e n c ry p tio n w o rks s im ila r to te x t message e n c ry p tio n . W ith th e use o f an e n c ry p tio n p ro g ra m fo r th e user's disk, th e user can safeguard any, and all, in fo rm a tio n b u rn e d o n to th e disk and save it fro m fa llin g in to w ro n g hands. A c o m p u te r disk is a ro u n d plate o n to w h ic h data is re c o rd e d a n d /o r b u rn e d . I f t h e user needs to sto re in fo rm a tio n on a disk, and keep it safe, it is re c o m m e n d e d th a t an e n c ry p tio n p ro g ra m be used. E n cryp tio n s o ftw a re , fo r disks, scram bles th e in fo rm a tio n b u rn e d on th e disk in to an ille g ib le code. It is o n ly a fte r th e disk in fo rm a tio n is d e c ry p te d , th a t it can be read a n d /o r used. E ncryption fo r disks is useful w h e n th e user needs to send sensitive in fo rm a tio n th ro u g h th e m ail. For instance, th e user needs to m ail his o r her frie n d a disk, b u t ca n n o t ta ke th e risk o f it being s to le n and th e in fo rm a tio n is being c o m p ro m is e d . In th is case, th e user could sim p ly e n c ry p t th e in fo rm a tio n on th e disk and th e n re st assured, even if th e disk is lost o r stolen, th e in fo rm a tio n on it w o u ld n o t be c o m p ro m is e d . In a d d itio n , disk e n c ry p tio n in fo rm a tio n fro m
M o d u le 19 P ag e 2 8 4 6
can also be useful in p ro te c tin g th e
re a l-tim e exchange o f
being c o m p ro m is e d . W h e n th e exchange o f in fo rm a tio n is m ade in an
e n c ry p te d fo rm , th e chances o f th e in fo rm a tio n being c o m p ro m is e d are m in im ize d . The o n ly w a y th e a tta c k e r can access th e in fo rm a tio n is by d e c ry p tin g th e m essage, w h ic h can o n ly be d on e via th e a u th e n tic a tio n process. F u rth e rm o re , th e e n c ry p tio n s o ftw a re in sta lle d on one's system ensures th e s e c u rity o f th e system . Thus, it is re c o m m e n d e d to in s ta ll e n c ry p tio n s o ftw a re on system s th a t ho ld va lu a b le in fo rm a tio n a n d /o r are exposed to u n lim ite d data tra n s fe r in o rd e r to p ro te c t th e data and in fo rm a tio n fro m c o m p ro m is e .
D is k
E n c r y p tio n
T o o l: T r u e C r y p t
C E H
Urti*W itkHil lUckw
D is k
S o u rc e:
E n c r y p tio n
T o o l: T r u e C r y p t
h ttp ://w w w .tr u e c r y p t.o r g
T ru e C ry p t is s o ftw a re th a t a llo w s y o u to e stablish and m a in ta in an e n c ry p te d v o lu m e (data sto ra g e device). No data s to re d on an e n c ry p te d v o lu m e can be read (d e c ry p te d ) w ith o u t using th e c o rre c t p a s s w o rd /k e y file (s ) o r c o rre c t e n c ry p tio n keys. The e n tire file syste m is e n c ry p te d (e.g., file nam es, fo ld e r nam es, c o n te n ts o f e ve ry file , fre e space, m eta data, etc). M a in F e atures:
9 9 9 9
9
Creates a virtual encrypted disk within a file and mounts it as a real disk Encrypts an entire partition or storage device such as USB flash drive or hard drive Encrypts a partition or drive where Windows is installed (pre-boot authentication)
E n cryp tio n can be h a rd w a re -a c c e le ra te d on m o d e rn processors Provides p la u sib le d e n ia b ility , in case an a d ve rsa ry fo rce s yo u to reveal th e passw ord H idden v o lu m e (s te g a n o g ra p h y ) and h id d e n o p e ra tin g system
TrueCrypt V o lu m e C rea tio n W izard
TrueC rypt Volum e Creation W izard

1 < C re a tea w e n cryp te dh iecow tater |
Creates a vetu* encrypted 3s* *rth r a V . Recommended *or nexpenenced user* C rypt V o lu m e C rea tio n W izard
L=l!
(*Encrypt a non system partiUoa/dnve

fn e ryp t th esy ste mpartitionorentires y s te md rive
Encrypts the paratwnAfr** inhere Windows s n s 'jtfd Anyone who wants to oan access and use the system, read and write Wes, etc., w# need to erter lie correct password each awe before Wndows boots. Optunrfy, creates 0 hdden system. rte t1tfK g a s s a g a gg*B993
M ytn frrttttn
Volum eT ype
\r S ta n d a rdtru e C ryp tv o lu m e|
f' Midden TrueCrypt volume

It may happen mat you are forced by somebody to reveal the password to an encrypted volume. There are many situations /here you cannot refuse to reseal the p a ssw d (for example, due to extortion). Llano a 90<aled hidden volume alows you to sotve such otuasons wthout reveairg the pacsworc to y&s m Jh m . m fonater! about hwkten Ytiuncs
FIGURE 19.21: TrueCrypt Screenshot
Exam 312-50 Certified Ethical Hacker
i s k
E n c r y p t io n i s k
T o o l:
G iliS o f t
F u l l D
E n c r y p t io n
G*S0ft
!' AH* * '

E n c ry p tio n
full Disk
u c40 * *
Full Disk
E n c r y p tio n
---------------------
dako
* *la scu isrf
t e m it K f Y r t r t
M lK n m ls A
C o p y r ig h t b y E G -G * a n cil. A ll R ig h ts R e se rv e d . R e p ro d u c tio n Is S tr ic tly P ro h ib ite d .
Jifeii. /1 **WWWI =//==
D is k
E n c r y p tio n
T o o l:
G iliS o ft F u ll D is k
E n c r y p tio n
S ource: h tt p :/ /w w w .g ilis o ft .c o m
G iliS o ft Full Disk E n c r y p tio n a llo w s y o u t o e n c r y p t all d isk p a r t i t i o n s , in c lu d in g t h e s y s te m p a r t i t i o n . T h r o u g h p a s s w o r d p r o t e c t i n g a disk, d isk p a r t i t i o n , o r o p e r a t i n g s y s te m la u n c h , t h e p r o g r a m d is a b le s a n y u n a u t h o r i z e d r e a d i n g / w r i t i n g a c t i v i t y o n y o u r d isk o r PC a n d r e s tr ic ts access a n d la u n c h o f s p e c ific disks a nd files. It p r o v id e s a u t o m a t i c s e c u r it y f o r all i n f o r m a t i o n o n e n d p o i n t h a r d d riv e s , in c lu d in g u ser d a ta , o p e r a t i n g s y s te m file s, a n d t e m p o r a r y a nd e ra s e d files. For m a x i m u m d a ta p r o t e c t i o n , m u l t i - f a c t o r p r e - b o o t a u t h e n t i c a t i o n e n s u re s u s e r i d e n t it y , w h i l e e n c r y p t i o n p r e v e n t s d a ta loss f r o m t h e f t .
Module 19 Page 2850
GASoft f ufl DKk ( m ryplion
@ GASoft Ful Or*k I rwryptlon
OtiSod
G a s o n 4 *<
Full Disk Encryption

U c i CWo [ Rx>vable01*
Full D isk Encryption
UalDîi I
E n ay p tn gth ec o m p u te r'sw* < Mc a ne n s u reth a t th ed a ta n o tte a ka fte r th ed s fco > c o m p u te ra Jdtct th elo c a ld a ky o uw a n ttoe n a y p tfro mth efo lo w n gto t. 1 D riv e s 0C:\ [S y s te m ] F :\ t*\ 1 E n c ry p tio np o rtio n 1 1
IE n c ry p tio np o rtio n
f : 0C :C 5rttor) 0 :
Hot Encrypted
_ J L *7 0 0 s_
4 ,8 3 8 0 0 % 0 % 0 %
1 1
NqI [n c rv p tc d
P a rtia l tn crY O tcd
F u lln c n r 0 tc d
If y o uw a n ttoc h a n g eth ep a s s w o rd p * e a s ec o m p te teth ee n c ry p tio n .
If v o uw a n ttoc h a n g eth ep a s s w o d .p 1 e a s ec o rrp le teth ee n c ry p tio n .
FIGURE 19.22: GiliSoft Full Disk Encryption screenshot
Module 19 Page 2851
i s k
n c r y p t i o n
T o o l s
C E H
(rtifWd ItkNjI Nm Im
DriveCrypt
h ttp ://w w w .s e c u rs ta r.c o m
SafeBit Disk Encryption

h t tp : //w w w . s a fe b it. n e t
ShareCrypt
PocketCrypt
h t t p : / / w w w . s e c u rs t a r . c o m
H D
E
: Im l S Ih b i
DiskCryptor
h t t p : / / d is k c r y p t o r .n e t
alertsec
h t tp : //w w w . a le r ts e c .c o m
b I s i1
Rohos Disk Encryption

h t t p : / / w w w .ro h o s . c o m
Symantec Drive Encryption

h ttp ://w w w .s y m a n te c .c o m
1 ----------R-Crypto
h ttp ://w w w .r-tt.c o m
DriveCrypt Plus Pack

C o p y r ig h t b y E G -G * a n cil. A ll R ig h ts R e se rv e d . R e p ro d u c tio n is S tr ic tly P ro h ib ite d .
-ta f D is k E n c r y p tio n T o o ls
In a d d i t i o n t o T r u e C r y p t a n d G i l i S o f t F u ll D is k E n c r y p t i o n , t h e r e a r e m a n y o t h e r d is k to o ls is
e n c r y p t i o n t o o l s t h a t a l l o w y o u t o f u l l y e n c r y p t a ll d a t a . A l is t o f d i s k e n c r y p t i o n m e n tio n e d b e lo w as f o l l o w s . A ll t h e s e t o o l s have a c o m m o n
g o a l , i.e., e n c r y p t i n g a d is k
p a r t i t i o n . B u t e n v i r o n m e n t o r p u r p o s e m a y c h a n g e . If o n e t o o l is i n t e n d e d t o c r e a t e a v i r t u a l e n c r y p t e d d is k o f t h e t a r g e t d is k p a r t i t i o n , th e n th e o t h e r m a y be i n t e n d e d t o e n c r y p t d a ta on P o c k e t PCs r u n n i n g W i n d o w s M o b i l e a n d s o o n :
9 9 9 9 9 9 9 9 9
D r iv e C r y p t a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m S h a r e C r y p t a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m P o c k e t C r y p t a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m R ohos Disk E n c r y p tio n a v a ila b le a t h t t p : / / w w w . r o h o s . c o m R -C ry p to a v a ila b le a t h t t p : / / w w w . r - t t . c o m

S a f e B it D isk E n c r y p t i o n a v a i l a b l e a t h t t p : / / w w w . s a f e b i t . n e t
D is k C r y p t o r a v a ila b le a t h t t p : / / d i s k c r y p t o r . n e t a le rts e c a v a ila b le a t h t t p : / / w w w . a l e r t s e c . c o m S y m a n te c D riv e E n c r y p tio n a v a ila b le a t h t t p : / / w w w . s v m a n t e c . c o m
Module 19 Page 2852
D r iv e C r y p t Plus Pack a v a ila b le a t h t t p : / / w w w . s e c u r s t a r . c o m
Module 19 Page 2853
M o d u le
F lo w
So fa r, w e h a v e discu ssed c r y p t o g r a p h y c o n c e p ts , v a r io u s c r y p t o g r a p h y m e c h a n is m s , a n d e n c r y p t i o n a lg o r i t h m s . N o w it's t i m e t o discuss h o w c r y p t o g r a p h y s y s te m s c a n be e x p l o i t e d by a n e x te r n a l user.
1 1 1 :1 1 1 1
tPffrj
T his s e c tio n fo c u s e s o n v a r io u s t y p e s o f c r y p t o g r a p h y a tta c k s , c o d e b r e a k in g m e t h o d o lo g i e s , a n d o t h e r kin d s o f a tta c k s t h a t e x p l o i t c r y p t o g r a p h y s y s te m s .
Module 19 Page 2854
C ryptographyA ttacks
J
C E H
Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted info rm ation
C h o s e n -k e y a tta c k
r #-
C h o s e n - c ip h e r te x t
a tta c k
C r y p to g r a p h y ) J )
A tta c k s
C r y p t o g r a p h i c a tta c k s a re t h e m e a n s by w h i c h t h e a t t a c k e r d e c r y p t s t h e c i p h e r t e t k n o w le d g e o f th e key. In th e s e a tta c k s , t h e a t t a c k e r lo o p h o le s in co d e , c ip h e r ,
(b re a k s t h e c i p h e r t e x t ) w i t h o u t t h e s u b v e r ts t h e c y r p t o g r a p h ic
s y s te m 's s e c u r it y by e x p l o i t i n g th e
c r y p t o g r a p h ic p r o t o c o l o r k e y m a n a g e m e n t s c h e m e .
C r y p t o g r a p h y a t t a c k s a re b ase d o n t h e
a s s u m p t i o n t h a t t h e c r y p t a n a l y s t has k n o w l e d g e o f t h e i n f o r m a t i o n e n c r y p t e d . A t t a c k e r s h a v e f o u n d v a r io u s a tta c k s f o r d e f e a t in g t h e c r y p t o s y s t e m a n d t h e y a r e c a te g o r iz e d i n t o e ig h t ty p e s : 9 9 9 9 9 9 9 9 C i p h e r t e x t o n l y a t ta c k K n o w n -p la in te x t a tta ck C h o s e n -p la in te x t C h o s e n - c ip h e r t e x t a t t a c k C h o sen key a t ta c k A d a p t i v e c h o s e n - p l a in t e x t a tta c k T i m in g a t ta c k R u b b e r h ose a tta c k
Module 19 Page 2855
( C o n t d ) Ciphertext-only Attack
Attacker has access to the cipher text; goal of this attack to recover encryption key from the ciphertext
C E H
Adaptive Chosen-plaintext Attack

Attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions
M
Chosen-plaintext Attack
Attacker defines his own plaintext, feeds it into the cipher, and analyzes the resulting ciphertext
L*
Known-plaintext Attack
Attacker has knowledge of some part of the plain text; using this information the key used to generate ciphertext is deduced so as to decipher other messages
GO
A tta c k s
( C o n td )
A tta c k e rs gain access to th e c o n t e n t o f th e e n c r y p te d m e ssag e th ro u g h c r y p ta n a ly s is by d e f e a tin g th e c r y p t o g r a p h ic s e c u r ity a lg o r it h m s , even w it h o u t th e k n o w le d g e o f e n c ry p tio n details. T h o u g h th e a lg o rith m s are stro n g and are re sistant to all attacks, the d e m a n d s o f practical c ry p to s y s te m easily in tr o d u c e v u ln e ra b ilitie s. These v u ln e r a b ilitie s are th e so u rc e s o f v a rio u s c ry p to g ra p h y attacks. As discussed pre v io usly , th e r e are e ight type s o f c ry p to g ra p h y attacks. All th e s e attacks try e ith e r to re trie ve th e key or e xp o se th e plain text. T h e se attacks are d istin g u ish e d based on th e in fo rm a tio n a v a ilab le t o th e c ry p ta n a ly s t t o m o u n t an atta ck . The m ain goal o f atta c k e rs in all the cases is to d e c ry p t th e n e w pieces o f e n c r y p t e d message w it h o u t ad d itio n a l in fo rm a tio n .
y C ip h e rte x t o n ly a tta c k
A c ip h e rte x t o nly attack is o n e o f th e basic types o f active attacks b e c a u se it is very easy fo r th e a tta c k e r to get c ip h e rte x t by s n iffin g th e tra ffic o f an y in d iv id u al. In th is ty p e o f attack, t h e a tta ck e r w ill have access o nly to c ip h e rte x ts o f several messages, all o f w h ic h w e r e e n c r y p te d using th e s a m e e n c r y p tio n a lg o rith m . Finding th e key used fo r e n c r y p tio n is th e m ain o b je ctiv e o f the a tta c k e r as it a llo w s th e a tta ck e r to d e c o d e all the m e ssag es e n cry p te d w ith th e re sp e c tive key.
Module 19 Page 2856
A d a p tiv e c h o s e n - p la in te x t a tta c k A n a d a p t i v e c h o s e n - c i p h e r t e x t is t h e c o l l a b o r a t i v e v e r s i o n o f t h e c h o s e n - p l a i n t e x t a tta c k . In t h i s t y p e o f a tta c k , t h e a t t a c k e r ch o se s f u r t h e r c i p h e r t e x t s b ase d o n p r i o r re s u lts . H e r e t h e c r y p t a n a l y s t n o t o n l y c h o o s e s t h e p la i n t e x t t h a t is e n c r y p t e d b u t can also m o d i f y his o r h e r c h o ic e b ase d o n t h e r e s u lts o f t h e p r e v io u s e n c r y p t i o n . C h o s e n - c ip h e r te x t a tta c k In a c h o s e n - c i p h e r t e x t a tta c k , t h e a t t a c k e r c h o o s e s s o m e p a r t o f c i p h e r t e x t t o be d e c r y p t e d a n d tr i e s t o f i n d o u t t h e c o r r e s p o n d i n g d e c r y p t e d p la i n t e x t . T his is u s u a lly d o n e w i t h t h e h e lp o f a d e c r y p t i o n o r a c le (a m a c h in e t h a t d e c o d e d t h e t e x t w i t h o u t d is c lo s in g t h e key). Basically, th is t y p e o f a t ta c k is a p p lic a b le t o p u b l i c - k e y c r y p t o s y s t e m s . T his a t ta c k is h a r d e r t o p e r f o r m w h e n c o m p a r e d t o o t h e r a tta c k s , a n d t h e a t t a c k e r n e e d s t o h a v e c o m p l e t e c o n t r o l o f s y s te m c o n t a i n i n g c r y p t o s y s t e m in o r d e r t o c a r r y o u t t h i s a tta c k . R u b b e r h o se a tta c k In a r u b b e r h o se a tta c k , t h e a t t a c k e r e x tr a c ts t h e s e c r e t key f r o m th e u ser by
t h r e a t e n i n g , b l a c k m a i l i n g , o r t o r t u r i n g h im o r h e r u n til t h e key is h a n d e d o v e r .
Module 19 Page 2857
( C o n t d )
Atta cker o b ta in s th e p la in texts co rre sp o n d in g to an a rb itra ry set o f cip h e rte x ts o f his o w n c h o o sin g
^g
Urtifwd |
\\
ilkitjl IlM hM
E xtractio n o f cry p to g ra p h ic secrets (e.g. th e p a ssw o rd to a n e n cry p ted file) fro m a p e rso n by c o e rc io n o r to rtu re
A g e n e r a liz a tio n o f t h e c h o s e n - te x t a tta c k
It is b a se d o n re p e a te d ly m e a s u rin g th e exact e x e cu tio n tim e s o f m o d u la r e x p o n e n tia tio n o p e ra tio n s
A tta c k s
( C o n td )
C h o s e n - p la in te x t (L cJ ^ _ This is m o r e p o w e r f u l t h a n a p la i n t e x t a t ta c k . In t h i s t y p e o f a tta c k e r , t h e a t t a c k e r n o t o n ly has access t o t h e c i p h e r t e x t a n d a s s o c ia te d p l a i n t e x t f o r s e v e ra l m essages, b u t also c h o o s e s t h e p la i n t e x t t h a t is e n c r y p t e d , a n d o b t a in s t h e r e s u lt in g c i p h e r t e x t . K n o w n -p la in te x t a tta c k --------In a k n o w n - p l a i n t e x t a tta c k , t h e a t t a c k e r has access t o t h e c i p h e r t e x t o f o n e o r m o r e
m essa ge s as w e l l as access t o t h e r e s p e c tiv e p la i n t e x t . W i t h t h e h e lp o f b o t h th e s e i te m s , t h e c r y p t o g r a p h i c key can e a sily e x tr a c te d . T h e a t t a c k e r can r e c o v e r t h e r e m a i n in g e n c r y p t e d , z ip p e d file s w i t h t h e h e lp o f t h e e x t r a c t e d key. In g e n e r a l, m o s t p e o p le s t a r t t h e i r m e ssa g e s w i t h t h e s a m e t y p e o f b e g in n in g n o te s such as g re e tin g s a nd clo se w i t h th e same ty p e o f e n d in g su ch as s p e c ific s a lu ta tio n s , c o n ta c t
i n f o r m a t i o n , n a m e , etc. A t t a c k e r s can use t h is as an a d v a n t a g e t o la u n c h k n o w n - p l a i n t e x t a tta c k s . H e re t h e a t t a c k e r has s o m e p la i n t e x t (i.e., t h e d a ta t h a t a re t h e s a m e o n e a ch m ess a ge ) a n d can c a p t u r e an e n c r y p t e d m essa ge , a n d t h e r e f o r e c a p t u r e t h e c i p h e r t e x t . O n c e t h e f e w p a r ts o f t h e m essa ge re d is c o v e r e d , t h e r e m a i n in g ca n e a s ily be a c c o m p lis h e d w i t h t h e h e lp o f re v e rs e e n g in e e r in g , f r e q u e n c y a na lysis , o r b r u t e f o r c e a t t e m p t s .
Module 19 Page 2858
C h o s e n k e y a tta c k cLi L A c h o s e n key a t t a c k is a g e n e r a liz a t io n o f t h e c h o s e n - t e x t a t t a c k . In th is a tta c k , t h e a t t a c k e r has s o m e k n o w l e d g e a b o u t t h e r e l a t io n s h i p b e t w e e n t h e d i f f e r e n t keys, b u t c a n n o t c h o o s e t h e key. T im in g A tta c k A t i m i n g a t t a c k also is k n o w n as a side c h a n n e l a tta c k . In t h is ty p e o f a tta c k , t h e a tta c k e r tr ie s to c o m p ro m is e a c ry p to s y s te m by a n a ly z in g th e tim e ta ke n to e x e c u te c r y p to g r a p h ic a lg o r ith m s .
Module 19 Page 2859
C o d e
r e a k i n g
e t h o d o l o g i e s
C E H
Trickery and Deceit
Brute-Force
I t in v o lv e s t h e u s e o f s o c ia l e n g in e e r in g t e c h n iq u e s t o e x tr a c t c ry p to g ra p h y ke ys
C r y p t o g r a p h y k e y s a r e d is c o v e r e d b y t r y in g e v e r y p o s s ib le c o m b in a t io n
O n e-T im e Pad &

A o n e - t im e p a d c o n ta in s m a n y n o n r e p e a tin g g r o u p s o f le tte r s o r n u m b e r k e y s , w h ic h a r e c h o s e n r a n d o m ly
eSl
Frequency Analysis
I t is t h e s t u d y o f t h e f r e q u e n c y o f le t t e r s o r g r o u p s o f le t t e r s in a c ip h e r t e x t I t w o r k s o n t h e f a c t t h a t , in a n y g iv e n s t r e t c h o f w r i t t e n la n g u a g e , c e r t a i n l e t t e r s a n d c o m b i n a t i o n s o f le t t e r s o c c u r w i t h v a r y in g f r e q u e n c ie s
C o d e
B r e a k in g
M e th o d o lo g ie s
T he s t r e n g t h o f an e n c r y p t i o n a l g o r i t h m is m e a s u r e d , in la rg e p a r t by c r y p ta n a ly s ts , by u sin g v a r io u s a v a ila b le are: 0 0 0 0 B r u te - F o r c e F re q u e n c y A n aly sis T r ic k e r y a n d D e c e it O n e - T im e Pad B ru te -F o rc e C o d e - b re a k e rs , o r c r y p ta n a ly s ts , w a n t t o r e c o v e r t h e p la i n t e x t o f a m e s s a g e w i t h o u t k n o w i n g t h e r e q u i r e d k e y in a d v a n c e . T h e y m a y f i r s t t r y t o r e c o v e r t h e key, o r g o a f t e r t h e m e s s a g e its e lf. O n e o f t h e f a m i l i a r w a y s o f t h e c r y p t a n a l y t i c t e c h n i q u e is b r u t e - f o r c e a t ta c k o r an e x h a u s tiv e s e a rch , ( w h e r e t h e keys a re g u e s s e d by t r y i n g e v e r y p o s s ib le c o m b in a t i o n ) . T h e e f fic ie n c y o f t h e b r u t e - f o r c e d e p e n d s o n t h e h a r d w a r e c o n f i g u r a t io n . U sag e o f f a s te r p ro c e s s o rs m e a n s t e s t i n g m o r e keys p e r s e c o n d . M ic h a e l W e i n e r , p u t f o r t h a b r u t e - f o r c e a tta c k code b r e a k in g te c h n i q u e s . T h e v a r io u s c o d e -b re a k in g te c h n iq u e s th a t a re
Module 19 Page 2860
o n t h e DES w i t h t h e h e lp o f s p e c ia lly d e s ig n e d c o m p u t e r s w i t h c r y p t o g r a p h e r s s o u n d in g t h e o ld s t a n d a r d 's d e a t h kn e ll. M o r e o v e r , t h e c o m b i n a t i o n o f a d v a n c e d f a c t o r i n g a nd t h e f a s t e r c o m p u t e r s used in t h e r e c e n t a tta c k s o n R SA -129, m a k e s a lg o r i t h m s a p p e a r w e a k . T h e NSA t h a t has t o p c o m p u t i n g p o w e r is t h e c e n t e r o f t h e b r u t e - f o r c e a tta c k . F re q u e n c y A n a ly s is F re q u e n c y a na lys is o f t h e l e t te r s m a k e s t h e b r u t e - f o r c e m e t h o d n o t a s u it a b le m e t h o d f o r a t t a c k in g t h e c ip h e r . For e x a m p le t h e l e t t e r " e " is t h e c o m m o n w o r d in th e English la n g u a g e a n d t h e l e t t e r " k " a p p e a rs c o m m o n l y in t h e c ip h e r t e x t , it can b e c o n c l u d e d r e a s o n a b ly t h a t k=e, a n d so o n. E n c r y p te d s o u r c e c o d e s a r e m o r e e x p o s e d t o t h e a tta c k s b e c a u s e f e w w o r d s lik e " # d e f i n e , " " s t r u c t , " " e ls e ," a n d " r e t u r n " a re r e p e a t e d f r e q u e n t l y . F re q u e n c y a n a ly s is w a s f i r s t used by p ap a l c o u r t s in t h e M i d d l e Age, w h i c h b u i l t f r e q u e n c y ta b le s f o r L a tin a n d Ita lia n w o r d s . S o p h is tic a t e d c r y p t o s y s t e m s a r e r e q u i r e d t o m a i n t a i n t h e s e c u r it y o f t h e m essages. fe jj T r ic k e r y a n d D e c e it T h e r e has a lw a y s b e e n a n e e d f o r a h ig h level o f m a t h e m a t i c a l a nd c r y p t o g r a p h ic skills, b u t t r i c k e r y a n d d e c e it h a v e a lo n g h is t o r y in c o d e - b r e a k i n g as w e l l t h e v a lu e o f t h e e n c r y p t e d d a ta m u s t be b e l o w t h e c o s t e n t i t l e d t o b re a k t h e a l g o r i t h m . In t h e m o d e r n w o r l d , c o m p u t e r s a re f a s t e r a n d c h e a p e r , t h e r e f o r e it w o u l d be b e t t e r t o c h e c k t h e lim i t s o f t h e s e t w o p aram eters. _ O n e -tim e P a d It is c o n s id e r e d t h a t a n y c i p h e r can be c r a c k e d if s u f f i c i e n t t i m e a n d r e s o u rc e s a re p r o v id e d . But th e re is an e x c e p tio n c a lle d a o n e -tim e pad, w h ic h is c o n s id e r e d to be
u n b r e a k a b l e e v e n a f t e r i n f i n i t e re s o u r c e s a re p r o v id e d . A o n e - t i m e pad c o n ta in s m a n y n o n - r e p e a t i n g g r o u p s o f l e t t e r s o r n u m b e r keys, w h i c h are c h o s e n r a n d o m l y . T he se a re t h e n p a s te d t o g e t h e r o n a pad. Bob e n c r y p ts o n l y o n e p la i n t e x t c h a r a c t e r w i t h th e pad a n d A lice d e c r y p t s e a ch a nd e v e r y c h a r a c t e r o f t h e c i p h e r t e x t w i t h t h e h e lp o f t h e s a m e key c h a r a c te r s f r o m an i d e n t ic a l pad. A f t e r t h e use, t h e c h a r a c te r s a re s e c u r e ly r e m o v e d f r o m t h e pad. T h e m a j o r d r a w b a c k o f t h e o n e - t i m e p a d d i n g is th e le n g t h o f t h e pads. T h e le n g t h o f key is s a m e as t h e l e n g t h o f t h e m essa ge , w h i c h m a k e s it i m p o s s i b l e t o e n c r y p t a n d s e n d la rg e messages. T h e S o v ie t spies c o m m o n l y used o n e - t i m e pads d u r in g t h e C old W a r . T h e a g e n t c a r r ie d th e e n c r y p t e d m e s s a g e t o t h e fie ld , le a v in g t h e id e n t ic a l pad a t t h e h e a d q u a r t e r s . T h e w e l l - k n o w n , o n e - t i m e p a d d in g w a s used o n t h e c o m m u n i c a t i o n lin e s b e t w e e n M o s c o w a n d W a s h i n g t o n .
Module 19 Page 2861
B rute-F orceA ttack

A t ta c k Scheme Brute-Force A tta c k
D e f e a t in g a c r y p t o g r a p h ic s c h e m e b y t r y i n g a la r g e n u m b e r o f p o s s ib le k e y s u n t il t h e c o r r e c t e n c r y p t io n k e y is d is c o v e r e d B r u t e - f o r c e a t t a c k is a h ig h r e s o u r c e a n d t i m e in t e n s i v e p ro c e s s , h o w e v e r, m o re c e r t a i n t o a c h ie v e r e s u lt s
C E H
S u c c e s s o f b r u te fo r c e a tta c k d e p e n d s o n le n g t h o f t h e k e y , t im e c o n s t r a in t , a n d s y s t e m s e c u r i t y m e c h a n is m s
P o w e r/C o s t
4 0 b it s (5 c h a r )
5 6 b i t (7 c h a r )
6 4 b i t (8 c h a r )
1 2 8 b i t (1 6 c h a r )
$ 2K (1 PC. Can be achieved by an individual) $ 100K (this can be achieved by a company) $ IM (Achieved by a huge organization or a state)
1.4 min
73 days
50 years
10"20 years
2 sec
35 hours
1 year
10" 19 years
0.2 sec
3.5 hours
37 days
10* 18 years
E s t im a t e T im e f o r S u c c e s s f u l B r u t e f o r c e A t t a c k
C o p y r ig h t b y i C - G 0 H C i l. A ll R ig h ts R e se rv e d . R e p ro d u c tio n is S tr ic tly P ro h ib ite d .
B ru te -fo rc e
A tta c k
It is v e r y d i f f i c u l t t o c ra c k c r y p t o g r a p h ic s y s te m s as t h e y h a v e n o p ra c tic a l w e a k n e s s e s t o e x p lo it . Bu t, it is n o t im p o s s ib le . C r y p t o g r a p h i c s y s te m s use c r y p t o g r a p h i c a l g o r i t h m s t o e n c r y p t a m essa ge . T h e s e c r y p t o g r a p h ic a l g o r i t h m s use a key t o e n c r y p t o r d e c r y p t m essages. In c y r p t o g r a p h y , t h is ke y is t h e i m p o r t a n t p a r a m e t e r t h a t s p e c ifie s t h e t r a n s f o r m a t i o n o f p la in te x t o c i p h e r t e x t a n d v ic e v e rsa . If y o u a re a b le t o guess o r f i n d t h e k e y used f o r d e c r y p t i o n t h e n y o u ca n d e c r y p t t h e m essa ge s a n d re a d it in c le a r t e x t ; 1 2 8 - b i t k e y s a re c o m m o n l y used and c o n s id e r e d s tr o n g . F ro m s e c u r it y p e r s p e c tiv e s t o a v o id th e key b e in g g ue ssed , t h e
c r y p t o g r a p h ic s y s te m s use r a n d o m l y g e n e r a t e d keys. T h is m a ke s y o u p u t a l o t o f e f f o r t in g u e ssin g t h e key. B u t y o u s till h ave a c h o ic e t o d e t e r m i n e t h e key used f o r e n c r y p t i o n o r
d e c r y p t i o n . A t t e m p t t o d e c r y p t t h e m e s s a g e w i t h all p o s s ib le keys u n til y o u d is c o v e r t h e key used f o r e n c r y p t i o n . This m e t h o d o f d is c o v e r in g a key is u s u a lly ca lle d a b r u t e - f o r c e a tta c k . In a b r u t e - f o r c e a tta c k , t h e a t t a c k e r tr i e s e v e r y p o s s ib le k e y u n til t h e m e s s a g e can b e d e c r y p t e d . B u t t h is n e e d s a h u g e a m o u n t o f p ro c e s s in g p o w e r f o r d e t e r m i n i n g t h e key used t o s e c u re c r y p t o g r a p h ic c o m m u n i c a t i o n s . For a n y n o n - f l a w e d p r o t o c o l , t h e a v e r a g e t i m e n e e d e d t o f i n d t h e key in a b r u t e - f o r c e a t t a c k d e p e n d s o n t h e le n g t h o f t h e key. If t h e ke y le n g t h is s m a ll, t h e n it w ill t a k e less t i m e t o fin d t h e key. If k e y le n g t h is la rg e r, th e n it w ill t a k e m o r e t i m e t o d is c o v e r t h e key. A b r u t e - f o r c e a t t a c k w i ll be su ccessfu l if a n d o n l y i f e n o u g h t i m e is g iv e n f o r d is c o v e r in g t h e ke y. H o w e v e r , t h e t i m e is r e l a t iv e t o t h e le n g t h o f t h e key. T h e d i f f i c u l t y o f a b r u t e - f o r c e a t ta c k d e p e n d s o n v a r io u s issues, such as:
Module 19 Page 2862
9 9 9 9
L e n g th o f t h e k e y T he n u m b e r s o f p o s s ib le v a lu e s e a ch c o m p o n e n t o f t h e k e y ca n h ave T he t i m e it ta k e s t o a t t e m p t each key If t h e r e is a n y m e c h a n i s m , w h i c h locks t h e a t t a c k e r o u t a f t e r a c e r t a i n n u m b e r o f fa ile d a tte m p ts
For e x a m p le , i f a s y s te m c o u ld b r u t e f o r c e a DES 5 6 - b i t k e y in o n e s e c o n d , t h e n f o r an AES 1 2 8 b it k e y it ta k e s a p p r o x i m a t e l y 1 4 9 t r i l l i o n y e a rs t o b r u t e fo r c e . T o p e r f o r m a b r u t e - f o r c e a tta c k , t h e t i m e is d o u b l e d f o r e v e r y a d d it io n a l b it o f ke y le n g th ; t h e r e a s o n b e h in d it is t h a t th e n u m b e r o f p o t e n t ia l keys is d o u b le d . A b r u t e - f o r c e a t t a c k is, h o w e v e r , m o r e c e r t a i n t o a c h ie v e re s u lts . E s tim a te T i m e f o r Successful B r u te - Force A t t a c k P o w e r/C o s t 4 0 b it s (5 ch a r) 5 6 b i t (7 ch a r) 6 4 b i t (8 ch a r) 1 2 8 b it (1 6 ch a r)
$ 2 K ( 1 PC. C a n b e a c h ie v e d b y a n in d iv id u a l) $ 1 0 0 K (th is can b e a c h ie v e d b y a com pany) $ 1 M (A c h ie v e d b y a huge o rg a n iz a tio n o r a s ta te ) TABLE 19.2: Time estimation for successful Brute-Force Attaack 0.2 Sec 3.5 H o u rs 3 7 Days 1 0 A18 Years 2 Sec 35 H o u rs 1 Year 1 0 A19 Years 1.4 m in 73 Days 5 0 Years 1 0 A2 0 Years
Module 19 Page 2863
M D
e e t - in - t h e - M i g i t a l
id d le
A t t a c k
o n
r c
(trW M
E H
IU kjI H.k
S ig n a t u r e
S c h e m e s
J The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle J It can be used for forging signatures even on digital signatures that use multiple-encryption scheme
John"
E n c ry p te d w it h 1* keyl
I n t e r m e d ia t e C ip h e r te x t 1
D e c ry p te d w it h 1 ke y 2
" A v B r ;
D e c ry p te d w it h 2 nd k e y 2
"A v B r"
D e c ry p te d w it h 2s6,h k e y 2
"A v B r"
P la in t e x t
C ip h e r te x t
M e e t i n t h e M i d d l e S c h e m e s
A tta c k
o n
D ig it a l S ig n a tu re
A m e e t - i n - t h e - m i d d l e a t t a c k is t h e b e s t a t t a c k m e t h o d f o r c r y p t o g r a p h ic a lg o r i t h m s using m u l t i p l e keys f o r e n c r y p t i o n . T his a t t a c k re d u c e s t h e n u m b e r o f b r u t e fo r c e p e r m u t a t i o n s n e e d e d t o d e c o d e t e x t t h a t has b e e n e n c r y p t e d by m o r e t h a n o n e key a n d is c o n d u c t e d m a i n l y f o r f o r g i n g s ig n a t u r e s o n m ix e d t y p e d ig ita l s ig n a tu r e s . A m e e t - i n - t h e - m i d d l e a t t a c k uses sp ace t i m e t r a d e - o f f ; it is also k n o w n as b i r t h d a y a t t a c k b e c a u s e it e x p lo its t h e m a t h e m a t i c s b e h in d t h e b i r t h d a y p a r a d o x . It ta k e s less t i m e t h a n an e x h a u s tiv e a tta c k . It is ca lle d a m e e t - i n - t h e M i d d l e a t ta c k b e c a u s e th is a t t a c k w o r k s by e n c r y p t i n g f r o m o n e e n d a n d d e c r y p t i n g f r o m t h e o t h e r e n d , t h u s m e e t i n g in t h e m id d le . In t h e m e e t - i n - t h e - m i d d l e a tta c k , t h e a t t a c k e r uses a k n o w n p la i n t e x t m es sa g e . T h e a t t a c k e r has access t o b o t h t h e p la i n t e x t as w e l l as t h e r e s p e c tiv e e n c r y p t e d te x t . C o n s id e r an e x a m p le w h e r e t h e p la in t e x t is " J o h n " a n d t h e r e s u lt in g d o u b l e DES e n c r y p t e d m e s s a g e is " A v B r . " In o r d e r t o r e c o v e r b o t h t h e keys, i.e. k e y l a n d ke y 2 , t h a t a re used f o r e n c r y p t i o n , t h e a t t a c k e r p e r f o r m s a b r u t e - f o r c e a t ta c k o n k e y l u sin g all 2 5" d i f f e r e n t Single DES p o s s ib le keys t o e n c r y p t t h e p la i n t e x t o f " J o h n " a n d saves e a ch key a n d t h e r e s u lt in g i n t e r m e d i a t e c i p h e r t e x t in a ta b le . T h e a t t a c k e r c o n d u c t s b r u t e f o r c e o n ke y 2 , d e c r y p t i n g " A v B r " u p t o 2 % t i m e s . T h e a t t a c k is su cc e ssfu l, when th e second b ru te -fo rc e a tta c k g ive s th e same r e s u lt as t h a t of th e
Module 19 Page 2864
i n t e r m e d i a t e c i p h e r t e x t p r e s e n t in t h e c i p h e r t e x t t a b l e a f t e r f i r s t b r u t e - f o r c e a t t a c k . O n c e t h e m a tc h is f o u n d , b o t h keys can b e d e t e r m i n e d a n d t h e a t t a c k is c o m p le t e . T his a t t a c k a t m o s t ta k e s 2 J" p lu s o r m a x i m u m 2 57 t o t a l o p e r a t i o n s . T h is e n a b le s t h e a t t a c k e r t o g a in access t o t h e d a ta e a s ily w h e n c o m p a r e d w i t h t h e D o u b le DES.
John
E n c r y p t e d w it h I s' k e y l
"AvBr"
John
E n c r y p t e d w it h 2 nd k e y l
D e c r y p t e d w it h 2 " key2
"AvBr"
] }
John" Plaintext
E n c r y p t e d w it h
2 5 d k e y l
D e c r y p t e d w it h 2 s6 1 < key2
"AvBr" Ciphertext
TABLE 19.23: Example illustrating Meet-in-the-middle attack
Module 19 Page 2865
Public Key Infrastructure (PKI)
Email Encryption
y .\ t
Cryptography Attacks
|<ar
Cryptanalysis Tools
M o d u le -------
F lo w
So fa r, w e h a v e d iscu sse d all c r y p t o g r a p h y c o n c e p ts , v a r io u s c r y p t o g r a p h ic e n c r y p t i o n
a lg o r i t h m s , t o o l s t h a t h e lp in c r y p t o g r a p h y , e m a il a n d d isk e n c r y p t i o n , a n d h o w c r y p t o g r a p h ic m e c h a n is m s ca n be c o m p r o m i s e d . N o w it's t i m e t o discuss c r y p ta n a ly s is t o o l s t h a t h e lp y o u in b re a k in g o ld c ip h e rs .
gTffni 1 1 : 1 1 1 1
C ry p ta n a lysis T ools
T his s e c tio n d e s c rib e s a n d lists c r y p ta n a ly s is to o ls .
Module 19 Page 2866
r y p t a n a l y s i s
T o o l:
r y p T o o l
c tt*H ItiVM 4 i IlM b M
E H
!CrypTool 1 .4 .3 1 B e ta 5 [V S 2 0 1 0 ] - U n n a m e d l File E dit View
3
In d iv. P r o c e d u re s A nalysts O p tio n s W in d o w H elp
x r n in g C r y p T o o l is a ! fre e e -_ le a
p r o g r a m in t h e a r e a o f c ry p to g ra p h y a n d
IDEA...
D ig ital S ig n atu fe s/P K I S y m m e tric (classic) S y m m e tric ( m o d e rn ) A sy m m e tric Hybrid
c r y p t o a n a ly s i s S u b p r o j e c t s o f C r y p T o o l: e S
S hift S trg * R
RC4... DES (ECB). DES (C B Q ... T rip le DES (ECB} . T rip le DES (C B Q ... R ijn d ae l (AES)... F u rth e r A lg o rith m s AES (setf e x tra c t n g )...
T h e C ry p T o o l p o r ta l is a c e n t r a l i z e d p l a c e for
C ry p T o o l 1 (C T 1 ) C ry p T o o l 2 (C T 2 ) J C ry p T o o l (JCT) C r y p T o o l- O n lin e (C TO )
B! 00000000 0300030c 030C 0318 ODOCOD24 03000330 0 3 0C 0 33 C 03000348 03000354 03 0C 0 36 C 0300036C 00000076 00000384 00000390 0 3 0C 0 39 C n n n n n ru p E43 AD 93 6B DD 96 BE DA
RC2 e n c ry p tio n o f < U n n a m e d l >. ke y < 0 0 > 55 73 49 C8 4F 62 $8 A9 E6 97 30 OA 00 IE' P4 4F 6E 3D CS 41 FB 78 7A 8B BA 02 72 FO 3C 23 09 B7 4B 1? 9C 57 CE DA Da 6F 16 A2 23 57 AE E4 4B 2B 57 IB 3A B5 87 A4 9D 36 E2 2B C2 E6 58 IB 62 3D 30 84 DD IF E4 24 43 71 57 98 99 A0 88 4F B9 BB C8 BE SD ID 1? 72 FI 28 96 42 6C B7 50 B2 24 77 6A 67 El 6D 48 CC 6B 94 94 EC 40 76 F8 2A F8 D4 CE 2F 46 09 0B 38 8C 78 49 41 E-J FB C3 nn IB A7 BC E3 43 71 7A F4 A1 FC 4E 08 9D DF pn
H |d
U O X .. r g Q sn . : . $. . I - $ 6 (C / KW cH F VO A 4-BV C b . . 1 k.q . . xVK. .82 . . r + .X P . . . . . . VZ. x b*09I 0 . _ [ . . vAH . . r . : .0 j... ..................... *. k -< n . ]... 9 r ^
2k
E n cry p tio n / d e c ry p tio n w ith RC2
1:1 C:227
?227
h t t p: / / ww w .c r yp t oo l .o r g
2k
F3 96 C8 63 F3
A4 A6 81 SA D6 B2 SB 03 31 U C7 8B EA B9 91 B9 bE 1 7 9
1 il
C r y p ta n a ly s is
T o o l:
C ry p T o o l
S o u rce : h t t p : / / w w w . c r y p t o o l . o r R
The CrypTool project develops e-learning programs in the area of cryptography and cryptanalysis. It consists of four different subprojects: They are (CT1, CT2, JCT. CTO) related to the CrypTool software in various facets for different purposes.
9
CrypTool 1 (CT1) was the first version of CrypTool. It was released in 1998 and allows to experiment with different cryptographic algorithms. CT 1 has two successors. CrypTool 2 (CT2) supports visual programming and execution of cascades of cryptographic procedures.
JC ry p T o o l (JCT) w h i c h is p l a t f o r m - i n d e p e n d e n t .
9 9
CrypTool-Online (CTO) was released in spring 2009. This tool allows trying out different algorithms in a browser/smartphone. Another subproject is the international crypto cipher challenge "IV 1TC 3," offering cryptographic riddles of different levels.
Module 19 Page 2867
C r y p T o o l 1.4.31 B e ta 5 [V S 2 0 1 0 ] - U n n a m e d !
File Edit V ie w JÊncr^pt^Dec^ptJ D igital Si g n jt u t e v P ^ Indiv. P ro ce d ure s A n ,ly s is O p tio n s W in d o w H elp
D [B # |rf' U
S y m m e tn c (classic)
TABLE 19.24: CrypTool Screenshot RC2 encryption of <Unnamed1 >, key <00>
00000000 0000000c 00000018 00000024 00000030 0000003C 00000048 00000054 00000060 0000006C 00000078 00000084 00000090 0000009C nnnnnrufi EC 40 AD 9B 6B DD 96 BE DA 2A F3 96 C8 6B F9 55 73 49 C8 4F 62 98 A9 E6 97 30 0A 00 2D R4 4F 6E 3D C9 41 FB 78 7A 8B BA 02 72 F0 3C R9 23 09 B7 4B 12 9C 57 CE DA DA 5F 81 8B 91 17 16 A2 23 57 AE E4 4B 2B 57 D6 5B 3A EA B9 39 IB 3A B5 87 2A A4 A6 81 5A B2 03 C7 B9 6E 5n A4 9D 36 E2 2B C2 E6 58 IB 62 8B 30 84 DD 1R 72 FI 28 96 42 6C B7 50 B2 24 77 6A C8 5D 3R E4 24 43 71 57 98 99 A0 88 4F B9 BB BD ID 7? 67 El 6D 48 CC 6B 94 94 EC 40 76 F8 2A F8 ?9 D4 CE 2F 46 09 0B 38 8C 78 49 41 E4 FB C3 nr> IB A7 BC E3 43 71 7A F4 Al FC 4E 08 9D DF fin
fe n
I-
0 0 .UO#. . . r .g ..
* 6 ( C * *+ B U C l . k . q
.. K V .. qHF
kO A . .b . . z .+
. .xV K
XP
82
VZ *
x b$0<?I.
*
. 0 . _ [ . . w . vAN . . r . : . Oj . . . . k ; ; < n ; i ;
.
91
TABLE 19.24: RC2 encrytion Screenshot
Module 19 Page 2868
CryptoBench o
h t t p : / / w w w . a d d a r io . o r g
(f)
AlphaPeeler
h t t p : / / a lp h a p e e l e r . s o u r c e fo r g e , n e t
JCrypTool
h t t p : / / w w w . c r y p to o l. o r g
Draft Crypto Analyzer

h t t p : / / w w w . li t e r a t e c o d e . c o m
Ganzua
h t tp ://g a n z u a .s o u rc e fo rg e .n e t
Linear Hull Cryptanalysis of PRESENT

h ttp ://w w w .e c r y p t.e u .o r g
mediggo
h t t p : / / c o d e , g o o g le , c o m
EverCrack
h ttp ://e v e r c ra c k .s o u r c e fo r g e .n e t
SubCyphe
. . J h ttp o ::////w ww w w .. e essc c le p iu s llc . c o m
C r y p ta n a ly s is
T o o ls
In a d d i t i o n t o C ry p T o o l, m a n y t o o l s t h a t a l l o w y o u t o p e r f o r m c r y p ta n a ly s is a re a v a ila b le : 9 9 9 9 9 9 9 9 9 9 C r y p to B e n c h a v a ila b le a t h t t p : / / w w w . a d d a r i o . o r g JC ry p T o o l a v a ila b le a t h t t p : / / w w w . c r y p t o o l . o r g Ganzua a v a ila b le a t h t t p : / / g a n z u a . s o u r c e f o r g e . n e t C ra n k a v a ila b le a t h t t p : / / c r a n k . s o u r c e f o r g e . n e t Ev e rC rack a v a ila b le a t h t t p : / / e v e r c r a c k . s o u r c e f o r g e . n e t A lp h a P e e le r a v a ila b le a t h t t p : / / a l p h a p e e l e r . s o u r c e f o r g e . n e t D r a ft C r y p t o A n a ly z e r a v a ila b le a t h t t p : / / w w w . l i t e r a t e c o d e . c o m L in e a r H ull C ry p ta n a ly s is o f PRESENT a v a ila b le a t h t t p : / / w w w . e c r y p t . e u . o r g M e d ig g o a v a ila b le a t h t t p : / / c o d e . g o o g l e . c o m S u b C y p h e r a v a ila b le a t h t t p : / / w w w . e s c l e p i u s l l c . c o m
Module 19 Page 2869
n l i n e
e c r y p t i o n
T o o ls
C E H
MD5 Decrypt
h t t p : / / w w w . m d 5 d e c r y p t. o r g
OnlieHashCrack.com
h t t p : / / w w w . o n li n e h a s h c r a c k . c o m
f if t h
MD5Cracker
h ttp ://m d 5 c ra c k .com
MD5Decrypter.co.uk
h ttp ://w w w .m d 5 d e c ry p te r.c o .u k
MD5 Hash Cracker

h t t p : / / w w w . tm to .o r g
* i
Md5.My-Addr.com
h ttp ://m d 5 .m y -a d d r.c o m
Hash Cracker
h t t p : / / w w w . h a s h - c r a c k e r. c o m
cmd5.org
h ttp ://w w w .c m d 5 .o rg
MD5Decrypter
h ttp ://w w w .m d 5 d e c ry p te r.c o m
!I
T o o ls
Crypt and Decrypt Online Tool Conversion

h ttp ://m y e a s y w w w .a p p s p o t.c o m
C o p y r ig h t b y i C - C 0 H C i l. A ll R ig h ts R e se rv e d . R e p ro d u c tio n is S tr ic tly P ro h ib ite d .
rW Jn
N |p |
O n lin e
M D 5
D e c r y p tio n
O n lin e M D 5 d e c r y p t i o n t o o l s a l l o w y o u t o re a d t h e e n c r y p t e d m essages in c le a r t e x t . All y o u n e e d t o d o is s u m b i t th e M D 5 hash o f t h e m e s s a g e t h a t y o u w a n t t o rea d t o an o n l i n e M D 5 d e c r y p t o r . It d e c r y p ts t h e M D 5 hash v a lu e a n d s im p ly g ive s y o u t h e o r ig in a l m essa ge t h a t has b e e n e n c r y p t e d . T h e s e t o o l s e l i m in a t e t h e n e e d f o r in s t a llin g M D 5 d e c r y p t o r s . M a n y o n l i n e M D 5 d e c r y p t i o n t o o l s a re r e a d ily a v a ila b le : 9 9 9 9 Q 9 Q e M D 5 D e c r y p t a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t . o r g M D 5 C r a c k e r a v a ila b le a t h t t p : / / m d 5 c r a c k . c o m M D 5 Hash C ra c k e r a v a ila b le a t h t t p : / / w w w . t m t o . o r g Hash C ra c k e r a v a ila b le a t h t t p : / / w w w . h a s h - c r a c k e r . c o m IV ID 5 D e c rv p te r a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t e r . c o m O n lie H a s h C r a c k .c o m a v a ila b le a t h t t p : / / w w w . o n l i n e h a s h c r a c k . c o m M D 5 D e c r y p t e r . c o . u k a v a ila b le a t h t t p : / / w w w . m d 5 d e c r y p t e r . c o . u k M d 5 . M y - A d d r . c o m a v a ila b le a t h t t p : / / m d 5 . m y - a d d r . c o m c m d 5 . o r g a v a ila b le a t h t t p : / / w w w . c m d 5 . o r g C r y p t a n d D e c r y p t O n lin e T o o l C o n v e r s io n a v a ila b le a t h t t p : / / m y e a s y w w w . a p p s p o t . c o m
Module 19 Page 2870
Ethical Hacking and Countermeasures Copyright by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited.
M odule Sum m ary

Cryptography is the conversion of data into a scrambled code that is sent across a private or public network and decrypted by its recipients Using Public K ey Infrastructure (PK I), anyone can send a confidential message using public information, which can only be decrypted with a private-key in the sole possession of the intended recipient A E S is a symmetric-key algorithm for securing sensitive but unclassified material by U .S. government agencies
fertMM
C E H
IthKJi lUckM
Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted information Public K ey Infrastructure (PK I) is a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates
r rrr
M o d u le
S u m m a ry
C r y p t o g r a p h y is t h e c o n v e r s io n o f d a ta i n t o a s c r a m b le d c o d e t h a t is d e c r y p t e d a nd s e n t across a p r i v a t e o r p u b lic n e t w o r k .
U sing P u b lic Key I n f r a s t r u c t u r e (PKI), a n y o n e can se nd a c o n f i d e n t i a l m e s s a g e using p u b lic in fo rm a tio n , w h ic h can o n ly be d e c ry p te d w ith a p riv a te key in th e so le p o sse ssio n o f t h e i n t e n d e d r e c ip ie n t .
9 9
RSA e n c r y p t i o n is w i d e l y used a n d is a d e - f a c t o e n c r y p t i o n s ta n d a r d . T he M D 5 a l g o r i t h m is i n t e n d e d f o r d ig ita l s ig n a t u r e a p p lic a tio n s , w h e r e a la r g e file m u s t be c o m p r e s s e d s e c u r e ly b e f o r e b e in g e n c r y p t e d .
T he SH A a l g o r i t h m ta k e s a m e ssa g e o f a r b i t r a r y le n g t h as i n p u t a n d o u t p u t s a 1 6 0 - b i t m e s s a g e d ig e s t o f t h e in p u t .
S e c u re S o ckets L a y e r (SSL) is a p r o t o c o l f o r t r a n s m i t t i n g p r i v a t e d o c u m e n t s via t h e In te rn e t.
RC5 is a fa s t b lo c k c i p h e r d e s ig n e d by RSA S e c u rity .
Module 19 Page 2871
Ethical Hacking and Countermeasures Copyright by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.

CEHv8 Module 19 Cryptography

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CEHv8 Module 19 Cryptography

Uploaded by

Copyright:

Available Formats

C ry p to g ra p h y

Ethical Hacking and Countermeasures Cryptography

Exam 3 12 -5 0 Certified Ethical Hacker

Engineered by Hackers. Presented by Professionals.

Module 19 Page 2783

Ethical Hacking and Countermeasures Cryptography

Exam 3 12 -5 0 Certified Ethical Hacker

R a n so m M a lw a re H its A u s tr a lia a s 3 0 B u s in e s s e s A tta c k e d

EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Module 19 Page 2784

Ethical Hacking and Countermeasures Cryptography

Exam 3 12 -5 0 Certified Ethical Hacker

All contents IDG2012 By: John EDunn

Module 19 Page 2785

Ethical Hacking and Countermeasures Cryptography

Exam 3 12 -5 0 Certified Ethical Hacker

EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Module 19 Page 2786

Ethical Hacking and Countermeasures Cryptography

Exam 3 12 -5 0 Certified Ethical Hacker

Public Key Infrastructure (PKI)

This section describes cryptography and the types of cryptography.

Module 19 Page 2787

Exam 3 1 2 -5 0 C ertified Ethical H acker

A uthentication N o n-R epudiation

EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .

Exam 3 1 2 -5 0 C ertified Ethical H acker

FIGURE 1 9 .1 : Illu stra tin g c r y p to g ra p h y p r o c e s s

Exam 3 1 2 -5 0 C ertified Ethical H acker

G u u ih ifh o fn kb ifkfn n fk N k lc lm lm *& }_( )_

Asym m etric Encryption

A s y m m e tric E n cryp tio n

G u u ih ifh o fn kb ifkfn n fk N k lc lm lm A & )LL

EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .

Exam 3 1 2 -5 0 C ertified Ethical H acker

G u u ih ifh o fn LkifW K D IIK nnflr nnTK N k lc lm lm

a s y m m e tr ic c ry p to g ra p h y, th e s e n d e r e n c o d e s th e m essage w ith th e help o f a p u b lic key and

G u u ih ifh o fn k b ifk fn n fk N klc lm lm

This is m y A/C n u m b e r 7974392830

FIGURE 19.3: Asymmetric Encryption method

Exam 3 1 2 -5 0 C ertified Ethical H acker

II R ig h ts R e s e r v e d . R e p r o d u c tio n is S tr ic tly P r o h ib ite d .

G o v e r n m e n t A c c e s s to A key e s c ro w e n c r y p tio n sy ste m

(G A K ) th e d e cry p tin g c a p a b ility to ce rtain

c o m m u n ic a t io n s by s im u lta n e o u s ly a u th o riz in g g o v e r n m e n t agents to o b ta in th e keys upon giving it, v ag ue ly t e r m e d "le g a l a u t h o r iz a t io n . "

Exam 3 1 2 -5 0 C ertified Ethical H acker

t r a n s m i s s i o n s t h a t a r e d e v e l o p e d w i t h a n a l g o r i t h m k n o w n as S k i p j a c k . T h e S k ip j a c k a l g o r i t h m uses 8 0 - b i t k e ys. C ry p t a n a ly z in g re q u ire s s e a rc h in g t h r o u g h all keys,

Exam 3 1 2 -5 0 C ertified Ethical H acker

EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n Is S tric tly P ro h ib ite d .

P ublic Key In fra s tru c tu re (PKI)

Exam 3 1 2 -5 0 C ertified Ethical H acker

Exam 3 1 2 -5 0 C ertified Ethical H acker

d e vice s. These are n o t v e ry re lia b le . T here are tw o typ e s o f classical ciphers:

T ra n s p o s itio n c ip h e r: The le tte rs o f th e p la in te x t are s h ifte d to fo rm th e c ry p to g ra m . The c ip h e rte x t is a p e rm u ta tio n o f th e p la in te x t.

M o d e r n C ip h e r s M o d e rn cip h e rs are designed to w ith s ta n d a w id e range o f a tta c k s . M o d e rn ciphers

P riv a te -k e y c ry p to g ra p h y (s y m m e tric key a lg o rith m ): The sam e key is used fo r

e n c ry p tio n and d e c ry p tio n .

B lock c ip h e rs : Refer to an a lg o rith m o p e ra tin g on block (g ro u p o f bits) o f fixe d

Exam 3 1 2 -5 0 C ertified Ethical H acker

EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n Is S tric tly P ro h ib ite d .

Exam 3 1 2-50 C ertified Ethical H acker

It has a 128-bit block size, with key sizes of

EG-G*ancil. All R ig h ts R e s e r v e d . R e p r o d u c tio n is S tric tly P ro h ib ite d .

Exam 3 1 2 -5 0 C ertified Ethical H acker