Sunteți pe pagina 1din 85

GEBX111-Cyber Security

OBJECTIVES:
 To understand the basics of cryptography.
 To know the impact of various cybercrimes and cyber
offenses.
 To understand cybercrimes in mobile devices.
 To know the tools and techniques used to secure
from cybercrimes.
 To understand the basics of cyber security standards
and policies.
 To learn about the basics of cyber forensics.

Overview of Computer Security


GECX111-Cyber Security
2

OUTCOMES:
Upon completion of this course, students will be able
to
 Explain the general security issues.
 Discuss various cybercrimes and offenses.
 Identify cybercrime in mobile and wireless
environment.
 Use relevant tools and methods in cybercrime.
 Apply security policies in cyber forensics.
 Outline the strategies adopted in computer forensics.

Overview of Computer Security


GECX111-Cyber Security
3

Module 1 - Ch 8 (Text Book 2)


Module 2 - Ch 2 (Text Book 1)
Module 3 - Ch 3, 4 (Text Book 1)
Module 4 - Ch 5 (Text Book 1)
Module 5 - Ch 10 & 11 (Text Book 2)
Module 6 - Ch 6 (Text Book 2)

Syllabus
Overview of Computer Security
Text Books
4

Text Book 1:
 Nina Godbole, SunitBelapure, “Cyber Security:
Understanding Cyber Crimes, Computer Forensics and
Legal Perspectives”, Wiley, 2011.

Text Book 2:
 Chuck Easttom, “Computer Security Fundamentals”, 2nd
Edition, Pearson Education, 2012.

Overview of Computer Security


Introduction - Security
5

 What is computer security?


 protection of computer systems from the theft of or damage to
their hardware, software, or electronic data, as well as from
the disruption or misdirection of the services they provide

 What is network security?


 protection of the access to files and directories in a computer network against
hacking, misuse and unauthorized changes to the system.

 What is meant by cyber security?


 techniques to protect computers, networks, programs and data from
unauthorized access or attacks that are aimed for exploitation.

 Differences between network and cyber security?


 Why, where and how we use security?

Overview of Computer Security


Cyber Security Vs Network Security
6

Overview of Computer Security


Security Goals
7

 Confidentiality
 The assets are accessible only by authorized parties.

 Integrity
 The assets are modified only by authorized parties, and
only in authorized ways.
 Availability
 Assets are accessible to authorized parties.

Overview of Computer Security


Types of Attacks
8

 Passive Attack - A Passive attack attempts to learn or make use of


information from the system but does not affect system resources.
Passive Attacks are in the nature of eavesdropping on or monitoring of
transmission. The goal of the opponent is to obtain information is being
transmitted. Types of passive attacks are:
o Tapping
o Encryption
o Scanning
o Traffic Analysis
 Active Attack - An Active attack attempts to alter system resources or
effect their operations. Active attack involve some modification of the
data stream or creation of false statement. Types of active attacks are:
o Masquerade
o Replay
o Modification of messages
o Denial of Service (DOS) Attacks
https://www.geeksforgeeks.org/types-of-security-attacks-active-and-passive-attacks/

Overview of Computer Security


Passive Attacks
9

Overview of Computer Security


Types of Security Breaches
10

 Interruption
 Example: DOS (Denial of Service)

 Interception
 Peeping eyes

 Modification
 Change of existing data

 Fabrication
 Addition of false or spurious data

Overview of Computer Security


Security Breaches - Terminology
11

 Exposure
 a form of possible loss or harm

 Vulnerability
 a weakness in the system

 Attack
 Threats
 Human attacks, natural disasters, errors

 Control – a protective measure


 Assets – h/w, s/w, data

Overview of Computer Security


Computing System Vulnerabilities
12

 Hardware vulnerabilities
 Software vulnerabilities
 Data vulnerabilities
 Human vulnerabilities ?

Overview of Computer Security


Hardware Vulnerabilities
13

 A computing system: a collection of hardware,


software, data, and people that an organization
uses to do computing tasks
 Any piece of the computing system can become the
target of a computing crime.
 The weakest point is the most serious
vulnerability.
 The principle of easiest penetration

Overview of Computer Security


Software Vulnerabilities
14

 Destroyed (deleted) software


 Stolen (pirated) software
 Altered (but still run) software
 Logic bomb
 Trojan horse
 Virus
 Trapdoor
 Information leaks

Overview of Computer Security


Logic bomb
15

 A logic bomb is a piece of code intentionally


inserted into a software system that will set off a
malicious function when specified conditions are
met.
 For example, a programmer may hide a piece of
code that starts deleting files (such as
a salary database trigger), should they ever be
terminated from the company.

Overview of Computer Security


Trojan horse
16

 Trojan horse, or Trojan, is any


malicious computer program which is used to hack
into a computer by misleading users of its true
intent.
 It is a program designed to breach the security of a
computer system while ostensibly performing
some innocuous function.

Overview of Computer Security


Virus
17

 A computer virus is a malware that, when


executed, replicates by reproducing itself or
infecting other programs by modifying them.
 Infecting computer programs can include as well,
data files, or the boot sector of the hard drive.
 When this replication succeeds, the affected areas
are then said to be "infected".

Overview of Computer Security


Trapdoor (Backdoor)
18

 A backdoor is a method, often secret, of


bypassing normal authentication in a
product, computer system, cryptosystem or algorit
hms, etc.
 Backdoors are often used for securing
unauthorized remote access to a computer, or
obtaining access to plaintext in cryptographic
systems.

Overview of Computer Security


Information leaks
19

 Information leakage happens whenever a


system that is designed to be closed to
an eavesdropper reveals some information to
unauthorized parties nonetheless.
 For example, when designing an encrypted instant
messaging network, a network engineer without
the capacity to crack encryption codes could see
when messages are transmitted, even if he could
not read them.

Overview of Computer Security


Cryptography Basics
20

 Plain text (Unencrypted text)


 Encryption algorithm
 Algorithm: A mathematical process for doing something.

 Secret key
 Key: The bits that are combined with the plain text to encrypt it. In some
cases this is random numbers, in other cases it is the result of some
mathematical operation.

 Cipher text (Encrypted text)


 Decryption algorithm

Overview of Computer Security


History of Encryption
21

 Substitution Techniques
o Caesar cipher
o Monoalphabetic cipher
o Vigenere cipher
o Hill cipher

Overview of Computer Security


Shift Cipher – Caesar Cipher
22

 The Key Space:


 [0 .. 25]

 Encryption given a key K:


 each letter in the plaintext P is replaced
with the K’th letter following
corresponding number (shift right)
 Decryption given K:
 shift left

History: K = 3, Caesar’s cipher

Topic 2: Classical Cryptography CS526


Caesar Cipher
23

 Example of the encryption and decryption steps involved


with the caesar cipher. The text we will encrypt is 'defend
the east wall of the castle', with a shift (key) of 3.
 Plaintext: crescent
 ciphertext: fuhvfhqw
 It is easy to see how each character in the plaintext is
shifted up the alphabet. Decryption is just as easy, by
using an offset of -1.
 Plain : a b c d e f g h i j k l m n o p q r s t u v w x y z
 cipher: d e f g h i j k l m n o p q r s t u v w x y z a b c
 Obviously, if a different key is used, the cipher alphabet
will be shifted a different amount.
Topic 2: Classical Cryptography
Caesar Cipher - Mathematical Description
24

 First we translate all of our characters to numbers, 'a'=0,


'b'=1, 'c'=2, ... , 'z'=25. We can now represent the caesar
cipher encryption function, e(x), where x is the character
we are encrypting, as:

 Where k is the key (the shift) applied to each letter. After


applying this function the result is a number which must
then be translated back into a letter. The decryption
function is :

Topic 2: Classical Cryptography


Shift Cipher: Cryptanalysis
25

 Can an attacker find K?


 YES: by a bruteforce attack through exhaustive key
search.
 key space is small (<= 26 possible keys).
 How much ciphertext is needed?

 Lessons:
 Key space needs to be large enough.

 Exhaustive key search can be effective.

Topic 2: Classical Cryptography CS526


Mono-alphabetic Substitution Cipher
26

 The key space: all permutations of  = {A, B, C, …, Z}


 Encryption given a key :
 each letter X in the plaintext P is replaced with (X)
 Decryption given a key :
 each letter Y in the cipherext P is replaced with -1(Y)

Example:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
= B A D C Z H W Y G O Q X S V T R N M L K J I P F E U
BECAUSE  AZDBJSZ

Topic 2: Classical Cryptography CS526


Strength of the Mono-alphabetic Substitution Cipher
27

 Exhaustive search is difficult


 key space size is 26!  4×1026  288

 Dominates the art of secret writing throughout the


first millennium A.D.

 Thought to be unbreakable by many back then

 How to break it?

Topic 2: Classical Cryptography CS526


Cryptanalysis of Substitution Ciphers:
Frequency Analysis
28

 Basic ideas:
 Each language has certain features:
frequency of letters, or of groups of two or
more letters.
 Substitution ciphers preserve the language
features.
 Substitution ciphers are vulnerable to
frequency analysis attacks.
 How much ciphertext is required?

Topic 2: Classical Cryptography CS526


Frequency of Letters in English
29

14

12

10

8
Series1
6

0
a b c d e f g h i j k l m n o p q r s t u v w x y z

Topic 2: Classical Cryptography CS526


How to Defeat Frequency Analysis?
30

 Use larger blocks as the basis of substitution. Rather


than substituting one letter at a time, substitute 64
bits at a time, or 128 bits.
 Leads to block ciphers such as DES & AES.

 Use different substitutions to get rid of frequency


features.
 Leads to polyalphabetical substituion ciphers, and to stream
ciphers such as RC4

Topic 2: Classical Cryptography CS526


Towards the Polyalphabetic Substitution Ciphers
31

 Main weaknesses of monoalphabetic substitution


ciphers
 In ciphertext, different letters have different frequency
 each letter in the ciphertext corresponds to only one letter in the
plaintext letter
 Idea for a stronger cipher (1460’s by Alberti)
 Use more than one substitutions, and switch between them
when encrypting different letters
 As result, frequencies of letters in ciphertext are similar
 Developed into an easy-to-use cipher by Vigenère
(published in 1586)

Topic 2: Classical Cryptography CS526


The Vigenère Cipher
32

Treat letters as numbers: [A=0, B=1, C=2, …, Z=25]


Number Theory Notation: Zn= {0, 1, …, n-1}
Definition:
Given m, a positive integer, P = C = (Z26)n, and K = (k1, k2, … , km) a
key, we define:
Encryption:
ek(p1, p2… pm) = (p1+k1, p2+k2…pm+km) (mod 26)
Decryption:
dk(c1, c2… cm) = (c1-k1, c2-k2 … cm- km) (mod 26)
Example:
Plaintext :CRYPTOGRAPHY
Key :LUCKLUC KLUCK
Ciphertext :NLAZE I I BLJ J I

Topic 2: Classical Cryptography CS526


Security of Vigenere Cipher
33

 Vigenere masks the frequency with which a


character appears in a language: one letter in
the ciphertext corresponds to multiple letters
in the plaintext. Makes the use of frequency
analysis more difficult.

 Any message encrypted


by a Vigenere cipher is a
collection of as many shift ciphers as there
are letters in the key.

Topic 2: Classical Cryptography CS526


Hill Cipher
34

 Hill cipher is a polygraphic substitution cipher based on linear


algebra. Each letter is represented by a number modulo 26.
 Often the simple scheme A = 0, B = 1, …, Z = 25 is used, but this
is not an essential feature of the cipher.
 To encrypt a message, each block of n letters (considered as an n-
component vector) is multiplied by an invertible n × n matrix,
against modulus 26.
 To decrypt the message, each block is multiplied by the inverse of
the matrix used for encryption.
 The matrix used for encryption is the cipher key, and it should be
chosen randomly from the set of invertible n × n matrices
(modulo 26).

Overview of Computer Security


Hill Cipher
35

 Examples:
 Input :
 Plaintext: ACT
 Key: GYBNQKURP
 Output :
 Ciphertext: POH
 Input :
 Plaintext: GFG
 Key: HILLMAGIC
 Output :
 Ciphertext: SWK

Overview of Computer Security


Hill Cipher - Encryption
36

 Encryption
 We have to encrypt the message ‘ACT’ (n=3).The key is
‘GYBNQKURP’ which can be written as the n x n matrix:

 The message ‘ACT’ is written as vector:

Overview of Computer Security


Hill Cipher - Encryption
37

 The enciphered vector is given as:

which corresponds to ciphertext of ‘POH’

Overview of Computer Security


Hill Cipher - Decryption
38

 Decryption
 To decrypt the message, we turn the ciphertext back into a
vector, then simply multiply by the inverse matrix of the
key matrix (IFKVIVVMI in letters).The inverse of the
matrix used in the previous example is:

Overview of Computer Security


Hill Cipher - Decryption
39

 For the previous Ciphertext ‘POH’:

which gives us back ‘ACT’.


Assume that all the alphabets are in upper case.

Overview of Computer Security


Modern Cryptography Methods
40

 Symmetric (Private Key) Encryption


 Asymmetric (Public Key) Encryption

Overview of Computer Security


Single-Key (Symmetric) Encryption

 Basically, single-key encryption means that the same key is


used to both encrypt and decrypt a message. This is also
referred to as symmetric key encryption.
 There are two types of symmetric algorithms:
 Stream and Block.
 A block cipher divides the data into blocks (often 64-bit
blocks, but newer algorithms sometimes use 128-bit blocks)
and encrypts the data one block at a time.
 Stream ciphers encrypt the data as a stream of bits, one bit
at a time.
Data Encryption Standard

 Data Encryption Standard, or DES as it is often called, was


developed by IBM in the early 1970s. DES is a block cipher.
 The DES uses short keys and relies on complex procedures
to protect its information.
 The actual DES algorithm is quite complex and beyond the
scope of our syllabus. The basic concept, however, is as
follows:
Data Encryption Standard

 1. Data is divided into 64-bit blocks, and those blocks are


then transposed.
 2. Transposed data is then manipulated by 16 separate
steps of encryption involving substitutions, bit-shifting and
logical operations using a 56-bit key.
 3. Data is then further scrambled using a swapping
algorithm.
 4. Data is finally transposed one last time.
Data Encryption Standard
 Advantage
 One advantage that DES offers is efficiency. Some
implementations of DES offer data throughput rates on the order
of hundreds of megabytes per second. In plain English, what this
means is that it can encrypt a great deal of data very quickly.
 You might assume that 16 steps would cause encryption to be
quite slow; however, that is not the case using modern computer
equipment.
 Disadvantage
 The problem with DES is the same problem that all symmetric
key algorithms have: How do you transmit the key without
risking it becoming compromised? This issue led to the
development of public key encryption.
 And another problem is that over time it has become no longer
viable for modern encryption. The 56-bit key is simply not long
enough.
3DES

 Triple DES, was created as a replacement for DES. At the


time, the cryptography community was searching for a
viable alternative.
 While that was still being worked on, a stop-gap measure
was created.
 It essentially applies DES three times with three different
keys, thus the name 3DES.
AES

 AES, or Advanced Encryption Standard, was the


algorithm eventually chosen to replace DES.
 It is a block cipher that works on 128 bit blocks. It can
have one of three key sizes of 128, 192, or 256 bits.
 This was selected by the United States Government to be
the replacement for DES and is now the most widely used
symmetric key algorithm.
Blowfish

 Blowfish is a symmetric block cipher. It uses a variable-


length key ranging from 32 to 448 bits (McCrypto.net,
2004). This flexibility in key size allows you to use it in
various situations.
 Blowfish was designed in 1993 by Bruce Schneier. It has
been analyzed extensively by the cryptography
community and has gained wide acceptance.
 It is also a non-commercial (i.e., free of charge) product,
thus making it attractive to budget-conscious
organizations.
 It should also be pointed out that Blowfish was also a
finalist for the U.S. Department of Defense, when they
were seeking a replacement for DES.
RC4

 The other symmetric algorithms we have discussed have all


been block ciphers.
 RC4 is a stream cipher and variable length key algorithm
developed by Ron Rivest. This algorithm encrypts one byte
at a time (or larger units on a time).
 The RC is an acronym for Ron’s Cipher. There are other RC
versions such as RC5 and RC6.
 A key input is pseudorandom bit generator that produces a
stream 8-bit number that is unpredictable without
knowledge of input key.
 The output of the generator is called key-stream, is
combined one byte at a time with the plaintext stream
cipher using X-OR operation.
Public Key (Asymmetric) Encryption

 Public key encryption is essentially the opposite of single-


key encryption. With any public key encryption algorithm,
one key is used to encrypt a message (called the public key)
and another is used to decrypt the message (called the
private key).
 You can freely distribute your public key so that anyone can
encrypt a message to send to you, but only you have the
private key and only you can decrypt the message.
Public Key Cryptography and RSA

Every Encryptian received two names, which


were known respectively as the true name and
the good name, or the great name and the little
name; and while the good or little name was
made public, the true or great name appears to
have been carefully concealed.
—The Golden Bough, Sir James George
Frazer
Private-Key Cryptography

 Traditional private/secret/single key


cryptography uses one key
 Shared by both sender and receiver
 If this key is disclosed communications are
compromised
 Also is symmetric, parties are equal
 Hence does not protect sender from receiver forging
a message & claiming is sent by sender
Public-Key Cryptography

 probably most significant advance in the 3000 year


history of cryptography
 uses two keys – a public & a private key
 asymmetric since parties are not equal
 uses clever application of number theoretic concepts
to function
 complements rather than replaces private key
crypto
Why Public-Key Cryptography?

 Developed to address two key issues:


 key distribution – how to have secure communications in
general without having to trust a KDC with your key
 digital signatures – how to verify a message comes intact
from the claimed sender
 Public invention due to Whitfield Diffie & Martin
Hellman at Stanford Uni in 1976
 known earlier in classified community
Public-Key Cryptography

 Public-key/two-key/asymmetric cryptography
involves the use of two keys:
 a public-key, which may be known by anybody, and can
be used to encrypt messages, and verify signatures
 a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
 It is asymmetric because
 those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
Public-Key Cryptography
Public-Key Characteristics

 Public-Key algorithms rely on two keys where:


 It is computationally infeasible to find decryption key
knowing only algorithm & encryption key
 It is computationally easy to en/decrypt messages when
the relevant (en/decrypt) key is known
 Either of the two related keys can be used for encryption,
with the other used for decryption (for some algorithms)
Public-Key Cryptosystems
Public-Key Applications

 Can classify uses into 3 categories:


 encryption/decryption (provide secrecy)

 digital signatures (provide authentication)

 key exchange (of session keys)

 Some algorithms are suitable for all uses, others are


specific to one
Security of Public Key Schemes

 Like private key schemes brute force exhaustive


search attack is always theoretically possible
 But keys used are too large (>512bits)
 Security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
 More generally the hard problem is known, but
is made hard enough to be impractical to break
 Requires the use of very large numbers
 Hence is slow compared to private key schemes
RSA

 by Rivest, Shamir & Adleman of MIT in 1977


 Best known & widely used public-key scheme
 Based on exponentiation in a finite (Galois) field
over integers modulo a prime
 nb. exponentiation takes O((log n)3) operations (easy)
 Uses large integers (eg. 1024 bits)
 Security due to cost of factoring large numbers
 nb. factorization takes O(e log n log log n) operations (hard)
RSA Key Setup

 Each user generates a public/private key pair by:


 Selecting two large primes at random - p, q
 Computing their system modulus n=p.q
 note ø(n)=(p-1)(q-1)

 Selecting at random the encryption key e


 where 1<e<ø(n), gcd(e,ø(n))=1
 Solve following equation to find decryption key d
 e.d=1 mod ø(n) and 0≤d≤n

 Publish their public encryption key: PU={e,n}


 Keep secret private decryption key: PR={d,n}
RSA Use

 To encrypt a message M the sender:


 obtains public key of recipient PU={e,n}

 computes: C = Me mod n, where 0≤M<n

 To decrypt the ciphertext C the owner:


 uses their private key PR={d,n}

 computes: M = Cd mod n

 Note that the message M must be smaller than the


modulus n (block if needed)
Why RSA Works

 Because of Euler's Theorem:


 aø(n)mod n = 1 where gcd(a,n)=1
 in RSA have:
 n=p.q
 ø(n)=(p-1)(q-1)
 carefully chose e & d to be inverses mod ø(n)
 hence e.d=1+k.ø(n) for some k
 Hence :
Cd = Me.d = M1+k.ø(n) = M1.(Mø(n))k
= M1.(1)k = M1 = M mod n
RSA Example - Key Setup

1. Select primes: p=17 & q=11


2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x 10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}
RSA Example - En/Decryption

 Sample RSA encryption/decryption is:


 Given message M = 88 (nb. 88<187)
 Encryption:
C = 887 mod 187 = 11
 Decryption:
M = 1123 mod 187 = 88
Efficient Encryption

 Encryption uses exponentiation to power e


 Hence if ‘e’ small, this will be faster
 often choose e=65537 (216-1)
 also see choices of e=3 or e=17

 But if ‘e’ too small (eg. e=3) can attack


 using Chinese remainder theorem & 3 messages with different
modulii
 If ‘e’ fixed must ensure gcd(e,ø(n))=1
 ie reject any p or q not relatively prime to e
Efficient Decryption

 Decryption uses exponentiation to power d


 this is likely large, insecure if not

 Can use the Chinese Remainder Theorem (CRT) to


compute mod p & q separately. then combine to get
desired answer
 approx 4 times faster than doing directly
 Only owner of private key who knows values of p & q
can use this technique
RSA Key Generation

 Users of RSA must:


 determine two primes at random - p, q
 select either e or d and compute the other

 Primes p,q must not be easily derived from modulus


n=p.q
 means must be sufficiently large
 typically guess and use probabilistic test
 Exponents e, d are inverses, so use Inverse
algorithm to compute the other
RSA Security

 Possible approaches to attacking RSA are:


 brute force key search (infeasible given size of numbers)

 mathematical attacks (based on difficulty of computing ø(n),


by factoring modulus n)
 timing attacks (on running of decryption)

 chosen ciphertext attacks (given properties of RSA)


Chosen Ciphertext Attacks

• RSA is vulnerable to a Chosen Ciphertext Attack


(CCA)
• Attackers chooses ciphertexts & gets decrypted
plaintext back
• Choose ciphertext to exploit properties of RSA to
provide info to help cryptanalysis
• Can counter with random pad of plaintext
• Or use Optimal Asymmetric Encryption Padding
(OASP)
PGP

 PGP, a public key system, stands for Pretty Good Privacy.


 It is a widely used system that is considered very secure by
most experts.
 It was developed by Philip R. Zimmermann in 1991 and has
become a de facto standard for email security.
 PGP is used to encrypt and decrypt email over the Internet,
as well as authenticate messages with digital signatures and
encrypted stored files.
 The important things to know about PGP are that it is
■ A public key encryption
■ Considered quite secure
■ Available free of charge
PGP - How it works

 Pretty Good Privacy uses a variation of the public key system.


 In this system, each user has an encryption key that is publicly known
and a private key that is known only to that user.
 You encrypt a message you send to someone else using their public key.
 When they receive it, they decrypt it using their private key.
 Since encrypting an entire message can be time-consuming, PGP uses a
faster encryption algorithm to encrypt the message and then uses the
public key to encrypt the shorter key that was used to encrypt the entire
message.
 Both the encrypted message and the short key are sent to the receiver
who first uses the receiver's private key to decrypt the short key and
then uses that key to decrypt the message.
Legitimate Versus Fraudulent Encryption
Methods
 There are many fraudulent cryptographic claims out there.
You do not have to be a cryptography expert to be able to
avoid many of those fraudulent claims. Here are some
warning signs:
 ■ Unbreakable: Anyone with experience in cryptography
knows that there is no such thing as an unbreakable code.
There are codes that have not yet been broken. There are
codes that are very hard to break. But when someone claims
that their method is “completely unbreakable,” you should
be suspicious.
 ■ Certified: There is no recognized certification process for
encryption methods. Therefore, any “certification” the
company has is totally worthless.
Legitimate Versus Fraudulent Encryption Methods

 ■ Inexperienced people: A company is marketing a new


encryption method. What is the experience of the people
working with it? Does the cryptographer have a background
in math, encryption, or algorithms? If not, has he
submitted their method to experts in peer-reviewed
journals? Or, is he at least willing to disclose how their
method works so that it can be fairly judged?
Legitimate Versus Fraudulent Encryption Methods

 Digital Signatures
 A digital signature is not used to ensure the confidentiality of a
message, but rather to guarantee who sent the message. This is referred
to as nonrepudiation. Essentially, it proves who the sender is.
 Digital signatures are actually rather simple, but clever. They simply
reverse the asymmetric encryption process.
 Recall that in asymmetric encryption, the public key (which anyone can
have access to) is used to encrypt a message to the recipient, and the
private key (which is kept secure, and private) can decrypt it.
 With a digital signature, the sender encrypts something with his or her
private key. If the recipient is able to decrypt that with the sender’s
public key, then it must have been sent by the person purported to have
sent the message.
Legitimate Versus Fraudulent Encryption Methods

 Hashing
 A hashing is a type of cryptographic algorithm that has some specific
characteristics.
 First and foremost it is one-way. That means you cannot “unhash”
something.
 The second characteristic is that you get a fixed-length output no
matter what input is given. This is exactly how Windows stores
passwords. For example, if your password is password, then
Windows will first hash it producing something like this:
0BD181063899C9239016320B50D3E896693A96DF
 Windows will then store that in the SAM (Security Accounts
Manager) file in the Windows System directory.
 When you log on, Windows cannot unhash your password
(remember it is one-way). So, what Windows does is take whatever
password you type in, hash it, and then compare the result with what
is in the SAM file. If they match (exactly), then you can log in.
Legitimate Versus Fraudulent Encryption Methods

 Storing Windows passwords is just one application of hashing. There


are others.
 For example, in computer forensics it is common to hash a drive before
you begin forensic examination.
 Then later you can always hash it again to see if anything was changed
(accidently or intentionally).
 If the second hash matches the first, then nothing has been changed.
 There are various hashing algorithms. The two most common are MD5
and SHA (it was SHA-1 but since then later versions like SHA-256 are
becoming more common).
Legitimate Versus Fraudulent Encryption Methods

 Authentication
 When one logs on to a system, the system needs to authenticate the
user (and sometimes the user needs to authenticate the system!).
There are many authentication protocols.
 A few of the more common are briefly described here:
 ■ PAP: Password Authentication Protocol is the simplest form of
authentication and the least secure. Usernames and passwords are
sent unencrypted, in plain text.
 ■ SPAP: Shiva Password Authentication Protocol is an extension to
PAP that does encrypt the username and password that is sent over
the Internet.
 ■ CHAP: Challenge Handshake Authentication Protocol calculates a
hash after the user has logged in. Then it shares that hash with the
client system. Periodically the server will ask the client to provide
that hash (this is the challenge part). If the client cannot, then it is
clear that the communications have been compromised .MS-CHAP is
a Microsoft-specific extension to CHAP.
Legitimate Versus Fraudulent Encryption Methods

 ■ Kerberos: Kerberos is used widely, particularly with Microsoft


operating systems. It was invented at MIT and derives its name from
the mythical three-headed dog that was reputed to guard the gates of
Hades.
 The system is a bit complex but the basic process is as follows:
 When a user logs in, the authentication server verifies the user’s
identity and then contacts the ticket granting server (these are often
on the same machine).
 The ticket granting server sends an encrypted “ticket” to the user’s
machine. That ticket identifies the user as being logged in.
 Later when the user needs to access some resource on the network,
the user’s machine uses that ticket granting ticket to get access to the
target machine.
 There is a great deal of verification for the tickets, and these tickets
expire in a relatively short time.
Encryptions Used in Internet

 What sort of encryption is used on bank websites and e-commerce?


In general, symmetric algorithms are faster, and require a shorter
key length to be as secure as asymmetric algorithms.
 However, there is the problem of how to securely exchange keys. So
most e-commerce solutions use an asymmetric algorithm to
exchange symmetric keys and then use the symmetric keys to
encrypt the actual data.
 When visiting websites that have an HTTPS at the beginning, rather
than HTTP, the S denotes secure. That means traffic between your
browser and the web server is encrypted.
 This is usually done with either SSL (Secure Sockets Layer) or TLS
(Transport Layer Security). SSL, the older of the two technologies,
was developed by Netscape.
 SSL and TLS are both asymmetric systems.
Encryptions Used in Internet

 Virtual Private Networks


 A VPN is a virtual private network. This is essentially a
way to use the Internet to create a virtual connection
between a remote user or site and a central location.
 The packets sent back and forth over this connection are
encrypted, thus making it private.
 The VPN must emulate a direct network connection.
 There are three different protocols that are used to create
VPNs:
 ■ Point-to-Point Tunneling Protocol (PPTP)
 ■ Layer 2 Tunneling Protocol (L2TP)
 ■ Internet Protocol Security (IPsec)
Encryptions Used in Internet
 PPTP
 Point-to-Point Tunneling Protocol (PPTP) is the oldest of
the three protocols used in VPNs. It was originally designed as a
secure extension to Point-to-Point Protocol (PPP).
 It adds the features of encrypting packets and authenticating
users to the older PPP protocol. PPTP works at the data link layer
of the OSI model.
 PPTP offers two different methods of authenticating the user:
Extensible Authentication Protocol (EAP) and Challenge
Handshake Authentication Protocol (CHAP).
 EAP was actually designed specifically for PPTP and is not
proprietary.
 CHAP is a three-way process whereby the client sends a code to
the server, the server authenticates it, and then the server
responds to the client. CHAP also periodically re-authenticates a
remote client, even after the connection is established.
 PPTP uses Microsoft Point-to-Point Encryption (MPPE) to
encrypt packets. MPPE is actually a version of DES.
Encryptions Used in Internet

 L2TP
 Layer 2 Tunneling Protocol (L2TP) was explicitly designed as an
enhancement to PPTP.
 Like PPTP, it works at the data link layer of the OSI model. It has several
improvements to PPTP.
 First, it offers more and varied methods for authentication—PPTP offers
two, whereas L2TP offers five.
 In addition to CHAP and EAP, L2TP offers PAP, SPAP, and MS-CHAP.
 In addition to more authentication protocols available for use, L2TP offers
other enhancements.
 PPTP will only work over standard IP networks, whereas L2TP will work
over X.25 networks (a common protocol in phone systems) and ATM
(asynchronous transfer mode, a high-speed networking technology)
systems.
 L2TP also uses IPsec for its encryption.
Encryptions Used in Internet

 IPsec
 IPsec is short for Internet Protocol Security. It is the latest of the
three VPN protocols.
 One of the differences between IPsec and the other two methods is
that it encrypts not only the packet data, but also the header
information.
 It also has protection against unauthorized retransmission of
packets. This is important because one trick that a hacker can use is
to simply grab the first packet from a transmission and use it to get
their own transmissions to go through.
 Essentially, the first packet (or packets) has to contain the login
data. If you simply resend that packet (even if you cannot crack its
encryption), you will be sending a valid logon and password that can
then be followed with additional packets.
 Preventing unauthorized retransmission of packets prevents this
from happening.
Thank you

S-ar putea să vă placă și