Học viện Công Nghệ Thông Tin Bach Khoa A | WModule Objectives What Is SSH Secure Shell?. Học viện Công Nghệ Thông Tin Bach Khoa Cryptography Cryptography is the fd into a scrambied
Trang 2
security News
ý
The 2012 epidemic of ransom malware appears to have turned even nastier
as 30 Australian businesses hawe now asked police for help coping with attacks in a matter of days
According to local news, police im the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves
Businesses affected included those in the medical, entertainment, reta# and insurance sectors, the news source said, with several dozen affected im total
ee Sa ee eRe a Cele eee re see tee ose
£2,000) ransom via Western Union to get back access to important financial records, including credit
card data and debtor invoices The attackers dermnanded the money within seven days or the sum would
increase by AUD $1,000 per week
Worryingly, this attack used 256-bit encryption, to all intents and purposes Impossible to crack Wf the
key has not been exposed during the attack
“Alot of businesses can't afford the interruptions to their trade and will pay straight away,” detective superintendant Brien Hay of Queensland's fraud and corporate crime group told press
Copyeght © by © Ceeecd! All sư ti Reserved Heproduction is Stricthy Prahbited
Trang 3Học viện Công Nghệ Thông Tin Bach Khoa
A | WModule Objectives
What Is SSH (Secure Shell) ? Cryptography Attacks
Public Key Infrastructure (PKI) Cryptanalysis Tools Certification Authorities Online MDS Decryption Tools
Trang 5Học viện Công Nghệ Thông Tin Bach Khoa
Cryptography
Cryptography is the fd into a scrambied
as lộ code that is Gecrypted and sent across a private or
oublic network
Cryptography is used to protect confidential data such as
, Chat sessions, web transactions, personal hii — data, e-commerce applications, etc
Ptatrrtext Cephertext Ciphertext Plaintext
Copxr-sht ee net ie eds eee ts
Trang 6Học viện Công Nghệ Thông Tin Bach Khoa
Symmetric Encryption (secret-kevy,
Cx^ «ewe Tce One keer tote
shared-key, and private-key} Th my 0 ete > VỐ a —— >> meer
s A wwe eee oe ee
“ở “sự - «4 > *ˆ ` oe) for encryption as it does for seeenenent o~ar | sesesesane
Cipher text Pla:e test
decryption
Pain text
Asymmetric Encryption Asymmetric Encryption
Asymmetric encryption (public-key)
for
DOecryphon
Encryptior
Qese ee Bot OePour'v Cer or bebe
aha 8 Ff eee eee > z~“”*"”"" 1đ “ > ` 2 rey
ALC t.ướ ` ster’ aC fe errme °
¬w oerespanes encryption and Gecryption reese key:
are known as public and private keys
tr t*swˆs: tt
Piain teat Plaw te xt Cipher text
Copyeght © Sy Cemeced All gets Reserved Reproduction is Stricth Srotibried
Trang 7BACH KHOA
Trang 9Comment © by TC Camm 40 fet Rewred Benrndurtion © Grictty Sontuhted
Trang 10
under control of a S6-bit key
that takes a fixed-tength string of plaintext bits and
transforms it into a ciphertext bitstring of the same tengthn
Due to the of DES with today’s technologies, some organizations repeat the
process three times (3DES) tor added strength, until they can afford to update their equipment to AES capabilt:es
Trang 11
Học viện Công Nghệ Thông Tin Bach Khoa
Advanced Encryption Standard (AES)
securing sensitive but unclassified material
by US government agencies
Cipher (byte án(4*°Nb], byte out(4*kb]
for round = i step 1 to Wr~l1 SubBytes istate)
7a SubBy tes (state)
Trang 12
itis a parameterized algorithm with a variable —_ }—
block size, a variable key size, and a variable number of rounds The key sive is 128-bits
RCS RC6 ts a symmetric key Diock cipher derived from RC5
with two additional features
Ì *% Jses four 4-b(t working repsters (2C5S wees two 2-bit regrters) f : —_
Trang 13
Học viện Công Nghệ Thông Tin Bach Khoa
aetna
The DSA and Related Signature
schemes
FIPS 186-2 specifies the Digital Seenature - The digital signature ts computed using 3
^lgor:thm (O54) that may Se used im the == set of rules (Le., the OSA) and a set of ecnerabon and verification of cegita! = xararreters such that the identity of the
corresponding 5 To compute a, select an element g in 7", and compute gy” " mod p j
private key & Nae 1, pectorm step five again with a đđfererd ở
7 S#elect a random Øø such that 1 ¢ a < q-l
& Compute y = a’ mod p
Ốc li 6A nan SG a6 na nan sa (006.6 ee TT)
Trang 14(Rivest Shamir Adleman)
¬ oo
RSA is an Internet encryption and suthenticaien
— & 3 : system that uses an algorithm developed by Ron
`N a Rivest, Adi Shamur, and Leonard Adieman
RSA encryption is widely used and is one of the de
oO facto encryption standard
it uses modular arithmetic and elementary
\) number theories to perform computations
using two large prime numbers
All Qights Reserved Reproduction is Stracthy Prohibited
Trang 15Học viện Công Nghệ Thông Tin Bach Khoa
farst prime number
second prime number modulus igive this pubiic exponent igive this
«= (C^D mod Po (c*2753) mod 3233
this
Copyeght © by © Cemecel All Rights Reserwed Reproduction is Strcthy Protebited
Trang 16= The RSA Signature Scheme
À'q©rithr Key generaton tor he I
Copyeghtt © by © Comgece All Highs Reserved Reproduction is Strictly Prohbited
Trang 17
IViessage Digest (One-way Hash) clEH
Functions xi [=eễ=%=
representation called a message
digest of any arbitrary block of information
‘ Message digests are aiso calied one-way bash functions because they cannot be reversed
Copyeght © by Lf Ceeece All Sights Meserwed Reproduction is Stricthy Protebtied
Trang 19it is an algorithm for generating cryptographically secure one-way hash, _—
U.S Federal information Processing Standard =
2 & produces a 160-bit
digest from a message with a maximum length of (2 ~ 1) bits, and resembles the MDS algorithm
is then invertibly permuted
Trang 20
Học viện Công Nghệ Thông Tin Bach Khoa
SSH is a secure
replacement for te!net and the Berkeley remote-utilities (riogin, rsh, rcp, and rdist)
Authentication
it provides an encrypted Provides strong +ost-to
channe! for remote ee ae be eh as
logging, command authentication, and execution and file secure communication transfcrx cover an irsecure tnternet
SSHM2 is a more secure, efficient, and portable version of SSH that includes SFTP, an SSH2 tunneted FIP
Copyegitt © by Lf €90%(C4 All Fights Reserved Reproduction is Strictly Prohbited
Trang 23Cryptography Tool: Advanced Encryption Package
Attp-//www ceppro corn Copyegitt © by LG Ceeecal All Rights Reserved Meproduction is Strcthy Proheitted
Trang 24public key algorithms for
it uses public key
Trang 25CommuniCrypt File Encryption Tools
hte //w ww Cofeetiundt ry et com
Artp //www JOrioht<perk« com
GNU Privacy Guard
Arte //www upg org
Copyegit © by © Cem@ece, All Rights Reserved Reproduction is Strictly Prohbited
Trang 26ze mw sB8KAGAD
Cryptanalysis Tools
Copyeght © by All #2g 1 Reserwed He production is Stricthy Prohdbited
Trang 27
Public Key Infrastructure (PKI) is a
required to create, manage, distribute, use, store, and revoke
Lertifiicate Management
System
Generates, destributes, stores,
and verifies certificates
Trang 28
Public Key Infrastructure (PKI)
(Cont'd)
Trang 29
Lire of 7046-Dit Certificates 4 —— tẰn Pt Onto —
"1 _ “` _“ .—
~—-_ ~>- ~t——- -=
&ttp-//www thowte cor
Saree + eth New eee -
Sell me gow etendera
Arto: //www verisign corr hrr!:.//www entrust met
Copyeght © by Lf Ceeece All Sights Reserved 2 2A (h6 6a lan ca
Trang 31Học viện Công Nghệ Thông Tin Bach Khoa
Digital Signature
Digital signature used asymmetrex cryptography to simulate the security properties ofa
A Oievtal signature may be turther protected, Dy encrypting the signed email for confmMentiaimy
Owrnryor rene were
w owe few Fyre ereterw bey
—=.^ —=— — hs Ce rye Oe vn TỶ Ằ %2 bey Peto @¢l Geir eet Gre tree
em (ome cu n“=®.°2% khó y ỷ/Jỷ}?}ỷỏy đa 949 4ẲẰ9 + LUGE baw lỷ]ˆc”st2k‹ bey vững So CBM ETT sae
Med ow treme 6 wine pete We beth we ee ering wrth) 12% rr
a ee owt omders PeGcd bee
Copyeght © by © Comece All ®ights Reserved Reproduction ts Strethy Prohbited
Trang 32Học viện Công Nghệ Thông Tin Bach Khoa
@ it uses! to encrypt data transferred over SSL connections
rrre^^`x£®® fi rhe cf v.v vự ar - renecaetec TA # Yoon sicgcnrtrhms se1sor
© tey @« oe a ' preiw ` " Mat aiporithrnns
gt ia ! l= 1 toe 4 3 4 “or
- + "chor" preruce ecret [Et eerypied with
7 : Teter WIIh the cremisster secret
1.1 PETER TTT RRR ET RRR T TTT ERE ee
ˆ®.rt £ "“®c\%\ 2@f *rtC€ si wre ' ‘ i ` ot rie ts : SSCS EERE EEE EERE EERE EERE ERROR RR RRR OR eee ee eee ee ee ‘eee ee eee ee eee ose ee eee eeeer Hath vele is ceicusweed for the eaxrhenged hancihete messages aret then : oMoeredc to tree hash va we
rece:wed tram the clere 1 the two ustch the tey aed ((C* ứ? 44096 tt (0L: 292007 tucteeds Sends &
14 “tt tđ@£® 471C #ÍÌw© ver mrestege ash of Paencdihebe meesage|
Copyegtt © by © Cogeced All @ghts Reserved Heproduction is Strictly Protebtied
Trang 33to {cxvet key Ea rae ‘
each other, select Chere Corwhuane nesta str encryption method
Ciert bey exchange | « — ` 5
Trang 35Học viện Công Nghệ Thông Tin Bach Khoa
nh encryption 0eotects Onsk ercryption works wm a similar wish the use of an encryption
stored program for your disk, you can
wey as
om Gisk Dy converting Ft into an and protects data even when the to burn
umreadable code wiing disk
OS not active encryption softwere or hardware falling onto the wrong hands
Oeste the dick, and kéo A from
Prewacy Passphrase Hidden Volumes Voturme Encryption Blue Ray OVD Backug
Copyngtt © oy Ef Cemeceé All @gnrts Reserved Reproduction is Strcthy Prothibtied
Trang 36
CIEH
TrveCrypt is disk encryption software that creates a virtual encrypted disk within a
file and mounts it as a real disk
nt encrypts an entire partition or storage Gevice such as USB flash drive or hard drive
tere rt eee 6! pert | Beer : Mie berd treet -e el wot ee
& «4 —- 0 ~@&? gw Ye - « ~ o — Our ae He
re «¢*a « rt - rf eer ~~ ee
Cee mye et Pe Bp ee tO ee we cette yet oe ten
sa Tho th ee wwe ree TY & ——— - " -.“ ——
“err & TT oe = ert _~ —
Trang 37Disk Encryption Tool: GiliSoft
Full Disk Encryption
Trang 38SafeBit Disk Encryption
Nrito //weww coven! cet
DiskCryptor
nr:p //đ\ck(rv@€@v oer
alertsec
"hit (ldwwđwứwœ clertic c com
Symantec Drive Encryption
Attip //wrew tprmerntec corm
DriveCrypt Plus Pack
artp / Awww cecurster com
Trang 41Học viện Công Nghệ Thông Tin Bach Khoa
previous encryptions
#z
——=
feeds it into the cipher, and analyzes the ; using thts information the
resultene ciphertext xey used to generate ciphertext ts deduced
sO as to decipher other messages
- _——
SC ee eee et Rie ed eee la
Trang 42Học viện Công Nghệ Thông Tin Bach Khoa
of ciphertexts of his own choosing
Extraction of cryptographic secrets
{e.g the password to an encrypted Rubber Hose
file) from a person by ‹ Attack
Trang 43Học viện Công Nghệ Thông Tin Bach Khoa
aetna
Code Breaking Methodologies
it orvolves the use of social Cryptography keys are discovered by
engmeennge techreques to extract trying every possible combination
keys, which are chose tndomy ^^ stretch of written language, certain
7+ letters and combinations of letters occur
with varying frequencies
Copyegit © by © Comecel All gehts Reserved Heproduction is Stricth Prohbited
Trang 44DAI HOC
Defeating a cryptograpivc
scheme by trying 2 large
number of possible keys
until the correct encryption
Brute-force attack is a high
resource and tmme intensive
process, however, more
certam to actweve results
xey, time constramt, and
systerr security mechanisms
ox ¥
ve : wae? 7.7 Vs — Oo ‘S6 bit 7w (7 chart te i” YS 64 bit (8 char} ' CÀ va r = | 128 POON bịt (16 TOS OS Ot eT 7
= OPEN EWR “7ˆ Scat ere LO) Dov eet eo AA Dreier aera 6
4 ` < 1 yes 0)" 79 weurs
OO? sex 3.5 hoes 347 đaxs bo“ 18 yeurs
Copyreit © by EC Co@eci! AD Rights Rewerwed Reproduction h Strictly Probted
Trang 45IVieet-in-the-Middle Attack on Digital Signature Schemes
The attack works Dy end ana
it can be used for " even on digital signatures that
use rmrnultiple-encryption scheme
tot ed wit® intermediate Decrypted with a =
; “john” ; š* kewl te Ciphertext 1 AvBr
1" hev2
l m = ' {rsisvygrirvd {<9 intermediate Decrypred with “AvÐzr'
Trang 47
2 sex | Beer Decrgt | Dtsi5egse°ee/4 tu Poceswe wi ny program in the area of
; ` ~ +“ “| á ` “ Yy+vv wt? ant ` cryptography and
Ị vy eters recerr + oe - cryptoanalysis
Trang 48
CryptoBench
^ertn://œww ocdaric org
iCrypTool
Arto //www Crypt oot o
Arp //qamr yO tour elovor “et
sourrt forge oot
EverCrack
Attip //evercrec® sOuteforge net
AlphaPeeler
atte //olphoepesier va czƒfcrge se
Draft Crypto Analyzer
aero //wew arerorecode com
Linear Hull Cryptanalysis of
Aetp // www es legprusAr cam
Cogyrgtt © by EG Gomer! Al Rights Heverved Reproduction ib Strictly Protbited
Trang 49
Artp //www meg6ercryet ove http //\wew ealnrhartcroct com
Artp //m=dS‹rec# com = a - hit /20www mdSáđecrvetrer.co sề
aa
= N Attp //wwew free org - ite: //mdsS mrr-ndáy com
Attip-/ /wwew hosh-crocter.com Aite.//werwcmds.arg
pm c t and Decrypt Online
5 BBs nite //myproywrew ofp pot.com
Trang 50; CÌ Cryptography is the conversion of data into a scrambled code that is
sent across a private or public network and Gecrypted by its recipients
J Using Public Key Infrastructure (PKI), anyone can send a confidential message using public information, which can only be decrypted with a private-key in the sole
possession of the intended recipient w— AESis a symmetric-key algorithm for securing sensitive but unclassified material by U.S government agencies
as oe ryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted information
wt Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certifecates
len Pal
Coewret! © hy IC Camere’ AM Bight Bewecved Renencietion i: Groth Ponte ad