CEHv8 module 19 cryptography

Exam 3 12 -5 0 Certified Ethical Hacker Ethical Hacking and Countermeasures... Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news so

Trang 1

Module 19

Trang 2

Exam 3 12 -5 0 Certified Ethical Hacker Ethical Hacking and Countermeasures

Trang 3

01 October 2012

R a n so m M a lw a re H its A u s tr a lia a s

3 0 B u s in e s s e s A tta c k e d

The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many

as 30 Australian businesses have now asked police for help coping with attacks in a matter of days.

According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves.

Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total.

In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about

£2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week.

Worryingly, this attack used 256-bit encryption, to all intents and purposes impossible to crack if the key has not been exposed during the attack.

"A lot of businesses can't afford the interruptions to their trade and will pay straight away," detective superintendent Brian Hay of Queensland's fraud and corporate crime group told press.

http://news.techworld.com

S e c u r i t y N e w s 1* R a n s o m M a l w a r e H i t s A u s t r a l i a a s 3 0 B u s i n e s s e s

A t t a c k e d Source: http://news.techworld.com

The 2012 epidemic of ransom malware appears to have turned even nastier with reports that

as many as 30 Australian businesses have now asked police for help coping with attacks in a matter of days.

According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total.

In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about £2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week.

Trang 4

Ransom malware has become a serious issue during 2012, although its effect on businesses is rarely recorded Most of the data that has become public has been in the form of police warnings based on attacks against consumers.

Most attacks simply attempt to engineer users into believing their files are encrypted when they are not or make more general threats, often to report victims to national police for non- existent crimes.

The use of industrial-strength encryption is rare although this sort of technique is actually where the form started as long ago in 2006 with a piece of malware called 'Cryzip.׳

In August, the FBI said it had been "inundated" with ransom malware reports from consumers, not long after the UK's Police Central e-Crime Unit (PCeU) publicised an identical spate of attacks that had affected over a thousand PCs in the UK.

In the past the few security companies that have investigated the issue have pinned the blame

on a single cabal of Russian criminals that seem able to operate with impunity Now the same tactics appear to have spread to gangs in nearby countries such as the Ukraine and Romania The suspicion is that some security vendors say little about the problem because not only is their software unable to stop infections but they can't always unlock the files after the fact either.

All contents © IDG 2012 By: John E Dunn

businesses-attacked/

Trang 5

M o d u l e O b j e c t i v e s

1

J E ncryp tio n A lg o rith m s J Disk E ncryp tio n

J W h a t Is SSH (S ecure Shell)? J C ry p to g ra p h y A ttacks

J C ry p to g ra p h y Tools J C od e B reakin g M e th o d o lo g ie s

J Public Key In fra s tru c tu re (PKI) J C ryptanalysis Tools

J C e rtific a tio n A u th o ritie s J O n lin e M D 5 D e c ry p tio n Tools

ft: M o d u l e O b j e c t i v e s

Having dealt with various security concerns and countermeasures in the preceding modules, it is obvious that cryptography, as a security measure, is here to stay This module will familiarize you with:

Digital Signature Disk Encryption Disk Encryption Tool Cryptography Attacks Code Breaking Methodologies Cryptanalysis Tools

Online MD5 Decryption Tools

Trang 6

Cryptography Concepts |*jiH Encryption Algorithms

Cryptography Attacks 0 ^ ) Cryptanalysis Tools

This section describes cryptography and the types of cryptography.

Trang 7

C o p y r ig h t © b y EG-G*ancil All R ig h ts R e s e r v e d R e p r o d u c t i o n is S tr ic tly P r o h i b i t e d

C r y p t o g r a p h y

Everyone has secrets, and when it is necessary to transfer that secret information from one person to another, it's very important to protect that information or data during the transfer Cryptography takes plaintext and transforms it into an unreadable form (ciphertext) for the purpose of maintaining security of the data being transferred It uses a key to transform

it back into readable data when the information reaches its destination The word crypto is derived from the Greek word kryptos Kryptos was used to depict anything that was concealed, hidden, veiled, secret, or mysterious Graph is derived from graphia, which means writing; hence, cryptography means the art of "the secret writing."

Cryptography is the study of mathematical techniques involved in information security such as confidentiality, data integrity, entity authentication, and data origin authentication Cryptography transforms plaintext messages to ciphertext (encrypted messages) by means of encryption Modern cryptography techniques are virtually unbreakable, though it is possible to break encrypted messages by means of cryptanalysis, also called code breaking There are four main objectives of cryptography:

C o n f i d e n t i a l i t y

According to the International Standards Organization (ISO), confidentiality is "ensuring that the information/data can be accessed only by those authorized." Confidentiality is the

Ethical H acking a n d C o u n te rm e a s u re s C o p y rig h t © by EC-C0UnCil

All Rights R ese rv e d R e p ro d u c tio n is S trictly P ro h ib ite d

M o d u le 19 P a g e 2 7 8 8

Trang 8

I n t e g r i t y

Integrity is ״ensuring that the information is accurate, complete, reliable, and is in its

corruption/modification can reduce the value of the information The damage that data corruption/modification can do to an organization is unfathomable.

Integrity of the data is affected when an insider (employee) of an organization or an attacker deletes/alters important files or when malware infects the computer.

Although it may be possible to restore the modified data to an extent, it is impossible to restore the value and reliability of the information.

Examples of violating the data integrity include:

9 A frustrated employee deleting important files and modifying the payroll system

9 Vandalizing a website and so on

A u t h e n t i c a t i o n

- Authenticity is "the identification and assurance of the origin of information." It is important to ensure that the information on the system is authentic and has not been tampered with It is also important to ensure that the computer users or those who access information are who they claim to be.

N o n r e p u d i a t i o n

has been sent and received by the persons or parties who actually intended to Let us assume that party A is sending a message M with the signature S to the party B Then party A cannot deny the authenticity of its signature S It can be obtained through the use of:

9 Digital signatures: A digital signature functions as unique identifier for an individual, like

a written signature It is used to ensure that a message or document is electronically signed by the person.

9 Confirmation services: It is possible to indicate that messages are received and/or sent

by creating digital receipts These digital receipts are generated by the message transfer agent.

Trang 9

E n c ry p tio n

Guuihifhofn kbifkfnnfk Nklclmlm

«*״&}״(_)_

D e c r y p tio n

|

Dear John, This is my A/C number 7974392830

P l a i n t e x t C i p h e r t e x t P l a i n t e x t

A s y m m e tric E n c ry p tio n

Asymmetric encryption (public-key) uses different encryption keys for encryption and decryption These keys are known as public and private keys

S y m m e tric E n c ry p tio n

Symmetric encryption (secret-key,

shared-key, and private-key) uses the

same key for encryption as it does for

»A״&)״LL

D e c r y p tio n

Dear John, This is my A/C number

P l a i n t e x t C i p h e r t e x t P l a i n t e x t ^

9 Symmetric encryption (secret key cryptography)

e Asymmetric encryption (public key cryptography)

S y m m e t r i c E n c r y p t i o n

'וי

The symmetric encryption method uses the same key for encryption and decryption

As shown in the following figure, the sender uses a key to encrypt the plaintext and sends the ciphertext to the receiver The receiver decrypts the ciphertext with the same key that is used for encryption and reads the message in plaintext As a single secret key is used in this process symmetric encryption is also known as secret key cryptography This kind of cryptography works well when you are communicating with only a few people.

M o d u le 19 P a g e 2 7 9 0

Trang 10

The p r o b le m w it h th e s e c re t key is tr a n s f e r r in g it o ve r th e large n e t w o r k or In tern et w h ile

p re v e n tin g it f r o m fallin g in to th e w ro n g hands In th is process, a n y o n e w h o k n o w s th e secret key ca n d e c ry p t t h e m essage This p r o b le m can be fixed by a s y m m e t r ic e n c r y p t io n

A s y m m e t r i c E n c r y p t i o n

ty p e o f c ry p to g ra p h y , an end user on a p u b lic o r priva te n e t w o r k has a pair o f keys: a pu blic key

fo r e n c r y p t io n an d a p riv a te key fo r d e c ry p t io n H ere, a p r iv a te k e y c a n n o t be d e riv e d fro m th e

p u b lic key

a s y m m e t r ic c ry p to g ra p h y, th e s e n d e r e n c o d e s th e m essage w it h th e h elp o f a p u b lic key and

th e re c e ive r d e c o d e s th e m e ssag e using a r a n d o m key g e n e r a te d by th e s e n d e r 's p u b lic key

A /C n u m b e r

797 439283 0

Plain textCiphertext

Plain text

FIGURE 19.3: Asymmetric Encryption method

Trang 11

E H

m

Government Access to

Keys means that software

companies will give copies of all

keys, (or at least enough of the

key that the remainder could

be cracked) to the government

\ssueth\s

A key e s c ro w e n c r y p t io n sy s te m p ro v id e s th e d e c ry p tin g c a p a b ilit y to ce rtain

a u th o riz e d p e rso n n e l, u n d e r st ip u la te d co n d itio n s , and can d e c ry p t t h e data

The d a t a r e c o v e r y key s fo r e n c ry p tin g and d e c ry p t in g th e data are n o t s im ila r, but th e y in fo rm

a m e t h o d t o d e t e r m in e t h e e n c r y p t io n an d d e c r y p t io n keys T h e y in clu d e a key e s c ro w (used to refer th e sa fe g u ard th e data keys), key archive, key backup, an d data r e c o v e r y system

Key r e c o v e ry s y s te m s have g a in e d p r o m in e n c e due to th e de s ire o f g o v e r n m e n t in te llig e n c e and law e n f o r c e m e n t ag e n cie s to g u a r a n te e th e y have access t o th e e n c r y p te d in fo rm a tio n

w it h o u t th e k n o w le d g e o r c o n s e n t o f e n c r y p tio n users

A w e ll-d e s ig n e d c ry p to s y s t e m p ro v id e s s e c u rity by re c o v e rin g th e e n c r y p te d da ta w it h o u t

p r o p e r in fo rm a tio n a b o u t th e c o r r e c t key T he m a in te n a n c e o f su ch h ig h - s e c u r it y m e a s u re s

m ay cause p r o b le m s to t h e o w n e r o f th e e n c ry p te d data if th e o w n e r lo ses th e key

The e ve n tu a l goal o f g o v e r n m e n t - d r iv e n re c o v e r y e n c ry p tio n , as state d in th e US D e p a r tm e n t

o f C o m m e r c e 's re c e n t e n c ry p tio n re g u latio n s, "E n v is io n s a w o r ld w i d e key m a n a g e m e n t

in fra s tru c tu re w ith th e use o f key e s c ro w a n d key re c o v e ry e n c r y p tio n ite m s "

The C lip p e r Ch ip is a h a r d w a r e - b a s e d c r y p to g r a p h ic d e v ic e used to s e cu re priva te

c o m m u n ic a t io n s by s im u lt a n e o u s ly a u th o riz in g g o v e r n m e n t ag ents to o b ta in th e keys upon giving it, v ag u e ly t e r m e d "le g a l a u t h o r iz a t io n "

M o d u le 19 P a g e 2 7 9 2

Trang 13

M o d u l e F l o w C E H

C o p y r ig h t © b y EG-G*ancil All R ig h ts R e s e r v e d R e p r o d u c t i o n Is S tr ic tly P r o h i b i t e d

M o d u l e F l o w

So fa r, w e have discussed c ry p to g ra p h y and th e c o n c e p ts associated w ith it N o w w e

w ill discuss e n c ry p tio n key c o n c e p ts o f c ry p to g ra p h y T h e re are m a n y m e ch a n ism s, i.e,

e n c ry p tio n a lg o rith m s , th a t a llo w yo u to e n c ry p t th e p la in te x t

This s e c tio n describes cip h e rs and v a rio u s e n c ry p tio n a lg o rith m s such as AES, DES, RC4, RC5, RC6, DSA, RSA, M D 5 , a n d SSH

M o d u le 19 P a g e 2 7 9 4

Trang 14

C ry p to g ra p h y

C i p h e r s

C ry p to g ra p h y re fe rs to s e c re t w r itin g and a c ip h e r is n o th in g m o re th a n an a lg o rith m used fo r b o th e n c ry p tio n as w e ll as d e c ry p tio n The tr a d itio n a l m e th o d o f e n co d in g and

d e c o d in g used to be in a d iffe r e n t fo r m a t, w h ic h p ro v id e d n u m b e rin g fo r each le tte r o f th e

a lp h a b e t and used t o e n c o d e th e given m essage If th e a tta c k e r also k n e w th e n u m b e rin g

s y s te m , he o r she c o u ld d e co d e it

In c ry p to g ra p h y , th e c ip h e r a lg o rith m used f o r e n c o d in g is k n o w n as e n c ip h e rin g and d e c o d in g

is k n o w n as d e c ip h e rin g

Example:

a b c d e f g h z a re g ive n in codes o f n u m e ric a l n u m b e rs , such as 1 2 3 4 5 26

The m essage can be e n c o d e d based on th is e x a m p le and can be d e co d e d as w e ll In a c ip h e r,

th e m essage a p p e a rs as p la in te x t b u t has been e n c o d e d th ro u g h a key Based on th e

re q u ire m e n ts th e key c o u ld be a sy m b o l o r som e o th e r fo r m o f te x t If th e m essage is h ig h ly

c o n fid e n tia l, th e n th e key is re s tric te d to th e s e n d e r and re c ip ie n t, b u t in som e cases in open

d o m a in s , so m e keys a re shared w ith o u t a ffe c tin g th e m a in data

T h e re are v a rio u s ty p e s o f c ip h e rs:

Trang 15

C l a s s i c a l C i p h e r s

IT O W j Classical cip h e rs are th e m o s t basic ty p e o f cip h e rs th a t o p e ra te on a lp h a b e t le tte rs ,

such as A-Z These are usually im p le m e n te d e ith e r by hand o r w ith s im p le m e c h a n ic a l

d e vice s These are n o t v e ry re lia b le T h e re are tw o ty p e s o f classical c ip h e rs:

ch a ra cte rs, o r blocks o f c h a ra c te rs w ith d iffe r e n t bits, ch a ra c te rs , o r blocks

The c ip h e rte x t is a p e rm u ta tio n o f th e p la in te x t

M o d e r n C i p h e r s

p ro v id e m essage secrecy, in te g rity , and a u th e n tic a tio n o f th e s e n d e r The m o d e rn c ip h e rs are

c a lc u la te d w ith th e h elp o f a o n e -w a y m a th e m a tic a l fu n c tio n th a t is ca p a b le o f fa c to r in g la rg e

p rim e n u m b e rs M o d e rn cip h e rs are again cla ssifie d in to tw o ca te g o rie s based on th e ty p e o f key and th e in p u t d a ta T h e y are:

Based on th e ty p e o f k e y used

e n c ry p tio n and d e c ry p tio n

R L י

Based o n th e ty p e o f in p u t d a ta

C H *)-□

size w ith an u n v a ry in g tr a n s fo rm a tio n s p e c ifie d by a s y m m e tric key

p la in te x t d ig its w ith a key s tre a m (p s e u d o ra n d o m c ip h e r d ig it s tre a m )

M o d u le 19 P a g e 2 7 9 6

Trang 16

DES is the archetypal block cipher — an algorithm that takes a fixed-length string of plaintext bits and transforms it into a ciphertext bitstring of the same length

Due to the inherent weakness of DES with today's technologies, some organizations repeat the process three times (3DES) for added strength, until they can afford to update their equipment to AES capabilities

C o p y r ig h t © b y EG-G*ancil All R ig h ts R e s e r v e d R e p r o d u c t i o n Is S tr ic tly P r o h i b i t e d

DES gives 72 q u a d r illio n o r m o re possible e n c ry p tio n keys and choses a ra n d o m key fo r each

m essage to be e n c ry p te d T h o u g h DES is c o n s id e re d to be s tro n g e n c ry p tio n , a t p re s e n t, tr ip le DES is used by m any o rg a n iz a tio n s T rip le DES a p p lie s th re e keys successively

Trang 17

AES is a symmetric-key algorithm for

securing sensitive but unclassified material

by U.S government agencies

AES is an iterated block cipher, which

works by repeating the same operation

multiple times

128,192, and 256 bits, respectively for AES-

128, AES-192, and AES-256

A d v a n c e d E n c r y p t i o n S t a n d a r d ( A E S )

The A d va n ce d E n c ry p tio n S ta n d a rd (AES) is a N a tio n a l In s titu te o f S ta n d a rd s and

T e c h n o lo g y s p e c ific a tio n fo r th e e n c ry p tio n o f e le c tro n ic d a ta It can be used t o e n c ry p t d ig ita l

in fo rm a tio n such as te le c o m m u n ic a tio n s , fin a n c ia l, and g o v e rn m e n t d a ta AES consists o f a

s y m m e tric -k e y a lg o rith m , i.e., b o th e n c ry p tio n and d e c ry p tio n are p e rfo rm e d using th e sam e key

It is an ite ra te d b lo ck c ip h e r th a t w o rk s by re p e a tin g th e d e fin e d steps m u ltip le tim e s This has a

1 2 8 -b it b lo ck size, w ith key sizes o f 128, 192, and 256 bits, re s p e c tiv e ly , f o r AES-128, AES-192, and AES-256

AES P se u d o co d e

In itia lly , th e c ip h e r in p u t is c o p ie d in to th e in te rn a l s ta te and th e n an in itia l ro u n d key is a d d e d The s ta te is tra n s fo rm e d by ite ra tin g a ro u n d fu n c tio n in a n u m b e r o f cycles Based on th e block size and key le n g th , th e n u m b e r o f cycles m a y va ry O nce ro u n d in g is c o m p le te d , th e fin a l s ta te

M o d u le 19 P a g e 2 7 9 8

Trang 19

RC6 is a symmetric key block cipher derived from RC5 with two additional features:

» Uses In te g e r m u ltip lica tio n

» Uses fo u r 4 -b it w o rkin g registers (RC5 uses t w o 2 -b it registers)

R C 4 , R C 5 , a n d R C 6 A l g o r i t h m s

The e n c ry p tio n a lg o rith m s d e v e lo p e d by RSA S e c u rity are:

RC4

RC4 is a s tre a m c ip h e r fo r RSA S e cu rity, w h ic h Rivest de sig n e d It is a v a ria b le key-size

s tre a m c ip h e r w ith b y te -o rie n te d o p e ra tio n s and is based on th e use o f a ra n d o m

p e r m u ta tio n A c c o rd in g to so m e analysis, th e p e rio d o f th e c ip h e r is lik e ly to be g re a te r th a n

10100 For each o u tp u t b y te , e ig h t to six te e n syste m o p e ra tio n s are used, w h ic h m eans th e

c ip h e r can ru n fa s t in s o ftw a re In d e p e n d e n t analysts have had a c a re fu l and c ritic a l lo o k a t th e

a lg o rith m , and it is c o n s id e re d secure P ro d u cts like RSA SecurPC use th is a lg o rith m fo r file

e n c ry p tio n Rc4 is also used fo r safe c o m m u n ic a tio n s like tr a ffic e n c ry p tio n , w h ic h secures

w e b s ite s and fro m secure w e b s ite s w ith SSL p ro to c o l

RC5

RC5 is a b lo c k c ip h e r k n o w n fo r its s im p lic ity R onald Rivest d esigne d it T his a lg o rith m has a v a ria b le b lo c k size and key size and a v a ria b le n u m b e r o f ro u n d s The choices fo r

th e b lock-size are 32 bits, 64 bits, and 128 bits The ite ra tio n s range fr o m 0 to 255;

w h e re a s th e key sizes have a range fro m 0 to 2 0 4 0 bits It has th re e ro u tin e s : key e xp a n sio n ,

e n c ry p tio n , and d e c ry p tio n

RC6

Ethical H acking a n d C o u n te rm e a s u re s C o p y rig h t © by EC-C0l1nCil

M o d u le 19 P a g e 2 8 0 0

Trang 20

It is a b lo ck c ip h e r th a t is based on RC5 Like in RC5, th e b lo ck size, th e key size, and th e n u m b e r

o f ro u n d s are v a ria b le in th e RC6 a lg o rith m The key-size ranges fro m 0 b its to 2040 In a d d itio n

to RC5, RC6 has tw o m o re fe a tu re s , w h ic h are th e a d d itio n o f in te g e r m u ltip lic a tio n and th e usage o f fo u r 4 - b it w o rk in g re g is te rs as an a lte rn a tiv e t o RC5׳ s tw o 2 - b it re g is te rs

Trang 21

Digital Signature Algorithm

FIPS 186-2 specifies the Digital Signature

Algorithm (DSA) that may be used in the

generation and verification of digital

signatures for sensitive, unclassified

applications

1 Select a p rim e n u m b e r q such th a t 2159 < q < 2 160

2 Choose t so th a t 0 < t £ 8

3 Select a p rim e n u m b e r p such th a t 2511*64' < p < 2512*64' w ith th e

a d d itio n a l p r o p e rty t h a t q d ivid e s (p-1)

A d ig ita l s ig n a tu re is a m a th e m a tic a l schem e used fo r th e a u th e n tic a tio n o f a d ig ita l

m essage D ig ita l S ig n a tu re A lg o rith m (DSA) is in te n d e d fo r its use in th e U.S Federal

In fo rm a tio n P rocessing S tandard (FIPS 186) calle d th e D ig ita l S ig n a tu re S ta n d a rd (DSS) DSA

w as a c tu a lly p ro p o s e d by th e N a tio n a l In s titu te o f S tandard s and T e c h n o lo g y (NIST) in A u g u st

1991 NIST m a d e th e U.S P a te n t 5 ,2 3 1 ,6 6 8 th a t covers DSA a v a ila b le w o rld w id e fre e ly It is th e fir s t d ig ita l s ig n a tu re s ch e m e re co g n ize d by any g o v e rn m e n t

A d ig ita l s ig n a tu re a lg o rith m includes a s ig n a tu re g e n e ra tio n process and a s ig n a tu re

v e r ific a tio n process

S ig n a tu re G e n e ra tio n Process: The p riv a te key is used t o k n o w w h o has sig n e d it

S ig n a tu re V e r ific a tio n Process: T he p u b lic key is used to v e rify w h e th e r th e g ive n d ig ita l

s ig n a tu re is g e n u in e o r n o t

As to th e p o p u la rity o f o n lin e s h o p p in g g ro w s , e -p a y m e n t system s and v a rio u s o th e r e le c tro n ic

p a y m e n t m odes re ly on v a rio u s system s lik e DSA

B e n e fits o f DSA:

DSA, w ith its uses and b e n e fits , m ay b rin g re v o lu tio n a ry changes in th e fu tu re

M o d u le 19 P a g e 2 8 0 2

Trang 22

R S A ( R i v e s t S h a m i r A d l e m a n )

RSA is a p u b lic -k e y c ry p to s y s te m It uses m o d u la r a rith m e tic and e le m e n ta ry n u m b e r

th e o rie s t o p e rfo rm c o m p u ta tio n s using tw o la rg e p rim e n u m b e rs RSA e n c ry p tio n is w id e ly used and is th e d e -fa c to e n c ry p tio n s ta n d a rd

Ron Rivest, Adi S h a m ir, and L eona rd A d le m a n fo rm u la te d RSA, a p u b lic key c ry p to s y s te m fo r

e n c ry p tio n and a u th e n tic a tio n It is u s u a lly used w ith a s e c re t key c ry p to s y s te m , like DES The RSA system is w id e ly used in a v a rie ty o f p ro d u c ts , p la tfo rm s , and in d u s trie s M a n y o p e ra tin g system s like M ic ro s o ft, A p p le , Sun, and N o ve ll b u ild th e RSA a lg o rith m s in to th e e xistin g

ve rsio n s It can also be fo u n d on h a rd w a re se cu re d te le p h o n e s , on E th e rn e t n e tw o rk cards, and

on s m a rt cards C o n sid e r th a t A lice uses th e RSA te c h n iq u e to send Bob a m essage If A lice

d e s ire s to c o m m u n ic a te w it h B o b , she e n c ry p ts th e m essage using a ra n d o m ly chosen DES key and sends it t o Bob T hen she w ill lo o k up Bob's p u b lic key and use it t o e n c ry p t th e DES key The RSA d ig ita l e n v e lo p e , w h ic h is s e n t t o Bob by A lice, consists o f a D E S -encrypted m essage and R S A -encrypted DES key W h e n Bob re ce ive s th e d ig ita l e n v e lo p e , he w ill d e c ry p t th e DES key w ith his p riv a te key, and th e n use th e DES key t o d e c ry p t th e m essage its e lf This system

c o m b in e s th e h ig h s p e e d o f DES w it h th e ke y m a n a g e m e n t c o n v e n ie n c e o f th e RSA s y s te m The w o rk in g o f RSA is as fo llo w s : T w o la rg e p rim e n u m b e rs are ta k e n (say " a " and " b " ) , and

th e ir p ro d u c t is d e te rm in e d (c = ab, w h e re " c " is c a lle d th e m o d u lu s ) A n u m b e r " e " is chosen such th a t it is less th a n " c " and re la tiv e ly p rim e to ( a - l) ( b - l) , w h ic h m eans th a t " e " and ( a - l) ( b -

Trang 23

1) have no c o m m o n fa c to rs e x c e p t 1 A p a rt fro m th is , a n o th e r n u m b e r " f " is chosen such th a t (e f - 1) is d iv is ib le by ( a - l) ( b - l) The va lu e s " e " and " f " a re calle d th e p u b lic and p riv a te

e x p o n e n ts , re s p e c tiv e ly The p u b lic key is th e p a ir (c, e); th e p riv a te key is th e p a ir (c, f) It is

s o m e o n e can fa c to r " c " in to " a " a n d " b " , th e n he o r she can d e c ip h e r th e p riv a te key " f " The

s e c u rity o f th e RSA system is based on th e a s s u m p tio n th a t such fa c to rin g is d iffic u lt to c a rry

o u t, and th e re fo re , th e c ry p to g ra p h ic te c h n iq u e is safe

M o d u le 19 P a g e 2 8 0 4

Trang 24

c o m p ro m is in g RSA s e c u rity The advance s in c lu d e fa c to rin g te c h n iq u e , c o m p u tin g p o w e r, and decrease in th e e x p e n d itu re o f th e h a rd w a re The w o rk in g o f RSA as e xp la in e d b e fo re is illu s tra te d in th e fo llo w in g e xa m p le For P = 61 and Q = 53, PQ = 3233 Taking a p u b lic

e x p o n e n t, E = 17, and a p riv a te e x p o n e n t, D = 2753, it can be e n c ry p te d in to pla in te x t 123 as

s h o w n as fo llo w s :

PQ = 3233 <= m o d u lu s (give th is t o o th e rs )

D = 2753 <= p riv a te e x p o n e n t (keep th is s e c re t!)

Y our p u b lic key is (E,PQ)

Y our p riv a te key is D

Trang 25

The e n c ry p tio n fu n c tio n is: e n c ry p t(T ) = (T AE) m o d PQ

= (TA17) m o d 3233 The d e c ry p tio n fu n c tio n is: d e cryp t(C ) = (CAD) m o d PQ

M o d u le 19 P a g e 2 8 0 6

Trang 26

recover the message m from the signature.

1 Signature generation Entity ^4 should do the following

(c) Verify that m € M r : if not reject the signature.

(d) Recover rn = R 1(in ).

m essage) The RSA s ig n a tu re schem e is th e fir s t te c h n iq u e used to g e n e ra te d ig ita l s ig n a tu re s

It is a d e te rm in is tic d ig ita l s ig n a tu re schem e th a t p ro v id e s m essage re c o v e ry fr o m th e s ig n a tu re its e lf It is th e m o s t p ra c tic a l and v e rs a tile te c h n iq u e a v a ila b le

RSA in vo lve s b o th a p u b lic key and a p riv a te key The p u b lic key, as th e n a m e in d ic a te s , m eans any p erson can use it fo r e n c ry p tin g m essages The m essages th a t are e n c ry p te d w ith th e

p u b lic key can o n ly be d e c ry p te d w ith th e h e lp o f th e p riv a te key

C o n sid e r th a t John e n c ry p ts his d o c u m e n t M using his p riv a te key SA, th e re b y c re a tin g a

s ig n a tu re Sj0hn(M ) John sends M a long w ith th e s ig n a tu re Sj0hn(M ) to A lice A lice d e c ry p ts th e

d o c u m e n t using A lic e 's p u b lic key, th e re b y v e rify in g J o h n 's s ig n a tu re

RSA ke y g e n e ra tio n

The p ro c e d u re fo r RSA key g e n e ra tio n is c o m m o n fo r all th e RSA-based s ig n a tu re schem es To g e n e ra te an RSA key p a ir, i.e., b o th an RSA p u b lic ke y and c o rre s p o n d in g p riv a te key, each e n tity A s h o u ld do th e fo llo w in g :

Trang 27

9 Choose a random integer e׳ l<e< < ן> such that get(e, (J))=l

9 Use the extended Euclidean algorithm in order to compute the unique integer d, l<d< (j) such that ed= 1 (mod < j> )

9 The public key of A is (n, e) and private key is d

Destroy p and q at the end of the key generation

The RSA signature is generated and verified in the following way.

In o rd e r t o v e rify A's s ig n a tu re s and re c o v e r m essage m, B s h o u ld d o th e fo llo w in g :

M o d u le 19 P a g e 2 8 0 8

Trang 28

L information

M e s s a g e D ig e s t F u n c tio n

Note: Message digests are also called one-way bash functions because they cannot be reversed

M e s s a g e D i g e s t ( O n e - w a y H a s h ) F u n c t i o n s

I I

a single large n u m b e r, ty p ic a lly b e tw e e n 12 8 - and 2 5 6 -b its in le n g th M essage d ig e s t fu n c tio n s

c a lc u la te a u n iq u e fix e d -s iz e b it s trin g re p re s e n ta tio n c a lle d hash v a lu e o f any a r b itr a r y block o f

in fo rm a tio n The best m essage d ig e st fu n c tio n s c o m b in e th e s e m a th e m a tic a l p ro p e rtie s Every

b it o f th e m essage d ig e s t fu n c tio n is in flu e n c e d by e v e ry b it o f th e fu n c tio n 's in p u t If any given

b it o f th e fu n c tio n 's in p u t is ch a n g e d , e v e ry o u tp u t b it has a 50 p e rc e n t chance o f changin g

G iven an in p u t file and its c o rre s p o n d in g m essage d ig e st, it s h o u ld be in fe a s ib le t o fin d a n o th e r file w ith th e sam e m essage d ig e s t va lu e

M essage digests are also calle d o n e -w a y bash fu n c tio n s because th e y p ro d u c e va lu e s th a t are

d iffic u lt t o in v e rt, re s is ta n t t o a tta c k , m o s tly u n iq u e , and w id e ly d is trib u te d

Trang 29

a l 4 0 9 2 a f 9 4 8 b 9 3 8 5 6 9 5 8 4 e 5 b 8 d 8 d 3 0 7 a

FIGURE 19.5: SHA1 a Message digest function

© SHA-1

D o c u m e n t

M o d u le 19 P a g e 2 8 1 0

Trang 30

M e s s a g e D i g e s t F u n c t i o n : M D 5

H is a hash fu n c tio n th a t is a tra n s fo rm a tio n th a t a cce p ts a v a ria b le o f a n y size as an

in p u t, m , and re tu rn s a s trin g o f a c e rta in size This is called th e hash v a lu e h i.e h=H (m ) The

fu n d a m e n ta l re q u ire m e n ts fo r th e c ry p to g ra p h ic hash fu n c tio n s are:

A nd H (x), can be easily c o m p u te d f o r any v a lu e o f x and it m u st be o n e -w a y (i.e., it c a n n o t be

in v e rte d and it has an in fe a s ib le c o m p u ta tio n fo r th e given in p u t) a n d c o llis io n fre e H is

c o n s id e re d to be a w e a k c o llis io n fre e hash fu n c tio n if th e given m essage x is in fe a s ib le to fin d a

m essage y, so th a t H (x) =H (y) It is a c o llis io n fre e hash fu n c tio n if it is in fe a s ib le to fin d any tw o

m essages x and y such th a t H (x) =H (y)

The m a in ro le o f a c ry p to g ra p h ic hash fu n c tio n is to p ro v id e d ig ita l sig n a tu re s Hash fu n c tio n s are re la tiv e ly fa s te r th a n d ig ita l s ig n a tu re a lg o rith m s ; hence, its c h a ra c te ris tic fe a tu re is to

Trang 31

signed w ith th e p riv a te key The a lg o rith m s m e n tio n e d h e re can be o f v a ria b le le n g th b u t w ith

th e re s u lta n t m essage d ig e s t o f 1 2 8 -b it

The s tru c tu re s o f all th re e a lg o rith m s a p p e a r to be s im ila r, th o u g h th e design o f M D 2 is

re a s o n a b ly d iffe r e n t fr o m M D 4 and M D 5 M D 2 w as d e sig n e d fo r th e 8 - b it m ach in e s, w h e re a s

th e M D 4 and M D 5 w e re d e sig n e d f o r th e 3 2 -b it m ach in e s The m essage is added w ith e xtra bits

to m ake sure th a t th e le n g th o f th e b its is d iv is ib le by 512 A 6 4 -b it b in a ry m essage is added to

th e m essage

D e v e lo p m e n t o f a tta c k s on v e rsio n s o f M D 4 has p rogressed ra p id ly and D o b b e rtin sh o w e d h o w

co llis io n s f o r th e fu ll v e rs io n o f M D 4 c o u ld be fo u n d in u n d e r a m in u te on a ty p ic a l PC M D 5 is

re la tiv e ly secure b u t is s lo w e r th a n M D 4 This a lg o rith m has fo u r d iffe r e n t ro u n d s, w h ic h are

d esigne d w ith s lig h t d iffe re n c e s th a n th a t o f M D 4, b u t b o th th e m e ssa g e -d ig e st size and

p ro d u c e d w h e n an a r b itr a r y in p u t m essage is ra n d o m iz e d T h e re are tw o typ e s o f b ru te -fo rc e

a tta c k s f o r o n e -w a y hash fu n c tio n : N o rm a l b ru te fo rc e and b irth d a y a tta c k

Exam ples o f a fe w m essage digests are:

_] batch_rename.png 14 472 18528C0A EAF2C712FGE537AE1FEFD3FA1A4F4AAB

1 1 change_attributes.html 8 574 58101E 09 E18D9F81CCF9A300F79321E8C7G8E021

1 change_attributes.png 7 957 2531FC3E 5E 8A8FB 259C7FD F790E 5597C8154AF38

ח change_case.html 8 756 FC41186B DDCAD7CF08BF7897D5B8B5F9806B47FD

Q change_case.png G 821 2D34D339 04FE D 507091F5F095D 977B 358E C20E E D

1 1 checksum״ verify, png 8117 3D 8D 9801 AC8AFE 99B 76B D1022AC7B 2E 34A7E1C49_J convert.html 9 289 BE535A89 902BA23D 7CC95EA2999CDA2E F1B27B41

1 convert, png 7 080 D760CFC6 F117GC79G7E1DA2CA743D26DE9F1B0C0

LJ convert_menu.png 8 735 638F8F0F 3F1BBD5E0B0B9E86970EDBA9705F14D4

r 1 file_comparator.html 8 575 44ED5DC4 959981C3E7D 7559C9E E 77965302A6E 0A

[J file_comparator.png 17 787 D1GF0E2B C1AE151GBEABC17EDEFB58212D2C5331

▼

CloseSave MD5

Save SFV

clipboard, hint

FIGURE 1 9 6 : C h e c k s u m v e rifie r

M o d u le 19 P a g e 2 8 1 2

Trang 32

00

SHA1

00

0

The Secure Hash A lg o rith m (SHA), s p e c ifie d in th e S ecure Hash S ta n d a rd (SHS), w as

d e v e lo p e d by NIST, and p u b lish e d as a fe d e ra l in fo rm a tio n -p ro c e s s in g s ta n d a rd (FIPS PUB 180)

It is an a lg o rith m fo r g e n e ra tin g a c ry p to g ra p h ic a lly secure o n e -w a y hash SHA is p a rt o f th e

C apstone P ro je c t C a p sto n e is th e U.S g o v e rn m e n t's lo n g -te rm p ro je c t to d e v e lo p a se t o f

s ta n d a rd s fo r p u b lic ly a v a ila b le c ry p to g ra p h y , as a u th o riz e d by th e C o m p u te r S e c u rity A c t o f

1987 The basic o rg a n iz a tio n s th a t are re s p o n s ib le fo r C a pstone are NIST and th e NSA SHA is

s im ila r to th e M D 4 m e ssa g e -d ig e st a lg o rith m fa m ily o f hash fu n c tio n s , w h ic h w as d e v e lo p e d by Rivest

The a lg o rith m a cce p ts a m essage o f 2 6 4 b its in le n g th and a 1 6 0 -b it m essage o u tp u t d ig e s t is

p ro d u c e d , th a t is d esigne d to c o m p lic a te th e se a rch in g o f th e te x t, w h ic h is s im ila r to th e given hash The a lg o rith m is s lig h tly s lo w e r th a n M D 5 , b u t th e la rg e r m essage d ig e st m akes it m o re secure a g a in st b ru te -fo rc e c o llis io n and in v e rs io n atta cks

The fo llo w in g are th e c ry p to g ra p h ic hash fu n c tio n s d esigne d by th e N a tio n a l S e c u rity A g e n cy (NSA):

Trang 33

S H A 1

S H A l p ro d u c e s a 1 6 0 -b it d ig e st fr o m a m essage w ith a m a x im u m le n g th o f (264 - 1) bits, and re se m b le s th e M D 5 a lg o rith m

SHA2 is a fa m ily o f tw o s im ila r hash fu n c tio n s , w ith d iffe r e n t b lo c k sizes, n a m e ly SHA-

256 th a t uses 3 2 -b it w o rd s and SHA-512 th a t uses 6 4 -b it w o rd s

Interna

1 hash sum (bits)

Size o fblock(bits)

M axim um size of message (bits)

Size of

w ord(bits)

Rounds

TABLE 19.1: Comparison between SHA-0, SHA-1 & SHA-2 functions

M o d u le 19 P a g e 2 8 1 4

Trang 34

S ecure

C hannel

It provides an encrypted channel for rem ote logging, command execution and file transfers

Remote Communication

MS or UNIX client

Note: SSH2 is a m o re secure, e ffic ie n t, and p o rta b le v e rsio n o f SSH th a t include s SFTP, an SSH2 tu n n e le d FTP

W h a t I s S S H ( S e c u r e S h e l l ) ?

Secure Shell is a p ro g ra m th a t is used to lo g o n to a n o th e r c o m p u te r o ve r th e n e tw o rk ,

to tra n s fe r file s fro m o n e c o m p u te r to a n o th e r It o ffe rs g o o d a u th e n tic a tio n and a secure

c o m m u n ic a tio n c h a n n e l o v e r in se cu re m e d ia It m ig h t be used as a re p la c e m e n t f o r te ln e t,

lo g in , rsh, and rep In SSH2, s ftp is a re p la c e m e n t fo r f t p In a d d itio n , SSH o ffe rs secure

c o n n e c tio n s and secure tra n s fe rrin g o f TCP c o n n e c tio n s SSH1 and SSH2 are c o m p le te ly

d iffe r e n t p ro to c o ls SSH1 e n c ry p ts th e user's s e rv e r and hosts keys t o a u th e n tic a te w h e re SSH2

o n ly uses h o s t keys, w h ic h are d iffe r e n t packets o f keys SSH2 is m o re secure th a n SSH1 It

s h o u ld be n o te d th a t th e SSH1 and SSH2 p ro to c o ls are in fa c t d iffe r e n t and n o t c o m p a tib le w ith each o th e r SSH2 is m o re secure and has an im p ro v e d p e rfo rm a n c e th a n SSH1 and is also m o re

p o rta b le th a n SSH1

The SSH1 p ro to c o l is n o t b eing d e v e lo p e d a n y m o re , as SSH2 is th e s ta n d a rd Som e o f th e m ain

fe a tu re s o f SSH1 a re as fo llo w s :

Trang 35

9 It s u p p o rts v a rie d a u th e n tic a tio n

SSH c o m m u n ic a tio n s s e c u rity m a in ta in s SSH1 and SSH2 p ro to c o ls

It a u th e n tic a te s w ith th e help o f o n e o r m o re o f th e fo llo w in g :

S ecure S hell p ro te c ts a g a in s t:

s p o o fin g ) SSH p ro te c ts a g a in st a s p o o fe r on th e local n e tw o rk , w h o can p re te n d to be

th e user's r o u te r to th e o u ts id e

ro u tin g )

server

M S o r U N I X c l i e n t S S H T u n n e l

FIGURE 19.7: Secure shell tunneling

U N I X s e r v e r

M o d u le 19 P a g e 2 8 1 6

Trang 36

M o d u l e F l o w

So fa r, w e have discussed c ry p to g ra p h y c o n c e p ts and v a rio u s e n c ry p tio n a lg o rith m s

N o w it is tim e to discuss h o w c ry p to g ra p h y is u s u a lly p e rfo rm e d T h e re are m any c ry p to g ra p h ic

to o ls re a d ily a va ila b le in th e m a rk e t th a t can h e lp y o u to secure y o u r d a ta

■

■!;:!ו

Trang 37

3 r : 1 t c MS-wi I»e7c2*«faf0l«0237 68 * 9071047812 ג blc6a3S3 «5fc23c:35!e49355e

&9i?cUcN21Sr«ac v9 4b«1*c27S4868 bf(76bcO 901 b80c4ft449&db3& 1

■ ' WnOurrp^xe 7b 50683722d9dd3<k dMb<5472l95L 2M6M21 2525041dci2ba372^0 c9H3T2fa9 0iMc70dc7b30ac6«£ 26WBeef8b1a4״ 4bfdc0e1 bc3H4a?93*f6dl6c6 OS6lOJcbd

a Ur[() 1 Selected Hirson f reeware n r.o :'v w

l - l " l

HashCalc

Data Focmat: Data:

| F ie ~^\ |C \P f0flfam Files (x86)\Ha$hCalc\HashCalc.chm

Key Format Key;

H ashing is one fo r m o f c ry p to g ra p h y in w h ic h a m essage d ig e s t fu n c tio n is used to c o n v e rt

p la in tte x t in to its e q u iv a le n t hash va lu e This m essage d ig e st fu n c tio n uses d iffe r e n t hash

a lg o rith m s t o c o n v e rt p la in te x t in to hash va lu e s M a n y M D 5 hash c a lc u la to rs are re a d ily

a va ila b le in th e m a rk e t E xam ples o f M D 5 hash c a lc u la to rs in c lu d e :

H a s h C a l c

Source: h ttp ://w w w s la v a s o ft.c o m

The HashCalc u tility a llo w s y o u t o c o m p u te m essage digests, checksum s, and HM ACs f o r file s ,

as w e ll as fo r t e x t and hex strin g s It a llo w s yo u t o c a lc u la te hash values using d iffe r e n t ty p e s o f hashing a lg o rith m s such as M D 2 , M D 4 , M D 5 , SH A-1, SHA-2 (2 5 6 , 38 4 , 512), R IP E M D -160,

P A N A M A , TIGER, ADLER32, a n d CRC32 You ju s t need to s e le ct th e file and hash a lg o rith m fo r

c a lc u la tin g th e hash v a lu e o f a p a rtic u la r file

M o d u le 19 P a g e 2 8 1 8

Trang 39

M o d u le 19 P a g e 2 8 2 0

Trang 40

Filename >

readme.txt

MD5 6d 1 e45e2c 31 bc23128

SHA1 f4ab6245f49f39a

CRC32 135fe919

SHA-256 616e77d86fcb3036f5

SHA-512 c0936bf0<3

f Jcain and abel_ b2a72fadf 1 d0550b743 de8908a9f285ef b2eed8fa ce5ed388b8388dc254 cf8c1de709

FIGURE 19.10: HashMyFiles screenshot

Định dạng
Số trang	90
Dung lượng	4,04 MB