Applied Cryptography

Applied Cryptography
Marcelo Martins
linkedin.com/in/marcelomartins

Agenda
§  What is cryptography?
§  Hash
§  Symmetric cryptography
§  Asymmetric cryptography
§  Public Key Infrastructure (PKI)
§  Attacks
§  Steganography
§  Best practices: domestic use
§  References

§  Cryptography or cryptology (from Greek kryptós,
"hidden, secret"; and graphein, "writing”) is the
practice and study of techniques for secure
communication in the presence of third parties called
intruders or adversaries
§  The conversion of information from a readable state
to apparent nonsense is called encryption
§  Decryption is the reverse, in other words, moving
from the unintelligible ciphertext back to plaintext
What is cryptography?

§  Caesar Crypt or Shift Crypt
§  Used by Julius Caesar to exchange messages with his
generals in the field
§  It is a type of substitution cipher in which each letter in the
plaintext is replaced by a letter some fixed number of positions
down the alphabet
§  For example, with a right shift of 3
Clear: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphered: DEFGHIJKLMNOPQRSTUVWXYZABC
the quick brown fox jumps over the lazy dog
WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ

§  Caesar Crypt or Shift Crypt
§  The attacks
§  The attacker makes some replacements even not knowing if
Caesar Shift was used
§  The attacker knows that Caesar Shift was used, but doesn’t
know the number of letters to be incremented

§  Attacks at Caesar Crypt or Shift Crypt
Decrement Candidates
Original exxego ex srgi
1 dwwdfn dw rqfh
2 cvvcem cv qpeg
3 buubdl bu podf
4 attack at once
5 zsszbj zs nmbd
6 yrryai yr mlac
...
23 haahjr ha vujl
24 gzzgiq gz utik
25 fyyfhp fy tshj

§  Information Security Objectives
§  Confidentiality
§  Only those authorized shall access the information
§  Integrity
§  The information shall not be modified by non-authorized parties
§  Authenticity and Non-repudiation
§  It shall be possible to assure the sender sent that message and
that it cannot be refuted

§  Cryptography ≠ Steganography!
§  Steganography (from Greek steganos, “covered”; and
graphein, “writing”) is the practice of concealing the
existence of a message inside another message
§  While cryptography conceals the meaning of the
message, steganography hides the message itself
§  In digital steganography, electronic communications may
include steganographic coding inside of a transport layer,
such as a document file, image file, program or protocol.
Media files are ideal for steganographic transmission
because of their large size.

Hash
§  It is a sequence of bits generated from a dispersion
algorithm, usually represented in hexadecimal
format, that allows visualization in letters and
numbers (0 … 9, A … F), representing ½ byte each
§  Hashing is the transformation of a large amount of
information in a small amount of information
§  It is not possible to revert a one way hash and get
the original message back

Hash
§  Hash function example

Hash
§  Most used hash functions
Name Output bits Created Collision* Vulnerable*
MD4 128 1990 Yes Yes
MD5 128 1991 Yes Yes
SHA-1 160 1995 Yes Yes
SHA-224 224 2001 No No
SHA-256 256 2001 No No
SHA-384 384 2001 No No
SHA-512 512 2001 No No
WHIRLPOOL 512 2004 No No

Hash
§  SHA-512 example
§  SHA512("The quick brown fox jumps over the lazy dog")
07e547d9 586f6a73 f73fbac0 435ed769 51218fb7
d0c8d788 a309d785 436bbb64 2e93a252 a954f239
12547d1e 8a3b5ed6 e1bfd709 7821233f a0538f3d
b854fee6
§  SHA512("The quick brown fox jumps over the lazy cog")
3eeee1d0 e11733ef 152a6c29 503b3ae2 0c4f1f3c
da4cb26f 1bc1a41f 91c7fe4a b3bd8649 4049e201
c4bd5155 f31ecb7a 3c860684 3c4cc8df cab7da11
c8ae5045

Hash
§  SHA-1 example
§  SHA1("The quick brown fox jumps over the lazy dog")
2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12
§  SHA1("The quick brown fox jumps over the lazy cog")
de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3
§  SHA1("")
da39a3ee 5e6b4b0d 3255bfef 95601890 afd80709
Changing one bit
produces a totally
different hash

Hash
§  Independent applications
§  HashTab (free for private use, Windows)
§  http://implbits.com/products/hashtab/
§  MD5, HAVAL, MD2, SHA (1, 256, 384, 512)
§  File Checksum Tool (free for private and commercial use,
Windows)
§  http://www.krylack.com/file-checksum-tool/
§  Adler32, CRC32, MD2, MD4, MD5, RIPEMD (128, 256, 320), SHA
(1, 256, 384, 512), Tiger e Whirlpool
§  HashCalc (free for private and commercial use, Windows)
§  http://www.slavasoft.com/hashcalc/
§  Adler32, CRC32, MD2, MD4, MD5, RIPEMD (128, 256, 320), SHA
(1, 256, 384, 512), Tiger e Panama

Hash
§  File integrity verification
§  Monitors or verifies changes in files
§  Tripwire (Windows/Unix, commercial)
§  AIDE (Unix, freeware)
§  Yafic (Unix, freeware)
§  AFICK (Windows/Unix, freeware)
§  nCircle File Integrity Monitoring (Win/Unix, commercial)
§  Advanced Checksum Verifier (Windows, commercial)
§  Slavasoft FSUM (Windows, freeware)
§  Chkrootkit (Unix, freeware)
§  Samhain (Unix, freeware)

Hash
§  File integrity verification
§  macOS
§  $ shasum test.jpg (defaults to SHA1)
§  a9b602d039d302867df743ab7dd056e3644bd208
test.jpg
§  $ shasum -a512 test.jpg
§  e0d4128da441d17ac02c039878a4ac1fae437656b51807b
85c0238deefcfe96bebaedc285edbc3e5d4e18b315b0d1b
ce7a47dce130b39645d2372e6003c19fc4 test.jpg

Agenda
§  What is cryptography?
§  Hash
§  Symmetric cryptography
§  Asymmetric cryptography
§  Public Key Infrastructure (PKI)
§  Attacks
§  Steganography
§  Best practices: domestic use

§  Only one key is used to encrypt and decrypt the
message
§  This key is called symmetric key, private key, or
shared key
§  Most used algorithms are: AES, Blowfish, DES,
Triple DES, Serpent, Twofish
Symmetric Cryptography
DES and 3DES should
not be used anymore

§  Symmetric cryptography security depends on
§  Security of the private key
§  Strength of the password of the private key (just like any
password)
§  Security when exchanging private keys
§  Security of the cryptographic method (various types of
attack)

§  Problems
§  How to transmit the key to the recipient using insecure
media? Phone? Smoke sign? Unencrypted E-mail?
§  For 5 people to exchange messages using symmetric
keys, how many keys would be necessary?
§  Necessary keys
¨  5 users
¨  20 users
n*(n −1)
2
5*(5−1)
2
=10
20*(20 −1)
2
=190

§  Problem
One key for
every two users

§  Every user possesses a pair of keys: the public key
and the private key
§  The public key is available for everyone and the
private key is kept secret
§  What is done with one key is “undone” with the other,
from the same pair
Asymmetric Cryptography

Every user has a
pair of keys

§  Asymmetric key example (PGP)
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzR9bCAAAAEEAMbG7w5W0EJ/L4oAlOgsWwzVmS145eUF6knmOx/UUNBMdNRD
DGgJO3z3aAq4nE4yR+3hSO2auiZlB604e006SPV3ZuLpCHuzaet59dHJGmT9adgx
DMgaPv5q9CCsZa9B1lhh/SIV2eU4U17FDWfU8QWrimn+nLi/y+kli63F4U8VAAUX
tEJDZW50cm8gZGUgQXRlbmRpbWVudG8gYSBJbmNpZGVudGVzIGRlIFNlZ3VyYW5j
YSA8Y2Fpc0BjYWlzLnJucC5icj6JAJUDBRA0fWwg6SWLrcXhTxUBAU/WBACclOR+
MC4kGNAKsR7+HujUYC90BYB8QVFcg/jYAWXDMGYxFeCtvw9FQDUtk55B+/i7tdaX
2c4kZrlsjoc3dYROdB7OKDwIxw1pxmeuBBkT+I34i47YNcyRB15otW5sS9BJDb4X
jw5YqDDhRCvevUCTczUvAIKSKnzg4Yl1I/JGaQ== =DjRv
-----END PGP PUBLIC KEY BLOCK-----

§  Encryption and decryption
1.  Public key from the receiver is obtained
2.  The message is encrypted
3.  The message is sent over insecure media
4.  The private key is used to decrypt the message
5.  The original message is recovered

§  Digital signature
§  A cryptographic process used to assure integrity,
authenticity and non-repudiation of a message or file
§  It is possible to digitally sign e-mails and files in various
formats like pdf, doc, ppt, dll, exe, etc.
§  The digital signature, alone, cannot protect the content of
the message. It can only assure its integrity and sender

Digital Signature
1.  A hash is generated from the message
2.  The hash is encrypted using the sender’s private key
3.  The encrypted hash is obtained
4.  The encrypted hash is added to the message
6.  Another hash is generated from the message
7.  The sender’s public key is used to decrypt the hash
previously sent
8.  The original hash is obtained
9.  Comparison between both hashes; if they match the
message wasn’t tempered with

Encryption + Digital Signature
Simplified
version

1.  Public key from the receiver is obtained
2.  The message is encrypted with this public key
4.  The hash is encrypted using the sender’s private key
5.  The encrypted hash is obtained
6.  The encrypted hash is added to the message
8.  Another hash is generated from the message
9.  The sender’s public key is used to decrypt the hash
previously sent
10.  The original hash is obtained
11.  Comparison between both hashes; if they match the message
wasn’t tempered with
12.  Receiver’s private key is used to decrypt the message
13.  The original message is recovered
Encryption + Digital Signature

Bulk Encryption
1.  A symmetric key (session key) is randomly generated
2.  The message is encrypted using the session key
3.  The encrypted message is obtained
4.  Public key from Bob is obtained
5.  A copy of the session key is encrypted using Bob’s public key
6.  Public key from Charlie is obtained
7.  A copy of the session key is encrypted using Charlie’s public key
8.  Public key from sender is obtained
9.  The session key is encrypted using Sender’s public key
10.  Encrypted session key is added to the message
14.  Charlie uses his private key to obtain the session key
15.  The original key is obtained
16.  The session key is used to decrypt the message
17.  The original message is obtained

Authentication (Nonce)
Simplified
version

Authentication (Nonce)
§  Hashing
1.  Client tries to authenticate
2.  Server generates a Nonce
3.  Nonce is sent to the client
4.  Client uses its private key to encrypt Nonce
5.  Encrypted Nonce is obtained
6.  A hash is generated from Nonce, Encrypted Nonce and
client’s password
7.  The new Hash is added to a new payload, with the User and
the Nonce
8.  The payload is sent to the server
9.  Server generated a hash using original Nonce, client’s stored
password and the Encrypted Nonce received
10.  Comparison between both Hashes

Authentication (Hash chain, S/KEY)
Simplified
version

Authentication (Hash chain, S/KEY)
§  Hashing
2.  Server asks for 1000th hash of client’s password
3.  The 1000th hash is generated and sent to the server. The
server has only the 1000th hash of the user password, not the
password. If they match, the user is authenticated
4.  Client attempts a new authentication
5.  This time the server asks for 999th hash of client’s password
6.  The 999th hash is generated and sent to the server. The
server has only the 1000th hash of the user password. The
server must hash the 999th hash one more time to compute
1000th hash. If they match, the user is authenticated.
7.  The server then stores the 999th hash in its database. Next
time the server will ask for the 998th hash. Security comes
from the fact that the server is always asking for the previous
hash, that only who knows the password can generate.

Authentication
(WPA / WPA2: Personal or Enterprise)

Trusted Timestamps
Simplified
version

Trusted Timestamps
§  Timestamp calculation
2.  TSA server provides accurate time
3.  Another hash is generated from the hash and the
timestamp
4.  The hash and the timestamp are encrypted using TSA’s
private key
5.  The timestamp is added to the encrypted hash
6.  The hash + timestamp is sent to the client and added to
the message

Trusted Timestamps
§  Timestamp verification
2.  The timestamp added to the message is recovered and
another hash is generated from the first hash and the
timestamp
3.  Public key from TSA is obtained
4.  The original hash generated by the TSA is obtained
5.  Comparison between both hashes

§  External storage for the private key

§  Asymmetric key security depends on
§  Security of the private key
§  Strength of the password of the private key (just like any
password)
§  Security of the cryptographic method (various types of
attacks)

§  Problems
§  How do you grant everyone access to all public keys? Will
everyone send their keys to everyone else? And in case
of revocation? How to replace the key pair?
§  How do you know if a key pair is trustworthy, or belongs
to the person you think it does?

Web of Trust
Simplified
explanation

§  Problems
§  How do you grant everyone access to all public keys? Will
everyone send their keys to everyone else? And in case
of revocation? How to replace the key pair?
§  Web of Trust allows a designated revocator
§  How do you know if a key pair is trustworthy, or belongs
to the person you think it does?
§  Web of Trust depends on one person (or various) to endorse
that key and on a “trust path” between two people
But there are
other problems

Public Key Infrastructure (PKI)
Every user has a
pair of keys and
a certificate

§  X.509 v3 digital certificate
§  Trust relationships
§  Certificate import and export
§  Certificate issuing, verification and revocation

§  X.509 self-signed digital certificate (example)
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Aug 1 00:00:00 1996 GMT
Not After : Dec 31 23:59:59 2020 GMT
Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Subject Public Key Info:
Digital Certificate

C=US
ST=NY
L=NewYork
O=Acme
Industries
OU=IT
CN=Bugs
Bunny
Digital Certificate
Directory
structure

Root Certificates
Root CA self-
signed
certificate

Root Certificates
Viewing the
details of the
Root CA
certificate

§  Digital certificate export process
Digital Certificate

Digital Certificate
Select the
format and
click Next

§  Digital certificate import process
N
Digital Certificate
Method #1
Be careful: When a certificate is
installed (becomes trustworthy) the
applications signed with that certificate
also become trustworthy

Digital Certificate
Method #2
N

Digital Certificate
Root CA certificate Second level CA certificate

SSL/TLS
Always use the
latest version of TLS

SSL/TLS
1.  Server’s certificate is obtained
2.  Client generates a session key
3.  The session key is encrypted using server’s public key
(from the certificate)
4.  Encrypted session key is obtained
5.  Encrypted session key is sent over insecure media
6.  Server uses its private key to obtain the session key
7.  Session key is obtained
8.  Both parties use the session key to encrypt and decrypt
the following messages

SSL/TLS
§  Wireshark: www.legendas.tv

SSL/TLS
§  Wireshark: www.legendas.tv (Follow TCP Stream)

SSL/TLS
§  Wireshark: mail.google.com

SSL/TLS
§  Wireshark: mail.google.com (Follow TCP Stream)

Authentication (Digital certificate)

Authentication (Digital certificate)
2.  Server generates a Nonce
3.  Nonce is sent to the client
4.  Client uses its private key to encrypt Nonce
5.  Encrypted Nonce is obtained
6.  Encrypted Nonce is sent to the server
7.  Server uses client’s public key (from client’s certificate)
to decrypt the Nonce
8.  Original Nonce is obtained
9.  Comparison between both Nonces

§  Digital certificate real world use
§  E-mail
§  VPN
§  SSL/HTTPS
§  Authentication
§  File encryption (e.g. EFS)
§  Digital signature of files

§  Digital certificate issuing process

§  Issuing process
1.  Client asks Registration Authority for a certificate
2.  RA tells client to generate the pair of keys
3.  Keys are generated by the client
4.  The private key is generated inside the token or
exported to the token
5.  The public key is sent to the RA
6.  RA sends the public key and client’s information to CA
7.  CA generates a digital certificate and signs it with its
own private key
8.  The certificate is stored in Certificates Store
9.  The certificate is sent to the client
10.  The client stores the certificate inside the token

§  Server-based Certification Validation Protocol (SCVP)
§  The certification path creation process is called discovery
path
§  The application receiving the message is responsible for
discovery path
§  Many applications use MS CAPI (Microsoft Crypto API)
§  It is not possible to create the chain of certificates (discovery
path) if one of the certificates is not found

§  Root certificate trust program
§  Microsoft Trusted Root Certificate Program
§  http://technet.microsoft.com/en-us/library/cc751157.aspx
§  Apple Root Certificate Program
§  http://www.apple.com/certificateauthority/ca_program.html
§  Included in iOS 10: https://support.apple.com/en-us/HT207177
§  Google Chromium
§  https://www.chromium.org/Home/chromium-security/root-ca-policy
§  OpenSSL: unavailable
§  Mozilla CA Certificate Store
§  http://www.mozilla.org/projects/security/certs/
§  Opera
§  http://www.opera.com/docs/ca/
§  Mono (open source .NET framework): unavailable
§  Reason: http://www.mono-project.com/FAQ:_Security

§  Root certificate inclusion program
§  General rules
§  No fee
§  ISO 21188:2006 - Public key infrastructure for financial services --
Practices and policy framework
§  NIST SP 800-57 - Recommendation for Key Management – Part 1:
General
§  Compliance with WebTrust Program for Certification Authorities
¨  http://www.webtrust.org/homepage-documents/item27839.aspx
§  RFC 3280 - Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile

§  Digital certificate verification process
§  OCSP (Online Certificate Status Protocol)
§  Consults OCSP Responder through protocol
§  Sends only the serial number to be checked
§  The request is forwarded in real time (or close to)
§  Do not expose the serial number of all certificates
§  Send less information, sparing server, network and client
§  Works well if the client caches the response
§  CRL (Certificate Revocation List)
§  Downloads the entire CRL (automatic process)
§  A list may contain 500KB
§  Usually updated every 24 hours or less
§  When the list changes it has to be downloaded again
§  Is digitally signed by CA to avoid forfeitures

§  OCSP

§  OCSP verification process
1.  Client tries to access web server
2.  Web server sends him its digital certificate
3.  Client (operating system) looks inside the certificate for
OCSP server and contacts it asking for information on
that certificate serial number
4.  OCSP responds
5.  If it’s all good the client continues the connection
A.  The certificate is stored in Certificates Store
B.  The information about certificate serial number is sent to
OCSP server

§  OCSP support
IE 7+ (except on XP),
automatic
All versions, automatic
All versions,
automatic starting on 3+
Opera 8.0+,
automatic
macOS. Supported by all
versions, but require
manual activation until
10.7

§  OCSP support
MS Outlook 2016:Yes
Mozilla Thunderbird:Yes
Apple Mail:Yes
IBM Lotus Notes:Yes
Opera Mail:YesSeamonkey:Yes
The Bat:Yes

§  Digital certificate verification process (OCSP)

§  Digital certificate revocation process (CRL)

§  CRL, revocation process
1.  Client asks RA to revoke certificate
2.  RA, after its verification process, sends the information
to the CA
3.  CA accepts the revocation and stores this information in
the Certificates Store
4.  CA includes the serial number from revoked certificate in
the CRL
5.  CRL is digitally signed using CA’s private key

§  Digital certificate verification process (CRL)

§  Wildcard certificate
§  Certificate issued to protect several domains or servers
§  More practical and economical
§  Example: Certificate issued for *.example.com
§  Works for: payment.example.com, contact.example.com,
intranet.example.com, etc.

§  EV-SSL (Extended Validation)
§  ‘Complete’ validation of requester’s ID
§  Reason: commercial pressure made CAs offer “domain
validation only” certificate
§  Criteria for issuing EV-SSL
§  Verification of documents and physical presence from someone
of the enterprise
§  Control over domain is exclusive to the owner
§  Confirm ID and authority of owners of the website
§  Supported by Microsoft IE 7+ (except XP), Mozilla Firefox
3+, Opera 8+, Apple Safari 3.2+, Google Chrome

Google Chrome
Mac: Cmd+Opt+I
Win: Ctrl+Alt+I
Click on View
Certificate

Google Chrome:
View certificate

Example of an
invalid
certificate
Google Chrome

Mozilla Firefox:
Certificate Viewer

Microsoft Edge:
You don’t
This is all the
info you get

MS IE 11:
View certificates

Apple Safari:
View certificates

§  Digital certificate revocation
§  Revocation
§  Suspension (temporary)
§  Reasons for revocation
§  Suspicion or compromise of private key
§  Suspicion or compromise of CA
§  End of operation
§  End of affiliation
§  Revocation and expiration are distinct events!

§  Cripto tokens

§  Hardware Security Modules (HSM)

§  Microsoft Crypto API
§  Present since Windows NT 4.0
§  Also used to access tokens and HSMs
§  Present in .NET Framework and JDK (SunMSCAPI
Provider, as a conduit to MS-CAPI)
§  Oracle SunJSSE Provider
§  Present in JDK
§  Capacity for a large number of ciphersuites)

Attacks
§  Brute force, dictionaries, default passwords
§  Rainbow tables
§  Pass-the-hash
§  Private key recovery
§  Comparison of files
§  Tunnel interception
§  Flawed encryption method
§  Symmetric key vs. Asymmetric key

§  Default passwords list
§  http://www.cirt.net/passwords
§  Dictionaries
§  http://www.openwall.com/passwords/wordlists/
§  http://lastbit.com/dict.asp
§  Dictionaries generator
§  L517
§  http://code.google.com/p/l517/
Attacks

§  Brute force
§  The attacker tries all possible values from a range of
possibilities
§  Usually a group of attackers generates the files containing
passwords and their hashes
§  When a password hash is generated it is not necessary to
go through the whole brute force task
§  All it takes is a search in the hashes database
Attacks

§  Brute force
Key (Bits) Permutations
Brute force time for a device checking
256 permutations/second
8 28 0 milisseconds
40 240 0.015 milisseconds
56 256 1 second
64 264 4 minutes and 16 seconds
128 2128 149.745.258.842.898 years
256 2256 50.955.671.114.250.100.000.000.000.000.000.
000.000.000.000.000.000.000 years
Source: NIST SP 800-57 Part 1 (2007)
Attacks

§  Rainbow tables (freerainbowtables.com / distributed.net)
Attacks

§  Hash Capture
§  Offline NT Password and Registry Editor
§  http://pogostick.net/~pnh/ntpasswd/
§  Supports all Windows versions from NT 3.5 to Win 8.1, 32 or 64 bit,
also Server versions (like 2003, 2008, 2012)
§  With Windows offline, accesses the files that contain account
hashes
§  It can change passwords, unlock and enable accounts!
(if the user is using EFS, will lose access to the files)
§  Doesn’t need to know the current password
§  Ophcrack, pwdump7 and other capture softwares
§  Sniffers, like Wireshark
N
Attacks

§  Hash Capture
§  pwdump7
Attacks

§  Rainbow tables (example)
LM #0
Characters [ABCDEFGHIJKLMNOPQRSTUVWXYZ]
Combinations 8.353.082.582
Table size 610 MB
Probability of success 0.9904 (99.04%)
LM #1
Characters [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
Combinations 80.603.140.212
Table size 3 GB
Probability of success 0.991 (99.1%)
Attacks

§  Rainbow tables (example)
LM #5
Characters
[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$
%^&*()-_+= ]
Combinations 915.358.891.407 (2 ^ 39.7)
Table size 24 GB
Probability of success 0.9990 (99,90%)
LM #6
Characters
[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$
%^&*()-_+=~`[]{}|:;"'<>,.?/ ]
Combinations 7.555.858.447.479 (2 ^ 42.8)
Table size 64 GB
Probability of success 0.9999 (99,99%)
Attacks

§  LM Hash cryptography problem
Attacks

§  LM Hash cryptography problem (example)
Attacks

§  Defense against Rainbow tables
§  Salt: random bit sequence
Attacks

§  Defense against Rainbow tables
§  WPA2
Attacks

§  Defense against Brute force and Rainbow tables
§  Passwords should have a minimum of 12 characters
§  A password containing only 14 lowercase letters is as
strong as a 10 char password containing lowercase,
uppercase, numbers ans symbols
§  Include numbers and symbols if it is allowed by the
system
§  If the system differeciates uppercase and lowercase, use
both
§  Do not use the same password everywhere
§  Example: 4pRte!ai@3 – mixes uppercase, lowercase,
numbers and symbols
Attacks

§  Weak passwords
§  Default passwords: password, default, admin, guest, etc.
§  Dictionary: words in any language
§  Added number: password1, deer2000, john1234, etc.
§  With simple obfuscation: p@ssw0rd, h4cker, h3ll0, etc.
§  Doubled: crabcrab, stopstop, treetree, passpass, etc.
§  Common keyboard sequences: qwerty, 12345, asdfgh, fred.
§  Known numeric sequences: 911, 3,14159... (π), 2,7182... (e).
§  Identifiers: jsmith123, 1/1/1970, 555–1234, “login”, etc.
§  Personal information: license plate, phone numbers, birth date,
name of relatives or pets, nicknames, etc. that require a simple
investigation
Attacks

§  Weak passwords
§  Dave Kleiman, American forensic investigator, detected
through the analysis of 3 million passwords that
§  Letter "e" was used over 1.5 million times
§  Letter "f" was used only 250.000 times
§  In a normal distribution each letter should be used 900.000
times
§  Most used number is “1”
§  The most common letters are “a”, “e”, “o”, “r”
Attacks

§  Brute force
§  Hashcat: http://hashcat.net/hashcat-gui/ (Windows / Linux)
§  Ophcrack (Windows, free and commercial)
§  LC6 (Windows, commercial)
§  John the Ripper (Unix, free)
§  Elcomsoft (Windows, commercial)
§  Hydra (Unix, free)
§  Hashkill (Linux, free)
§  PDF: FreewarePDFUnlocker (Windows, free)
§  RAR: cRARk (Windows, free)
§  OnlineHashCrack: www.onlinehashcrack.com
§  Tobtu: www.tobtu.com/md5.php
Attacks

§  Distribution among workstations
§  Boinc
§  Software that distributes the load
§  Increase in capacity
§  SSD drives
§  Parallel GPUs
§  Processor upgrade
§  Development and GPUs
§  http://developer.nvidia.com/cuda-tools-ecosystem
§  http://developer.amd.com/pages/default.aspx
Attacks

§  Pass-the-hash (similar to Replay attack)
Attacks

§  Defense against Replay Attacks
§  1. One Time Password (OTP)
§  Generated from an open algorithm
§  Even knowing the previous number, it is
not possible to predict the next
§  Available through hardware and
software solutions
§  2. Nonce
§  3. Timestamps
Attacks

§  Wireless network with WPA2 encryption
Attacks

§  Session hijacking (similar to Replay attack)
§  Only possible when there is no SSL/TLS (HTTPS)!
Attacks

§  Session hijacking
(with Firesheep)
Attacks

§  OTP Realtime Man-in-the-middle
Attacks

§  Private key recovery
§  Recovery of the private key generated in the workstation
before being exported to the token
§  File comparison
§  When the attacker has the encrypted version of the
message (file) and the clear version it is possible to
analyze them and obtain the encryption key in some
cases
Attacks

§  Tunnel interception (Man-in-the-middle)
Attacks

§  Symmetric key vs. Asymmetric key
§  In 1977 56 bit DES was enough
§  The American government requires a 192- or 256-bits
AES key (symmetric) for highly sensitive content
§  NIST best practices manual for key management
suggests that 256 bits symmetric keys are equivalent to
15360 bits RSA keys (asymmetric)!
Attacks

Steganography
§  History
§  Combines the Greek word steganos (στεγανός), “hidden
or protected”, with graphei (γράφη), “writing”
§  Security through obscurity
§  Messages written on envelopes in the area covered by
postage stamps
§  During and after World War II, espionage agents used
photographically produced microdots to send information
back and forth
§  Today it is used to embed watermarks in images, videos
and audio to protect intellectual property

Steganography
§  Most used methods
§  LSB (Least significant bits)
R G B R G B
pixels
0 1 1 0 0 10 1 1 1 0 1
original image
8 bits / byte
RGB image = 3 bytes / pixel
1 0 1 1

Steganography
p u b
112 117 98
string
0 0 0 1 1 10 1 1 1 0 0
8 bits / byte
1 byte / char
text to conceal
0 0 1 1

Steganography
0 0 0 1 1 10 1 1 1 0 0 0 0 1 1
0 1 1 0 0 10 1 1 1 0 1 1 0 1 0
0 1 1 0 0 10 1 1 1 0 1 1 0 1 1
modified image

Steganography
0 1
0 1 1 0 0 10 1 1 1 0 1 1 0 1 1
modified image
Recovery
original text

Steganography
§  High frequency audio
§  CD Quality audio has frequency of 44.100 Hz
§  Effective frequency is 22.050 Hz
§  Humans can distinguish sounds from 15 Hz to 15.000 or 20.000
Hz (depending on the individual). Those who can listen up to
20.000 Hz cannot distinguish the higher frequencies very well
§  It is possible to change the information in the higher frequencies
of sound and the result will be imperceptible

Steganography
§  Original JPEG
§  SHA-1:
2ebd0b60f51e38f0f0
1224e017e650e7b80f
cd1f
§  Modified JPEG
§  SHA-1:
254f2ed072beab5c3a
52c12281c48df5d0e4
8ddc

Steganography
§  Steganography applications
§  Terrorism
§  Espionage
§  Fingerprinting
§  Watermark
§  Steganalysis
§  Uses the original file for comparison
§  Statistical analysis of files from the same device
§  Noise analysis searching for changes in the Least
Significant Bits

Steganography
§  Steganalysis
§  Original
§  Modified

Cryptography
“MultiObfuscator is a professional cryptography tool”

Best practices: domestic use
§  Digital certificate level 1 (A1): free
§  Let’s Encrypt: letsencrypt.org
§  Instant SSL: www.instantssl.com
§  Aloaha: www.aloaha.com
§  CACert.org: www.cacert.org
§  VeraCrypt
§  Files
§  Volumes
§  Hidden Volumes

References
§  Coursera / Stanford University
§  Cryptography I
§  Prof. Dan Boneh
§  https://www.coursera.org/learn/crypto/

References
§  ISO/IEC 18014 — Time-stamping services
§  ISO/IEC 13888 — Non-repudiation
§  ISO/IEC 10118 — Hash-functions
§  ISO/IEC 27002 — Information technology - Security
techniques - Code of practice for information security
management
§  ISO/IEC 19790 — Security Requirements
§  for Cryptographic Modules

References
Cryptographic
algorythm
Special Publications ou FIPS
Triple Data Encryption
Standard (TDES)
SP 800-67, Recommendation for the Triple Data Encryption
Algorithm (TDEA) Block Cipher, and SP 800-38A,
Recommendation for Block Cipher Modes of Operation –
Methods and Techniques
Advanced Encryption
Standard (AES)
FIPS 197,Advanced Encryption Standard, and SP 800-38A
Digital Signature
Standard (DSS)
FIPS 186-3, Digital Signature Standard (DSS), dated June
2009
RSA algorithm ANSI X9.31 and Public Key Cryptography
Standards (PKCS) #1 v2.1: RSA Cryptography
Standard-2002
Hashing algorithms
SHA-1, SHA-224, SHA-
256, SHA-384, and
SHA-512
FIPS 180-3, Secure Hash Standard (SHS), dated October
2008

Applied Cryptography

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Applied Cryptography (20)

More from Marcelo Martins (6)

Recently uploaded (20)

Applied Cryptography