# CyberSecurity

Document Sample

```					Cryptography
Terminology
Algorithm
   Mathematical rules used for encryption and
decryption
Ciphertext
   Data in encrypted format
Plaintext or cleartext
Nonrepudiation
   Sender cannot deny sending the message, receiver
cannot deny receiving it
Cryptosystem
   Hardware or software implementation of
cryptography that transforms a message to
ciphertext and back to plaintext Cryptanalysis
   Practice of obtaining plaintext from ciphertext
without a key
Encipher
   Act of converting plaintext to ciphertext
Decipher
   Act of converting ciphertext to plaintext
Key
   Sequence of bits and instructions that
governs the act of encryption and decryption
Key Clustering
   Instance when two different keys generate the
same ciphertext from the same plaintext
Keyspace
   Possible values used to construct keys
Work factor
   Estimated time, effort, and resources
necessary to break a cryptosystem
Strength of Cryptosystems
Strength refers to the work factor to break
an encryption algorithm or key
Strength increases by:
   Using a large keyspace
   Using a large key length
   Making sure the key is not predictable (truly
random)
   Using a mathematically thorough and
complex algorithm
Cipher Types
Substitution cipher
   Replaces bit, bytes, or blocks of characters
with different values
Transposition cipher
   Rearranges bits, bytes, or blocks of
characters
Both are vulnerable to frequency analysis
   Certain words occur more frequently than
others (the, a, and) so there will be patterns in
the ciphertext
Concealment cipher
   Ciphertext is hidden in another message or
file
   Steganography
Act of hiding messages in graphic images
Least significant bit in each byte is replaced with
message without degrading the image enough to
be detected
   Messages can also be hidden in sound files
and in media slack space, free space, or
U.S. Government & Crypto
National Security Agency (NSA) conducts
research and regulates encryption
algorithms
NSA funded research has yielded most of
the encryption techniques we use today
NSA supports key escrows, where private
key is held by a separate entity and
available to law enforcement
   Fair cryptosystems go one step further and
break the private key into 2 or more pieces
that are held by multiple entities
Encryption Methods
Symmetric cryptography
   Both parties use the same secret key for encryption
and decryption
   Strengths
Very fast
Hard to break with large key size
   Weaknesses
Secure exchange of secret keys is difficult
Difficulty of managing many keys limits scalability
Provides confidentiality, but not authenticity or
nonrepudiation
Asymmetric cryptography
   Message is encrypted using one key and decrypted using a
different key (one way function)
   Used in public key cryptography, one key held by a person is
called the private key, one widely known key is called the public
key
   Can insure confidentiality
Sender encrypts message using receivers public key (Secure
Message Format)
   Can provide authentication (digital signature)
Sender encrypts message using their own private key (Open
Message Format)
   Can provide confidentiality and authentication
Sender encrypts message using their own private key then encrypts
the ciphertext using the receivers public key (Secure and Signed
Format)
   Weaknesses
Much slower than symmetrical systems
Symmetric Cipher Types
Block cipher
   Message is divided into blocks of bits
   Blocks go through mathematical substitution
and/or transposition algorithms
Stream cipher
   Each bit or byte is transformed individually
using keystream data
   The same plaintext bit or byte will yield a
different cyphertext bit or byte
Symmetric Cryptosystems
Data Encryption Standard (DES)
   56-bit key
   Considered weak
Triple-DES (3DES)
   168-bit key
   256 time stronger than DES
Modes
   Electronic Code Book (ECB) Mode
Block cipher method where a given plaintext block will always yield the same
ciphertext
Incorporates padding to make sure blocks are of a specific size
   Cipher Block Chaining (CBC) Mode
Block cipher method algorithm utilizes a value from the previous block so
that different ciphertext is produced for an identical plaintext block
   Cipher Feedback (CFB) Mode
Block cipher where previous data block is combined with the next block
   Output Feedback (OFB) Mode
Similar to CFB mode except It is working as a stream cipher
   NSA replacement for 3DES to protect sensitive
unclassified data
   Rijndael Algorithm (developed by Daemon & Rijmen)
   128-bit, 192-bit, 256-bit keys
International Data Encryption Algorithm (IDEA)
   128-bit key
   Similar to DES but much stronger
   Not an open standard (costs \$ to use)
Blowfish
   Variable key length to 448-bit
RC5
   Variable key length to 2048-bit
Asymmetric Cryptosystems
RSA
   Most popular asymmetric system
   Used in SSL and PGP
El Gamal
Elliptical Curve Cryptosystem (ECC)
   Similar to RSA, but takes less computing
power for encryption
Hybrid Cryptosystem - PKI
Public Key Infrastructure (PKI)
   All crypto components necessary to support confidentiality,
nonrepudiation, and integrity among dispersed groups of users
   Defined by the X.509 ISO Standard
   SSL uses PKI
Random session key is created by sender (by browser in SSL
protocol)
Sender encrypts message with session key (with SSL, session key
will be used to encrypt all traffic between the server and the
browser)
Sender encrypts session key with receivers public key
Public key is provided to sender by a trusted Certificate Authority
(CA)
   The CA has verified the identity of the key holder and has bound an
identifying certificate to the key
Sender transmits message ciphertext and session key ciphertext
Receiver decrypts session key ciphertext using private key
(nonrepudiation, integrity)
Receiver decrypts message using session key (confidentiality)
Hashes
Known one-way function that takes a variable
length string and creates a fixed length hash
value
Identical string yields exactly the same hash
value
No other string will yield an identical hash value
Hash value is also called a message digest
Used to create a fingerprint of a message or file
MD2, MD4, MD5
   128-bit hash value
Secure Hash Algorithm (SHA)
   160-bit hash value
Digital Signatures
An encrypted hash value
Message has a one-way hash run on it
Hash value is encrypted using senders private key
Message and encrypted hash value (digital signature) is
transmitted
Receiver runs same one-way hash function on message
Receiver decrypts transmitted digital signature using
senders public key and compares it to the receiver
generated hash value
If they agree, message has not been modified (integrity)
and was sent by private key holder (authentication)
If the whole message is encrypted, confidentiality is
achieved
SHA is commonly used for digital signatures
Communications Encryption
routing data are encrypted         trailers, routing data is not
between two points                Data is only decrypted at
   Packets are decrypted at           the destination
   Advantages                            Keys only need to be
Works without user                 shared at origin and
intervention                       destination
All data is encrypted              Data stays encrypted from
Key distribution is a              are readable
challenge                          Origin and destination
must agree on encryption
E-mail Security
Privacy-Enhanced Mail (PEM)
   Internet standard for protecting email
   Message is DES encrypted
   Authenticated using MD5
   Key management using RSA
   X.509 standard (PKI) used for key distribution
Pretty Good Privacy (PGP)
   Widely used email cryptosystem
   Public keys are distributed using “web of trust” model
– users sign others public keys and distribute them or
user accepts public key directly from a trusted sender
   List of public keys are called key ring
Web Security
Secure Sockets Layer (SSL)
   Protects the entire communication channel
between the browser and the server
   SSL can be used for other communication
protocols like FTP or SMTP
HTTPS
   SSL over HTTP
Remote Terminal Security
Secure Shell (SSH)
   Creates an encrypted tunnel between two
computers
   Provides authentication and confidentiality
   Includes a built-in key sharing mechanism
   Commonly used with unix, routers, switches
   Popular Windows clients:
PuTTY
SecureCRT
Attacks
Man-in-the-Middle Attack
   Attacker inserts himself in the middle of a secure
communications path and intercepts all communications.
   Sender believes they are communicating with the receiver when
they are actually communicating with the attacker, and the
attacker is communicated with the receiver.
Dictionary Attack
   Passwords are commonly stored as one-way hash values
   Attacker can one-way hash an entire dictionary of words and
compare the hash values to the hashed passwords, likely finding
at least one match
Replay Attack
   Attacker captures transmitted encrypted credentials and sends
those same strings to the server at a later time to impersonate
the user
Homework
recommend you look for ones that will help
you do your security audit group project).
Write a one paragraph summary of each
article and include the URL of each
document.

```
DOCUMENT INFO
Shared By:
Categories:
Stats:
 views: 8 posted: 5/29/2010 language: English pages: 23
How are you planning on using Docstoc?