CyberSecurity

Document Sample
CyberSecurity Powered By Docstoc
					Cryptography
                Terminology
Algorithm
   Mathematical rules used for encryption and
    decryption
Ciphertext
   Data in encrypted format
Plaintext or cleartext
   Data in readable format
Nonrepudiation
   Sender cannot deny sending the message, receiver
    cannot deny receiving it
Cryptosystem
   Hardware or software implementation of
    cryptography that transforms a message to
    ciphertext and back to plaintext Cryptanalysis
   Practice of obtaining plaintext from ciphertext
    without a key
Encipher
   Act of converting plaintext to ciphertext
Decipher
   Act of converting ciphertext to plaintext
Key
   Sequence of bits and instructions that
    governs the act of encryption and decryption
Key Clustering
   Instance when two different keys generate the
    same ciphertext from the same plaintext
Keyspace
   Possible values used to construct keys
Work factor
   Estimated time, effort, and resources
    necessary to break a cryptosystem
    Strength of Cryptosystems
Strength refers to the work factor to break
an encryption algorithm or key
Strength increases by:
   Using a large keyspace
   Using a large key length
   Making sure the key is not predictable (truly
    random)
   Using a mathematically thorough and
    complex algorithm
              Cipher Types
Substitution cipher
   Replaces bit, bytes, or blocks of characters
    with different values
Transposition cipher
   Rearranges bits, bytes, or blocks of
    characters
Both are vulnerable to frequency analysis
   Certain words occur more frequently than
    others (the, a, and) so there will be patterns in
    the ciphertext
Concealment cipher
   Ciphertext is hidden in another message or
    file
   Steganography
      Act of hiding messages in graphic images
      Least significant bit in each byte is replaced with
      message without degrading the image enough to
      be detected
   Messages can also be hidden in sound files
    and in media slack space, free space, or
    clusters marked bad
    U.S. Government & Crypto
National Security Agency (NSA) conducts
research and regulates encryption
algorithms
NSA funded research has yielded most of
the encryption techniques we use today
NSA supports key escrows, where private
key is held by a separate entity and
available to law enforcement
   Fair cryptosystems go one step further and
    break the private key into 2 or more pieces
    that are held by multiple entities
         Encryption Methods
Symmetric cryptography
   Both parties use the same secret key for encryption
    and decryption
   Strengths
      Very fast
      Hard to break with large key size
   Weaknesses
      Secure exchange of secret keys is difficult
      Difficulty of managing many keys limits scalability
      Provides confidentiality, but not authenticity or
      nonrepudiation
Asymmetric cryptography
   Message is encrypted using one key and decrypted using a
    different key (one way function)
   Used in public key cryptography, one key held by a person is
    called the private key, one widely known key is called the public
    key
   Can insure confidentiality
       Sender encrypts message using receivers public key (Secure
       Message Format)
   Can provide authentication (digital signature)
       Sender encrypts message using their own private key (Open
       Message Format)
   Can provide confidentiality and authentication
       Sender encrypts message using their own private key then encrypts
       the ciphertext using the receivers public key (Secure and Signed
       Format)
   Weaknesses
       Much slower than symmetrical systems
     Symmetric Cipher Types
Block cipher
   Message is divided into blocks of bits
   Blocks go through mathematical substitution
    and/or transposition algorithms
Stream cipher
   Each bit or byte is transformed individually
    using keystream data
   The same plaintext bit or byte will yield a
    different cyphertext bit or byte
    Symmetric Cryptosystems
Data Encryption Standard (DES)
   56-bit key
   Considered weak
Triple-DES (3DES)
   168-bit key
   256 time stronger than DES
Modes
   Electronic Code Book (ECB) Mode
        Block cipher method where a given plaintext block will always yield the same
        ciphertext
        Incorporates padding to make sure blocks are of a specific size
   Cipher Block Chaining (CBC) Mode
        Block cipher method algorithm utilizes a value from the previous block so
        that different ciphertext is produced for an identical plaintext block
   Cipher Feedback (CFB) Mode
        Block cipher where previous data block is combined with the next block
   Output Feedback (OFB) Mode
        Similar to CFB mode except It is working as a stream cipher
Advanced Encryption Standard (AES)
   NSA replacement for 3DES to protect sensitive
    unclassified data
   Rijndael Algorithm (developed by Daemon & Rijmen)
   128-bit, 192-bit, 256-bit keys
International Data Encryption Algorithm (IDEA)
   128-bit key
   Similar to DES but much stronger
   Not an open standard (costs $ to use)
Blowfish
   Variable key length to 448-bit
RC5
   Variable key length to 2048-bit
    Asymmetric Cryptosystems
RSA
   Most popular asymmetric system
   Used in SSL and PGP
El Gamal
Elliptical Curve Cryptosystem (ECC)
   Similar to RSA, but takes less computing
    power for encryption
     Hybrid Cryptosystem - PKI
Public Key Infrastructure (PKI)
    All crypto components necessary to support confidentiality,
     nonrepudiation, and integrity among dispersed groups of users
    Defined by the X.509 ISO Standard
    SSL uses PKI
Random session key is created by sender (by browser in SSL
protocol)
Sender encrypts message with session key (with SSL, session key
will be used to encrypt all traffic between the server and the
browser)
Sender encrypts session key with receivers public key
Public key is provided to sender by a trusted Certificate Authority
(CA)
    The CA has verified the identity of the key holder and has bound an
     identifying certificate to the key
Sender transmits message ciphertext and session key ciphertext
Receiver decrypts session key ciphertext using private key
(nonrepudiation, integrity)
Receiver decrypts message using session key (confidentiality)
                    Hashes
Known one-way function that takes a variable
length string and creates a fixed length hash
value
Identical string yields exactly the same hash
value
No other string will yield an identical hash value
Hash value is also called a message digest
Used to create a fingerprint of a message or file
MD2, MD4, MD5
   128-bit hash value
Secure Hash Algorithm (SHA)
   160-bit hash value
          Digital Signatures
An encrypted hash value
Message has a one-way hash run on it
Hash value is encrypted using senders private key
Message and encrypted hash value (digital signature) is
transmitted
Receiver runs same one-way hash function on message
Receiver decrypts transmitted digital signature using
senders public key and compares it to the receiver
generated hash value
If they agree, message has not been modified (integrity)
and was sent by private key holder (authentication)
If the whole message is encrypted, confidentiality is
achieved
SHA is commonly used for digital signatures
 Communications Encryption
Link encryption                    End-to-end encryption
   All data, headers, trailers,      Data is encrypted, headers,
    routing data are encrypted         trailers, routing data is not
    between two points                Data is only decrypted at
   Packets are decrypted at           the destination
    each hop                          Advantages
   Advantages                            Keys only need to be
       Works without user                 shared at origin and
       intervention                       destination
       All data is encrypted              Data stays encrypted from
   Disadvantages                         start to finish
       More points of                 Disadvantages
       vulnerability                      Headers and routing data
       Key distribution is a              are readable
       challenge                          Origin and destination
                                          must agree on encryption
              E-mail Security
Privacy-Enhanced Mail (PEM)
   Internet standard for protecting email
   Message is DES encrypted
   Authenticated using MD5
   Key management using RSA
   X.509 standard (PKI) used for key distribution
Pretty Good Privacy (PGP)
   Widely used email cryptosystem
   Public keys are distributed using “web of trust” model
    – users sign others public keys and distribute them or
    user accepts public key directly from a trusted sender
   List of public keys are called key ring
             Web Security
Secure Sockets Layer (SSL)
   Protects the entire communication channel
    between the browser and the server
   SSL can be used for other communication
    protocols like FTP or SMTP
HTTPS
   SSL over HTTP
    Remote Terminal Security
Secure Shell (SSH)
   Creates an encrypted tunnel between two
    computers
   Provides authentication and confidentiality
   Includes a built-in key sharing mechanism
   Commonly used with unix, routers, switches
   Popular Windows clients:
      PuTTY
      SecureCRT
                         Attacks
Man-in-the-Middle Attack
   Attacker inserts himself in the middle of a secure
    communications path and intercepts all communications.
   Sender believes they are communicating with the receiver when
    they are actually communicating with the attacker, and the
    attacker is communicated with the receiver.
Dictionary Attack
   Passwords are commonly stored as one-way hash values
   Attacker can one-way hash an entire dictionary of words and
    compare the hash values to the hashed passwords, likely finding
    at least one match
Replay Attack
   Attacker captures transmitted encrypted credentials and sends
    those same strings to the server at a later time to impersonate
    the user
             Homework
Read chapter 9
Visit the www.sans.org reading room.
Select and read 4 articles of your choice (I
recommend you look for ones that will help
you do your security audit group project).
Write a one paragraph summary of each
article and include the URL of each
document.