Ethical HackingCHAPTER 12 – ENCRYPTION
ERIC VANDERBURG
2Expiration, Revocation, and Suspension of Certificates
A period of validity is assigned to each certificate After that date, the certificate expires
A certificate can be renewed with a new expiration date assigned If the keys are still valid and remain uncompromised
Reasons to suspend or revoke a certificate A user leaves the company
A hardware crash causes a key to be lost
A private key is compromised
3Expiration, Revocation, and Suspension of Certificates (continued) Certificate Revocation List (CRL)
Contains all revoked and suspended certificates
Issued by CAs
Suspension of a certificate might be done when one or more parties fail to honor agreements Suspension makes it easier to restore if the parties come to an
agreement at a later date
4Backing Up Keys
Backing up keys is critical If keys are destroyed and not backed up properly, encrypted
business-critical information might be irretrievable
The CA is usually responsible for backing up keys A key recovery policy is also part of the CA’s responsibility
5Microsoft Root CA Available in Windows Server 2003 and Windows 2000
Server
Steps for setting up a Microsoft Root CA Install the Certificate Services
Note that after installing this service the name of the domain or computer cannot change
Configuring a Windows server as a CA (four options)
Enterprise root CA
Enterprise subordinate CA
Stand-alone root CA
Stand-alone subordinate CA
6Microsoft Root CA (continued)
Steps for setting up a Microsoft Root CA (continued) Specify options to generate certificates, including
Cryptographic Service Provider
Hash algorithm
Key length
7Understanding Cryptographic Attacks
Attacks studied so far are passive attacks
Active attacks attempt to determine the secret key being used to encrypt plaintext
Cryptographic algorithms are usually public Follows the open-source culture
8Birthday Attack Old adage
If 23 people are in a room, two will share the same birthday
Birthday attacks are used to find the same hash value for two different inputs
A birthday attack is used to reveal any mathematical weaknesses in hashing algorithms
SHA-1 uses a 160-bit key Theoretically, it would require 280 computations to break
SHA-1 has already been broken
9Mathematical Attacks
Properties of the algorithm are attacked by using mathematical computations
Categories Ciphertext-only attack
The attacker has the ciphertext of several messages but not the plaintext
Attacker tries to find out the key used to encrypt the messages
Attacker can capture ciphertext using a sniffer program such as Ethereal or Tcpdump
10Mathematical Attacks (continued)
Categories (continued) Known plaintext attack
The attacker has messages in both encrypted form and decrypted forms
This attack is easier to perform than the ciphertext-only attack
Looks for patterns in both plaintext and ciphertext
Chosen-plaintext attack
The attacker has access to plaintext and ciphertext
Attacker has the ability to choose which message to encrypt
11Mathematical Attacks (continued)
Categories (continued) Chosen-ciphertext attack
The attacker has access to the ciphertext to be decrypted and to the resulting plaintext
Attacker needs access to the cryptosystem to perform this type of attack
12Brute Force Attack
An attacker tries to guess passwords by attempting every possible combination of letters Requires lots of time and patience
Password-cracking program
John the Ripper
13Man-in-the-Middle Attack
Attackers place themselves between the victim computer and another host computer
They then intercept messages sent from the victim to the host and pretend to be the host computer
This type of attack follows this process Gloria sends her public key to Bruce, and you, the attacker, intercept
the key and send Bruce your public key
Bruce sends Gloria his public key. You intercept this key and send your public key to Gloria
14Man-in-the-Middle Attack (continued)
This type of attack follows this process (continued) Gloria sends an encrypted message to Bruce but uses your key
You can decrypt the message with your private key
You reencrypt the message using Bruce’s public key and send it to Bruce
Bruce answers Gloria with another encrypted message with your public key
You can decrypt the message with your private key
You reencrypt the message using Gloria’s public key and send it to Gloria
15Dictionary Attack
Attacker uses a dictionary of known words to try to guess passwords There are programs that can help attackers run a dictionary attack
16Replay Attack
The attacker captures data and attempts to resubmit the captured data The device thinks a legitimate connection is in effect
If the captured data was logon information, the attacker could gain access to a system and be authenticated
17Understanding Password Cracking
Password cracking is illegal in the United States It is legal to crack your own password if you forgot it
You must first obtain the password file from the system that stores user names and passwords File is stored in the /Etc/Passwd or /Etc/Shadow directory for
*NIX systems
A dictionary attack can be performed on the file by using automated programs
18Understanding Password Cracking (continued)
Password cracking programs John the Ripper
Hydra (THC)
EXPECT
L0phtcrack
Pwdump3v2
Steps for cracking passwords Run the Pwdump2 program to get hash values of user
accounts
Perform a brute force attack using John the Ripper
19Summary Cryptography has been in existence since the dawn of
civilization
Ciphertext: data that has been encrypted
Cleartext or plaintext: data than can be intercepted and read by anyone
Symmetric cryptography: uses one key to encrypt and decrypt data Examples: DES, DEA, 3DES, and AES
Asymmetric cryptography: uses two keys, one key to encrypt and another to decrypt data Examples: RSA, Elgamal, Diffie-Hellman
20Summary (continued)
Digital Signature Standard (DSS): ensures that digital signatures can be verified
PGP: free public key encryption program to encrypt e-mail messages
Hashing algorithms are used to verify data integrity
Public key infrastructure (PKI): structure made up of many different components used to encrypt data
Digital certificate: binds a public key to information about its owner Issued by a Certificate Authority (CA)
21Summary (continued)
Active attacks Birthday attacks
Brute force attacks
Man-in-the-middle attacks
Replay attacks
Dictionary attacks