Ethical HackingCHAPTER 12 – ENCRYPTION

ERIC VANDERBURG

2Expiration, Revocation, and Suspension of Certificates

A period of validity is assigned to each certificate After that date, the certificate expires

A certificate can be renewed with a new expiration date assigned If the keys are still valid and remain uncompromised

Reasons to suspend or revoke a certificate A user leaves the company

A hardware crash causes a key to be lost

A private key is compromised

3Expiration, Revocation, and Suspension of Certificates (continued) Certificate Revocation List (CRL)

Contains all revoked and suspended certificates

Issued by CAs

Suspension of a certificate might be done when one or more parties fail to honor agreements Suspension makes it easier to restore if the parties come to an

agreement at a later date

4Backing Up Keys

Backing up keys is critical If keys are destroyed and not backed up properly, encrypted

business-critical information might be irretrievable

The CA is usually responsible for backing up keys A key recovery policy is also part of the CA’s responsibility

5Microsoft Root CA Available in Windows Server 2003 and Windows 2000

Server

Steps for setting up a Microsoft Root CA Install the Certificate Services

Note that after installing this service the name of the domain or computer cannot change

Configuring a Windows server as a CA (four options)

Enterprise root CA

Enterprise subordinate CA

Stand-alone root CA

Stand-alone subordinate CA

6Microsoft Root CA (continued)

Steps for setting up a Microsoft Root CA (continued) Specify options to generate certificates, including

Cryptographic Service Provider

Hash algorithm

Key length

7Understanding Cryptographic Attacks

Attacks studied so far are passive attacks

Active attacks attempt to determine the secret key being used to encrypt plaintext

Cryptographic algorithms are usually public Follows the open-source culture

8Birthday Attack Old adage

If 23 people are in a room, two will share the same birthday

Birthday attacks are used to find the same hash value for two different inputs

A birthday attack is used to reveal any mathematical weaknesses in hashing algorithms

SHA-1 uses a 160-bit key Theoretically, it would require 280 computations to break

SHA-1 has already been broken

9Mathematical Attacks

Properties of the algorithm are attacked by using mathematical computations

Categories Ciphertext-only attack

The attacker has the ciphertext of several messages but not the plaintext

Attacker tries to find out the key used to encrypt the messages

Attacker can capture ciphertext using a sniffer program such as Ethereal or Tcpdump

10Mathematical Attacks (continued)

Categories (continued) Known plaintext attack

The attacker has messages in both encrypted form and decrypted forms

This attack is easier to perform than the ciphertext-only attack

Looks for patterns in both plaintext and ciphertext

Chosen-plaintext attack

The attacker has access to plaintext and ciphertext

Attacker has the ability to choose which message to encrypt

11Mathematical Attacks (continued)

Categories (continued) Chosen-ciphertext attack

The attacker has access to the ciphertext to be decrypted and to the resulting plaintext

Attacker needs access to the cryptosystem to perform this type of attack

12Brute Force Attack

An attacker tries to guess passwords by attempting every possible combination of letters Requires lots of time and patience

Password-cracking program

John the Ripper

13Man-in-the-Middle Attack

Attackers place themselves between the victim computer and another host computer

They then intercept messages sent from the victim to the host and pretend to be the host computer

This type of attack follows this process Gloria sends her public key to Bruce, and you, the attacker, intercept

the key and send Bruce your public key

Bruce sends Gloria his public key. You intercept this key and send your public key to Gloria

14Man-in-the-Middle Attack (continued)

This type of attack follows this process (continued) Gloria sends an encrypted message to Bruce but uses your key

You can decrypt the message with your private key

You reencrypt the message using Bruce’s public key and send it to Bruce

Bruce answers Gloria with another encrypted message with your public key

You can decrypt the message with your private key

You reencrypt the message using Gloria’s public key and send it to Gloria

15Dictionary Attack

Attacker uses a dictionary of known words to try to guess passwords There are programs that can help attackers run a dictionary attack

16Replay Attack

The attacker captures data and attempts to resubmit the captured data The device thinks a legitimate connection is in effect

If the captured data was logon information, the attacker could gain access to a system and be authenticated

17Understanding Password Cracking

Password cracking is illegal in the United States It is legal to crack your own password if you forgot it

You must first obtain the password file from the system that stores user names and passwords File is stored in the /Etc/Passwd or /Etc/Shadow directory for

*NIX systems

A dictionary attack can be performed on the file by using automated programs

18Understanding Password Cracking (continued)

Password cracking programs John the Ripper

Hydra (THC)

EXPECT

L0phtcrack

Pwdump3v2

Steps for cracking passwords Run the Pwdump2 program to get hash values of user

accounts

Perform a brute force attack using John the Ripper

19Summary Cryptography has been in existence since the dawn of

civilization

Ciphertext: data that has been encrypted

Cleartext or plaintext: data than can be intercepted and read by anyone

Symmetric cryptography: uses one key to encrypt and decrypt data Examples: DES, DEA, 3DES, and AES

Asymmetric cryptography: uses two keys, one key to encrypt and another to decrypt data Examples: RSA, Elgamal, Diffie-Hellman

20Summary (continued)

Digital Signature Standard (DSS): ensures that digital signatures can be verified

PGP: free public key encryption program to encrypt e-mail messages

Hashing algorithms are used to verify data integrity

Public key infrastructure (PKI): structure made up of many different components used to encrypt data

Digital certificate: binds a public key to information about its owner Issued by a Certificate Authority (CA)

21Summary (continued)

Active attacks Birthday attacks

Brute force attacks

Man-in-the-middle attacks

Replay attacks

Dictionary attacks