Post on 17-Oct-2020
transcript
Author: Prof Bill Buchanan
Data Loss Prevention
4. Encryption Public/private key.
Hashing.
Digital Certificates.
Disk Encryption.
Tunnels.
http://asecuritysite.com/dlp
Intr
oduc
tion
Enc
rypt
ion Trusted third party
Intruder
Author: Prof Bill Buchanan
Bob
Trent
Alice
Eve
Privacy (Private Key)
Identity (Public Key)
Integrity (Public/Private Key)
John
John
Enc
rypt
ion
Author: Prof Bill Buchanan
Encryption/
Decryption
Public key
Private key Public key
Private keyUsed to authenticate (RSA)
Key exchange (Diffie-Hellman)
Secret key used to encrypt/decrypt
(DES/3DES/AES)
Con
clus
ion
Enc
rypt
ion
Author: Prof Bill Buchanan
Communications
Channel
Encryption/
Decryption
Encryption/
Decryption
BobAlice
Eve
Public key
Private key Public key
Private key
Typical application:
Diffie-Hellman used to generate private-key.
Public-key used for authentication.
Private-key used for encryption.
Used to authenticate (RSA)
Key exchange (Diffie-Hellman)
Secret key used to encrypt/decrypt
(DES/3DES/AES)
John
John
John
John
RSA 2048 bits
Replace by:
ElGamal 160bits
Author: Prof Bill Buchanan
Da
ta L
oss
Det
ecti
on
/
Pre
ven
tio
n
Block or Stream?
Priv
ate-
key
met
hods
Enc
rypt
ion
Author: Prof Bill Buchanan
RC4. This is a stream encryption algorithm, and is used in wireless
communications (such as in WEP) and SSL (Secure Sockets).
RC4IV and
Key
+
Data stream
(eg 0101010 …. 010)
Pseudo infinite stream
(eg 1110000 … 100)
The IV (Initiation Vector)
gives variation in the
output for the same key
Cipher stream
(eg 1010110 … 110)
Data stream 0101010 … 010
Pseudo infinite stream 1110000 … 100
Cipher stream 1010110 … 110
+
Ex-OR operator
Author: Prof Bill Buchanan
Dat
a L
oss
Det
ecti
on
/
Pre
ven
tio
n
Private Key
Priv
ate
key
Enc
rypt
ion
Author: Prof Bill Buchanan
RC2. RC2. RC2 ("Rivest Cipher") is
a block cipher, and is seen as a
replacement for DES. It was created
by Ron Rivest in 1987, and is a 64-
bit block code and can have a key
size from 40 bits to 128-bits (in
increments of 8 bits). The 40-bit key
version is seen as weak, as the
encryption key is so small, but is
favoured by governments for export
purposes, as it can be easily
cracked. In this case the key is
created from a Key and an IV
(Initialisation Vector). The key has
12 characters (96 bits), and the IV
has 8 characters (64 bits), which go
to make the overall key.
DES. DES encryption algorithm is
block cipher and uses a 64-bit block
and a 64-bit encryption key.
3DES. DES encryption algorithm is
block cipher and uses a 64-bit block
and a 64-bit encryption key (of which
only 56 bits are actively used in the
encryption process). Unfortunately
DES has been around for a long
time, and the 56-bit version is now
easily crackable (in less than a day,
on fairly modest equipment). An
enhancement, and one which is still
fairly compatible with DES, is the 3-
DES algorithm. It has three phases,
and splits the key into two. Overall
the key size is typically 112 bits
(2x54 bits - with a combination of the
three keys - of which two of the keys
are typically the same). The
algorithm is EncryptK3( DecryptK2(
EncryptK1(message), where K1 and
K3 are typically the same (to keep
compatibility).
DES
Bruce Schneier created Twofish with
a general-purpose private key block
cipher encryption algorithm.
RC2
AES
AES. AES (or Rijndael) is a new
block cipher, and is the new
replacement for DES, and uses 128-
bit blocks with 128, 192 and 256 bit
encryption keys. It was selected by
NIST in 2001 (after a five year
standardisation process). The name
Rijndael comes from its Belgium
creators: Joan Daemen and Vincent
Rijmen.
Blowfish
Blowfish. Bruce Schneier created
Blowfish with a general-purpose
private key block cipher encryption
algorithm.
Blowfish (with CBC). Blowfishcbc.
With CBC we split the message into
blocks and encrypt each block. The
input from the first stage is the IV
(Initialisation Vector), and the input
to the following stages is the output
from the previous stage. In this
example we will use Blowfish to
encrypt, using CBC.
Twofish
Skipjack. Skip jack. Skipjack is a
block cipher, using private-key
encryption algorithm, and
designed by NSA.
Camellia. Camillia is a block
cipher created by Mitsubishi and
NTT.
RC4. RC4 is a stream cipher
used in WEP (in wireless
encryption).
Affine. Affine is a stream cipher
which uses an equation to
encrypt.
Others
DES
(Enc)
DES
(Dec)
DES
(Enc)
K1
K2
K1
Author: Prof Bill Buchanan
Da
ta L
os
s D
etec
tio
n/
Pre
ven
tio
n
Key Exchange
Logs
Enc
rypt
ion
Author: Prof Bill Buchanan
BobAlice
Eve
AxAy
(Ax)y Axy
A(x+y)
John
John
Logs
Enc
rypt
ion
Author: Prof Bill Buchanan
BobAlice
Eve
Private key
Ax AY
yx AAgreed number
Random value Random value
AxAY
Logs
Enc
rypt
ion
Author: Prof Bill Buchanan
BobAlice
Eve
Ax AY
yx AAgreed number
Random value Random value
AxAY
(AY)x (Ax)y
Author: Prof Bill Buchanan
Da
ta L
os
s D
etec
tio
n/
Pre
ven
tio
n
Public Key
RS
AE
ncry
ptio
n
Author: Prof Bill Buchanan
Select two primes (p,q)
Next, the n value is calculated. Thus:
n = p x q = 11 x 3 = 33
Next PHI is calculated by:
PHI = (p-1)(q-1) = 20
e selected so that GCD(e,PHI)=1
Public key: (n,e)
Pub
lic-k
ey e
ncry
ptio
nE
ncry
ptio
n
Author: Prof Bill Buchanan
Bob Select two prime numbers: a and b
n = a x b
e is chosen so that e and (a-1)x(b-1)
are relatively prime (no common
factor greater than 1)
Public key is now: <e,n>
d = e-1 mod [(a-1)x(b-1)]
Private key is now: <d,n>
Generating public and private keys
Pub
lic-k
ey e
ncry
ptio
nE
ncry
ptio
n
Author: Prof Bill Buchanan
Public key are keys which
relate to extremely large prime
numbers (as it is difficult to
factorise large prime
numbers). It is extremely
difficult to determine a private
key from a public key.
Public-key
Communications
ChannelEncryption Decryption
BobAlice
Eve
Public key
Private key
Public key
Private key
Public key generates two keys: A
public key and a private one. These are
special in that if one is applied to encrypt,
the other can be used to decrypt
Pub
lic-k
ey e
ncry
ptio
nE
ncry
ptio
n
Author: Prof Bill Buchanan
Once Bob encrypts the
message, the only key
which can decrypt it is
Alice’s private key.
Bob and Alice keep their
private keys secret.
Public-key
Communications
ChannelEncryption Decryption
BobAlice
Eve
Public key
Private key
Public key
Private key
Hello
H&$d.
Hello
B
C
D
A
A. Bob creates the message.
B. Bob encrypts with Alice’s public key
and sends Alice the encrypted message
C. Alice decrypts with her private key
D. Alice receives the message
Author: Prof Bill Buchanan
Dat
a L
oss
Det
ecti
on
/
Pre
ven
tio
n
Hash Values
Mes
sage
Has
hA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
How do we get a finger-print for data?
Bob
Solved by Prof Ron Rivest
with the MD5 hash
signature.
Data
Hello. How are you? Is
this okay?
EveWith a
fingerprint we
can hopefully tell
if Eve has
modified any of
the data
MD5 hash algorithm
Mes
sage
Has
hA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob
Hashing
Algorithm (MD5)
- 128 bit signature
hello
MD5 hash algorithm
XUFAKrxLKna5cZ2REBfFkg
ixqZU8RhEpaoJ6v4xHgE1wHello
CysDE5j+ZOUbCYZtTdsFiwHello. How are you?
j4NXH5Mkrk4j13N1MFXHtgNapier
Base-64
hello 5D41402ABC4B2A76B9719D911017C592
8B1A9953C4611296A827ABF8C47804D7Hello
CC708153987BF9AD833BEBF90239BF0FHello. How are you?
8F83571F9324AE4E23D773753055C7B6Napier
Hex
Mes
sage
Has
hA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob
Hashing
Algorithm (SHA-1)
- 160 bit signature
hello
SHA-1 hash algorithm
qvTGHdzF6KLavt4PO0gs2a6pQ00=
9/+ei3uy4Jtwk1pdeF4MxdnQq/A=Hello
Puh2Am76bhjqE5lbTWtwsqbdFC8=Hello. How are you?
v4GxNaVod2b09GR2Tqw4yopOuro=Napier
Base-64
hello AAF4C61DDCC5E8A2DABEDE0F3B482CD9AEA9434D
F7FF9E8B7BB2E09B70935A5D785E0CC5D9D0ABF0Hello
3EE876026EFA6E18EA13995B4D6B70B2A6DD142FHello. How are you?
BF81B135A5687766F4F464764EAC38CA8A4EBABANapier
Hex
Mes
sage
Has
hA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob
Hashing
Algorithm (MD5)
- 128 bit signature
Security and mobility are two
of the most important issues
on the Internet, as they will
allow users to secure their
data transmissions, and also
break their link with physical
connections.
MD5 hash algorithm
Base-64
8A8BDC3FF80A01917D0432800201CFBF
Hex
F94FBED3DAE05D223E6B963B9076C4EC
Security and mobility are two
of the mast important issues
on the Internet, as they will
allow users to secure their
data transmissions, and also
break their link their physical
connections.
+U++09rgXSI+a5Y7kHbE7A==
iovcP/gKAZF9BDKAAgHPvw==
Has
h m
etho
dsH
ash
Author: Prof Bill Buchanan
root@kali:~# echo -n “hello” | openssl md5
(stdin)= 5d41402abc4b2a76b9719d911017c592
root@kali:~# echo -n “hello” | md5sum
5d41402abc4b2a76b9719d911017c592 -
root@kali:~# openssl md5 pw
MD5(pw)= 859b6a9be3b45262c4414bd1696ba91b
root@kali:~# md5sum pw
859b6a9be3b45262c4414bd1696ba91b pw
Hash methods supported:
md2 md4 md5 rmd160 sha
sha1
OpenSSL
Mes
sage
Has
hA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Hashing
Algorithm (MD5)
- 128 bit signature
MD5 hash algorithm
[Path] / filename MD5 sum-----------------------------------------------------------------[C:\Windows\System32\]12520437.cpx 0a0feb9eb28bde8cd835716343b03b1412520850.cpx d69ae057cd82d04ee7d311809abefb2a8point1.wav beab165fa58ec5253185f32e124685d5aaclient.dll ad45dedfdcf69a28cbaf6a2ca84b5f1eAC3ACM.acm 59683d1e4cd0b1ad6ae32e1d627ae25fAc3audio.ax 4b87d889edf278e5fa223734a9bbe79aac3filter.cpl 10b27174d46094984e7a05f3c36acd2aaccessibilitycpl.dll ac4cecc86eeb8e1cc2e9fe022cff3ac1ACCTRES.dll 58f57f2f2133a2a77607c8ccc9a30f73acledit.dll 0bcee3f36752213d1b09d18e69383898 . . .ZSHP1020.CHM c671ed21e6d27c94a49a754e975f5e0aZSHP1020.EXE 96e45ab81a9e8da835009d0650996401ZSHP1020.HLP a076932c7b1d590d6fffab727a4abc6aZSPOOL.DLL fae332da4762c6779a3845810405924fZTAG.DLL 7ca836648e40709797d9f3bff56679eeZTAG32.DLL 27b026cc7ee3b42745c3362603fbfc52
Files/folders Hash signatures are used to
gain a signature for files, so
that they can be checked if
they have been changed.
Hash signature
[Path] / filename MD5 sum----------------------------------------------------[C:\Windows\system32\]12520437.cpx Cg/rnrKL3ozYNXFjQ7A7FA==12520850.cpx 1prgV82C0E7n0xGAmr77Kg==8point1.wav vqsWX6WOxSUxhfMuEkaF1Q==aaclient.dll rUXe39z2mijLr2osqEtfHg==AC3ACM.acm WWg9HkzQsa1q4y4dYnriXw==Ac3audio.ax S4fYie3yeOX6Ijc0qbvnmg==
Mes
sage
Has
hA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Hashing
Algorithm (MD5)
- 128 bit signature
MD5 hash algorithm
Files/folders
Hash signatures are used to
identify that a file/certificate
has not been changed.
Hash signature
Bob
The digital
certificate has an
SHA-1 hash
thumbprint
(3f6a...89) which
will be checked,
and if the
thumbprint is
different, the
certificate will be
invalid.
Risk 4: One Password Fits All
150 million accounts
compromised
# Count Ciphertext Plaintext--------------------------------------------------------------1. 1911938 EQ7fIpT7i/Q= 1234562. 446162 j9p+HwtWWT86aMjgZFLzYg== 1234567893. 345834 L8qbAD3jl3jioxG6CatHBw== password4. 211659 BB4e6X+b2xLioxG6CatHBw== adobe1235. 201580 j9p+HwtWWT/ioxG6CatHBw== 123456786. 130832 5djv7ZCI2ws= qwerty7. 124253 dQi0asWPYvQ= 12345678. 113884 7LqYzKVeq8I= 1111119. 83411 PMDTbP0LZxu03SwrFUvYGA== photoshop10. 82694 e6MPXQ5G6a8= 123123
1 million accounts – in
plain text. 77 million
compromised
47 million accounts
200,000 client accounts
Dropbox
compromised 2013
One account hack … leads to others
6.5 million accounts
(June 2013)
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
3. Hashing and Authentication
http://asecuritysite.com/crypto
Salting
Sal
ting
Enc
rypt
ion
Author: Prof Bill Buchanan
password
password
$1$fred$bATAk8UUH/IDAp9sd6IUv/
1
fred
bATAk8UUH/IDAp9sd6IUv/
bATAk8UUH/IDAp9sd6IUv/
fred
C:\openssl>openssl passwd -1 -salt fred password
$1$fred$bATAk8UUH/IDAp9sd6IUv/
# cat /etc/shadowroot:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7:::# openssl passwd -1 -salt Etg2ExUZ redhat$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
$ openssl versionOpenSSL 1.0.1f 6 Jan 2014
$ openssl dgst -md5 fileMD5(file)= b1946ac92492d2347c6235b4d2611184
$ openssl genrsa -out mykey.pem 1024Generating RSA private key, 1024 bit long modulus.............................................................................++++++...++++++e is 65537 (0x10001
$ openssl rsa -in mykey.pem -pubout > mykey.pubwriting RSA key
$ cat mykey.pub-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXv9HSFkpM+ZoOQcpdHBZiUwX8EzIKm0nsgjc5ZTYVaF9CMLtmKoTzep7aQX9o9nKepFt1kQ73Ta9vOPd6CX61/cgYXy2tShw0imrtFaVDFjX+7kLmc0uWbFFCoZMtJxIaXaa9SV2kARxOCTJ2uOjRTCCeXU09IJGHnIhSNJeIJQIDAQAB-----END PUBLIC KEY-----
$ cat /etc/shadowroot:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7:::
$ openssl passwd -1 -salt Etg2ExUZ redhat$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
Author: Prof Bill Buchanan
Da
ta L
oss
Det
ecti
on
/
Pre
ven
tio
n
Authentication with
Private Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Alice’s Public Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Alice’s Public Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Alice’s Public Key
Hello Alice,
Wish you were
here!
- Bob
Bob.
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Alice’s Public Key
Hello Alice,
Wish you were
here!
- Bob
Bob.
Bob’s Private Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Hello Alice,
Wish you were
here!
- Bob
Bob.
Alice’s Public KeyAlice’s Public Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Hello Alice,
Wish you were
here!
- Bob
Bob.
Which key to open the message?
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Hello Alice,
Wish you were
here!
- Bob
Bob.
Which key to open the message?
Alice’s Private Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Hello Alice,
Wish you were
here!
- Bob
Bob.
Which key to we open the signature
with?
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Hello Alice,
Wish you were
here!
- Bob
Bob.
Bob’s Public Key
Public key encryption … secret … identity ... trust
Bob’s Private Key
Bob’s Public Key
Alice’s Public Key
Alice’s Private Key
Eve Trent
Hello Alice,
Wish you were
here!
- Bob
Bob.
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Using Bob’s private key to authenticate himself
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob encrypts the message/hash with Alice’s public key
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Alice’s
private
key
Alice’s
public
key
Encrypted
Content
Alice
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob encrypts the message/hash with Alice’s public key
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Alice’s
private
key
Alice’s
public
key
Encrypted
Content
Alice
Encrypted
Content
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Alice decrypts the message
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Alice’s
private
key
Alice’s
public
key
Encrypted
Content
Alice
Encrypted
Content
Message
Encrypted
MD5
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Alice decrypts the message
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Encrypted
Content
Alice
Encrypted
Content
Message
Encrypted
MD5
MD5 (message)
MD5 (result)Alice compares the MD5
values. If they are the
same … Bob sent the
message
Author: Prof Bill Buchanan
Dat
a L
oss
Det
ecti
on
/
Pre
ven
tio
n
Digital Certificates
Identity on the Internet
Eve
Identifies it is trusted(Digital Certificate)
Bob Trap-door
Keeps communications secure (encryption)
Trent
Dig
ital C
ert.
Aut
hent
icat
ion
Author: Prof Bill Buchanan
Bob
Digital certificates should only be distributed with the public key
This certificate has both
public and private keyThis certificate has only
the public key
Dig
ital C
ert.
Aut
hent
icat
ion
Author: Prof Bill Buchanan
Bob
Digital certificates should only be distributed with the public key
-----BEGIN CERTIFICATE-----MIID2zCCA4WgAwIBAgIKWHROcQAAAABEujANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJHQjERMA8GA1UEChMIQXNjZXJ0aWExJjAkBgNVBAsTHUNsYXNzIDEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQDEw1Bc2NlcnRpYSBDQSAxMB4XDTA2MTIxNzIxMDQ0OVoXDTA3MTIxNzIxMTQ0OVowgZ8xJjAkBgkqhkiG9w0BCQEWF3cuYnVjaGFuYW5AbmFwaWVyLmFjLnVrMQswCQYDVQQGEwJVSzEQMA4GA1UECBMHTG90aGlhbjESMBAGA1UEBxMJRWRpbmJ1cmdoMRowGAYDVQQKExFOYXBpZXIgVW5pdmVyc2l0eTELMAkGA1UECxMCSVQxGTAXBgNVBAMTEFdpbGxpYW0gQnVjaGFuYW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCFETyJL8VXAhbEMRzQI0gM81ci75nMmsOamjZcb6fhGeMgoWmYcoscmQkrVjAKnoS+4mXznhcy3mdOb+sZbwOVaXM5FOxhSrV+Q86hsK8cDc+1sqyJ8TQtufuDNs0NfNY6tR6q7CgGqQ8/VjSxNqzK39iLUF1ahhyCet/ab6O/qWzL4iVsz2nmL4dyAuyilhLPlVbppHGdE6sDQXWYd0CpfVZN7pauD5fqBESfO6bUkCieI47AzRMQj3kHuDt7MexVW7aoX+nXLP4wn7IamaxasFQvhdOKyCZhYs82JQDGatXRCqkklztmZW5i6GkPsE7XVuX265WJQ5afhp2hYlAgMBAAGjggEXMIIBEzAdBgNVHQ4EFgQUzyZ/YcCJwT5opPHLPlcQKkOlkJwwYwYDVR0jBFwwWoAUlP5Zh0V700k6CorvRMWB9ifVkBmhP6Q9MDsxCzAJBgNVBAYTAkdCMREwDwYDVQQKEwhBc2NlcnRpYTEZMBcGA1UEAxMQQXNjZXJ0aWEgUm9vdCBDQYIBDTBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vd3d3LmFzY2VydGlhLmNvbS9PbmxpbmVDQS9jcmxzL0FzY2VydGlhQ0ExL2NsYXNzMS5jcmwwPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwOi8vb2NzcC5nbG9iYWx0cnVzdGZpbmRlci5jb20vMA0GCSqGSIb3DQEBBQUAA0EATOCwGJ1tS0kTlupmpjkMl8IdxMmD5WuhszjBlGsMhPxIH+vXhL9yaOw+Prpzy7ajS4/3xXU8vRANhyU9yU4qDA==-----END CERTIFICATE-----
P7b format
The main certificate
formats include:
P7b. Text format
PFX/P12. Binary.
SST. Binary.
Dig
ital C
ert.
Aut
hent
icat
ion
Author: Prof Bill Buchanan
Encrypting messages to Alice
Communications
ChannelEncryption Decryption
BobAlice
Eve
Hello
H&$d.
Hello
B
C
D
A
A. Bob creates the message.
B. Bob encrypts with Alice’s public key
and sends Alice the encrypted message
C. Alice decrypts with her private key
D. Alice receives the message
Alice sends
her digital
certificate with
her public key
on it
Alice’s private
key
Dig
ital C
ert.
Aut
hent
icat
ion
Author: Prof Bill Buchanan
Authenticating Bob
Communications
ChannelEncryption/
Decryption
Encryption/
Decryption
BobAlice
Hello
H&$d.
Hello
B
C
D
A
Bob sends his
Digital certificate
to authenticate
himself
Alice’s private
key
Hash
Hash
Alice checks the hash
using Bob’s public key
from his certificate
Bob’s private
key
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
5. Disk Encryption
http://asecuritysite.com/crypto
Introduction
EF
SD
isk
Enc
rypt
ion
Author: Prof Bill Buchanan
EFS
EFS – Drive or
Folder encryption
Encryption
key
Public key
Header
Private key
CER file – Contains
certificate.
PFX – Contains
certificate and private
key.
Mar
ket
Dis
k E
ncry
ptio
n
Author: Prof Bill Buchanan
Disk Encryption
Microsoft
Bitlocker
TrueCrypt
Axanum
(.AXX)
McAfee Endpoint
Encryption
Encryption Software
Check Point Full
Disk Encryption
Software
Sophos SafeGuard
Disk Encryption
File/Folder
Encryption
Disk
Encryption
FIP
S 1
40-2
Dis
k E
ncry
ptio
n
Author: Prof Bill Buchanan
Disk Encryption
Lowest level with limited requirements.
FIPS (Federal
Information Processing
Standards) 140-2 Level
1
Physical tamper-resistance.
Identity-based authentication.
Physical or logical separation between the
interfaces by which where the key security
parameters are entered or passed.
Physical tamper-evidence.
Role-based authentication.
Physical security requirements more stringent.
Robustness against environmental attacks.
FIPS 140-2 Level 2
FIPS 140-2 Level 3
FIPS 140-2 Level 4
Role access (Admin)
Identity access (Fred)
Isolation
barrier
NIST publish 140 publication
series for cryptography
FIPS 140-2 May 2001
FIPS 140-3 Software
limited to L1/L2.
O/S must be
compliant for Level 2
and above
Acc
ess
Dis
k E
ncry
ptio
n
Author: Prof Bill Buchanan
Disk Encryption
Password or
passphrase
OTP device such as
an RSA tokenBiometric device
(eg fingerprint
reader) with Trusted
Platform Module
which holds the
actual encryption key
NapI5r123$File/Folder
Encryption
Disk
Encryption
Multi-factor
authentication uses
two or more of
these
USB drive with
encryption key
Acc
ess
Dis
k E
ncry
ptio
n
Author: Prof Bill Buchanan
Disk Encryption
Encryption Layer
Directory
structure
Disk Storage Cloud
Storage
API/DLL
Integration
(c:, d:, etc)
File Image
Non-encrypted
In memory
Non-encrypted in transit
Non-encrypted in storage
Disk Image
Author: Prof Bill Buchanan
Da
ta L
oss
Det
ecti
on
/
Pre
ven
tio
n
TrueCrypt
Tru
eCry
ptD
isk
Enc
rypt
ion
Author: Prof Bill Buchanan
Disk Encryption
PBKDF2
(Password-
based Key
Derivation
Function) RFC
2898
Header (contains
material keys)
Encryption: AES, Serpent,
Twofish
Authentication: RIPEMD-160,
SHA-512, Whirlpool
Password
Salt (512-bit)
DK = PBKDF2(PRF, Password,Salt, c, dkLen)
DK = PBKDF2(HMAC-SHA1, passphase, ssid,4096,256)
Header Key
(dkLen)
TrueCryptAdvantages: Open-source. Windows/Linux/OS X. Free
Disadvantages: If you lose the pass phrase – almost
impossible to recover. Current support is patchy.
Serpent. Ross Anderson et al. 1998. 256-bit key.
128-bit block (one of the AES finalists).
Twofish. Bruce Schneier et all. 1998. 256-bit key.
128-bit block (one of the AES finalists).
AES. FIPS-approved (Rijndael). 1998. 256-bit key.
128-bit block.
Serpent AES
AES-Serpent
TC
Dis
k E
ncry
ptio
n
Author: Prof Bill Buchanan
TrueCrypt
Author: Prof Bill Buchanan
Dat
a L
oss
Det
ecti
on
/
Pre
ven
tio
n
Detecting Enc/Comp
Det
ectin
gD
isk
Enc
rypt
ion
Author: Prof Bill Buchanan
Detecting compression/enc
File Compression
PKZIP: 50 4B 03 04 [PK]
GZIP: 1F 8B 08
Tar: 75 73 74 61 72
Zlib: 78 01, 78 9C or 78 DA
[00000000] 50 4B 03 04 14 00 02 00 08 00 80 9D 6C 39 DA 4D PK..........l9.M[00000016] B8 0F 90 01 00 00 27 06 00 00 09 00 00 00 61 6E ......'.......an[00000032] 69 6D 2E 78 61 6D 6C ED 54 D1 4E 83 30 14 7D 37 im.xaml.T.N.0.}7[00000048] F1 1F 9A 7E 00 C5 69 4C 24 B0 C4 CD A9 0F 6A 96 ...~..iL$.....j.[00000064] 8D 64 CF 15 EE A0 B1 B4 A4 2D 8A 7F 6F 2D 6C 63 .d.......-..o-lc[00000080] CA 14 13 1F 7C 90 A7 02 E7 9C 7B EF 39 E9 0D 57 ....|.....{.9..W[00000096] 4C A4 F2 05 D5 C1 94 53 AD 23 BC 2A D7 97 65 C9 L......S.#.*..e.
File Encryption 47 c3 dd 4e 94 15 ce af 76 d6 94 9d 5d 82 88 9934 d3 db 0d e4 ae af 57 e3 87 62 fd 14 7e f5 7d02 7a 67 40 2b 2c 71 41 24 92 9d 54 1c 75 bb 540b f8 95 a9 92 d7 33 ad 2f 00 cb 8c 9f 90 66 49b2 bd 0f 90 52 e3 aa 0a 59 6b 78 65 1f 5b 35 190f e3 32 ed c3 f0 04 88 67 51 33 cb 03 40 9f 3b
Author: Prof Bill Buchanan
Da
ta L
oss
Det
ecti
on
/
Pre
ven
tio
n
SSL/TLS
Sta
ckT
unne
lling
Author: Prof Bill Buchanan
Network protocols
Cables, Signals
Ethernet,
PPP, HDLC
IP, IPX, ARP,
ICMP
TCP, UDP, SPX
HTTP, FTP
Telnet, POP-3
IMAP, SMTP
Physical
Data Link
Network
Transport
Application
Sta
ckT
unne
lling
Author: Prof Bill Buchanan
Network protocols
Cables, Signals
Ethernet,
PPP, HDLC
IP, IPX, ARP,
ICMP
TCP, UDP, SPX
HTTP, FTP
Telnet, POP-3
IMAP, SMTP
Physical
Data Link
Network
Transport
Application
Physical
Data Link
Network
Transport
Application
SSL
HTTPS (HTTP + SSL)
FTP (FTP+SSL)
SSH (Telnet+SSL)
Ports
HTTP 80 HTTPs 443
TELNET 23 SSH 22
SMTP 25 SMTPs 465
POP-3 110 POP-3s 995
SSL 1.0
SSL 2.0
SSL 3.0 [0x0300]
SSL 3.1 (TLS 1.0) [0x0301]
TLS 1.1 and 1.2 [0x0302]
Secure Socket Layer
Transport Layer Socket
Sta
ckT
unne
lling
Author: Prof Bill Buchanan
TLS
Physical
Data Link
Network
Transport
Application
SSL
TCP [SYN] to Port 443
TCP [SYN,ACK] from Port 443
TCP [ACK] to Port 443
Client Hello (Start of Handshake)
Sta
ckT
unne
lling
Author: Prof Bill Buchanan
TLS
Client Hello192.168.0.20
Server Hello
66.211.169.66
Sta
ckT
unne
lling
Author: Prof Bill Buchanan
TLS
Client Hello192.168.0.20
Server Hello
66.211.169.66
Client Key Exchange
Public key
TC
Dis
k E
ncry
ptio
n
Author: Prof Bill Buchanan
TrueCrypt
billbuchanan@Bills-MacBook-Pro:~$ openssl s_client -connect www.google.com:443CONNECTED(00000003)depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CAverify error:num=20:unable to get local issuer certificateverify return:0---Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority---Server certificate-----BEGIN CERTIFICATE-----MIIEdjCCA16gAwIBAgIISVyALWN+akUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE---SOx4I5L0D0jZYqKfJuImGcFwdIETq0EpCmkhJfGNHjVdzC/h/T61TmaY-----END CERTIFICATE-----subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.comissuer=/C=US/O=Google Inc/CN=Google Internet Authority G2---No client certificate CA names sent---SSL handshake has read 3719 bytes and written 446 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256Server public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 9D92CEC32FA9F86C6D902081EE186C4FC68234FFF7B903D6621A86C98092BD51 Session-ID-ctx: Master-Key: B8A14DB1D3021E80B53F30EA94D2EEA155A995B926879B08E3D971EB16873D16F62929899E2FA368D374716DB14A412B Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 100800 (seconds) TLS session ticket: 0000 - fa 8d cb 50 53 3d 99 c8-b4 11 20 0c ca 53 e9 bd ...PS=.... ..S.. 0010 - f8 8e 15 14 ec 82 c1 56-ab d9 9b 36 c2 56 b0 db .......V...6.V.. 0020 - 2b d4 07 56 a5 02 ac 1f-34 fa 72 21 fd 7c ba 97 +..V....4.r!.|.. 0030 - 2a ae e9 20 04 ef 8a e5-a0 57 28 3a c7 67 04 ac *.. .....W(:.g.. 0040 - 7d 14 bf b0 6d 96 9f cb-eb 0c 0a 40 07 5f a6 84 }...m......@._.. 0050 - e2 3b 98 0b e7 f4 b1 e1-04 be 15 6b 36 a5 57 b3 .;.........k6.W. 0060 - 11 98 f2 f4 20 fe b5 7f-6b 10 4e 7a f9 b5 6d 02 .... ...k.Nz..m. 0070 - 30 ec 07 e6 f0 c0 49 81-31 6b 30 f9 b0 d3 c4 25 0.....I.1k0....% 0080 - 62 f3 92 33 e8 25 cc 22-32 84 54 e6 0e 76 b1 45 b..3.%."2.T..v.E 0090 - 3a 60 83 cf 1b b0 97 7d-05 03 47 20 29 12 d9 8d :`.....}..G )... 00a0 - 6f 5a b4 f2 oZ..
Start Time: 1413136351 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)
TLS_RSA_WITH_AES_256_CBC_SHA256 Key: RSA Enc: AES_256_CBC Hash: SHA256TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Key ex: DH_DSS Enc: 3DES_EDE_CBC Hash: SHA
Client Hello:
Versions:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
(rfc5246)
Server Hello:
Version:
TLS_RSA_WITH_RC4_128_SHA
Key Exchange:
Public key (RSA)
Encryption: RC4
Hash: 128-bit
SHA (SHA-1)
SS
LT
unne
lling
Author: Prof Bill Buchanan
SSL Tunnelling
Client Hello:
Versions:
TLS_RSA_WITH_RC4_128_SHA
(rfc5246)
Server Hello:
Version:
TLS_RSA_WITH_RC4_128_SHA
Key Exchange:
Public key (RSA)
Encryption: RC4
Hash: 128-bit
SHA (SHA-1)
Session key
Public key
Private key
Tunnel created (RC4, Hash: SHA-1)
Author: Prof Bill Buchanan
Data Loss Prevention
4. Encryption Public/private key.
Hashing.
Digital Certificates.
Disk Encryption.
Tunnels.
http://asecuritysite.com/dlp