Encryption & Cryptography Encryption & Cryptography (What the chapter didn’t tell you) Practicum: Dell Computer Corporation (Planning Materiality andTolerable Misstatement)
A hash function or hash algorithm is a function for summarizing or probabilistically identifying data. Such a summary is known as a hash value or simply a hash, and the process of computing such a value is known as hashing A fundamental property of all hash functions is that if two hashes (according to the same function) are different, then the two inputs were different in some way The equality of two hash values does not guarantee the two inputs were the same. Hash Functions (e.g., MD5, SHA-1)
Authentication • Authentication verifies that the message has not been altered, and verifies the identity of the receiver or sender • In Secure Sockets Layer (SSL) • an authentication mechanism is used to verify the identity of the server or client who provide a certificate that is digitally signed by a recognized certificate authority (CA) • The integrity of the data is verified by signing each SSL bulk message
Certificate authority • A certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties • It is an example of a trusted third party • CA's are characteristic of many public key infrastructure (PKI) schemes • There are many commercial CAs that charge for their services • Institutions and governments may have their own CAs, and there are free CAs, • for example, CAcert.
Issuing a certificate • A CA will issue a public key certificate • which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate • A CA's obligation in such schemes is to verify an applicant's credentials, • so that users (relying parties) can trust the information in the CA's certificates • The usual idea is that if the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does indeed belong to whoever is identified in the certificate.
Subversion of CA • If the CA can be subverted, then the security of the system breaks down • For example, • suppose an attacker, Mallory, • manages to get a certificate authority to issue a false certificate tying Alice to the wrong public key, • known by Mallory • If Bob subsequently obtains and uses the public key in this certificate, the security of his communications could be compromised by Mallory • for example, his messages could be decrypted, • or he could be tricked into accepting forged signatures
Security Administration for CAs • Commercial CAs often use a combination of authentication techniques • including leveraging • government bureaus, • the payment infrastructure, • third parties databases and services, and • custom heuristics • According to the American Bar Association outline on Online Transaction Management • the primary points of federal and state statutes that have been enacted regarding digital signatures • has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents." • In large-scale deployments Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA), • so Bob's certificate may also include his CA's public key signed by a different CA2, • which is presumably recognizable by Alice • This process typically leads to a hierarchy or mesh of CAs and CA certificates.
Authorization certificate(different than a CA) • An authorization certificate • also known as an attribute certificate • is a digital document • that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use • The permission can be delegated. • A real life example of this can be found in the mobile software deployments by large service providers • and are typically applied to platforms such as Microsoft Smartphone, Symbian OS, J2ME, and others.
Public key certificate • A public key certificate (or identity certificate) • is a certificate which uses a digital signature • to bind together a public key with an identity • information such as the name of a person or an organization, their address, and so forth • The certificate can be used to verify that a public key belongs to an individual • A certificate typically includes: • The public key being signed. • A name, which can refer to a person, a computer or an organization • A validity period • The location (URL) of a revocation center
Use of Public key certificate • If Alice wants others to be able to send her secret messages, • she need only publish her public key. Anyone possessing it can then send her secure information. • Unfortunately, Mallory can also publish a public key (for which she knows the related private key) claiming it is Alice's and so receive at least some of the secret messages meant for her • But if Alice builds her public key into a certificate and has it digitally signed by a trusted third party (Trent), • anyone who trusts Trent can merely check the certificate to see whether • Trent thinks the embedded public key is Alice's. In typical Public-key Infrastructures (PKIs), Trent will be a CA, who is trusted by all participants. • In a web of trust, Trent can be any user, • and whether to trust that user's attestation that a particular public key belongs to Alice will be up to the person wishing to send a message to Alice
Secure Socket Layer • The Secure Sockets Layer (SSL) is a protocol to exchange data securely • SSL uses the Internet (that is, TCP/IP), as its communication mechanism • Commonly used browsers like IE, Firefox and Netscape, are equipped with SSL clients • When a Browser connects to a server securely, • for applications such as sending a credit card number • or viewing bank account or stock trade information, • the session initiates an SSL handshake • this is very computation intensive due to the use of public key encryption to exchange the symmetric keys that will be used to encrypt the data • The public key algorithms used in the handshake are RSA or Diffie-Hellman, among others. • Following the SSL handshake, there is encrypted data transfer • The SSL client in the browser encrypts the data and the SSL server on the Web server decrypts the data • The server response is encrypted by the server and decrypted by the browser • The data is not only encrypted, but also digitally signed • Some of the items that make SSL secure for communications are: • (1) the keys are never sent unencrypted, • (2) the identities of the sender and receiver can be verified, and • (3) the integrity of each message is authenticated
Password Cracking • Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system, typically, by repeatedly verifying guesses for the password • The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk), to gain unauthorized access to a system, or as a preventive measure by the system administrator to check for easily crackable passwords. • Passwords to access computer systems are usually stored • in a database in order for the system to perform password verification • To enhance the privacy of passwords, the stored password verification data is generally produced • by applying a one-way function to the password, • A hash function • Even though functions that create hashed passwords may be cryptographically secure, • possession of a hashed password provides a quick way to verify guesses for the password by applying the function to each guess, • and comparing the result to the verification data.
Cracking Methods • Password cracking is recovery of one or more plaintext passwords from hashed passwords • Password cracking requires that an attacker can gain access to a hashed password, either by reading the password verification database • e.g., via a Trojan Horse, virus program, or social engineering • or intercepting a hashed password sent over an open network, • or has some other way to rapidly and without limit test if a guessed password is correct. • Without the hashed password, the attacker can still attempt access to the computer system in question with guessed passwords • However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceed • With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high.
Methods • There are many ways of obtaining passwords illicitly, • social engineering, • wiretapping, • keystroke logging, • login spoofing, • dumpster diving, • phishing, • shoulder surfing, • timing attack, • acoustic cryptanalysis, • identity management system attacks and • compromising host security • However, cracking usually involves guessing
Guessing • Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. It may be: • blank • the word 'password' • the user's name or login name • the name of their significant other or another relative • their birthplace or date of birth • a pet's name • automobile licence plate number • and so on, • Some users even neglect to change the default password that came with their account on the computer system. • And some administrators neglect to change default account passwords provided by the operating system vendor or hardware supplier. • A famous example is the use of FieldService as a user name with Guest as the password. If not changed at system configuration time, anyone familiar with such systems will have 'cracked' an important password, and such service accounts often have higher access privileges than a normal user account. • The determined cracker can easily develop a computer program that accepts personal information about the user being attacked and generates common variations for passwords suggested by that information.
Dictionary attack • A dictionary attack also exploits the tendency of people to choose weak passwords, • Password cracking programs usually come equipped with "dictionaries", or word lists, with thousands or even millions of entries of several kinds, including: • words in various languages • names of people • places • commonly used passwords • The cracking program encrypts each word in the dictionary, and • simple modifications of each word, and • checks whether any match an encrypted password. • This is feasible because the attack can be automated and, on inexpensive modern computers, several thousand possibilities can be tried per second • Guessing, combined with dictionary attacks, have been repeatedly and consistently demonstrated for several decades to be sufficient to crack perhaps as many as 50% of all account passwords on production systems.
Brute force attack • Try every possible password up to some size, • This is known as a brute force attack. • As the number of possible passwords increases rapidly as the length of the password increases, this method is unlikely to be successful unless the password is relatively small • How small is too small? • A common current recommendation is 8 or more randomly chosen characters combining letters, numbers, and special (punctuation, etc) characters • Systems which limit passwords to numeric characters only, or upper case only, or, generally, which exclude possible password character choices make such attacks easier. • Using longer passwords in such cases (if possible on a particular system) can compensate for a limited allowable character set. • The real threat may be likely to be from smart brute-force techniques • that exploit knowledge about how people tend to choose passwords. • Most commonly used hashes can be implemented using specialized hardware, allowing faster attacks. Large numbers of computers can be harnessed in parallel, each trying a separate portion of the search space. Unused overnight and weekend time on office computers can also be used for this purpose.
Precomputation • Precomputation involves hashing each word in the dictionary • or any search space of candidate passwords • and storing the <plaintext, ciphertext> pairs in a way that enables lookup on the ciphertext field • This way, when a new encrypted password or is obtained, password recovery is instantaneous • There exist advanced precomputation methods that are even more effective. • By applying a time-memory tradeoff, a middle ground can be reached • a search space of size N can be turned into an encrypted database of size O(N2/3) in which searching for an encrypted password takes time O(N2/3). • The theory has recently been refined into a practical technique, and the online implementation at http://passcracking.com/ achieves impressive results on 8 character alphanumeric MD5 hashes.
Salting (a remedy) • The benefits of precomputation and memoization • can be nullified by randomizing the hashing process • This is known as salting • When the user sets a password, • a short string called the salt is suffixed to the password before encrypting it; • the salt is stored along with the encrypted password so that it can be used during verification • Since the salt is different for each user, • the attacker can no longer use a single encrypted version of each candidate password. • If the salt is long enough, the attacker must repeat the encryption of every guess for each user, • and this can only be done after obtaining the encrypted password record for that user.
Programs for password crackingJohn the Ripper • John the Ripper is password cracking software. Initially developed for the UNIX operating system, • It currently runs on fifteen different platforms. • It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects, and includes a customisable cracker. • The encrypted password formats which it can be run against include various DES formats, MD4, MD5, Kerberos AFS, and Windows LM hash. Additional modules have extended its ability to include passwords stored in LDAP, MySQL and others. • John is designed to discover weak passwords from the encrypted information in system files. It operates by taking text strings (usually from a file containing words found in a dictionary), encrypting it in the same format as the password being examined, and comparing the output to the encrypted string. It also offers a brute force mode.
Programs for password cracking L0phtCrack • L0phtCrack is a password auditing and recovery application (now called LC5), • originally produced by L0pht Heavy Industries (later produced by @stake and now by Symantec, which acquired @stake in 2004) • It is used to test password strength and to recover lost Microsoft Windows passwords, • by using dictionary, brute-force, and hybrid attacks. • It is one of the crackers' tools of choice