Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 9. Cryptography and the Public Key Infrastructure - Coggle Diagram
Chapter 9. Cryptography and the Public Key Infrastructure
Class Activity–Creating Codes
In this lab, you and a lab partner will use an online tool to encrypt and decrypt messages:
https://aesencryption.net/
Note
:Unencrypted messages are referred to as
plaintext
,while encrypted messages are referred to as
ciphertext
There are many different types of encryption algorithms used in modern networks. One of the most secure is the Advanced Encryption Standard (
AES
)
symmetric
encryption algorithm.
The
secret key
is used along with the encryption algorithm to encrypt the message. Only someone with knowledge of the secret key would be able to decrypt the message
Public Key Infrastructure
Cryptology
CIA Triad and non-repudiation
Confidentiality
- Guarantees that only authorized users can read the message. If the message is intercepted, it cannot be deciphered within a reasonable amount of time. Data confidentiality is implemented using
symmetric and asymmetric encryption algorithms.
Integrity
- Guarantees that the message was not altered. Any changes to data in transit will be detected. Integrity is ensured by implementing either Message Digest version 5 (
MD5
) or Secure Hash Algorithm (
SHA
) hash-generating algorithms.
Availability
- refers to the actual availability of your data.
Authentication
- Guarantees that the message is not a forgery and does actually come from whom it states. Many modern networks ensure authentication with protocols, such as hash message authentication code (HMAC).
Authorization
- Guarantees that authenticated users has access only for intended data or services
Accounting
- track/logs movements of users
Non-Repudiation
– Guarantees that the sender cannot repudiate, or refute, the validity of a message sent. Nonrepudiation relies on the fact that only the sender has the unique characteristics or signature for how that message is treated.
What is Cryptology
Cryptology
is the science of making and breaking secret codes.
Cryptology combines two separate disciplines
Cryptography
– This is the development and use of codes that are used for communicating privately. Specifically, it is the practice and study of techniques to secure communications.
Historically, cryptography was synonymous with encryption.
Cryptanalysis
– This is the breaking of those codes. Specifically, it is the practice and study of determining and exploiting weaknesses in cryptographic techniques.
Cryptography - Ciphers
Over the centuries, various cryptography methods, physical devices, and aids have been used to encrypt and decrypt text. The following historical ciphering examples are in displayed in Figure 1:
Scytale
: Scytale is a very simple transposition cipher used in ancient Greece and by spartans. A band is wrapped around a rod, a message is written, and when the band is unrolled a ciphertext appears.
Caesar Cipher
: It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet.
a|b|c|
d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t|u|v|w|x|y|z
d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t|u|v|w|x|y|z|
a|b|c
ROT13
("rotate by 13 places", sometimes hyphenated ROT-13) is a simple letter substitution cipher that replaces a letter with the 13th letter after it, in the alphabet.
🎥
Vigenère Cipher
: is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers, based on the letters of a keyword.
Enigma Machine
: is an encryption device developed and used in the early- to mid-20th century to protect commercial, diplomatic and military communication. It was employed extensively by Nazi Germany during World War II, in all branches of the German military.
Ciphers
Each of these encryption methods uses a specific algorithm, called a cipher.
Some types:
Substitution cipher
– Substitution ciphers retain the letter frequency of the original message. The Caesar cipher was a simple substitution cipher.
Transposition cipher
- In transposition ciphers, no letters are replaced; they are simply rearranged.
Polyalphabetic ciphers
- are based on substitution, using multiple substitution alphabets. The famous Vigenère cipher is an example.
Cryptanalysis
Cryptanalysis is often used by cyber criminals to decipher encrypted messages. While cryptanalysis is often linked to mischievous purposes, it is actually a necessity.
Cryptanalysis is also used by governments in military and diplomatic surveillance, and by enterprises in testing the strength of security procedures.
methods are used in cryptanalysis:
Brute-force method
- The cryptanalyst tries every possible key knowing that eventually one of them will work. All algorithms are vulnerable to brute force. If every possible key is tried, one of the keys has to work.
Ciphertext method -
The cryptanalyst has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext.
Known-Plaintext method
- The cryptanalyst has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext.
Chosen-Plaintext method
- The cryptanalyst chooses which data the encryption device encrypts and observes the ciphertext output.
Chosen-Ciphertext method
- The cryptanalyst can choose different ciphertext to be decrypted and has access to the decrypted plaintext.
Meet-in-the-Middle method
- The cryptanalyst knows a portion of the plaintext and the corresponding ciphertext.
No algorithm is unbreakable. It is an ironic fact of cryptography that it is impossible to prove that any algorithm is secure. It can only be proven that it is not vulnerable to known cryptanalytic attacks.
Keys
With modern technology, security of encryption lies in the secrecy of the keys, not the algorithm.
Two terms that are used to describe keys are:
Key length
- Also called the key size, this is measured in bits.
Keyspace
- This is the number of possibilities that can be generated by a specific key length.
Longer keys are more secure. However, they are also more resource intensive.
As key length increases, the keyspace increases exponentially.
The keyspace of an algorithm is the set of all possible key values. A key that has n bits produces a keyspace that has 2^n possible key values
Lab - Encrypting and Decrypting Data Using
OpenSSL
OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
It is also a general-purpose cryptography library.
openssl
aes-256-
cbc
-in
file.txt
-out
message.enc
The command will use
AES-256
to encrypt the text file
OpenSSL will ask for a password and for password confirmation. Provide the password as requested and be sure to remember the password.
To make the file readable, run the OpenSSL command again, but this time add the -a option. The -aoption tells OpenSSL to encode the encrypted message using a different encoding method of Base64 before storing the results in a file.
openssl
aes-256-cbc
-a -in
file.txt
-out
message.enc
Base64 is a group of similar binary-to-text encoding schemes used to represent binary data in an ASCII string format.
Decrypting the file
openssl aes-256-cbc –a
-d
-in message.enc -out decrypted_letter.txt
OpenSSL will ask for the password used to encrypt the file. Enter the same password again
Lab - Encrypting and Decrypting Data Using a Hacker Tool
Recover a password to decrypt a encrypted zip document using
fcrackzip
Recover Encrypted Zip File Passwords
Fcrackzip searches each zip file given for encrypted files and tries to
guess
the password using
brute-force
methods
See the help ft fcrackzip:
fcrackzip –h
fcrackzip -vul 1-4 file-1.zip
then wait and:
fcrackzip -vul 1-4 file-2.zip
then wait and:
fcrackzip -vul 1-4 file-3.zip
then wait and:
fcrackzip -vul 1-4 file-4.zip
then wait and:
fcrackzip -vul 1-4 file-5.zip
then wait
The password length could have been set to less than 1 – 4 characters.
It appears that longer passwords take more time to discover and therefore, they are more secure. However, a 6 character password would not deter a cybercriminal.
Create and Encrypt Files
-e
Encrypt the contents of the zip archive using a password which is entered on the terminal in response to a prompt
zip –e file-1.zip sample*
using a 1-character password of your choice, e.g.
W
zip –e file-2.zip sample*
using a 2-character password of your choice, e.g.
R2
zip –e file-3.zip sample*
using a 3-character password of your choice, e.g.
0B1
zip –e file-4.zip sample*
using a 4-character password of your choice, e.g.
Y0Da
zip –e file-5.zip sample*
using a 5-character password of your choice, e.g.
C-3P0
cd ~
mkdir Zip-Files
cd Zip-Files
echo This is a sample text file > sample-1.txt
echo This is a sample text file > sample-2.txt
echo This is a sample text file > sample-3.txt
The reason we created zip files with varying password lengths was to see if password length influences the time it takes to discover a password.
Lab - Examining Telnet and SSH in Wireshark
Install the telnet client: sudo apt-get install telnet
Install the telnet server: sudo apt-get install telnetd
• from the client capture traffic on port 23 (telnet) using
tcpdump
or
wireshark
:
sudo tcpdump -i wlo1 -nn -s0 -v -w ~/test_telnet.pcap host 192.168.0.17 and port 23
•
then
telnet the server:
telnet <ip_address> 23
• Stop the capture and open it with wireshark, use the
follow TCP stream
to check if data is visible
wlo1 is my interface
Logs for telnet
: /var/log/syslog (grep -Ei "Jun 7" /var/log/syslog | less )
Disabling telnet
for Unix systems running inetd:
https://www.phy.bnl.gov/cybersecurity/old/telnet.html
.
basically
: edit
/etc/inetd.conf
and comment out the telnetd entry and then refresh inetd (sudo systemctl reload/status inetd).
Install the ssh client: sudo apt-get install openssh-client
Install the ssh server: sudo apt-get install openssh-server
Logs for ssh
: /var/log/auth.log (grep -Ei "Jun 7" /var/log/auth.log | less )
• from the client capture traffic on port 22 (ssh) using
tcpdump
or
wireshark
:
sudo tcpdump -i wlo1 -nn -s0 -v -w ~/test_ssh.pcap host 192.168.0.17 and port 22
•
then
access the server using ssh:
ssh
user@ip
_address 22
• Stop the capture and open it with wireshark, use the
follow TCP stream
to check if data is visible
Optional
, use public key authentication to access via ssh without using a password each time:
https://www.ssh.com/ssh/copy-id
Cryptology part 2
Cryptographic Hash Functions
Hashes are used to verify and ensure data
integrity
. Hashing is based on a
one-way
mathematical function that is relatively easy to compute, but significantly
harder to reverse.
Hashing can also be used to verify
authentication
hash function takes a variable block of binary data, called the
message
, and produces a fixed-length, condensed representation, called the
hash
/message
digest
/digest, or
digital fingerprint
.
Every time the data is changed or altered, the hash value also changes. Because of this, cryptographic hash values are often called digital fingerprints.
A real-life example
Store the hash of password logins instead of the real passwords.
Use a function that asks for a passwords and then compute the hash and compare it within your database.I
In this way, if a malicious agent stole the database it will only get the hashes and not the real password, he cannot use the hashes because the systems asks for a password not for a hash.
MD5 and SHA