Chapter 11
Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
What Is Steganography?
• Steganography
– Process of hiding the existence of the data within another file
– Example: Embedding information into a high bit-depth host file so that it is not detectable
– Host files can include: Image files, audio files, and video files
• Steganalysis
– The scientific determination of the presence of embedded data within a host file.
Scientific Explanation of Steganography
• The act of concealing information within the trivial bit space of a file (Phan, Raphael, & Ling, 2003).
• Uses the Least Significant Byte (LSB) of an image (or other host file)
• Process conceals the information from view via the associated normal file viewing application assigned to the file extension (Mangarae, 2006).
• Data extraction embedded within the host file requires an identical algorithm to be used in order to account for the method (e.g. bit shifting).
– Data may be further protected from extraction by passwords or encryption inside the file space.
• Steganography artifacts are not an automatic indicator of malicious intent.
– These tools are commonly used to apply invisible watermarks on copyrighted materials such as images and videos to prevent unauthorized usage and theft (Nelson, Phillips, Enfinger, & Steuart, 2008 p. 376).
Summary - Steganography
• Process of hiding the existence of the data within another file
• Uses the Least Significant Byte (LSB) of an image (or other host file)
• Process conceals the information from view via the associated normal file viewing application assigned to the file extension (Mangarae, 2006).
• Data extraction embedded within the host file requires an identical algorithm to be used in order to account for the method (e.g. bit shifting).
• Data may be further protected from extraction by passwords or encryption inside the file space.
Defining Cryptography
• Cryptography
– Science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it
– Practical Applications: Understanding how cryptography can be used as a security tool to protect data
– Appropriate Uses: Applying different types of Cryptographic Applications to the appropriate situation
– Legalities of Use (export restrictions, law enforcement implication, etc…)
• One of the most famous ancient cryptographers was Julius Caesar
– Shifted each letter of his messages to his generals three places down in the alphabet
– Encryption: Changing the original text to a secret message using cryptography – Decryption: Change the secret message back to its original form
Cryptography and Security
• Cryptography can provide basic security for information:
– Protects confidentiality of information – Protect the integrity of the information – Can help ensure the availability of the data
– Can provide verification (authenticity) of the sender through non-repudiation
Summary - Cryptography:
• Cryptography: Science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it
– One of the most famous ancient cryptographers was Julius Caesar
• Encryption: Changing the original text to a secret message using cryptography
• Decryption: Change the secret message back to its original form
• Cryptography can:
– Protects confidentiality and integrity of information
– Help ensure the availability and provide verification (authenticity) of the sender through non-repudiation
Cryptographic Algorithms
• There are three categories of cryptographic algorithms:
– Hashing algorithms
– Symmetric encryption algorithms – Asymmetric encryption algorithms
Hashing
– Also called a one-way hash
– A process for creating a unique “signature” for a set of data
• This signature, called a hash or digest, represents the contents
• Hashing ensures integrity and:
– Information is in its original form
– No unauthorized person or malicious software has altered the data
• Hash’s are one-way and can not be reversed
• To be considered a Secure hashing algorithm:
– Ciphertext hash is a fixed size
– Two different sets of data cannot produce the same hash, which is known as a collision
– It should be impossible to produce a data set that has a desired or predefined hash – The resulting hash ciphertext cannot be reversed
• The hash serves as a check to verify the message contents
• Hash values are often posted on Internet sites
– In order to verify the file integrity of files that can be downloaded Hash Types:
Message Digest (MD)
– One common hash algorithm
• Three versions
– Message Digest 2 (MD2) – Message Digest 4 (MD4) – Message Digest 5 (MD5)
• Secure Hash Algorithm (SHA)
– A more secure hash than MD hash series – Consists of a family of hashes
– SHA-1
• Patterned after MD4
• Creates 160 bit hash instead of 128 bits that MD4 uses – SHA-2
• Four variations:
• SHA-224
• SHA-256
• SHA-384
• SHA-512
• Considered secure
• Whirlpool
– A relatively recent cryptographic hash function
– Has received international recognition and adoption by standards organizations
– Creates a hash of 512 bits
• Password Hashes
• Another use for hashes is in storing passwords
– When a password for an account is created, the password is hashed and stored – Microsoft – Uses either LM (LAN Manager) or NTLM hash algorithms
– Linux - Most systems use password-hashing algorithms such as MD5 – Apple - Mac OS X uses SHA-1 hashes
Summary - Hashing
• 3 categories of cryptographic algorithms are: Hashing; Symmetric encryption; and Asymmetric encryption
• Hashing is a One-Way function that creates a unique “signature” for a set of data that ensures integrity
• To be considered a Secure the Ciphertext hash is a fixed size; avoid collisions; and the resulting hash ciphertext cannot be reversed
• Secure Hash Algorithm (SHA) is more secure hash than MD hash series, consisting of family of hashes that include SHA-1 and SHA-2
• Password Hashing Algorithms by OS: Microsoft –either LM or NTLM; Linux - Most use MD5;
Apple Mac OS X uses SHA-1
Symmetric Cryptographic Algorithms
• Symmetric cryptographic algorithms
– Single key to encrypt and decrypt a message – Also called Private Key Cryptography
• Stream cipher
– Takes one character and replacesit with another – Substitution cipher
• Simplest type of stream cipher
• Substitutes one letter or character for another
• Transposition cipher
– More complicated stream cipher
– Rearranges letters without changing them
• Most symmetric ciphers combine the cipher stream with the plaintext to create the ciphertext
– The process is accomplished through the exclusive OR (XOR) binary logic operation
• One-Time Pad (OTP)
– Combines a truly random key with the plaintext
• Block cipher
– Manipulates an entire block of plaintext at one time – Plaintext is divided into separate blocks of 8-16 bytes
• Each block is encrypted independently
• Block cipher advantages and disadvantages
– Fast when the plaintext is short
– More prone to attack because stream does not vary
– Considered more secure because the output is more random – Cipher is reset to its original state after each block is processed
• Results in the ciphertext being more difficult to break
• Data Encryption Standard (DES)
– One of the first widely popular symmetric cryptography algorithms – DES is a block cipher and encrypts data in 64-bit blocks
• However, the 8-bit parity bit is ignored so the effective key length is only 56 bits
– Uses a single round of encryption
– Uses prior block’s cypher block to calculate the next blocks key
• Triple Data Encryption Standard (3DES) – Pronounced as Triple DES – Designed to replace DES – Uses three rounds of
encryption instead of just one
• Advanced Encryption Standard (AES)
– Approved by the NIST in late 2000 as a replacement for DES – Performs 3 steps on every block (128 bits) of plaintext
– Within Step 2, multiple rounds are performed depending upon the key size
• 10 Rounds – 128 bit key
• 12 Rounds – 192-bit key
• 14 Rounds – 256-bit key
– Within each round, bytes are substituted and rearranged, and then special ultiplication is performed based on the new arrangement
• Symmetric Cryptographic Algorithms (cont.)
• Several other Symmetric cryptographic algorithms are also used:
– Rivest Cipher (RC) family from RC1 to RC6 – International Data Encryption Algorithm (IDEA) – Blowfish
– Twofish
Summary – Symmetric Cryptography
• Symmetric cryptographic algorithms: Uses a single Key; referred to as Private Key Cryptography
• Stream cipher: Takes one character and replaces it with another
• Substitution cipher: Simplest type of stream cipher; Substitutes one letter or character for another
• Transposition cipher: More complicated stream cipher; Rearranges letters without changing them
• One-Time Pad (OTP): Combines a truly random key with the plaintext
• Block cipher: Manipulates entire blocks of plaintext at one time; encrypts each block independently
– Advantages and Disadvantages
– Fast when the plaintext is short and considered more secure because output is more random
– More prone to attack because stream does not vary
• Data Encryption Standard (DES): First widely popular block symmetric cryptography algorithms; encrypts data in 64-bit blocks (effective key length is only 56 bits due to parity bits); and uses a single round of encryption
• Triple Data Encryption Standard (3DES): Designed to replace DES and uses three rounds of encryption
• Advanced Encryption Standard (AES): Replacement for DES, uses multiple rounds – Asymmetric Cryptographic Algorithms
Asymmetric cryptographic algorithms
– Also known as public key cryptography (PKI) – Uses 2 keys instead of one
• The public key is known and freely distributed to everyone
• The private key is known only to the recipient of the message
• Data Encrypted by one key may only be decrypted by the other
• Asymmetric cryptography can also be used to create a digital signature – A digital signature can:
• Verify the sender
• Prove the integrity of the message
• Prevent the sender from disowning the message
• Used as a legal non-repudiation mechanism
• Uses Mathematically related cryptographic key pairs
• Asymmetric Digital Signatures
Summary – Asymmetric Cryptography
• Asymmetric cryptographic algorithms:
– known as public key cryptography (PKI)
– Uses 2 keys known as the public (known) and private (Secret) keys – Data Encrypted by one key may only be decrypted by the other
• Digital signatures can:
– Verify the sender
– Prove the integrity of the message
– Prevent the sender from disowning the message – Used as a legal non-repudiation mechanism
– Uses Mathematically related cryptographic key pairs
Cryptographic Algorithms Index
RSA
• Most common asymmetric cryptography algorithm
• RSA multiplies two large prime numbers p and q – To compute their product (n=pq)
– A number e is chosen that is less than n and a prime factor to (p-1)(q-1) – Another number d is determined, so that (ed-1) is divisible by (p-1)(q-1)
• Public key is the pair (n,e)
• Private key is (n,d)
Diffie-Hellman
– Allows two users to share a secret key securely over a public network – Once the key has been shared
• Then both parties can use it to encrypt and decrypt messages using symmetric cryptography
Elliptic curve cryptography
– Uses special geometric shapes called elliptic curves
• An elliptic curve is a function drawn on an X-Y axis as a gently curved line
– By adding the values of two points on the curve, you can arrive at a third point on the curve
– The public aspect of an elliptic curve cryptosystem is that users share an elliptic curve and one point on the curve
Summary
• RSA: Most common asymmetric cryptography algorithm; multiplies two large prime numbers to generate mathematically related key pairs called the Public and Private keys
• Diffie-Hellman: Allows two users to share a secret key securely over a public network using symmetric cryptography
• Elliptic Curve: Function drawn on an X-Y axis as a gently curved line; used to generate complex keys
• Using Cryptography on Files and Disks
• Cryptography can also be used to protect large numbers of files on a system or an entire disk
– Encryption – prevents unauthorized viewing of information
• Reversible
– Hashing – Verifies integrity of transmitted data
• Not reversible File and File System Cryptography
• File system: A method used by operating systems to store, retrieve, and organize files
• Pretty Good Privacy (PGP): One of the most widely used asymmetric cryptography system for files and e-mail messages on Windows systems
• GNU Privacy Guard (GPG): Open-source version of PGP
• PGP and GPG use both asymmetric & symmetric cryptography
• Microsoft Windows Encrypting File System (EFS)
– A cryptography system for Windows operating systems – Uses Windows NTFS file system
– Tightly integration with file system enables transparent file encryption and decryption
– EFS encrypts the data as it is written to disk – Can be assigned to individual files or folders
– If folder assigned, any file moved from the folder is decrypted at time of the move operation
• Whole disk encryption
– Cryptography applied to entire disks
• Windows BitLocker
• A hardware-enabled data encryption feature
• Can encrypt the entire Windows volume
• Includes Windows system files as well as all user files
• Encrypts the entire system volume, including the Windows Registry and any temporary files that might hold confidential information
• Can be integrated with a Trusted Platform Module for enhanced security
• Trusted Platform Module (TPM)
– A chip on the motherboard that provides cryptographic services – Includes a true random number generator
– Measures and tests key components as the computer is starting up
– Alterations to key configuration parameters require revalidation of system trust – Computer that do not support hardware-based TPM allow encryption keys to be
stored on external flash drives
• Bitlocker Bonus Information
– GPO’s can be set to force storage of recovery keys in AD
– Access to Recovery keys in AD can be restricted to specific security groups
– Changes in hardware state requires re-entry of the Bitlocker key (prevents theft of hard drive)
– Complicates the forensic process
– Can’t Ghost system and redeploy to new hardware if Bitlockered
Summary File System Cryptography
• PGP and GPG: Both use asymmetric & symmetric cryptography
• Microsoft Windows Encrypting File System (EFS): tightly integrated cryptography system for Windows; uses NTFS; enables transparent file encryption and decryption
• Whole disk encryption: Cryptography applied to entire disks
– Windows BitLocker: Hardware-enabled data encryption; encrypts the entire system volume to include Registry, temporary, and User files
– Trusted Platform Module (TPM): Chip on the motherboard; provides cryptographic services; Includes a true random number generator – Summary
• Cryptography is the science of transforming information into a secure form while it is being transmitted or stored so that unauthorized users cannot access it
• Hashing creates a unique signature, called a hash or digest, which represents the contents of the original text
• Symmetric cryptography, also called private key cryptography, uses a single key to encrypt and decrypt a message
• Asymmetric cryptography, also known as public key cryptography, uses two keys instead of one
• Cryptography can also be used to protect large numbers of files on a system or an entire disk
