Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example: Embedding information into a high bit-depth host file so that it is not detectable Host files can include: Image files, audio files, and video files Steganalysis The scientific determination of the presence of embedded data within a host file. Scientific Explanation of Steganography The act of concealing information within the trivial bit space of a file (Phan, Raphael, & Ling, 2003). Uses the Least Significant Byte (LSB) of an image (or other host file) Process conceals the information from view via the associated normal file viewing application assigned to the file extension (Mangarae, 2006). Data extraction embedded within the host file requires an identical algorithm to be used in order to account for the method (e.g. bit shifting). Data may be further protected from extraction by passwords or encryption inside the file space. Steganography artifacts are not an automatic indicator of malicious intent. These tools are commonly used to apply invisible watermarks on copyrighted materials such as images and videos to prevent unauthorized usage and theft (Nelson, Phillips, Enfinger, & Steuart, 2008 p. 376). Summary - Steganography Process of hiding the existence of the data within another file Uses the Least Significant Byte (LSB) of an image (or other host file) Process conceals the information from view via the associated normal file viewing application assigned to the file extension (Mangarae, 2006). Data extraction embedded within the host file requires an identical algorithm to be used in order to account for the method (e.g. bit shifting). Data may be further protected from extraction by passwords or encryption inside the file space.

Defining Cryptography Cryptography Science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it Practical Applications: Understanding how cryptography can be used as a security tool to protect data Appropriate Uses: Applying different types of Cryptographic Applications to the appropriate situation Legalities of Use (export restrictions, law enforcement implication, etc ) One of the most famous ancient cryptographers was Julius Caesar Shifted each letter of his messages to his generals three places down in the alphabet Encryption: Changing the original text to a secret message using cryptography Decryption: Change the secret message back to its original form Cryptography and Security Cryptography can provide basic security for information: Protects confidentiality of information Protect the integrity of the information Can help ensure the availability of the data Can provide verification (authenticity) of the sender through non-repudiation Summary - Cryptography: Cryptography: Science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it One of the most famous ancient cryptographers was Julius Caesar Encryption: Changing the original text to a secret message using cryptography Decryption: Change the secret message back to its original form Cryptography can: Protects confidentiality and integrity of information Help ensure the availability and provide verification (authenticity) of the sender through non-repudiation Cryptographic Algorithms There are three categories of cryptographic algorithms: Hashing algorithms Symmetric encryption algorithms Asymmetric encryption algorithms

Hashing Also called a one-way hash A process for creating a unique signature for a set of data This signature, called a hash or digest, represents the contents Hashing ensures integrity and: Information is in its original form No unauthorized person or malicious software has altered the data Hash s are one-way and can not be reversed To be considered a Secure hashing algorithm: Ciphertext hash is a fixed size Two different sets of data cannot produce the same hash, which is known as a collision It should be impossible to produce a data set that has a desired or predefined hash The resulting hash ciphertext cannot be reversed The hash serves as a check to verify the message contents Hash values are often posted on Internet sites In order to verify the file integrity of files that can be downloaded Hash Types: Message Digest (MD) One common hash algorithm Three versions Message Digest 2 (MD2) Message Digest 4 (MD4) Message Digest 5 (MD5) Secure Hash Algorithm (SHA) A more secure hash than MD hash series Consists of a family of hashes SHA-1 Patterned after MD4 Creates 160 bit hash instead of 128 bits that MD4 uses SHA-2 Four variations: SHA-224 SHA-256 SHA-384 SHA-512 Considered secure Whirlpool A relatively recent cryptographic hash function Has received international recognition and adoption by standards organizations

Creates a hash of 512 bits Password Hashes Another use for hashes is in storing passwords When a password for an account is created, the password is hashed and stored Microsoft Uses either LM (LAN Manager) or NTLM hash algorithms Linux - Most systems use password-hashing algorithms such as MD5 Apple - Mac OS X uses SHA-1 hashes Summary - Hashing 3 categories of cryptographic algorithms are: Hashing; Symmetric encryption; and Asymmetric encryption Hashing is a One-Way function that creates a unique signature for a set of data that ensures integrity To be considered a Secure the Ciphertext hash is a fixed size; avoid collisions; and the resulting hash ciphertext cannot be reversed Secure Hash Algorithm (SHA) is more secure hash than MD hash series, consisting of family of hashes that include SHA-1 and SHA-2 Password Hashing Algorithms by OS: Microsoft either LM or NTLM; Linux - Most use MD5; Apple Mac OS X uses SHA-1 Symmetric Cryptographic Algorithms Symmetric cryptographic algorithms Single key to encrypt and decrypt a message Also called Private Key Cryptography Stream cipher Takes one character and replacesit with another Substitution cipher Simplest type of stream cipher Substitutes one letter or character for another Transposition cipher More complicated stream cipher Rearranges letters without changing them Most symmetric ciphers combine the cipher stream with the plaintext to create the ciphertext The process is accomplished through the exclusive OR (XOR) binary logic operation One-Time Pad (OTP) Combines a truly random key with the plaintext Block cipher Manipulates an entire block of plaintext at one time Plaintext is divided into separate blocks of 8-16 bytes Each block is encrypted independently Block cipher advantages and disadvantages

Fast when the plaintext is short More prone to attack because stream does not vary Considered more secure because the output is more random Cipher is reset to its original state after each block is processed Results in the ciphertext being more difficult to break Data Encryption Standard (DES) One of the first widely popular symmetric cryptography algorithms DES is a block cipher and encrypts data in 64-bit blocks However, the 8-bit parity bit is ignored so the effective key length is only 56 bits Uses a single round of encryption Uses prior block s cypher block to calculate the next blocks key Triple Data Encryption Standard (3DES) Pronounced as Triple DES Designed to replace DES Uses three rounds of encryption instead of just one Advanced Encryption Standard (AES) Approved by the NIST in late 2000 as a replacement for DES Performs 3 steps on every block (128 bits) of plaintext Within Step 2, multiple rounds are performed depending upon the key size 10 Rounds 128 bit key 12 Rounds 192-bit key 14 Rounds 256-bit key Within each round, bytes are substituted and rearranged, and then special ultiplication is performed based on the new arrangement Symmetric Cryptographic Algorithms (cont.) Several other Symmetric cryptographic algorithms are also used: Rivest Cipher (RC) family from RC1 to RC6 International Data Encryption Algorithm (IDEA) Blowfish Twofish Summary Symmetric Cryptography Symmetric cryptographic algorithms: Uses a single Key; referred to as Private Key Cryptography Stream cipher: Takes one character and replaces it with another Substitution cipher: Simplest type of stream cipher; Substitutes one letter or character for another Transposition cipher: More complicated stream cipher; Rearranges letters without changing them

One-Time Pad (OTP): Combines a truly random key with the plaintext Block cipher: Manipulates entire blocks of plaintext at one time; encrypts each block independently Advantages and Disadvantages Fast when the plaintext is short and considered more secure because output is more random More prone to attack because stream does not vary Data Encryption Standard (DES): First widely popular block symmetric cryptography algorithms; encrypts data in 64-bit blocks (effective key length is only 56 bits due to parity bits); and uses a single round of encryption Triple Data Encryption Standard (3DES): Designed to replace DES and uses three rounds of encryption Advanced Encryption Standard (AES): Replacement for DES, uses multiple rounds Asymmetric Cryptographic Algorithms Asymmetric cryptographic algorithms Also known as public key cryptography (PKI) Uses 2 keys instead of one The public key is known and freely distributed to everyone The private key is known only to the recipient of the message Data Encrypted by one key may only be decrypted by the other Asymmetric cryptography can also be used to create a digital signature A digital signature can: Verify the sender Prove the integrity of the message Prevent the sender from disowning the message Used as a legal non-repudiation mechanism Uses Mathematically related cryptographic key pairs Asymmetric Digital Signatures Summary Asymmetric Cryptography Asymmetric cryptographic algorithms: known as public key cryptography (PKI) Uses 2 keys known as the public (known) and private (Secret) keys Data Encrypted by one key may only be decrypted by the other Digital signatures can: Verify the sender Prove the integrity of the message Prevent the sender from disowning the message Used as a legal non-repudiation mechanism Uses Mathematically related cryptographic key pairs

Cryptographic Algorithms Index RSA Most common asymmetric cryptography algorithm RSA multiplies two large prime numbers p and q To compute their product (n=pq) A number e is chosen that is less than n and a prime factor to (p-1)(q-1) Another number d is determined, so that (ed-1) is divisible by (p-1)(q-1) Public key is the pair (n,e) Private key is (n,d) Diffie-Hellman Allows two users to share a secret key securely over a public network Once the key has been shared Then both parties can use it to encrypt and decrypt messages using symmetric cryptography Elliptic curve cryptography Uses special geometric shapes called elliptic curves An elliptic curve is a function drawn on an X-Y axis as a gently curved line By adding the values of two points on the curve, you can arrive at a third point on the curve The public aspect of an elliptic curve cryptosystem is that users share an elliptic curve and one point on the curve Summary RSA: Most common asymmetric cryptography algorithm; multiplies two large prime numbers to generate mathematically related key pairs called the Public and Private keys Diffie-Hellman: Allows two users to share a secret key securely over a public network using symmetric cryptography Elliptic Curve: Function drawn on an X-Y axis as a gently curved line; used to generate complex keys Using Cryptography on Files and Disks Cryptography can also be used to protect large numbers of files on a system or an entire disk Encryption prevents unauthorized viewing of information Reversible Hashing Verifies integrity of transmitted data Not reversible File and File System Cryptography File system: A method used by operating systems to store, retrieve, and organize files

Pretty Good Privacy (PGP): One of the most widely used asymmetric cryptography system for files and e-mail messages on Windows systems GNU Privacy Guard (GPG): Open-source version of PGP PGP and GPG use both asymmetric & symmetric cryptography Microsoft Windows Encrypting File System (EFS) A cryptography system for Windows operating systems Uses Windows NTFS file system Tightly integration with file system enables transparent file encryption and decryption EFS encrypts the data as it is written to disk Can be assigned to individual files or folders If folder assigned, any file moved from the folder is decrypted at time of the move operation Whole disk encryption Cryptography applied to entire disks Windows BitLocker A hardware-enabled data encryption feature Can encrypt the entire Windows volume Includes Windows system files as well as all user files Encrypts the entire system volume, including the Windows Registry and any temporary files that might hold confidential information Can be integrated with a Trusted Platform Module for enhanced security Trusted Platform Module (TPM) A chip on the motherboard that provides cryptographic services Includes a true random number generator Measures and tests key components as the computer is starting up Alterations to key configuration parameters require revalidation of system trust Computer that do not support hardware-based TPM allow encryption keys to be stored on external flash drives Bitlocker Bonus Information GPO s can be set to force storage of recovery keys in AD Access to Recovery keys in AD can be restricted to specific security groups Changes in hardware state requires re-entry of the Bitlocker key (prevents theft of hard drive) Complicates the forensic process Can t Ghost system and redeploy to new hardware if Bitlockered Summary File System Cryptography PGP and GPG: Both use asymmetric & symmetric cryptography Microsoft Windows Encrypting File System (EFS): tightly integrated cryptography system for Windows; uses NTFS; enables transparent file encryption and decryption

Whole disk encryption: Cryptography applied to entire disks Windows BitLocker: Hardware-enabled data encryption; encrypts the entire system volume to include Registry, temporary, and User files Trusted Platform Module (TPM): Chip on the motherboard; provides cryptographic services; Includes a true random number generator Summary Cryptography is the science of transforming information into a secure form while it is being transmitted or stored so that unauthorized users cannot access it Hashing creates a unique signature, called a hash or digest, which represents the contents of the original text Symmetric cryptography, also called private key cryptography, uses a single key to encrypt and decrypt a message Asymmetric cryptography, also known as public key cryptography, uses two keys instead of one Cryptography can also be used to protect large numbers of files on a system or an entire disk