Before we start

Being ethical is not necessarily following ones feelings;

feelings frequently deviate from what is ethical
Often because of the way one is raised, ethics and religion are coupled;
but ethics is not confined to religion nor is the same as religion
Being ethical is not solely following the law.
Elements of practical ethics through basic philosophy:
Ethical thought
Ethical definition
Ethical values
Example: If a person conceives of engineering activity as only making
money, then one's definition of practical ethics, one's actions and values
will, be guided by this basic philosophical position.

Security in:
Client / Workstation / Terminal
Intra-networks
Inter-networks

In terms of:
Physical Security
Non-Physical Security

Security Threats (sources, causes, people behind) :

Hackers
Crackers
Script Kiddies
Unethical Employees (logic bombs, backdoor,)
Cyberterrorists
Corporate Spy
Worm / Virus / Trojan (incl. keyloggers,)
Spoofing / Sniffing / Phishing
DoS / DDoS attacks
Hoax / Spam
...

Examples:

Examples (cont):
Virtual Private Network (VPN)

Generic Routing Encapsulation (GRE)

Remote Access VPN

Encapsulation Security Payload (ESP)

Site to Site (Router to Router) VPN

Example of Phishing:

Hackers Code of Ethics:

Hacker creed (Steven Levys Hackers: Heroes of
Computer Revolution - 1984 ):
Access to computers should be unlimited and
total.
Always yield to the Hands-On Imperative
All information should be free.
Mistrust authority -- promote decentralization.
Hackers should be judged by their hacking.
You can create art and beauty on a computer.
Computers can change your life for the better.

New Code of Ethics (90s) - Steven Mizrach :

"Above all else, do no harm"
Protect Privacy
"Waste not, want not."
Exceed Limitations
The Communicational Imperative
Leave No Traces
Share!
Self Defense
Hacking Helps Security
Trust, but Test!

Hackers Code of Ethics:

Old code vs new code
Are new hackers aware of the original
hacker ethics?
Are new hackers aware of any hacker
ethics?
Influence of technology and social issues
on changes in hacker ethics
Similarity between the old and new ethics
and ethical continuity

Ethical Issues in Security Courses

Maturity Level

Majority of computer hackers are under the

age of 25 and many of them are college
students

Course material (some include: trying

DDOS, writing and spreading a virus,)

Comfort Level

Responsible presentation

Virus and Worms

Defining Cryptography

Objectives
Define cryptography
Describe hashing
List the basic symmetric cryptographic
algorithms
Describe how asymmetric cryptography
works
List types of file and file system
cryptography

What Is Cryptography?
Cryptography - scrambles data
The science of transforming information into
an unintelligible form while it is being
transmitted or stored so that unauthorized
users cannot access it
Steganography - hides data
Hides the existence of the data
What appears to be a harmless image can
contain hidden data embedded within the
image
Can use image files, audio files, or even video
files to contain hidden information

Steganography

Caesar Cipher
Used by Julius Caesar
Caesar shifted each letter of
his messages to his generals
three places down in the
alphabet
So BURN THE BRIDGE
becomes
EXUQ WKH EUKFIG

AD
B E
CF
DG
EH
FI
G J
HK

Encryption and Decryption

Encryption
Changing the original text to a
secret message using cryptography
Decryption
Change the secret message back to
its original form

Cryptography and Security

Cryptography can provide:
Confidentiality of information
Integrity of the information

Availability of the data

To users with the key

Guarantee Authenticity of the sender

Enforce Non-repudiation
Sender cannot deny sending the message

Information Protection by
Cryptography

Cryptographic Algorithms

Cryptographic Algorithms
There are three categories of
cryptographic algorithms:
Hashing algorithms
Symmetric encryption
algorithms
Asymmetric encryption
algorithms

Hashing Algorithms

Hashing Algorithms
Hashing is a one-way process

Converting a hash back to the original data is

difficult or impossible

A hash is a unique signature for a set of

data

This signature, called a hash or digest,

represents the contents

Hashing is used only for integrity to

ensure that:

Information is in its original form

No unauthorized person or malicious software has
altered the data

Hashing Algorithms (continued)

Link Ch 11a

Hashing Algorithm Security

A hashing algorithm is considered secure if:
The ciphertext hash is a fixed size
Two different sets of data cannot produce the
same hash, which is known as a collision
It should be impossible to produce a data set
that has a desired or predefined hash
The resulting hash ciphertext cannot be
reversed to find the original data

Preventing a Man-in-the-Middle
Attack with Hashing

Hashing Algorithms (continued)

Hash values are often posted on
Internet sites
In order to verify the file integrity of
files that can be downloaded

Hashing Algorithms Only

Ensure Integrity

Message Digest
Also known as hash function or oneway transformation.
Transforms a message of any length
and computes a fixed length string.
We want it to be hard to guess what
the message was given only the digest.
Guessing is always possible.

75

Message Digest (MD)

Message Digest (MD) algorithm

One common hash algorithm

Three versions

Message Digest 2 (MD2)

Message Digest 4 (MD4)
Message Digest 5 (MD5)

Suffer from collisions

Not secure

Secure Hash Algorithm (SHA)

More secure than MD
A family of hashes
SHA-1
Patterned after MD4, but creates a hash that
is 160 bits in length instead of 128 bits
SHA-2
Comprised of four variations, known as SHA224, SHA-256, SHA-384, and SHA-512
Considered to be a secure hash

SHA-3 is Being Chosen Now

Password Hashes
Another use for hashes is in storing passwords

When a password for an account is created, the

password is hashed and stored

The Microsoft NT family of Windows operating

systems hashes passwords in two different
forms

LM (LAN Manager) hash

NTLM (New Technology LAN Manager) hash

Most Linux systems use password-hashing

algorithms such as MD5
Apple Mac OS X uses SHA-1 hashes

Symmetric Cryptographic
Algorithms

Symmetric Cryptographic
Algorithms
Symmetric cryptographic algorithms

Use the same single key to encrypt and

decrypt a message
Also called private key cryptography

Stream cipher

Takes one character and replaces it with one

character
WEP (Wired Equivalent Protocol) is a stream
cipher

Substitution cipher

Substitution Cipher

XOR (eXclusive OR)

With most symmetric ciphers, the final
step is to combine the cipher stream with
the plaintext to create the ciphertext
The process is accomplished through
the exclusive OR (XOR) binary logic
operation
One-time pad (OTP)
Combines a truly random key with the
plaintext

XOR

Block Cipher

Manipulates an entire block of plaintext at one

time
Plaintext message is divided into separate
blocks of 8 to 16 bytes
And then each block is encrypted independently

Stream cipher advantages and disadvantages

Fast when the plaintext is short
More prone to attack because the engine that
generates the stream does not vary

Block ciphers are more secure than stream

ciphers

Information Protections by
Symmetric Cryptography

DES and 3DES

Data Encryption Standard (DES)
Declared as a standard by the U.S
Government
DES is a block cipher and encrypts data in
64-bit blocks
Uses 56-bit key, very insecure
Has been broken many times

Triple Data Encryption Standard (3DES)

Uses three rounds of DES encryption

Effective key length 112 bits
Considered secure

Advanced Encryption Standard

(AES)
Approved by the NIST in late
2000 as a replacement for DES
Official standard for U.S.
Government
Considered secure--has not
been cracked

Animation of AES Algorithm

Other Algorithms
Several other symmetric
cryptographic algorithms are also
used:
Rivest Cipher (RC) family from RC1
to RC6
International Data Encryption
Algorithm (IDEA)
Blowfish
Twofish

Asymmetric Cryptographic
Algorithms

Asymmetric Cryptographic
Algorithms
Asymmetric cryptographic algorithms
Also known as public key
cryptography
Uses two keys instead of one
The public key is known to everyone and
can be freely distributed
The private key is known only to the
recipient of the message

Asymmetric cryptography can also be

used to create a digital signature

Transmitting over an insecure

channel.
Alice wants to send Bob a private message.

Apublic is Alices public key.

Aprivate is Alices private key.
Bpublic is Bobs public key.
Bprivate is Bobs private key.
96

Hello Bob,
Wanna get together?
Alice

encrypt using Bpublic

Bob

decrypt using Bprivate

97

OK Alice,
Your place or mine?
Alice

decrypt using Aprivate

Bob

encrypt using Apublic

98

Bobs Dilemma
Nobody can read the message from
Alice, but anyone could produce it.
How does Bob know that the message
was really sent from Alice?

Bob may be comforted to know that

only Alice can read his reply.
99

Alice can sign her message!

Alice can create a digital signature and
prove she sent the message (or
someone with knowledge of her private
key).
The signature can be a message
digest encrypted with Aprivate.

100

Digital Signature
A digital signature can:
Verify the sender
Prove the integrity of the message
Prevent the sender from disowning
the message (non-repudiation)

A digital signature does not encrypt

the message, it only signs it

Information Protections by
Asymmetric Cryptography

RSA
The most common asymmetric cryptography
algorithm
RSA makes the public and private keys by
multiplying two large prime numbers p and q
To compute their product (n=pq)
It is very difficult to factor the number n to find
p and q
Finding the private key from the public key
would require a factoring operation
RSA is complex and slow, but secure
100 times slower than DES

Diffie-Hellman
A key exchange algorithm, not an
encryption algorithm
Allows two users to share a secret key
securely over a public network
Once the key has been shared
Then both parties can use it to encrypt
and decrypt messages using symmetric
cryptography

HTTPS
Secure Web Pages typically use RSA,
Diffie-Hellman, and a symmetric algorithm
like RC4
RSA is used to send the private key for the
symmetric encryption

RSA Used by eBay

RC4 Used by eBay

Elliptic Curve Cryptography

An elliptic curve is a function drawn on an
X-Y axis as a gently curved line

By adding the values of two points on the

curve, you can arrive at a third point on the
curve

The public aspect of an elliptic curve

cryptosystem is that users share an elliptic
curve and one point on the curve
Not common, but may one day replace
RSA

Using Cryptography on Files

and Disks

Encrypting Files: PGP and

GPG
Pretty Good Privacy (PGP)
One of the most widely used
asymmetric cryptography system for
files and e-mail messages on Windows
systems
GNU Privacy Guard (GPG)
A similar open-source program
PGP and GPG use both asymmetric and
symmetric cryptography

Encrypting Files: Encrypting

File System (EFS)
Part of Windows
Uses the Windows NTFS file system
Because EFS is tightly integrated with the
file system, file encryption and decryption
are transparent to the user
EFS encrypts the data as it is written to
disk
On Macs, Filevault encrypts a user's
home folder

Whole Disk Encryption

Windows BitLocker
A hardware-enabled data encryption feature
Can encrypt the entire Windows volume
Includes Windows system files as well as all user
files

Encrypts the entire system volume, including

the Windows Registry and any temporary files
that might hold confidential information
TrueCrypt
Open-source, free, and can encrypt folders or

Trusted Platform Module (TPM)

A chip on the motherboard of the
computer that provides cryptographic
services
If the computer does not support
hardware-based TPM then the encryption
keys for securing the data on the hard
drive can be stored by BitLocker on a USB
flash drive

Cold Boot Attack

Can defeat all currently available whole
disk encryption techniques (link Ch 11i)

Understanding Cryptographic
Attacks
Sniffing and port scanning are passive
attacks just watching
Active attacks attempt to determine the
secret key being used to encrypt plaintext
Cryptographic algorithms are usually
public
Follows the open-source culture
Except the NSA and CIA and etc.
116

Birthday Attack
If 23 people are in the room, what is the
chance that they all have different
birthdays?
365 364 363 363 361 360
343
x
x
x
x
x
x...
365 365 365 365 365 365
365
= 49%
So theres a 51% chance that two of them
have the same birthday
117

Birthday Attack
If there are N possible hash values,
Youll find collisions when you have
calculated 1.2 x sqrt(N) values

SHA-1 uses a 160-bit key

Theoretically, it would require 280
computations to break
SHA-1 has already been broken, because of
other weaknesses

118

Mathematical Attacks
Properties of the algorithm are attacked by
using mathematical computations
Categories
Ciphertext-only attack
The attacker has the ciphertext of several
messages but not the plaintext
Attacker tries to find out the key and algorithm
used to encrypt the messages
Attacker can capture ciphertext using a sniffer
program such as Ethereal or Tcpdump
119

Mathematical Attacks
Categories
Known plaintext attack
The attacker has messages in both encrypted form
and decrypted forms
This attack is easier to perform than the ciphertextonly attack
Looks for patterns in both plaintext and ciphertext

Chosen-plaintext attack
The attacker has access to plaintext and ciphertext
Attacker has the ability to choose which message
to encrypt
120

Mathematical Attacks
Categories (continued)
Chosen-ciphertext attack
The attacker has access to the ciphertext to be
decrypted and to the resulting plaintext
Attacker needs access to the cryptosystem to
perform this type of attack

121

Brute Force Attack

An attacker tries to guess passwords by
attempting every possible combination of
letters
Requires lots of time and patience
Password-cracking programs that can use
brute force
John the Ripper
Cain and Abel
Ophcrack
Also uses memory to save time Rainbow tables

122

How Many Bits Do You Need?

How many keys could all the computers
on Earth test in a year?
Pentium 4 processor: 109 cycles per second
One year = 3 x 107 seconds
There are less than 1010 computers on Earth
One per person

109 x 3 x 107 x 1010 = 3 x 1026 calculations

128 bits should be enough (3 x 1038 values)
Unless computers get much faster, or someone
breaks the algorithm
123

Man-in-the-Middle Attack
Victim

Attacker

Server

Victim sends public key to Server

Attacker generates two false key pairs
Attacker intercepts the genuine keys and
send false keys out
Both parties send encrypted traffic, but not
with the same keys

These false keys wont be verified by a CA

124

Dictionary Attack
Attacker uses a dictionary of known words
to try to guess passwords
There are programs that can help attackers
run a dictionary attack

Programs that can do dictionary attacks

John the Ripper
Cain and Abel

125

Replay Attack
The attacker captures data and attempts
to resubmit the captured data
The device thinks a legitimate connection is in
effect

If the captured data was logon information,

the attacker could gain access to a system
and be authenticated
Most authentication systems are resistant
to replay attacks
126

Password Cracking
Password cracking is illegal in the United
States
It is legal to crack your own password if you
forgot it

You need the hashed password file

/etc/passwd or /etc/shadow for *NIX
The SAM database in Windows

Then perform dictionary or brute-force

attacks on the file
127

Password cracking programs

John the Ripper
Hydra (THC)
EXPECT
L0phtcrack
Pwdump3v2
Ophcrack does it all for you gathering
the SAM database and cracking it

128