• Search in book...
• Toggle Font Controls
© The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature 2021
A. SheikhCertified Ethical Hacker (CEH) Preparation Guidehttps://doi.org/10.1007/978-1-4842-7258-9_15

# 15. Cryptography

(1)
Miami, FL, USA

Cryptography is the technique of taking plain, legible text and implementing an algorithm to it to encrypt it to produce ciphertext, which seems to be gibberish before it is decrypted. To maintain confidentiality, encryption is used.

In this chapter, you will take a look at the encryption algorithms used today and how you can apply encryption to maintain two of the three security principles—confidentiality and integrity. You will learn about public key cryptography, digital signatures, and how to examine encrypted email.

By the end of this chapter, you will be able to
1. 1.

Recognize public key cryptography.

2. 2.

Identify a digital signature.

3. 3.

Define a message digest.

4. 4.

Define the secure sockets layer (SSL).

5. 5.

Analyze encrypted email.

## Symmetric Encryption

Even for the oldest ciphers, holding a same key is the basis. Both sides need to know the direction and amount of shift being carried out in shift ciphers.

All symmetric algorithms , including the unbreakable, one-time pad method, are based on this shared secret concept. And the challenge with these methods, as stated earlier, is the framework utilized for key management. See Figure 15-1.

## Symmetric Algorithms

You should be familiar with the various symmetric algorithms and their main characteristics. Most of the algorithms listed in Table 15-1 are block ciphers, which means that they operate on a fixed-length group of bits with a fixed, unvarying transformation. If the length of the plaintext message is not a multiple of the length of a block, the plaintext message must be padded. A stream cipher applies a cryptographic key and algorithm to each binary digit in a data stream and can encrypt plaintext messages of variable length.
Table 15-1

Symmetric Algorithms

Symmetric algorithm

Main characteristics

DES

Block cipher with a block size of 64, 56-bit key length

3DES

Uses either two or three keys and involves multiple encryptions which go through the DES algorithm three times

AES

A block cipher that splits the data input into blocks of 128, 192, or 256 bits. The key sizes are 128, 192, and 256 bits, with the key size impacting the number of rounds used in the algorithm

CAST

Uses block size of 64 bits for 64- and 128-bit keys (128-bit block size for the 256-bit key version)

RC6

Runs well on 32-bit computers and is resistant to brute force attacks (128-bit block size, keys sizes: 128, 192, and 256)

RC4

Stream cipher which uses key lengths of 8 to 2048 bits, most vulnerable to possibility of weak keys

Blowfish

Block mode cipher, using 64-bit blocks and a variable key length from 32 to 448 bits. On 32-bit machines, it runs well.

IDEA

Block mode cipher using 64-bit block size and 128-bit key

## Asymmetric Encryption

Asymmetric encryption is also known as public key encryption. This method relies on having a key pair—the public key and a private key. The two keys are mathematically related, but you cannot figure out the private key just because you know someone’s public key.

A key pair gets generated. The public key gets published to a third-party server where others will be able to access it. A user’s private key stays with the user (within the software application, for example). One key locks the plaintext or encrypts it, and the other unlocks the ciphertext or decrypts it. Neither key is able to execute both functions alone. Without compromising security, the public key can be published, whereas the private key must not be disclosed to someone not allowed to read the messages.

For example, say you need to send Blue an encrypted message. You use Blue’s public key, accessed via a third-party server, to encrypt the message, and then you send it to them. Blue uses their private key to decrypt the message. Even if Green intercepted the message, they would not be able to decrypt the message even though they also have access to Blue’s public key. See Figure 15-2 for an illustration.

## Asymmetric Algorithms

Several of the asymmetric algorithms are listed in Table 15-2 along with how they are applied.
Table 15-2

Asymmetric Algorithms

Asymmetric Algorithms

Main Characteristics

RSA

Used for encryption and digital signatures and also uses the product of two very large prime numbers (between 100 and 200 digits long and of equal length)

Diffie-Hellman

An electronic key exchange method of the Secure Sockets Layer (SSL) protocol that enables the sharing of a secret key

ElGamal

Free for use (was never patented) and is used as the U.S. government standard for digital signatures

Elliptic Curve Cryptography (ECC)

Works on the basis of elliptic curves

## Hashing Functions

Hashing functions are used to ensure that a message or data has not changed. In other words, we are talking about maintaining integrity. If you download a program from the Internet, you may see that a message digest value is noted using a particular hashing algorithm. After you download the file, use a hash calculator on that file. Your result should be an exact match to the value provided at the website. If the values are not the same , it means that the file has been tampered with in some way.

## Hash Algorithms

Two widely used hash algorithms are SHA and Message Digest. There are also numerous tools available on the Internet that you can use to calculate hash values for files or character strings.
• SHA: A compression function is applied to data input by an SHA algorithm. It can take up to 264 bits and then compresses it down to a lower number of bits (i.e. 160 bits for SHA-1). Longer versions are recognized as SHA-2 (SHA-256, SHA-384, and SHA-512). A longer hash result implies it is much more difficult to successfully attack.

• Message Digest (MD): MD5 is message digest algorithm that produces a 128-bit hash for a message of any length and divides the message into blocks of 512-bit.

## Cryptography Algorithm Use: Confidentiality

For both stored data and transmitted data, maintaining confidentiality is often essential. Symmetric encryption is preferred in both cases due to its speed and also because the size of the object being encrypted can be greatly increased by certain asymmetric algorithms.

For a stored item, a public key is generally unnecessary since the item is encrypted to secure it against other people’s access. For the transmitted data, public key cryptography is generally used for the exchange of secret key, and symmetric cryptography is then used to maintain confidentiality of the data being transmitted.

Asymmetrical cryptography maintains confidentiality, but its size and speed make it easier to protect small units’ confidentiality for tasks like electronic key exchange. In all cases, the complexity of the algorithms and the length of the keys ensure the confidentiality of the data in question.

The confidentiality of the data stored or transmitted is created and maintained through the use of a cryptography algorithm. Maintaining integrity is an integral part of the security of the message. The hash functions determine the digests of the message, and this ensures the message’s integrity. In addition, the sender of the message can no longer deny that they have sent a message that is significant in the electronic exchanges of data. Finally, authentication enables people prove that they are who they claim they are.

## Cryptography Algorithm Use: Digital Signatures

Hashing functions and asymmetric cryptography are the basis of a digital signature. In signing digital documents, both encryption factors play a vital role. It is really convenient for anyone to change unprotected digital documents. It is essential that any change can be identified if a document is modified after a person signs it. Hashing functions are used to build a digest of the message that is unique and easily reproducible by all parties to defend against document editing. This guarantees that the integrity of the message is complete. See Figure 15-3.

When it comes to online transactions, digital signatures can provide non-repudiation, which is important to ensure that a party to a contract or communication cannot refuse the authenticity of their signature on a paper in the first place. Non-repudiation in this sense relates to the ability to ensure that a party to a contract must acknowledge the authenticity of their signature on a paper.

## Secure Sockets Layer (SSL)

Secure Sockets Layer, or SSL , manages the encryption of information being transmitted over the Internet. SSL uses both asymmetric and symmetric authentication mechanisms and is responsible for carrying out the SSL handshake. The process starts with a request from a client for a secure connection and a response from a server. Both sides need to agree on a widely held protocol.

## SSL Handshake

At the beginning of an SSL session, an SSL handshake is performed, which sets up the cryptographic parameters of the session.
1. 1.

The client sends its SSL version number, cipher settings, and session-specific data to the server.

2. 2.

The server sends the same plus its own certificate. If the resource requested requires client authentication, the server requests the client’s certificate.

3. 3.

The client authenticates using the information it has received.

4. 4.

The client encrypts a seed value with the server’s public key and sends it to the server. If the server requests client authentication, the client also sends the client certificate.

5. 5.

If the server requests client authentication, the server attempts to authenticate the client certificate.

6. 6.

The server uses its private key to decrypt the secret and then generates a master secret.

7. 7.

Both the client and the server use the master secret to generate the session key, a symmetric key.

8. 8.

The client informs server that future messages will be encrypted with the session key.

9. 9.

The server informs the client the same.

Figure 15-4 illustrates the steps listed above. The steps on the side of the client or the server represent the actions taken by each. The arrows also include the numbers of each step listed above to show how the client and server interact when an SSL handshake occurs.

## Secure Shell (SSH)

SSH is the safe alternative for the insecure application of Telnet. Telnet enables users to connect between systems. Though Telnet is still used, it has some disadvantages.

SSH uses an SSH daemon to open a protected transport channel between machines on each end. These daemons initiate contact through TCP port 22 and then communicate in a secure mode over higher ports. One of SSH’s strengths is its support for several different protocols for encryption.

The SSH protocol provides facilities like automatic data encryption, authentication, and data compression. The protocol is designed for flexibility and simplicity, and is explicitly designed to reduce the number of round trips between systems. At connection time, key exchange, public key, symmetric key, message authentication, and hash algorithms all are negotiated. Individual data packet confidentiality is ensured by using the message authentication code that is determined from a shared secret, packet content, and packet sequence number. See Figure 15-5.

## Cryptographic Applications

Pretty Good Privacy (PGP) apps can be incorporated into common email programs to perform most day-to-day encryption tasks by utilizing a combination of symmetric and asymmetric encryption protocols.

One of PGP’s distinctive features is its potential of using both symmetric and asymmetric methods of encryption, leveraging each method’s strengths and also avoiding each method’s weaknesses. Symmetric keys are used for bulk encryption, benefiting from the efficiency and speed of symmetric encryption. The symmetric keys are passed by asymmetric methods, which capitalize on this method’s flexibility.

Cryptographic applications that are used to encrypt data are as follows:
• TrueCrypt is a solution for encryption that is open source. It is intended for symmetric disk-based file encryption. It includes AES ciphers and the ability to construct a deniable volume, encryption stored within encryption, which prevents volume detection. TrueCrypt can carry out file encryption and whole disk encryption. The complete hard drive of a computer, along with the operating system, is encrypted by whole disk encryption.

• FreeOTFE is just like TrueCrypt. As an open source, freely accessible program, it provides on-the-fly disk encryption. It is able to encrypt files up to whole disks with several common ciphers, like AES.

• Gnu Privacy Guard (GnuPG) is an open source implementation of the Pretty Good Privacy (OpenPGP) specification. It’s a public key encryption program that is intended to secure electronic communications like emails. It works in the same way as PGP and provides a method to manage public/private keys. Encryption of the file system has become a standard means of protecting data when in storage. Even hard drives with built-in AES encryption are available.

• BitLocker . Microsoft launched BitLocker with its Encrypting File System (EFS). It is a boot-sector encryption method, which helps protect data on the most recent Windows operating systems. BitLocker uses AES encryption to automatically encrypt all files on the hard drive. All encryption takes place in the background and decryption happens smoothly when data is required. You can store the decryption key in a TPM or on a USB key.

## Attacks Against Cryptography

Asymmetric encryption is also known as public key encryption. This method relies on having a key pair—the public key and a private key. The two keys are mathematically related, but you cannot figure out the private key just because you know someone’s public key.

The process begins by generating a key pair. The public key gets published to a third-party server where others will be able to access it. A user’s private key stays with the user (within the software application, for example). One key locks the plaintext or encrypts it, and the other unlocks the ciphertext or decrypts it. Neither key is able to execute both functions alone. Without compromising security, the public key can be published, whereas the private key must not be disclosed to someone not allowed to read the messages.

For example, say you needed to send Jane an encrypted message. You use Jane’s public key, accessed via a third-party server, to encrypt the message, and then you send it to her. Jane uses her private key to decrypt the message. If Karl intercepted the message, he would not be able to decrypt the message even though he also has access to Jane’s public key.

It is important to be aware of the different types of attacks known to occur against cryptography. Passive attacks occur with the use of Wireshark and tcpdump. Active attacks involve the use of birthday attacks, mathematical attacks, and man-in-the-middle. Advanced attacks include the use of cryptanalysis, brute force attacks, and pattern analysis.

## Encrypting Email

To encrypt messages, a public key is used. By digitally signing an email message, the user may send their public key to some other user. The user can then use the public key given to them by the sender to encrypt messages sent to that sender. See Figure 15-6.

## Summary

In this chapter, you learned that cryptography is a process used to take plain readable text and apply an algorithm to it, encrypting it to create ciphertext. This ciphertext appears unreadable until it is decrypted. You reviewed encryption algorithms, how to apply encryption to ensure confidentiality and integrity, key cryptography, digital signatures, and how to analyze encrypted email.

• No Comment
..................Content has been hidden....................