This document describes an attack that can reveal confidential information from encrypted HTTPS traffic without needing to decrypt it. By analyzing patterns in the lengths of encrypted messages, an attacker can deduce lengths of secret values like passwords that are submitted over HTTPS. The attack works by subtracting known header and field lengths from encrypted message lengths to isolate the length of secrets. Location data from GPS coordinates and IP address ranges can also sometimes be inferred from subtle length variations encrypted data. The paper proposes some mitigation approaches to prevent this kind of traffic analysis, such as padding secrets to a fixed length.
Countermeasure against Timing Attack on SSH Using Random Delay - Arief Karfia...idsecconf
This document proposes adding random delays to packets sent over SSH connections in order to protect against timing attacks. It summarizes that SSH is currently vulnerable to timing attacks where an attacker can analyze inter-keystroke timing to infer passwords. The paper then describes implementing random delays between 0-300 milliseconds added to packets sent in SSH. Evaluations show the standard deviation of inter-keystroke times increases by about 14% after adding random delays, destroying the statistical patterns needed for successful timing attacks. The paper concludes random delays effectively counter timing attacks on SSH by randomizing inter-keystroke timing statistics.
Cryptography is an essential part of today's information systems and helps provide security, accountability, and confidentiality. There are three main types of cryptographic algorithms: secret key cryptography which uses a single key, public key cryptography which uses different keys for encryption and decryption, and hash functions which use a mathematical transformation to encrypt information. A hybrid cryptographic scheme combines these techniques to securely transmit messages with a digital envelope for encryption and a digital signature for authentication and integrity.
This document provides an overview of cryptography. It defines cryptography as the practice of securing communications through codes and algorithms. The document then discusses features of cryptography like confidentiality and integrity. It provides an example of a basic cryptography technique using a letter substitution cipher. Additionally, it outlines different types of ciphers and cryptography techniques, including symmetric key cryptography, hash functions, and asymmetric key cryptography. The document aims to introduce fundamental concepts in the field of cryptography.
TakeDownCon Rocket City: Cryptanalysis by Chuck Easttom EC-Council
Cryptanalysis involves attempting to decrypt encrypted messages without access to the encryption key. It is difficult and not guaranteed to work. There are different levels of success for cryptanalysis attacks including fully deducing the key or gaining some information without the key. Common cryptanalysis techniques include frequency analysis, known/chosen plaintext attacks, related-key attacks, linear cryptanalysis, and differential cryptanalysis. These techniques aim to exploit weaknesses in encryption algorithms and reduce the number of possible keys rather than using brute force.
This document provides an overview of applied cryptography. It begins with definitions of cryptography and discusses techniques like Caesar ciphers and attacks on those ciphers. It then covers cryptographic objectives of confidentiality, integrity, authenticity and non-repudiation. The document summarizes hash functions, symmetric cryptography using keys, asymmetric cryptography using public/private key pairs, digital signatures, and authentication techniques. It provides examples of encrypting and decrypting messages as well as generating and verifying digital signatures for sender authentication and message integrity.
Introduction to Cryptography and the Public Key InfrastructureMike Gates
A white paper introducing the basics of cryptography and the Public Key Infrastructure (PKI). Those just getting into the arena of cybersecurity or those just simply curious about the topic will likely learn something new.
Countermeasure against Timing Attack on SSH Using Random Delay - Arief Karfia...idsecconf
This document proposes adding random delays to packets sent over SSH connections in order to protect against timing attacks. It summarizes that SSH is currently vulnerable to timing attacks where an attacker can analyze inter-keystroke timing to infer passwords. The paper then describes implementing random delays between 0-300 milliseconds added to packets sent in SSH. Evaluations show the standard deviation of inter-keystroke times increases by about 14% after adding random delays, destroying the statistical patterns needed for successful timing attacks. The paper concludes random delays effectively counter timing attacks on SSH by randomizing inter-keystroke timing statistics.
Cryptography is an essential part of today's information systems and helps provide security, accountability, and confidentiality. There are three main types of cryptographic algorithms: secret key cryptography which uses a single key, public key cryptography which uses different keys for encryption and decryption, and hash functions which use a mathematical transformation to encrypt information. A hybrid cryptographic scheme combines these techniques to securely transmit messages with a digital envelope for encryption and a digital signature for authentication and integrity.
This document provides an overview of cryptography. It defines cryptography as the practice of securing communications through codes and algorithms. The document then discusses features of cryptography like confidentiality and integrity. It provides an example of a basic cryptography technique using a letter substitution cipher. Additionally, it outlines different types of ciphers and cryptography techniques, including symmetric key cryptography, hash functions, and asymmetric key cryptography. The document aims to introduce fundamental concepts in the field of cryptography.
TakeDownCon Rocket City: Cryptanalysis by Chuck Easttom EC-Council
Cryptanalysis involves attempting to decrypt encrypted messages without access to the encryption key. It is difficult and not guaranteed to work. There are different levels of success for cryptanalysis attacks including fully deducing the key or gaining some information without the key. Common cryptanalysis techniques include frequency analysis, known/chosen plaintext attacks, related-key attacks, linear cryptanalysis, and differential cryptanalysis. These techniques aim to exploit weaknesses in encryption algorithms and reduce the number of possible keys rather than using brute force.
This document provides an overview of applied cryptography. It begins with definitions of cryptography and discusses techniques like Caesar ciphers and attacks on those ciphers. It then covers cryptographic objectives of confidentiality, integrity, authenticity and non-repudiation. The document summarizes hash functions, symmetric cryptography using keys, asymmetric cryptography using public/private key pairs, digital signatures, and authentication techniques. It provides examples of encrypting and decrypting messages as well as generating and verifying digital signatures for sender authentication and message integrity.
Introduction to Cryptography and the Public Key InfrastructureMike Gates
A white paper introducing the basics of cryptography and the Public Key Infrastructure (PKI). Those just getting into the arena of cybersecurity or those just simply curious about the topic will likely learn something new.
This document discusses cryptography concepts including encryption, decryption, symmetric and asymmetric encryption algorithms, cryptographic hashes, and protocols. It defines cryptography as securing and controlling access to actual data. It explains how encryption works using a cipher text, plain text and encryption/decryption functions. Symmetric encryption uses the same key for encryption and decryption while asymmetric encryption uses a public key to encrypt and private key to decrypt. Common symmetric algorithms include AES and common asymmetric algorithms include RSA and Diffie-Hellman. Cryptographic hashes like SHA-1 produce a fixed-length digest from a message. Protocols specify the full set of steps for cryptographic activities while algorithms are the data transformations. Digital signatures encrypt data with a private key that can
Encryption works by encoding information in such a way that only those with the key can decode it. There are two main types: symmetric-key encryption where both parties have the same key, and public-key encryption where each party has a public and private key. Popular encryption standards and protocols include AES, SSL/TLS, and algorithms like DES which use varying length encryption keys to encrypt data for transmission.
This document provides an overview of cryptographic techniques, including:
- Basic terminology related to cryptography like plaintext, ciphertext, encryption, decryption, etc.
- Conventional encryption principles like the use of algorithms and secret keys.
- Characteristics of cryptographic techniques like symmetric vs asymmetric encryption.
- Classical symmetric encryption algorithms like the Caesar cipher, monoalphabetic cipher, Playfair cipher, polyalphabetic ciphers like the Vigenère cipher, and transposition ciphers.
- Principles of modern block ciphers like DES, including the use of Feistel networks, confusion and diffusion properties, and encryption/decryption processes.
Cryptography is the practice of protecting information by converting it into an unreadable format. Only using a secret key can the information be converted back to a readable format. Throughout history, different encryption techniques have been developed including the Caesar cipher, the Vigenere cipher, and public key cryptography developed by Diffie and Hellman. Modern cryptography is used for purposes such as authentication, electronic money, secure network communication, anonymous remailers, and disk encryption. However, widespread use of unbreakable encryption could enable criminal activity and threaten national security and business interests.
Information Security Cryptography ( L03- Old Cryptography Algorithms )Anas Rock
This document discusses old encryption algorithms from the classical method of cryptography, including replacement algorithms, the Caesar cipher, Vigenere cipher, Atbash cipher, and Affine cipher. It also describes the Jefferson cylinder, one of the strongest encryption devices of the time which was nearly unbreakable without stealing the entire device.
Cryptography is the science of using mathematics to encrypt and decrypt data to enable secure storage and transmission of sensitive information. It involves using a key to convert plaintext into ciphertext that can only be read by the intended recipient. There are two main types: symmetric key cryptography which uses the same key for encryption and decryption and is faster, and asymmetric key cryptography which uses two different keys and is more secure but also more complex. Cryptography ensures confidentiality, authentication, integrity, access control and availability of data through techniques like substitution and transposition ciphers.
This document summarizes a research paper on deniable encryption. The paper proposes a receiver-deniable public key encryption scheme with the following properties:
1) It is a one-move scheme that does not require any pre-encryption communication between the sender and receiver.
2) It does not require any pre-shared secrets between parties.
3) It provides strong deniability equivalent to factoring a large composite number.
4) It has no decryption errors.
5) It significantly improves bandwidth efficiency compared to previous schemes.
The proposed scheme uses a mediated RSA infrastructure and relies on oblivious transfer between the receiver and security mediator to enable deniability for the receiver.
Research trends review on RSA scheme of asymmetric cryptography techniquesjournalBEEI
One of the cryptography classifications is asymmetric cryptography, which uses two different keys to encrypt and decrypt the message. This paper discusses a review of RSA scheme of asymmetric cryptography techniques. It is trying to present the domains of RSA scheme used including in public network, wireless sensor network, image encryption, cloud computing, proxy signature, Internet of Things and embedded device, based on the perspective of researchers’ effort in the last decade. Other than that, this paper reviewed the trends and the performance metrics of RSA scheme such as security, speed, efficiency, computational complexity and space based on the number of researches done. Finally, the technique and strengths of the proposed scheme are also stated in this paper.
The document proposes tweaks to the Nymble system to improve its efficiency in handling adversaries on anonymizing networks. The Nymble system uses a series of routers to hide a user's IP address, but this causes high computation overhead. The proposed tweaks use a series of mix servers and proxy repositories instead of routers to hide IP addresses. This reduces the number of algorithms needed to synchronize target servers from 16 to 10, lowering computation costs. The tweaks also extend the Pseudonym Manager to allocate proxies instead of hiding IP addresses. This mix server-based approach improves anonymization network efficiency while still effectively identifying misbehaving users.
The document discusses research approaches in cryptography. It outlines objectives to analytically study existing cryptographic systems and algorithms, compare their time and space complexity, and simulate vulnerabilities to cryptanalytic attacks. Common network attacks like wiretapping and denial of service are described along with solutions like encryption, authentication, and integrity checking. The RSA and Caesar ciphers are explained along with their encryption/decryption steps. MATLAB was used to implement RSA and Caesar and compare their time complexity.
The document discusses the history and concepts of cryptography, especially in the context of e-commerce. It explains how cryptography evolved from ancient times to modern applications. Symmetric and asymmetric encryption methods are described, including how public/private key pairs work. Digital signatures are introduced as a way to provide authentication, integrity, and non-repudiation for electronic transactions.
Cryptanalysis refers to analyzing encrypted messages to find weaknesses without knowing the encryption key. It involves different types of attacks like known plaintext attacks where the cryptanalyst has samples of plaintext and its encrypted version. The goal of cryptanalysis is to break security systems, while cryptographers aim to develop strong systems. Cryptanalysts use techniques like guessing plaintext to analyze encrypted messages in known plaintext attacks.
Efficient Coercion Resistant Public Key EncryptionCSCJournals
The notion of deniable encryption has been known in the literature since its introduction in [1] as coercion resistant encryption schemes that allow the user (sender and/or receiver) to escape a coercion attempted by a coercive adversary. The schemes allow the user to open fake message(s) to the coercer that when verified gives the same ciphertext as the true message, while the receiver is always able to decrypt for the true message. In this paper we focus on sender-incoercible encryption. The contribution of this paper is two-fold. First, we introduce a new classification of services that could be provided by coercion-resistant encryption showing that all previously proposed deniable PKE schemes fall in the category of unplanned incoercible PKE assuming the user is non-collaborative and do not satisfy the requirements for deniable encryption. Then we inspect, refine and improve the sender-incoercible PKE introduced in [2]. Our new scheme achieves constant transmission rate where the size of the plaintext may be calibrated to be sufficiently large i.e. the scheme encrypts arbitrary length messages without a blowup expansion in the ciphertext while the size of the ciphertext grows linearly with the number of fake messages.
IRJET- A Review on Implementation Techniques of Blockchain Enabled Smart Cont...IRJET Journal
This document provides a summary of blockchain and smart contracts for document verification. It discusses how blockchain uses cryptography and smart contracts to allow for verification of digital documents like degrees in a decentralized manner. Blockchain provides trust, autonomy, and integrity for such a system by storing document hashes and details securely on the distributed ledger. Smart contracts can then enable functions for users to validate certificates and degrees stored on the blockchain to avoid fraud.
Basic Talk. 90 minute talk to an audience of Freshmen and Sophomores of IIT Bombay on 23/02/10 as a part of Science Week. Organised by Web and Coding Club. Place: GG 101 (Elec Department)
This document provides background information about the author Donavon Norwood and discusses how to use public key authentication with SSH. It begins with an introduction to cryptography and authentication methods. It then explains how to generate an RSA key pair for SSH on the client and server. The document demonstrates commands to generate keys for users Bob and Alice on their clients and the server, and discusses how SSH uses public key cryptography to authenticate clients without passwords.
This document provides an overview of encryption, including its history, types, methods, and uses. It discusses how encryption works by converting plain text into ciphertext using algorithms and keys. The main types of encryption covered are manual, transparent, symmetric, and asymmetric encryption. Symmetric encryption uses one key while asymmetric uses public and private keys. Encryption methods fall into two categories: stream encryption which encrypts text character by character, and block cipher encryption which encrypts in blocks. Encryption is used to protect information on computers and in transit, as well as for confidential medical and transaction records, emails, and digital signatures.
Cryptography is the science of securing communication and information. It involves encrypting data using mathematical algorithms and decrypting it using keys. The main types of cryptography are symmetric key which uses a shared key for encryption and decryption, and asymmetric or public key which uses separate public and private keys.
RSA is a commonly used public key algorithm. It generates a public and private key pair, where the public key is used to encrypt messages and the private key decrypts them. Digital signatures authenticate messages using public key cryptography and allow message verification through signature validation.
Hash functions are mathematical transformations that map data into fixed size outputs. They are commonly used in digital signatures to hash message contents. Popular hash functions include MD5, SHA
Ag Communication at NDSU wants to create an online photo library on Flickr for educational materials. Users can upload photos to their personal Flickr accounts and tag them so they can be found by searching the "NDSU Ag Communication" group page. Instructions are provided on setting up a Flickr account, uploading photos, adding descriptions, tags, and licensing, and submitting photos to the group page for the library.
A recent study by TechnoServe found that the Cup of Excellence specialty coffee competition has had a significant economic impact in Brazil and Honduras since 1999, generating $137 million in benefits for Brazil and $25 million for Honduras through increased auction sales, direct trade, and specialty coffee trade. The competition has improved quality, raised profiles of origins, and incentivized investments in processing and quality that have expanded specialty coffee sectors in both countries. COE has played a major role in transforming perceptions of Brazil and Honduras from commodity producers to respected specialty coffee origins.
This document discusses cryptography concepts including encryption, decryption, symmetric and asymmetric encryption algorithms, cryptographic hashes, and protocols. It defines cryptography as securing and controlling access to actual data. It explains how encryption works using a cipher text, plain text and encryption/decryption functions. Symmetric encryption uses the same key for encryption and decryption while asymmetric encryption uses a public key to encrypt and private key to decrypt. Common symmetric algorithms include AES and common asymmetric algorithms include RSA and Diffie-Hellman. Cryptographic hashes like SHA-1 produce a fixed-length digest from a message. Protocols specify the full set of steps for cryptographic activities while algorithms are the data transformations. Digital signatures encrypt data with a private key that can
Encryption works by encoding information in such a way that only those with the key can decode it. There are two main types: symmetric-key encryption where both parties have the same key, and public-key encryption where each party has a public and private key. Popular encryption standards and protocols include AES, SSL/TLS, and algorithms like DES which use varying length encryption keys to encrypt data for transmission.
This document provides an overview of cryptographic techniques, including:
- Basic terminology related to cryptography like plaintext, ciphertext, encryption, decryption, etc.
- Conventional encryption principles like the use of algorithms and secret keys.
- Characteristics of cryptographic techniques like symmetric vs asymmetric encryption.
- Classical symmetric encryption algorithms like the Caesar cipher, monoalphabetic cipher, Playfair cipher, polyalphabetic ciphers like the Vigenère cipher, and transposition ciphers.
- Principles of modern block ciphers like DES, including the use of Feistel networks, confusion and diffusion properties, and encryption/decryption processes.
Cryptography is the practice of protecting information by converting it into an unreadable format. Only using a secret key can the information be converted back to a readable format. Throughout history, different encryption techniques have been developed including the Caesar cipher, the Vigenere cipher, and public key cryptography developed by Diffie and Hellman. Modern cryptography is used for purposes such as authentication, electronic money, secure network communication, anonymous remailers, and disk encryption. However, widespread use of unbreakable encryption could enable criminal activity and threaten national security and business interests.
Information Security Cryptography ( L03- Old Cryptography Algorithms )Anas Rock
This document discusses old encryption algorithms from the classical method of cryptography, including replacement algorithms, the Caesar cipher, Vigenere cipher, Atbash cipher, and Affine cipher. It also describes the Jefferson cylinder, one of the strongest encryption devices of the time which was nearly unbreakable without stealing the entire device.
Cryptography is the science of using mathematics to encrypt and decrypt data to enable secure storage and transmission of sensitive information. It involves using a key to convert plaintext into ciphertext that can only be read by the intended recipient. There are two main types: symmetric key cryptography which uses the same key for encryption and decryption and is faster, and asymmetric key cryptography which uses two different keys and is more secure but also more complex. Cryptography ensures confidentiality, authentication, integrity, access control and availability of data through techniques like substitution and transposition ciphers.
This document summarizes a research paper on deniable encryption. The paper proposes a receiver-deniable public key encryption scheme with the following properties:
1) It is a one-move scheme that does not require any pre-encryption communication between the sender and receiver.
2) It does not require any pre-shared secrets between parties.
3) It provides strong deniability equivalent to factoring a large composite number.
4) It has no decryption errors.
5) It significantly improves bandwidth efficiency compared to previous schemes.
The proposed scheme uses a mediated RSA infrastructure and relies on oblivious transfer between the receiver and security mediator to enable deniability for the receiver.
Research trends review on RSA scheme of asymmetric cryptography techniquesjournalBEEI
One of the cryptography classifications is asymmetric cryptography, which uses two different keys to encrypt and decrypt the message. This paper discusses a review of RSA scheme of asymmetric cryptography techniques. It is trying to present the domains of RSA scheme used including in public network, wireless sensor network, image encryption, cloud computing, proxy signature, Internet of Things and embedded device, based on the perspective of researchers’ effort in the last decade. Other than that, this paper reviewed the trends and the performance metrics of RSA scheme such as security, speed, efficiency, computational complexity and space based on the number of researches done. Finally, the technique and strengths of the proposed scheme are also stated in this paper.
The document proposes tweaks to the Nymble system to improve its efficiency in handling adversaries on anonymizing networks. The Nymble system uses a series of routers to hide a user's IP address, but this causes high computation overhead. The proposed tweaks use a series of mix servers and proxy repositories instead of routers to hide IP addresses. This reduces the number of algorithms needed to synchronize target servers from 16 to 10, lowering computation costs. The tweaks also extend the Pseudonym Manager to allocate proxies instead of hiding IP addresses. This mix server-based approach improves anonymization network efficiency while still effectively identifying misbehaving users.
The document discusses research approaches in cryptography. It outlines objectives to analytically study existing cryptographic systems and algorithms, compare their time and space complexity, and simulate vulnerabilities to cryptanalytic attacks. Common network attacks like wiretapping and denial of service are described along with solutions like encryption, authentication, and integrity checking. The RSA and Caesar ciphers are explained along with their encryption/decryption steps. MATLAB was used to implement RSA and Caesar and compare their time complexity.
The document discusses the history and concepts of cryptography, especially in the context of e-commerce. It explains how cryptography evolved from ancient times to modern applications. Symmetric and asymmetric encryption methods are described, including how public/private key pairs work. Digital signatures are introduced as a way to provide authentication, integrity, and non-repudiation for electronic transactions.
Cryptanalysis refers to analyzing encrypted messages to find weaknesses without knowing the encryption key. It involves different types of attacks like known plaintext attacks where the cryptanalyst has samples of plaintext and its encrypted version. The goal of cryptanalysis is to break security systems, while cryptographers aim to develop strong systems. Cryptanalysts use techniques like guessing plaintext to analyze encrypted messages in known plaintext attacks.
Efficient Coercion Resistant Public Key EncryptionCSCJournals
The notion of deniable encryption has been known in the literature since its introduction in [1] as coercion resistant encryption schemes that allow the user (sender and/or receiver) to escape a coercion attempted by a coercive adversary. The schemes allow the user to open fake message(s) to the coercer that when verified gives the same ciphertext as the true message, while the receiver is always able to decrypt for the true message. In this paper we focus on sender-incoercible encryption. The contribution of this paper is two-fold. First, we introduce a new classification of services that could be provided by coercion-resistant encryption showing that all previously proposed deniable PKE schemes fall in the category of unplanned incoercible PKE assuming the user is non-collaborative and do not satisfy the requirements for deniable encryption. Then we inspect, refine and improve the sender-incoercible PKE introduced in [2]. Our new scheme achieves constant transmission rate where the size of the plaintext may be calibrated to be sufficiently large i.e. the scheme encrypts arbitrary length messages without a blowup expansion in the ciphertext while the size of the ciphertext grows linearly with the number of fake messages.
IRJET- A Review on Implementation Techniques of Blockchain Enabled Smart Cont...IRJET Journal
This document provides a summary of blockchain and smart contracts for document verification. It discusses how blockchain uses cryptography and smart contracts to allow for verification of digital documents like degrees in a decentralized manner. Blockchain provides trust, autonomy, and integrity for such a system by storing document hashes and details securely on the distributed ledger. Smart contracts can then enable functions for users to validate certificates and degrees stored on the blockchain to avoid fraud.
Basic Talk. 90 minute talk to an audience of Freshmen and Sophomores of IIT Bombay on 23/02/10 as a part of Science Week. Organised by Web and Coding Club. Place: GG 101 (Elec Department)
This document provides background information about the author Donavon Norwood and discusses how to use public key authentication with SSH. It begins with an introduction to cryptography and authentication methods. It then explains how to generate an RSA key pair for SSH on the client and server. The document demonstrates commands to generate keys for users Bob and Alice on their clients and the server, and discusses how SSH uses public key cryptography to authenticate clients without passwords.
This document provides an overview of encryption, including its history, types, methods, and uses. It discusses how encryption works by converting plain text into ciphertext using algorithms and keys. The main types of encryption covered are manual, transparent, symmetric, and asymmetric encryption. Symmetric encryption uses one key while asymmetric uses public and private keys. Encryption methods fall into two categories: stream encryption which encrypts text character by character, and block cipher encryption which encrypts in blocks. Encryption is used to protect information on computers and in transit, as well as for confidential medical and transaction records, emails, and digital signatures.
Cryptography is the science of securing communication and information. It involves encrypting data using mathematical algorithms and decrypting it using keys. The main types of cryptography are symmetric key which uses a shared key for encryption and decryption, and asymmetric or public key which uses separate public and private keys.
RSA is a commonly used public key algorithm. It generates a public and private key pair, where the public key is used to encrypt messages and the private key decrypts them. Digital signatures authenticate messages using public key cryptography and allow message verification through signature validation.
Hash functions are mathematical transformations that map data into fixed size outputs. They are commonly used in digital signatures to hash message contents. Popular hash functions include MD5, SHA
Ag Communication at NDSU wants to create an online photo library on Flickr for educational materials. Users can upload photos to their personal Flickr accounts and tag them so they can be found by searching the "NDSU Ag Communication" group page. Instructions are provided on setting up a Flickr account, uploading photos, adding descriptions, tags, and licensing, and submitting photos to the group page for the library.
A recent study by TechnoServe found that the Cup of Excellence specialty coffee competition has had a significant economic impact in Brazil and Honduras since 1999, generating $137 million in benefits for Brazil and $25 million for Honduras through increased auction sales, direct trade, and specialty coffee trade. The competition has improved quality, raised profiles of origins, and incentivized investments in processing and quality that have expanded specialty coffee sectors in both countries. COE has played a major role in transforming perceptions of Brazil and Honduras from commodity producers to respected specialty coffee origins.
Furure of project management: Integration and LeadershipRoman Slivka
Short abstract of the key note delivered at konfrencepm.cz at May 17th, 2016. The note is in Czech language.
The future of project management is defined by our past experience. We should learn from great leaders, this will help us to better understand what would be required in the future.
First element of successful future project manager is ability to integrate. Ability to see big picture, be able to deliver business value, and strategic thinking.
Next element is leadership, which is not only about ability to lead team, but being able to develop skills of individual team members. We should not forget about communication skills (active listening, negotiation, social media, etc.)
Last, but not least, is the profession itself. Which means ability to perform everyday duties of project managers.
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over the internet. They allow for confidentiality, integrity, and authentication between two applications communicating over TCP. SSL/TLS works by encrypting the segments of TCP connections above the transport layer through the use of symmetric and asymmetric cryptography. It establishes a secure channel over an insecure network such as the internet.
A brute force attack is a trial-and-error method to decrypt encrypted data like passwords by exhaustively checking all possible combinations without using any intelligent strategies. It is always successful eventually but can require billions of years for systems with long keys. Tools like Brutus and THC-Hydra are used to perform brute force attacks against network services to guess passwords stored in dictionaries. Session IDs, files/directories, credit card information, and password retrieval questions are also potential targets of brute force attacks. While processing intensive, brute force does not require much setup but can take a very long time.
A brute force attack is a trial-and-error method to decrypt encrypted data like passwords by exhaustively checking all possible combinations without using any intelligent strategies. It is always successful eventually but can require billions of years for systems with long keys. Tools like Brutus and THC-Hydra are used to perform brute force attacks against network services to guess passwords stored in dictionaries. Session IDs, files/directories, credit card information, and password retrieval questions are also potential targets of brute force attacks. While processing intensive, brute force does not require much setup but can take a very long time.
This paper analyzes vulnerabilities of the SSL/TLS
Handshake
protocol
, which
is
responsible
for
authentication of
the parties in the
communication
and
negotiation of
security parameters
that
will be used
to protect
confidentiality and
integrity of the
data
. It
will
be
analyzed the
attacks
against the implementation of Handshake
protocol, as well as the
attacks against the other
elements
necessary to SSL/TLS protocol to discover security
flaws that were exploited, modes of
attack, the potential consequences, but also studyi
ng methods of defense
.
All versions of the
protocol are going to be the subject of the researc
h but
emphasis will be placed
on the critical
attack that
the most endanger the safety of data.
The goal of
the research
is
to point out the
danger of
existence
of at least
vulnerability
in the SSL/TLS protocol
, which
can be exploited
and
endanger the safety of
the data
that should be protected.
This paper analyzes vulnerabilities of the SSL/TLS Handshake protocol, which is responsible for authentication of the parties in the communication and negotiation of security parameters that will be used to protect confidentiality and integrity of the data. It will be analyzed the attacks against the implementation of Handshake protocol, as well as the attacks against the other
elements necessary to SSL/TLS protocol to discover security flaws that were exploited, modes of
attack, the potential consequences, but also studying methods of defense. All versions of the
protocol are going to be the subject of the research but emphasis will be placed on the critical attack that the most endanger the safety of data. The goal of the research is to point out the
danger of existence of at least vulnerability in the SSL/TLS protocol, which can be exploited and endanger the safety of the data that should be protected.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
The document provides an overview of the Secure Sockets Layer (SSL) protocol. It discusses SSL's goals of providing confidentiality, integrity, and authentication for network communications. It describes the SSL handshake process, where the client and server authenticate each other and negotiate encryption parameters before transmitting application data. It also discusses SSL applications like securing web traffic and online payments. The document concludes that SSL is vital for web security and ensures user confidentiality and integrity.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Transport Layer Security (TLS) is the successor to the Secure Sockets Layer (SSL) protocol. TLS ensures privacy and security between communicating applications and users on the internet by preventing eavesdropping, tampering, and message forgery. It works by having the client and server negotiate a cipher suite and protocol version to use to securely transmit encrypted messages. This establishes a secure channel over an unsecured network like the internet to provide confidentiality, integrity, and authentication of communications.
Deciphering Malware’s use of TLS (withoutDecryption)Blak.docxedwardmarivel
Deciphering Malware’s use of TLS (without
Decryption)
Blake Anderson
Cisco
[email protected]
Subharthi Paul
Cisco
[email protected]
David McGrew
Cisco
[email protected]
Abstract—The use of TLS by malware poses new challenges
to network threat detection because traditional pattern-matching
techniques can no longer be applied to its messages. However,
TLS also introduces a complex set of observable data features
that allow many inferences to be made about both the client
and the server. We show that these features can be used to
detect and understand malware communication, while at the same
time preserving the privacy of benign uses of encryption. These
data features also allow for accurate malware family attribution
of network communication, even when restricted to a single,
encrypted flow.
To demonstrate this, we performed a detailed study of how
TLS is used by malware and enterprise applications. We provide
a general analysis on millions of TLS encrypted flows, and a
targeted study on 18 malware families composed of thousands
of unique malware samples and ten-of-thousands of malicious
TLS flows. Importantly, we identify and accommodate the bias
introduced by the use of a malware sandbox. The performance
of a malware classifier is correlated with a malware family’s use
of TLS, i.e., malware families that actively evolve their use of
cryptography are more difficult to classify.
We conclude that malware’s usage of TLS is distinct from
benign usage in an enterprise setting, and that these differences
can be effectively used in rules and machine learning classifiers.
I. INTRODUCTION
Encryption is necessary to protect the privacy of end users.
In a network setting, Transport Layer Security (TLS) is the
dominant protocol to provide encryption for network traffic.
While TLS obscures the plaintext, it also introduces a complex
set of observable parameters that allow many inferences to be
made about both the client and the server.
Legitimate traffic has seen a rapid adoption of the TLS
standard over the past decade, with some studies stating that
as much as 60% of network traffic uses TLS [1]. Unfortunately,
malware has also adopted TLS to secure its communication. In
our dataset, ∼10% of the malware samples use TLS. This trend
makes threat detection more difficult because it renders the
use of deep packet inspection (DPI) ineffective. It is important
to determine whether encrypted network traffic is benign or
malicious, and do so in a way that preserves the integrity of
the encryption. And while 10% of malware samples utilizing
TLS seems low, we make the assumption that this number will
increase as the level of encryption in network traffic increases.
Along these lines, we have seen a slight, but statistically
significant, increase in malicious, encrypted traffic over the
past 12 months.
To further motivate the need for a study exposing mal-
ware’s use of TLS, we consider the limitations of a pattern-
matching approach when faced with TLS, .
Module 2 Lectures 4 hrs.
Cryptography and Cryptanalysis: Introduction to Cryptography, Symmetric key
Cryptography, Asymmetric key Cryptography, Message Authentication, Digital Signatures,
Applications of Cryptography. Overview of Firewalls- Types of Firewalls, User
Management, VPN Security, Security Protocols: - security at the Application Layer- PGP
and S/MIME, Security at Transport Layer- SSL and TLS, Security at Network Layer-IPSec.
Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, OpenSSL,
Hash
Values Calculations MD5, SHA1, SHA256, SHA 512, Steganography (Stools)
This document provides an overview of cyber security topics including cryptography, cryptanalysis, symmetric and asymmetric key cryptography, hashing, digital signatures, firewalls, user management, and virtual private networks (VPNs). It defines these terms and concepts, compares different techniques like symmetric vs asymmetric cryptography, and packet filtering vs stateful inspection firewalls. The document also discusses the importance of using firewalls and how VPNs can provide privacy and anonymity online.
The document summarizes a vulnerability in the TLS and SSLv3 protocols that allows an attacker to inject arbitrary plaintext into TLS connections by exploiting the TLS renegotiation mechanism. It describes three methods of exploiting this vulnerability for HTTPS connections: 1) injecting commands using unfinished POST requests, 2) downgrading HTTPS to HTTP to enable man-in-the-middle attacks, and 3) injecting responses using the HTTP TRACE method. The vulnerability also affects other protocols that use TLS like SMTP, FTPS, and EAP-TLS. Solutions proposed include an IETF patch to TLS and disabling TLS renegotiation on servers.
Day by day as the complexity in the Internet increasing the vulnerabilities about the security is also increasing. So the knowledge about these flaws has to be spread. So this report discuss about the one of the vulnerability that exists for a long time called ‘Heartbleed’. The purpose of this report is to create awareness about the Heartbleed vulnerability in OpenSSL Library, using which attackers can get access to passwords, private keys or any encrypted data. It explains how Heartbleed works, what code causes data leakage and explains the resolution with code fix. It also explains perform how to perform heartbeat attack.
The document discusses web security considerations and threats. It provides 3 levels at which security can be implemented - at the IP level using IPSec, at the transport level using SSL/TLS, and at the application level using protocols like SET. SSL/TLS works by establishing an encrypted channel between the client and server for secure communication. It uses handshake, change cipher spec, and alert protocols for negotiation and management of the secure session. Common web security threats include eavesdropping, message modification, denial of service attacks, and impersonation which can be mitigated using encryption, authentication and other cryptographic techniques.
TLS protocol provides transport layer security for internet applications by securing communications between clients and servers. It establishes an encrypted connection through a handshake that negotiates encryption algorithms and authentication, then uses symmetric encryption and message authentication codes to provide confidentiality and integrity for data transfer. TLS has evolved through several versions to strengthen security and address weaknesses in cryptographic algorithms.
Decrypting web proxies allow enterprises to inspect encrypted traffic but undermine the security assumptions of TLS. While they can help detect threats, they break TLS authentication and confidentiality without all parties' consent. The legal and ethical implications are unclear. Full disclosure and user opt-in are recommended to balance security and privacy concerns.
7/22/2019 TestOut LabSim
https://cdn.testout.com/client-v5-1-10-563/startlabsim.html 1/3
9.2.2 Advanced Cryptography Facts9.2.2 Advanced Cryptography Facts
Advanced cryptography includes the following:
Concepts Definition
Encrypting
The purpose of encryption is obfuscation, making a message obscure so it is difficult to read.
Cryptographic service providers (CSPs) are software libraries that can be used to enhance encryption. Applications can use
these libraries to help secure email and provide strong user authentication.
Key
Exchange
The sender of an encrypted message encrypts a message with a key. Then the message receiver must decrypt the message with a key.
Key families include:
Symmetric. A symmetric key is where the sender uses a private key to encrypt a message. Then the recipient uses that same
private key to decrypt it.
Asymmetric. An asymmetric key is where the sender's key and receiver's key are different for the encryption and decryption
processes.
Key length is the number of bits used in a key by a cryptographic algorithm and can determine the strength.
Modes of
Operation
Modes of operations include:
Block Cipher: Provides confidentiality and authenticity services. A block cipher can encrypt or decrypt one fixed-length
block. It encrypts or decrypts one large chunk of data (or block) at a time, often combining blocks for additional security.
Block ciphers are more useful when the amount of data is known.
Cipher Block Chaining (CBC): A plaintext block is combined with the previous cipher text block, and the result is
encrypted with the key.
Cipher Feedback (CFB): Each cipher text block is fed back into the encryption and then used to encrypt the next plaintext
block.
Output Feedback (OFB): The output blocks are fed back into the block cipher. These blocks then make strings of bits to
feed the encryption algorithm, acting as the key generator.
Counter (CTR): Both the sender and recipient access a reliable counter that computes a new shared value each time a
ciphertext block is exchanged. The counter needs to be synchronized between both parties.
Galois/Counter Mode (GCM): A variation of the Counter mode, GCM throughput rates do not require high performance
hardware to produce acceptable high speed communication channels.
Output
The output from a cryptographic process may exhibit the following:
A simple character change in the plaintext will cause several characters to change in the cipher text. This is called diffusion.
When two different inputs to a cryptographic function produce the same output, this is called a collision. Collisions are not
common, but can occur.
Digital
Signature
A digital signature is a mathematical scheme for demonstrating the authenticity of digital message or document. A valid digital
signature gives a message credibility, guaranteeing the recipient that the message has not been tampered with in transit.
Things to consider when choosing your cryptographic methods:
Concept Definition
L ...
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that secure internet connections between clients and servers. SSL was originally developed by Netscape in the 1990s to provide HTTPS secure connections for web browsing. It uses public/private key encryption and digital certificates to authenticate servers and establish encrypted connections to securely transmit data over TCP/IP networks like the internet. TLS improved upon SSL by addressing security vulnerabilities and supporting newer encryption algorithms. HTTP (Hypertext Transfer Protocol) is the underlying protocol used to request and transmit web pages and other files over the internet. Combining HTTP with SSL/TLS results in HTTPS, the secure version of HTTP used for encrypted web browsing and transactions.
The document summarizes technical details about ShadowPad, a modular cyber attack platform deployed through compromised software. It describes how ShadowPad operates in two stages, with an initial shellcode embedded in legitimate software that connects to command and control servers. The second stage acts as an orchestrator for five main modules, including for communication, DNS protocols, and loading additional plugins. Payloads are received from the C&C server as plugins and can perform data exfiltration.
The Center for Democracy & Technology filed a complaint with the Federal Trade Commission requesting an investigation into Hotspot Shield VPN's data sharing and security practices. The complaint alleges that Hotspot Shield makes strong claims about not tracking or logging user data, but its privacy policy describes more extensive logging. It is also alleged that Hotspot Shield uses third-party tracking libraries to facilitate targeted advertisements, contradicting its promises of privacy and security.
Nexusguard d do_s_threat_report_q1_2017_enAndrey Apuhtin
This document provides a summary of DDoS attack trends in Q1 2017 according to Nexusguard's analysis. Key findings include a 380% increase in attacks compared to the previous year, with unusually large attacks on holidays such as Chinese New Year and Valentine's Day. HTTP floods became the most common attack vector. The US was the top source of attacks globally, while China was the top source in the Asia-Pacific region. Larger and more complex multi-vector attacks targeting both volumetric and application layers became more common.
The document summarizes cybersecurity trends in the financial services sector in 2016. Some key points:
1) The financial services sector remained the most attacked industry in 2016, experiencing 65% more attacks on average than other sectors. Common attack methods included SQL injection and command injection exploits.
2) While total attacks increased in 2016, average security incidents decreased for financial services organizations monitored by IBM.
3) Insider threats, both malicious and inadvertent, posed a larger risk than outsider attacks for financial services organizations. The majority of insider attacks were caused by inadvertent or compromised systems rather than malicious insiders.
This document provides a summary of CLDAP reflection DDoS attacks observed by Akamai between October 2016 and January 2017. It details the attack methods, timelines, largest attacks observed, affected industries, source distributions by country and ASN, mitigation recommendations including filtering port 389, and conclusions regarding CLDAP reflection as an emerging DDoS vector.
This document provides a technical analysis of Pegasus spyware samples found on Android devices. Pegasus for Android (called Chrysaor) shares many capabilities with the iOS version, including exfiltrating data from apps, remote controlling devices via SMS, audio surveillance, screenshot capture, and disabling system updates. It uses known Android exploits to gain root access and SMS, HTTP, and MQTT for command and control. The spyware is designed to evade detection and delete itself if detected. Analysis of the samples revealed how the malware infects devices, communicates with its operators, and surreptitiously collects information from infected phones.
This document summarizes a study on zero-day vulnerabilities and exploits. The study obtained rare access to data on zero-day vulnerabilities and exploits to analyze metrics like life status, longevity, collision rates, and development costs. Some key findings include: 1) exploits have an average lifespan of 6.9 years after discovery before being patched, but 25% will last less than 1.5 years and 25% will last over 9.5 years, 2) after 1 year, approximately 5.7% of vulnerabilities in a stockpile will be discovered and disclosed by others, and 3) once an exploitable vulnerability is found, the median time to develop a working exploit is 22 days. The results provide insights to inform policy debates on
The APWG recorded more phishing in 2016 than in any previous year. In the 4th quarter of 2016, there were over 277,000 unique phishing sites detected, representing a 65% increase in total phishing attacks for 2016 compared to 2015. Phishing attacks have increased dramatically over the past 12 years, with an average of over 92,000 attacks per month in the 4th quarter of 2016 compared to just 1,600 attacks per month in the 4th quarter of 2004. Fraudsters in Brazil are increasingly using social media and mobile apps to defraud users in addition to traditional phishing techniques, though many of the hosting infrastructure for these attacks are located outside of Brazil, particularly in the United States and
This document contains a list of websites categorized into different areas of interest: finance, gambling, e-commerce, dating, and other. Over 50 websites are listed related to online payment processing, gambling sites, major retailers, social media, travel, and dating platforms. The list appears to have been compiled from someone's browser history.
The document lists processes and components of different point of sale (POS) software, including BrasilPOS, cch tax14, cch tax15, AccuPOS, Active-Charge, ADRM.EndPoint.Service, AFR38, Aireus, Aldelo, alohaedc, APRINT6, Aracs, aRPLUSPOS, ASTPOS, AxUpdatePortal, barnetPOS, bt, BTFULL, callerIdserver, CapptaGpPlus, CashBox, CashClub, CashFootprint, and Catapult.
Processes and components antivirus lists the executable files and processes associated with major antivirus software programs. It includes the process names for antivirus programs from companies like Avast, AVG, Avira, ClamWin Antivirus, ESET, F-Secure, GData, GFI Antivirus, Kaspersky, MalwareBytes Antivirus, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, and WebRoot Antivirus. The list provides information on the core processes used by antivirus software to scan for malware, monitor systems for infections, and provide protection.
The document analyzes the prevalence and security impact of HTTPS interception by middleboxes and antivirus software. The researchers developed techniques to detect interception based on differences between the TLS handshake and HTTP user agent. Applying these techniques to billions of connections, they found interception rates over an order of magnitude higher than previous estimates, and that the majority (97-62%) of intercepted connections had reduced security, with 10-40% vulnerable to decryption. Testing of interception products found most reduced security and many introduced severe vulnerabilities. The findings indicate widespread interception negatively impacts security.
This bill directs the Administrator of the National Highway Traffic Safety Administration to conduct a study to determine appropriate cybersecurity standards for motor vehicles. The study would identify necessary isolation, detection, and prevention measures to protect critical software systems. It would also identify best practices for securing driving data. The Administrator would submit a preliminary report within 1 year and a final report within 6 months, including recommendations for adoption of standards and any necessary legislation.
A former employee of the Federal Reserve Board installed unauthorized software on a Board server to earn bitcoins through the server's computing power. The employee modified security safeguards to remotely access the server from home. When confronted, the employee initially denied wrongdoing but later remotely deleted the software to conceal actions. Forensic analysis confirmed the employee's involvement, resulting in termination and a guilty plea to unlawful conversion of government property. The employee was sentenced to 12 months probation and a $5,000 fine.
Microsoft released patches for over 100 vulnerabilities in Windows, Internet Explorer, and Edge in 2016. While the number of vulnerabilities exploited in Internet Explorer before patching declined, no vulnerabilities in the newer Edge browser were exploited. Windows 10 introduced new security features like Attack Surface Reduction that remove vulnerable components. Over 60 vulnerabilities were also patched in various Windows user-mode components, with remote code execution being the most common type.
Muddy Waters Capital is short St. Jude Medical due to serious cybersecurity vulnerabilities identified in STJ's implantable cardiac devices. Researchers were able to replicate attacks that could cause devices to malfunction dangerously or drain batteries. The vulnerabilities stem from a lack of security protections in STJ's device ecosystem, including hundreds of thousands of home monitoring units distributed without adequate safeguards. A cardiologist is advising patients to unplug monitors and delaying implants until issues are addressed, which could take STJ at least two years to remediate through a recall and system rework. The cybersecurity risks may result in litigation if exploits endanger patients.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Drona Infotech is a premier mobile app development company in Noida, providing cutting-edge solutions for businesses.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Mobile App Development Company In Noida | Drona Infotech
Https bicycle-attack
1. HTTPS Bicycle Attack
By Guido Vranken <guidovranken@gmail.com>
ABSTRACT
It is usually assumed that HTTP traffic encapsulated in TLS doesn't reveal the exact
sizes of its parts, such as the length of a Cookie header, or the payload of a HTTP
POST request that may contain variable-length credentials such as passwords. In this
paper I show that the redundancy of the plaintext HTTP headers included in each and
every request can be exploited in order to reveal the length of particular components
(such as passwords) of particular requests (such as authentication to a web
application). The redundancy of HTTP in practice allows for an iterative resolution of
the length of 'unknowns' in a HTTP message until the lengths of all its components
are known except for a coveted secret, such as a password, whose length is then
implied. The attack furthermore exploits the property of stream-oriented cipher suites
such as those based on Galois/Counter Mode that the exact size of the plaintext can
be known to a man-in-the-middle.
The paper furthermore gives insight in how very small differences in the length of
intercepted (encrypted) GPS coordinates can be used to estimate the location on the
world map for a particular encrypted coordinate. Another example demonstrates that
differences in length of intercepted (encrypted) IPv4 addresses are bound to specific
IP ranges.
The paper concludes with a set of proposed mitigations against this attack.
Table of Contents
HTTPS Bicycle Attack...............................................................................................................................1
ABSTRACT...............................................................................................................................................1
1. Introduction............................................................................................................................................2
1. On TLS side-channel leaks................................................................................................................2
2. A note on TLS records and cipher modes..........................................................................................3
2. Overview of the attack...........................................................................................................................4
1. Fingerprinting....................................................................................................................................4
2. Length deduction through subtraction...............................................................................................5
Step 1: preparation............................................................................................................................6
Step 2: analysis.................................................................................................................................7
3. Implications............................................................................................................................................9
4. Other examples......................................................................................................................................9
1. Location leaks through encrypted GPS coordinates..........................................................................9
2. 1. Deducing location from GPS coordinate length...........................................................................9
2. Exploitation................................................................................................................................14
3. Disclaimer...................................................................................................................................16
2. Length of IPv4 addresses leaks ranges............................................................................................16
5. Prevention............................................................................................................................................18
1. Hashing before transmission...........................................................................................................18
2. Padding the secret............................................................................................................................19
3. On variable-length padding schemes..............................................................................................20
4. Using constant-length identifiers to refer to objects.......................................................................21
1. Introduction
1. On TLS side-channel leaks
It has long been known that SSL/TLS (from hereon referred to as TLS) is no silver bullet to obscure the
behavior of a user on a network. While the sound configuration of both endpoints of a connection is
understood to prevent the decoding from ciphertext to plaintext without having access to the private
key(s), transactions conducted over a channel embedded in TLS leak various types of information.
These side-channel leaks can be the can be the result of the delegation of actions required for proper
data transmission on a network to protocols at a higher layer that offer no means of obscuring key
information, such as source and destination IP's encoded in the Internet Protocol layer, and source port,
destination port, payload fragmentation an so forth encoded in the TCP layer. Other types of side-
channel information leaks are consist of variability introduced entirely outside of TLS's control, such as
spatial and temporal discrepancies for different payloads. Moreover, the aggregate of the properties of
packets sent back and forth between two TLS endpoints constitutes a sequence that may be unique
linked to path and resource access on a web application. Some properties of a TLS session are left
unobscured by design, such as the exact ciphersuite used and the exact length of the plaintext when
stream ciphers are used.
A lot of research has been performed on how to stack up these different 'knowns' in order to
meticulously reconstruct the user's actions, given that the encrypted streams are known to an observer
who is or has been listening in on the 'secure' transmission between two endpoints.
In this paper I will show that for a presumably large subset of web applications, it is easy to infer the
length of parts of the plaintext, or certain attributes thereof, from a recorded stream of encrypted
messages. Having access to the private key is not necessary. In fact, the actual ciphertexts embedded in
the stream are irrelevant to the deduction, and entry-level arithmetic suffices.
This attack has the property of being entirely passive. That is, unlike attacks such as BREACH (which
relies on CSRF attacks), the attacker doesn't need to interfere with a user's session. While my attack
typically reveals less detailed information than BREACH, its advantage of my attack lies in the fact
3. that it cannot raise alarm bells, and that it can be applied retroactively; that is, encrypted streams
recorded years ago can still be picked apart in order to divulge confidential information.
Furthermore, the attack requires some information about the victim to be known to the attacker. The
more information the attacker knows, the more information about the victim's plaintexts can be
deduced. Broadly speaking, the attack works by subtracting the lengths of known parts of the plaintext
from the total plaintext size. If knowing the length of the user's password for a specific website is the
attacker's objective, then the attacker must also know the user name belonging to that password, since
user name and password are often sent together in an authentication process. The attack can reveal the
length of the concatenation of the user name and the password. Subtracting the length of the user name
from this value reveals the length of the password.
Another user property that is helpful to know is the browser used. This aids in predicting which headers
a browser will send for various types of web resources. This shouldn't be too difficult to determine in a
directed attack on a specific person, since just a single HTTP (ie., insecure) request will reveal the
User-Agent string.
The name TLS Bicycle Attack was chosen because of the conceptual similarity between how encryption
hides content and gift wrapping hides physical objects. My attack relies heavily on the property of
stream-based ciphers in TLS that the size of TLS application data payloads is directly known to the
attacker and this inadvertently reveals information about the plaintext size; similar to how a draped or
gift-wrapped bicycle is still identifiable as a bicycle, because cloaking it like that retains the underlying
shape. The reason that I've named this attack at all is only to make referring to it easier for everyone.
2. A note on TLS records and cipher modes
A TLS record, in which encrypted data is encapsulated, has two fields that are of importance to the
attacker. One is the Content Type field. In this document I will focus exclusively on content types with
the values 23 (0x17), since these types of records are used to embed the actual encrypted payloads. The
other field of interest to us is the 'length' field. This is a 16-bit field which reflects the exact size in
bytes of the encrypted payload.
Another important property to be aware of is the ciphersuite being used, in particular whether it
concerns a block cipher or a stream cipher. I will focus on stream ciphers, which have the convenient
property that their output lengths corresponds 1:1 with the input (plaintext) size, although they do not
necessarily have the same size. That is, each byte added to the plaintext results in one byte added the
encrypted message, though the encrypted message may be larger than the plaintext (ie., encryption may
add a constant number of bytes, such as overhead).
4. 2. Overview of the attack
The attack consists of two components.
1. Fingerprinting
Once an encrypted stream has been intercepted, the attacker must employ some form of fingerprinting
in order to know which resources in a web application were accessed. There are many ways this can be
achieved. This paper will not elaborate extensively on fingerprinting strategies. For demonstration
purposes I will be employing a simple fingerprinting mechanism, which consists of taking the full
sequence of payload lengths of requests from the client to the server and calculating the Pearson
correlation coefficient of each sub-sequence with a precomputed sequence in order to locate the user's
retrieval of an authentication page.
For instance, loading a page that consists of a couple of JavaScript, CSS and image files will be
reflected as a sequence of requests from the browser to the server with a distinct size. This sequence of
distinct sizes must computed by the attacker before the attack is executed. This means that the attacker
will have to load the page in their browser and record the size of each request. This precomputation will
serve as a template. The attacker can compute the Pearson correlation coefficient from this template
sequence and the sequences found in the recorded encrypted stream. Once a 1:1 match is found, the
attacker can safely assume that the client has been accessing the same page at this point in the
encrypted stream.
The method can be summarized as follows:
Let S be a sequence of the values of the 'length' field of TLS Application Data records of HTTP
requests (not responses) to a particular web application (identified by its IP address and the hostname
encoded in the TLS SNI extension). Each HTTP request corresponds to a separate TLS Application
Data payload.
Let T be the sequence of request sizes that is unique for access to a particular resource.
Loading wordpress/wp-login.php on a WordPress installation implies the loading of other resources and
results in five requests with the following sizes:
URI Total size of corresponding
HTTP request
https://localhost/wordpress/wordpress/wp-login.php 368
https://localhost/wordpress/wordpress/wp-
includes/css/buttons.min.css?ver=4.4
409
https://localhost/wordpress/wordpress/wp-
includes/css/dashicons.min.css?ver=4.4
411
5. https://localhost/wordpress/wordpress/wp-admin/css/login.min.css?
ver=4.4
404
https://localhost/wordpress/wordpress/wp-admin/images/wordpress-
logo.svg?ver=20131107
454
In this case T = [368, 409, 411, 404, 454].
from scipy.stats import pearsonr
import random
S = [ 327, 470, 453, 351, 399,
368, 409, 411, 404, 454,
390, 430, 458, 318, 305]
T = [368, 409, 411, 404, 454]
for i in xrange(len(S) - len(T) + 1):
if pearsonr(T, S[i:i+len(T)]) == (1.0, 0.0):
print "Access to wp-login.php detected at element %i in sequence S" % i
In this example the sequence T is embedded in sequence S, which will be detected by comparing T to
each sub-sequence in S of the same length as T (5).
Note that it is the Pearson correlation coefficient is not a one-to-one numeric comparison.
Setting T to these values:
[920.0, 1022.5, 1027.5, 1010.0, 1135.0]
(in which each original value has been multiplied by 2.5) does not hamper detection of the sub-
sequence. This is quite useful because the intercepted, encrypted sequence might stem from plaintext
with headers of a different length than the attacker's precomputed sequence. For instance, the plaintext
of the intercepted stream might contain a different User-Agent header.
2. Length deduction through subtraction
The attack works on the basis of information deduction through length subtraction. Broadly speaking, it
deduces the length of a single unknown (such as a password) by subtracting the known length of a
payload from the total length of the payload.
The deduction process consists of two components:
1. The preparation: the attacker must use the application themselves and record the exact requests
their browser sends for specific actions (such as authentication)
6. 2. The analysis: using addition and subtraction of knowns and unknowns in order to determine the
length of a single unknown. This is an iterative process.
Step 1: preparation
The attacker can load wordpress/wp-login.php in their browser and see that the following files are
loaded as well:
/wordpress/wordpress/wp-includes/css/buttons.min.css?ver=4.4
/wordpress/wordpress/wp-includes/css/dashicons.min.css?ver=4.4
/wordpress/wordpress/wp-admin/css/login.min.css?ver=4.4
/wordpress/wordpress/wp-admin/images/wordpress-logo.svg?ver=20131107
The requests look like this:
GET /wordpress/wordpress/wp-includes/css/buttons.min.css?ver=4.4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101
Firefox/43.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/wordpress/wordpress/wp-login.php
Cookie: wordpress_test_cookie=WP+Cookie+check
Connection: keep-alive
GET /wordpress/wordpress/wp-includes/css/dashicons.min.css?ver=4.4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101
Firefox/43.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/wordpress/wordpress/wp-login.php
Cookie: wordpress_test_cookie=WP+Cookie+check
Connection: keep-alive
GET /wordpress/wordpress/wp-admin/css/login.min.css?ver=4.4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101
Firefox/43.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/wordpress/wordpress/wp-login.php
Cookie: wordpress_test_cookie=WP+Cookie+check
Connection: keep-alive
GET /wordpress/wordpress/wp-admin/images/wordpress-logo.svg?ver=20131107 HTTP/1.1
Host: localhost
7. User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101
Firefox/43.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/wordpress/wordpress/wp-admin/css/login.min.css?ver=4.4
Cookie: wordpress_test_cookie=WP+Cookie+check
Connection: keep-alive
Trying to log in as user 'guido' and password 'password' yields the following request:
POST /wordpress/wordpress/wp-login.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Cookie: wp-settings-time-1=1451442362; wordpress_test_cookie=WP+Cookie+check
Host: localhost
Referer: https://localhost/wordpress/wordpress/wp-login.php
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101
Firefox/43.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
log=guido&pwd=password&wp-submit=Log+In&redirect_to=https%3A%2F%2Flocalhost
%2Fwordpress%2Fwordpress%2Fwp-admin%2F&testcookie=1
Step 2: analysis
Once the attacker isolates a POST request to wp-login.php by the victim using fingerprinting, then the
following information is known:
1. POST /wordpress/wordpress/wp-login.php HTTP/1.1
2. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
3. Content-Type: application/x-www-form-urlencoded
4. Content-Length: 1xx
<UNKNOWN HEADERS>
5.
6. log=guido&pwd=&wp-submit=Log+In&redirect_to=https%3A%2F%2Flocalhost%2Fwordpress
%2Fwordpress%2Fwp-admin%2F&testcookie=1
Line 1: because fingerprinting was employed, the attacker knows that the resource being accessed is
wp-login.php. The rest of the line can be known from the preparation (step 1).
Line 2: If it is known that the user's browser is Firefox, the attacker can assume that the browser sends
this Accept header.
Line 3 and 4: Known from the preparation (step 1).
Line 5: CRLF to separate headers and data
8. Line 6: If the attacker knows beforehand that the username is 'guido', the rest of the string can be
reconstructed from the preparation (step 1).
The length rest of the headers, such as Cookie and User-Agent might not be directly known to the
attacker. For this the attacker has to look at other requests made to the same web application.
In the encrypted stream, isolate the request for /wordpress/wordpress/wp-
includes/css/dashicons.min.css?ver=4.4 and take the plaintext size from the request.
From this size, subtract the length of the lines in blue:
GET /wordpress/wordpress/wp-includes/css/dashicons.min.css?ver=4.4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101
Firefox/43.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/wordpress/wordpress/wp-login.php
Cookie: wordpress_test_cookie=WP+Cookie+check
Connection: keep-alive
The length of the first blue line is 77 bytes (this includes carriage return + line feed).
The length of the second blue line is 28 bytes (this includes carriage return + line feed).
The sum of these values is 77 + 28 = 105 bytes.
Say the plaintext size of the intercepted request for dashicons.min.css?ver=4.4 is 409 bytes. Then 409 –
105 = 403. This is exactly the size of the length of the unknown headers in the POST request:
1. POST /wordpress/wordpress/wp-login.php HTTP/1.1
2. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
3. Content-Type: application/x-www-form-urlencoded
4. Content-Length: 1xx
<UNKNOWN HEADERS> length = 304 bytes
5.
6. log=guido&pwd=&wp-submit=Log+In&redirect_to=https%3A%2F%2Flocalhost%2Fwordpress
%2Fwordpress%2Fwp-admin%2F&testcookie=1
Now take the plaintext size of the intercepted POST request issued by the client, and from it subtract all
the known lengths:
1. POST /wordpress/wordpress/wp-login.php HTTP/1.1 length = 49 bytes (includes
CSRF)
2. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 length =
73 bytes (includes CSRF)
3. Content-Type: application/x-www-form-urlencoded length = 49 bytes (includes
CSRF)
4. Content-Length: 1xx length = 21 bytes (includes CSRF)
<UNKNOWN HEADERS> length = 304 bytes
5. length = 2 bytes (CSRF)
6. log=guido&pwd=&wp-submit=Log+In&redirect_to=https%3A%2F%2Flocalhost%2Fwordpress
%2Fwordpress%2Fwp-admin%2F&testcookie=1 length = 118 bytes
9. The total length of the knowns is 49+73+49+21+304+2+118 = 616 bytes
Total plaintext size – 616 = length of password.
3. Implications
The attack does not reveal plaintext contents, but only lengths of parts of the plaintext. On the upside,
the attack is entirely passive and may be executed retro-actively (ie., on encrypted streams recorded in
the past). From access to web applications whose authentication process is vulnerable to this attack, the
password length of a targeted user can be known, which can give the attacker an indication of what the
password is, or indicate the feasibility of a brute-force attack. It may also be executed on a larger scale
on TOR exit nodes, VPN's, proxies and other Internet traffic conduits in order to detect weak or short
passwords susceptible to a brute-force or an attack based on a dictionary of often-used passwords.
The example described above extracts credentials from a POST request, but the range of application for
this attack is much wider. It can also be used to extract the length of user names (from pages where all
content is static or known except for a string “Welcome back, {username}”), or the user's account
balance on pages in an online banking application, or the number of new messages in an online
messaging system. One particular avenue that would be interesting to explore is HTTP API's. HTTP
API's typically have a limited amount of unpredictable header lengths, and API's are designed to
efficiently communicate isolated bits of information back and forth, so requests and responses are
typically not cluttered by unpredictable dynamic content.
4. Other examples
1. Location leaks through encrypted GPS coordinates
1. Deducing location from GPS coordinate length
GPS coordinates consist of a (latitude, longitude) tuple. There are a total of 180 possible degrees
latitude (-90 to 90) and a total of 360 possible degrees longitude (-180 to 180). The minus sign is used
to denote negative degrees. The coordinates usually also have a floating point part. The floating point
part typically consists of 6 digits, regardless whether it may be shortened (so 12.0 is written as
12.000000). From this it follows that latitude consists of at least 8 characters: a single digit before the
dot, the dot, and 6 digits after the dot, for example 6.000000.
10. To put it differently, a latitude constists of these parts:
1) An optional minus sign -
2) an integer from 0 to 90; so either 1 or 2 digits
3) a mandatory dot
4) an integer consisting of 6 characters (digits)
A longitude consists of these parts:
1) An optional minus sign -
2) An integer from 0 to 180; so either 1, 2 or 3 digits
3) A mandatory dot
4) An integer consisting of 6 characters (digits)
The only variable fragment in either encoding is the second part (the number of degrees); the integer
ranging from 0 to 90 and 180, respectively.
Length of degrees in characters Ranges this length encodes as tuples
1 (0, 9)
2 (10, 99), (-9, -1)
3 (-99, -10)
Length of degrees in characters Ranges this length encodes as tuples
1 (0, 9)
2 (10, 99), (-9, -1)
3 (100, 180), (-99, -10)
4 (-100, -180)
From these two sets, the following Cartesian product can be constructed:
[((0.0, 9.0), (0.0, 9.0)),
((0.0, 9.0), (10.0, 99.0)),
((0.0, 9.0), (-9.0, -1.0)),
((0.0, 9.0), (100.0, 180.0)),
((0.0, 9.0), (-99.0, -10.0)),
((0.0, 9.0), (-100.0, -180.0)),
((10.0, 99.0), (0.0, 9.0)),
((10.0, 99.0), (10.0, 99.0)),
((10.0, 99.0), (-9.0, -1.0)),
((10.0, 99.0), (100.0, 180.0)),
((10.0, 99.0), (-99.0, -10.0)),
11. ((10.0, 99.0), (-100.0, -180.0)),
((-9.0, -1.0), (0.0, 9.0)),
((-9.0, -1.0), (10.0, 99.0)),
((-9.0, -1.0), (-9.0, -1.0)),
((-9.0, -1.0), (100.0, 180.0)),
((-9.0, -1.0), (-99.0, -10.0)),
((-9.0, -1.0), (-100.0, -180.0)),
((-99.0, -10.0), (0.0, 9.0)),
((-99.0, -10.0), (10.0, 99.0)),
((-99.0, -10.0), (-9.0, -1.0)),
((-99.0, -10.0), (100.0, 180.0)),
((-99.0, -10.0), (-99.0, -10.0)),
((-99.0, -10.0), (-100.0, -180.0))]
All the unique sums (ie., the unique sums of the character length of the degrees in both the latitude and
the longitude):
[2, 3, 4, 5, 6, 7]
In other words, for each possible GPS coordinate encoded using the method described earlier, the sum
of the number of characters which constitute the degrees latitude (eg, -45, which are 3 characters) and
the degrees longitude (eg. 12, which are 2 characters) is either 2, 3, 4, 5, 6 or 7 (in this example it is 2 +
3 = 5).
From the tuples of ranges produced by the Cartesian product of each possible latitude and longitude
length 6 different regions on the world map can be demarcated.
12.
13.
14. 2. Exploitation
If the attacker knows that a certain application is leveraging a geocoding API to translate a set of GPS
coordinates to a physical location, the deduction described previously may be applied to passively
recorded and encrypted queries containing GPS coordinates to a geocoding API in order to determine a
rough estimate of the region on the world map that the callee (the application invoking the API) is
inquiring about. This could be used as part of a de-anonimization effort on TOR exit node or VPN
outbound data. A mobile (or other) application that has retrieved its own GPS coordinates and
subsequently sends it to an API in order to reverse this data to a human-readable location string, or to
store its current location in the cloud, leaks information about its location.
For example, say an application is known to query Google's geocoding API in the following manner:
https://maps.googleapis.com/maps/api/geocode/json?latlng=<degrees>.<6
digits>,<degrees>.<6 digits>
15. For example:
https://maps.googleapis.com/maps/api/geocode/json?latlng=40.714224,-73.961452
Intercepting and storing the encrypted data transmitted over the wire to maps.googleapis.com while
executing this command:
curl https://maps.googleapis.com/maps/api/geocode/json?latlng=40.714224,-73.961452
results in a capture similar to this one:
As you can see, the length of the application data is set to 156. A GCM-based ciphersuite is used, so to
determine the length of the original plaintext, subtract by 24 = 132, which is exactly the size of the curl
request:
GET /maps/api/geocode/json?latlng=40.714224,-73.961452 HTTP/1.1
User-Agent: curl/7.35.0
Host: maps.googleapis.com
16. Accept: */*
This request, minus the latitude and longitude degrees (40 and -73), can be regarded as the constant or
known part of the request; from their preparation, the attacker can know which headers an application
always sends as part of its request to the geocoding API, and what their length is. If it is also known
that the fractional part of the coordinates is always coded using 6 digits, then the latitude and longitude
degrees are the only variables.
Once fingerprinting has been used to locate a request to the Google geocoding API, the attacker can
take the payload length minus the constant part to retrieve the variable part. In this example, the
constant length is 129 bytes; this is the entire HTTP request sent minus the actual degrees. This leaves
us with a total degree length of 5 characters (40 + -73 = 5 characters). Using the precomputed look-up
table, it can be determined which part of the world is corresponds to the aggregate degree length of 5.
3. Disclaimer
Calculations might be slightly off due to the ellipsoid shape of the earth and other factors.
2. Length of IPv4 addresses leaks ranges
Similar to how you can convert the length of GPS coordinates to area's on the world map, you can also
map the length of an IPv4 address to an actual set of IP ranges:
Length: 7 -- reduces candidate pool to 0.000233% of original
0.0.0.0
Length: 8 -- reduces candidate pool to 0.008382% of original
0.00.0.0
0.0.00.0
0.0.0.00
00.0.0.0
Length: 9 -- reduces candidate pool to 0.127684% of original
0.0.0.000
0.000.0.0
00.00.0.0
00.0.0.00
000.0.0.0
00.0.00.0
0.0.00.00
0.00.0.00
0.0.000.0
0.00.00.0
Length: 10 -- reduces candidate pool to 1.071207% of original
000.0.0.00
000.0.00.0
0.00.0.000
00.00.00.0
0.00.000.0
00.000.0.0
17. 0.000.0.00
00.00.0.00
000.00.0.0
00.0.000.0
00.0.0.000
0.0.00.000
0.0.000.00
0.00.00.00
0.000.00.0
00.0.00.00
Length: 11 -- reduces candidate pool to 5.398029% of original
000.00.0.00
000.0.000.0
00.00.0.000
000.00.00.0
0.0.000.000
00.00.000.0
00.00.00.00
0.000.0.000
0.000.00.00
00.000.0.00
000.000.0.0
0.00.00.000
0.000.000.0
000.0.00.00
0.00.000.00
00.0.000.00
000.0.0.000
00.0.00.000
00.000.00.0
Length: 12 -- reduces candidate pool to 16.710833% of original
0.00.000.000
0.000.00.000
00.000.000.0
00.000.00.00
000.00.000.0
000.000.00.0
000.0.00.000
0.000.000.00
00.00.000.00
00.000.0.000
00.00.00.000
000.00.0.000
000.000.0.00
000.0.000.00
000.00.00.00
00.0.000.000
Length: 13 -- reduces candidate pool to 31.073257% of original
00.000.00.000
000.000.000.0
000.000.00.00
000.000.0.000
00.000.000.00
00.00.000.000
000.00.000.00
0.000.000.000
000.00.00.000
18. 000.0.000.000
Length: 14 -- reduces candidate pool to 31.821191% of original
000.00.000.000
00.000.000.000
000.000.000.00
000.000.00.000
Length: 15 -- reduces candidate pool to 13.789183% of original
000.000.000.000
If you manage to isolate an IPv4 address with string length 7 (for example 1.2.3.4) embedded in
encrypted traffic, you can know that the plaintext IP is in the range 0-9.0-9.0-9.0.9. The total IPv4
space constitutes 256*256*256*256 = 4294967296 different addresses. Observer that an IP with string
length 7 is sent reduces this space to 10*10*10*10 = 10000. This is only 0.000232830643654 percent
of the original space.
If the attacker manages to isolate a page on a web application where an IPv4 address is displayed, and
the rest of the page is static or known (think of a web application that displays the IPv4 address from
where the last login was performed), then an estimate can be made as to which set of IP ranges it
concerns. The pool may be further reduced by mapping the resultant IP ranges to Autonomous
Systems1
(AS) and discarding those Autonomous Systems that are not Internet Service Providers (in the
case the attacker knows that the IP address they seek to reveal belongs to a home connection and not a
company server, for instance).
5. Prevention
1. Hashing before transmission
An obvious one-size-fits-all solution is compute a hash of the password inside the user's browser using
JavaScript before it is sent off to the server.
$ echo -n 'password' | sha256sum
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
$ echo -n 'apasswordthatismuchlonger' | sha256sum
36a9268776dc62211aa00e768052a628d564e3d05b48c1aa65af6c0cfa6570d4
Both passwords result in a hash with a length of 64 bytes.
This happens to have the additional advantage that the plaintext password is never stored anywhere
except temporarily in the user's browser, as opposed to collectively in the browser, (encrypted) transit,
and on your server prior to storing it encrypted in your database. The downside of this approach is that
you can't evaluate the password strength on the server side. You could construct a list of a certain
1 https://en.wikipedia.org/wiki/Autonomous_system_%28Internet%29
19. amount of passwords that are known to be very common or too short, compute their hashes and fail to
proceed once a user tries to change their password into one of these strings. However, you cannot
verify whether the user has been using all of your required sets of characters (such as letters, numbers
and special characters). Obviously, validation can be performed within the browser using JavaScript.
Users may undermine this by tampering with the JavaScript – but this is beside the point because it is
specifically the user whose safety is attempted to be strengtened by taking these measures, and their
own attempts at overthrowing our security considerations are but their own responsibility.
A theoretical issue that automatically emerges is that the leak of password length is moved from the
spatial to the temporal domain. That is to say, now the observer will not be able to infer the length of
the password, but the length might influence the time and resources required to compute the hash.
However, the detection of such microscopic details is usually confined to laboratory settings, and as
long as the client-side code isn't programmed to signal the server that it is currently computing the hash
(and allowing the observer to discern the exact amount of time elapsed between computation and form
submission), this shouldn't really be a problem.
2. Padding the secret
An alternative to this approach is to simply pad the password right before form submission to a length
that you consider to be a safe maximum-size constraint for a user password, say, a 1000 characters.
How to actually implement the padding might not be straight-forward.
Trailing spaces might be part of the actual password the user has thought up. Trailing spaces might be
truncated by some browsers.
Padding it with zeros (as in the ASCII character 0x00) might break some things as well.
Embedding the zero padding in JSON won't work either, because JSON will replace those with
Unicode escapes such as u0000, which again leaks password lengths.
Adding an additional parameter to the POST submission, say, 'X', (which will be represented as
'X=......' – the X and the is-equal sign are 2 characters) and padding this with 1000 minus 2 minus
password_length characters is a hack using hard-coded values and it's ugly.
What I suggest is to pad the password string with zeros (as in the ASCII character 0x00), then convert
to a readable hexadecimal representation, and submit.
So if the password is 'password' and the padding length is 15 (for the sake of demonstration), then:
>>> pw = "password" + (chr(0x00)*7)
>>> len(pw)
15
>>> pw2 = "".join(hex(ord(c))[2:].zfill(2) for c in pw)
>>> pw2
'70617373776f726400000000000000'
>>> len(pw2)
20. 30
3. On variable-length padding schemes
If you decide to implement some padding mechanism, beware of variable-length padding schemes. By
padding a string with a different (and random) amount of characters upon each consecutive run does
not make it safer but in fact introduces insecurity:
1 #!/usr/bin/env python
2 import random
3
4 """
5 This is the server, which, in an attempt to thwart a man in the middle
6 from inferring the size of the secret, pads it with a variable and
7 random amount of bytes before each transmission.
8 """
9 def server():
10 secret = "thesecret"
11
12 secret += " " * random.randint(0,50)
13
14 return secret
15
16 """
17 This is the man in the middle, passively taking note of all payload
18 sizes emitted by the server.
19 Once a sufficient amount of payloads with variable-length padding have
20 been transmitted, an accurate guess at the size of the secret can
21 be made.
22 """
23 def observer():
24 lengths = []
25 for i in xrange(1000):
26 padded_secret = server()
27 lengths += [ len(padded_secret) ]
28 probable_padding_length = max(lengths) - min(lengths)
29 probable_secret_length = max(lengths) - probable_padding_length
30 print "Length of the secret is probably: {}".format(
31 probable_secret_length)
32
33 observer()
By observing a page that contains a variable-length padded secret, a sufficient amount of encrypted
transmissions of this page (in this example 1000 times) allows the observer to determine the upper and
the lower limit of the variable-length padding, which in this case can be expressed as the tuple (0, 50).
Once these have been determined, the observer can deduce the length of the secret.
In order to subvert a padding scheme with a lower limit larger than 0 the attacker will first need to
21. observe known values of the secret to be transmitted in order to determine the lower limit, or figure this
out by scrutinizing the inner workings of the web application itself.
4. Using constant-length identifiers to refer to objects
Numeric identifiers are often used to refer to various database objects; index.php?pageid=10 loads a
different page than index.php?pageId=100. The use of identifiers of constant length, such as UUID's,
can prevent the linking of identifier lengths to particular (sets of) resources.