Successfully reported this slideshow.
Upcoming SlideShare
×

# Cryptography Attacks and Applications

477 views

Published on

Practical attacks on Cryptography: Man in the Middle attacks, Frequency analysis, reverse engineering, password hash cracking

Published in: Technology
• Full Name
Comment goes here.

Are you sure you want to Yes No

Are you sure you want to  Yes  No
• Be the first to like this

### Cryptography Attacks and Applications

1. 1. Crypto: Attacks & Applications Wednesday, September 14, 2011
2. 2. Outline ● Homework Solutions ● Attacks How-To ○ Vigenere Cipher ○ Homebrew Crypto ● Password Cracking ● Homework Assignment
3. 3. Homework 2 Too easy...
4. 4. Homework Problem 1 ● How could you simultaneously ensure privacy and authenticity using public key crypto? ● Solution: ○ Assume Alice --> Bob ○ We have PubKey_A, PrivKey_A, PubKey_B, PrivKey_B ○ Enc(Message,PubKey_B) - Ensures that only Bob can read the message ○ Enc(Message,PrivKey_A) - Ensures that Alice sent the message
5. 5. Homework Problem 1 ● How could you simultaneously ensure privacy and authenticity using public key crypto? ● ● Answer: ○ Enc(Enc(Message,PrivKey_A),PubKey_B) ■ Bob receives this message, decrypts with his private key and then with Alice's public key. ● Why not Enc(Enc(Message,PubKey_B),PrivKey_A)? ○ Anyone can strip off the outer encryption using Alice's public key (And replace it with their own) ■ Consider using this technique to submit homework ■ A MITM attack could intercept someone else's homework, strip off their sig, resign it, and submit it as their own
6. 6. Homework Problem 2 Find the security flaw in the following server/client authentication protocol: 1) Client sends Challenge C1 to server 2) Server proves it’s identity by replying Enc(C1, SS) 3) User verifies server by encrypting C1 and comparing with message 4) Server sends C2 to client 5) client authenticates by replying Encrypt(C2, SS) 6) Server verifies user by encrypting C2 and comparing message
7. 7. Homework Problem 2 ● To defeat this protocol, a client can open a new session and present the challenge C2 to the server. ● The response will be the Encryption of C2 ● The client responds to the original challenge with this message ● How can you plug this security hole? ○ User authenticates first
8. 8. Attack #1: Man in the Middle SSL Credit: SSLStrip by Moxie Marlinspike (http://www.thoughtcrime. org/software/sslstrip/) Credit: YouTube Demo Video by bonniekwacha (http://youtu.be/Q1hnHbBb_bA)
9. 9. Attack #1: MITM SSL Review Overview: 1. Trudy enables packet forwarding 2. Trudy creates IPTable rule to redirect packets to SSLSTRIP 3. Trudy identifies Victim Host IP and Gateway/Router IP 4. Trudy spoofs the Gateway IP and advertises to the Victim IP 5. Trudy starts SSLSTRIP 6. Bob generates SSL traffic (tries to use secure socket service) 7. Trudy reviews logs generated by SSLSTRIP 8. Trudy obtains user credentials (usernames, passwords, etc)
10. 10. Attacking A Substitution Cipher Taken from DEFCON 18: "AUJKKUHNTPYMJKKHYTGKHMESELM PFKDUJUSGFPEPVAFROPRERHOBAGY JRAHWHLFVKWYBLZGBQHZZVUWKHM MWRLAERQPAEREORAVLARALSLMMW RLAEROPRERLUQAKPUQAZTTMBRXLF TSRLMBLKAUJKKKBNSTUMBFOGLPMK DVMDKORBJKMEPEKIRZGYKMUZPGTSSGL" Given hint: this problem was created by GMARK, and he loves Vigenere ciphers
11. 11. Attacking A Substitution Cipher Frequency analysis reveals that four of the five most occuring letters spell out "MARK" Knowing that GMARK created this challenge, let's try to decipher using these letters Unfortunately, this doesn't work out. Using GMARK as a key in a Vigenere cipher just results in gibberish. Any other ideas?
12. 12. Attacking A Substitution Cipher What if each letter in GMARK was an offset for five different alphabets? What if it were Vigenere, we just had different keys for each letter?
13. 13. Success! Decoded: "THISZNUMBERZISZALSOZAZDATEZONZWHICH ZSOMEONEZDIEDZWHOZONCEZPLAYEDZPLATO ZOPPOSITEZAZLEGENDZFINDZTHEZDATEZTHEZ LEGENDZDIEDZANDZSENDZHIMZAZMESSAGEZAT ZTHISZDOMAINZANDZYOUZWILLZHEARZFROMZ BEYONDZTHEZGRAVE" Replace Z's with spaces: "THIS NUMBER IS ALSO A DATE ON WHICH SOMEONE DIED WHO ONCE PLAYED PLATO OPPOSITE A LEGEND FIND THE DATE THE LEGEND DIED AND SEND HIM A MESSAGE AT THIS DOMAIN AND YOU WILL HEAR FROM BEYOND THE GRAVE"
14. 14. Problem 3 - Attacking Home Brew CryptoDecrypt This: xc0x92x29x63x1ax50x2cxbdx1ax61xfax75xebxa6xcax95x85xcexf9x39xc4x5fx1b x42x50xe1x4exf8x5fxaexe6x53x2bx3bx81xb7x93x1ex85x44x94xdfxb8xbdx3bx22 x1ex05x73x22xe8x75x5fx69x3dxd6x4cx62xb5xb1x5fxe5x5bx51x91xa3x6ex5dx2a x52x6fx5ex3dx20x2bx96xa7xfax3cxbfxebx79x94x5fx85xd0x60x8cxdcx21xb7x2c xdaxb6x62x6cx5cxfexb8xc4x2bx75xf8xe5x5fx08x3bx2dx4fx14x62xf5xeax2bx93 x39xf5x25x95xbbx08x13x5bx11xa4x2dx52xffx80x91x5fx6bx1exf0x1cxe1xcfx39 x1fxdbx2ax65xc4x16x5fxcex3exffxeax1cx4dxa6x57xdax82xd0x29x9cx74xb9x4c xbex5fx76xa2xabxe8xa8x1ex33x30xe3x4dx3fx09x20x5fx08x4ex3ex3bxbfx74x17 x5ex16x6fx84x2bx62x74xffx5cx6axa4x2dx70x34xc3xc7xb5xebx4cx48x09x84x94 x96x93xafxd7xafxd6xf4x5cx09x4fxa7xc5x7fxadx9dxa4x3ex50xa9x73x05x1exe8 x07xbfx5ex4dxc5xf8x3ax87x83x5bx3ax24x1dx74x34x81x8fxebx4dx52xcbxd3xe0 x5fx46x2dx7bxd6x32x7fx53x5ex5fx35x5fx7dx61xc5xe8xf7x5fx2ex5fx3fxe8x5a x70x1bx74xdex82xc3x0ax92x5cx88x1ex23x5dx3exb7x33x5fxaaxd8xe8xc5x56x51 xbcx93xd9x4dx8cx5fx22x72xf6xb4x18x1bx02xa5xe6xc9x76xc5x52x4dx42x4exdf xe7x71x09x14x8fx71x19x16x2ax2cxfexa5xd9xcdxd8x88x4cx53xd6x76x1ax15xa4 x25xc5xf1x8axb2x61x3exc6x4bx2fx17x73xfbxa6x3ex3ax35xa4x1cxa4x88x6fx8e x1exeexe8x99x54x4bxc1xccxf7x5dx19x1bx60x28xfcxfax1ex42x70xd1xc6xc6x3c x1bx60xadx09x50x93xcdx30xa0xc4x5ax09xfax1fx23x2ax63x94x65xb5x56x09xd5 xc6xd6xb3x5e x03x07x70x2cx28x33xe8x23xe6xbax83x15x2cx74x30xd5x1ax9ax73x6cx2cx58xc3 x25xfax5fx8fx3cx81x74x1bxcex93x8ax80xf8x2fx99x2bx06xebx29x52xb1x70x14 xb7xacx82x52x83x9dx4exc9xc3xdcx51xa7x3ex5dx1ex98x1exbfx82x1cx61x60x74 xb9x60xddx92x1fxa4xacx4dx15xb2x44
15. 15. The algorithm is never secret ● Hint 1: Here is the Decryption algorithm (See source file) def decrypt(msg,key): ks = len(key) k2 = key if(ks%2==1): k2 += chr(10) ks=ks+1 cpt = "" buff = "" done = 0 cnt = 0 while(done==0): i=0 nk = "" if(len(msg)>=cnt+ks): buff = msg[cnt:cnt+ks] else: buff = msg[cnt:] tcnt = len(buff) cnt = cnt + tcnt if tcnt % 2 == 1: tcnt = tcnt - 1 for i in range(0,tcnt,2): c1 = chr((((ord(buff[i])- 31) * -15) ^ (3 * ord(k2[i]))) % 256) c2 = chr(((((ord(buff[i+1])+17)^ (7*ord(k2[i+1])))+27*ord(k2[i]))*27) % 256) while c1 < 0: c1 += 256 while c2 < 0: c2 += 256 nk = nk + c1 + c2 cpt = cpt + c1 + c2 i = tcnt if tcnt != len(buff): c1 = chr((ord(buff[i])-ord(k2[i]))% 256) while c1 < 0: c1 += 256 nk = nk + c1 cpt = cpt + c1 k2 = nk if cnt == len(msg): done = 1 return cpt
16. 16. Still need the key!! ● Hint 2: The key and plaintext are both made up of printable ASCII characters
17. 17. Can we brute force it? ● Hint 3: The key is between 1 and 20 characters long. ○ Brute forcing a 20 character password of letters, numbers, and symbols? ○ 95 printable ASCII chars (127-32) ○ 95^20 = 3,584,859,224,085,422,343,574,104,404,449,462,890,625 ○ No way we can brute force this...
18. 18. Be Smart! ● Hint 4: How can we turn the problem of 95^20 into something more like 95 + 20 * 95 + 10 * 95 + ... ● Look closely at the decryption algorithm... Why should you never implement your own home brew crypto?
19. 19. Attack Exercise - Password Cracking Required Tools: BackTrack Linux (http://www.backtrack-linux.org/) John the Ripper (http://www.openwall.com/john/)* *already installed in BackTrack Linux (/pentest/passwords/john) Provided Files: http://www.utdallas.edu/~dst071000/CSG/HW3/pwdlist Questions: ● Obtain as many passwords as possible from the provided password file ● Determine which hash algorithm was used to hash the passwords ● Locate the name of the system library that is used for hashing ● Identify expired accounts ● Identify passwords that were changed yesterday (09/13/2011) ● BONUS: Write a script that generates or verifies salted passwords Hints: JTR Options (http://www.openwall.com/john/doc/OPTIONS.shtml) JTR Examples (http://www.openwall.com/john/doc/EXAMPLES.shtml)