Cybercrimes and cryptographic attacks

Chapter 7 PKI and Cryptographic Applications

Asymmetric Cryptography

Public and Private Keys

RSA

Based on factoring difficulty

Merkle-Hellman Knapsack

El Gamal

An extension of the math from Diffie-Hellman

Elliptic Curve

Hash Functions 1/2

Message digest

Detects differences and/or collisions

Parity, checksum

Variable-length input

Fixed-length output

Hash is easy to compute

Hash is one-way

Hash is collision resistant

Hash Functions 2/2

SHA

SHA-1 – 160 bit hash output

SHA-2: SHA-256, -224, -512, -384

SHA-3: SHA3-256, -224, -512, -384

MD2 – 128-bit hash output

MD4 – 128-bit hash output

MD5 – 128-bit hash output

Hash of Variable Length (HAVAL)

Hash Message Authenticating Code (HMAC)

Digital Signatures

Integrity, authentication, non-repudiation

Sender encrypts hash of data with private key

Recipient verifies with sender’s public key and hash comparison

HMAC

Hashing with symmetric keys used for entropy

Digital Signature Standard

DSA – FIPS186-4

RSA – ANSI X9.31

ECDSA – ANSI X9.62

Public Key Infrastructure

Certificates

Certificate Authorities

Certificate Generation and Destruction

overview

Certificates

X.509 version 3

Serial number

Signature algorithm identifier

Issuer name

Validity period

Subject’s name

Subject’s public key

Certificate Authorities

Neutral organizations offering notarization services for digital certificates

Public commercial or internal private

Registration authorities

Certificate path validation

Certificate Generation and Destruction

Enrollment

Verification

Revocation

Compromise, erroneously issued, subject’s details changed, or security association changed

Certificate revocation list (CRL)

Online Certificate Status Protocol (OCSP)

Asymmetric Key Management

Choose encryption scheme wisely

Random key selection

Long length

Keep private keys private

Retire keys after useful lifetime

Back up keys for recovery options

Applied Cryptography 1/3

Portable devices

TPM

Email

PGP

S/MIME

Web applications

SSL / TLS

Steganography and watermarking

Applied Cryptography 2/3

Digital Rights Management

Music DRM

Movie DRM

E-book DRM

Video Game DRM

Document DRM

Applied Cryptography 3/3

Networking

Circuit encryption – link (transport mode) or end-to-end (tunnel mode)

Secure Shell (SSH)

IPSec

AH, ESP, HMAC, ISAKMP

Wireless networking

WEP, WPA, WPA2

IEEE 802.1x

Cryptographic Attacks 1/2

Analytic attack

Implementation attack

Statistical attack

Brute force

Rainbow tables

Scalable computing hardware

Salting

Frequency analysis and ciphertext only attack

Cryptographic Attacks 2/2

Known plaintext

Chosen ciphertext

Chosen plaintext

Meet in the middle

Man in the middle

Birthday attack

Collision attack or reverse hash matching

Replay

Conclusion

Read the Exam Essentials

Review the chapter

Perform the Written Labs

Answer the Review Questions