ECCouncil CEH V9 312-50 – Cryptography

1. Intro Into Cryptography

In this section, we’re going to discuss cryptography. Actually, one of my favorite sections of the entire course. We’ll discuss its implementations. Stream ciphers, block ciphers, the Enigma machine. We’ll discuss asymmetric encryption, hybrid encryption. We’ll compare the two as well as their strength. We’ll look at key exchanges, hashing hashing collisions, common hash algorithms will discuss ransomware, IPsec PKI applications, quantum cryptography and veraquipped.

2. Beginings of Cryptography

Encryption has been around a very long time, even since the Roman times. Caesar himself is actually credited with inventing his own cryptography mechanism. And as systems have become more complex and the data to protect more valuable cryptography mechanisms have also evolved, we now have things like IPsec, PKI and even quantum cryptography. There are many different algorithms, rhythms, and applications that are in use in today’s corporate networked environment. I’d like to tell you a real quick story about how I used a Caesar cipher. One time, I remember I was in fourth grade, I and my best friend at the time, Billy Blevins, liked this little red haired girl that set up in front of the class. So we got out our Captain Marvel decoder ring, and it was nothing more than a Caesar cipher. Now, I didn’t know that at the time, but it had a wheel and another wheel on the inside, and we would agree on how many places that we would code our messages.

So we would code our message and send it from one to the other. If the teacher caught you sending messages in class, she would read it to the class, oh, my God, death to a fourth grader. But the teacher did catch us at one time, picked up our message, she couldn’t read it, wadded it up and threw it away. Boy, the Caesar cipher saved my bacon in fourth grade. As we talked about before, encryption algorithm is nothing more than a scheme or algorithm. The messenger information referred to as plain text turning into unreadable cipher text. In cryptography, a Caesar cipher is known as Caesar cipher, the shift cipher, Caesars code, or a Caesar shift. It is one of the simplest and most widely known encryption techniques.

It’s a mechanism of substituting cipher in which each letter of the plain text is replaced by a letter of some fixed number of positions down the alphabet. For example, with a left shift of 3D would be replaced by A, E would become B, and so on. The method is named after Julius Caesar, who used it in his private correspondence. The encryption step performed by Caesar cipher is often incorporated as part of a more complex scheme such as the Veneer cipher, and still has modern application. In the Rot 13 system, as with all single alphabet substitutions, a Caesar cipher is easily broken, and modern practice essentially offers no communication security. Only obfuscation.

Encryption is simply the process of encoding messages or information in such a way that only authorized parties can read it. Encryption doesn’t prevent hacking, but it does reduce the likelihood the attacker will be able to read the data that’s encrypted. In an encryption scheme, the message or information referred to as plain text is encrypted using an encryption algorithm along with a supplied key, turning it into unreadable ciphertext. This is usually done with the use of an encryption key which specifies how the message is to be encoded. Any adversary can see the ciphertext and should not be able to determine anything about the original message. As an authorized party, however, is able to decode the cybertext using an encryption algorithm that was exchanged previously. This usually requires a secret decryption key that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key regeneration process to produce random keys every so often to keep it safe. Nowadays, encryption can be used to ensure confidentiality, but other techniques are still required to allow for integrity and for nonrepudiation, which we’re going to cover in this next couple of slides.

Now, message authentication and digital signatures are examples of integrity and non repudiation mechanisms. And lastly, encryption by definition, must be reversible. If it’s not reversible, it’s going to be a really good boat anchor. It’s not going to be worth anything to us. Now, here’s a real quick quiz for ten bonus points. Who is this man standing next to me? I’m the person that’s on the right. We were obviously at a black hat conference. Let’s take a look at some of my previous student guesses. He’s not Santa Claus. He’s not Uncle Jesse from the Dukes of Hazard. He’s not Colonel Sanders and not my dad. This gentleman is Whitfield Diffie. He’s the inventor of the public key encryption algorithm.

3. Implementation, Stream Cipher, Block Cipher and the Enigima

Encryption comes in two basic forms to ensure privacy. That is, symmetric meaning that we use a symmetric key. Symmetric meaning the same. Just like the same key we use to start our car is the same key we use to turn it off. The same key we use to open our home or apartment is the same key we use to lock it. The next type is public private. And this, this is the technique that Whitfield Diffie invented. We use a public key to typically encrypt our data and the private key is used to decrypt the data. Now, you notice I use the word typically because there are times we are going to encrypt with the private key and this ensures non repudiation, as in digital signatures. And lastly, we’re going to talk about integrity. Proving what was encrypted is what we ended up with. This is known as hashing. There are two main methods of implementing symmetric encryption.

This is known as a block cipher and a stream cipher. A block cipher is said to be more secure, whereas stream cipher is actually faster. I’m going to show you a little animation on encryption. We have our plaintext and an encryption process. We input the key into that encryption process. That’s the only thing that actually is secure. And we have our cipher text that comes out. Items that we might want to encrypt would include email files, databases, credit card details, and really any sensitive data. The plain text of a stream cipher in binary form is streamed into the encryption algorithm one bit or more byte at a time after the encryption ciphertext is streamed out the same way. Now a block cipher, the plaintext in binary form, is taken into the encryption algorithm. In blocks of 64, 128, 182, or 256 bits, the cipher text is output into the same size blocks. Symmetric key algorithms are a class of algorithms for cryptography that use truly related cryptographic keys for both decryption and encryption. The keys may be identical or they may be a simple transformation to go between the two keys. The keys in practice represent a shared secret between two or more of the parties. The requirement that both parties have the access to the secret key is one of the main drawbacks of symmetric encryption in comparison to public key encryption.

Consequently, if we have a symmetric key, we’ve got to get that symmetric key to the recipient in a covert manner. Anyone else who has that symmetric key can just as easily decrypt our cryptic communication. A good example of a symmetric key was the Enigma machine. It was a way of a family of related electromechanical rotor cipher machines used in the 20th century for encrypting and deciphering secret messages. Enigma was invented by a German engineer, Arthur Scholarbus, at the end of World War I, most notable by the Nazi government before and during World War II. Cracking of the Enigma code was done somewhat in part by alan Turing, who said to be the father of modern computing. There was a movie made back in 2015, in December called The Imitation Game, and if you haven’t watched it, it’s a very good movie. It talks about how they cracked the German Enigma and helped us win the war on the side of the Allies. Now, there’s a number of symmetric algorithms. The ones that we are going to be primarily interested in are Des, which has a block size of 64 and a key size of 56. Des is not secure any longer. I can crack Des very quickly. Triple Des, which uses an encrypt decrypt encrypt mechanism of a key size of 168 bits. This is more difficult to crack, but I can still crack it. The encryption algorithm that we’re probably going to be using for the next 20 years is known as AES, also known as the Ryzen All algorithm. Its block size is variable, but it has a key size of 128, 192, and 256.

Let’s give you an idea of how difficult it would be to crack AES or Ryzen all these days. Triple Des, the Data Encryption standard is not really even considered valid for information that we want to keep classified. Triple Des has an effective key length of 168 bits, which gives us a space of approximately 72 quadrillion keys. Now, triple Des was replaced by AES, the advanced encryption standard, with an effective key length of 128, 192, and 256. That makes it possible at a key space of 256 bits of a numeric scientific notation number plus 77. Let’s put this into perspective. If there was a machine that existed that could crack triple Des in 1 second, it would take that same machine 149,000,000,000,000 years to crack AES at just 128 bits.

Now, scientists have estimated that our universe is about 20 billion years old and the sun will run out in about 5 billion years. So as one pundit put it, I guess they’ll be cracking those passwords in the dark. It’s important to understand this is by today’s standards. The next thing we want to talk about is something called password policies. And I’m here to tell you longer is better. Period. Full stop, end of story. You should actually create yourself a pass phrase. The pass phrase should be complex. For example, it might be, I and my wife were married in 1990 and have two kids. I can guarantee you that password right there, with or without the spaces, is about 64 bites in length. So multiplying that times eight, it’s only a huge number of bits. I would actually be very comfortable not ever changing that particular password unless somebody found out what it was, because it’s going to be virtually impossible for somebody to guess it. Now, my passwords are typically 40 characters and are different for every site that I go to. You’re probably oh, yeah, right.

Tim, how in the world do you remember them all? I don’t I use a passphrase into LastPass, which is a free program that you can use to lock up all of your data. The reason that I like LastPass is it passes the monkey wrench technique. And let me explain to you what I’m talking about. Most of our password vaults have a back door in them. LastPass does not. Using this diagram from Xpcd, a crypto nerd’s imagination. His laptop is encrypted. Let’s build a multimillion dollar cluster to crack it. No good. It’s 40 96 bit RSA blast. Our evil plan is foiled. What would actually happen is his laptop is encrypted drug him and hit him with a five dollar monkey wrench until he tells us the password. Okay, I got it. The point that I’m trying to make here is LastPass. All it does is store an encrypted blob of your data. You are the only one who holds the key. Even if the US. Government or some other government decides they want to get access to your passwords, they’re not going to be able to, no matter what they do to LastPass unless they get it from you.

Now, I don’t necessarily have something to hide, but I do take my privacy and my confidentiality seriously. This has to be my favorite slide in the world. We laugh, but she’s safer than actually most of us. During a recent audit of Company Passers, it was revealed that this woman uses her password mickey, Minnie, Pluto, Huey, Louie, Dewey, Donald, Goofy and Sacramento. When asked why do you use such a long password? She simply rolled her eyes and said hello. It has to be at least eight characters and include at least one capital. For those of you that aren’t from the United States, sacramento is the capital of California.

4. Asymetric Encryption, Hybrid Encryption, Comparison of Algorithims, Key Exchange

Now it’s important to understand that asymmetric encryption utilizes two separate keys, one labeled public and the other labeled private. One is typically used to encrypt, the other is typically used to decrypt. Now both of these keys are generated together and they are related to each other. The private key is generally kept secret while the public key could be widely distributed. Email, online servers. You can give your public key to anyone you want to and the worst thing that can possibly happen is they could send you an encrypted message only you could decrypt. That’s the worst thing that can happen if somebody has your public key. The first invention of the Asymmetric algorithms came in the early 1970s, this later becoming known as the Diffi Hellman Key Exchange. We saw a picture of Whitfield diffie earlier. RSA Security was founded by the authors of the RSA algorithm which is based on factoring large prime numbers which is Revest, Adelman and Shamir. They were all professors at MIT when they published their paper in 1977.

Now keep in mind we didn’t have any way of sending encrypted information over an untrusted network without knowing the other person and getting them the symmetric key before this date. So this was a huge milestone. Now the next thing we want to talk about is hybrid encryption. So what actually happens is the first thing that happens if this gentleman here wants to log on to this server, the log on requests his encryption capabilities. The next thing that happens is this server sends back the public certificate. Enclosed in that certificate is the public key.

This gentleman here that’s logging on generates a session key, more than likely 128 bit session key and takes that public key and encrypts the whole thing. The next thing to happen is we take that encrypted session key and send it back to the server. The server now has a copy of the session key because his private key is able to decrypt it. Now we both have a copy of the session key and it was sent covertly in cryptography. Public key crypto systems are convenient in that they don’t require the sender or receiver to share a common secret in order to communicate securely. However, they often rely on complicated mathematical computations that are thus more inefficient than comparable symmetric crypto systems.

In many applications, the high cost of encrypting the long messages in a public key crypto system can be prohibitive. A hybrid crypto system is one which combines the convenience of a public key crypto system with the efficiency of a symmetric key crypto system. And this is exactly what we’ve done. So our hybrid encryption we know that symmetric encryption is very fast. It has many algorithms available but has a problem of key management. Asymmetric encryption is inefficient for large amounts of data, but it handles the key exchange in a secure manner. Neither allow for authentication or ensure nonrepudiation. Hybrid encryption brings the best of both worlds together. Hybrid encryption is very common in secure networks and even for the regular home user.

If we were to compare the different algorithms, we know that the symmetric key is very fast. Its disadvantage is it’s insecure in the exchange of the key asymmetric key. On the other hand, we now have a secure exchange of the key. Unfortunately, for a bulk amount of data, it’s extremely slow. So we do the best of both worlds. We do something called a hybrid. This is SSL natively. The advantage is it’s both fast and secure. But the only disadvantage I can think of is you have to have a PKI infrastructure or certificate. Our key exchange is a cryptographic protocol in which it allows two parties that have no prior knowledge of each other to jointly establish a shared secret over an insecure communication channel. This is the nirvana that we’ve been looking for.

Our Diffie Hellman key exchange is a specific method of exchanging these cryptographic keys. It’s one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie Hellman key exchange method allows two parties who have no prior knowledge of each other to jointly establish a shared secret over an insecure communication channel. This key can then be used to encrypt a subsequent communication. Choosing a symmetric key Cipher the scheme was first published by Whitfield, Diffie and Martin Hellman in 1976.