Security Essentials Day 4
Hello, welcome to Introduction to Encryption I. This is one of the most important classes we have
the privilege to teach as part of the SANS’ Security Essentials course. Encryption is real, it is
crucial, it is a foundation of so much that happens. I guess you know that one of the SANS mottos is,
“Never teach anything in a class the student can’t use at work the next day.” One of our goals in this
course is to help you be aware of how cryptography is used in our world.
Security Essentials
Day 4
Security Essentials
The SANS Institute
Encryption and Exploits - SANS ©2001 1
1-1
Agenda
• Encryption 101
– 3 types of encryption
– Symmetric encryption
• Encryption 102
– Examples of encryption
– Asymmetric encryption
• Virtual Private Networks (VPNs)
– How they work
– PKI (public key infrastructure)
Encryption I - SANS ©2001 2
This page intentionally left blank.
1-2
Agenda (cont.)
• Steganography
– What it is?
– How it works?
• Malware
– Viruses
– Virus protection
• Wireless
– How it works?
– Security issues
– Defenses
Encryption I - SANS ©2001 3
This page intentionally left blank.
1-3
Introduction to Encryption I
Security Essentials
The SANS Institute
Encryption and Exploits - SANS ©2001 4
Hello, welcome to Introduction to Encryption I. This is one of the most important classes we have
the privilege to teach as part of the SANS’ Security Essentials course. Encryption is real, it is
crucial, it is a foundation of so much that happens. I guess you know that one of the SANS mottos is,
“Never teach anything in a class the student can’t use at work the next day.” One of our goals in this
course is to help you be aware of how cryptography is used in our world. But we are going to share
a lot of hard-earned pragmatic lessons and we hope they will help you. Without cryptography there
is no e-commerce, no military presence on the Internet, and no privacy for the citizens of the world.
Encryption plays a key role in the current security landscape and anyone that works in the field of
security must have a good understanding of what encryption is and how it works.
1-4
What is Cryptography?
• Cryptology means “hidden writing”
• Encryption is coding a message in such a way
that its meaning is concealed
• Decryption is the process of transforming an
encrypted message into its original form
• Plaintext is a message in its original form
• Ciphertext is a message in its encrypted form
Encryption I - SANS ©2001 5
Since this course is an introduction to encryption, we should cover what it is. Cryptography means
“hidden writing”, and various forms of hidden writing have been used throughout history. One of the
main goals of cryptography is to communicate with another party in such a way that if anyone else is
listening, they cannot understand what you are saying. So, in its most basic form, cryptography
garbles text in such a way that anyone that intercepts the message cannot understand it. An excellent
source to get a better appreciation for this field of study is The Code Breakers by David Kahn. This
book gives a great background of how hidden writing has been used throughout history. Just to show
you how far back this field goes, one of the first people to use encryption was Julius Caesar, and the
original cipher was called the Caesar cipher. He used a basic substitution similar to the encryption
schemes that are used on the back of kids’ cereal boxes. But without the help of computers, they
were very difficult to break.
Now that we understand what the field of cryptography is, lets cover some basic terms. Encryption
or encryption algorithms are used to code a message in such a way that its meaning is concealed.
Once a message has been transformed with an encryption algorithm, the resulting message is called
ciphertext. Since ciphertext contains a message in its encrypted form, the message does not “mean”
anything, since it cannot be read in its native form. In order for the recipient of the ciphertext to be
able to read the message, they need to decrypt the message. Decryption is the process of
transforming an encrypted message back into its original plaintext form.
1-5
Why Do I Care About Crypto?
• It plays a key part in defense in depth
• Encryption helps solve a lot of security issues
• Department of Commerce no longer supports
DES
• NIST just announced the new AES (Advanced
Encryption Standard)
• The “bad” guys are using it
– Distributed Denial of Service daemons protected
by blowfish
• Anyone working in security must understand
encryption
Encryption I - SANS ©2001 6
Encryption is important since it plays a key role in the protection of a company’s resources. If more
people and companies used encryption on a regular basis, a lot of the security issues that we have today
would go away. Remember, one of the golden rules of information security is defense in depth. The
principle highlights the fact that you should never rely on a single mechanism to protect the security of
your site. You need to use several defense mechanisms in conjunction, to have the proper level of security
at your company. A firewall is a good starting point, but it needs to be combined with intrusion detection
systems, host protection, virtual private networks, and encryption.
As we write this course, there are a number of contemporary news stories about cryptography. England
and Ireland can’t agree on a standard for instance, but that is hardly news. Export encryption laws are
being relaxed, NIST announced the winner for its advanced encryption standard (AES), the patent expired
on RSA, and the US Department of Commerce no longer supports DES! So if you have been staying up
on the latest security news, you can’t but notice how important encryption is from an information security
perspective.
Almost every bank uses DES hardware to protect their financial transactions. These networks have
been put in place for years and all of a sudden the hardware is invalid! What happened? One thing that
happened is that there have been plans available on the Internet for years to build near-real-time
decryption of DES. With the P6 chip, you can do this for an investment of $200K. If $200K can attack
billions and billions of dollars, it might just be worth it. What do you think? But the banks…how fast can
they react? How fast can they replace their infrastructure? How exposed are they? Well the handwriting
has been on the wall for awhile now. In 1997, Rocke Verser broke a 56-bit challenge. At first blush, it
seemed DES was safe. This effort took four months to complete. This was only the beginning – in 1998
the Electronic Freedom Foundation computer nailed this key length in 56 hours. And the beat goes on.
In the meantime the underground uses cryptography to protect what they are doing. For instance, the
DDoS systems that attacked numerous businesses, such as yahoo, used encryption to protect their covert
communication channels. If the bad guys are using it to break into sites, shouldn’t the good guys be using
it to the protect their sites?
Defenders and attackers alike, the information operations cyberscape of century 2K will rely on
cryptography!
1-6
Course Objectives
• Case Studies
• The Challenge That We Face
• Cryptosystems Fundamentals
• Types of Cryptosystems
• Real-world Implementations
Encryption I - SANS ©2001 7
So let’s get into it! Who uses cryptography? Who needs crypto? After we firmly establish the who
and why, we will discuss the what! We will also cover how they work and the different types of
systems.
In this first course, we will learn the requirements of a crypto system. We will look at some of the
classic weaknesses. We will walk through some basic algorithms and we will learn a number of
terms.
Cryptography is more than the science of applying ciphers, it must also be an art. The devil is in the
details in this sport.
A cryptosystem is the algorithm, the keys, the plaintext…the whole nine yards!
1-7
Security By Obscurity Is No Security!
• Case-in-point: DVD “Encryption”
• Proprietary algorithms are high-risk
• “Tamperproof” hardware can be
defeated with sufficient effort
• Technical solutions usually do not
satisfactorily address legal issues
Encryption I - SANS ©2001 8
Gotta love DVD! It really brings “The Matrix” to full intensity. But there is a cryptography story
here that has a couple of important lessons for all of us:
- Never, ever believe in a “secret” cryptographic algorithm (unless you work for NSA).
- Never, ever rely on technology (or anything else) as your only wall of defense.
- Above all, do not ever attempt to write your own encryption system! You aren’t that smart!
So what happened? The motion picture industry spent years developing a standard for encryption.
Then they released it. Not the standard for review, but the product (DVD) that relied on the
standard. Very quickly thereafter a couple technologists who go by the handles “Canman” and
“SoupaFr0g” decoded the magic algorithm and released a program, a very popular program in some
circles, called DeCSS 1.2b that allows one to pull the decrypted data off the DVD disk and store and
play it like any other multimedia file. Don’t want to pay $20.00 for “The Matrix”? No problem!
Now, that really is what I call walking the path!
And what to do now? Do you sue Canman for $63 quadrillion?
1-8
Beware of Over-confidence
• Case-In-Point: Large Key-Lengths
• Simply using popular cryptographic
algorithms, with large key lengths does not
make your system secure!
• What’s the weakest link?
• Cryptanalytic compromises usually come
from totally unexpected quarters!
Encryption I - SANS ©2001 9
Case 2: In 1998, Stephen Northcutt served as the technical analyst to support a team of law
enforcement agents to detect, investigate, apprehend, and convict a child pornographer. The
interesting thing was the perpetrator used cryptography to transmit the data right past Stephen’s
intrusion detection systems and evade the signature matching system.
How did he get caught? It wasn’t hard. In Stephen’s classes, for years he as been trying to teach that
“size does matter”! The first clue was that too much data was being transmitted. That stands out like
a sore thumb. The next clue is that well-encrypted traffic has a signature – it is blander than vanilla
pudding. You can detect an encrypted bitstream simply by sorting the bits and seeing if you have an
even distribution. A good encryption algorithm enforces randomness to be resistant to known-
plaintext and chosen-plaintext attacks. But if you examine the content, the payload bits in a normal
connection, they are anything but random. So detection was easy. How do you attack the
cryptography?
You can imagine the agents! It is encrypted, we are done for, let’s just bring him in and question
him, maybe we will get lucky! Lucky was much easier than that – we tossed one of his supplier
machines and he had hard-coded his key. Game over! Key discipline is everything in this sport!
1-9
Simplicity is a “Good Thing”
• Case-in-point: eCommerce & eBusiness
• Morphing your business into a dot.com
can be a complex undertaking
• Taking shortcuts in **any** aspect of
the development of your eCommerce
systems can introduce weak links
• Security is a “process” ...not a product!
Encryption I - SANS ©2001 10
We can divide the students in this class into two primary groups: those who use government
sponsored and developed encryption and those who don’t. The United States military uses NSA-
developed encryption for all classified and some additional communications. NSA provides more
than just encryption hardware, they provide the keys and the rules. They have an entire infrastructure
because they know there is more to protected communications than algorithms resistant to
cryptanalysis.
Then there is the rest of us, including most of the US military. We are all becoming “.coms” in some
sense. Traditional catalog retailers are rushing to establish an Internet presence, universities rushing
to offer on-line courses and exams, and on it goes. Just like our criminal example on the previous
slide, there are a number of places where things can go wrong when protecting information in transit
and at rest. Cryptography provides us with a suite of tools that can help us with Confidentiality and
Integrity. Somehow people feel safer when the key is solid on their https connection, and so they are
more willing to use their credit card. Personally, I am more concerned about the clerical worker
being paid minimum wage to process all the orders at the end of the day with access to thousands of
credit card numbers than I am about sniffers, but that is just me.
1 - 10
Credit Cards Over the Internet
• Case-in-point: How many people will use
their credit card to buy merchandise on the
Internet? How many people will pay for a
meal with a credit card?
• Which is riskier?
– Perception vs. reality
• Real risk is back-end database, that possibly
stores credit cards unencrypted.
• Understanding the threat is key.
Encryption I - SANS ©2001 11
If you take a survey of a classroom of students and ask them how many people will use their credit
card to buy merchandise over the Internet, around 60%-70%, would raise their hand. If you then
asked them how many people would pay for a meal in a restaurant with a credit card, you usually get
at least 90% of the class. Is paying for a meal more secure? Actually, no. It is just because people
have been doing it for a longer time period, they perceive it to be more secure. But remember,
perception and reality are two different things.
Let’s look at these two scenarios for a minute. The next time you pay for a meal with a credit card,
look down at your watch when the wait person takes your card to process it. Normally, a total
stranger, that you never met before, takes your card into a back room and (on average) returns ten
minutes later. Now, if that is not bad, it actually gets a little worse. Most people sign the bill, leave
it on the table, and exit the restaurant. Now, even if the wait staff picks it up, they now have a piece
of paper that has all of your credit card information on it and your signature. What if someone else
walks by the table and picks it up? Now you have even bigger problems.
On the other hand, when you buy something on the Internet, you enter the credit card from the
comfort of your own home, and the chance of someone intercepting it as it flies over the Ethernet is
very slim and even if someone does, the data is encrypted so they would not be able to read it.
In reality, the real threat to using credit cards in either scenario is where the credit cards are stored
once they are received by the company. With a lot of online commerce, companies claim they are
secure because they use SSL to protect the data. That might be true, but then they store the credit
cards on a server that is connected to the Internet and the information is stored in plaintext. Now,
from an attacker’s standpoint, you can either try to intercept an encrypted credit card - which would
take a lot of work (if not an infinite amount of time) to crack it, and even if you do, you only get one
credit card. On the other hand, an attacker could break into the server with minimal effort and get a
large amount of credit cards.
1 - 11
The Challenge That We Face
Cryptographic Cryptographic
Algorithm Algorithm
Decryption
Encryption
Key
Adversary Adversary Key
? ?
Plain Nialp Nialp Plain
Text Encryption Txet Txet Decryption Text
Insecure Network
“Alice” “Bob”
Communications in the presence of adversaries…
Confidentiality Integrity Authentication Non-repudiation
Encryption I - SANS ©2001 12
OK, so far we have discussed the need for cryptography and introduced practical applications in our
case studies. Moving to the next section of the course, we will take a closer look at what the real
user requirements are.
This slide gives us a reasonable overview. Bob and Alice wish to exchange information securely.
Their cipher is built on the basic transformations, permutations, and substitutions. The result of the
cipher is that the message is transformed so that without knowledge of the cipher, the key system, it
is hopefully unreadable.
Both Bob and Alice have a number of requirements, but let’s restate one of them from the get go, the
algorithm used must be a well-known, established, scrutinized, tested, accepted method of
encryption. I never cease to be amazed at the number of software authors that are also wanna-be
cryptographers that generate some half-baked cryptosystem, include it with their product and folks
actually use it! For instance, there is a very popular firewall product that has its own encryption
algorithm. Today we are going to learn about the major systems and avoid the “wanna bes”. Using a
proper algorithm is your responsibility as an educated consumer. When you do choose your
approach to encryption, you take something on faith – that an adversary listening on an untrusted
network cannot intercept communications and reverse-engineer your key. This is done via a one-
way function. If we have message x, we can compute f(x), but if they have f(x) it should be very hard
to retrieve x.
1 - 12
Alice’s Perspective...
Details of Cryptographic Algorithm Knowledge of the Key It must be impossible to
must be publicly known and must be mandatory in determine the Plaintext by
intensely scrutinized by the global order to successfully simply examining the
cryptographic community perform meaningful Ciphertext
encryption and
decryption operations
It must be possible
for “Alice” to clearly Cryptographic
indicate that she is
the sender of the Algorithm
message, and to
provide a mechanism
Encryption
Key
Adversary
for the recipient
?
(“Bob”) to detect any
tampering.
Plain Nialp
Text Encryption Txet
“Alice” must
be trained in
Insecure Network
the proper “Alice”
use of the
cryptosystem
Encryption I - SANS ©2001 13
So now we introduce Alice. Like all of us, she just wants it to work. She needs to be able to send a
message to Bob and for it to have the same level of integrity it would have if she walked up and
handed it to him. In addition to being unreadable by adversaries (confidentiality), we may have the
following requirements:
- Authentication: if Alice walks up to Bob and hands him a message, he knows the message is
from Alice for sure. Alice may have a requirement of the crypto system to provide equivalent
service.
- Integrity: it should be possible to prove the message has not been tampered with, that this is
the same exact message that Alice wrote to Bob.
- Non-repudiation: the system should be able to prove that Alice, and only Alice, sent the
message.
The technology to do this is available, but for this system to work in practice, the non-technical
issues are also important. Alice and every user of the system must be trained in its use and its
limitation and have access to the keys, yet keep them protected and current.
1 - 13
Goals of Encryption
• “Alice” and “Bob” need a cryptosystem
which can provide them with:
Confidentiality Integrity of Data
Authentication Non-repudiation
•“Cryptography is about communications in
the presence of adversaries” (Rivest,1990)
Encryption I - SANS ©2001 14
Bob of course has the same requirements as Alice! On this slide, we sum up our requirements of
the system: Confidentiality, integrity, authentication, and non-repudiation. These are the main goals
of a good encryption system.
It is important to keep in mind that no cryptographic algorithm is known to be “secure.” The first
case study discussed a well-known, failed, defeated cryptosystem. The strength of a cryptosystem is
its ability to withstand attack. There are a number of attacks against cryptosystems, most of them
have to do with using some piece of known unencrypted information (“known plaintext”). A
trustworthy algorithm is one that can withstand an attack when the cryptoanalyst is able to know and
choose the text to be encrypted. This is the “chosen – known plaintext” attack.
The strongest statement that we can make regarding the “trust” that can be reasonably placed in a
cryptographic algorithm is that it is not [yet] [publicly] known to have been broken! You can prove
that a system is not secure, you just cannot prove that it is secure.
Lets briefly cover the four main goals of encryption: Confidentiality, integrity, authentication, and
non-repudiation. Confidentiality is concerned with preventing, detecting, or deterring the improper
disclosure of information. Basically, you want to prevent someone else from reading a company’s
sensitive information. Integrity is concerned with preventing, detecting, or deterring the improper
modification of information. An unauthorized person should not be able to modify data, or if they
do, it must be detectable. Authentication is involved with identifying who an individual is. If you
think you are talking to Eric, you should be able to authenticate that you are really communicating
with Eric and that someone is not impersonating him. Non-repudiation deals with how you prove,
in a court of law, that someone actually sent a piece of information. This attribute is critical for the
success of e-commerce. If I send an email to a supplier and I order 50 widgets for $100 each and 5
days later the market drops on widgets and now I can get the same widget for $1, I would like to
deny that I ever sent the order. For e-commerce to work, the supplier must be able to prove that I
actually sent the email and that I cannot deny it.
In the next section of this course, we will discuss the general types of encryption and then the
types of cryptosystems.
1 - 14
Crypto and E-commerce
Customers need to be Vendors need to be sure that:
sure that: • They are communicating with
• They are communicating the right client.
with the correct server. • The content of the received
message is correct.
• What they send is
delivered unmodified. • The identity of the author is
unmistakable.
• They can prove that they
• Only the purported author could
sent the message. have written the message.
• Only the intended receiver • They acknowledge receipt of the
can read the message. message.
• Message delivery is
guaranteed.
Encryption I - SANS ©2001 15
Cryptography is one of several technologies that are absolutely essential for the successful
deployment of e-commerce systems, especially those that operate over the Internet. In particular,
cryptography helps to assure the customer that:
• They are communicating with the correct server.
• Their messages are being delivered exactly as sent.
• They can prove that they sent the message.
• Only the intended receiver can read the message.
Similarly, crypto helps assure the e-commerce vendor that:
• They are communicating with the right client.
• They can rely on the integrity of the contents of the received message.
• There is no question about the identity of the sender.
• Only the individual purporting to be the author could have sent the message.
Although not directly related to crypto, cryptography also helps the sender and receiver (e.g.,
customer and vendor) ensure, guarantee, and acknowledge message delivery.
1 - 15
General Encryption Techniques
• Goal: Garble the original message, so
its meaning is concealed.
• Basic techniques
– Substitution
– Permutation
– Hybrid
• These techniques are used by single
key systems.
Encryption I - SANS ©2001 16
This slide could also be called “Encryption 101”. Some people might say that they have a general
understanding of encryption and do not need an intro 101 course, but remember that 101 is binary
(sorry geek humor☺).
Since the main goal of encryption is to garble text so someone cannot understand it, the two basic
methods of encrypting or garbling text are substitution and permutation. The third approach is
actually a hybrid, which is a mixture of both. One thing to keep in mind, which we will learn about
later, is that there are two basic types of key encryption systems, one-key and two-key systems.
These methods that we are covering here are for one-key systems. As you will see later, two-key
systems are a lot more complex. As you can see by these methods, one-key systems are very
effective, but are based on high school mathematics.
In the next two slides, we will cover each of these techniques in detail.
1 - 16
Substitution
• Uses a one-to-one substitution of
characters.
• Replace x with y
• For example:
– A B C D E …..
– W K M P D…..
– So CAB becomes MWK
• Very easy to break
Encryption I - SANS ©2001 17
Substitution involves exchanging one character for another character. To use substitution, you
would develop a mapping of characters and to encrypt the message you would substitute character x
for character y. To get back the original message you would replace character y with character x.
Lets look at a simple example. First we need to create a mapping of characters, so we would replace
A with W, B with K, C with M, D with P, E with D and we would continue in this fashion for the
entire alphabet. To encrypt the word CAB, we would take C and replace it with M, A with W, and B
with K to get MWK. To decrypt it, we would reverse the mapping, so we would replace M with C,
W with A, and K with B to get back CAB.
The key thing to remember is for this to work, there has to be a unique one-to-one mapping. If there
is a many-to-one or one-to-many mapping, you would not be able to decrypt the message. For
example, if both A and C were replaced with W, you would still be able to encrypt the message, so
CAB would become WWK. But now when we tried to decrypt it, we would not know if the W
should be an A or a C since they are both mapped to the same letter.
Another alternate way to do substitution, which does not require a mapping of all characters, is to use
a character shift. For example, shift every character 3 places. So A becomes D and B becomes E,
etc.
This type of encryption is very easy to break.
1 - 17
Permutation
• Keeps the same letters, but changes
the position within the text.
• Change the order from xyz to zxy
• For example:
– Change 1 2 3 4 5 to 3 5 2 1 4
– So order becomes drroe
• Very easy to break
• Substitution and permutation can be
combined together
Encryption I - SANS ©2001 18
Permutation does not actually change the letters like substitution does, it just changes the order. So
if the original order was x y z the new order might be z x y. So lets look at an example. Our original
order for a word is of course 1 2 3 4 5, so our new order might be 3 5 2 1 4. If we take the word
“order” and run it through our 3 5 2 1 4 permutation, we would get an encrypted message of “drroe”.
To decrypt the message, we would reapply the 3 5 2 1 4 permutation and get back our original
message of “order”.
Just like substitution, permutation is also very easy to break. To increase the difficultly of breaking
the message, we can apply a combination of substitution and permutation.
1 - 18
Types of Cryptosystems
• 3 general types
– Secret key
• Symmetric
• Single or 1 key encryption
– Public key
• Asymmetric
• Dual of 2 key encryption
– Hash
• One-way transformation
• No key encryption
Encryption I - SANS ©2001 19
Now lets look at the three basic types of cryptosystems. On this slide, we are just going to briefly
cover each type, since they will be covered in detail in the following slides. Secret key encryption
is also called symmetric encryption. This means that a single key is used for both encrypting and
decrypting the data. So the sender and receiver of the encrypted message would need to have the
same key prior to communication.
With public key or asymmetric encryption, there are actually two keys involved: one for
encrypting the message and one for decrypting the message. So now the sender and receiver do not
have to have the same key prior to communicating. One thing to remember is that public key
encryption is much slower than secret key encryption.
The third type of encryption is called a hash, which is a one-way transformation of data that is
irreversible. Once the data has been encrypted, there is no way to decrypt it. As you can see, this
type of encryption is very useful for password encryption and will be covered in more detail in the
password cracking module.
1 - 19
Symmetric-key Cryptosystems
• a.k.a. “Secret-Key” or “Private-Key” Encryption
– Fast! Single key for encryption and decryption
– Secure channel for key distribution (scalability issues)
– No technical non-repudiation
Examples:
SECURE CHANNEL
Key Key
• DES
• Triple-DES
Plain Nialp Nialp Plain • RC4
Text Txet Txet Text
INSECURE • IDEA
Cryptographic NETWORK Cryptographic
Algorithm Algorithm
“Alice” “Bob”
Encryption I - SANS ©2001 20
Secret, private, or symmetric key – whatever you prefer to call it, was the original approach to
cryptography. The strength of a symmetric cryptosystem is based on the strength of the algorithm
and the length of the key. The longer the key, the poorer the performance of the cryptosystem and
even though symmetric key systems tend to have better performance than asymmetric systems, this is
still an issue in practice. In this key system, both parties (Alice and Bob) have the same key.
Given a decent algorithm, the basic attack is brute force. Until 1998, this has mostly been a joke
and the product of a few Internet research efforts to harness loosely coupled parallel attacks. Now
anyone with a six figure budget can build a specialized DES cracker. Attackers may not even need
money! After RingZero and the DDoS attacks of February 2000, I would pose the following
question: “If the encrypted message was worth, say, $20 million…and you could assign, say, a
thousand Trojanized zombie systems to work on the problem…how long do you think the symmetric
key length needs to be?” In 1997, a 40-bit RSA challenge key fell in 3.5 hours using 250 computers.
Keep Moore’s law in mind, computation speed doubles every 18 months. 40 bits is probably a bit
short for today’s threat environment.
All that said, the bigger issue with secret keys is managing the key creation and exchange so that the
key is not compromised. Also, the greater the number of parties that share the secret key, the greater
the exposure.
1 - 20