TibaMe: 道德駭客實務入門及CEH認證班
Teacher: 林煌錡 (Alex Lin)

The class on 4/22 introduced wireless network hacking, mobile platform hacking, IOT hacking and cloud platform hacking, and cryptography. I separated the content into three parts. This note is about cryptography.

Part3: cryptography

🔸 Symmetric Cryptography

From Wiki: https://en.wikipedia.org/wiki/Symmetric-key_algorithm

Algorithms

DES & 3DES

https://en.wikipedia.org/wiki/Data_Encryption_Standard
https://en.wikipedia.org/wiki/Triple_DES

AES 128/192/256

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

  • Initialization vector (IV)
  • Padding
  • Block cipher mode
    ECB / CBC / CFB / CTR / GCM / OFB / CFB

Stream Cipher

https://en.wikipedia.org/wiki/Stream_cipher
Operate on plaintext streams and generates a stream of key bits that are combined with the plaintext to produce the ciphertext. They are commonly used in applications where real-time encryption and decryption is required, such as in wireless communications and secure voice communication systems.

Use Cases

  • Data Encryption
  • File Protection
  • Stream Encryption

🔸 Asymmetric Cryptography

From Wiki: https://en.wikipedia.org/wiki/Public-key_cryptography

Asymmetric cryptography takes longer time compared to symmetric cryptography.

Algorithms

RSA

https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA Padding:

  • NoPadding
  • PKCS1
  • OAEP
  • PSS

Elliptic Curve Cryptography (ECC)

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

Use Cases

HTTPS

SSL

  • SSL 1.0
  • SSL 2.0
  • SSL 3.0

TSL

  • TSL 1.0
  • TSL 1.1
  • TSL 1.2
  • TSL 1.3

Digital Signatures

From Wiki

Key Exchange

From Wiki
Diffie-Hellman

Digital Certificates

A digital certificate is issued by a trusted third-party called a Certificate Authority (CA), which verifies the identity of the certificate holder and binds their public key to a unique identifier called a “subject.” This subject can be an individual, an organization, or a device, and is included in the digital certificate along with the public key.

Pretty Good Privacy (PGP)

https://zh.wikipedia.org/zh-tw/PGP

GNU Privacy Guard (GPG)

https://zh.wikipedia.org/zh-tw/GnuPG

Secure Email

In secure email, the sender uses the recipient’s public key to encrypt the message, which can only be decrypted using the recipient’s private key.

Blockchain

In a blockchain network, each participant has a unique public-private key pair, which they use to sign and verify transactions.

🔸 Hash

Input Message –> Hash Function –> Hashed Message

Algorithms

Message-Digest

Use Cases

  • Data integrity: Hash functions can be used to verify the integrity of data, ensuring that it has not been modified or corrupted in transit. This is commonly used in digital signatures, where a hash of the message is signed using a private key to generate a digital signature that can be verified using a public key.

  • Password storage: Hash functions are often used to store passwords securely in a database. When a user creates a password, its hash is stored in the database instead of the plaintext password. When the user logs in, the system compares the hash of the entered password with the stored hash to verify the password.

  • Content addressing: Hash functions can be used to generate unique identifiers for files and other content. This allows content to be identified and shared without needing to store the entire file or content. This is commonly used in peer-to-peer file sharing networks and content distribution systems.

  • Message authentication: Hash functions can be used to generate message authentication codes (MACs) that can be used to authenticate messages and ensure that they have not been tampered with in transit.

  • Blockchain: Hash functions are a fundamental component of blockchain technology. In a blockchain, each block contains a hash of the previous block, forming a chain of blocks. This allows the integrity of the blockchain to be verified by checking the hashes of each block in the chain.

🔸 HMAC

HMAC is used for message authentication, integrity, and secrecy. HMAC includes a secret key in the computation, which allows it to provide both integrity and authenticity of a message.
From Alex Xu’s blog: https://blog.bytebytego.com/p/how-to-design-a-secture-web-api-access

🔸 Tools

CyberChef

Can carry out all manner of “cyber” operations within a web browser.
https://github.com/gchq/CyberChef
👉 https://gchq.github.io/CyberChef/#recipe=MD5()&input=ampqamtraw

OpenSSL

https://zh.wikipedia.org/zh-tw/OpenSSL
https://www.openssl.org

RSACTFTool

https://github.com/RsaCtfTool/RsaCtfTool

CrypToll

https://en.wikipedia.org/wiki/CrypTool
https://www.cryptool.org

Hard Disk Encryption Tools

Windows BitLocker

BitLocker is a built-in disk encryption tool that comes with Windows 10 Professional and Enterprise editions. It can encrypt entire drives or individual files and folders, and supports several encryption modes, including AES-CBC and XTS-AES.
https://en.wikipedia.org/wiki/BitLocker

VeraCrypt

VeraCrypt is a free, open-source disk encryption software that can encrypt entire partitions or drives. It supports multiple encryption algorithms, including AES, Serpent, and Twofish, and can create hidden volumes for added security.
https://en.wikipedia.org/wiki/VeraCrypt

DiskCryptor

DiskCryptor is a free, open-source disk encryption tool that supports multiple encryption algorithms, including AES, Twofish, and Serpent. It can encrypt entire disks or individual partitions and supports both BIOS and UEFI firmware.

Symantec Endpoint Encryption

Symantec Endpoint Encryption is a commercial disk encryption tool that provides full-disk encryption for Windows and Mac systems. It uses strong encryption algorithms, including AES-256, and can integrate with Active Directory for easier management.

FileVault

FileVault is a built-in disk encryption tool that comes with macOS. It can encrypt the entire startup disk or just the user’s home folder and supports both AES-XTS and AES-CBC encryption modes.

🔸 Public Key Infrastructure (PKI)

PKI Wiki: https://en.wikipedia.org/wiki/Public_key_infrastructure

  • 憑證管理系統(Certificate Management System)
  • 憑證機構(Certification Authority ,CA)
  • 註冊中心(Register Authority ,RA)
  • 數位憑證(Digital Certificates)
  • 驗證中心(Validation Authority ,VA)

From Teacher Alex’s PPT

🔸 Attack Methods

Hard Code Attack

A hard-coded attack, also known as a hard-coded password attack, is a type of vulnerability exploitation where an attacker gains unauthorized access to a system or application by exploiting a hard-coded password that is stored in the code or configuration files.

Prevention:

  • Avoid hard-coding passwords and instead store them in secure configuration files or databases, using strong encryption and hashing techniques.

Rainbow Table Attack

A Rainbow Table attack is used to crack hashed passwords.

Rainbow Table attacks work by precomputing a large number of hashes and storing them in a lookup table, known as a Rainbow Table. The Rainbow Table contains a list of possible passwords and their corresponding hashes. When an attacker obtains a hashed password, they can then compare it against the entries in the Rainbow Table to find a match. If a match is found, the corresponding password is the plaintext equivalent of the hashed password.Rainbow Table attacks can be effective against weak passwords, as well as against poorly implemented hashing algorithms.

Prevention:

  • Use strong and complex passwords, and to use secure hash functions that are resistant to precomputation attacks.

A related-key attack is a type of cryptographic attack that exploits a weakness in a cryptosystem when multiple keys are used that are related in some way, such as being generated from the same source or using the same algorithm.

Prevention:

  • Use cryptographically secure key generation methods, such as using true random number generators or hardware security modules (HSMs), which can generate independent keys that are not related to each other.

  • Use multiple independent keys for different operations, such as encryption and authentication.

Padding Oracle Attack

In a Padding Oracle Attack, an attacker submits an encrypted message to a server and monitors the response. The server may provide different responses depending on whether the padding in the message is valid or not. By repeatedly submitting modified versions of the message and observing the server’s response, an attacker can determine the correct padding and gradually decrypt the message.

Prevention:

  • Use secure cryptographic protocols.
  • Avoid exposing sensitive information through error messages or other feedback mechanisms.

DROWN Attack

The attack exploits a weakness in the SSLv2 protocol, which is an outdated and insecure version of the SSL/TLS protocol used for secure communications over the internet. Even though SSLv2 has been deprecated for many years, some servers still support it, leaving them vulnerable to the DROWN attack.

Prevent:

  • Disable SSLv2 support on the servers.

Brute-force attack

🔸 Hacking Case Studies

ZeroLogon

From Teacher Alex’s PPT

Dual_EC_DRBG

From Teacher Alex’s PPT