Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography...
Transcript of Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography...
![Page 1: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/1.jpg)
Issue Date:
Revision:
Cyber Security,Threat Pragmatics & Cryptography
Network Security Workshop
25-27 April 2017
Bali Indonesia
[31-12-2015]
[V.1]
![Page 2: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/2.jpg)
Global Cyber Security Trend
2
It’s Global Issue
![Page 3: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/3.jpg)
Drawing some correlations
3
![Page 4: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/4.jpg)
Recent Incidents
• 2016 Dyn cyberattack– With an estimated throughput of 1.2 terabits per second
4
![Page 5: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/5.jpg)
Recent Incidents
• SHA-1 is broken (Feb 2017)– colliding PDF files and obtain a SHA-1 digital signature on
the first PDF file which can also be abused as a valid signature on the second PDF file.
5
![Page 6: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/6.jpg)
Recent Incidents• Cloudbleed (Sept 2016)
– Again a buffer overflow like Heartbleed affecting Cloudflare– Coding bug (Layer 8 problem!):
• cf-html (an html parser) inserted an == instead of >=, causing a buffer overflow
• Filled the buffer and kept writing in other memory spaces
– Problem• Session tokens• APIs• Passwords
– Made worse since these data were cached by search engines• https://github.com/pirate/sites-using-cloudflare
6
![Page 7: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/7.jpg)
Recent Incidents
• San Francisco Rail System Hacker Hacked (Nov 2016)– Ransomware attack on San Francisco public transit gave
everyone a free ride ([email protected])– Java vulnerability not patched (Security Alert CVE-2015-
4852)
7
![Page 8: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/8.jpg)
Overview
• Assets – What are we protecting?
• Attackers – From whom?
• Attacks – Common Attacks
• Defenses - Defenses
8
![Page 9: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/9.jpg)
Who Are the Enemies?
9
• Script kiddies: Little real ability, but can cause damage if you’re careless
• Money makers: Hack into machines; turn them into spam engines; etc.
• Government intelligence agencies, AKA Nation State Adversaries
![Page 10: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/10.jpg)
The Threat Matrix
10
Degree of Focus
Opportunistic hacks
Joy hacks Targeted attacks
Advanced Persistent
Threats
![Page 11: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/11.jpg)
Joy Hacks
• Hacks done for fun, with little skill• Some chance for damage, especially on
unpatched machines• Targets are random; no particular risk to
your data (at least if it’s backed up)• Ordinary care will suffice• Most hackers start this way
11
![Page 12: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/12.jpg)
Opportunistic Hacks
• Most phishers, virus writers, etc.• Often quite skilled, but don’t care much
whom they hit• May have some “Zero-day” attacks• The effects are random but can be serious• Consequences: bank account theft,
machines turned into bots, etc.
12
![Page 13: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/13.jpg)
Targeted Attacks
• Attacker(s) wants you!• Sometimes, you have something they want;
other times, it’s someone with a grudge• Background research- learn a lot about the
target• May do physical reconnaissance• Watch for things like “spear-phishing” or
other carefully-targeted attacks
13
![Page 14: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/14.jpg)
Advanced Persistent Threats (APT)• Very skillful attackers who are aiming at
particular targets• Sometimes—though not always—working for
a nation-state• Very, very hard to defend against them• May use non-cyber means, including
burglary, bribery, and blackmail• Note: many lesser attacks blamed on APTs
14
![Page 15: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/15.jpg)
Are You Targeted?
• Biggest risk is assuming you are not interesting enough!
• Vendors and their take on security:– Underwhelming– Overwhelming
15
![Page 16: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/16.jpg)
Defense Strategies
• Defense strategies depend on what you’re trying to protect
• Tactics that keep out teenagers won’t keep out an intelligence agency
• But stronger defenses are often much more expensive, and cause great inconvenience
16
![Page 17: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/17.jpg)
Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for most of these holes; the tools are known to A/V companies– The best defense is staying up to date with patches– Also, keep antivirus software up to date
• Ordinary enterprise-grade firewalls will also repel them
17
![Page 18: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/18.jpg)
Opportunistic Hacks
• Sophisticated techniques used– Possibly even some 0-days
• You need multiple layers of defense– Up-to-date patches and anti-virus– Multiple firewalls– Intrusion detection– Lots of attention to log files
• Goal: contain the attack
18
![Page 19: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/19.jpg)
Targeted Attacks
• Targeted attacks exploit knowledge; try to block or detect reconnaissance– Security procedures matters a lot– How do you respond to phone callers?– What do people do with unexpected attachments?– USBs in the parking lot
• Hardest case: disgruntled employee or ex-employee
19
![Page 20: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/20.jpg)
Advanced Persistent Threats (APT)• Very, very hard problem!• Use all of the previous defenses• There are no sure answers - even air gaps
aren’t sufficient (think Stuxnet)• Pay special attention to procedures• Investigate all oddities
20
![Page 21: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/21.jpg)
Varying Defenses
• Don’t use the same defenses for everything• Layer them; protect valuable systems more
carefully• Maybe you can’t afford to encrypt
everything– but you can encrypt all communications among your high-
value machines
21
![Page 22: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/22.jpg)
Uneven Playing Field
• The defender has to think about the entire perimeter:– all the weakness
• The attacker has to find only one weakness• This is not good news for defenders
22
![Page 23: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/23.jpg)
Attack Surface
Entire Perimeter you have to Defend
23
Web ServerDNS
SMTP
Power Fiber
Application
Firewall
![Page 24: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/24.jpg)
Attack Surface
But it is not just the perimeter!
24
Web ServerDNS
SMTP
Power Fiber
Application
Firewall
USB SticksFishing
SpearfishingPasswords
Ex-EmployeesSysadmins
![Page 25: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/25.jpg)
Layers of Protection
• Firewalls (though there are laptops on the inside)
• Intrusion Detection Systems• Logging Systems and Analysis• Protecting the Firewalls, IDSs, and Logging
Systems
25
![Page 26: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/26.jpg)
Why Security?
• The Internet was initially designed for connectivity – Trust is assumed, no security– Security protocols added on top of the TCP/IP
• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources
• The Internet has become fundamental to our daily activities (business, work, and personal)
26
![Page 27: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/27.jpg)
Internet Evolution
Different ways to handle security as the Internet evolves
LAN connectivity Application-specificMore online content
Application/data hosted in the “cloud”
27
![Page 28: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/28.jpg)
Goals of Information Security
Confidentiality Integrity Availability
SEC
UR
ITY
prevents unauthorized use or disclosure of information
safeguards the accuracy and completeness of information
authorized users have reliable and timely access to information
28
![Page 29: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/29.jpg)
Access Control
• The ability to permit or deny the use of an object by a subject.
• It provides 3 essential services:– Authentication (identification of a user)– Authorization (who is allowed to use a service)– Accountability (what did a user do)
![Page 30: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/30.jpg)
Authentication
• a means to verify or prove a user’s identity
• The term “user” may refer to:– Person – Application or process– Machine or device
• Identification comes before authentication– Provide username to establish user’s identity
• To prove identity, a user must present either of the following:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan, signature or
voice)
![Page 31: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/31.jpg)
Authentication - Trusted Network
• Standard defensive-oriented technologies– Firewall – first line of defense– Intrusion Detection – second line of defense
• Build TRUST on top of the TCP/IP infrastructure– Strong authentication
• Two-factor authentication• something you have + something you know
– Public Key Infrastructure (PKI)
![Page 32: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/32.jpg)
Strong Authentication
• An absolute requirement• Two-factor authentication
– Passwords (something you know)– Tokens (something you have)
• Examples:– Passwords– Tokens– Tickets– Restricted access– PINs– Biometrics– Certificates
![Page 33: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/33.jpg)
Two-factor Authentication
• Requires a user to provide at least two authentication ‘factors’ to prove his identity– something you know
• Username/userID and password
– something you have• Token using a one-time password (OTP)
• The OTP is generated using a small electronic device in physical possession of the user– Different OTP generated each time and expires after some time– An alternative way is through applications installed on your mobile
device
• Multi-factor authentication is also common
![Page 34: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/34.jpg)
Authorization
• Defines the user’s rights and permissions on a system• Typically done after user has been authenticated
• Grants a user access to a particular resource and what actions he is permitted to perform on that resource
• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type
![Page 35: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/35.jpg)
Authorization Concepts
• Authorization Creep– When users may possess unnecessarily high access privileges within
an organization
• Default to Zero– Start with zero access and build on top of that
• Need to Know Principle– Least privilege; give access only to information that the user
absolutely need
• Access Control Lists– List of users allowed to perform particular access to an object (read,
write, execute, modify)
![Page 36: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/36.jpg)
Authorization - Single Sign On
• Property of access control where a user logs in only once and gains access to all authorized resources within a system.
• Benefits:– Ease of use– Reduces logon cycle (time spent re-entering passwords for the same
identity)
• Common SSO technologies:– Kerberos, RADIUS– Smart card based– OTP Token– Shibboleth / SAML– OpenID
• Disadvantage: Single point of attack
![Page 37: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/37.jpg)
Authorization –Types of Access Control• Centralized Access Control
– Radius– TACACS+– Diameter
• Decentralized Access Control– Control of access by people who are closer to the resources– No method for consistent control
![Page 38: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/38.jpg)
Accountability
• The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action
• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems
![Page 39: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/39.jpg)
Target
• Many sorts of targets:– Network infrastructure– Network services– Application services– User machines
• What’s at risk?
![Page 40: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/40.jpg)
Attacks on Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
40
![Page 41: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/41.jpg)
Layer 2 Attacks
• ARP Spoofing• MAC attacks
• DHCP attacks• VLAN hopping
41
![Page 42: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/42.jpg)
ARP Spoofing
ARP Cache poisoned. Machine A connects to Machine D (not C)
I want to connect to 10.0.0.3. I don’t know the
MAC address
10.0.0.1AA-AA-AA-AA-AA-AA
10.0.0.2BB-BB-BB-BB-BB-BB
10.0.0.3CC-CC-CC-CC-CC-CC
10.0.0.4DD-DD-DD-DD-DD-DD
ARP Request
ARP Reply
Wait, I am 10.0.0.3!
I am 10.0.0.3. This is my MAC address
42
![Page 43: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/43.jpg)
MAC Flooding
• Exploits the limitation of all switches • CAM stores mapping of individual MAC addresses to
source ports.• Attacker floods the CAM table using spoofed source MAC
addresses
43
![Page 44: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/44.jpg)
DHCP Attacks
• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed MAC
address simultaneously.
• DHCP Spoofing
44
![Page 45: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/45.jpg)
Layer 3 Attacks
• ICMP Ping Flood• ICMP Smurf
• Ping of death
45
![Page 46: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/46.jpg)
Ping Flood
NetworkBroadcast Address
Victim
Other forms of ICMP attack:-Ping of death-ICMP ping flood
Attacker
Echo request Echo request
Echo reply to actual destination
46
![Page 47: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/47.jpg)
Routing Attacks
• Attempt to poison the routing information• Distance Vector Routing
– Announce 0 (hop count-16 for RIPv2) distance to all other nodes (count to infinity!)• Blackhole traffic• Eavesdrop
• Link State Routing– Can drop links randomly– Can claim direct link to any other routers– A bit harder to attack than DV
• BGP attacks– ASes can announce arbitrary prefix– ASes can alter path
47
![Page 48: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/48.jpg)
TCP Attacks
• SYN Flood – occurs when an attacker sends SYN requests in succession to a target.
• Causes a host to retain enough state for bogus half-connections such that there are no resources left to establish new legitimate connections.
48
![Page 49: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/49.jpg)
TCP Attacks
• Exploits the TCP 3-way handshake• Attacker sends a series of SYN packets without replying
with the ACK packet• Finite queue size for incomplete connections
ServerCONNECTION ESTABLISHED
SYN
SYN+ACK
ACK
49
![Page 50: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/50.jpg)
TCP Attacks
• Exploits the TCP 3-way handshake• Attacker sends a series of SYN packets without replying
with the ACK packet• Finite queue size for incomplete connections
Server(Victim)
Attacker
OPEN CONNECTIONS
SYN
SYN+ACK
ACK?
50
![Page 51: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/51.jpg)
Application Layer Attacks
• Scripting vulnerabilities• Cookie poisoning
• Buffer overflow• Hidden field manipulation
• Parameter tampering• Cross-site scripting• SQL injection
51
![Page 52: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/52.jpg)
Layer 7 DDoS Attack
• Traditional DoS attacks focus on Layer 3 and Layer 4• In Layer 7, a DoS attack is targeted towards the
applications disguised as legitimate packets • The aim is to exhaust application resources (bandwidth,
ports, protocol weakness) rendering it unusable• Includes:
– HTTP GET – HTTP POST– Slowloris– LOIC / HOIC– RUDY (R-U-Dead Yet)
52
![Page 53: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/53.jpg)
Layer 7 DDoS – Slowloris
• Incomplete HTTP requests• Properties
– Low bandwidth– Keep threads active– Only affects threaded web servers– Doesn’t work through load balancers
53
![Page 54: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/54.jpg)
DNS Changer
• “Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to the Internet.”
• How: infect computers with a malicious software (malware)
• This malware changes the user’s DNS settings with that of the attacker’s DNS servers
• Points the DNS configuration to DNS resolvers in specific address blocks and use it for their criminal enterprise
54
![Page 55: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/55.jpg)
DNS Cache Poisoning
• Caching incorrect resource record that did not originate from authoritative DNS sources.
• Result: connection (web, email, network) is redirected to another target (controlled by the attacker)
55
![Page 56: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/56.jpg)
DNS Cache Poisoning
(pretending to be the authoritative
zone)
ns.example.comWebserver
(192.168.1.1)
DNS Caching Server
Client
I want to access www.example.com
1
QID=645712
QID=64569
QID=64570
QID=64571
www.example.com 192.168.1.1
match!
www.example.com 192.168.1.993
3
Root/GTLD
QID=64571
56
![Page 57: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/57.jpg)
Amplification Attacks
• Exploiting UDP protocol to return large amplified amounts of traffic / data
• Small request, large reply• Examples:
– DNS– NTP– SMTP– SSDP
57
![Page 58: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/58.jpg)
DNS Amplification Attack
• A type of reflection attack combined with amplification– Source of attack is reflected off another machine– Traffic received is bigger (amplified) than the traffic sent by the
attacker
• UDP packet’s source address is spoofed
58
![Page 59: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/59.jpg)
DNS Amplification
Attacker
ns.example.com
Victim
Open DNS Resolvers
Bots
Root/GTLD
www.example.com 192.168.1.1
59
Queries (ANY) withspoofed IP - Victim’s IP
dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec
![Page 60: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/60.jpg)
NTP Amplification
• UDP 123• NTP versions older than v4.2.7p26 vulnerable to “monlist”
attack– Made easier by Open NTP servers (time.google.com)– Monlist fetches the MRU list of NTP associationsntpdc -C –n monlist <NTP-Server-IP>
• Several incidents in 2014– Use mrulist instead of monlist (requires proof)– Upgrade NTP (ntpd) server– BCP38
60
![Page 61: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/61.jpg)
Wireless Attacks
• WEP – first security mechanism for 802.11 wireless networks
• Weaknesses in this protocol were discovered by Fluhrer, Mantin and Shamir, whose attacks became known as “FMS attacks”
• Tools were developed to automate WEP cracking• Chopping attack were released to crack WEP more
effectively and faster• Cloud-based WPA crackers might speed it up
61
![Page 62: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/62.jpg)
Man in the Middle Attacks (Wireless)
• Creates a fake access point and have clients authenticate to it instead of a legitimate one.
• Capture traffic to see usernames, passwords, etc that are sent in clear text.
62
![Page 63: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/63.jpg)
Security - Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
IEEE 802.1X, PPP & PPTP
IPsec
TLS, SSL, SSH
HTTPS, DNSSEC, PGP, SMIME
63
![Page 64: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/64.jpg)
Link-Layer Security
• Dynamic ARP Inspection– Check IP to MAC binding
• Port Security
• 802.1X
64
![Page 65: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/65.jpg)
Transport Layer Security
• Secure Socket Layer (SSL)• Secure Shell Protocol
• SYN Cookies– MD5 hash (source IP, source port, dest IP, dest port and ISN in SYN)– Send in its SYN-ACK – no need for state for half-open connections in memory
65
Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1
Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies
![Page 66: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/66.jpg)
Application Layer Security
• HTTPS• PGP (Pretty Good Privacy)
• SMIME (Secure Multipurpose Internet Mail Extensions)• TSIG and DNSSEC
• Wireless Encryption - WEP, WPA, WPA2
66
![Page 67: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/67.jpg)
Cryptography
![Page 68: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/68.jpg)
Cryptography
68
• All about hiding information in plain sight!
![Page 69: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/69.jpg)
Cryptography
• Cryptography deals with creating documents that can be shared secretly over public communication channels
• Other terms closely associated– Cryptanalysis = code breaking– Cryptology
• Kryptos (hidden or secret) and Logos (description) = secret speech / communication
• combination of cryptography and cryptanalysis
• Cryptography is a function of plaintext and a cryptographic key
C = F(P,k) Notation:Plaintext (P)Ciphertext (C)Cryptographic Key (k)
69
![Page 70: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/70.jpg)
Terminology
• Cryptography : the practice and study of hiding information• Cryptanalysis : to find some weakness or insecurity in a
cryptographic scheme• Encryption : the method of transforming data (plain text)
into an unreadable format• Plaintext - the “scrambled” format of data after being
encrypted
70
![Page 71: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/71.jpg)
Cryptosystem Terminology
• Decryption : the method of turning cipher text back into plaintext
• Encryption Algorithm : a set of rules or procedures that dictates how to encrypt and decrypt data, also called encryption cipher
• Key : (cryptovariable) a value used in the encryption process to encrypt and decrypt
71
![Page 72: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/72.jpg)
Key is the key
• The key length is the measure in bits and the key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776
72
![Page 73: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/73.jpg)
• Assume everyone knows your encryption/decryption algorithm
• Security of encryption lies in the secrecy of the keys, not the algorithm! (Kerckhoff’s Law)
• How do we keep them safe and secure?
73
All about the keys
![Page 74: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/74.jpg)
Work Factor
• The amount of processing power and time to break a crypto system
• No system is unbreakable• Make it too expensive to break
74
![Page 75: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/75.jpg)
Encryption
• process of transforming plaintext to ciphertext using a cryptographic key
• Used all around us– In Application Layer – used in secure email, database sessions, and
messaging– In session layer – using Secure Socket Layer (SSL) or Transport
Layer Security (TLS)– In the Network Layer – using protocols such as IPsec
75
![Page 76: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/76.jpg)
Encryption and Decryption
Plaintext Ciphertext Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Encryption Key Decryption Key
76
![Page 77: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/77.jpg)
Symmetric Key Algorithm
• Uses a single key to both encrypt and decrypt information• Also known as a secret-key algorithm
– The key must be kept a “secret” to maintain security– This key is also known as a private key
• Follows the more traditional form of cryptography with key lengths ranging from 40 to 256 bits.
• Examples:– DES, 3DES, AES, RC4, RC6, Blowfish
77
![Page 78: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/78.jpg)
Same shared secret key
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
Shared Key Shared KeySymmetric Key Cryptography
Symmetric Encryption
78
![Page 79: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/79.jpg)
Symmetric Key Algorithm
Symmetric Algorithm Key SizeDES 56-bit keysTriple DES (3DES) 112-bit and 168-bit keysAES 128, 192, and 256-bit keysIDEA 128-bit keysRC2 40 and 64-bit keysRC4 1 to 256-bit keysRC5 0 to 2040-bit keysRC6 128, 192, and 256-bit keysBlowfish 32 to 448-bit keys
Note: Longer keys are more difficult to crack, but more computationally expensive.
79
![Page 80: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/80.jpg)
Asymmetric Key Algorithm
• Also called public-key cryptography– Keep private key private– Anyone can see public key
• separate keys for encryption and decryption (public and private key pairs)
• Examples:– RSA, DSA, Diffie-Hellman, ElGamal, PKCS
80
![Page 81: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/81.jpg)
Asymmetric Encryption
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
Public Key Private KeyAsymmetric Key Cryptography
Different keys
81
![Page 82: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/82.jpg)
Asymmetric Key Algorithm
• RSA – the first and still most common implementation• DSA – specified in NIST’s Digital Signature Standard
(DSS), provides digital signature capability for authentication of messages
• Diffie-Hellman – used for secret key exchange only, and not for authentication or digital signature
• ElGamal – similar to Diffie-Hellman and used for key exchange
• PKCS – set of interoperable standards and guidelines
82
![Page 83: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/83.jpg)
Hash Functions
• produces a condensed representation of a message • takes an input message of arbitrary length and outputs
fixed-length code– The fixed-length output is called the hash or message digest
• A form of signature that uniquely represents the data
• Uses: – Verifying file integrity – Digitally signing documents– Hashing passwords
83
![Page 84: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/84.jpg)
Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used
• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5– Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME,
IPsec) L– SHA-256, SHA-384, SHA-512 can produce hash values that are 256,
384, and 512-bits respectively
84
![Page 85: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/85.jpg)
Digital Signature
• a message appended to a packet• used to prove the identity of the sender and the integrity of
the packet• how it works:
– sender signs the message with own private key – receiver uses the sender’s public key to verify the signature
85
![Page 86: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/86.jpg)
Digital Signature Process
• Hash the data using one of the supported hashing algorithms (MD5, SHA-1, SHA-256)
• Encrypt the hashed data using the sender’s private key• Append the signature (and a copy of the sender’s public
key) to the end of the data that was signed
DATAHASH (DATA)
DIGITAL SIGNATURE
MD5/SHA-1 PRIVATE KEY
86
![Page 87: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/87.jpg)
Signature Verification - Receiver
• Hash the original data using the same hashing algorithm• Decrypt the digital signature using the sender’s public key. All
digital signatures contain a copy of the signer’s public key• Compare the results of the hashing and the decryption. If the
values match then the signature is verified. If the values do not match, then the data or signature was probably modified.
DATAHASH (DATA)
HASH (DIGITAL
SIG)
MD5/SHA-1
MATCH?
87
![Page 88: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/88.jpg)
Example
88
https://www.gpg4win.org/ for windows https://www.gpgtools.org/ for OS X
![Page 89: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/89.jpg)
PKI / PGP Primer
• 🔑 Public Key• 🗝 Private Key
• 📝 Message
• 📝+🔑 = 🔒✉ Encrypted
• 🔒✉+🗝 = 🔓📝 Decrypted• 📝+🗝 = 🔏✉ Signed
• 🔏✉ + 🔑 = 👤 Authenticated
89
![Page 90: Cyber Security, Threat Pragmatics & Cryptography · PDF fileThreat Pragmatics & Cryptography ... Power Fiber Application Firewall. ... applications disguised as legitimate packets](https://reader033.fdocuments.in/reader033/viewer/2022050813/5a7a71057f8b9abd768b7aca/html5/thumbnails/90.jpg)
Questions!