PART 3 CRYPTOGRAPHY
Downgrade Attacks on Weak Implementations
1. A downgrade attack is a type of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control. It is most often associated with cryptographic attacks due to weak implementations of cipher suites.
Crypto module.
A crypto module is a set of hardware, software, and/or firmware that implements cryptographic functions. This includes algorithms for encryption and hashing, key generation, and authentication techniques such as a digital signature
What leads to downgrade attacks
Administrators implement algorithms via cipher suites on servers. Their responsibility is to ensure that deprecated and weak cipher suites are disabled on servers. If administrators leave weak or deprecated algorithms functioning on servers, it makes the servers susceptible to attacks such as downgrade attacks.
Review weak implementations
Administrators should disable weak cipher suites and weak protocols on servers. When a server has both strong and weak cipher suites, attackers can launch downgrade attacks bypassing the strong cipher suite and exploiting the weak cipher suite.
SSL/TLS-certificate based authentication
Both SSL and TLS provide certificate-based authentication and they encrypt data with a combination of both symmetric and asymmetric encryption during a session. They use asymmetric encryption for the key exchange (to privately share a session key) and symmetric encryption to encrypt data displayed on the web page and transmitted during the session. Transport Layer Security (TLS) is a replacement for SSL and is widely used in many different applications.
Attacks on SSL/TLS
But, many servers have both SSL and TLS installed. If a client is unable to use TLS, the server will downgrade its security and use SSL. Attackers exploit this vulnerability by configuring their systems so that they cannot use TLS. When they communicate with the server, the server downgrades security to use SSL instead of TLS. This allows attackers to launch SSL-based attacks such as the well-known Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.
Cipher suites
Cipher suites are a combination of cryptographic algorithms that provide several layers of security for TLS and SSL, though most organizations have deprecated the use of SSL. When two systems connect, they identify a cipher suite that is acceptable to both systems and then use the protocols within that suite.
Protecting Email
Cryptography provides two primary security methods you can use with email 1. digital signatures 2. encryption. These are separate processes, but you can digitally sign and encrypt the same email.
Digitial Signatures
DS provides better security and its concepts r: 1. Hashing. Digital signatures start by creating a hash of the message. A hash is simply a number created by executing a hashing algorithm on the message. 2. Certificates. Digital signatures need certificates, and certificates include the sender's public key. 3. Public/private keys. In a digital signature, the sender uses the sender's private key to encrypt the hash of the message. The recipient uses the sender's public key to decrypt the hash of the message. The public key is often distributed in an S/MIME.p7s formatted file.
Email and website encryption commonly use?
Email and web site encryption commonly use a combination of both asymmetric and symmetric encryption. They use asymmetric encryption for key exchange, privately sharing a symmetric key. Symmetric encryption encrypts the data.If a private key is encrypting, you know that it is being used for a digital signature
How to prevent SSL/TLS attack
One way to ensure that SSL isn't used on a site is to modify the server's protocol list and ensure that SSL is disabled. Typically, a web site server will have the following five options: SSL 2, SSL 3, TLS 1.0, TLS 1.1, and TLS 1.2. You can prevent SSL-based downgrade attacks by disabling SSL 2 and SSL 3 on the web site server. Similarly, cipher suites with known vulnerabilities should be disabled.If weak cipher suites are enabled on a server, it increases the vulnerabilities
Email encryption
• The recipient's public key encrypts. • The recipient's private key decrypts.
Email digital signatures
• The sender's private key encrypts (or signs). • The sender's public key decrypts.
Web site encryption
• The web site's public key encrypts. • The web site's private key decrypts. • The symmetric key encrypts data in the web site session
security benefits by DSA
1. Authentication. This identifies the sender of the email. Email recipients have assurances the email actually came from who it appears to be coming from. For example, if an executive digitally signs an email, recipients know it came from the executive and not from an attacker impersonating the executive. 2. Non-repudiation. The sender cannot later deny sending the message. This is sometimes required with online transactions. For example, imagine Homer sends an order to sell stocks using a digitally signed email. If the stocks increase after his sale completes, he can't deny the transaction. 3. Integrity. This provides assurances that the message has not been modified or corrupted. Recipients know that the message they received is the same as the sent message
The protocols within the suite provide three primary cryptographic solutions. They are:
1. Encryption. Encryption provides confidentiality of data. TLS uses asymmetric cryptography to privately exchange a symmetric key and then encrypts the data with a symmetric algorithm. TLS supports several types of symmetric encryption, including 3DES and AES. 2. Authentication. TLS uses certificates for authentication. Clients can verify the authenticity of the certificate by querying the CA that issued the certificate. 3. Integrity. TLS uses a message authentication code (MAC) for integrity. For example, it can use HMAC-MD5 or HMAC-SHA256.
1. 0x00C031.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 2. 0x00003C. TLS_RSA_WITH_AES_128_CBC_SHA256
1. Protocol. Both are using TLS. 2. Key exchange method. The first one is using ECDH and the second one is using RSA. 3. Authentication. Both are using RSA, though, they shortened the code in the second one. Instead of listing RSA twice (for both the key exchange method and authentication), it is only listed once. 4. Encryption. Both are using 128-bit AES, though in different modes of operation. Galois/ Counter Mode (GCM) and Cipher Block Chaining (CBC) are the two modes identified here. 5. Integrity. Both are using the SHA-256 hashing algorithm
Crypto service providers.
A crypto service provider is a software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules
DS
A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key. If successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.
PGP/GPG
Pretty Good Privacy (PGP) is a method used to secure email communication. It can encrypt, decrypt, and digitally sign email. OpenPGP is a PGP-based standard created to avoid any conflict with existing licensing. In other words, users have no obligation to pay licensing fees to use it. Some versions of PGP follow S/MIME standards. Other versions follow OpenPGP standards. GNU Privacy Guard (GPG) is free software that is based on the OpenPGP standard. Each of the PGP versions uses the RSA algorithm and public and private keys for encryption and decryption. Just like S/MIME, PGP uses both asymmetric and symmetric encryption.
SSL & TLS
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are encryption protocols that have been commonly used to encrypt data-intransit. For example, it is common to encrypt HTTPS with either SSL or TLS to ensure confidentiality of data transmitted over the Internet. They can also be used to encrypt other transmissions such as File Transfer Protocol Secure (FTPS).
S/MIME
Secure/Multipurpose Internet Mail Extensions (S/MIME) is one of the most popular standards used to digitally sign and encrypt email. Most email applications that support encryption and digital signatures use S/MIME standards. S/MIME uses RSA for asymmetric encryption and AES for symmetric encryption. It can encrypt email at rest (stored on a drive) and in transit (data sent over the network). Because S/MIME uses RSA for asymmetric encryption, it requires a PKI to distribute and manage certificates
certificates for ssl/tls
TLS and SSL require certificates. Certificate Authorities (CAs) issue and manage certificates, so a CA is required to support TLS and SSL. These CAs can be internal or external third-party CAs. TLS is the replacement for SSL. Both TLS and SSL require certificates issued by Certificate Authorities (CAs). TLS encrypts HTTPS traffic, but it can also encrypt other traffic
Example of SSL/TLS
The common example is with Transport Layer Security (TLS) and Secure Sockets Layer (SSL). SSL has known vulnerabilities and has been replaced with TLS in most implementations.
DSA(asymmetric encryption)
The digital signature algorithm (DSA) uses an encrypted hash of a message. The hash is encrypted with the sender's private key. If the recipient of a digitally signed email can decrypt the hash, it provides three security benefits: 1. Authentication 2. Non-repudiation 3. Integrity
DS continuing
The recipient's public key encrypts when encrypting an email message and the recipient uses the recipient's private key to decrypt an encrypted email message.
HTTPS Transport Encryption
Transport encryption methods encrypt data-in-transit to ensure transmitted data remains confidential. This includes data transmitted over the Internet and on internal networks.
Transport encryption methods
Transport encryption methods encrypt data-in-transit to ensure transmitted data remains confidential. This includes data transmitted over the Internet and on internal networks. Secure Shell (SSH) to encrypt traffic, such as Secure File Transfer Protocol (SFTP).
