CS 6035 - Exam 2, CS6035 Exam 2
Possible ways to encrypt data at rest/stored data
Back-end appliance, library-based tape encryption, background, laptop and PC data encryption
The digital signature provides confidentiality. (T/F)
False! The digital signature does not provide confidentiality. That is, the message being sent is safe from alteration, but not safe from eavesdropping.
5. Hashing schemes (pp 37-45,635)
Hash Functions: - Compute message digest of data of any size -Fixed length output: 128-512 bits - Easy to compute H(m)
8.HMAC (p 641, Section 21.2 of Book)
Hash code approach for message authentication. Requires a secret key. - Cryptographic hash functions generally execute faster - Library code is widely abvailable - SHA-1 was not designed for use as a MAC because it does not rely on a secret key - Issued as RFC2014 - Has been chosen as the mandatory-to-implement MAC for the IP security - Used in the other Internet protocols such as Transport Layer Security (TLS)
HMAC Design Objectives
-Use available hash functions without modification -Allow for easy substitution of hash functions -Limit performance degradation of underlying hash function -Handle keys in a simple way -Have well-understood cryptographic analysis of its strengths Probability of successful attack is equivalent to the odds of cracking the underlying hash function.
SHA-512 Message Digest Generation Steps
1. Append padding bits: Message padded so that length is congruent to 89 mod 1024. Always done. 2. Append Length: A block of 128 bits is appended to the message. Contains length of original message before padding 3. Initialize the hash buffer: holds intermediate and final results of the hash function 4. Process message in 1024-bit(128-word) blocks 5. Output: After all N 1024 bit blocks have been processed, the output is the 512 bit message digest (Each block takes 80 rounds to process)
IDS 3 main types:
Host Based (HIDS): Monitors characteristics of a single host i.e. a single server Network-Based (NIDS): Monitors network traffic for network segments or devices and monitors protocols to identify suspicious activity Distributed or Hybrid: Combines info from a number of systems that are both host and network based.
Application of X.509
IP Security (IPsec), Transport Layer Security (TLS), Secure Shell (SSH), and Secure/Multipurpose Internet Mail Extension (S/MIME)
Cryptanalysis
Relies on the natures of the nature of the algorithm plus some knowledge of the general characteristics of the plaintext, or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
Triple DES (3DES)
Repeats the basic DES algorithm three times, using either two or three unique keys, for a key size of 112 or 168 bits in order to strengthen DES
Advanced Encryption Standard (AES)
Replacement for 3DES which has a security strength equal to or better than 3DES and significantly improved efficiency. It's a symmetric block cipher with a block length of 128 bits and support for key lengths of 128, 192, and 256 bits.
4.Intrusion Detection System (p 257 [4th edition: p 278])
Security Intrusion: unauthorized bypass of security mechanisms Intrusion Detection: hardware or software function that gathers and analyzes info to detect security intrusions
Modes of Operation
Technique developed to increase the security of symmetric block encryption for large sequences of data. These modes overcome the weakness of ECB.
Keyed-Hash Message Authentication Code (HMAC)
Technique that uses a hash function but no encryption for message authentication. It assumes that two communicating parties share a common secret key, which is incorporated into the process of generating a hash code.
Primary concern of DES
key length
The advantage of a stream cipher is that
stream ciphers are almost always faster and use far less code than block ciphers do
IDS Requirements
• Run continually with minimal human supervision. • Be fault tolerant in the sense that it must be able to recover from system crashes and reinitializations. • Resist subversion. The IDS must be able to monitor itself and detect if it has been modified by an attacker. • Impose a minimal overhead on the system where it is running. • Be able to be configured according to the security policies of the system that is being monitored. • Be able to adapt to changes in system and user behavior over time. • Be able to scale to monitor a large number of hosts. • Provide graceful degradation of service in the sense that if some components of the IDS stop working for any reason, the rest of them should be affected as little as possible. • Allow dynamic reconfiguration that is, the ability to reconfigure the IDS without having to restart it.
RSA
Understand the basic equations How key size effects brute force search Understand how broadcast attacks work
Criteria used to validate that a sequence of numbers is random
Uniform distribution: The distribution of numbers in the sequence should be uniform; that is, the frequency of occurrence of each of the numbers should be approximately the same. Independence: No one value in the sequence can be inferred from the others.
X.509
Universally accepted for formatting public-key certificates
True Random Number Generator (TRNG)
Uses a non-deterministic source to produce randomness
Passwords
What makes strong passwords What are dictionary attacks
Difference between MAC and one-way has function
a hash function does not take a secret key as an input
The purpose of the __________ algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.
Diffie-Hellman Key Agreement
Three Digital Signature Algorithm
Digital Signature Algorithm (DSA): The original NIST-approved algorithm, which is based on the difficulty of computing discrete logarithms. RSA Digital Signature Algorithm: Based on the RSA public-key algorithm. Elliptic Curve Digital Signature Algorithm (ECDSA): Based on elliptic-curve cryptography.
Decryption algorithm
Essentially the encryption algorithm run in reverse. Takes the ciphertext and the same secret key and produce the original plaintext.
6.Timing attacks (p 651, Ch 21.4)
-An attacker can determine a private key by keeping track of how long the computer takes to decipher messages -RSA and other public-key encryption algorithms are vulnerable -Characterized as being a cipher only attack. -Exploits the common use of a modular exponentiation algorithm in RSA encryption and decryption
High interaction honeypots
-Are real systems with full operating systems, services, applications etc. that are deployed in a place that attackers can get to. They are obviously more realistic and a big advantage is that they can occupy an attacker for an extended period of time and allow security to gain more information about the attackers.
Low interaction honeypots
-Can realistically imitate IT services but they do not actually execute the services themselves. These are often used as part of a distributed IDS (intrusion detection system) to warn of an imminent attack.
Variants of Certificates
-Conventional (short-lived) certificates - Typically issued for validity purposes of months to years -Short-lived certificates - used to provide authentication for applications such as grid computing. They have validity periods from hours to days. Not usually issued by recognized CA's, so there are some issues verifying them outside of an organization -Proxy certificates - Used to provide authentication. They allow an end user certificate to sign another certificate with a subset of their identity. They allow a user to easily create a credential to access resources in some environment without needing to provide full certificate and rights. -Attribute certificates - Use a different certificate format to link a user's identity to a set of attributes that are typically used for authorization and access control. A user may have a number of different attribute certificates for different functions associated to their conventional certificate
Hashing Schemes Method of Attack:
-Cryptanalysis(studying the hashing algorithm) -Brute Force Attacks
Secure Hash Algorithm(SHA)
-Developed by NIST, specified in the Secure Hash Standard, originally 1993 - Revised as SHA-1 in 1995 (160 bit hash) - NIST specified SHA2 algorithms in 2002 (256,384, and 512 bits -similar to SHA-1)
Honeypots
-Honey Pots are an important part of intrusion detection technology -They divert attackers from critical systems -They collect intelligence about malicious activity -Keep intruders in the system long enough for administrators to respond -They have absolutely 0 production value so an attack on them should not -be able to negatively impact the system
IDS Base Rate Fallacy
-IDS should detect a substantial percentage of intrusions while keeping false positives at an acceptable rate. -If the amount of intrusions is low compared to the number of legit uses then the number of false positives will be high. Current systems have not overcome this.
Hashing Schemes General Principle
-Input message, file etc. is viewed as a sequences of n-bit blocks and is processed one block at a time to produce and n-bit hash function -Hash length should be at least 128 bits in order to avoid being cracked by modern processors
Hashing Scheme Use Cases:
-Passwords -Digital signatures -Message Authentication -Intrusion Detection(store hash value for a file and check later to see if value changed)
Blockchain
-Proof-of-Work: Describes a system that requires a not-insignificant but feasible amount of effort in order to deter frivolous or malicious use of computing power, such as sending spam emails or launching denial of service attacks. -Proof-of-Stake: States that a person can mine or validate block transactions according to how many coins he or she holds. More bitcoin owned by a miner, the more mining power he or she has. Created as an alternative to Proof of Work.
Wireless Environment 3 components
-The wireless client can be a mobile phone, a Wi-Fi enabled laptop or tablet, a wireless sensor, a Bluetooth device, and so on. -The wireless access point provides a connection to the network or service. Examples of access points are mobile phone towers, Wi-Fi hot spots, and wireless access points to wired local or wide-area networks. -The transmission medium, which carries the radio waves for data transfer, is also a source of vulnerability
Public-key certificate
A certificate that consists of a public key plus a user ID of the key owner, with the whole block signed by a Certificate Authority (CA). The certificate also includes some information about the third party plus an indication of the period of validity of the certificate.
Message Authentication Code (MAC)
A small block of data that is generated using a secret key and then appended to the message.
Data Encryption Standard (DES)
A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks.
Certificate Authority (CA)
A third party trusted by the user community, such as a government agency or a financial institution.
Timing Attack Counter Measures
- Constant Exponentiation Time: Ensure that all exponentiation take the same amount of time. - Random Delay: Confuses a timing attack. Defenders must make sure that enough randomness is present otherwise with time attackers can still perform the attack - Blinding: Multiply the ciphertext by a random number before performing exponentiation
Security Protocols Planning and Policies (Ch. 14 & 15)
- Management controls: focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission. -Operational controls: address the correct implementation and use of security policies and standards, ensuring consistency in security operations and correcting identified operational deficiencies. These controls relate to mechanisms and procedures that are primarily implemented by people rather than systems. They are used to improve the security of a system or group of systems. -Technical controls: involve the correct use of hardware and software security capabilities in systems. These range from simple to complex measures that work together to secure critical and sensitive data, information, and IT systems functions. -Supportive controls: pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls. -Preventative controls: focus on preventing security breaches from occurring, by inhibiting attempts to violate security policies or exploit a vulnerability. - Detection and recovery controls: focus on the response to a security breach, by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.
IDS Basic Principles:
- Quick detection allows for intruders to be identified and ejected before damage can be done - An effective IDS can serve as a deterrent - Valuable as a collection tool for info regarding intrusion techniques that can be used to strengthen prevention measures -Based on the idea that malicious activity can be differentiated from legitimate activity. -Have to balance between false positives and false negatives.
Hash Function Weakness
- There are many 'pigeons' than 'pigeonholes' -Many input will be mapped to the same output. That is, many input messages will have the same hash Conclusion: The longer the length of the hash, the fewer the collisions
Project 4
1. Cross site request forgery attacks (XSRF/CSRF) - A XSRF attack is where a malicious site forwards users to a trusted site and uses the user's cookie to forge requests 2. Cross site scripting attacks (XSS) - - An XSS attack injects scripts into sites where input was not validated. The browser will download and execute the injected script. -The difference between XSS and XSRF is that XSS inject scripts into a website while XSRF forges requests to a website 3. SQL injection attacks - An SQL injection attack is where an attacker sends a malicious command to the database, allowing them to interact with the database in an unauthorized manner. These kinds of attacks can disclose data in the database, or it can be used for destructive commands like dropping tables.
Important block ciphers
1. Data Encryption Standard (DES) 2. Triple DES 3. Advanced Encryption Standard (AES)
Properties of Hash Function H
1. H can be applied to a block of data of any size. 2. H produces a fixed-length output. 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given code h, it is computationally infeasible to find x such that H(x)=h.H(x)=h. A hash function with this property is referred to as one-way or preimage resistant. 5. For any given block x, it is computationally infeasible to find y≠xy≠x with H(y)=H(x).H(y)=H(x). A hash function with this property is referred to as second preimage resistant. 6. It is computationally infeasible to find any pair (x, y) such that H(x)=H(y).H(x)=H(y). A hash function with this property is referred to as collision resistant. This is sometimes referred to as strong collision resistant.
Benefits of 3DES
1. Its 168-bit key length overcomes the vulnerability to brute-force attack of DES 2. The underlying encryption algorithm in 3DES is the same as in DES, which is the most-studied encryption algorithm in existence 3. Resistant to cryptanalysis
Three Layers of Defense in Depth
1. Prevent 2. Detect 3. Survive
Drawbacks of 3DES
1. Relatively sluggish in software. 3DES, which requires three times as many calculations as DES, is correspondingly slower 2. Both DES and 3DES use a 64-bit block size. For reasons of both efficiency and security, a larger block size is desirable.
Intrustion Examples
1. Remote root compromise 2. Deface a web server to display inappropriate content 3. Guessing and cracking stolen passwords 4. Stealing a database containing credit card numbers 5. Viewing sensitive data without authorization 6. Packet sniffer to capture user names and passwords 7. Distributing pirated software 8. Using unsecure means to access internal network 9. Impersonating Executive to get information 10. Using a workstation without permission
Two requirement for secure use of symmetric encryption
1. Strong encryption algorithm 2. The sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure
Recommendations the following techniques for wireless network security
1. Use encryption. Wireless routers are typically equipped with built-in encryption mechanisms for router-to-router traffic. 2. Use anti-virus and anti-spyware software, and a firewall. These facilities should be enabled on all wireless network endpoints. 3. Turn off identifier broadcasting. Wireless routers are typically configured to broadcast an identifying signal so that any device within range can learn of the router's existence. If a network is configured so authorized devices know the identity of routers, this capability can be disabled to thwart attackers. 4. Change the identifier on your router from the default. Again, this measure thwarts attackers who will attempt to gain access to a wireless network using default router identifiers. 5. Change your router's pre-set password for administration. This is another prudent step. 6. Allow only specific computers to access your wireless network. A router can be configured to only communicate with approved MAC addresses. Of course, MAC addresses can be spoofed, so this is just one element of a security strategy
Secret key
An input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.
Digital Envelope
Another application in which public-key encryption is used to protect a symmetric key. It can be used to protect a message without needing to first arrange for sender and receiver to have the same secret key
Intrusion
Any attack that aims to compromise the security goals of an organization
Electroinc Codebook (ECB)
Approach to multiple-block encryption in which plaintext is handled by b bits at a time and each block of plaintext is encrypted using the same key
Honey Files
Are an emerging technology that emulates legit documents with realistic sounding names. Any access to these files will tip off security that unauthorized activity is occurring.
One-way hash function
As with the message authentication code, a hash function accepts a variable-size message M as input and produces a fixed-size message digest H(M) as output
Two approaches to attack symmetric encryption scheme
Cryptanalysis and brute-force
asymmetric key encryption
Involves the use of two separate keys, in contrast to symmetric encryption, which uses only one.
Pseudorandom numbers
Number generated using deterministic algorithms which are not statistically random. However, if the algorithm is good, the resulting sequences will pass many reasonable tests of randomness.
Honeypots Deployed Locations:
Location: Outside the firewall Risk: Least Pro: No compromised systems inside the firewall Con: Can't detect internal intrusion Location: In the DMZ Risk: Medium Pro: Can detect early warnings of hacking activities. Can be used alongside services like web and email. Con: Not fully accessible. May need the firewall to open additional traffic to increase effectiveness Location: Inside the firewall Risk: Most Pro: Can account for malicious internal users Con: Very risky with a compromised system in the internal network
Honey Pots Types
Low Interaction honeypots High Interaction honeypots
SNORT Rules:
Made up of a simple, flexible, rule definition language. Consists of the following parts: Rule Header: Defines what the rule is supposed to do and how it behaves. Specifies things such as the action to take, protocols to examine, ip addresses to watch for, destination port/ip addresses etc. Rule options: These are optional configurations for the rule. The types of options are meta-data (info but have no effect during detection), payload (look for data inside packet payload), non-payload (look for non payload data), and post-detection (trigger that happens once the rule is matched by a packet).
7.Digital Signatures (p 50)
Method of using public-key cryptography for authentication - Does not guarantee confidentiality - Allows the receiving party to verify the message was actually sent from the expected sender Example steps: -Sender: Use hash function (SHA-512) to generate a digest for the message -Sender: Encrypt hash digest using private key (asymmetric encryption) -Receiver: When the message is received, compute the hash digest of it -Receiver: Decrypts the encrypted digest (using the sender's public key) and compares it to the digest calculated, if they match it is from the sender
Drawback of Diffie-Hellman key agreement
No authentication of the two communicating partners
Certificate Authorities (p 691)
Often manages the secure distribution of public keys. Web services can send their public key to a CA, where the CA will be signed using the CA's private key, and the certificate will contain the creation time, period of validity, as well as the service's ID and public key. A CA certificate may only be used to certify other certificates. Otherwise, the tickets belong to an "end-user" and may be used for verifying server or client identities, signing or encrypting email or other content.
Keystream
Output of a pseudorandom bit generator combined with the plaintext stream using bitwise exclusive-OR (XOR) operation
SNORT 4 logical components
Packet Decoder: processes captured packets to identify and isolate protocol headers at the various packet layers. It's designed to be as efficient as possible, which makes sense since it has to look at all the packets, and it primarily just sets pointers to the headers so they can be easily extracted. Detection Engine: This is the part that does the actual intrusion detection. It checks each packet based on rules set up in SNORT by the security administrator. The first rule that matches the decoded packet triggers the action specified by the rule. Logger: Each rule specifies a logging and alert option. A logging option does just what you would expect. It writes the details of the violated rule to a log file that the admin can review. Alerter: Also defined by the rule. The rule can specify that an alert be sent to a file, UNIX socket, or database etc.
9. Project 3
Passwords Blockchain RSA
Encryption algorithm
Performs various substitutions and transformations on the plaintext
Stream Cipher
Processes the input elements continuously, producing output one element at a time, as it goes along.
Block Cipher
Processes the plaintext input in fixed-sized blocks and produces a block of ciphertext of equal size for each plaintext block. The algorithm processes longer plaintext amounts as a series of fixed-size blocks.
Solution to forged keys
Public-Key Certificiates
Digital Signature
Public-key encryption used for authentication.
Wireless Security (Section 24.1 of Book)
Security Risk • Channel: Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks. Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocols. • Mobility: Wireless devices are, in principal and usually in practice, far more portable and mobile than wired devices. This mobility results in a number of risks, described subsequently. • Resources: Some wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware. • Accessibility: Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations. This greatly increases their vulnerability to physical attacks.
IDS 3 logical components
Sensors: These actually collect the data related to a possible intrusion. Examples include network packets, log files, call traces, etc. Analyzers: Receive input from the sensors. This determines if an intrusion occurred and output from this component indicates that an intrusion did occur. Can provide guidance on what action to take if an intrusion occurred. User Interface: Gives users the ability to view output from the system or control the behaviour of the system.
3.SNORT (p 280 [4th edition: p 302], Section 8.9 in the Book)
Snort is a light weight, very flexible open source host or network based IDS (intrusion detection system) -Easily deployable -Doesn't use a lot of computing resources -Is able to be easily and quickly configured -Performs real-time packet capture, protocol analysis, and content search mapping -Primarily designed to analyze TCP, UDP, and ICMP network protocols. -Can be configured to passive or active i.e. actually prevent intrusion
1.Zero-Day Attacks (pp 261,264 [4th edition: p 283,286])
Software vulnerabilities for which there are no available patches/fixes. This is opposed to a vulnerability in an older version of a piece of software that can be patched by upgrading to a newer version. Only anomaly detection is able to detect unknown, zero-day attacks, as it starts with known good behavior and identifies anomalies to it. Signature or heuristic approaches can not detect zero-day attacks because no signatures exist for them. Signature approaches are widely used in anti-virus products.
11.Symmetric/ Asymmetric Encryption schemes (Ch. 20 & 21)
Symmetric Encryption: - DES - 3DES Asymmetric Encryption Schemes: - RSA -Diffie-Hellman key exchange
10. Cipher Blocks (p 622)
Symmetric block ciphers like DES or AES process plaintext one data block at a time - For example, for DES and 3DES the block size is 64-bits - If we have less than 64-bits, we pad the plaintext - If we have more than 64-bits, we need a way to break up the plaintext
IPSec/ TLS (pp 676,668) (Chapter 22.3 and 22.5)
TODO
RSA
TODO
A stream cipher can be as secure as a block cipher. (T/F)
True! With a properly designed pseudorandom number generator, a stream cipher can be as secure as a block cipher of comparable key length
Modes of Operation
The different ways of breaking up the plaintext. - Electronic Code Book (ECB): Each block is encrypted independently with the same key -Cipher Block Chaining (CBC): Input to block cipher is the XOR of the current block of plaintext and the previous block of cipher text -Cipher Feedback (CFB): Similar to CBC, but a certain number of bits are used to shift the input and discard a portion of the output -Output Feedback (OFB): Similar to CFB, except that the input to the encryption algorithm is the preceding DES output -Counter (CTR): Each block of plaintext is XORed with an encrypted counter
Plaintext
The original message or data that is fed into the algorithm as input
DES
The plaintext is 64 bits in length and the key is 56 bits in length; longer plaintext amounts are processed in 64-bit blocks. The DES structure is a minor variation of the Feistel network There are 16 rounds of processing. From the original 56-bit key, 16 subkeys are generated, one of which is used for each round. The process of decryption with DES is essentially the same as the encryption process. The rule is as follows: Use the ciphertext as input to the DES algorithm, but use the subkeys Ki in reverse order. That is, use K16 on the first iteration, K15 on the second iteration, and so on until K1 is used on the sixteenth and last iteration.
Diffie-Hellman key exchange
The purpose of the algorithm is to enable two users to exchange a secret key securely that can be then used for subsequent encryption of messages. The algorithm is limited to key exchange. Diffie-Hellman depends for its effectiveness on the difficulty of computing discrete logarithms. Diffie-Hellman is susceptible to man-in-the-middle attack because the protocol does not authenticate the participants. This vulnerability can be overcome with the use of digital signatures and public-key certificates. Diffie-Hellman also uses two expensive exponential operations - DoS is possible by requesting multiple sessions.
Ciphertext
The scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts
Wireless Security Measures
To deal with eavesdropping, two types of countermeasures are appropriate: • Signal-hiding techniques: Organizations can take a number of measures to make it more difficult for an attacker to locate their wireless access points, including turning off service set identifier (SSID) broadcasting by wireless access points; assigning cryptic names to SSIDs; reducing signal strength to the lowest level that still provides requisite coverage; and locating wireless access points in the interior of the building, away from windows and exterior walls. Greater security can be achieved by the use of directional antennas and of signal-shielding techniques. • Encryption: Encryption of all wireless transmission is effective against eavesdropping to the extent that the encryption keys are secured.
Authentication algorithm need not be reversible, as it must for decryption. (T/F)
True!
Diffie-Hellman key exchange
an asymmetric key encryption approach used to share a secret key
iOS and Android (p 705)
iOS -Encryption keys embedded into the hardware (AES 256 keys) -Most files encrypted on write, decrypted on read. Access through the crypto engine. -Chain of trust for the OS starts with signed boot loader written in read only memory, each additional layer of OS bot requires Apple signature (bootROM -> LLB -> iBoot -> Kernel) -Each application sandboxed with its own file system -ASLR -Non executable stack and heap. Write and execute permissions are mutually exclusive for memory pages -Apple controls all applications released through AppStore (All code must be signed with Apple issued key) (These require manual review, but researchers have gotten malicious code through using polymorphic app code) -Touch/Face ID -Remote wipe functionality ANDROID - Apps run in Dalvik VM, and therefore sandboxed (Use Linux permissions) -Apps can publish framework components to be reused by other applications -Permissions granted at install time (These can be far reaching permissions/access) -Apps are self signed to verify each release is from same developer with same signing key (No central review process)
Brute-force attack
to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained
3DES
was first standardized for use in financial applications in ANSI standard X9.17 in 1985. 3DES was incorporated as part of the Data Encryption Standard in 1999, with the publication of FIPS 46-3. 3DES uses three keys and three executions of the DES algorithm. C = E(K3, D(K2, E(K1, p))) where C = ciphertext P = plaintext Decryption is simply the same operation with the keys reversed: P = D(K1, E(K2, D(K3, C))) Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES: C = E(K1, D(K1, E(K1, P))) = E(K, P)
The advantage of a block cipher is that
you can reuse keys
Wireless Network Threats
• Accidental association: Company wireless LANs or wireless access points to wired LANs in close proximity (e.g., in the same or neighboring buildings) may create overlapping transmission ranges. A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. Although the security breach is accidental, it nevertheless exposes resources of one LAN to the accidental user. • Malicious association: In this situation, a wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legitimate users then penetrate a wired network through a legitimate wireless access point. • Ad hoc networks: These are peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of a central point of control. • Nontraditional networks: Nontraditional networks and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs pose a security risk both in terms of eavesdropping and spoofing. • Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. • Man-in-the middle attacks: This type of attack was described in Chapter 21 in the context of the Diffie-Hellman key exchange protocol. In a broader sense, this attack involves persuading a user and an access point to believe that they are talking to each other, when in fact the communication is going through an intermediate attacking device. Wireless networks are particularly vulnerable to such attacks. • Denial of service (DoS): This type of attack was discussed in detail in Chapter 7. In the context of a wireless network, a DoS attack occurs when an attacker continually bombards a wireless access point, or some other accessible wireless port, with various protocol messages designed to consume system resources. The wireless environment lends itself to this type of attack, because it is so easy for the attacker to direct multiple wireless messages at the target. • Network injection: A network injection attack targets wireless access points that are exposed to nonfiltered network traffic, such as routing protocol messages or network management messages. An example of such an attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance.
