Cyber Security TM256

Block 2: Systems Security

BY
Dr. Ahmed Mahfouz
AOU, Oman
Agenda
• Part 3: Principles of cryptography: asymmetric systems
1. The Diffie–Hellman key exchange
2. Asymmetric systems
3. Notation for describing messages and keys
4. Freshness
5. Applications of asymmetric systems
• Part 4: Cryptographic attacks
1. Revisiting substitution ciphers
2. Introduction to cryptographic attacks
3. Recovering hashed secrets
4. Recovering encrypted secrets
5. Cryptographic attack models
6. Measuring attack success
7. Categories of attacks on cryptography methods
8. What is cryptanalysis?
9. Other attacks
Learning outcomes
• Demonstrate an understanding of the theory and practice of systems
security that includes identifying associated threats, controls and
policies.
• Recognize threats, vulnerabilities and attack methods, and propose
appropriate mitigation and security controls towards the design and
implementation of secure systems and infrastructure.
• Communicate and analyze problems effectively within a computing
environment using appropriate personal and technical skills.
• Demonstrate the ability to undertake ongoing learning to keep up to
date with cyber security developments within digital systems.
Part 3: Principles of cryptography: asymmetric
systems
1. The Diffie–Hellman key exchange
2. Asymmetric systems
1. The RSA protocol
2. A step-by-step description of the RSA algorithm
3. Next-generation cryptography
3. Notation for describing messages and keys
4. Freshness
5. Applications of asymmetric systems
1. Sharing a secret key
2. Internet Protocol Security
3. WhatsApp encryption
1 The Diffie–Hellman key exchange
2 Asymmetric systems

• contains a key pair: a public key and a private key

• the public key is shared with others either through a Public Key
Infrastructure (PKI) or through a web of trust

• asymmetric systems are more computationally demanding than

symmetric ones
2.1 The RSA protocol
• The Rivest–Shamir–Adleman (RSA) protocol is a public key
encryption algorithm that relies on large prime numbers and
computation involving modular exponentiation.
• The mathematics behind RSA depends on the multiplication of two
very large prime numbers (i.e., 150 and 600 digits each) and modular
exponentiation.
• The RSA protocol is used in many systems – for example, in the IP
Encapsulating Security Payload (ESP) algorithm, where it is used to
help authenticate a sender of a message.
• Activity 2.12 A simplified RSA model (CLMS)
2.2 A step-by-step description of the RSA algorithm

1. Choose two large prime numbers (p) and (q), then calculate the modulus (n)
2. Calculate the Euler totient function of n, φ(n)
3. Choose the encryption key (E)
4. Calculate the decryption key (D)
5. Distribute the public key (n, E)
6. The sender generates the ciphertext
7. Decrypt
2.3 Next-generation cryptography
• It is a Cisco document about the importance of adapting to the
evolving threat landscape by using stronger cryptographic algorithms.

• As computing power increases, longer cryptographic keys are crucial.

• Outdated encryption protocols should be avoided to mitigate risks.

• Cisco recommends AES-128-GCM, RSA-3072, DSA-3072, and SHA-256.

• NGE technologies offer scalability and enhanced security.

3 Notation for describing messages and keys
• Alice and Bob along with some other individuals are used to illustrate concepts when
writing about security.
• Bob and Alice are known as the principals in a data transfer (Monk, 2003, p. 96)
• Other characters include fellow users Charlie and Diane, as well as malicious people (or
actors): Eve, the eavesdropper; Freda, the fraudster; Ian, the imposter; and, occasionally,
Mallory, a generic malicious actor.
4 Freshness
• Freshness is a term used to indicate that a message is fresh (or new)
and not a recording.
• Freshness is an important concept when discussing a so-called replay
attack in which malicious third parties intercept communications and
retransmit them in an attempt to impersonate a legitimate user.
4 Freshness (timestamps, Serial numbers and Nonces)
• Alice could include a timestamp with her message. If this is encrypted together with the message,
using her private key, Bob can see that the message is current and that it is from her.

• Instead of using a timestamp, Alice could attach a running count of the messages she sends: a
serial number ‘n’. If Ian sends a recording, the serial number will be seen to be repeated or the
message will appear out of sequence.

• If Bob is somewhat suspicious not only of an imposter interfering in the flow of information but
also that Alice is not entirely reliable, he may choose the freshness token himself. In this case it
needs to be an identifier that is not predictable: a random number used only once for each
message transfer – in other words, a nonce.
5 Applications of asymmetric systems
5.1 Sharing a secret key
• Protocols such as Pretty Good Privacy
(PGP), Secure Shell (SSH), Secure Sockets
Layer (SSL) and Transport Layer Security
(TLS) all use a public/private key method
to generate a new secret key that is shared
between the communicants and is used
only for the current session.
• All of these protocols use both an
asymmetric system and a symmetric
system to establish a secure connection.
This is known as a hybrid cryptosystem.
• Activity 2.15 NetLabs – Use of RSA to
harden an SSH connection (CLMS).
5.2 Internet Protocol Security
• Internet Protocol Security (IPsec) is a system used to protect data on a
Virtual Private Network (VPN).
• A VPN can be seen as a secure connection between your computer and the
internet. It is secure because your IP address is hidden and the information
you are sending and receiving is encrypted.
• VPN users include:
• companies who want their employees in remote offices to be able to connect to the
central office through the internet as if they were physically in the central office
• individuals who want to access the internet securely
• individuals who want to access content on the internet that would be barred to them
• because of the geography of their IP address.
5.2 Internet Protocol Security (Operation)
• IPsec encrypts the payload (transport mode) or both the payload and the IP
header (tunnel mode).

• At the start of the VPN session, the two communicating devices must agree
a method for authenticating each other.

• Once authentication is established, the mode (tunnel or transport), the

exact encryption technique and the hash function that used to protect the
data’s integrity should be determind.
5.2 Internet Protocol Security (Internet Key Exchange)

Figure 2.23 The life cycle phases of an IPsec tunnel in a VPN

5.2 Internet Protocol Security (Authentication Header)

• The Authentication Header (AH) is added to the packet to provide a means of checking
for data integrity and data origin authentication as well as a ‘freshness’ token to protect
against ‘replay’ attacks.
• AH contains the information about further security associations in the form of a Security
Parameter Index (SPI).
• The AH authenticates the entire IP packet.
• The figure shows the position of the AH in the packet.
5.2 Internet Protocol Security (Encapsulating Security Protocol)

• Encapsulating Security Payload (ESP) provides data origin authentication,

integrity, confidentiality and an anti-replay service.
• The following figure shows an IP packet in three different configurations.
5.3 WhatsApp encryption
• WhatsApp is a popular platform for sending encrypted messages and,
indeed, for sending encrypted files.
• It boasts end-to-end encryption.
• The technical white paper ‘WhatsApp Encryption Overview’
(WhatsApp, 2020) states that the encryption system used is called
‘The Signal Protocol’, the library of which is ‘based on the Open-
Source library “Signal Protocol” ’.
• Activity 2.17 Check your understanding about WhatsApp Encryption
(CLMS).
Summary of Principles of cryptography: asymmetric
systems
• We looked at a method of exchanging a key (the Diffie–Hellman protocol) before
turning to look at asymmetric systems.

• You studied the RSA protocol and looked at encrypting and decrypting using a
simplified model of this protocol.

• You also explored the concepts of freshness, such as the use of a timestamp or a
nonce, as well as hybrid cryptosystems, such as PGP and SSH.

• IPsec was studied and then, after investigating the protocol behind WhatsApp’s
end-to-end encryption.
Part 4: Cryptographic attacks
1. Revisiting substitution ciphers
1. Frequency analysis
2. Encryption machines
2. Introduction to cryptographic attacks
3. Recovering hashed secrets
4. Recovering encrypted secrets
5. Cryptographic attack models
6. Measuring attack success
7. Categories of attacks on cryptography methods
8. What is cryptanalysis?
1. Brute-Force Attacks
2. Differential and linear cryptanalytic attacks
3. Implementation attacks
9. Other attacks
1 Revisiting substitution ciphers
• A mono-alphabetic substitution cipher is a simple substitution cipher that uses a
fixed replacement strategy. The substitutions are fixed. If the substitution strategy
is that shown in Figure 2.26, a message that reads ‘Retreat at dawn’ would read
‘SFUSFBU BU EBXO’. There is exactly one letter substituted for every letter in the
message. The ‘spaces’ are not substituted.

Figure 2.26 A mono-alphabetic substitution cipher scheme

• A Caesar cipher is a popular example of a mono-alphabetic substitution cipher in

which the encoding happens with a predetermined shift between letters, known
to the communicating parties. A shift of ten implies that the letter ‘A’ is
enciphered as ‘K’, and so on.
1.1 Frequency analysis
• Frequency analysis is the study of the count and
distribution of the letters in a text, ciphertext.
• Analyzing the frequencies helps in cryptanalysis for
decrypting substitution-based ciphers.
• In English, there are commonly occurring letters, and
combinations of them in twos (at, on, of, etc.), threes
(the, for, six, etc.) and fours (four, code, fact, etc.).
• Frequency analysis results in a histogram that enables
decryption of a text by comparing letter frequencies in
a plaintext message with letter frequencies in a
ciphertext message.
• Table 2.6 illustrates the basis of frequency analysis. This
is applicable only if the ciphertext is long enough for
the frequencies to be statistically significant.
1.1 Frequency analysis
• A poly-alphabetic substitution cipher is a substitution, using multiple substitution alphabets.
• The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though
it is a simplified special case.
• Frequency analysis is less helpful in deciphering the message that has been encrypted with
poly-alphabetic substitution, which randomizes the frequency of the letters.
• The poly-alphabetic substitution cipher uses multiple substitution letters in the ciphertext
for a single letter in the plaintext. The same letter in the ciphertext is deciphered to different
letters in plaintext.
• Poly-alphabetic substitution ciphers use multiple substitution mappings and therefore
distort the frequency of the letters in the ciphertext.
• The vulnerability to frequency analysis is substantially reduced, although frequency analysis
is still used as a filter to decipher messages.
• The use of a keyword emerged with the use of the Vigenère square as a tool.
1.1 Frequency analysis (Vigenère cipher Encryption)
1.2 Encryption machines
• The Enigma encryption machine is the well-known encryption–
decryption electromechanical device used by the Germans in the
Second World War to transmit coded messages.
• It used rotors to create a set of poly-alphabets for encryption and
decryption.
• The British, who gained knowledge of how the Enigma worked from a
Polish scientist, designed the Bombe machine, which was able to
decode the German messages.
• The weakness in Enigma substitution scheme were exploited and
used to decode the messages.
2 Introduction to cryptographic attacks
• The cryptographic system involves four
components: the plaintext, the
algorithm (encryption, decryption, hash
generation), a key and the ciphertext.
• Each of the four components and the
network is an attack surface targeted
for cryptographic attack (Figure 2.29).
• A cryptanalytic attack targets the
algorithms and falls under the general Figure 2.29 Components of a cryptographic system

category of cryptographic attacks.

Encryption, decryption, hashing, cryptographic keys and salt

• Hashing is a one-way function, whereas encryption is two-way: information when

encrypted must be decrypted to be used.
• A hash function generates a fixed-length hash value (hash digest) that is unique to
a block of information, unlike encryption and decryption, which modify the
information, back and forth.
• Encryption and decryption are used to transport or store data securely
(confidentially), while hashes are used to verify the integrity of the information.
• Encryption and decryption require a key, while hashing uses a salt (random piece
of text that is added to the information before calculating the hash).
• Activity 2.21 Weaknesses in hashing algorithms (CLMS).
3 Recovering hashed secrets
• When a hashed password file has been stolen and the algorithm is known, the attackers can begin their
attack to recover the passwords.
• If a salt is used for the password hash generation, the search space becomes larger.
• You have to guess a password, generate its hash using the same algorithm and a salt, and compare it with
an existing hash. If there is a match, the password is broken.
• Brute-Force Attack (BFA) is a method of accessing an obstructed device by attempting multiple
combinations of numeric/alphanumeric passwords.
• brute force is feasible for very small search spaces. Reducing the salt size, removing the salt, reducing the
password size or a combination of these drastically reduces the search space and hence the time to break
the password (Table 2.9).
3 Recovering hashed secrets
• Dictionary attack is a collection of well-known passwords and
guessable passwords.
• Credentials from earlier breaches as well as the most common
passwords and word combinations.
• Common and easily memorable phrases are used as passwords.
• A rainbow attack works only for unsalted passwords and reduces the
repeated hash computation to a simple search-and-compare function
in the rainbow table.
• Activity 2.22 What is a Brute-Force Attack?
 4 Recovering encrypted secrets
• The intruder will attempt to retrieve a key to
decrypt their communications and has the
followings:
• access to ciphertext in the communications channel or
compromised servers and systems
• no idea about the key used to secure the information
• knowledge of the algorithm and how it works (DES, AES,
elliptic curve, etc.)
• other information that may or may not be of help
(patterns of communication, typical length of ciphertext
messages, typical message content – protocol
messages, financial transactions, etc.).
5 Cryptographic attack models

1. Ciphertext-Only Attack (COA)

2. Known Plaintext Attack (KPA)

3. Chosen Plaintext Attack (CPA)

4. Chosen Ciphertext Attack (CCA)

5. Chosen Key Attack (CKA)

6 Measuring attack success
7 Categories of attacks on cryptography methods
• Passive attack, information is accessed and monitored, but it is not
modified – the integrity of the information remains while its
confidentiality is lost. Such attacks are categorized under the
interception attack vector.

• Active attack, information is monitored, modified and re-introduced

into the stored information or traffic between the communicating
parties. Both the confidentiality and integrity of the information are
lost. Typical examples of such attacks are masquerading, replay and
repudiation.
8 What is cryptanalysis?
• Cryptanalysis is the process of recovery
a plaintext without knowing the key.

• It involves finding weaknesses in

cryptographic algorithms.

• It involves finding weaknesses in their

implementation or the ciphertext
generation for a specific piece of text.
Figure 2.31 Types of cryptographic attack
8.1 Brute-Force Attacks
• Brute-Force Attack (BFA) is a cryptanalytic method that uses an
exhaustive approach to recover a key.
• It attempts to use every possible key combination to guess the key to
be recovered.
• The number of combinations depends on the number of bits in the
key. For a key length of 64 bits, the number of combinations 264.
• A cryptosystem must ensure it has a large key space. Ensuring that
the key space is large reduces the feasibility of a BFA.
• The time taken to try all combinations is related to the computing
power available.
8.2 Differential and linear cryptanalytic attacks
8.3 Implementation attacks
• An implementation attack does not focus on the algorithm, but on
the implementation of the algorithm, which typically involves both
hardware and software components.
• Software implementation attacks: These types of attacks exploit
weaknesses in the implementation of a cryptography system in a
software (Heartbleed vulnerability).
• Hardware implementation attacks: These attacks exploit the physical
phenomena that occur within the hardware during the cryptographic
process, as well as the manipulation of different parts of the
encrypting hardware device.
9 Other attacks
• Birthday attack is a form of BFA that uses the birthday paradox to attack
cryptographic hash functions.
• Meet-In-the-Middle Attack (MITM) is launched when the target uses an
encryption algorithm with layers, each of which uses a different key.
• Replay attack is a type of MITM attack in which an attacker is able to resend valid
credentials that they have captured by being in the middle.
• Related-key attack in which the attacker can observe multiple keys being used in a
cryptographic system.
• Rubber hose attack, it is the least sophisticated type of cryptanalytic attack. It
involves extraction of the key (password or similar information) from the owner,
using physical violence, coercion, torture or bribes.
• Activity 2.24 Your key – your secret and the law (CLMS).
Summary of Cryptographic attacks
• You have explored aspects of system security, which forms one of the core topics
of cyber security and this module.
• Block 2 started with an introduction to system security principles, the threats to a
system and guidelines for securing a computer system as prescribed by ISO
27001.
• You were then introduced to concepts of cryptography and cryptographic
algorithms, including the principles governing encryption and decryption
techniques.
• In Block 2 Part 4, you looked at cryptographic attacks and attack models, including
cryptanalysis techniques that are used to exploit vulnerabilities in cryptographic
methods and algorithms.
• Also, you will explore how you can apply some of the knowledge and skills you
have learned to secure operating systems.
Questions?