Cryptography Secure Socket Layer - Research Paper Example

? Full Paper Table of Contents Cryptography …………………………………… Page 3- 6 Conclusion …………………………………… Page 6-7 References …………………………………… Page 7 Glossary of Terms …………………………………… Page 8 Cryptography Secure Socket Layer v3 The reason for using an open source operating systems is to customize and select appropriate technology that was set to default. In this rapidly changing digital world of advanced hackers, new prevention techniques are invented for maximum prevention along with minimizing risks. One cannot predict that the blowfish encryption algorithm will also be replaced by the new and more secure algorithm known as (Anonymous2007, 500-500) two fish that will also be replaced at some period of this information age. Security requires constant and periodic changes to pace up and counter the threats that are ever increasing. We will use blowfish algorithm with the Secure Socket layer v3. Similarly, cryptography also goes with the same approach of upgrading new state of the art encryption algorithms one after another and from safe to the safest, so that it cannot be cracked. The tool utilized in this scenario is ‘keepass’ that is an open source tool for storing all the passwords in a database that is encrypted (Popov). The database can also be encrypted by blow fish (Anonymous2007, 71-71), as it incorporates no weak keys and the design is simple and understandable that supports analysis, algorithm integrity and repeatable block ciphers (Anderson. n.d). Likewise, block ciphers are 64 bits in length with variable length keys. S-boxes are dependent on large keys that are more resilient to cryptanalysis (Anderson. n.d). Moreover, permutations are key dependent with a support of diverse operations associated with mathematics that is integrated with XOR and addition (Anderson). For attacking the encrypted files, hacker can use many attack methods for retrieving the password files stored in the database maintained by ‘keepass’. The plaintext and cipher text methods of attacks incorporates a cryptanalyst that has an access to plaintext and the conforming cipher text and pursues to find association in between the two. Whereas, a cipher text is associated with an attack in which cryptanalyst is accessible to cipher text and do not have access to conforming plaintext. Hacker can use generic ciphers such as Caesar, frequency analysis for cracking the cipher on mission critical system. Moreover, hacker can also use a plaintext and chosen cipher text attack for retrieving the passwords. This type of attack incorporates a cryptanalyst that is capable of encrypting a plaintext of choice and examines the results of cipher text. This type of attack is most generic for asymmetric cryptography, as the hacker can gain public key via cryptanalyst. The hacker can also choose cipher text attack that incorporates a cryptanalyst selecting a cipher text that seeks for a similar plaintext and decrypt oracle that is a machine for decrypting data without exposure of key. Moreover, an attack can be executed the attack on public key encryption, as it initiate with a cipher text and seeks for similar matched plaintext data available publically. Adaptive attacks (Krawczyk) can also be used, as these attacks incorporate a cryptanalyst that selects plaintext or cipher text on the basis of previous results. Side channel attacks can also be utilized for data available in a mission critical workstation. These types of attacks extracts information associated with the physical deployment of cryptographic algorithm along with the hardware utilized for encrypting or decrypting data. These cryptographic methods mentioned earlier presume that access to plain text and cipher text is available to cryptanalyst and often to both types of data along with a possibility of cryptographic algorithms. Moreover, a side channel attack initiated by the hacker can expand its scope such as CPU cycles utilize or time taken for calculation, voltage utilization etc. Apart from this attack, hacker can also use network based attacks against Open SSL, as it utilizes two types of multiplications.one of them is called as Karatsuba that is used for words having the characteristics of equal size along with multiplication of those words that are not equal in size. (Yazici and Sener) Karatsuba is robust as the variation is speed can be validated by utilizing SSL TCP/IP data connection, however, information can be hacked by an hacker by using this type of multiplication methodology. For instance, a research team located at Stanford initiated a side channel timing attack for recovering the 1Mega Bit RSA key located on OpenSSL server. Likewise, the researchers utilized two hours and one million queries for the attack. A brute force attack will try to retrieve every reachable key in a systematic manner. Likewise, this type of attack is associated with plain text or cipher text type of attacks. A hacker can attempt to attack by a 4 bit key, as he will allocate a limited length of key along with adequate time for a successful brute force attack. Likewise, encryption algorithms may become vulnerable to brute force attacks as the time passes by because CPU utilization increases. A single DES encryption incorporates an effective length key comprising of 56 bits, as the key can be cracked within two or three days by utilizing dedicated hardware components such as Electronic Frontier Foundation’s Deep Crack (Schneider). Likewise, hacker will not be able to crack a 168 bit key in the similar fashion because it incorporates Advanced Encryption Standards (AES). He must ensure when the success of brute force attack on only cipher text is accomplished. One of the examples of a brute force attack is demonstrated in Fig 1.1. Figure 1.1 Source: (Anonymous) Another type of attack can be used for retrieving encrypted passwords available on secure systems. Man in the middle attack can be executed for attacking algorithms that are utilized for multiples keys associated with encryption. One of examples incorporates a successful man in the middle attack against double DES. For augmenting the solidity of 56 bit DES, double DES was suggested. As man in the middle attack is associated with plain text attacks, the cryptanalyst has accessibility to plaintext and the output cipher text (Paar, Jan Pelzl, and Preneel). One of the examples incorporates plaintext is ‘passwords’ and the double DES cipher text is named as ‘ABC’. The primary objective of cryptanalyst is to retrieve two keys i.e. Key 1 and Key 2 that were utilized for encryption. The hacker will first initiate a brute force attack on Key 1 by utilizing all 256 single DES keys for encrypting the plaintext of ‘passwords’ and stores all intermediate outputs of cipher texts and every key in a table. Secondly, he will impose Key 2 and decrypts ‘ABC’ for 256 times. During the process of decrypting the intermediate cipher text available in the table for the second brute force attack, objective is accomplished and both keys are now visible to the cryptanalyst. In this way, a hacker can successfully attack 256 attempts to retrieve the passwords. Conclusion For attacking a secure system or workstation that is maintaining encrypted passwords via an open source tool, hacker can deploy and execute various attack methods as discussed in the body of the paper. Some of the attack methods discussed incorporates Man-in-the-Middle Attack, Brute Force Attacks, Side Channel Attacks, Adaptive Chosen Plaintext and Adaptive Chosen Cipher text Attacks, Chosen Plaintext and Chosen Cipher text Attacks and Known Plaintext and Cipher text-Only Attacks. Organizations can increase the length of encrypted words for making the attack more difficult. As a result, systems will not be at high risk of being hacked. Bibliography Anderson, Ross. Fast Software Encryption: Cambridge Security Workshop, Cambridge, U. K., December 9-11, 1993: Proceedings Berlin ; Springer-Verlag, c1994. "Blowfish." 2007.Network Dictionary: 71-71. Conrad, Eric, Seth Misenar, and Joshua Feldman. CISSP Study Guide Syngress. Krawczyk, Hugo. Advances in Cryptology - CRYPTO '98: 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23-27, 1998, Proceedings (Lecture Notes in Computer Science) Springer. Popov, Dmitri. Hands on Open Source Lulu.com. Paar, Christof, Jan Pelzl, and Bart Preneel. Understanding Cryptography: A Textbook for Students and Practitioners Springer. Stinson, Douglas R. and Stafford Tavares. Selected Areas in Cryptograpy: 7th Annual International Workshop, SAC 2000, Waterloo, Ontario, Canada, August 14-15, 2000: Proceedings Berlin ; Springer, 2001. Schneider, Gary P. Electronic Commerce Course Technology. "Twofish." 2007.Network Dictionary: 500-500. Yazici, Adnan and Cevat Sener. Computer and Information Sciences -- ISCIS 2003: 18th International Symposium, Antalya, Turkey, November 3-5, 2003, Proceedings (Lecture Notes in Computer Science) Springer. Images "Complete Hacker's Handbook: Chapter Eight " , accessed 7/20/2012, 2012, http://www.telefonica.net/web2/vailankanni/HHB/HHB_CH08.htm. Glossary DES Digital Encryption Standards AES Advanced Encryption Standards CPU Central Processing Unit RSA Ron Rivest, Adi Shamir, and Leonard Adleman Read More