I Know What You Did Last Session: Basic Applied Cryptography

While Janet was sitting in a cyber café sending emails to friends and surfing the web, there was a person sitting three tables away reading each email she sent before they ever got to the email server. During this period of time, the thief was able to get access to her bank account, seoboost passwords to several business websites, and her credit card number. Now imagine that you were the on sitting in the café. This scenario is not far from reality and is the main reason that using cryptography is so important in today’s technological world. Identity theft is a growing problem and there are ways you can help protect yourself frombecoming the victim. createssh

Most people think that cryptography is an island in the magical land of make believe. However, cryptography is very real and not as complex as most would believe. If you use the Internet, you are likely to use applied cryptography in your day-to-day functions. This can be accessing you bank account to retrieve your monthly balance to purchasing automotive parts from a warehouse or manufacturer. Companies use cryptography to make sure sensitive data stays confidential between the intended parties and the data stays intact. Cryptography is the art of converting messages into a secret code or cipher. This process alters a plaintext message using an algorithm to create a ciphertext/encrypted message. supermoz

History of Ciphers

Cryptography has been in use for thousands of years. In fact, it was in use before 2000 B.C. Egypt in the form of hieroglyphs. The Greeks even used encryption referred to as the Scytale cipher and was worn as a belt by couriers. The Scytale was designed a combination of a long strip of leather with writing on it and a specific sized staff. This leather strip would be wrapped around the staff to decrypt the ciphertext. Julius Caesar also used a cryptographic algorithm referred to as ROT-3. This encryption shifts the alphabet three spaces to the right and was very effective at the time. directory24x7

Applied Cryptography

Ok, but how does it affect you? The basic uses of cryptography are to provide confidentially (secrecy of the data), integrity (protection from intentional or unintentional alteration), and authentication (prove you are who you say you are). Some forms even allow for Nonrepudiation services that prove that the message was written, sent, or received. We will briefly discuss the most commonly used cryptographic schemes that you may use every day while leaving the trivial details out. buddylinks

You will hear the terms X.509 and digital certificates (used in digital signatures) throughout this paper. Digital certificates are used in the same way a real signature is used as a verification of endorsement. The most well know companies that sell these certificates are:

(Offers free personal email digital certificates)

Internet traffic (Securing website traffic and email)

HTTPS: Hypertext Transfer Protocol over Secured Socket Layer. Do not mistake HTTPS with SSL. This is a common misnomer that is spread by those that do not understand SSL. HTTPS uses SSL to create an encrypted tunnel between a client and a server. This tunnel lasts the entire connection and is the most common website security feature on the Internet. This form of encryption is established by the use of a server side X.509 certificate that digitally signs the message.

S/MIME: Secure Multipurpose Internet Mail Exchange. S/MIME uses two X.509 certificates (also called digital signature) and both signs and encrypts the email. The author digitally signs the email with their private key. Once this happens, the message is then encrypted with the recipient’s public key and sent. When the message reaches the recipient the message is decrypted with the recipient’s private key, and then verified using the author’s public key. This ensures that people using a packet sniffer (a program that allows a person to view traffic crossing the network) do not see your account information. Email clients like Netscape Communicator and Microsoft Outlook can use S/MIME with little setup required.

S-HTTP: Secured HTTP. The benefit of S-HTTP over HTTPS is the fact that each message is encrypted rather then using a tunnel that is vulnerable to both a man-in-the-middle and a session hijack attack. Another advantage of S-HTTP is that it allows for two-way client/server authentication

Tunneling encryption (Securing network traffic)

IPSec: IP Security Protocol is the most commonly used network encryption for the corporate world. When most people in the computer industry think about Virtual Private Networks (VPN)s, they immediately think of IPSec. Companies that use IPSec need an encrypted tunnel that allows all network traffic to flow through. Unlike SSL, IPSec is not limited to a port. Once the IPSec tunnel has been established, the system should have the same network access that it would have at the physical location. This offers far more power, but also requires far more overhead. Another issue is security. The more open the network, the more vulnerable it is. This is another reason why VPNs are usually on the outside of a firewall. Vulnerabilities to IPSec include session hijacking, and replay attacks.

SSH: Secure Shell provides a terminal like tunnel that protects the data crossing the network and should replace clear text protocols like Telnet and FTP. This allows you to connect to a server over the Internet securely over the Internet and administer remote systems without allowing the rest of the world to see everything you are doing. One of the most popular windows SSH clients is Putty.

SSL: Secured Socket Layer can be used to create a single port/socket Virtual Private Network (VPN) using a server side X.509 certificate. The most common use of SSL is webpage traffic over HTTP or HTTPS. SSL is vulnerable to man-in-the-middle attacks. Anyone can create a CA to distribute certificates, but keep in mind that a digital certificate is only as trustworthy as the CA that controls the certificate.

WEP: Wired Equivalent Privacy. This algorithm uses either a 40-bit key or a 128-bit (24 of the bits is used for the initialization vector) key. Most devices also allow for a wireless access point to filter MAC addresses to increase access controls onto the device. WEP is vulnerable and has been exploited by criminal hackers (crackers) while wardriving since WEP has hit the market. Some of the more popular tools used for wardriving are: Airopeek – a WiFi packet sniffer Airsnort – a WEP encryption key recovery tool Kismet – an 802.11 layer2 wireless network detector Netstumbler – an 802.11 layer2 wireless network detector

WPA: Wi-Fi Protected Access is a new standard that will overtake the old WEP technology in the near future. WPA uses a Pre-Shared Key (PSK) for SOHO networks, and Extensible Authentication Protocol for other wired/wireless networks for authentication. Some cryptoanalysts claimPSK is a weakness due to the fact that a cracker can access the key and brute force the key until it is known. The encryption scheme that is used is Temporal Key Integrity Protocol (TKIP). TKIP ensures more confidentiality and integrity of the data by using a temporal key instead ofthe traditional static key. Most people welcome this technology over the less secure WEP.

File access (Securing individual files)

Stenography: Stenography is the art of concealing files or messages in other media such as a .JPG image or .MPG video. You can add this data in the unused bits of the file that can be seen by using a common hex editor. Stenography is the easiest way to hide a message, but is by far the least secure. Security by obscurity is like a lock on a car door. It is only intended to keep the honest people honest. For more info please visit these sites:-https://www.stumbledirectory.org/ https://www.bizfront.org/ https://www.bizprimary.com/ https://www.ultradir.biz/ https://www.directori.co/


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *