I know what you did in the last session: basic applied encryption

Although Janet was sitting in a cyber cafe and sent emails to their friends and surfed the internet, there were three people sitting at the tables who read all the emails they had previously sent to the email server. During this period, the thief could have access to his bank account, passwords for several business websites and credit card numbers. Now imagine sitting in the cafe. This scenario is not far from reality, and the main reason why the use of encryption in today's technology world is so important. Identity theft is a growing problem and there are ways that can help protect you from the victim.

Most people think that cryptography is an island on the magical land. However, cryptography is very real and not as complex as most. If you use the Internet, you probably use the encryption you use in your everyday functions. This allows you to access your bank account so that your monthly balance can be downloaded from the warehouse or the manufacturer to purchase automated components. Companies use cryptography to ensure that sensitive data remains confidential between the intended parties and that the data remains intact. Cryptography is to convert messages into secret code or secret. This process changes a simple text message with an algorithm to create an encrypted text / encrypted message.

Ciphers History

Cryptography has been working for thousands of years. In fact, in 2000, BC was used as hieroglyphs in Egypt. The Greeks also used encryption called Scytale encryption and wore it as a messenger. Scytale is designed to write a long leather ribbon on it and a specific size of staff. This leather band cut the staff to decrypt the encryption. Julius Caesar also used a cryptographic algorithm called ROT-3. This encryption puts three alphabets to the right and was then very effective.

Applied cryptography

Ok, but how does it affect you? The basic use of cryptography is to provide you with confidence (data confidentiality), integrity (protection from intentional or unintentional modifications) and authentication (prove who you are). Some forms even allow you to confirm the message that proves that the message was written, sent, or received. We'll briefly discuss the most commonly used encryption schemes that you can use every day while skipping trivial details.

X.509 expressions and digital certificates (used in digital signatures) will be heard on this page. Digital certificates are used in the same way as real signatures as proof of approval. The best-known companies selling these certificates are

o Verisign – http://www.verisign.com/

o Thwarte – http: //www.thawte. com /

(Provides Free Personal Email Digital Certificates)

Internet Traffic (Web Site Traffic and Email Security)

HTTPS: Authenticated Transfer Protocol over Secure Sockets Layer. Don't be fooled by HTTPS with SSL. This is a common misconception by those who do not understand SSL. HTTPS uses SSL to create an encrypted tunnel between the client and the server. This tunnel lasts until the full connection and is the most common Internet security service. This encryption format is determined by using the X.509 server-side certificate, which digitally signs the message.

S / MIME: Secure Multi-Purpose Internet Mail Exchange. S / MIME uses two X.509 certificates (also known as digital signatures) and both sign and encrypt the email. The author digitally signs the email with their own keys. If this happens, the message is encrypted with the recipient's public key and sent. When the message reaches the recipient, the message is decoded by the recipient's private key and then authenticated by the author's public key. This ensures that people using the package code (a program that allows a person to view traffic across the network) do not see their account information. Email clients, such as Netscape Communicator and Microsoft Outlook, can use S / MIME with little needed settings.

S-HTTP: Secure HTTP. The advantage of S-HTTP over HTTPS is that all messages are encrypted and not using a tunnel that is sensitive to middle and session hijacking. Another advantage of S-HTTP is that it enables bidirectional client / server authentication

Tunnel Encryption (Network Traffic Provision)

IPSec: IP Security Protocol is the most commonly used network encryption for the corporate world. When most of the computer industry is thinking about virtual private networks (VPNs), they are immediately thinking of IPSec. Companies using IPSec need an encrypted tunnel that allows all network traffic to flow. Unlike SSL, IPSec is not limited to a single port. Once the IPSec tunnel is created, the system must have the same network access as the physical location. This offers much more energy but requires much more. Another issue is security. The more open the network, the more vulnerable it is. This is another reason VPNs are usually out of the firewall. Vulnerabilities in IPSec include session hijacking and replay of attacks.

SSH: Secure Shell is a terminal, such as a tunnel, that protects data that crosses the network and must replace pure text protocols such as Telnet and FTP. This allows you to securely connect to a server over the Internet and remote system administrators without seeing everything they do for the rest of the world. One of the most popular Windows SSH clients is Putty.

SSL: Secured Socket Layer can be used to create a single port / socket virtual private network (VPN) using the server-side X.509 certificate. The most widespread use of SSL is website traffic via HTTP or HTTPS. SSL is vulnerable to middle attacks. Anyone can create a CA to distribute the certificates, but remember that the digital certificate is just as reliable as the CA that controls the certificate.

WEP: Wired Equivalent Data Protection. This algorithm uses a 40-bit key or a 128-bit key (24 bit for the initialization vector). Most devices allow the wireless access point to filter MAC addresses to increase access to the device. WEP is vulnerable, and criminal hackers (biscuits) take advantage of the WEP market. Some of the most popular tools for wardriving: Europe – WiFi package mixer Airsnort – WEP encryption key recovery tool Kismet – 802.11 Level 2 Wireless Network Sensor Netstumbler – 802.11 Level 2 Wireless Network Sensor

WPA: Wi -Free Protected Access is a new standard that will avoid old WEP technology in the near future. WPA uses a pre-shared key (PSK) for SOHO networks and Extensible Authentication Protocol for other wired / wireless networks for authentication. Some cryptoanalysts require a weaknessPK because a cracker can access the key and force the key with strong force until it is unknown. The encryption scheme used is Temporal Key Integrity Protocol (TKIP). TKIP provides more confidentiality and integrity with the use of a time key instead of a traditional static key. Most people welcome this technology on less secure WEP.

File Access (Protect Some Files)

Stenography: Stenography is a media that is in other media, such as a .JPG or image. You can add this data to the unused bits of the file, which you can see with a common hexa editor. Stenography is the easiest way to hide the message, but it is by far the least safe. The security of uncertainty is like a lock on the car door. It only seeks to keep honest people honest.

PGP: Pretty Good Privacy was a free program created by Philip Zimmerman in 1991 and was the first widely accepted public key system. PGP is an encryption tool used to encrypt different types of data and traffic. PGP can be used for S / MIME and digital signing of messages. PGP uses a trust network that allows the community to issue a trusted certificate instead of a certificate authority instead of a certificate. More information can be found at http://web.mit.edu/network/pgp.html

Personal / Freeware: This is available for download from MIT for free.

o Diffie-Hellman key exchange

o CAST 128-bit encryption

o SHA-1 hash function

Commercial: PGP® Software Developer Kit (SDK) 3.0.3 received federal information processing standards (FIPS) 140- second Level 1 validation by the National Institute for Standardization and Technology (NIST).

o RSA Key Exchange

o IDEA Encryption

o MD5 Splitting Function

CryptoAPI: Microsoft's cryptographic component that allows developers to encrypt data. Microsoft has also developed a CAPICOM ActiveX control that allows the script to access CryptoAPI.

All encryption models are vulnerable to one or more attacks. Listed below are the attack techniques that cryptoanalysts use to break the keys used to protect messages

Only Ciphertext-only: This is the simplest, but the most difficult to succeed. By attacking network traffic, an attacker retrieves encrypted text data. Once the key is rescued, the cracker can try to confirm the message until it resembles something legitimate.

Known Plaintext: This includes a cracker script that includes plain text and corresponding encrypted text for one or more messages. During World War II, the Japanese relied on cryptography, but the sending of formal messages was weak. These messages have been interrupted because the encrypted text started and ended with the same message. Part of the plain text was known, and the encryption methods with the known text method were able to decipher the message.

Selected text: similar to know-plaintext attack, but the attacker can select the text text to encrypt. An attacker may assume someone else's identity and send a message to the destination that needs to be encrypted. Since the plain text selection and the target send the encrypted message, the selected text attack is successful.

Selected-Ciphertext: cryptoanalyst connects to encrypted text and provides access to encrypted text.

Birthday Paradox: This attack is successful if a hash value of a plain text matches the hash value of a completely different plain text. This anomaly has been mathematically confirmed between 23, 23 * 22/2 = 253 pairs, each of which may serve as a potential candidate.

Brute-Force: This form of attack is implemented by passing all possible solutions or combinations until the answer is found. This is the most resource and time-consuming attack method

Dictionary: An attacker compares target hash values ​​with the hash value of frequently used passwords. The dictionary files can be downloaded from hundreds of websites.

Man-in-the-Middle: An attacker intercepts messages between two parties without knowing both targets that the relationship between them is at risk. This allows the attacker to modify the message of his choice.

Replay: Repeated attacks are simply replaying recorded data to try to capture the purpose of allowing unauthorized access.

Returning to a computer cafe when Janet joined a secure web server via SSL to perform internet banking and used S / MIME to send private e-mails, a computer thief never had a chance to be invisible become.

Source by Jeremy Martin

Leave a Reply

Your email address will not be published. Required fields are marked *