Chapter 2 - 08 - Understand Cryptographic Attacks - 04_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Hash Collision Attack A hash collision attack is performed by finding two different input messages that result in the same hash output ‘a This allows the attacker to perform cryptanalysis by exploiting the digital signature...

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Hash Collision Attack A hash collision attack is performed by finding two different input messages that result in the same hash output ‘a This allows the attacker to perform cryptanalysis by exploiting the digital signature used to generate a different message with same hash value figfi The SHA-1 algorithm converts input messages into constant-length unstructured strings of numbers and alphabets, which act as a fingerprint for the sent file Attacker is able to forge the victim’s digital signature of message al on the incorrect message a2 )/() Once the attacker is able to detect any collisions in the hash, they try to identify more collisions by concatenating data to the matching messages Copyright © by EC-Council. All Rights Reserved. ReproductionIs Strictly Prohibited Hash Collision Attack A hash collision attack is performed by finding two different input messages that result in the same hash output. For example, in a hash collision attack, “hash(al) = hash(a2)”, where al and a2 represent some random messages. Since the algorithm itself randomly selects these messages, attackers have no role in the content of these messages. This allows the attacker to perform cryptanalysis by exploiting the digital signature used to generate a different message with the same hash value. One of the most popular hash functions is SHA-1, which is widely used as a digital signature algorithm. SHA-1 converts an input message into a constant length of unstructured strings of numbers and alphabets, which act as a fingerprint for the sent file. Therefore, the attacker tries to identify similar hashed output to get the digital signatures of the victim. This allows the attacker to forge the victim’s digital signature of message al on message a2. Once the attacker detects a collision in the concatenating the data to matching messages. Module 02 Page 397 hash, he/she can identify more collisions by Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 DUHK Attack DUHK (Don't Use Hard-Coded Keys) is a cryptographic vulnerability that allows an attacker to obtain encryption keys used to secure VPNs and web sessions This attack mainly affects any hardware/software using the ANSI X9.31 random number generator (RNG) I (fi ( y N\ Pseudorandom number generators (PRNGs) generate random sequences of bits based on the initial secret value, called a seed, and the current state ) Both these factors are the key issues of a DUHK attack as any attacker could combine ANSI X9.31 with the hard-coded seed key to decrypt the encrypted data sent or received by that device Using this attack, attackers identify encryption keys and steal confidential information, such as critical business data, user credentials, and credit card details DUHK Attack Don't Use Hard-Coded Keys (DUHK) is a cryptographic vulnerability that allows attackers to obtain encryption keys used to secure VPNs and web sessions. This attack mainly affects any hardware/software using the ANSI X9.31 Random Number Generator (RNG). Pseudorandom number generators (PRNGs) generate random sequences of bits based on the initial secret value, called seed, and the current state. The PRNG algorithm generates cryptographic keys that are used to establish a secure communication channel over the VPN. In some cases, the seed key is hardcoded into the implementation. Both the factors are key issues of the DUHK attack, as any attacker can combine ANSI X9.31 with the hard-coded seed key to decrypt the encrypted data sent or received by that device. Man-in-the-middle attackers use the DUHK attack to learn the seed value, observe the current session, and obtain the current state value. Using this attack, attackers can identify encryption keys and steal confidential information such as critical business data, user credentials, and credit card details. Module 02 Page 398 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Rainbow Table Attack @ A rainbow table attack is a type of cryptography attack where an attacker uses a rainbow table to reverse cryptographic hash functions ©— A rainbow table is a precomputed table that contains word lists like —o— @ dictionary files and brute force lists and their hash values @ It uses the cryptanalytic time-memory trade-off technique to crack the cryptography, which requires less time than some other techniques @ @ @ An attacker computes the hash for a list of possible passwords and compares it to the precomputed hash table (rainbow table). If the attacker find a match, they can crack the password Rainbow Table Attack A rainbow table attack is a type of cryptography attack whereby an attacker uses a rainbow table for reversing cryptographic hash functions. A rainbow table attack uses the cryptanalytic time-memory trade-off technique, which is less time consuming than other techniques. It uses already calculated information stored in memory for encryption. In the rainbow table attack, the attacker creates a table of all the possible passwords and their respective hash values, called a rainbow table, in advance. A rainbow table contains word lists such as dictionary files and brute-force lists and their hash values. It is a lookup table particularly used for recovering a plaintext password from a ciphertext. The attacker uses this table to look for the password and tries to recover it from password hashes. An attacker computes the hash for a list of possible passwords and compares it with the precomputed hash table (rainbow table). If a match is found, then he/she can crack the password. It is easy to recover passwords by comparing the captured password hashes with pre-computed tables. Module 02 Page 399 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 DROWN 5 o A ~~~~~ Attack A DROWN attack is a cross-protocol weakness that can communicate and initiate an attack on servers that support recent SSLv3/TLS protocol suites 0O 1t affects cryptographic protocols like HTTPS and cryptographic services that depend on SSL and TLS O A DROWN attack makes the attacker decrypt the latest TLS connection between the victim client and server by launching malicious SSLv2 probes using the same private key O Attackers perform a DROWN attack as part of an online MitM attack, breaking the encrypted keys and sniffing sensitive information, such as passwords and bank account details Victim Client g --c-eceeeeereassnssasissssnsiisnsnnes > Victim server supporting SSLv2 Copyright © by E DROWN Attack Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) is a grave vulnerability that can affect important cryptographic protocols such as HTTPS and other cryptographic services that depend on SSL and TSL. The DROWN attack is a cross-protocol weakness that can communicate and initiate an attack on servers supporting recent SSLv3/TLS protocol suites. It is a new form of cross-protocol Bleichenbacher padding oracle attack. The server is critically vulnerable to the DROWN attack if = The server permits SSLv2 connection, which is mostly caused by a misconfiguration or incorrect default settings. = The same private key certificate is used on a different server that allows SSLv2 connection, and it also makes the TLS server vulnerable, as the SSLv2 server can leak the key information. The DROWN attack allows the attacker to decrypt the latest TLS connection between the victim client and the server by launching malicious SSLv2 probes using the same private key. Using this attack, the attacker can also force the victim client and server to use the RSA key exchange. Thus, the attacker can disrupt connections among the latest browsers and servers that favor the use of latest techniques, i.e., perfect-forward-secret key exchange, such as DHE and ECDH. Attackers perform the DROWN attack as part of an online man-in-the-middle (MITM) attack, breaking encrypted keys, sniffing or stealing sensitive information such as passwords and bank account details, and accessing personal emails or messages. By performing this attack, the attacker can also masquerade as a secure website and thus seize or change the website contents. Module 02 Page 400 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Victim Client Exam 212-82..........T!‘.S.ff’.".'f?f.tf?f’...........) Victim server supporting SSLv2 Attacker Figure 2.80: DROWN attack Module 02 Page 401 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser