Chapter 2 - 08 - Understand Cryptographic Attacks_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Module Understand Information Security Attacks Describe Hacking Methodologies and Frameworks Flow Understand Social Engineering Attacks Understand Wireless Network- specific Attacks Understand Network-level Attacks Understand IoT, OT, and Cloud Attacks Understand Applicationlevel and OS-level Attacks Understand Cryptographic Attacks Understand Cryptographic Attacks Attackers may implement various cryptography attacks to evade the security of a cryptographic system by exploiting vulnerabilities in code, ciphers, cryptographic protocols, or key management schemes. This section discusses various cryptographic attacks such as brute-force attacks, side-channel attacks, hash collision attacks, and rainbow-table attacks. Module 02 Page 385 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Cryptography Attacks a Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted information Attacker has access to the cipher text; the goal of this attack is to recover the encryption key from the ciphertext Attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions Attacker defines their own plaintext, feeds it into the cipher, and analyzes the resulting ciphertext Attacker can obtain ciphertexts encrypted under two different keys; this attack is useful if the attacker can obtain the plaintext and matching cipher text Attacker constructs a dictionary of plaintext along with its corresponding ciphertext that they have learnt over a certain period of time Copyright © by E cil Al Rights Reserved. Reproduction is Strictly Prohibited Cryptography Attacks (Cont’d) Known-plaintext v’ Attacker has knowledge of some part of the plain text; using this information, the Chosen-ciphertext v’ Attacker obtains plaintexts corresponding to an arbitrary set of ciphertexts of their Attack Attack key used to generate ciphertext is deduced to decipher other messages own choosing v’ Extraction of cryptographic secrets (e.g., the password to an encrypted file) from a person by coercion or torture Chosen-key Attack v/ Attacker usually breaks an n bit key cipher into 2 "/2 operations Timing Attack / Itis basec! op repeated_ly measuring the exact execution times of modular exponentiation operations BEbherNose Attacx Man-in-the-middle Attack - - v’ Attacker performs this attack on the public key cryptosystems where key exchange is required before communication takes place Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cryptography Attacks Attackers conduct cryptography attacks by assuming that the cryptanalyst has access to the encrypted information. A cryptography attack or cryptanalysis involves the study of various principles and methods of decrypting the ciphertext back to the plaintext without knowledge of the key. Module 02 Page 386 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 The various types of cryptography attacks are as follows: Ciphertext-only Attack Ciphertext-only is less effective but much more likely for the attacker. The attacker only has access to a but is also the plaintexts (or information at collection of ciphertexts. This is much more likely than known plaintext most difficult. The attack is completely successful if the corresponding even better, the key) can be deduced. The ability to obtain any all about the underlying plaintext is still considered a success. So what does the attacker do with the ciphertexts he/she has accumulated? You can analyze them for patterns, trying to find something that would give you a hint as to the key that was used to crack them. Often, the result of this attack is just a partial break and not a complete break. Adaptive Chosen-plaintext Attack In this type of attack, an attacker has complete access to the plaintext message including its encryption, and he/she can also modify the content of the message by making a series of interactive queries, choosing subsequent plaintext blocks based on the information from the previous encryption queries and functions. To perform this attack, an attacker needs to interact with the encryption device. Chosen-plaintext Attack A chosen plaintext attack is a highly effective type of cryptanalysis attack. In this attack, the attacker obtains the ciphertexts corresponding to a set of plaintexts of his/her own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key. Basically, since the attacker knows the plaintext and the resultant ciphertext, he/she gains many insights into the key used. This technique can be difficult but is not impossible. Related-Key Attack The related-key attack is similar to the chosen plaintext attack, except that the attacker can obtain ciphertexts encrypted under two different keys. This is actually a very useful attack if you can obtain the plaintext and matching ciphertext. The attack requires that the differing keys be closely related, e.g., in a wireless environment where subsequent keys might be derived from previous keys. Then, while the keys are different, they are close. Much like the ciphertext-only attack, this type of attack is most likely only going to yield a partial break. Dictionary Attack In this attack, the attacker constructs a dictionary of plaintext along with its corresponding ciphertext that he/she has analyzed and obtained for a certain period of time. After building the dictionary, if the attacker obtains the ciphertext, he/she uses the already built dictionary to find the corresponding plaintext. Attackers use this technique to decrypt keys, passwords, passphrases, and ciphertext. Module 02 Page 387 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Exam 212-82 Known-plaintext Attack In this attack, the only information available to the attacker is some plaintext blocks along with the corresponding ciphertext and algorithm used to encrypt and decrypt the text. Using this information, the key used to generate the ciphertext is deduced so as to decipher other messages. This attack works on block ciphers and is an example of linear cryptanalysis. The known plaintext blocks are generated using a series of intelligent guesses and logic, and not by accessing the plaintext over a channel. = Chosen-ciphertext Attack The attacker obtains the plaintexts corresponding to an arbitrary set of ciphertexts of his own choosing. Using this information, the attacker tries to recover the key used to encrypt the plaintext. To perform this attack, the attacker must have access to the communication channel between the sender and the receiver. There are two variants of this attack: = o Lunchtime or Midnight Attack: In this attack, the attacker can have access to the system for only a limited amount of time or can access only a few plaintextciphertext pairs. o Adaptive Chosen-ciphertext Attack: In this attack, the attacker selects a series of ciphertexts and then observes the resulting plaintext blocks. Rubber Hose Attack Attackers extract cryptographic secrets (e.g., the password to an encrypted file) from a person by coercion or torture. In general, people under pressure cannot maintain security, and they will reveal secrets or hidden information. Attackers torture victims to reveal secret keys or passwords used to encrypt the information. = Chosen-key Attack In this type of attack, larger system, which is bit key cipher into 2 "2 the system, and he can further attacks. * an attacker dependent operations. control the not only breaks a ciphertext but also breaks into a of that ciphertext. The attacker usually breaks an nOnce an attacker breaks the cipher, he gets access to whole system, access confidential data, and perform Timing Attack It is based on repeatedly measuring the exact execution times of modular exponentiation operations. The attacker tries to break the ciphertext by analyzing the time taken to execute the encryption and decryption algorithm for various inputs. In a computer, the time taken to execute a logical operation may vary based on the input given. An attacker tries to extract the plaintext by giving varying inputs. = Man-in-the-Middle Attack This attack is performed against a cryptographic protocol. Here, an attacker intercepts the communication Module 02 Page 388 between a client and a server and negotiates the cryptographic Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 parameters. Using this attack, an attacker can decrypt the encrypted content and obtain confidential information such as system passwords. An attacker can also inject commands that can modify the data in transit. The attacker usually performs an MITM attack on public-key cryptosystems where key exchange is required before communication takes place. Alternatively, attackers use downgrade attacks to perform an MITM attack. In the downgrade attack, attackers force the server to use unsecure protocols based on older encryption algorithms with weak ciphers and small key lengths. Using this technique, attackers also forge digital signatures on digital certificates and make the victim believe that they are communicating with a legitimate entity. Module 02 Page 389 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Brute-Force Attack Attack Scheme Defeating a cryptographic scheme by trying a large number of possible keys until the correct encryption key is discovered Brute-Force Attack Brute-force attack is a high-resource and time intensive process, but it is more guaranteed to achieve results Success Factors Success of brute-force attack depends on the length of the key, time constraint, and system security mechanisms Estimated Time for Successful Brute-force Attack $ 2K (1 PC; can be achieved by an individual) $ 100K (can be achieved by a company) $ 1M (can be achieved by a huge organization or a state) 40 bits (5 char) 56 bits (7 char) 64 bits (8 char) 128 bits (16 char) 1.4 min 73 days 50 years 1020 years 2 sec 35 hours 1 year 10719 years 0.2 sec 3.5 hours 37 days A 10718 years Copyright © by E | cil Al Rights Reserved. Reproduction is Strictly Prohibited Brute-Force Attack It is extremely difficult to crack cryptographic systems, as they have no practical weaknesses to exploit; however, it is not impossible. Cryptographic systems use cryptographic algorithms to encrypt a message. These cryptographic algorithms use a key to encrypt or decrypt messages. In cryptography, this key is the important parameter that specifies the transformation of plaintext to ciphertext and vice versa. If you are able to guess or find the key used for decryption, then you can decrypt the messages and read them in clear text. 128-bit keys are common and considered strong. From a security perspective, to avoid guessing the key, cryptographic systems use randomly generated keys. This makes you devote considerable effort toward guessing the key. However, you still have a choice to determine the key used for encryption or decryption. You can attempt to decrypt a message using all possible keys until you discover the key used for encryption. This method of discovering a key is called a brute-force attack. However, doing so requires a massive amount of processing power. It is a resource-intensive and time-intensive process. For any non-flawed protocol, the average time needed to find the key in a brute-force attack depends on the length of the key. If the key length is short, then it will take less time to find the key; if it is long, it will take more time. A brute-force attack will be successful if and only if the attacker has enough time to discover the key. However, the time required is relative to the length of the key. The difficulty of a brute-force attack depends on various factors, such as = The length of the key = The number of possible values each component of the key can have = The time it takes to attempt each key Module 02 Page 390 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Exam 212-82 |f there is any mechanism that locks the attacker out after a certain number of failed attempts For example, if a system could brute-force a DES 56-bit key in one second, then for an AES 128bit key, it takes approximately 149 trillion years. To perform a brute-force attack, the attacker needs double the time for every additional bit of key length; the reason is that the number of keys doubles with an increase of one bit. However, a brute-force attack is more likely to achieve results. Power/Cost $ 2K (1 PC. Can be achieved 40 bits 56 bits 64 bits 128 bits (5 char) (7 char) (8 char) (16 char) i " by an individual) 1.4 min 73 days 50 years 10720 years 3 100K (this can be achieved by a company) 2 sec 35 hours 1year 10719 years ? 1M U{‘Ch',e vedby a huge organization or a state) 0.2 sec 3.5 hours 37 days 10718 years Table 2.8: Estimate time for a successful brute-force attack Module 02 Page 391 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Birthday Attack O Abirthday attack is the name used to refer to a class of brute-force attacks against cryptographic hashes that makes the brute forcing easier %+ Birthday paradox: The probability that two or more people in a group of 23 share the same birthday is greater than 0.5 Birthday Paradox The basic idea is as follows: How many people would you need to have in a room to have _ a strong likelihood How many people do you need to have a high likelihood that two share the same birth day (i.e., same day and month but not necessarily the same year)? that two would have the same birthday? 'i' The paradox is not asking how many people you need to guarantee a match, just how many you need to have a strong There are 365 days in a year, so you might think at least half of that, or 182 people, but it is actually only 23! Obviously, if you put 367 people in a room, at least 2 of them must have the same birthday because there are only 365 days in a year, plus one more in a leap year probability L Even with 23 people in the room, you have a 50 percent chance ‘ that 2 will have the same birthday Birthday Attack A birthday attack refers to a class of brute-force attacks against cryptographic hashes that renders brute-forcing easier to performs. This attack depends on the birthday paradox, which is the probability of two or more people in a group of 23 sharing the same birthday is greater than 0.5. Birthday Paradox For example, how many people are needed to have a high likelihood that two will share the same birthday (i.e., same day and month, not year). There are 365 days a year, and therefore, you might think that at least half or 182 people share the same birthday, when it is actually only 23! The basic idea is as follows: How many people would you need to have in a room to have a strong likelihood that two amongst them would have the same birthday (same day and month, but not year). Obviously, if you put 367 people in a room, at least two of them must have their birthdays on the same day and month since there are only 365 days in a year, and an additional day in the case of a leap year. The paradox is not the number of people you need to guarantee a match, but the number of people you need to have a strong probability. Even with 23 people in a room, there is a 50% chance that two them will have their birthdays on the same day and month. Module 02 Page 392 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Birthday Paradox: Probability Because these events are all independent, we can The probability that the first person does not share a birthday with any previous person is 100 percent because there are no previous people in the set. This can be written as 365/365 The second person has only one preceding person, and the probability that the second person has a birthday different from the first is 364/365. @. - Z:ee g?:gep te\;s: :rr:ég:f:: :fozzinsgfi‘;w"h probability for the third person is ’ 363/365 compute the probability as follows: 365/365 * 364/365 * 363/365 * 362/365... * 342/365 (342/365 is the probability of the 23rd person sharing a birthday with a preceding person) When we convert these to decimal values (truncate to 3 decimal places) yields:. 1*0.997... N A 5 *0.994 * 0.991 * 0.989 * 0.986 *...0.936 = 0.49, or 49 percent This 49 percent is the probability that 23 people will not have any birthdays in common; thus, there is a 51 B h ven Crc) hance e e 2otof th 2 that 2 will have a birthday in common L All Rights Reserved. Reproductionis Strictly Prohibited Birthday Paradox: Probability The probability that the first person does not share a birthday with any previous person is 100% because there are no previous people in the set. This can be written as 365/365. The second person has only one preceding person, and the odds that the second person has a birthday different from the first are 364/365. The third person might share a birthday with two preceding people, so the odds of sharing a birthday with either of the two preceding people are 363/365. Because each of these are independent, we can compute the probability as follows: 365/365 * 364/365 * 363/365 * 362/365... * 342/365 (342 is the probability of the 23rd person who shares a birthday with a preceding person). When we convert these to decimal values, it yields (truncating at the third decimal point) 1 * 0.997 * 0.994 * 0.991 * 0.989 * 0.986 *... 0.936 = 0.49 or 49%. This is the probability that 23 people will not have any birthdays in common; thus, there is a 51% (better than even odds) chance that two of the 23 will have a birthday in common. The idea behind the birthday attack is to attempt to find a collision for a given hash. Now, assume that the hash is MD5 with a 128-bit output. You would have to try 27128 possible hashes to guarantee a collision, which is a very large number. In decimal notation, it is 3.4028236692093846346337460743177e+38 Now, from the birthday paradox, we need 1.174v2/128 or 21656477542535013597.184 hashes to guarantee a collision. Furthermore, this is still a very large number but many orders of magnitude smaller than the abovementioned value. Module 02 Page 393 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Side-Channel Attack A side-channel attack is a physical attack performed on a cryptographic device/cryptosystem to gain sensitive information Cryptography is generally part of the hardware or software that runs on physical devices, such as semi-conductors (including resistors, transistors, etc.) These physical devices are affected by various environmental factors, including power consumption, electro-magnetic field, light emission, timing and delay, and sound In a side-channel attack, an attacker monitors these channels (environmental factors) and tries to acquire the information useful for cryptanalysis :..................> 3 Operation Security Boundary Output data Ex: Plaintext «++ > Q - TN < P \ 4 Side-Channel Analysis Channel H : v Assume that encrypted data is to be decrypted v At the time of decryption in a cryptosystem, and displayed as plain text inside a trusted zone physical environmental factors, such as timing of a computer are recorded by an attacker v Timing Information Power Dissipation } and power dissipation, acting on the components n MU0 ?o ,,,,,,,,,,,, “Main” T 1 R A wes Cryptographic 0 ! inputdata N 2 § ¥' The attacker analyzes this information in an Electromagneti Fields Light attempt to gain useful information for cryptanalysis L Al Rights Reserved, Reproduction is Str Side-Channel Attack A side-channel attack is a physical attack performed on a cryptographic device/cryptosystem to gain sensitive information. Cryptography is generally part of the hardware or software that runs on physical devices such as semi-conductors (resistor, transistor, and so on) that interact with and affect various environmental factors as follows: Power Consumption Reveals operations that take place and parameters involved. It is applicable only to hardware cryptosystems. Power consumption analysis is of two types: o Simple Power Analysis (SPA): Provides information regarding the instruction being executed at a certain time and the values of input and output o Differential Power Analysis (DPA): It does not require the knowledge of the details of algorithm implementation; it exploits statistical methods Electromagnetic Field Computer components often generate electromagnetic radiation. By measuring the variations of the electromagnetic field over the chip surface, an attacker can predict its correlation to the underlying computation and data and may be able to deduce some valuable information about this computation and data. Light Emission Kuhn found that the average luminosity of a cathode ray tube (CRT) diffuse reflection of a wall is sufficient to reconstruct the signal displayed on the CRT. Thus, an attacker can gather ample information by reading the signals that a trusted computing platform’s optical output channels emit. Module 02 Page 394 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 According to Loughry and Umphress, one can deduce the data a computer is processing based on the optical radiation emitted from its LED (light-emitting diode) status indicators. * Timing and Delay Systems often compute cryptographic algorithms without time consistency owing to performance optimizations. If such computations involves secret data, then the variations in time can be used to infer the secret information. Here, the attacker analyzes the time taken by a cryptographic device to process each message to discover the secret parameters. = Sound Acoustic attacks exploit the sound produced during a computation. These emissions are from keyboards and computing components (e.g., CPU, memory) acoustic In a side-channel attack, an attacker monitors these channels (environmental factors) and tries to acquire useful information for cryptanalysis. The information thus acquired is termed as sidechannel information. Side-channel attacks are different from traditional/theoretical forms of attacks such as brute-force attacks. The side-channel attack depends on the way in which systems implement cryptographic algorithms rather than the algorithm itself. Mitigation techniques for side-channel-attacks include the following: = Use differential power analysis (DPA) proof protocols with delimited side-channel leakage characteristics and update the keys before the leakage accumulation is significant = Use fixed-time algorithms (i.e., no data-dependent delays) ® Mask and blind algorithms using random nonces = |mplement differential matching techniques to minimize net data-dependent leakage from logic-level transitions = Pre-charge registers and busses to remove leakage signatures from predictable data transitions = Add amplitude or temporal noise to reduce the attacker's signal-to-noise ratio Side-Channel Attack — Scenario Assume that encrypted data are to be decrypted and displayed as plaintext zone. At the time of decryption in a cryptosystem, physical environmental timing and power dissipation, acting on the components of a computer are attacker. The attacker then analyzes this information to gain useful cryptanalysis. Module 02 Page 395 inside a trusted factors, such as recorded by an information for Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Information Security Attacks m. e O NI Input data lll:--l.llllll-lllll % > : Ex: Ciphertext -y R ) NN alede NN NN NS Crz)ptog?phic era |°n EX"I))ecryption : @ (} EE REEEREENNEERRREEEREERRRERRRRRRRERERR,, Security Boundary Output data “Main” Ex: Plaintext Channel SEssssssssssEssEssEns. :. s Unintended “Side” Channel(s) Timing Information Power Side-Channel Analysis Dissipation Electromagnetic Fields Light Figure 2.79: Side-Channel attack — scenario Module 02 Page 396 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Hash Collision Attack A hash collision attack is performed by finding two different input messages that result in the same hash output ‘a This allows the attacker to perform cryptanalysis by exploiting the digital signature used to generate a different message with same hash value figfi The SHA-1 algorithm converts input messages into constant-length unstructured strings of numbers and alphabets, which act as a fingerprint for the sent file Attacker is able to forge the victim’s digital signature of message al on the incorrect message a2 )/() Once the attacker is able to detect any collisions in the hash, they try to identify more collisions by concatenating data to the matching messages Copyright © by EC-Council. All Rights Reserved. ReproductionIs Strictly Prohibited Hash Collision Attack A hash collision attack is performed by finding two different input messages that result in the same hash output. For example, in a hash collision attack, “hash(al) = hash(a2)”, where al and a2 represent some random messages. Since the algorithm itself randomly selects these messages, attackers have no role in the content of these messages. This allows the attacker to perform cryptanalysis by exploiting the digital signature used to generate a different message with the same hash value. One of the most popular hash functions is SHA-1, which is widely used as a digital signature algorithm. SHA-1 converts an input message into a constant length of unstructured strings of numbers and alphabets, which act as a fingerprint for the sent file. Therefore, the attacker tries to identify similar hashed output to get the digital signatures of the victim. This allows the attacker to forge the victim’s digital signature of message al on message a2. Once the attacker detects a collision in the concatenating the data to matching messages. Module 02 Page 397 hash, he/she can identify more collisions by Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 DUHK Attack DUHK (Don't Use Hard-Coded Keys) is a cryptographic vulnerability that allows an attacker to obtain encryption keys used to secure VPNs and web sessions This attack mainly affects any hardware/software using the ANSI X9.31 random number generator (RNG) I (fi ( y N\ Pseudorandom number generators (PRNGs) generate random sequences of bits based on the initial secret value, called a seed, and the current state ) Both these factors are the key issues of a DUHK attack as any attacker could combine ANSI X9.31 with the hard-coded seed key to decrypt the encrypted data sent or received by that device Using this attack, attackers identify encryption keys and steal confidential information, such as critical business data, user credentials, and credit card details DUHK Attack Don't Use Hard-Coded Keys (DUHK) is a cryptographic vulnerability that allows attackers to obtain encryption keys used to secure VPNs and web sessions. This attack mainly affects any hardware/software using the ANSI X9.31 Random Number Generator (RNG). Pseudorandom number generators (PRNGs) generate random sequences of bits based on the initial secret value, called seed, and the current state. The PRNG algorithm generates cryptographic keys that are used to establish a secure communication channel over the VPN. In some cases, the seed key is hardcoded into the implementation. Both the factors are key issues of the DUHK attack, as any attacker can combine ANSI X9.31 with the hard-coded seed key to decrypt the encrypted data sent or received by that device. Man-in-the-middle attackers use the DUHK attack to learn the seed value, observe the current session, and obtain the current state value. Using this attack, attackers can identify encryption keys and steal confidential information such as critical business data, user credentials, and credit card details. Module 02 Page 398 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Rainbow Table Attack @ A rainbow table attack is a type of cryptography attack where an attacker uses a rainbow table to reverse cryptographic hash functions ©— A rainbow table is a precomputed table that contains word lists like —o— @ dictionary files and brute force lists and their hash values @ It uses the cryptanalytic time-memory trade-off technique to crack the cryptography, which requires less time than some other techniques @ @ @ An attacker computes the hash for a list of possible passwords and compares it to the precomputed hash table (rainbow table). If the attacker find a match, they can crack the password Rainbow Table Attack A rainbow table attack is a type of cryptography attack whereby an attacker uses a rainbow table for reversing cryptographic hash functions. A rainbow table attack uses the cryptanalytic time-memory trade-off technique, which is less time consuming than other techniques. It uses already calculated information stored in memory for encryption. In the rainbow table attack, the attacker creates a table of all the possible passwords and their respective hash values, called a rainbow table, in advance. A rainbow table contains word lists such as dictionary files and brute-force lists and their hash values. It is a lookup table particularly used for recovering a plaintext password from a ciphertext. The attacker uses this table to look for the password and tries to recover it from password hashes. An attacker computes the hash for a list of possible passwords and compares it with the precomputed hash table (rainbow table). If a match is found, then he/she can crack the password. It is easy to recover passwords by comparing the captured password hashes with pre-computed tables. Module 02 Page 399 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 DROWN 5 o A ~~~~~ Attack A DROWN attack is a cross-protocol weakness that can communicate and initiate an attack on servers that support recent SSLv3/TLS protocol suites 0O 1t affects cryptographic protocols like HTTPS and cryptographic services that depend on SSL and TLS O A DROWN attack makes the attacker decrypt the latest TLS connection between the victim client and server by launching malicious SSLv2 probes using the same private key O Attackers perform a DROWN attack as part of an online MitM attack, breaking the encrypted keys and sniffing sensitive information, such as passwords and bank account details Victim Client g --c-eceeeeereassnssasissssnsiisnsnnes > Victim server supporting SSLv2 Copyright © by E DROWN Attack Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) is a grave vulnerability that can affect important cryptographic protocols such as HTTPS and other cryptographic services that depend on SSL and TSL. The DROWN attack is a cross-protocol weakness that can communicate and initiate an attack on servers supporting recent SSLv3/TLS protocol suites. It is a new form of cross-protocol Bleichenbacher padding oracle attack. The server is critically vulnerable to the DROWN attack if = The server permits SSLv2 connection, which is mostly caused by a misconfiguration or incorrect default settings. = The same private key certificate is used on a different server that allows SSLv2 connection, and it also makes the TLS server vulnerable, as the SSLv2 server can leak the key information. The DROWN attack allows the attacker to decrypt the latest TLS connection between the victim client and the server by launching malicious SSLv2 probes using the same private key. Using this attack, the attacker can also force the victim client and server to use the RSA key exchange. Thus, the attacker can disrupt connections among the latest browsers and servers that favor the use of latest techniques, i.e., perfect-forward-secret key exchange, such as DHE and ECDH. Attackers perform the DROWN attack as part of an online man-in-the-middle (MITM) attack, breaking encrypted keys, sniffing or stealing sensitive information such as passwords and bank account details, and accessing personal emails or messages. By performing this attack, the attacker can also masquerade as a secure website and thus seize or change the website contents. Module 02 Page 400 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Victim Client Exam 212-82..........T!‘.S.ff’.".'f?f.tf?f’...........) Victim server supporting SSLv2 Attacker Figure 2.80: DROWN attack Module 02 Page 401 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.