Tag Archives: Cryptography

Your data has been taken hostage!

ransomwareOn December 1989, several thousand diskettes labeled “AIDS Information – Introductory Diskette Version 2.0” were delivered to users around Europe luring the users to install a software that contained information about AIDS/HIV claimed to come from PC Cyborg Corporation. After installing the software the trojan horse would start encrypting sections of the hard drive using substitution ciphers.  Following a reboot a message would be shown to the user that the software license had expired and the user would need to send 189$ to a post box in Panama to get his files back.  This was the first extortion based attack relying on cryptography. Not long after a decryption routine was made available to help users get their files back. This was possible because the trojan horse relied on weak symmetric encryption [1].

Malicious cryptography evolved and back in 1996, Adam Young and Moti Yung published a paper on the 17th IEEE Symposium named Cryptovirology: Extorsion based security threats and countermeasures. A influential paper that presented the idea of cryptovirology and demonstrated the offensive side of cryptography using asymmetric encryption. One of the offensive method described in the paper consists of an extortion based attack that will result in loss of access to information.   This is accomplished by the cryptovirus:  A cryptovirus (cryptotrojan) is a computer virus (Trojan horse) that uses a public key generated by the author to encrypt data that resides on the host system, in such a way that can only be recovered by the author of the virus (assuming no fresh backup exists).  Years after, the security industry started to see more of this type of extortion based attacks such as the GpCode trojan initially seen in 2004 by security software company Kaspersky. Some variants claimed to be using strong asymmetric algorithms such as RSA but they used weak algorithms allowing researchers to retrieve the users files.  Michael Ligh had a nice write up on one of these variants here and more recently the security researcher XyliBox also dissected one of these samples.

Last year and this year the security industry saw a uptick in malware connoted as ransomware such as variants of Cryptolocker, CryptoDefense and Cryptowall. Dell SecureWorks Counter Threat Unit have great write up here and here about these threats. These extortion based attacks gained popularity due to its spread using effective phishing campaigns – check Brian Krebs on Operation Torvar – and new techniques relying on strong encryption to make your most important files useless. New variants of ransomware even take advantage of asymmetric cryptographic protocol ECDH – Elliptic curve Diffie–Hellman.  Essentially the files are encrypted with a symmetric key and this key is then encrypted with a public key which can only be decrypted by a private key belonging to the attacker. To get this key the users are persuaded to pay a bounty using virtual currencies such as Bitcoin. The security company Bromium recently published an interesting analysis report about the crypto malware families seen in the past 18 months.

What can you do? The most effective defense against these type of threats is to have proper backups. This type of malware has the capability to encrypt any attached storage such as USB drives or network drives – make sure you do your backups and keep that external drive disconnected. You back up your data once a day, right? at least weekly? maybe monthly? For enterprises the tools and processes used to backup and restore information in a timely manner need to be in place. Please note that Windows has a feature called Volume Shadow Copy that allows you to restore files to their previous state however the newer variants of this malware delete shadow copies and disable the service prior to encrypting the files.

Other things can be done, like educating users to not open attachments or links in emails from unknown senders and be suspicious about unexpected attachments and links from known senders. Also make sure to keep your software updated. Other techniques might include hardening your system using Microsoft AppLocker to introduce software whiltelisting.

[1] Szor, Peter (2004) The Art of Computer Virus Research and Defense. Addison-Wesley

Tagged , , , , , , , ,

Crypto Basics

“In order to understand security in cyberspace, you need to understand cryptography. You don’t have to understand the math, but you have to understand its ramifications” – Bruce Schneier

Following my previous articles here and here about Public Key Infrastructure (PKI) let’s reinforce and review the crypto stuff  that makes its foundations.

Confidentiality ensures that a message can be read only by the intended recipient. Confidentiality is achieved through the use of encryption. Encryption is the mathematical transformation of plain text into ciphertext using an algorithm and a key. There are two types of encryption systems:

  • Symmetric Encryption: Also called shared-key encryption or secret-key cryptography, A symmetric encryption algorithm uses a single key that both the sender and recipient possess. The same key is used to encrypt and decrypt data and is shared by both parties.  If Alice wants to send Bob a secret document they agree on a cryptosystem and a common key. Alice encrypts the secret document (plaintext) using the agreed algorithm and the secret key. This will produce a encrypted document (ciphertext) that she will sent to Bob. Bob will decrypt the document using the same algorithm and same key and reads it. Example of symmetric encryption algorithm are DES, 3DES, RC2 or AES. The following picture illustrates this process.

Symetric crypto

Let’s see how we could encrypt (enc) a plaintext document (-in) using a symmetric algorithm (-des3) using a key (-k) to produce a ciphertext document (-out). This will be done on a Linux command line with OpenSSL.

$openssl enc -des3 -k secretkey -in plaintext.doc -out ciphertext.bin

Now that we have our encrypted the plaintext document lets dump the contents of both files in hexadecimal and ASCII (hexdump -C) both files to see the plaintext and the gibberish.

$ hexdump -C plaintext.doc
00000000  74 6f 70 73 65 63 72 65  74 0a                    |topsecret.|
$ hexdump -C ciphertext.bin 
 00000000  53 61 6c 74 65 64 5f 5f  2a 34 ce d4 6f 43 6b 93  |Salted__*4..oCk.|
 00000010  2f 41 5e 00 aa 14 e7 60  ce 89 66 35 2c 08 60 99  |/A^....`..f5,.`.|

We can also encrypt files on Windows system by taking advantage of the EFS functionality. To do this operation we will need to first generate a new certificate and key (cipher /K). Then we could encrypt (/E) a plaintext document using a symmetric algorithm. This will be done on a Windows command line with cipher /E. We can then display information about the encrypted with (/C).

c:\TopSecret> cipher /K
EFS certificate thumbprint for computer HOST:
7FE0 9328 7CBF 915D 672C B617 2368 A34E BC33 FE7E
c:\TopSecret> cipher /E plaintext.doc
Encrypting files in c:\TopSecret
plaintext.doc [OK]
1 file(s) [or directorie(s)] within 1 directorie(s) were encrypted.
c:\TopSecret> cipher /C plaintext.doc
Listing c:\TopSecret\
New files added to this directory will not be encrypted.
E plaintext.doc
Compatibility Level:
Windows XP/Server 2003
Users who can decrypt:
 Host\Alice [Alice(Alice@Host)]
 Certificate thumbprint: 5DFF 4841 DA18 6D3B 5646 246B 71E3 EC3B 735A 9BC6
No recovery certificate found.
Key Information:
 Algorithm: AES
 Key Length: 256
 Key Entropy: 256
  • Asymmetric encryption: Unlike the symmetric encryption that uses the same key, asymmetric encryption uses multiple keys. There are two mathematically related keys. It’s a key pair consisting of a public key and a private key which are used for the encryption and decryption process. If the public key is used for encryption, the associated private key is used for decryption – this is the encryption process. If the private key is used for encryption, the associated public key is used for decryption – this is the signing process. The private key should be kept secret and the public key can be freely distributed. The public key which can be an attribute of a digital certificate is usually published in a public directory service such as LDAP or Active Directory. You can also combine public-key encryption with hash algorithms to produce a digital signature. If Alice wants to send Bob a secret document they agree on a public-key cryptosystem. Bob then sends Alice his public key. Alice encrypts the secret document using Bob’s public key and sends it to Bob. Bob will decrypt the document using the same algorithm and his private key. Example of asymmetric encryption algorithms are RSA, DSA, ElGamal, and ECC. Below is an illustration of this process using a public directory service:

 Assymetric crypto

Let’s see how Bob could create a RSA key pair (genrsa) and save it to a file (bob-privatekey.pem). Then Bob will export his public key  (-pubout) and save it a file (bob-publickey.pem).

Bob@host:~$ openssl genrsa -out bob-privatekey.pem 2048 Generating RSA private key, 2048 bit long modulus

e is 65537 (0x10001)
Bob@host:~$ openssl rsa -in bob-privatekey.pem -pubout -out bob-publickey.pem writing RSA key

Alice can now use Bob public key to send her a encrypted version of the plain text document. Alice will use the RSA algorithm (rsautil -encrypt) with Bob public key (-pubin bob-publickey) to encrypt plaintext (-in plaintext.doc) and save the ciphertext to a file (-out ciphertext.bin).

Alice@debian:~$ openssl rsautl -encrypt -pubin -inkey bob-publickey.pem -in plaintext.doc -out ciphertext.bin

Alice then sends the cipher document to Bob. Bob can now use is private key to decrypt the file and read it.

Bob@debian:~$ openssl rsautl -decrypt -inkey bob-privatekey.pem -in ciphertext.bin -out plaintext.doc

Integrity assures the recipient that a message has not been altered. Integrity is achieved through the use of hashing functions. Hashing is the mathematical result of taking the plain text (arbitrary length data) as input and producing a fixed-length output. The result is called message digest or fingerprint. Passing the same plain text through a hash function always produces the same result. If a single character is changed in the plaintext document, the resulting message digest will be different. Hash algorithms like MD5 and SHA1 are commonly used. Hash functions are used in digital signatures, since they can be efficiently used for detecting message tampering. If Alice wants to send Bob a document and they want to ensure the document has not been changed. Alice and Bob agres on the hashing algorithm. Alice produces a one-way hash of the document. Alice sends the document and the hash  to Bob. Bob produces the one-way hash of the document using the same hash function. If the hash match the hash generated then Bob can attest its integrity.

Hashing function

Let’s see how we could produce the  plaintext document message digest using a  hashing algorithm (sha1). This will be done on a Linux command line with OpenSSL and/or sha1sum.

user@debian:~$ openssl sha1 plaintext.doc 
SHA1(plaintext.doc)= a5e1d5a106a4dc55eb5bf7b4c6c32b411702e358

user@debian:~$ sha1sum plaintext.doc a5e1d5a106a4dc55eb5bf7b4c6c32b411702e358 plaintext.doc

On a Windows system we can produce the  plaintext document message digest using a  hashing algorithm (sha1) using the Microsoft fciv utility.

c:\TopSecret>fciv.exe -sha1 plaintext.doc
// File Checksum Integrity Verifier version 2.05.
0e029f230b119861e0358978f6b088752216221e plaintext.doc

Authentication and Non-Repudiation assures the recipient of  a message that the originator participated in the transaction and is who he or she claims to be. Authentication and non-repudiation is achieved through a combination of asymmetric encryption and hashing functions. Although encryption can keep data secret and protect against alterations, a digital signature proves the senders identity (authentication) and ensures the participation of the signer cannot be denied (non-repudiation).  If Alice wants to digital sign a document and sent it to Bob they both agree on digital signature algorithm. Alice produces a one-way hash of the document. Alice encrypts the hash with her private key, thereby signing the document. Alice sends the document and the signed hash to Bob. Bob produces the a one-way hash of the document using the same hash function. Then using the digital signature algorithm, decrypts the signed hash with Alice’s public key. If the signed hash match the hash generated then Bob can attest the signature is valid (authentication and non-repudiation). The following picture illustrates this process.

Digital signing

Lets demonstrate how we could digital sign a message using OpenSSL. To sign plaintext.doc you need to calculate its hash (dgst -sha1)  and then encrypt (-sign) that hash using your private key (privatekey.pem) and save the result to file (alice-signature.bin).

Alice@host:~$ openssl dgst -sha1 -sign alice-privatekey.pem -out alice-singature.bin plaintext.doc

Then Alice sends the signature and the plaintext to Bob. Alice public key is made available to Bob (e.g Ldap, ActiveDirectory, etc). Bob then can verify the signature of a message attesting its proof of origin and integrity.

Bob@host:~$ openssl dgst -sha1 -verify alice-publickey.pem -signature alice-singature.bin plaintext.doc Verified OK

Hopefully, with this article you now have a slight better understanding on how cryptography protects users by providing functionality for the encryption of data and authentication of other users. Symmetric-key encryption is a excellent method for quickly and securely encrypting data. However, the condition that sender and receiver must exchange a secret key before data can be exchanged is its weakness and limitation. Combining symmetric algorithms to encrypt the data with public-key algorithms to exchange the secret key produces a solution that is both fast and scalable.

It was also described with illustrations how someone can achieve confidentiality trough the use of symmetric and/or asymmetric encryption systems. How hashing functions are used to achieve integrity. Moreover how to combine encryption systems and hashing functions to produce digital signatures and achieve authentication and non-repudiation. With the use of the most famous characters – Alice and Bob – in modern cryptography examples were complemented with the usage of simple OpenSSL and Microsoft EFS commands.

Cryptography is a colossal, fascinating and mysterious world. If you like cryptography and you want to better understand the techniques and concepts behind it then a indispensable reference is the Applied Cryptography: Protocols, Algorithms and Source Code in C by Bruce Schneier. For a brilliant review of the history behind cryptography than David Kahn’s The Code Breakers is essential. If you would like to read about the intriguing stories of espionage behind the history breakthroughs of codes and code breaking then Simon Singh The Code Book is a must.

For a more hands-on approach the CrypTool – project started by Prof. Bernhard Esslinger – is the most complete e-learning tool available to raise awareness and increase the interest in cryptography. CrypTool v1 was originally designed as a business application for information security training but is now an important open-source Windows project in the field of cryptology. Successors are CrypTool v2 (for Windows .NET) and JCrypTool (for Unix, Windows and MacOS). As a complement to these offline CrypTool programs there is the MysteryTwister C3 (MTC3) international cryptography competition. This website offers four levels of cipher challenges from simple challenges consisting in breaking a Caesar cipher or solving the “Greetings from Russia with love” to complex crypto problems like RSA factoring — most of them embedded in interesting stories.


B. Komar, Microsoft Press, Windows Server 2008 PKI and Certificate Security
B. Schneier, John Wiley, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed.
J. Viega; M. Messier and P. Chandra, O’Reilly, Network Security with OpenSSL
CrypTool 1.4.31

Tagged , , ,