Asymmetric Encryption – Public Key Encryption

Posted by on 21/02/2012 No comments

Asymmetric Encryption also known as public key encryption is a type of encryption that uses two different keys for encryption and decryption. One key to encrypt the plaintext, and one key to decrypt the cyphertext. The encryption key(Public Key) is published so that anyone can encrypt a message. The decryption key(Private Key) is kept private, so that only the receiver/owner is able to decrypt the message.

The sender encrypts the message using his/her private key, then the message can be decrypted only using that sender’s public key, authenticating the sender. (Certificates)

The sender encrypts the message using receiver’s public key, then the message can be decrypted only using receiver’s private key. Only receiver can decrypt and read the message.

Example A, Bob makes public key A and private key A, and Cathrin makes public key B and private key B. Bob and Cathrin exchange their public keys. Now Bob can send an encrypted message to Cathrin by using Cathrin’s public key B. Cathrin uses her private key B to decrypt and read the message. If Cathrin wants to send an encrypted message to Bob, she uses Bob’s public key A to encrypt the message, which Bob can then decrypt with his private key A.

 

Example B, Bob makes public key A and private key A, and Cathrin makes public key B and private key B. Bob and Cathrin exchange their public keys. Now Bob can send a message to Cathrin by using his private key A to sign/encrypt his message. Cathrin uses Bob’s public key A to decrypt and read the message, she knows that the sender definitely is Bob. If Cathrin wants to send a signed/encrypted message to Bob, she uses her private key B to sign/encrypt the message, which Bob can then decrypt with Cathrin’s public key B. (Certificates)

 

Popular Public Key Encryption Algorithms

RSA

Designers: Ron Rivest, Adi Shamir, Leonard Adleman

Published: 1978

Certification: PKCS#1, ANSI X9.31, IEEE 1363

Key sizes: 1,024 – 4,096 bit

 

PGP

Designers: Phil Zimmermann

Published: 1991

Key sizes: 1024 bit signature key, 4096 bit encryption key

 

DSA

Designers: NIST

Published: 1991

Key sizes: 512 – 3072 bit

 

Popular Symmetric Encryption Algorithms

Posted by on 17/02/2012 No comments

Symmetric Encryption also known as private key encryption is a type of encryption that use the same secret key for both encryption and decryption. Both sides, the sender and the receiver must know the secret key so they can encrypt and decrypt the information.

Symmetric algorithms can be divided into stream algorithms and block algorithms.

Stream Algorithms (Stream Ciphers) operate directly on a stream of bytes and encrypt the bits of information one bit or 1 byte at a time. These algorithms are faster than block ciphers.

Block Algorithms (Block Ciphers) encrypt information by breaking it down in fixed-length groups-blocks of bits (usually 64 bits) and encrypting one block at a time. Block algorithms are most commonly used in the IT world today.

 

AES/Rijndael

Designers: Vincent Rijmen, Joan Daemen

Published: 1998

Key sizes: 128, 192 or 256 bits

Type: Block Cipher

Block sizes: 128 bits

Rounds: 10, 12, 14 (depending on key size)

 

Blowfish

Designers: Bruce Schneier

Published: 1993

Key sizes: 1–448 bits

Type: Block Cipher

Block sizes: 64 bits

Rounds: 16

 

CAST5

Designers:  Carlisle Adams, Stafford Tavares

Published: 1996

Key sizes: 40 to 128 bits

Type: Block Cipher

Block sizes: 64 bits

Rounds: 12 or 16

 

IDEA

Designers:  Xuejia Lai, James Massey

Published:

Key sizes: 128 bits

Type: Block Cipher

Block sizes: 64 bits

Rounds: 8.5

 

RC4

Designers:  Ron Rivest

Published: 1994 (designed in 1987)

Key sizes: 40–2,048 bits

Type: Stream Cipher

State size: 2,064 bits

Rounds: 256

 

Serpent

Designers:  Ross Anderson, Eli Biham, Lars Knudsen

Published: 1998

Key sizes: 128, 192 or 256 bits

Type: Block Cipher

Block sizes: 128 bits

Rounds: 32

 

Triple DES

Designers:

Published: 1998

Key sizes: 168, 112 or 56 bits

Type: Block Cipher

Block sizes: 64 bits

Rounds: 48

 

Twofish

Designers: Bruce Schneier

Published: 1998

Key sizes: 128, 192 or 256 bits

Type: Block Cipher

Block sizes: 128 bits

Rounds: 16

Top 5 Most Popular Free Security Software

Posted by on 12/02/2012 No comments

1. AVG ANTI-VIRUS FREE EDITION 2012

AVG free edition protects against viruses and spyware and is compatible with Windows XP, VIsta and 7.

2. AVAST Free Antivirus 6

Avast free edition provides great protection against viruses and spyware and is compatible with Windows XP, VIsta and 7.

3. Avira Free Antivirus

Avira free edition protects against viruses and spyware, eliminates many forms of malware, including worms, rootkits and costly dialers. Avira is available for Windows XP, Vista, 7 and Unix/Linux.

4. Ad-ware Free

Ad-ware free edition protects against viruses, spyware and malware. Provides real-time protection,  Genocode detection technology, rootkit protection and is compatible with Windows XP, VIsta and 7.

5. Malwarebytes Anti-Malware Free

Anti-Malware Free edition provides malware detection and removal, clean-up technologies and more. It is compatible with Windows 2000, XP, Vista and 7.

Capturing HTTP traffic using Wireshark

Posted by on 09/02/2012 No comments

1. First of all download and install Wireshark from here.

2. Run Wireshark as administrator or root.

3. Select from the menu Capture > Interfaces.

4. Choose your interface and click options.

5. In the capture filter textbox type: tcp port http.

6. Select a file to save the traffic by clicking the browse button.

7. In the Name Resolution section check Enable network name resolution if you would like to see urls/hostname and not just ip addresses in the logs.

8. Click start.

How to defend against sniffers

Posted by on 02/02/2012 No comments

sniffer is a piece of software that can intercept and log all of the traffic passing over a network. The sniffer captures each packet, decodes the packet’s data and analyzes its content. more..

The packet sniffers can be used to:

  • Analyze network problems
  • Detect network intrusion attempts
  • Monitor WAN bandwidth
  • Monitor network usage
  • Monitor WAN and endpoint security status
  • Gather and report network statistics
  • Filter suspect content from network traffic
  • Spy on other network users and collect sensitive information such as passwords
  • Debug client/server communications
  • Debug network protocol implementations
  • and many more..

To defend against sniffers, you should:

  • Use encryption when transmitting data (SSL, SSH, SCP, HTTPS, SFTP)
  • Use IPv6 instead of IPv4
  • Use PGP
  • Use VPN, IPSec
  • Use S/MIPE, TLS
  • Prefer switches instead of hubs

Known Sniffers:

How to implement my own sniffer:

How to manage your passwords in a secure way

Posted by on 01/02/2012 No comments

Today you need to remember many passwords. You need a password or passwords for Windows or Linux logon, your e-mail accounts, your websites, your facebook account, your twitter account etc.

You should use different passwords for each account. If you use only one password everywhere and someone gets this password you have a problem.

I prefer KeePass password manager because it is free, open source and it runs in all Platforms. You just  put all your passwords in one database, which is locked with one master key or a key file. You only have to remember the master password or select the key file to unlock the database.

KeePass encrypts passwords using AES.

Download KeePass from here.

Run your programs in an isolated space

Posted by on 29/01/2012 No comments

A sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites. – wiki

There is a great program for Windows named Sandboxie. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. You can download it from here.

After Installing Sandboxie right click on any executable file or archive and choose Run Sandboxed. Click OK on the popup window.

Now you can easily run/test programs without worrying about viruses and other malware.

Introduction to port scanning with nmap

Posted by on 28/01/2012 No comments

TCP Connect Scanning – This is the most basic form of TCP scanning:

nmap -sT x.x.x.x

TCP SYN scanning – This is the “half-open” scanning, you don’t open a full TCP connection:

nmap -sS x.x.x.x

TCP FIN scanning – FIN packets may be able to pass through firewall which blocks SYN packets:

nmap -U x.x.x.x

TCP/UPD scanning – Scan TCP and UDP ports:

nmap -sU x.x.x.x

Operating System Detection:

nmap -O x.x.x.x

Service Version Detection:

nmap -sV x.x.x.x

Scan the host without ping it:

nmap -PN x.x.x.x

or

nmap -PO x.x.x.x

Fast port scanning:

nmap -F x.x.x.x

Specific ports scanning:

nmap -p 21,22,80 x.x.x.x

Operating System and Service Version Detection:

nmap -A x.x.x.x

Prevent Format String Vulnerabilities in PHP

Posted by on 24/01/2012 No comments

Format string exploits can be used to crash a program (DoS) or to execute harmful code. The use of unfiltered user input in functions such as printf() or sprintf() are the causes of this vulnerability.

The attacker could use this kind of vulnerability to land Denial-of-service attacks, use the %x format specifier to print sections of memory or use the %d, %u or %x format specifiers to overwrite the instruction pointer.

To prevent it, use format specifiers and always validate user input.

Vulnerable php code:

//other vulnerabilities also arise here, such as XSS, but let's focus on format string vuln only.
if(isset($_GET['username']))
	echo sprintf('Hi, ', $_GET['username']);

Secure php code:

if(isset($_GET['username'])){
	$tainted_username = $_GET['username'];
	$username = validate_username($tainted_username)==1?$tainted_username:'';
	echo sprintf("Hi, %s.", $username);
}
 
function validate_username($username) 
{
    return preg_match('/^\w+$/',$username);
}

Keylogger protection in Windows

Posted by on 22/01/2012 No comments

Keylogging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. – wiki
To protect yourself from this kind of attack there is a great addon for firefox and internet explorer, keyscrambler. There is a free version. Download and install it. You need to restart your Computer after installation.