Joel Fendrick
Overview
Encryption Methods
 AES (Advanced Encryption Standard)
 SSL (Secure Socket Layer)
 TLS (Transport Layer Security)
 TLS Advantage Over SSL
 Security Example
 Attacks
 Countermeasure

Encryption Methods

Asymmetric

Symmetric

Hashing
Asymmetric

Each user has two keys
 Private
 Public

Public key stored in public database
 Messages encrypted with public key can
only be decrypted with private key.
 Encrypted with private -> decrypted with
public
Symmetric
No private/public
 Only means of decryption is if you have
the right key


Security issue in exchanging the key
Hashing

Unique fixed length string of characters
from selected text

One way process
 Cannot recreate document from hash

If anything changes in text, hash would
change

Can be used to determine integrity of file

Suppose hash of a document was:
9c5292056062f70a2f14330cf4d30c7f
If anything at all changes in document a new hash
is formed
91857f37a636882c78de9961e791c81a
Making it easy to tell if the message has been
altered in any way
AES (Advanced Encryption
Standard)
Cryptographic algorithm used to protect
electronic data
 Block cipher that can encrypt and
decrypt information
 Capable of using keys of 128, 192, and
256 bits
 Encrypts data into blocks of 128 bits

Pseudo code
http://www.garykessler.net/library/crypto.html#fig17

in[] and out[]
 16-byte arrays with the plaintext and cipher text,
respectively. (According to the specification, both
of these arrays are actually 4*Nb bytes in length
but Nb=4 in AES.)

w[]
 array containing the key material and is 4*(Nr+1)
words in length. (Again, according to the
specification, the multiplier is actually Nb.)

state[]
 a 2-dimensional array containing bytes in 4 rows
and 4 columns. (According to the specification,
this arrays is 4 rows by Nb columns.)

SubBytes
 takes the value of a word within a State and
substitutes it with another value by a predefined Sbox

ShiftRows
 circularly shifts each row in the State by some
number of predefined bytes

MixColumns
 takes the value of a 4-word column within the
State and changes the four values using a
predefined mathematical function

AddRoundKey
 XORs a key that is the same length as the block,
using an Expanded Key derived from the original
Cipher Key
Walkthrough

This walkthrough is of Rijndael encryption
 Rijndael allows for both key and block sizes to
be chosen independently from the set of { 128,
160, 192, 224, 256 } bits. (And the key size
does not in fact have to match the block size).
 However, the block size must always be 128 bits
in AES, and the key size may be either 128,
192, or 256 bits.

http://www.formaestudio.com/rijndaelinspec
tor/
AES Flaw
2009 weakness identified
 Interesting in mathematical P.O.V.

 Not really relevant in application
Finding the key of AES is four times
easier than previously believed
 Steps to find = 8 followed by 37 zeroes


1 trillion machines each test 1 billion
keys per second
 Would take more than 2 billion years to
recover AES-128 key
Andrey Bogdanov (K.U.Leuven),
 Dmitry Khovratovich (Microsoft
Research),
 Christian Rechberger (ENS Paris)

SSL (Secure Socket Layer)

3 basic properties
 Connection is private
 Peer’s identity can be authenticated using
asymmetric cryptography
 Connection is reliable
○ message check using keyed Message
Authentication Code (MAC)

Two layers: can include length description
and content
 Lowest Layer = SSL Record Protocol
 Second Layer = Handshake Protocol
TLS (Transport Layer Security)

Two layers
 TLS Record Protocol
 TLS Handshake Protocol

Encapsulates higher level protocols
TLS Record Protocol

Two basic properties
 The connection is private
○ Symmetric Data encryption
 The connection is reliable
○ Keyed MAC included in each message
TLS Handshake Protocol

Three basic properties
 Peer’s identity can be authenticated using
asymmetric or public key cryptography
 The negotiation of a shared secret is secure
 The negotiation is reliable
Advantage over SSL

Application protocol independent
 Higher level protocols can layer on top of it
transparently
○ Decisions on how to initiate TLS handshaking
and how to interpret authentication certificates
are left up to the designers of the higher level
protocols
Security Example

Either SSL or TLS protocol
 We’ll focus on SSL since it is the basis for
TLS

Browser sends message via SSL to bank
server

Bank responds by sending a certificate
 Includes banks public key

Browser authenticates certificate and
generate random session key
 Uses this key to encrypt the data

Bank’s server receives session key and
decrypts
 Key was sent encrypted by bank’s public key
 Bank uses private key to decrypt

Session key that now both bank and client
know is used for rest of communication
Banks Didn’t Use SSL?
As of 2006 a number of big banks were not requiring
the use of SSL authentication
 Bank of America
 Wachovia
 US Bank
 Chase
 American Express
 Etc.
 SSL login form listed as
optional
 Outside the US at this time
HSBC was the only known
bank not to use SSL
authentication
○ British multinational banking
and financial services
company
Attacks

Man-in-the-middle

Man-in-the-browser
Man-in-the-middle

Someone intercepts the communication
between two systems
Specific MITM Attack

Victim visits site that uses TLS 1.0 and
receives a cookie, this cookie injects the
client-side BEAST (Browser Exploit
Against SSL/TLS)

Attacker can now use a network sniffer
to look for active TLS connections
 Grabs and decrypts the HTTPS cookie
○ Allows attacker to hijack victim’s session with
that site.
Solution

Difficult
 Attacks confidentiality VS authenticity like
most attacks
 Requires major change in the protocol itself
 There are some fixes, but they cause
compatibility issue with some existing SSL
applications
Man-in-the-browser

Malware already infecting user computer
 Kicks in after user has logged onto site
 Hijack money and siphon it into criminal
accounts
Solution

Use a trusted browser
 Can be stored on a flash drive
 Since stored in own secure environment it is
not susceptible to malware in the same way
as a traditional browser
Countermeasure

Historically piecemeal approach
 Generally recommends several defenses
that support each other
 Often creates gaps within the layer
architecture leaving some elements exposed
to threats

Some banks implement a secure USB token
 “provides secure online banking session even if
computer is riddled with malware”
 Read-only portable USB device
○ When plugged in encrypts the customers
keystrokes
○ Launches virtualized OS
○ Launches secure browser
○ Launches a secure network between client and
bank server

This is an attempt to create a virtual machine
that is walled off from the rest of the PC
 Protection from clients system

Makes sense that banks would want to
protect their customers, as they are often the
weakest link and biggest threat vector
Conclusion

Be careful and aware

Pay attention and confirm site is
legitimate

Security is evolving , but so are the
attacks
References


[1] HIPAA Collaborative of Wisconsin. (2010). The Basics of Encryption. Retrieved on March 22, 2012, from
http://www.hipaacow.org/docs/encryption%20whitepaper%207.7.10.doc


[2] NIST. (2001). Retrieved on March 22, 2012, from FIPS Publications website: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf


[3] Katholieke Universiteit Leuven (2011, August 17). First flaws in the Advanced Encryption Standard used for internet banking
identified. ScienceDaily. Retrieved on March 22, 2012, from http://www.sciencedaily.com/releases/2011/08/110817075424.htm



[4] Dierks, T., & Rescorla, E. (2008, August). The Transport Layer Security (TLS) Protocol Version 1.2. Retrieved on March 22, 2012, from
http://tools.ietf.org/html/rfc5246



[5] Freier, A., & Karlton, P. (2011, August). The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved on March 22, 2012, from
http://tools.ietf.org/html/rfc6101


[6] Onyszko, T. (2002, July 19). WindowsSecurity.com. Retrieved on March 23, 2012, from
http://www.windowsecurity.com/articles/secure_socket_layer.html


[7] Online banking security and technical frequently asked questions. (2012). Retrieved on March 23, 2012, from
http://www.bankofamerica.com/onlinebanking/index.cfm?adlink=&context=en&locale=&statecheck=WI&template=faq_security&cm_mmc=&cm_sp=



[8] Ou, G. (2006, April 27). Many banks failing to use ssl authentication. Retrieved on March 23, 2012, from
http://www.zdnet.com/blog/ou/many-banks-failing-to-use-ssl-authentication/201



[9] OWASP. (2009, April 23). The open web application security project. Retrieved on March 23, 2012, from
https://www.owasp.org/index.php/Man-in-the-middle_attack


[10] Fisher, D. (2011, September 19). threatpost. Retrieved on March 23, 2012, from http://threatpost.com/en_us/blogs/new-attack-breaksconfidentiality-model-ssl-allows-theft-encrypted-cookies-091911

[11] Bethlehem, D. (2012, February 12). Strong authentication by itself is not enough to prevent man-in-the-browser attacks. Retrieved on March 24,
2012, from http://data-protection.safenet-inc.com/2012/02/strong-


[12] Ramirez, D. (2007). Case study: Itu-t recommendation x.805 applied to an enterprise environment— banking. Bell Labs Technical Journal, 12(3),
55-64.


[13] (2011). Securing the weakest link. Bank Technology News,24(6), 1 & 35.