Cyber Security Fundamentals (M) & (H): Trending in Cyber – Cryptocurrency
Glasgow, 14th February 2022.
, School of Computing Science, University of Glasgow, Scotland. http://www.mariaevangelopoulou.com/
Copyright By PowCoder代写 加微信 powcoder
Structure of Lectures
Sections that will be covered:
Cyber Security Basic background, Look into networking,
Cyber Attacks and defence,
Web applications’ vulnerabilities, Trending in Cyber,
Penetration testing & Digital Forensics. Guest lectures to be confirmed.
CSF 2022 Trending in Cyber – Cryptocurrency
Lecturer’s instructions
When you see the red sign in a slide it means that you must not use anything described in the specific slide without the necessary authorisation. The lecturer of this course will not be responsible for any misuse.
When you see the green sign in a slide it means that you can use anything described in the specific slide on your own.
CSF 2022 Trending in Cyber – Cryptocurrency
➢Some tools need special permissions in order to run them in a secure manner without violating any laws!!! Because of this we have created these signs to indicate to you which tools are ok to be used and which are not!
➢ One of the most important slides as if you don’t follow this rule it can have serious impact on you, so please don’t use anything under the banner of the red (first) sign.
This Photo by Unknown Author is licensed under CC BY-SA
@hackerscrackersandthieves.com
➢ James was a hacker from USA known as the first juvenile incarcerated for cybercrime. His first offence occurred at the age of 15 and at 16 years old was his sentencing. James committed a serious of intrusions but he caught attention when he intruded he Defense Threat Reduction Agency’s (DTRA) systems, which was responsible for analysing potential threats. He admitted that he used a sniffer and intercepted communication including username\password combinations of employees. He obtained source code of critical life sustained element from NASA and caused them to shut down their computers for three week ($41000 damage). James plead guilty for a lighter sentence of seven months house arrest and probation until he becomes 18, including writing apology letters to NASA and the Department of Defense. He violated the terms by having positive testing for drugs and was sent to a federal correctional facility for six months. He was closely connected to other known hackers that were prosecuted for fraud and James was investigated with no evidence ever found. Later at the age of 24 he took his own life leaving a note saying he didn’t trust the legal system and he knew that he will be accused of crimes he didn’t commit.
How can you hide messages?
CSF 2022 Trending in Cyber – Cryptocurrency
@https://xkcd.com/525/
➢Humans always wanted to communicate and share information but also selectively. This led to the art of hiding content of communication; sharing secrets and this is when cryptography was born. You might have had similar experiences in your younger age trying to send messages to your friends that no one can understand or even see. Might have used lemon juice as invisible ink. Cryptography is the combination of two Greek words; Crypto→hidden and graphy→writing. Cryptography is considered to be born as civilizations evolved. What about hieroglyphics? What about at time of war? How were the important messages distributed? What about if the messenger was attacked?
Cryptography basics
CSF 2022 Trending in Cyber – Cryptocurrency
@amazon.com
➢Two main activities: Encryption and Decryption.
➢Plaintext message→ use of cipher→creation of ciphertext
➢Do you know any known ciphers?
➢What about obfuscation?
➢ This is not only a problem for the past but also for the future. What about our bank details? Bank statements? Accounts? Information is important so everything demonstrates how important cryptography is. Known ciphers: Enigma.
➢ On the top left of the slide; ’s cipher replica that can be bought by amazon is demonstrated. This cipher had 36 disks that could be reordered in the cylinder containing all the alphabet per disk in a random order. The sender of the message would give the order that the disks should be placed and a random message with no sense. The receiver would place the disks as instructed and move them in order to replicate the message. Then this would lock the position of the disks and the receiver would have to look around the cylinder for a more reasonable message. The downside with this approach is that most of the times the reasonable messages identified were more than one.
➢ What is obfuscation? The art of making something unclear, scrabble a message in order to make it impossible to read without the required information.
➢ The difference in cryptography is that something called a cipher is used for encryption and then decryption. So even if someone knew the method without the cipher (key) still wouldn’t be able to extract the information.
Caesar’s Cipher
➢Or Caesar’s shift→substitution cipher
➢Replacement of letters by a fixed number of positions.
➢Example: VLR KBBA QL OBXA.
Can you decrypt this message by knowing that a left shift of 3 was used?
➢Any ideas if this cipher is vulnerable? Can it be easily broken?
CSF 2022 Trending in Cyber – Cryptocurrency
➢This cipher is relying on shifting letters by an agreed number (three most common choice) and direction.
➢The downside is that this cipher can be easily broken by frequency analysis. Which letters are most frequent? Small phrases? And more.
Caesar’s Cipher decryption
➢ Example: VLR KBBA QL OBXA.
Can you decrypt this message by knowing that a left shift of 3 was
A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z. HELLO would be→EBIIL
➢ Any ideas if this cipher is vulnerable? Can it be easily broken?
➢ So what is Cryptography and Cryptanalysis?
CSF 2022 Trending in Cyber – Cryptocurrency
➢So basically cryptography can be seen as the art of making a cryptosystem capable of providing information security. But what is Cryptanalysis then? Cryptanalysis is mainly the opposite definition; the art of breaking the cipher text. In one side cryptography is dealing with the design and security of cryptosystem and cryptanalysis with breaking the cryptosystem.
Vigenere Cipher
➢Plaintext: Bitcoin Keyword: tol
CSF 2022 Trending in Cyber – Cryptocurrency
➢ This is another cipher called a polyalphabetic cipher as it relies on multiple alphabet substitution. In this case you use the table containing the 26 letters of the alphabet. You can choose your plaintext to be mapped either vertically or horizontally as the result will be the same. Depending on your choice the remaining option will be used for your keyword. If your keyword is smaller from the plaintext; a repetition of the keyword will start until the plaintext is completely converted to a cipher text.
➢Polymorphism is another term that needs to be explained. Basically is a cipher that changes itself with each use; so every time is used the results are different. So for exactly the same plaintext multiple ciphertext can be produced.
What about Steganography?
CSF 2022 Trending in Cyber – Cryptocurrency
➢ Steganography is the art of hiding information on different types of file. It can be a message hidden in a picture, in a voice recording, in a document. In this case someone is unaware that a secret communication (one way) is taking place. In cryptography an intruder is normally aware that a communication takes place.
Steganography Vs Cryptography
➢ Existence of message is unknown in steganography.
➢ Purpose of steganography is to hide the existence of communication. In cryptography the communication is known but it is used to hide the messages through communication. Steganography is using technology that covers different formats and cryptography is using known algorithms.
➢ One message detected in steganography and this is it; cryptography needs expensive equipment in order to crack the encryption. Cryptography also alters the structure of the message.
CSF 2022 Trending in Cyber – Cryptocurrency
Types of Cryptography
➢ Hashing; conversion of message into an unreadable string. ➢Symmetric encryption; use of a single key for
encryption/decryption.
➢ Asymmetric encryption; use of public and private key.
➢Key exchange algorithms; for the secure exchange of keys (like Diffie-Hellman).
CSF 2022 Trending in Cyber – Cryptocurrency
➢ Hashing algorithms are used in different ways. Storing important information on databases. Ensure code integrity by creating hashes per blocks of program. So in general it is claimed that cryptographic hash algorithms produce unique and irreversible hashes. That means by having the hash value you can’t figure out what the original piece of data is and that two different pieces of data cannot produce the same has value.
➢Usually used on transmission of large files or software (known as one way encryption).
➢ Treats data as a binary data stream and not a text.
➢ 1000100101000011 → 1000/1001/0100/0011 → 8/9/4/3 →
hash algorithm to produce the hash value→fingerprinting ➢Do you know any hashing algorithms? Can you predict any
CSF 2022 Trending in Cyber – Cryptocurrency
Hashing attributes
➢ How do we know if a hashing algorithm is good?
➢Hashing algorithm must be able to produce a unique value for every possible input. The possible values is 0 and 1; so every algorithm has a certain value of combinations which is the number of bit raised to the number of possible values. So for SHA-256 it would be 2^256.
➢ However the construction of the algorithm is also important.
CSF 2022 Trending in Cyber – Cryptocurrency
➢If a hashing algorithm is supposed to produce unique hashes for every possible input, just how many possible hashes are there? A bit has two possible values: 0 and 1. The possible number of unique hashes can be expressed as the number of possible values raised to the number of bits. The larger the number of possible hashes, the smaller the chance that two values will create the same hash. So, eventually, every hashing algorithm, including a secure one, produces a collision (meaning same hash for two different things).
Hashing collisions
➢ Classical collision attack → hash(m1) = hash(m2) ➢Chosen prefix collision attack→hash (p1/m1) = hash
(p2/m2), where p1 & p2 are different prefixes.
CSF 2022 Trending in Cyber – Cryptocurrency
@https://xkcd.com/680/
➢Classical collisions; for this purpose, we discussed the birthday attack problem. Imagine you are in the room with 10 people; what are the chances of getting a person with the same birthday as you? Now imagine you are in a room with 150 people; are your chances different? In this way you can consider that the bigger the hashing algorithm the more chances a collision to occur.
➢ Chosen prefix attack; the attacker knowns the hash value and try to manipulate a document in order to have the same value in the end.
Symmetric cryptography
CSF 2022 Trending in Cyber – Cryptocurrency
➢Symmetric Cryptography (most traditional form); use of a single key to encrypt a message and then decrypt upon delivery. This means that a lot of attention is given to the secure channel that the key is going to be transferred through. So primarily application is protection of resting data (hard drives, databases etc.). Most modern symmetric cryptography relies on AES (Advanced Encryption Standards).
Asymmetric cryptography
CSF 2022 Trending in Cyber – Cryptocurrency
➢Asymmetric Cryptography; use of a pair of keys (private and public). In this case only the private key can be used to decrypt encrypted messages sent from the public key. Applications: use of https in browser, transmission of emails, digital signed PDFs and more.
Key exchange algorithms
CSF 2022 Trending in Cyber – Cryptocurrency
@codeproject.com
➢ Diffie-Hellman algorithm ➢Pick two prime numbers g and
p and share.
➢Pick a secret number a and compute g^a mod p = A and for B = g^b mod p→ Exchange A & B.
➢ g^ab mod p = g^ba mod p
➢ There are algorithms that ensure that key exchange is secure. One of them is the Diffie- Hellman algorithm. Oversimplification of the issue. Imagine Alice wants to send a file to Bob. She sends a locked box to Bob containing the file. Bob does not have the key and adds another lock onto the box. Alice receives the box back with the two locks and takes out her lock, then resends the box to Bob. Bob receives the locked box but with his own lock only; in this case unlocks the box and receives the information. Notice that in this case the box has been locked all the time during the transportation. However, the goal of this algorithm is not to share the secret key but to create the key with the other party.
➢ This can be better explained on the schema given above. Alice and Bob have chosen a common colour (needs to be different each time). Each one of them choses their secret colour and add it into the common one. This creates a mixture of a different colour for every party. Then Alice and Bob exchange their mixtures and each one adds their secret colour to the unknown received mixture. Because the ingredients in the end are the same for both parties they end up with the same mixture. This mixture is the created secret key. In this way the secret key can’t be intercepted as its created and not shared. The mathematic approach is also given in slides. Remember that reverse engineering a colour is much easier that trying to find out the secret ingredients by using mod calculations.
Cryptographic Functions
➢ Authentication; use of certificates.
➢Non repudiation; especially used for bank
transactions.
➢ Confidentiality; keep documents confidential.
➢Integrity; ensure data are not viewed during transmission or storage.
➢ Do you know the CIA triad? CSF 2022 Trending in Cyber – Cryptocurrency
➢ Certificates; The SSL/TLS protocol is used to enable secure transmission of data from one device to another across the internet. The SSL certificate file is tasked with providing the necessary information needed for authentication. More specific SSL certificates bind a specific public key to an identity. Every SSL certificate contains a public key that can be used by the client to encrypt data, and the owner of said SSL certificate securely stores a private key on their server which they use to decrypt that data and make it readable. Every system needs to have a reliable way of knowing who owns the encryption key that its using. When a certificate is issued, it is digitally signed by the Certificate Authority (CA) you have chosen as your certificate provider (for example Sectigo, DigiCert, etc). This signature provides cryptographic proof that the CA signed the SSL certificate and that the certificate has not been modified or reproduced.
➢ Non-repudiation is a property that is most desirable in situations where there are chances of a dispute over the exchange of data. Basically, it is assurance that an entity cannot refuse ownership of a previous commitment.
➢CIA→Confidentiality, Integrity and Availability. These are terms used in cyber research and values that are taken into serious consideration. For example in critical infrastructures there is a big amount of the research community that supports that availability is the number one priority with others supporting the integrity of data.
Cryptocurrency
CSF 2022 Trending in Cyber – Cryptocurrency
@pwc.co.uk
➢ Digital currency.
➢Digital ledger→blockchain ➢ Wallet
➢ Adaptive Scaling
➢ Open Source? Protection?
➢ Cryptocurrency (open source) is similar with using Paypal or a Debit card; it is a part of digital currency transferred between peers (no banks involved). Digital currency is virtual money that they have actual value. In order to start with cryptocurrency you need to open a Coinbase account. However, nowadays you can purchase cryptocurrency through a bank, specialised companies and more. There are different currencies with different value; Bitcoin, Ether, Litecoin are some of them. Their value is not steady but instead is like stocks. For example a few years back Bitcoins’ value jumped from 5k to 18k and had a dive to almost 3k after a couple years reaching 40k. So how does cryptocurrency work? Every single transaction is registered to a public digital ledger. In order to be able to make transactions you need a piece of software called a wallet. The digital ledger (blockchain) registers all transactions anonymously by the use of cryptography. There are no names, addresses or any type of information that is connected to your transactions; only your wallet. This information is being issued and kept by an algorithm (decentralized). The cryptocurrency community helps in all the procedures, so no banks or governments are involved. How can you obtain cryptocurrency? You can buy from a provider or you can mine them. In this case you provide computing resources in a pool (team) with a goal to break a specific cryptographic puzzle which creates new coins (proof of work system). The first “miner” to solve the puzzle adds a block of transactions to the ledger. If the puzzle is solved easily in 15 days for example the next puzzle will be harder and the opposite (adaptive scaling). Each block is connected to the data in the last block via one-way cryptographic codes called hashes which are designed to make tampering with the blockchain very difficult. This opens a new type of cyber crime where people take advantage networking infrastructures in private environments (like your own working environment) in order to mine cryptocurrency.
Please gather any questions you might have for the live session!
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com