Cryptanalysis Lecture

Jonathan Rajewski

Cryptanalysis

Overview

• Thirty Five Slides of Lecture• Review Cryptology• Attacking Applications• Attacking the cyphers we discussed • FOR270 Crypto Challenge– Until we have a winner!

The 3 Siezs

The Three C’s

• Cryptography• Cryptanalysis• Cryptology

Crypto

3 C’s

Basic Cryptanalysis

Quick Case Study

Case Study

When you enter your username and password what happens?

Case Study

Authentication

Username + Password = Success

Attacking Applications

Learn how the application creates passwords!

Filezilla Graphical User Interface

*Hypothetical Situation

FTPIn our FTP client, user credentials are stored in an INI file.

Boris is the target of the investigation. We currently have no idea how the application stores user credentials.

We create a new profile named dummy with a password 1111. The PWD value appears similar to one byte per character in the password and, further, appears to look like the ASCII representation. What we find:

Password: 1 1 1 1ASCII: 0x31 0x31 0x31 0x31PWD value: 0x31 0x32 0x33 0x34

There is an obvious pattern!!!!

Let's derive the other password....

PWD value: 0x42 0x70 0x74 0x6C 0x77 0x4EASCII: 0x42 0x6F 0x72 0x69 0x73 0x49Password: B o r i s I

Let’s try it!

Password.ini file contains the following data. Decrypt the password

PWD value: 0x70 0x62 0x75 0x76 0x7B 0x75 0x79 0x45 ASCII: 0x 0x 0x 0x 0x 0x 0x 0x

Password:

Let’s try it!

Password.ini file contains the following data. Decrypt the password

PWD value: 0x70 0x62 0x75 0x76 0x7B 0x75 0x79 0x45 ASCII: 0x70 0x61 0x73 0x73 0x77 0x70 0x73 0x4C

Password: P A S S W O R D

Basic Cryptosystems

• Basic Ciphers– Substitution• Replacing one character with another “X”

– Transposition • Rearranging the message

Substitution Ciphers• Most famous: Caesar's Cipher– Shift each letter to the right by 3

• ROT 13

• Substitute letters for others– A is T– B is R– C is B

1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y zCipher n o p q r s t u v w x y z a b c d e f g h i j k l m

Where are we seeing ROT13?

NTUSER.dat\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist

Where are we seeing ROT13?

http://www.csoonline.com/article/570813/data-exfiltration-how-data-gets-out

Tools to parse ROT13

• Volatility Plugin (Levy)– http://gleeda.blogspot.com/2011/04/volatility-14-

userassist-plugin.html• RegRipper (Carvy)– http://regripper.wordpress.com/

• ROT13.com

How to parse ROT13 by hand

CipherText

PlainText

Breaking Basic Ciphers• Simple (monoalphabetic) substitution ciphers

easily broken with Frequency AnalysisLetters: E T O A N I R S H D L C W U M F Y G P B V K X Q J Z

Digraphs: TH HE IN ER ED AN ND AR RE EN ED TO NT EA OU NG ST AS

Trigraphs: THE AND ING HER NTH ENT THA INT ERE DTH EAR HAT OFT

• More complex (polyalphabetic) substitution ciphers use multiple alphabets!

Columnar Transposition Cipher

• Disguising the message by rearranging the letters

– Plaintext: • FOR270 IS SO MUCH FUN DONTCA THINK

FOR270ISSOMUCHFUNDONTCHATHINKQWERTYU

• cipher: fct ohh rfi 2un 7nk 0dq iow snr str oct mhy uau• cipher enhanced: fctohhrfi2un7nk0dqiowsnrstroctmhyuau

Breaking the Columnar Transposition Cipher

For all intensive purposes for this “cryptanalysis by hand in a quick timeframe” we are going to attempt to guess the rows

and columns

cipher: dygi ioet dutxcipher enhanced: dygiioetdutx

didyougetit

Vigenère Square

Ciphertext is intersection of key column and plaintext row.

Plaintext: DFIRISGREAT (Side) Key: NTFSNTFSNTF (Top) Ct: QYNJVLLYRTY (Intersect)

Vigenère Square Decryption

Ct: STYXMYYEGYRR (Intersect) Key: FATFATFATFAT (Side)Plaintext: NTFSMFTENTRY (Top)

Crypto Challenge

• Scenario– You work for the “SUPER SECRET 5 LETTER

AGENCY”– An ultra sophisticated ciphertext was located on

an internal server– Our team of cryptographers are actively working

on breaking the code but we need your help!!!

Phase 1

The following ciphertext was found by the cryptographers. They believe it could have

something to do with the userassist key.

ovg_qbg_yl_fynfu_m7mKvx

Phase 1 Review

Did you get it?– ROT13 encryption.

CT: ovg_qbg_yl_fynfu_m7mKvx PT: bit_dot_ly_slash_z7zXikPT Decoded: bit.ly/z7zXik

Phase 2

We just learned from the cryptographers that more this code may indicated a hidden key for

the next aspect of the cryptanalysis….

Visit this link and try to decode the datahttp://bit.ly/x2qppi

Phase 2 Review

F O R E N S I C

A T O R

Forensicator

Phase 3

We identified the final encrypted string of ciphertext by analyzing ram using Volatility.

Yay for open source tools! Agency cryptologists believe that you will “crack

the case” and reveal the cyber villain.

Please analyze:CT: ICLKGZMRUZKey: FORENSICATOR (you wont need the entire key)

Phase 3

Please analyze: CT: ICLKGZMRUZ (Intersect)Key: FORENSICATOR (Side) PT: (Top)

Hint – you wont need the entire Key

Phase 3 Review

Ct: ICLKGZMRUZ(Intersect) Key: FORENSICAT(Side)Plaintext: DOUGTHEPUG(Top)

Phase 4

The end is here. This is the most complicated ciphertext yet. Doug the Pug “cracked” during

interrogation and revealed his secret partner in crime.

Next class we will look at the ADFGVX

Cryptanalysis Lecture

Education

Cryptography and Cryptanalysis

Practical cryptanalysis for hackers

Experimenting Linear Cryptanalysis

1 Cryptanalysis Lecture 10 : Error Correcting Codes John Manferdelli jmanfer@microsoft.com JohnManferdelli@hotmail.com © 2004-2008, John L. Manferdelli

Cryptanalysis of Hummingbird-1

Differential and Linear Cryptanalysis - Radboud … and...Diﬀerential cryptanalysis Linear cryptanalysis Diﬀerential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen

Fault-based Cryptanalysis on Block Ciphers · 1/ 62 Fault Injection Means Cryptanalysis methods Countermeasures Conclusion Fault-based Cryptanalysis on Block Ciphers Victor LOMNE

Cryptanalysis on Ciphers

Cryptanalysis Lab 07

Basic Cryptanalysis

Linear Cryptanalysis of DES

Counter-cryptanalysis - IACR

Cryptanalysis of AES cipher

Enigma Cryptanalysis

Cryptanalysis of a Vigenère

Cryptanalysis of GOST - CCC Event Blog · GOST, Self-Similarity and Cryptanalysis of Block Ciphers ... • Linear-Algebraic or Bi-Linear-Algebraic Cryptanalysis • Differential-Algebraic

Algebraic--Differential Cryptanalysis of DES Algebraic cryptanalysis of DES using Minisat Algebraic di erential cryptanalysis of DES Algebraic Di erential Cryptanalysis of …

Hidden Markov Model Cryptanalysis

Differential Cryptanalysis and Boomerang...ﬀtial Cryptanalysis and Boomerang Cryptanalysis of LBlock Jiageng Chen and Atsuko Miyaji⋆ School of Information Science, Japan Advanced

LINEAR CRYPTANALYSIS