Information Security, Mirai Malware, Integrity Protection, RSA Algorithm - Essay.

The C.I.A triad characteristics of information security

Information security is used to describe the tasks of protecting information in a digital form. To better understand the concepts of information security, you should be familiar with the key characteristics of information, which are expressed in the C.I.A triad characteristics, as shown.
(1) Explain these three key objectives of information security.
(2) Give examples of confidentiality, integrity and availability requirements associated with the ATM system in which users provide a bank card for account access and a personal identification number.

Security experts have discovered that many Internet of Things (IoT) devices including routers, DVRs and cameras could be potentially recruited into botnet because of a malicious software program Mirai, which emerged in 2016 and possibly becomes one of the biggest IoT-based malware threats. Hackers could use such malware to scan insecure Linux-based connected devices, enslave them into a botnet network, and used that to launch massive DDoS attacks to make internet outage, such as an attack on 20 September 2016 on computer security journalist Brian Krebs's website, an attack on French web host OVH and the October 2016 Dyn cyberattack.
(1) Research the Mirai malware to indicate possible issues of vulnerable devices and provide at least two strategies to prevent such botnet from spreading;
(2) Discuss types of hackers/attackers playing different roles in this case;
(3) Explain what a DDoS attack is and give basic steps to launch such a DDoS attack in this case study.

Integrity protection is used to guard against improper information modification or destruction,including ensuring information nonrepudiation and authenticity.
(1) Calculate message-digest fingerprints (checksum) for the provided files shattered-1&2.pdf:
(2) Explain why the Hash algorithm SHA256 is more secure than MD5 and SHA1;
(3) Based on the derived results in (1), explain why the Google Company announced that they achieved successful SHA-1 collision attack in the early of this year (2017).

The earliest and the simplest use of a substitution cipher was by Julius Caesar.Assume that Alice received the following message “skkz sk glzkx znk zumg vgxze” from Bob, who used Caesar Cipher to let Alice know “meet me after the toga party”. The Vigenère cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the letters of a keyword. It is a form of polyalphabetic substitution.
Please complete the following tasks:
(1) Research Vigenère cipher and indicate the differences between Caesar and Vigenère ciphers;
(2) By using Vigenère cipher, choose a key to encrypt the plaintext “meet me after the toga party”; Plaintext meet me after the toga party Key ciphertext
(3) Explain an approach that can be used to attack Vigenère cipher. Is it possible to improve the cryptographic algorithm?

RSA is an algorithm to encrypt and decrypt messages. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described RSA in 1978. A user of RSA creates and then publishes the product of two large prime numbers along with an auxiliary value as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message. However, with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.
Answer the following questions:
(1) Explain what category of cryptographic algorithms RSA belongs to.
(2) Explain how RSA is used to achieve the cryptography (encryption and decryption) and digital signatures.
(3) Explain the main weakness of digital signatures and how this weakness can be compensated for.

CIA is acronym of confidentiality, integrity and Availability. These are three main pillar of security (Ciampa, 2015, p. 13). If any product compliances these three-key security objectives, then it will be more secure and trustworthy-

• Confidently: It ensures that data must be visible to only authentic and true person. Data should be stored or transmitted in such a way so that only required person can only understand it and process it. Any other person should not able to understand the meaning of data.
• Integrity: It ensures that data is not altered in transit. There are few cryptography algorithms which can be used to maintain the integrity. These algorithms are called the hash functions. These hash functions calculate unique fixed value for the data. If any bit is changed in transit by attacker, then it will generate totally different hash at recipient side.
• Availability: It ensures that data is available for authorized users when it is required for processing. There should be some mechanism so that only authorized user can access it. Attacker should not be able to lock data by sending the DOS, DDOS attacks.
• If we talk about confidentialityin context of ATM card, then PIN is kept confidential so that only authorized person of the card can use the ATM. If in any circumstances it is lost or stolen, then it cannot be used for withdrawing the money because PIN is required for accessing the bank data. Also, it uses SSL encryption (provides confidentiality) for sending and receiving the financial information from ATM to Bank server.
• Integrityof data or information states that protecting information from being modified by illegal parties. For maintaining the integrity in ATM system, we use cryptography protocol HTTPS (SSL provides integrity) for transferring and receiving financial info from ATM machine to bank’s server.
• Availabilityensures that ATM service should be up and running for all the time. There should not be any outage. Customer has proper access rights for all type of transactions. In some kiosk, Financial institutions put more than one ATM machine which provided redundancy as well as fast service to customers.

 Mirai is malicious software or malware which exploits networked devices (Linux/Unix based). This malware comes under the DDOS category. Once these devices like, Internet of things, DVRs, Camera etc. are attacked then they become bot and can be controlled remotely. (MalwareTech, 2016) These controlled devices called bots can be used as part of a botnet in large-scale network attacks.

Mirai does wide-ranging IP addresses scan and locate under-secured IoT devices that can be remotely accessed via simply guessable login credentials. This malware spreads by brute-forcing servers with a list of so many horribly insecure default passwords for example admin, admin123, root123 and other dictionary words etc. (Ken, 2016)

For mitigating the risk of this type of attacks-

• we must use the strong password in all our devices.
• We can deploy security devices like IPS (intrusion prevention system) and firewall and network scanning from outside can be blocked by using these devices.

All Attackers/Hackers play various roles for information gathering of the network system and later exploiting it. There are various roles are performed sequentially and in logical way to exploit the target system. These roles are like social engineering methods often involve impersonation, phishing, spam, hoaxes, typo squatting, and watering hole attacks etc. (Ciampa, 2015, p. 68)

 DDOS is acronym of distributed denial of service. In this technique, Attacker uses large number of compromised machine to attack on a computer network or single machine. (McDowell, 2013) DDOS attack can be divided in three components –

• Bots – Army of the compromised machines. All nodes of army connect to controller for receiving the attack commands.
• Controller – this is the central server which manage all the bots and send the commands.
• Attacker – This component asks controller machine to send some attack commands to the specific network.

Examples of DDOS attacks are smurf attack, syn flood, HTTP GET flood and HTTP POST flood etc. In case of Mirai malware, Attacker asks all the bots to scan the IPs of the network and try to login it by using default passwords.

Message-digest fingerprints (checksum) for the provided files:

SHA-256 hash algorithm is more secure as compared to MD5 and SHA1. SHA-256 generates the 256-bits long hash which is harder to break and so far, there is no collision attack found. In contrast, MD5 and SHA1 produces 128-bits and 160-bits long hash respectively. These two hash MD5 and SHA1 are vulnerable collision attacks.

Example of three hashes of same string “All is well”-

MD5: 83D32746565A8EC3DEC033AA221AC479

SHA1: 8ED19AEDBE9C09F57437A27E21EB51B03032E63C

SHA256: 0A62A6F248F6F91E799DFFE77779130729143139384642041D66C6CA964856A9

In Collision attack, we can create two different file which generates the same hash values then that hash algorithm is vulnerable to collision attack. By using this flaw attacker can replace the file with other file which is big failure of the security forced by hash functions. (Ciampa, 2015, p. 191)

The SHA0 and SHA1 function couldn’t guard the network system against these kinds of attacks that is why it got obsoleted and not in use. As we can see in above table in 3(1), that 2 different pdf files have produced the same SHA1 hash. This collision attack was discovered by Google that is why Google announced that it had performed a successful collision attack on the popular SHA-1 cryptographic hash function for the first time in early 2017.

 The Vigenère cipher method uses numerous Caesar ciphers in some order with diverse shift values. A keyword is used for encrypting any string. For Encrypting any plain text string, a table of alphabets is used, called a Vigenère’s square or Vigenère’s table. (Rodriguez-Clark, CRYPTO CORNER, 2017)

Possible issues of vulnerable devices and preventive strategies

The main difference between Caesar and Vigenère method is, Caesar uses the fix values for shifting the alphabets i.e. all letters will use the same shift value. But in Vigenère method, it uses variable shift value for each letter in the string and this variable shift value depends on keyword used for encryption.

By using Vigenère cipher, choose a key to encrypt the plaintext “meet me after the toga party”-

Mechanism Used for Encryption: As we know that for encrypting any string by using Vigenère cipher, we need a keyword. Let’s assume the keyword is “SKYBLUE”. Also, we need the Vigenère table.

String:       meet me after the toga party

Keyword: SKYBLUE

Cipher: eocu xy exdcs ebi lyeb auvli

The main common methods use statistical methods to discover the key length, then a simple frequency study allows to find the key. Kasiski test finds repeating sequences of letters in the cipher text. By analysing the gaps between two similar repetitive sequences, an attacker can discover multiples of the key width. (Rodriguez-Clark, Kasiski Analysis, 2017)

For improving the strength of this cipher algorithm, we should use the long keyword, it will result much gap between repeated pattern in encrypted data and much efforts will be required to guess the length of the keyword and will result the low possibility of attack.

RSA belongs to Asymmetric key cryptography. RSA is protocol developed by three developer Ron Rivest, Adi Shamir, and Leonard Adleman. RSA name is taken from first letter of the last name of Ron Rivest, Adi Shamir, and Leonard Adleman. They first openly defined the procedure in 1978.

As we know that RSA is asymmetric key cryptography so it uses a pair of key, one key is called private key and another key is called public key. Here we keep the private key secure and confidential and we publish the public key using PKI infrastructure. (Ciampa, 2015, p. 203)

• Encryption/Decryption using RSA Protocol: This protocol uses one mathematical algorithm for generating the set of key.

In this procedure, it takes two very huge prime numbers m and n. The definition of prime number is that it is divisible only by 1 or itself. It multiplies this number c = mn. Post that, it randomly selects a number e which is small than c and a prime factor to (m – 1) (n – 1). Post that number d is selected where (ed – 1) is divisible by (m – 1) (n – 1). The values of e and d are the public and private component. The public key set is (c,e) and the private key set is (c,d).

For using RSA key for encryption and decryption, two pair of RSA key are generated. One set is used for sender and another is used for Receiver.

• Digital Signature: The Purpose of digital signature is to verify the sender, nonrepudiation and data integrity. For signing the data, we use the asymmetric key cryptography.

If data needs to be digitally signed, then we calculate the hash of the data and encrypt the hash using the senders public key. This encrypted hash is called the sender’s digital signatures. This digital signature is sent to receiver along with the actual data and sender’s certificate. Receiver verifies the signature by calculating the hash again at their end. After this it decrypt the signature by using sender’s public key.

The main weakness with digital signature is that it only verifies that sender’s private key was used for signing the message. But it does not confirm the identity of the sender and receiver doesn’t know who is sender. (Ciampa, 2015, p. 230)

For compensating this weakness, sender uses the digital certificate which is signed by the trusted third party. Both sender and receiver has strong trust on this third party. whenever any user sends digitally signed data to other party then it also attaches its own digital certificate. At Recipient side, receiver verifies the sender’s certificate and if certificate is valid then it takes the public key from sender and validate the digitally signed data. In this way receiver, can know that data came from real sender. 

References

Ciampa, M. (2015). CompTIA security+ guide to network security fundamentals (5th ed.). Boston: Cengage.

Ken, S. (2016). A Post-Mortem on the Mirai Botnet: Part 1: Defining the Attack. Retrieved August 20, 2017, from https://www.pwnieexpress.com/blog/mirai-botnet-part-1

MalwareTech. (2016). Mapping Mirai: A Botnet Case Study. Retrieved August 18, 2017, from https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html

McDowell, M. (2013). Security Tip (ST04-015). Retrieved August 16, 2017, from https://www.us-cert.gov/ncas/tips/ST04-015

Rodriguez-Clark, D. (2017). CRYPTO CORNER. Retrieved August 21, 2017, from https://crypto.interactive-maths.com/vigenegravere-cipher.html

Rodriguez-Clark, D. (2017). Kasiski Analysis. Retrieved August 19, 2017, from https://crypto.interactive-maths.com/kasiski-analysis-breaking-the-code.html.