UNIT I

Classical Encryption Techniques: Security Attacks, Services & Mechanisms, Symmetric Cipher Model. Cyber
Threats, Phishing Attack, Web Based Attacks, SQL Injection Attacks, Buffer Overflow & Format String
Vulnerabilities, TCP session hijacking, UDP Session Hijacking. Block Ciphers: Traditional Block Cipher
Structure, Block Cipher Design Principles.

Introduction
The generic name for the collection of tools designed to protect data and to thwart
(prevent from succeeding in) hackers is computer security.
The term network security is somewhat misleading, because virtually all business
government and academic organizations interconnect their data processing equipment with a
collection of interconnected networks. Such a collection is often referred to as an internet, and
the term internet security is used.
There are no clear boundaries between these two forms of security. For example, one of
the most publicized types of attack on information systems is the computer virus. A virus may
be introduced into a system physically when it arrives in a diskette and is subsequently loaded
onto a computer, viruses may also arrive over an internet, in either case, once the virus is
resident on a computer system, internal computer security tools are needed to detect and
recover from the virus.

Security Goals

Let us first discuss the three security goals: confidentiality, integrity, and availability

Confidentiality:
 It is the most common aspect of information security. We need to protect our
confidential information.
 An organization needs to guard against those malicious actions that endanger the
confidentiality of its information.
 In the military, concealment of sensitive information is the major concern.
 In industry, hiding some information from competitors is crucial to the operation of the
organization.
 In banking, customer’s accounts need to be kept secret.
 Confidentiality not only applies to the storage of the information, is also applies to the
transmission of information.

Integrity:

 Information needs to be changed constantly. In a bank, when a customer deposits or

withdraws money, the balance of her account needs to be changed.

CJR 1/25
  Integrity means that changes need to be done only by authorized entities and through
authorized mechanisms.
 Integrity violation is not necessarily the result of a malicious act: an interruption in the
system, such as a power surge (up and down), may also create unwanted changes in
some information.

Availability:

 The third component of information security is availability.

 The information created and stored by an organization needs to be available to
authorized entities. Information is useless, if it is not available.
 The unavailability of information is just as harmful for an organization as the lack of
confidentiality or integrity.

Security Attacks

Cryptographic attacks can be broadly categorized into two distinct types: 1. Cryptanalytic and
2. Non-cryptanalytic.

 Cryptanalytic attacks: These attacks are combination of statistical and algebraic

techniques aimed at ascertaining the secret key of a cipher.
 These methods inspect the mathematical properties of the cryptographic algorithms and
aims at finding distinguishers of the output distribution of cryptographic algorithms form
uniform distributions.
 The objective of cryptanalysis is to find properties of the cipher which does not exist in a
random function.
 Here distinguishers mean that all attacks are fundamentally distinguishers. The attacker
thus guesses the key and looks for the distinguishing property. If the property is
detected, the guess is correct otherwise the next guess is tried.
 The guessing complexity is lesser than the brute force search complexity.

 Non-cryptanalytic attacks:
 The other types of attacks are non-cryptanalytic attacks, which do not exploit the
mathematical weakness of the cryptographic algorithm.

The three goals of security ─ confidentiality, integrity, and availability---can be very much
threatened by this class of attacks.
Although the literature uses different approaches to categorizing the attacks, we will first
divide them into three groups related to the security goals. Later, we will be divided them into
two broad categories based on their effects on the system. Figure 1.1 shows the first
taxonomy.

CJR 2/25
 Figure 1.1 Taxonomy of attacks with relation to security goals

 Attacks threatening confidentiality: In general , two types of attacks threaten the

confidentiality of information: snooping and traffic analysis.
Snooping:
 It refers to unauthorized access to (or) interception of data. For example, a file
transferred through the internet may contain confidential information.
 An unauthorized entity may interrupt the transmission and use the contents for her
own benefit.
 To prevent snooping, the data can be made non-intelligible to the intercepter by
using encipherment techniques.

Traffic analysis:
 Although encipherment of data may it non intelligible for the interceptor, she can
obtain some other type information by monitoring online traffic.
 While passing the data through networks the opponents may observe the route of
the data and amount of data and the passing time of data.
 Attacks threatening integrity:
The integrity of data can be threatened by several kinds of attacks: modification,
masquerading, replaying and repudiation.

Modification:
 After intercepting or accessing information, the attacker modifies the information to
make it beneficial to herself.
 For example, a customer sends a message to a bank to do some transaction. The
attacker intercepts the message and changes the type of transaction to benefit
herself.
 Note that sometimes the attacker simply deletes or delays the message to harm the
system or to benefit from it.

CJR 3/25
 Masquerading:
 It happens when the attacker impersonates somebody else.
 For example, an attacker might steal the bank card PIN of a bank customer and
pretend that she is that customer.
 Another example, a user tries to contact a bank, but another site pretends that it is
the bank and obtains some information from the user.

Replaying:
 The attacker obtains a copy of a message sent by a user and later tries to replay it.
 For example, a person sends a request to her bank to ask for payment to the
attacker, who has done a job for her. The attacker intercepts the message and
sends it again to receive another payment from the bank.
Repudiation:
 This type of attack is different from others because it is performed by one of the two
parties in the communication: the sender or the receiver.
 The sender of the message might later deny that she has sent the message; the
receiver of the message might later deny that she has received the message.
 An example of denial by the sender would be a bank customer asking her bank to
send some money to a third party but later denying that she has made such a
request.
 An example of denial by the receiver could occur when a person buys a product
from a manufacturer and pays for it electronically, but the manufacturer later
denies having received the payment and asks to be paid.
Man-in-the-Middle Attack:
In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is
able to read, insert and modify at will, messages between two parties without either party
knowing that the link between them has been compromised. The attacker must be able to
observe and intercept messages going between the two victims.

CJR 4/25
 Attacks Threatening Availability:
Denial of Service:
 Denial of Service (DoS) is a very common attack. It may slow down or totally
interrupt the service of a system.
 The attacker can use several strategies to achieve this. She might send so many
bogus requests to a server that the server crashes because of heavy load.

 Passive verses Active Attacks

Table 1.1 Categorization of passive and active attacks

Passive attacks:
 In a passive attack, attacker’s goal is just to obtain information. This means that the
attack does not modify data or harm the system.
 The system continues with its normal operation. However, the attack may harm the
sender or the receiver of the message.
 Attacks that threaten confidentiality ─ snooping and traffic analysis ─ are passive
attacks.
 Passive attacks, however, can be prevented by encipherment of the data.
Active attacks:
 An active attack may change the data or harm the system.
 Attacks that threaten the integrity and availability are active attacks.
 These attacks are normally easier to detect than to prevent because an attacker
can launch them in a variety of ways.

Services and Mechanism

ITU-T (International Telecommunication Union-Telecommunication Standardization Sector)

provides some security services and some mechanisms to implement those services.

CJR 5/25
Security Services

ITU-T (X.800) has defined five services related to the security goals and attacks we defined in
the previous sections. Figure 1.3 shows the taxonomy of those five common services.

Figure 1.2 Security Services

It is easy to relate one or more of these services to one or more of the security goals. It is also
easy to see that these services have been designed to prevent the security attacks that we
have mentioned.

Data Confidentiality: Data confidentiality is designed for information is not made available to
unauthorized individual. It is designed to prevent snooping and traffic analysis attacks.
Data Integrity: It is designed to protect data from modification, insertion, deletion, and
replaying by an adversary. It may protect the whole message or part of the message.
Authentication: This service provides the authentication of the party at the other end of the
line. In connection-oriented communication, it provides authentication of the sender and
receiver during the connection establishment. In connection-less communication, it
authenticates the source of the data (data origin authentication).
Nonrepudiation: Nonrepudiation service protects against repudiation (refuse to accept) by
either the sender or the receiver of the data.
Nonrepudiation, Origin
Proof that the message was sent by the specified party.
Nonrepudiation, Destination
Proof that the message was received by the specified party.
Access Control: It provides protection against unauthorized access to data. The term access
in this definition is very broad and can involve reading, writing, modifying, executing programs,
and so on.

Security Mechanisms

ITU-T (X.800) also recommends some security mechanisms to provide the security services
defined in the previous section. Figure 1.3 gives the taxonomy of these mechanisms.

Encipherment:
 Encipherment, hiding or covering data, can provide confidentiality.
 Today two techniques cryptography and steganography are used or enciphering.

Data integrity:
 The data integrity mechanism appends to the data a short checkvalue that has been
created by a specific process from the data itself.

CJR 6/25
  The receiver receives the data and checks value.
 He creates a new checkvalue from the received data and compares the newly created
checkvalue with the one received.
 If two check values are same, the integrity of data has been preserved.

Figure 1.3 Security Mechanisms

Digital signature:
 A digital signature is a means by which the sender can electronically sign the data and
receiver can electronically verify the signature.
 The sender uses a process that involves showing that she owns a private key related to
the public key that she has announced publicly.
 The receiver uses the sender's public key to prove that the message is indeed signed by
the sender who claims to have sent the message.

Authentication exchange:
 In these two entities exchange some messages to prove their identity to each other.
 For example, one entity can prove that she knows a secret that only she is supposed to
know

Traffic Padding:
 This means inserting some bogus data into the data traffic to the adversary's attempt to
use the traffic analysis.

Routing control:
 It means selecting and continuously changing different available routes between sender
and receiver to prevent the opponent from eavesdropping (secretly listen to a
conversation) on a particular route.

Notarization:
 It means selecting a third trusted party to control the communication between two
entities.
 This can be done, for example, to prevent repudiation.

Access control:

CJR 7/25
  It uses methods to prove that a user has access right to the data or resources owned by
a system.
 Examples of proofs are passwords and PINs.

Relation between Services and Mechanisms

Table 1.2 shows the relationship between the security services and the security mechanisms.

Security Service Security Mechanism

Data confidentiality Encipherment and routing control
Data integrity Encipherment, digital signature, data integrity
Authentication Encipherment, digital signature, authentication
exchanges
Nonrepudiation Digital signature, data integrity, and notarization
Access control Access control mechanism

Table 1.2 Relation between security services and security mechanisms

Symmetric Cipher Model

 An original message is known as the plaintext, while the coded message is called the
ciphertext.
 The process of converting from plaintext to ciphertext is known as enciphering or
encryption.
 Restoring the plaintext from the ciphertext is deciphering or decryption.
 The many schemes used for enciphering constitute the area of study known as
cryptography.
 Such a scheme is known as a cryptographic system or a cipher.
 Technology used for deciphering a message without any knowledge of the enciphering
details fall into the area of cryptanalysis.
 Cryptanalysis is what the layperson calls “breaking the code”. The areas of cryptography
and cryptanalysis together are called cryptology.
Symmetric cipher model

A symmetric encryption scheme has five ingredients (Figure 1.4):

Figure 1.4 Simplified Model of Conventional Encryption

CJR 8/25
 Plaintext: This is the original intelligible message of data that is fed into the algorithm as
input.
 Encryption algorithm: the encryption algorithm performs various substitutions and
transformations on the plaintext.
 Secret key: the secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext. The algorithm will produce a different output depending on
the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
 Ciphertext: this is the scrambled message produced as output. It depends on the plaintext
and the secret key. For a given message, two different keys will produce two different
ciphertexts. For a given message, two different keys will produce two different ciphertexts.
The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
 Decryption algorithm: this is essentially the encryption algorithm run in reverse. It takes
the ciphertext and the secret key and produces the original plaintext.

There are two requirements for secure use of conventional encryption:

1) We need a strong encryption algorithm.

2) Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure.

With the message X and the encryption key K as input, the encryption algorithm forms
the ciphertext Y.
We can write this as
Y = EK(X)
This notation indicates that ciphertext Y is from plaintext X using encryption algorithm E and
secret key K.
The intended receiver, in possession of the key, is able to invert the transformation:
X = DK (Y)
Plaintext X is produced by using decryption algorithm D and secret key K.

Figure 1.5 Model of Symmetric Cryptosystem

Figure 1.5 depicts model of symmetric cryptosystem. An opponent, observing Y but not having
access to K or X, may attempt to recover X or K or both X and K. It is assumed that the
opponent knows the encryption (E) and decryption (D) algorithms. If the opponent is interested
in only this particular message, then the focus of the effort is to recover X by generating a

CJR 9/25
plaintext estimate X'. Often, however, the opponent is interested in being able to read future
messages as well, in which case an attempt is made to recover K by generating an estimate K'.

Cryptanalysis and Brute-Force attack

There are two general approaches to attacking a conventional encryption scheme:

 Cryptanalysis: cryptanalytic attacks rely on the nature of the algorithm plus perhaps
some knowledge of the general characteristics of the plaintext or even some sample
plaintext-ciphertext pairs.
 Brute-force attack: The attacker tries every possible key on a piece of ciphertext until
an intelligible translation into plaintext is obtained. On average, half of all possible keys
must be tried to achieve success.

Table 1.3 shows how much time is involved for various key spaces by Brute-force attack.
Results are shown for four binary key sizes.

Table 1.3 Average Time Required for Exhaustive Key Search

Table 1.4 summarizes the various types of cryptanalytic attacks based on the amount of
information known to the cryptanalyst. The most difficult problem is presented when all that is
available is the ciphertext only. In some cases, not even the encryption algorithm is known, but
in general, we can assume that the opponent does know the algorithm used for encryption.
One possible attack under these circumstances is the brute-force approach of trying all possible
keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on
an analysis of the ciphertext itself, generally applying various statistical tests to it.

CJR 10/
 Table 1.4 Types of attacks on Encrypted Messages

Cyber Threats

 Cyber threat is an attack on digital systems originating malicious acts of an anonymous

source. Cyber-attack allows for an illegal access to the digital device, while gaining
access of the digital device.
 Phishing and defensive measures:
 Phishing is an act of attempting to acquire information such as username, password and
credit cart details by acting as a legitimate entity in an electronic communication.
Phishing technique was described in 1987.
 Techniques of phishing:
Spear phishing:
 A spear phisher sends a message that appears to be from an employer, a colleague or
other legitimate correspondent, to a small group or event one specific person. This
attack is sometimes used to target those who use a certain product or website.
Clone phishing:
 This technique could be used indirectly from a previously infected machine and gain a
foothold on another machine, by exploiting the social trust associated with the inferred
connection due to both parties receiving the original mail.
 Pharming is another technique intended to redirect a website's traffic to another, fake
site. Pharming can be conducted either by changing the hosts file on a victim's computer
or by exploitation of a vulnerability in DNS server software.
 DNS servers are computers responsible for resolving Internet names into their real IP
addresses.
Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires
unprotected access to target a computer, such as altering a customer's home computer, rather
than a corporate business.
 Measures to phishing defense:
1. SAFE BROWSING TOOL:

CJR 11/
Since the web is the most frequently used attack vector, it is important to have protection for
browsers, especially when a search is used.
 The Web of Trust (WOT) Plugin for Safe Browsing:
 The WOT is a community-based collection of websites, based on a reputation achieved
through the ratings of millions of users. It is a free safe surfing plugin for major browsers
and provides website ratings and reviews to help web users as they search, surf and
shop online.
 WOT uses color-coded symbols to show the reputation of a site: Green indicates the site
is trusted by the community, yellow warns a user to be cautious and red indicates
potential danger. A gray symbol with a question mark means that there is no rating due
to a lack of sufficient data.
2. UNIFORM RESOURCE LOCATOR (URL) FILTERING:
 URL filters check hyperlinks and URL for specific commands, keywords, and malicious
code. This type of filtering is usually utilized by web and email scanning engines. Both
Internet Explorer (IE), Chrome, and Firefox provide phishing filters.
 Phishing and malware protection are accomplished by checking the site that is being
visited against lists of reported phishing and malware sites. These lists are automatically
downloaded and updated by browsers. So, when the Phishing and Malware Protection
features are enabled, browsers can provide warnings.
 The Location of a List of Phishing Sites:
 PhishTank (http://www.phishtank.com/) is a collaborative clearing house for data and
information about phishing on the Internet. One can also query or browse this phishing
site list.
 The Configurations of Phishing Protection Features Employed in Firefox and
Internet Explorer (IE):
 Firefox provides options for security by checking the two items in the green box. When
installing Firefox, these options are enabled by default. The IE8 configuration is by
checking the SmartScreen in the Advanced Tab of Internet Options. SmartScreen in
enabled by default during the installation process.
 The Manner in Which Phishing Site Warnings Are Displayed in IE and Firefox:
 IE7 not only clearly labels it as such in the red area at the top of the page, but in addition
indicating that HTTPS is not used. A site like Paypal would definitely have a secure site.
Unfortunately, it is probably too late for an individual that reaches this point, since the
malicious scripts will undoubtedly be loaded into their machine when the site is
accessed. IE8 provides a clear warning on the screen.
 The Use of a Browser Filter to Block a Phishing Site:
 Since a browser may not be able to download its phishing site list in time, a phishing/
malware site may still evade the filtering process. A user should always take precautions,
since a phishing website may emerge any moment and in this situation the browser filter
is always an afterthought.
3. The obfuscated URL and the redirection technique:
 Two of the most common techniques employed in phishing are the confusing/obfuscated
URL and the redirection technique. For example, the following URLs appear to be an
ebay site since ebay is prominently displayed in the listing.
http://ebay.hut2.ru
The other technique is redirection, which is illustrated in the following URL:
http://www.paypal.com/url.php?url = “http://phishing.com”
In this case Paypal appears to be the site, but then it is redirected to phishing.com. This latter
technique is an effective phishing approach, since it appears that a legitimate site is being
visited while, in fact, redirection to a phishing site is actually taking place.

Phishing attack
CJR 12/
 Phishing is a type of deception designed to steal your valuable personal data, such as
credit card numbers, passwords, account data, or other information by masquerading as a
trustworthy entity in an electronic communication. Communications purporting to be from
popular social web sites, auction sites, online payment processors or IT administrators are
commonly used to lure the unsuspecting public.
 Phishing is typically carried out by e-mail or instant messaging and it often directs users to
enter details at a fake website whose look and feel are almost identical to the legitimate
one.
 Phishing is an example of social engineering techniques used to fool users and exploits the
poor usability of current web security technologies. The purpose of a phishing message is to
acquire sensitive information about a user. For doing so the message needs to deceive the
intended recipient.

How to avoid being a phishing victim?

1. Phishing e-mail messages are usually sent out in bulk and often do not contain your first or
last name. never respond to requests for personal information via email. When in doubt, call
the institution that claims to have sent you the email.
For example, “Dear Sir or Madam” rather than “Dear Dr. Phatak”.

2. If you suspect the message might not be authentic, don’t use the links within the email to
get to a web page. Retype the address in a new window.
3. Never fill out forms in email messages that ask for confidential information.
4. Always ensure that you are using a secure website when submitting credit card or other
sensitive information via your web browser.
Check the beginning of the web address in your browsers address bar
It should be ‘https://’ rather than just ‘http://’
Look for the locked padlock icon on your URL bar.

5. Regularly check your bank, credit and debit card statements to ensure that all transactions
are legitimate and if anything is suspicious, contact your bank and all card issuers
immediately.
6. Ensure that your browser and OS software is up-to-date and that latest security patches are
applied. Keep antivirus definitions updated.
7. verify the real address of a website. Phishers also use Uniform Resource Locators (URLs)
that resemble the name of a well-known company but are slightly altered by adding,
omitting, or transposing letters. For example, the URL www.microsoft.com could appear
instead as:
www.micosoft.com ?
www.mircosoft.com ?
www.verify-mirosoft.com

WEB-BASED ATTACKS

 The vulnerabilities in web-based attacks are manifested in a variety of ways. For example,
the inadequate validation of user input may occur in one of the following attacks: Cross-
Site Scripting (XSS or CSS), HTTP Response Splitting or SQL Injection.

 HTTP RESPONSE SPLITTING ATTACKS:

 HTTP response splitting occurs when:

CJR 13/
 o Data enters a web application through an untrusted source, most frequently an HTTP
request.
o The data is included in an HTTP response header sent to a web user without being
validated for malicious characters.

 At its root, the attack is straightforward: an attacker passes malicious data to a

vulnerable application, and the application includes the data in an HTTP response
header.
 HTTP response splitting attacks may happen where the server script embeds user data in
HTTP response headers without appropriate sanitation.
 This typically happens when the script embeds user data in the redirection URL of a
redirection response (HTTP status code 3xx), or when the script embeds user data in a
cookie value or name when the response sets a cookie.
 Attacker uses a web server, which has a vulnerability enabling HTTP response splitting,
and a proxy/cache server in a HTTP response splitting attack.
 HTTP response splitting is the attacker’s ability to send a single HTTP request that forces
the web server to form an output stream, which is then interpreted by the target as two
HTTP responses instead of one response.

Figure: Attacker uses a.com web server, which has a vulnerability enabling HTTP response
splitting, and a proxy/cache server in a HTTP response splitting attack. A victim will retrieve the
cached second response when accessing the a.com.

Steps:

1. An attacker sends two HTTP requests to the proxy server.

2. The proxy server forwards two HTTP requests to the a.com web server.
3. The a.com web server sends back one HTTP response to each request and the proxy only
accepts the first response message.
4. The proxy server interprets the accepted response as two HTTP response messages
5. The first request is matched to the first response. A first HTTP response, which is a 302
(redirection) response.
6. The second request (http://a.com/index.html) is matched to the second response. A
second HTTP response, which is a 200 response, has a content comprised of 26 bytes of
HTML.
7. A victim sends a request to http://a.com/index.html.
8. The victim receives the second response message. The problem is that the content in the
second response can be any script that will be executed by the browser.

CJR 14/
 CROSS-SITE REQUEST FORGERY (CSRF OR XSRF):
 Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated. CSRF
attacks specifically target state-changing requests, not theft of data, since the attacker
has no way to see the response to the forged request.
 With a little help of social engineering (such as sending a link via email or chat), an
attacker may trick the users of a web application into executing actions of the attacker's
choosing.
 If the victim is a normal user, a successful CSRF attack can force the user to perform
state changing requests like transferring funds, changing their email address, and so
forth. If the victim is an administrative account, CSRF can compromise the entire web
application.
 Cookies are small files which are stored on a user's computer. They are designed to hold
a modest amount of data specific to a particular client and website, and can be accessed
either by the web server or the client computer.

 CROSS-SITE SCRIPTING (XSS) ATTACKS:

 Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are
injected into trusted web sites. XSS attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side script, to a
different end user.
 Flaws that allow these attacks to succeed are quite widespread and occur anywhere a
web application uses input from a user within the output it generates without validating
or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting
user.
 The end user’s browser has no way to know that the script should not be trusted, and will
execute the script.
Because it thinks the script came from a trusted source, the malicious script can access any
cookies, session tokens, or other sensitive information retained by the browser and used with
that site. These scripts can even rewrite the content of the HTML page.

 NON-PERSISTENT XSS ATTACKS:

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common
type. These holes show up when the data provided by a web client, most commonly in HTTP
query parameters (e.g. HTML form submission), is used immediately by server-side scripts to
parse and display a page of results for and to that user, without properly sanitizing the request.

 PERSISTENT XSS ATTACKS:

 The persistent (or stored) XSS vulnerability is a more disturbing variant of a cross-site
scripting flaw: it occurs when the data provided by the attacker is saved by the server,
and then permanently displayed on "normal" pages returned to other users in the course
of regular browsing, without proper HTML escaping.
 A classic example of this is with online message boards where users are allowed to post
HTML formatted messages for other users to read.

SQL Injection Attack

SQL injection is an attack where the hacker makes use of unvalidated user input to enter
arbitrary data or SQL commands; malicious queries are constructed and when executed by the

CJR 15/
backend database it results in unwanted results. The attacker should have the knowledge of
background database and he must make use of different strings to construct malicious queries
to post them to the target.
For Example, in user login screen, username and password are the dynamic fields where users
enter the data. Depending upon the user’s inputs dynamic queries will be constructed; the
usual query will be

Select * from users table where username=’Username.txt’ and

password=’Password.txt’.

If the input fields are not sanitized properly, then the malicious user can enter some data like
this

Username = blah’ or 1=1—

Password = password

Here both username and password are incorrect. But the query which is constructed will be

Select * from users where username=’blah’ or 1=1—and password=’password’

The query will run and the user will be granted access. This is because the first part of the
query is

Select * from users where username=’blah’ or 1=1—

Because – is a comment line in SQL, everything following that will be ignored. The query will
only validate between username=’blah’ or 1=1.

Because 1=1 is always true, the user will be granted access.

Buffer overflow

Buffer overflow attacks are considered to be the most insidious attacks in Information Security.
Buffer overflow attacks are analogous to the problem of water in a bucket. For example, when
more water is added than a bucket can hold, water overflows and spills. It is the same case
with buffer overflow, which occurs when more data is added than a variable, can hold. It will
then move out into the adjacent memory locations.

Buffer overflow vulnerability occurs when you give a program too much data. The
excess data corrupts nearby space in memory and may alter other data. As a result, the
program might report an error or behave differently. Such vulnerabilities are also called buffer
overrun.

Some programming languages are more susceptible to buffer overflow issues, such as C
and C++. This is because these are low-level languages that rely on the developer to allocate
memory. Most common languages used on the web such as PHP, Java, JavaScript or Python, are
much less prone to buffer overflow exploits because they manage memory allocation on behalf

CJR 16/
of the developer. However, they are not completely safe: some of them allow direct memory
manipulation and they often use core functions that are written in C/C++.

Buffer overflow vulnerabilities are difficult to find and exploit. They are also not as
common as other vulnerabilities. However, buffer overflow attacks may have very serious
consequences. Such attacks often let the attacker gain shell access and therefore full control of
the operating system. Even if the attacker cannot gain shell access, buffer overflow attacks
may stop running programs and, as a result, cause a Denial of Service.

How Does a Buffer Overflow Work?

In a simple program, you may want the user to enter an email address. Therefore, you
create a string variable. You allocate 64 bytes to the variable because you do not expect an
email string to be longer than 64 characters. However, you trust the user input too much and
do not check if the length of the entered string exceeds the size of the buffer.
As a result, the user enters 100 characters and the remaining 36 characters are stored in
memory allocated to another variable. This causes the value of that variable to change and the
behavior of the program to change as well. In most cases, this leads to a simple memory
segmentation fault but it may have more serious consequences.

Types of Buffer Overflow Vulnerabilities

There are two primary types of buffer overflow vulnerabilities: stack

overflow and heap overflow.

In the case of stack buffer overflows, the issue applies to the stack, which is the memory
space used by the operating system primarily to store local variables and function return
addresses. The data on the stack is stored and retrieved in an organized fashion (last-in-first-
out), the stack allocation is managed by the operating system, and access to the stack is fast.
In the case of heap buffer overflows, the issue applies to the heap, which is the memory
space used to store dynamic data. The amount of memory that needs to be reserved is decided
at runtime and it is managed by the program, not the operating system. Access to the heap is
slower but the space on the heap is only limited by the size of virtual memory.

Buffer Overflow Attack Example

In some cases, an attacker injects malicious code into the memory that has been
corrupted by the overflow. In other cases, the attacker simply takes advantage of the overflow
and its corruption of the adjacent memory. For example, consider a program that requests a
user password in order to grant the user access to the system. In the code below, the correct
password grants the user root privileges. If the password is incorrect, the program will not
grant the user privileges.

printf ("\n Correct Password \n");

pass = 1;
}
if(pass)
{
/* Now Give root or admin rights to user*/
printf ("\n Root privileges given to the user \n");
}
return 0;

CJR 17/
However, there is a possibility of buffer overflow in this program because the gets() function
does not check the array bounds.

Here is an example of what an attacker could do with this coding error:

$ ./bfrovrflw
Enter the password:
hhhhhhhhhhhhhhhhhhhh
Wrong Password
Root privileges given to the user

In the above example, the program gives the user root privileges, even though the user
entered an incorrect password. In this case, the attacker supplied an input with a length
greater than the buffer can hold, creating buffer overflow, which overwrote the memory of
integer “pass.” Therefore, despite the incorrect password, the value of “pass” became non
zero, and the attacker receives root privileges.

Format String Vulnerability

What is a format string?

printf ("The magic number is: %d\n", 1911);

The text to be printed is “The magic number is:”, followed by a format parameter ‘%d’, which is
replaced with the parameter (1911) in the output. Therefore, the output looks like: The magic
number is: 1911. In addition to %d, there are several other format parameters, each having
different meaning. The following table summarizes these format parameters:

The following table summarizes these format parameters:

Paramete Meaning Passed as

r
%d decimal (int) value
%u unsigned decimal (unsigned int) value
%x hexadecimal (unsigned int) value
%s string ((const) (unsigned) char *) reference
%n number of bytes written so far, (* int) reference

The stack and its role at format strings

The behavior of the format function is controlled by the format string. The function retrieves
the parameters requested by the format string from the stack.

printf("a has value %d, b has value %d, c is at address: %08x\n", a, b, &c);

(%08x will produce a 8 digits hex number, padded by preceding zeros)

TCP Session Hijacking

TCP guarantees delivery of data and also guarantees that packets will be delivered in the
same order in which they were sent. In order to guarantee that packets are delivered in the
right order, TCP uses acknowledgement (ACK) packets and sequence numbers to create a “full
duplex reliable stream connection between two end points,” with the end points referring to the

CJR 18/
communicating hosts. The connection between the client and the server begins with a three-
way handshake.
Server responds by sending a SYN/ACK packet that contains the server's own sequence
number p and an ACK number for the client's original SYN packet. This ACK number indicates
the next sequence number the server expects from the client. Client acknowledges receipt of
the SYN/ACK packet by sending back to the server an ACK packet with the next sequence
number it expects from the server, which in this case is P+1. After the handshake, it’s just a
matter of sending packets and incrementing the sequence number to verify that the packets
are getting sent and received.
The goal of the TCP session hijacker is to create a state where the client and server are
unable to exchange data, so that he can forge acceptable packets for both ends, which mimic
the real packets. Thus, attacker is able to gain control of the session. At this point, the reason
why the client and server 19 will drop packets sent between them is because the server’s
sequence number no longer matches the client’s ACK number and likewise, the client’s
sequence number no longer matches the server’s ACK number.

To hijack the session in the TCP network the hijacker should employ following techniques:
IP Spoofing: spoofing is “a technique used to gain unauthorized access to computers
whereby the intruder sends messages to a computer with an IP address indicating that the
message is coming from a trusted host.” Once the hijacker has successfully spoofed an IP
address, he determines the next sequence number that the server expects and uses it to inject
the forged packet into the TCP session before the client can respond. By doing so, he creates
the “desynchronized state.”
Blind Hijacking: If source routing is disabled, the session hijacker can also employ blind
hijacking where he injects his malicious data into intercepted communications in the TCP
session. It is called “blind” because the hijacker can send the data or commands but cannot
see the response. The hijacker is basically guessing the responses of the client and server.
Man-in-the-Middle attack (packet sniffing): This technique involves using a packet
sniffer that intercepts the communication between the client and server. With all the data
between the hosts flowing through the hijacker’s sniffer, he is free to modify the content of the
packets. The trick to this technique is to get the packets to be routed through the hijacker’s
host.

CJR 19/
 Figure 1.6 A TCP Session Hijacking Attack (Man-in-the-middle attack)
UDP Session Hijacking

Hijacking a session over a UDP is exactly the same as over TCP, except the UDP attackers do
not have to worry about the overhead of managing sequence numbers and other TCP
mechanisms.
Since UDP is connectionless, injecting data into a session without being detected is extremely
easy. Figure shows how an attacker could do this.

DNS queries, online games like Quake series and Half-life, and peer-to-peer sessions are
common protocols that work over UDP; all are popular targets for this kind of session hijacking.

Traditional Block Cipher Structure

Virtually all symmetric block encryption algorithms in current use are based on a structure
referred to as a Feistel block cipher. For that reason, it is important to examine the design
principles of the Feistel cipher. We begin with a comparison of stream ciphers and block
ciphers. Then we discuss the motivation for the Feistel block cipher structure, finally, we
discuss some of its implications.

Stream Ciphers and Block Ciphers

CJR 20/
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
Examples of classical stream ciphers are the auto keyed Vigenere cipher and the Vernam
cipher.
A block cipher is one in which a block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used.

Figure 1.7 Stream Cipher and Block Cipher

Motivation for the Feistel Cipher Structure

A block cipher operates on a plaintext block on n bits to produce a ciphertext block of n bits.
There are 2n possible different plaintext blocks and, for the encryption to be reversible i.e., for
decryption to be possible), each must produce a unique ciphertext block. Such a transformation
is called reversible, or nonsingular. The following examples illustrate nonsingular and singular
transformation for n = 2.
In the latter case, a ciphertext of 01 could have been produced by one of two plain text blocks.
So if we limit ourselves to reversible mappings, the number of different transformations is 2 n!.
(For 00 there are four possibilities i.e. 11, 10, 00, 01 for 01 only 3 possibilities 10. 00, 01 if we
fix 11 for 00).

Irreversible
Reversible Mapping
Mapping
Plaintex Ciphertex Plaintex Ciphertex
t t t t

00 11 00 11

01 10 01 10

10 00 10 01

11 01 11 01

CJR 21/
Substitution and Permutation

Substitution: Each plaintext element or group of elements is uniquely replaced by a

corresponding ciphertext element or group of elements.

Permutation: A sequence of plaintext elements is replaced by a permutation of that

sequence. That is, no elements are added or deleted or replaced in the sequence,
rather the order in which the elements appear in the sequence is changed.

Diffusion and Confusion

Diffusion: Diffusion hides the relationship between ciphertext and plaintext. If a single symbol
in the plaintext is changed, several or all symbols in the ciphertext will also be changed.

Diffusion hides the relationship between ciphertext and plaintext.

Confusion: Confusion hides the relationship between ciphertext and key. If a single bit in the
key will be changed the most or all the bits in the ciphertext will be changed.

Confusion hides the relationship between ciphertext and key.

Feistel Cipher Structure

Figure 1.8 depicts the structure proposed by Feistel. The inputs to the encryption
algorithm are a plaintext block of length 2w bits and a key K. The plaintext block is divided into
two halves, L0 and R0. The two halves of the data pass through n rounds of processing and then
combine to produce the ciphertext block. Each round i has as inputs Li-1 and Ri-1, derived from
the previous round, as well as a subkey K i, derived from the overall K. In general, the subkeys K i
are different from D and from each other.

All rounds have the same structure. A substitution is performed on the left half of the
data. This is done by applying a round function F to the right half of the data and then taking
the exclusive-OR of the output of that function and the left half of the data. The round function
has the same general structure for each round but is parameterized by the round subkey K i.
Following this substitution, a permutation is performed that consists of the interchange of the
two halves of the data. This structure is a particular from of the substitution-permutation
network (SPN) proposed by Shannon.

CJR 22/
 Figure 1.8 Classical Feistel Network

The exact realization of a Feistel network depends on the choice of the following
parameters and design features:

 Block size: Larger block sizes mean greater security all other things being equal) but
reduced encryption/decryption speed. A block size of 64 bits is a reasonable tradeoff and
has been nearly universal in block cipher design. However, the new AES uses a 128-bit
block size.
 Key size: Larger key size means greater security but may decrease encryption/decryption
speed. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128
bits has become a common size.
 Number of rounds: the essence of the Feistel cipher is that a single round offers
inadequate security but that multiple rounds offer increasing security. A typical size is 16
rounds.
 Subkey generation algorithm: Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis.
 Round function: Again, greater complexity generally means greater resistance to
cryptanalysis.
There are two other considerations in the design of a Feistel cipher:

CJR 23/
 Fast software encryption/decryption: In many cases, encryption is embedded in
applications or utility functions in such a way as to preclude a hardware implementation.
Accordingly, the speed of execution of the algorithm becomes a concern.
 Ease of analysis: Although we would like to make our algorithm as difficult as possible to
cryptanalyze, there is great benefit in making the algorithm easy to analyze, that is, if the
algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for
cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its
strength. DES, for example, does not have an easily analyzed functionality.

Feistel Decryption Algorithm

Figure1.9 Feistel Encryption and Decryption

CJR 24/
 The process of decryption with a Feistel cipher is essentially the same as the encryption
process. The rule is as follows: Use the ciphertext as input to the algorithm, but use the
subkeys Ki in reverse order, that is, use K n in the first round, K n-1 in the second round, and so on
until K1 is used in the last round, this is a nice feature because it means we need not implement
two different algorithms, one for encryption and one for decryption.

To see that the same algorithm with a reversed key order produces the correct result,
consider Figure 1.9, which shows the encryption process going down the left -hand side and the
decryption process going up the right-hand side for a 16-round algorithm the result would be
the same for any number of rounds).

Block Cipher Principles

Block Cipher Principles

A block cipher is designed by considering its three critical aspects which are listed as below:

1. Number of Rounds
2. Design of Function F
3. Key Schedule Algorithm

1. Number of Rounds
The number of rounds judges the strength of the block cipher algorithm. It is considered that
more is the number of rounds, difficult is for cryptanalysis to break the algorithm.
It is considered that even if the function F is relatively weak, the number of rounds would make
the algorithm tough to break.

2. Design of Function F
The function F of the block cipher must be designed such that it must be impossible for any
cryptanalysis to unscramble the substitution. The criterion that strengthens the function F is its
non-linearity.
More the function F is nonlinear, more it would be difficult to crack it. Well, while designing the
function F it should be confirmed that it has a good avalanche property which states that a
change in one-bit of input (either plaintext or key) must reflect the change in many bits of
output.
The Function F should be designed such that it possesses a bit independence criterion which
states that the output bits must change independently if there is any change in the input bit.

3. Key Schedule Algorithm

It is suggested that the key schedule should confirm the strict avalanche effect and bit
independence criterion.

CJR 25/