Introduction to Software Security, Cryptography and No-Tech Hacking
Application Security Vs Software Security
It is a way to defend against software exploits after the deployment is complete.
- Issue-based short-term approach.
- Threat Modeling
- Code Review
It is a way to defend against software exploits by building the software to be secure.
- Root Cause Analysis.
- Organizational Change
Refers to any activity that may result in unauthorized access to computer data, applications, or devices. Results in —
- Financial Loss
- Loss of company Reputation
Types of Attacks
There are 5 main types of attacks.
- Leakage — Revealing of sensitive data.
- Tampering — Unauthrozied altering of Information.
- Resource Stealing — Use of resources without permission.
- Vandalism — Disturbing the system operations.
- Denial of Service — Disrupting the system usage.
Methods of Attack
- Eavesdropping: Obtaining copies of messages without the proper authority.
- Spoofing: Using the identity of another principle without authority.
- Message Tampering: Intercepting and altering of messages.
- Replaying: Storing messages and sending them later.
- Flooding: Send too many messages simultaneously.
Cryptography refers to the art of secret writing. The goal is to keep the information hidden from those who aren’t suppose to see it. This is done by “scrambling” the data.
An algorithm is used to scramble the data.
- 2 inputs: Data and key.
- Key is known only to the authorized users.
Cryptoanalysis: The art or science of converting ciphertext to plain text without using the secret key.
Encryption: The method used to convert information into a secret code that hides the information’s true meaning.
A cryptosystem should be secure even if everything about the system is public knowledge, except the key.
This is the opposite of “Security through obscurity”. Almost all of the new encryption algorithms follow this principle.
Advantages of making the encryption algorithm public,
- If we make the algorithm private and if someone cracks it, then all the messages will be decrypted.
- Others can identify issues in the algorithm.
Early Encryption Techniques
- Ceaser Cipher — Shift a letter with an offset(Offset is the Key).
- Kamasutra — Divide the alphabet into 2 or more rows and replace the original letter with the corresponding letter in the 2nd row(Offset is the splitting number).
- One time Pad
Problem with these algorithms: There's no secure way to distribute the Key.
Refers to the algorithm that is used to perform the encryption and decryption. There are 2 main characteristics of a good Cipher.
- Confusion — Even if we change 1 character in the original text, there should be a significant difference in the ciphertext.
- Diffusion — Original text should be distributed over the entire ciphertext.
These 2 factors should be taken into consideration. Otherwise, the attackers may able to guess the ciphertext.
Unconditional Security: Cipher can’t be broken irrespective of the computational power/ time.
Computational Security: Cipher can be broken using the brute force method(trying out different combinations). However, it may take a long time.
There are 2 classes of Encryption algorithms
Symmetric Key Encryption
In symmetric-key encryption, the same key is used for both encryption and decryption. There are many different symmetric key algorithms.
- DES( Data Encryption Standard)
- Triple DES
- AES(Advanced Encryption Standard)
- ECB(Electronic Codebook)
- CBC(Cipher Block Chaining)
These algorithms are fast and only require a single key. However, there are many problems such as the key distribution problem and key management problem.
Asymmetric Key Encryption
Provides one-way security. Two keys are generated as the public and the private key.
Need Private key to decrypt something that was encrypted using the public key.
The sender has to get the public key of the recipient from a trusted source. Sender Encrypt the message using this public key. Even if someone steals the ciphertext, they cannot decrypt it because they don't know the private key of the recipient.
This gets rid of the key distribution problem in symmetric encryption. However, this method is much slower and computationally expensive.
Pretty Good Privacy (PGP)
Initially, we use asymmetric key encryption to establish a secure channel in order to exchange the key for symmetric encryption.
Generally used for encryption of messages and digital signatures. PGP combines asymmetric key encryption and symmetric key encryption.
These are one-way functions.
Most commonly used to -
- Store passwords
- Integrity Protection ( eg- Sha256 )
Change the text into some other kind of format(also called digest, hashed output) but doesn't have the objective of reversing it back to the original format.
For each input, there should be a unique output.
There are hash tables published for popular encryption hash functions. These are called “Rainbow tables”. In the process of reverse Hashlookup, the application will search the hash value through this table.
Hash Collision: If 2 inputs generate the same hash value. (Hashing algorithm produces the same hash value for 2 inputs)
To overcome this problem, we use salted hashing.
Addition of some random data to the input of a hash function to guarantee a unique output.
This salting process is done according to the OWASP Guidelines. This technique will provide protection from dictionary attacks and reverse hash lookup. This will create unique hash values even for the same input.
It is the art of exploiting human psychology. Attackers can still try to get passwords and perform attacks without using any of the technical methods. This is called social engineering.
- Using the phone — Social engineer may call and pretend to be a fellow employee or friend and get information.
- Online — Using various social networking sites, social engineers can gain access to sensitive information of users.
As mentioned in the previous section, hackers do not need to rely on technological methods to perform an attack. Let’s look in detail at some of these methods.
“Password” is a secret word or phrase that is used to gain access to a service or resource. On the internet, we use many passwords for different purphoses. However, there are some important factors to consider before defining a password. Otherwise, attackers have to possibility to crack the password.
- Password should not be something related to you (part of your name, address, age, location)
- Make it long.
- Use a mix of characters.
- Avoid using memorable keyboard paths.
Security threats through WIFI networks
By now WIFI can be considered as one of the most ubiquitous wireless communication technologies available. Nowadays, public WIFI access points have been set up in more crowded places to provide easy access to the internet. However, attackers may use Rogue hotspots to steal information from users.
A Rogue hotspot is an open hotspot with a name similar to a legitimate hotspot. This is used by attackers to tempt users to connect with their network. Once connected attackers may intercept the connected user’s data or even inject malware into those devices. So without much effort, attackers can easily perform this. As a prevention technique, we should always connect the devices to trusted Wifi networks.
Social Media networks are also widely used to perform Identity theft.
Security Risks associated with Social Networking
There are many social networking sites present today and almost all of us use them on a daily basis. Therefore it is important to have an idea about the security risks associate with these social networking websites and how to avoid them.
Imagine the situation where we create a new social media profile. We may give out information such as our name, address, phone number, email, and even credit card information. Advertising Companies can get information for better and personalize ad selection.
This is done on a massive scale without the proper acknowledgment of the user. The attackers can perform an attack and easily replicate the victim as all the necessary information is stored in one central place. This results in identity theft.
Refers to software that has the capability to get information by accessing the computer without authorization. They may primarily target to steal sensitive information. Through social network sites, attackers may share this malicious software with users and try to steal the information. Therefore, the users should always be careful about the shared links and software by untrusted sources.
An attacker may create a website that looks similar to a Facebook login page. Then host it and the URL may also look similar to the original one with minor changes(change in a letter or two). Now he may share this URL and a user may accidentally enter his or her username and password. Now the attacker has the details.
These types of attacks are carried out in order to steal sensitive information. Therefore as users, we should always double-check and verify websites before we enter any sensitive information.
Always check the privacy rules.
Different social media websites have different privacy agreements. It is important to go through these settings and have a good understanding. Otherwise, the privacy of the user may get affected. The data may be leaked out without the knowledge of the user.
Do not overshare and know the audience
We can share anything and everything on social networking websites such as Facebook. However, this could lead to the leakage of valuable information. Therefore always double-check before sharing a photo, video, or even a story update on a social networking site. And it's always better to limit the audience to a limited number whom you know in real life.
How Social Media is Used in Cybercrimes - The Defence Works
Social media platforms are the success story of the century, certainly as far as numbers of users go. To give you an…