Cryptography and data security

1. Research each attack and explain the cryptographic weaknesses that make the attack
possible, and explain how the attack is performed.

Cryptography is a method to protect and securely send the data to the receiver. It protects
the data secure online transactions by using the codes so that only the receiver can
understand or encrypt for communication between two systems. Crypt means "hidden" and
graphic stands for "writing".

E-Fail Attack:

E-Fail is an attack which targets the encrypted emails and this can be done by
changing or formatting the encrypted standards or by specific vulnerable clients.

It is a Security hole present in the emails. Most of them use the HTML or JavaScript, so it
is easy for the attacker to attack the content of the email. The encrypted form transmits
the content. Mostly affect the Gmail, Microsoft outlook and Apple mails.
E-Fail mostly attacks the vulnerabilities in OpenPGP and S/MIME standards to show the
plaintext of encrypted emails. (Nikiforakis el-al,2019).
In an email, an attacker needs access to the message which is present in the email which
is in encrypted form and ability to send the email to at least one of its regular recipients
of the original mail.
The attack is performed in two ways:
Direct Filtration -
To access the decrypted content of the encrypted mail, the attacker modifies the
message in a particular way or a specific way and then send the changed email to the
recipients. To create the MIME, the attacker adds the additional part before and after
the encrypted text of the encrypted mail as a parameter value of the HTML tag.
 Here, the attacker creates 3 multiple body parts:
First is IMG tag, in this tag the link is open with quotes but not closed.
The second part is s/MIME Ciphertext, and the third part contains the body HTML, which
closes the img tag of the first part.

Now, the recipient receives this in:

In an email, all the non-printable are written in %20 which is whitespace and request it
from the img tag which contains plaintext. Thus, the attacker receives the plaintext from
the victim's client

CBC/CFB Attack:

In this attack, it exfilters the plaintext using the CBC/CFB gadgets.

In CBC mode, if the attacker knows the plaintext, it can modify plaintext blocks. It is used
in S/MIME, and CFB is used in OpenPGP, which is very similar to CBC properties. In this
attack, the attacker already knows the first block. Then she tries for other blocks by
injecting the img tag in the encrypted plaintext. (Poddebniak and Dresen, 2018)

The weakness of the attack:

1. Use of end to end email encryption with PGP or S/MIME

2. Attacker already has information about the encrypted messages.
3. The victim is at risk, and it processes the encrypted email messages and renter
HTML.

KRACK Attack:

Depending upon the configuration of the network, it is possible to inject the data and
manipulate it in some code language. Example attacker can inject the websites by adding
different types of malware activities.

Krack stands for Key reinstallation Attack. It is responsible for stealing the data which is
transmitted over the network which uses Wi-Fi's WPA security protocol. The data which is
very sensitive like login credentials, credit card details, private chats or any kind of data
which victim transmit over the web. It includes man-in-the-middle attacks to hack the
website or inject any kind of code on the website.

Method:
 The encrypted WPA which is secure encryption used to protect the communication of a
user's device and the device which is providing Wi-Fi, so the WPA uses four-way handshake
sequence. However, for retransmission, only the third part of the four-way handshake is
required. When the victim reconnects to the already used Wi-Fi network, it resends them
the third part of the handshake sequence, and the encryption key can send multiple times
during the third step. If the attacker makes a count on it and revises all the retransmissions,
then the encryption can be broken.

Each time the victim sends the request over the Wi-Fi for re-connection, the attacker tries to
resend the third part of handshake to the victim's device, once victim accepted the request,
and then the decryption is started. (Chacos and Simon, 2017)

Now the victim is in the loophole of the attacker, and now the attacker has all the track of
information passing over the network within the same range.

The condition for attacking is that both should be connected to the same Wi-Fi network.

The weakness of the process:

1. Not using the standard HTTPS security for protection.

2. Antivirus software's are not updated on computers.
3. Use of same encryption key for protection which is already being used in past.
4. The problem in WIFI standards.

2. Explain what can be done with the E-FAIL and KRACK attacks? What do each of them allow
an attacker to do, and what kind of access does the attacker need?

E-Fail Attack:

There are two types of ways to avoid this attack:

1. Short term:
 Disable Html rendering, and mostly the attack has been made in img tag, styles, so by
disabling the presentation of HTML tags or forms in the mail will reduce the risk of the
attack.
Any URL in decrypted form now appear as text, now there will be a button so to toggle
that and if nothing is wrong that it will open and can read the email safely.]
2. Long term:
No decryption in the email client, the best way to avoid the attack is to decrypt email
MIME or PGP in another app which is outside of the email client. Remove the MIME or
PGP secret keys from the email client, then open the incoming encrypted email, copy
and paste the ciphertext into another app which done the decryption. It will prevent the
exfiltration channels of email clients.

The attacker needs access to the S/MIME or PGP emails but sent over an HTTP
connection or a compromised email server then only this attack can be possible. After
knowing the encrypted email, the attacker can add the extra attributes in the tags, which
is received by the victim's client.

KRACK Attack:

If the attacker has access over the Wi-Fi, then it can steal all the private information,
sensitive data, credit card details or anything which is transferred over the network.

An attacker within the Wi-Fi range captures the secret key, and force the victim to connect
to the network which the attacker has created. Once the victim accepts that, then attacker
know can encrypt its security related to any of the credentials.

An attacker can intercept between the traffic of the device and the router through which
information is exchanged, but if traffic is encrypted by https, then the attacker cannot look
into the traffic. By this attacker does not have access to WIFI password but it can make
changes in the traffic which is unencrypted. With some help of tools, it can inject some
packets which can be harmful to the device.

Example:

If anyone is using IoT devices, then KRACK attack is a significant concern for them. If they
have installed a connected security camera is in their house, which does not encrypt traffic
when connected to a same WIFI network, an attacker can snoop on raw video footage of the
house which is very risky.

Best ways to avoid the attack is:

1. Do not use public hotspots even if they are password-protected at the coffee shop or
airport.
2. Do not use the same secret key over and over again, makes changes in the secret key.
3. Try to use Encrypted traffic solutions like HTTPS.
4. Update all WIFI devices and routers with the latest security patches.
3. Assume you have been asked by a business to assess the risks these attacks pose to

them. Write some advice for the business. Can the business know if the attacks were

used against them? State what the impact of the attacks might have been and what the

The business should do.

E-Fail Attack:

A real estate company was worried about the attacks going all around. He has heard about the issue
of the hijack of email or data manipulation in the emails.

So his business can get attack by this as:

His email can get attack by the E-fail. As he sends email regarding the location of the building to the
client every time. He is even not using or does not know anything about the attack. So explained the
scenario if he gets attacked, then what will be the risks attached to it.

The server he was using was not at all protected and was using HTTP not https network. So he can
easily get attacked by the attacker. Every time he can lose one client as a client can receive the
wrong address in an email or can get an error while opening the image, by this client will get lose
interest in his property.

Advice for the business:

1. The business should use the https network.

2. Disable all its Html rendering as the attacker can use img tag to send wrong output to the
victim’s client.
3. It should arrange for more secure end to end channel such as temporarily should stop
sending encrypted emails, especially PGP encrypted one.

Attacker advantages:

1. He can send his address in place victim's address. He can steal his customer for the benefit
of his own.
2. He can access the encrypted mails of the victim, so he has a track of his all private
conversation done via mail.
3. He can misguide all the customer's victim has via mail.

Krack Attack:

A client who has Business of real state can get suffer from the Krack attack as the victim has started
his new business and created a portal for all the customers to visit the website and register to get
bonus points and put referral codes for the customers.
The client travels most of the time for a business meeting, and he also connects his laptop to airport
Free WIFI hotspot, He never takes cares of any kind of messages prompts up when connecting to
network.

The risk his business can face is

1. If the Attacker took him into his loop whole while connecting to Wi-Fi at the time of the
airport, then the attacker will have all the details of login credentials.
2. An attacker can get access to all his credit card details if they are save in the browser.
3. An attacker can attack the portal can damage the things in seconds.

Advice for the protection of his business:

1. Every time log into a website, make sure the connection is encrypted.
2. Also, make sure connection stays encrypted for all other online credentials also
3. To encrypt web browsing make sure to use a virtual private network
 References

J. Jose, T. T. Tomy, V. Karunakaran, Anjali Krishna V, A. Varkey and Nisha C.A., "Securing passwords
from dictionary attack with character-tree," 2016 International Conference on Wireless
Communications, Signal Processing and Networking (WiSPNET), Chennai, 2016, pp. 2301-2307.

Rehman, I. (2018). What Is A Brute Force Attack?. [online] The Official Cloudways Blog. Available at:
https://www.cloudways.com/blog/what-is-brute-force-attack/

Johns, M., Nikiforakis, N., Volkamer, M., & Wilander, J. (2019). Web Application Security (Dagstuhl
Seminar 18321). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.

Poddebniak, D. and Dresen, C. (2018). [online] Usenix.org. Available at:

https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf.

Chacos, B. and Simon, M. (2017). KRACK Wi-Fi attack threatens all networks: How to stay safe and
what you need to know. [online] PCWorld. Available at:
https://www.pcworld.com/article/3233308/krack-wi-fi-security-flaw-faq-tips.html.