Professional Documents
Culture Documents
SECURITY
CREATED BY:
NIRANJAN
1120158
CONTENTS
Security Breaches
Cyber Security
Brute-Force
Hacking Techniques
Cryptography
Honey Encryption
NNNKP
SECURITY BREACHES
Yahoo! Mail (communications). The e-mail service for
273 million users was reportedly hacked in January
SECURITY BREACHES
Breaches due to unencrypted data transfer
NNNKP
NNNKP
CRYPTOGRAPHY
Cryptography means hidden or secret writing
It is the mathematical scrambling of data
NNNKP
CLASSICAL CRYPTOGRAPHY
* Transposition Ciphers
*Substitution Ciphers
HELLO WORLD
FLY AT ONCE
EHLOL OWRDL
GMZ BU PODF'
NNNKP
MODERN CRYPTOGRAPHY
Symmetric Cryptography
NNNKP
ASYMMETRIC CRYPTOGRAPHY
NNNKP
HASHING
Hash functions are also commonly employed by
many operating systems to encrypt passwords
It is 1-WAY encryption
NNNKP
Copy
source
code
Alter
destination
of login
details
Upload the
page on a
hosting site
Login
details
used
Save to
new destn.
PHISHING
page opens
Click on
hosted
page url
NNNKP
BRUTE-FORCE ATTACK
In cryptography, a brute-force attack is a cryptanalytic attack
that can, in theory, be used against any encrypted data
It consists of systematically checking all possible keys or
passwords until the correct one is found
Certain types of encryption, by their mathematical properties,
cannot be defeated by brute force. An example of this is
one-time padcryptography
Brutus, rainbowcrack, cain n abel
NNNKP
a-z.pcf
abcdefghijklmnopqr qwerty
stuvwxyz
a-z, 0-9.pcf
abcdefghijklmnopqr asd123
stuvwxyz01234567
89
a-z, 0-9,
abcdefghijklmnopqr a#q1*9
symbol14.pcf
stuvwxyz01234567
89!@#$%^&*()_+=
a-z, A-Z.pcf
ABCDEFGHIJKLMNO QWErty
PQRSTUVWXYZabcd
efghijklmnopqrstuv
wxyz
a-z, A-Z, 0-9.pcf
ABCDEFGHIJKLMNO Asd123
PQRSTUVWXYZabcd
efghijklmnopqrstuv
wxyz 0123456789
a-z, A-Z, 0-9,
abcdefghijklmnopqr As12#$
symbol14.pcf
stuvwxyzABCDEFG
HIJKLMNOPQRSTUV
WXYZ 0123456789!
@#$%^&*()-_+=
all.pcf
ABCDEFGHIJKLMNO Aa1@|}
PQRSTUVWXYZabcd
efghijklmnopqrstuv
wxyz
0123456789!\"#$
%&'()*+,-./:;<=>?
@[\\]^_`{|}~";
Total passwords
1 111 110
5 229 042
321 272 406
Timing
1 sec
5 sec
5 min
37 min
4.5 hrs
5,5 hrs
16 hrs
2 days, 6 hrs
8 days, 15 hrs
NNNKP
Set
address of
target
Type of
target
/port
Positive
match
found
Upload
Username
&
password
list
Start
contacting
server
NNNKP
NNNKP
PASSWORD SELECTION
Nkp{@$}#5
ABCDefghijklmnopqrstuv
wx
NNNKP
HONEY ENCRYPTION
Encryption for which decrypting a ciphertext with any
number of *wrong* keys yields fake, but plausible, plaintexts
Developers: Ari Juels, Thomas Ristenpart
If an attacker used software to make 10,000 attempts to
decrypt a credit card number, for example, they would get
back 10,000 different fake credit card numbers
Protect the data stored by password manager services such
as LastPass and Dashlane
NNNKP
ENCRYPT
C, Salt
M1 = $&%ff1 31f^
decrypt M2 = hgjk!alc&ewj
M3 = copenhagen
Invalid
ascii
bytes
are
neglecte
d
ENCRYPT
Authentication
protocol
C, Salt
M1 = 101010101
decrypt M2 = 100111010
M3 = 010101011
All msg
bytes
are
plausible
NNNKP
REFEREN
CES
http://resources.infosecinstitute.com/honey-encryption/
http://www.howtogeek.com/166832/brute-force-attacks
http://www.cryptography.com/
http://bristolcrypto.blogspot.in/2014/02/honey-encryption.html
http://technav.ieee.org/tag/2706/data-encryption
http://www.infosecurity-magazine.com/
H
T
N
A
U
O
Y
K
NNNKP
S
IE
R
E
U
?
Q ??
?
?
?
NNNKP