known plaintext attack on
play

Known plaintext attack on encrypted ZIP files Barosan Dragos - PowerPoint PPT Presentation

Jan 01, 2024 •637 likes •837 views

University of Amsterdam System and Network Engineering Known plaintext attack on encrypted ZIP files Barosan Dragos Laurentiu Supervisor: Armijn Hemel Why? There is no open source implementation Source Code available for PkCrack by

  1. University of Amsterdam System and Network Engineering Known plaintext attack on encrypted ZIP files Barosan Dragos Laurentiu Supervisor: Armijn Hemel

  2. Why? • There is no open source implementation • Source Code available for PkCrack by Peter Conrad • Interesting to study a successful attack on encryption

  3. Research Questions • How feasible is to obtain plaintext? • What implementation options are for the attack?

  4. Is it still used ? • Winzip • default AES, can use classic ZIP encryption • Winrar • only classic ZIP encryption for ZIP format • 7ZIP • default classic ZIP encryption, can use AES • PKZIP • default AES, can use classic ZIP encryption • ZIP utility on Linux • Only classic ZIP encryption

  5. Zip encryption • Stream cipher • Internal state represented by 3 variables on 32 bits each • Key0, key1, key2 • Default known internal state updated by the password • Afterwards updated by plaintext • key3 is the actual encryption key and is derived from key2 • 12 bytes encryption header prepended

  6. Internal state keys dependency • key0 i = f(key0 i-1 , char) • Key1 i = g(key0 i , key1 i-1 ) • Key2 i = f(key2 i-1 , key1 i ) • Key3 i = h( key2 i ) • Ciphertext i = key3 i XOR plaintext i

  7. Attacks • Original attack • Eli Biham and Paul C. Kocher • Requires 13 plaintext bytes • ZIP Attacks with Reduced Known Plaintext • Michael Stay • Requires only 2 plaintext bytes at the cost of complexity • Can exploit the PRNG used by InfoZIP • Yet another plaintext attack to ZIP encryption scheme • Mike Stevens and Elisa Flanders • Exploit in the PRNG from IBDL32.dll used by WinZip

  8. Compressed ? • Some files are not compressed • Even with maximum compression level • Because the compression algorithm needs redundancy • In the table: maximum size of a file so it is not compressed Deflate level 1-9 Bzip2 One letter 8 43 Lorem Ipsum 56 129 Kafka 64 140 Pangram 78 162 Random symbols 127 237 Values are in bytes

  9. Plaintext • The last byte of the encryption header • MSB of the data CRC • File headers • Executable files • ZIP files • Known files from the Internet • Pictures • Setup files

  10. Chosen plaintext attack • We have a list of key3’s from the plaintext • The goal is to find internal state (key2 i , key1 i , key0 i ) for some i 1. From the list of key3’s find possible key2 lists 2. For each key2 list find possible key1 lists 3. For each key1 list find one key0 list 4. Discover true key0 list

  11. Locate data Zip archive format http://www.codeproject.com/Articles/8688/Extracting-files-from-a-remote-ZIP-archive en.Wikipedia.org/wiki/Zip_(file_format)

  12. Stage 1 • From the list of key3’s find possible key2 lists • For efficiency precompute a number of tables as hash maps • The inverse of the CRC function • Using the equations in the paper we come to 2 22 possible key2 n • trim the plaintext and select n as 13 • use extra plaintext to reduce the number of key2’s

  13. Number of keys Number of key2’s vs amount of plaintext 80000 70000 60000 50000 40000 30000 20000 Amount of plaintext in 10000 bytes 0 122 506 1002 3990 10000 PkCrack PoC Paper

  14. Implementation • key2 reduction is computation heavy in this stage • The function iterates for the number of extra plaintext bytes and returns the reduced list of keys • Serial • Parallel • Python Global Interpreter Lock does not allow use of threads in parallel • Use parallel processes • Creating new processes at every iteration • Using shared data between processes

  15. Parallel • Parallel with new processes every iteration • The parallel reduction computation runs 4 times faster then the serial one • The program as a whole runs slower as the amount of plaintext becomes larger • The cost of managing new processes stays constant while the gains of running parallel become smaller • Parallel with shared data • 80 times slower than previous solution

  16. Measurements Plaintext Execution time Execution time System/User System/User (bytes) Parallel Serial time time (minutes) (minutes) Parallel Serial 40 0:34.44 1:03.6 0.0647 0.0026 122 1:08.5 1:38 0.1648 0.0017 309 1:49.3 1:56 0.3411 0.0014 506 2:29 2:07.2 0.5066 0.0012 1002 3:28 2:22 0.7455 0.0011 3990 10:07 3:02.1 1.4550 0.0009

  17. Conclusions • While difficult there are ways of obtaining the necessary amount of plaintext • Using the newer attacks, in some cases it is not even necessary • The attack can be implemented by taking advantage of multiple cores • Python makes it difficult because processes must be used instead of threads

  18. Future work • Implement full attack and release under open source license • In C to take advantage of the parallel sections of the algorithm • Compare performance with PkCrack • Detailed analysis of the other attacks

  19. Questions ? Contact: Barosan.dragos@gmail.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block

Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block

Background Collision attack on CBC and CFB Impossible plaintext cryptanalysis of CTR Conclusions Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes David McGrew mcgrew@cisco.com Fast

554 views • 43 slides
Perfect Secrecy Chester Rebeiro IIT Madras CR STINSON : chapter 2 Encryption K K untrusted

Perfect Secrecy Chester Rebeiro IIT Madras CR STINSON : chapter 2 Encryption K K untrusted

Perfect Secrecy Chester Rebeiro IIT Madras CR STINSON : chapter 2 Encryption K K untrusted communication link Alice Bob E D #%AR3Xf34^$ Attack at Dawn!! decryption encryption (ciphertext) Plaintext Plaintext Attack at

831 views • 50 slides
Caesar Cipher Example plaintext: Z O O plaintext as numbers: 25 14 14 use key = 3

Caesar Cipher Example plaintext: Z O O plaintext as numbers: 25 14 14 use key = 3

Caesar Cipher Example plaintext: Z O O plaintext as numbers: 25 14 14 use key = 3 ciphertext as numbers: 28 17 17 ciphertext: C R R Groupwork 1. Log into our discord server. 2. Leave yourself muted on the main zoom call; I

434 views • 31 slides
Release of Unverified Plaintext: Tight Unified Model and Application to ANYDAE Donghoon Chang and

Release of Unverified Plaintext: Tight Unified Model and Application to ANYDAE Donghoon Chang and

AE Definition RUP Security RUP Attack on SUNDAE ANYDAE Release of Unverified Plaintext: Tight Unified Model and Application to ANYDAE Donghoon Chang and Nilanjan Datta and Avijit Dutta and Bart Mennink and Mridul Nandi and Somitra Sanadhya and

849 views • 53 slides
Cache-based attack on AES Mikal Fourrier Contribution of this paper Get the secret key from

Cache-based attack on AES Mikal Fourrier Contribution of this paper Get the secret key from

Cache-based attack on AES Mikal Fourrier Contribution of this paper Get the secret key from AES in 3s + 3min Very weak assumptions No known plaintext needed No special rights needed, only to be able to spawn and control threads

378 views • 16 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Eli Biham Presented by: Nael Masalha Outline Introduction LOKI89 Related Keys

Eli Biham Presented by: Nael Masalha Outline Introduction LOKI89 Related Keys

New Types of Cryptanalytic Attacks Using Related Keys Eli Biham Presented by: Nael Masalha Outline Introduction LOKI89 Related Keys Chosen Key Attack Chosen plaintext attack Summary Introduction The author studies

612 views • 21 slides
ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It

ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It

ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It was always possible, but uncommon, to subvert that stub-resolver-auth resolution model Snowden revelations led to RFC7258 Encrypting DNS

346 views • 9 slides
Classical Cryptography Monoalphabetic ciphers: letters of the plaintext Classical Ciphers

Classical Cryptography Monoalphabetic ciphers: letters of the plaintext Classical Ciphers

Classical Cryptography Monoalphabetic ciphers: letters of the plaintext Classical Ciphers alphabet are mapped into unique ciphertext letters Polyalphabetic ciphers: letters of the plaintext P l l h b i i h alphabet

315 views • 13 slides
ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

S C I E N C E P A S S I O N T E C H N O L O G Y Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability Olivier Blazy 1 , David Derler 2 , Daniel Slamanig 2 , Raphael

345 views • 21 slides
ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack & GOT Overwrite Attack Dr. Si Chen (schen@wcupa.edu) Review Page 2 ret2libc Attack Page 3 libc C standard library Provides

662 views • 36 slides
General Letter Substitution Algorithm: Substitute 1 letter for another Key PLAINTEXT LETTER A

General Letter Substitution Algorithm: Substitute 1 letter for another Key PLAINTEXT LETTER A

General Letter Substitution Algorithm: Substitute 1 letter for another Key PLAINTEXT LETTER A B C D E F G H I J K L M CIPHERTEXT LETTER G J A O U N E Z Y P H S T PLAINTEXT LETTER N O P Q R S T U V W X Y Z

509 views • 6 slides
Security Cryptography Arise from resources sharing Plaintext; Encryption algorithm;

Security Cryptography Arise from resources sharing Plaintext; Encryption algorithm;

Security Cryptography Arise from resources sharing Plaintext; Encryption algorithm; keys; Ciphertext; Resources are encapsulated by process; Decryption algorithm users access them through processs interface. Three

565 views • 7 slides
7.3. Cryptographic algorithms Message M (plaintext, a sequence of bits); key K; published

7.3. Cryptographic algorithms Message M (plaintext, a sequence of bits); key K; published

7.3. Cryptographic algorithms Message M (plaintext, a sequence of bits); key K; published encryption functions E, D; {M} K is the ciphertext (another sequence of bits) Symmetric (secret key) cryptography E(K, M) = {M} K D(K, E(K, M)) = M

571 views • 30 slides
Corridor Strategic Plan Strategic Vision Test & Apply Technologies Develop

Corridor Strategic Plan Strategic Vision Test & Apply Technologies Develop

I -87 Multimodal Corridor Study Corridor Strategic Plan Strategic Vision Test & Apply Technologies Develop Basis for Higher- Costs Smart Programs Foster Paradigm Shift Shape Further Required Study:

721 views • 22 slides
Geo-Strategy https://www.youtube.com/watch?v=5GvjVUrmgNU Geo-politics Geo-economics

Geo-Strategy https://www.youtube.com/watch?v=5GvjVUrmgNU Geo-politics Geo-economics

https://www.youtube.com/watch?v=eHp3zQAAZso Geo-Strategy https://www.youtube.com/watch?v=5GvjVUrmgNU Geo-politics Geo-economics https://www.youtube.com/watch https://www.youtube.com/watch ?v=z5ddUGVo7tU ?v=Yd0i-ZJx1k8

785 views • 60 slides
Managing Derived Demand for Antibiotics In Animal Agriculture 2018 AAEA Annual Meeting Tuesday,

Managing Derived Demand for Antibiotics In Animal Agriculture 2018 AAEA Annual Meeting Tuesday,

Managing Derived Demand for Antibiotics In Animal Agriculture 2018 AAEA Annual Meeting Tuesday, August 7, 2018 Washington, DC David Hennessy Michigan State University Motivation Protecting antibiotics for human medicine FDA

254 views • 21 slides
Tradeoffs Motor vehicle level of service is one metric our study has to consider. We also must

Tradeoffs Motor vehicle level of service is one metric our study has to consider. We also must

July 30, 2019 Route 119 Complete Street Design Plan Feedback on the Draft Drawings and the Steering Committee Meeting of May 14, 2019 by Daniel Convissor Tradeoffs Motor vehicle level of service is one metric our study has to consider. We also

618 views • 4 slides
Attacks on Stream Ciphers: A Perspective Palash Sarkar Applied Statistics Unit Indian

Attacks on Stream Ciphers: A Perspective Palash Sarkar Applied Statistics Unit Indian

Attacks on Stream Ciphers: A Perspective Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in First Asian Workshop on Symmetric Key Cryptography ASK 2011, 30th August 2011 isilogo Palash

1.76k views • 148 slides
Round5 with ring lifting CWG, September 14, 2018 Sauvik Bhattacharya, Scott Fluhrer, Oscar

Round5 with ring lifting CWG, September 14, 2018 Sauvik Bhattacharya, Scott Fluhrer, Oscar

Round5 with ring lifting CWG, September 14, 2018 Sauvik Bhattacharya, Scott Fluhrer, Oscar Garcia-Morchon, Mike Hamburg, Thijs Laarhoven, Ronald Rietman, Markku-Juhani O. Saarinen, Ludo Tolhuizen, Zhenfei Zhang 1 / 1 Outline 2 / 1

463 views • 25 slides
SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric Supervisor: Prof Benjamin Kao Department of Computer Science, University of Hong Kong Overview 1. The Problem 2. Related Work 3. Theoretical Background 4.

763 views • 47 slides
SNOW V: A new version of SNOW for 5G Patrik Ekdahl 2 , Thomas Johansson 1 , Alexander Maximov 2 ,

SNOW V: A new version of SNOW for 5G Patrik Ekdahl 2 , Thomas Johansson 1 , Alexander Maximov 2 ,

SNOW V: A new version of SNOW for 5G Patrik Ekdahl 2 , Thomas Johansson 1 , Alexander Maximov 2 , Jing Yang 1 1 Department of Electrical and Information Technology, Lund University 2 Ericsson Research, Ericsson Outline Motivation Motivation

497 views • 36 slides

More recommend