SMARTBRO: June 2008

##### # # # # # ## #### #### ## ### # # # # # # # # # # # # # #### #### # # # ###### # # # # # # # # # # # # # # ### ##### ###### # # #### #### ##### # ##### # # # ## #### #### # #### ## # # # # # # # # # # # # # # # # # #### #### # # # # # # # ###### # # # # ###### # # # # # # # # # # # # # # # # ##### ###### # # #### #### # #### # # ###### # # ## ## ###### ##### # # #### ##### #### # # # # # # # # # # # # # # # # ##### # ###### # # # # #### # # # # # # # # # # # # # # # # # # # # # # # # # ###### # # # #### ##### #### Some interesting books: Douglas R. Stinson Cryptography: Theory and Practice CRC Press 1995, 0-8493-8521-0. Bruce Schneier Applied Cryptography John Wiley, 1996, 0-471-12845-7. 1 Symmetric Key cryptosystems Stinson Chap 1 1.1 Some classical Cryptosystems 1.1.1 Description of methods. 1.1.2 Some cryptographic attacks 1.2 Perfect Secrecy. Stinson Chap 2 1.3 The DES algorithm. Stinson Chap 3 1.3.1 Description of the Algorithm. 1.3.2 Background and criticism. Schneier Chap 12 1.4 Attacks on DES 1.4.1 Known Plain Text, Brute Force. 1.4.2 Ciphertext-only attack, Brute force. 1.4.3 Hellman's Cubic Root Attack. 1.5 Double and Triple DES. 1.5.1 Meet-in-the-Middle attack 1.5.2 3DES triple-DES. 1.5.3 Design Myths of DES 1.6 Attacks on DES machinery. 1.6.1 Differential Cryptanalysis. 1.6.2 Differential fault Analysis 1.7 Conclusions 1 Symmetric Key cryptosystems ----------------------------------- Suppose Alice and Bob are communicating but don't want their communication to be overheard by others; specifically, they are bothered by an opponent we shall call Oscar. Alice and Bob may hide their message using a CRYPTOSYSTEM S = (P,C,K,E,D): P = Plaintext alphabet C = Ciphertext alphabet K = set of keys E = a collection {Ek} (k in K) of functions P --> C D = a collection {Dk} (k in K) of functions C --> P satisfying D_k(E_k(x)) = x. Alice and Bob agree secretly on a KEY k and further send y = Ek(x) instead of x; Bob, knowing k, may apply Dk and retrieve x. We call the symmetric because Alice and Bob use the same key, or, to put it differently, knowing Ek implies knowing Dk. Oscar cannot find x from y in the same way as Bob since he doesn't know the key used. Usually the symbols in P, C, and K are bitstrings of a certain length and moreover, P and C are usually the same. Assume P = C = m; we shall interpret symbols as numbers modulo m. 1.1 Some classical Cryptosystems ------------------------------------ Cryptography has a long history, starting back at the ancient Egyptians; we mention here a few tricks that have been used through the ages in order to describe some principles. 1.1.1 Description of methods. SHIFT system. The key is an element of Zm, and encryption means shifting m positions through the alphabet: Ek(x) = x+k Dk(y) = y-k. Example: with k=3 APEKOP becomes DSHNRS so Oscar won't understand. AFFINE system. Uses a linear transformation; k = (a,b) where a has an inverse mod m. Ek(x) = ax+b Dk(y) = (y-b).a^ (a^ means the inverse of a). These two methods are both special cases of PERMUTATION: The key is a permutation pi of Zm and Ek(x) = pi(x) Dk(y) = pi^-(y). 1.1.2 Some cryptographic attacks Why do we bother about having something more complicated than SHIFT? Well, because it isn't good enough. Despite the effort of Alice and Bob Oscar will try to read the message. To find out why he can be ever succesful, assume Oscar has overheard the SHIFT-ciphertext DSHNRS. We shall adopt Kerckhoff's principle: OSCAR KNOWS WHAT CRYPTOSYSTEM IS BEING USED; ONLY THE KEY IS UNKNOWN TO HIM. Couldn't Alice and Bob do better by keeping their algorithm secret as well as their key? 1. This is not always possible in practice, for example if the algorithm is implemented in a computer program that can be freely bought by everyone. 2. Even if A and B do not reveal their algorithm, the possibility that the working of the method leaks out cannot be neglected. And because it is not easy to change algorithm (it IS easy to change key!) it is generally agreed that SAFETY should not rely on secrecy of algorithms but only on secrecy of keys. 3. By making their algorithm known, Alice and Bob can rely on a vast society of cryptographers that will warn them if there is something wrong with their method. Concluding, hiding algorithms is seen as insensible. And so Oscar receives DSHNRS and knows it is a shifted text; because the ciphertext is Oscar's only information, we call this a Ciphertext Only Attack (COA). He will shift the letters back one by one DSHNRS CRGMQR BQFLPQ APEKOP and after three shift will learn a valid word (of Dutch langage in this case, but by Kerckhoff's principle Oscar knows Dutch! Alice isn't very polite to Bob, because `Apekop' means `head of a monkey' so Oscar assumes Alice and Bob are having a little dispute). In the worst case, Oscar needs about m shifts before seeing the plaintext. In fact, Oscar is trying all the keys and there are only m of them. This attack illustrates what is meant by Brute Force: simply trying all the keys, and this is feasible for every system if the keyspace is small or the opponent can mobilize a lot of computing power. AFFINE (phi(m) denotes the number of integers in [1..m-1] that are relatively prime to m; we discuss number theory in Class 2 in more depth.) The AFFINE system with m symbols has m.phi(m) keys and for m=32 this means 512 which is within feasibility of a modern computer but I shall demonstrate a more subtle attack. Now assume that Oscar knows a small fragment of the plaintext: the first two letters, x1 and x2 say, and the ciphertext is y1 y2 y3 ... From y1 = a.x1 + b and y2 = a.x2 + b (a linear system of two equations with unknown a and b) we find y1 - y2 = a (x1 - x2) So a = (y1 - y2) / (x1 - x2) (if x1-x2 has an inverse) and b = y1 - a.x1 Oscar is unlucky if x1-x2 has no inverse, but if he also knows x3 he has has more chances because x1-x2, x2-x3, or x3-x1 may be invertible, and this attack is successful knowing only surprisingly few letters of plaintext. The attack can be extended to a COA with statistical analysis, because not all letters are equally frequent. Blank occurs most often (25%), followed by e (13%) and t (12%; the exact distribution is language dependent). In a ciphertext of a few lines, Oscar may pick the symbols with highest occurrence and guess them to be blank and e and carry out the above calculations. He will find the key in a few tries. In this case we observe that some `internal structure' of the system can be used to have an attack with a complexity that is much lower than a search of the key space, and the existence of such attacks is considered a weakness of the algorithm. SUBSTITUTION Unfortunately, even the most general system we've seen isn't very strong. The number of keys (32! = 2.6E35) is large enough to withstand an attack that tries them all, but as we saw for AFFINE some well-applied intelligence can be far more effective than `Brute Force'. Any permutation, though permuting the symbols, leaves the highest symbol frequency, the second and third highest, etc, intact (though they move to another letter). And by counting the relative frequencies it is easy for Oscar to bring back the blank, e and t in position, after which he can guess his way to the other letters. Still more complicated systems work on blocks of letters, combining substitutions of letters by others of the alphabet with permuting them with other letters in the text. But these systems didn't withstand computerized efforts to break them, so we should look for something more! 1.2 Perfect Secrecy. ------------------------ We saw that in the attack against the shift system it was used that the attacker can distinguish meaningful messages from random strings. In fact this difference makes that most cryptosystems reveal the content of even very short messages. Or, rather, they do not hide them PERFECTLY but only COMPUTATIONALLY. Definition. A system is COMPUTATIONALLY secure if, given a ciphertext Y but not the key, it is computationally infeasible to extract the plaintext X. A cryptosystem is PERFECTLY secure if, given a ciphertext Y, for each plaintext X (of the same length) there exists a key K such that D_K(Y) = X. Understandably, perfect secrecy is stronger because the ciphertext alone, without the key DOES NOT CONTAIN the plaintext information, while in a computationally secure system the ciphertext may contain this information. Lemma: If system S is safe, K >= P. Proof: Perfect secrecy states that, given Y, the function D: K -->P given by D(k) = Dk(Y) is surjective. [] So, in order to send a 100kB file perfectly secure we need a 100kB key also; surprisingly, such a system exists: the one-time pad. Alice and Bob share a (long) file of random bits, and XOR with this file for encryption and decryption: k = k1 ... kn For message X = x1 .. xl, A computes y1..yl with yi = xi XOR ki For cipher Y = y1..yl, B computes yi XOR ki and finds xi back. The next message uses fresh bits, ie, Alice starts with k{l+1}. Oscar, intercepting Y, still has no clue regarding X, because for each file X it is possible that the key Y XOR X was used. Because the size of this key is impractical, it is usually the case that a small key protects a larger amount of data and we shall now study how well it can protect it. Not all n-bit strings are meaningful in the language used by A and B. Definition: A language L of bitstrings has ENTROPY alpha if there are 2^{alpha n} strings of length n. The redundancy rho is 1-alpha. Suppose a message Y = Ek(X) was intercepted; of course Dk(Y) = X, but what happens if Y is `decoded' with a different key k'? If a string outside L is found the key can be rejected, but if the result is a meaningful string, we call k' a spurious key. WE ASSUME THE CRYPTOSYSTEM MESSES UP THE STRUCTURE OF STRINGS SUFFICIENTLY TO MAKE Dk'(Ek(X)) A RANDOM BIT STRING. Lemma: The probability that k' is spurious is 2^{alpha n} / 2^n. Proof: There are 2^{alpha n} strings in L out of a total of 2^n. [] So the expected number of spurious keys in the key space is (at most) 2^b . 2^{alpha n} / 2^n = 2^b / 2^{n.rho}, and if n > b/rho, we expect less than one spurious key! In this case, it is most likely that there is only one key that can be used with Y and give a meaningful result; in other words, there exists only one plaintext that is the decryption of Y. The number b/rho is called the UNICITY DISTANCE of a cryptosystem / languag combination and it is usually surprisingly low. Natural languages have high redundancy: their entropy is below 25%, so rho is 0.75. The subtitution system, with 26! = 2.58E22 = 2^75 keys has a unicity distance of about 100 bits (circa 20 characters)! The difference between perfect and computational security can be illustrated. Indeed, for messages longer than the unicity distance, no perfect secrecy exists because each message has a UNIQUE decryption. Finding it may require the inspection of all 2^b keys, which should be infeasible so that we do have computational secrecy. Exercises: --------- What happens to the unicity distance if Alice and Bob compress their messages before encryption? Assume their language is 25% entropic and their key is 80 bits. What is the unicity distance and how does it change with a 2-fold, three-fold, four-fold or five-fold compression? Prove that SHIFT is perfectly secure as long as you encrypt only a single character. 1.3 The DES algorithm. ------------------------- Around 1970 it was recognized that cryptography should move from the military and diplomatic apparatus to the civil industry because banks and industries needed cryptography to do business over computer networks. The methods must be PUBLICLY KNOWN to allow cooperation between various businesses. This is widely accepted in the scientific community (Kerckhoff!) but the idea to show your algorithms was quite controversial in the world of the military and the American government. The American NBS, national bureau of standards, invited proposals for a cryptographic standard. The proposal of IBM was the only one, hence `chosen' as the Data Encryption Standard, DES. Brief DES History: 1970 IBM has cryptosystem LUCIFER 1972 Banks want cryptography and ask NBS for standard. 1974 IBM develops LUCIFER into system that encrypts 128b blocks using 112b key. NSA `works' on DES and presses IBM to halve the block and key size!! 1976 DES adapted as standard 1978 First inventions of PUBLIC KEY cryptography. 1980 Invention of Hellman's Cubic Root Attack 1990 Invention of Differential Cryptanalysis Proposal for IDEA 1996 Invention of Differential Fault Analysis 1.3.1 Description of the Algorithm. ------------------------------------ The DES algorithm uses a 56 bit key and operates on blocks of 64 bits of data. In other words, DES specifies a collection of 2^56 functions of {0,1}^64 to itself and their inverse. The data undergoes 16 iterations, each driven by a 48b iteration key; for the iteration key a selection of the 56 master bits is made (which bits are used in each iteration is fixed and public). In each iteration (<a href="sh2-2.jpg">sheet 2-2</a>), half of the data is passed unchanged and combined with the key to mess up the other half; so Y1 = X1 Y2 = X2 XOR f(X1,K) And this iteration is self-inversive; indeed, with Z1 = Y1 Z2 = Y2 XOR f(Z1,K) we find Z1,Z2 = X1,X2. Sheet 2-3 shows how you can iterate this three times, and 2-4 shows the layout of the complete machine with its 16 rounds. If you were to build a machine, I would give you some extra details. Such as, which bits of the key are used in each iteration, and I would specify f. But you can find this information in any book. 1.3.2 Background and criticism. -------------------------------- The algorithm was designed with hardware implementation in mind. It contains a lot of bit-wise operations, and operations like a shift or permutation of bits, actually costing nothing when implemented in hardware. Current hardware chips are extremely fast: there are 10$ chips that perform circa 100 million en/decryptions (1E8) per second. DES is a VERY GOOD ALGORITHM: there is no better attack known than to try all the keys (Brute Force Attack), but here we have the main DES problem: the key size is too small to withstand a serious BFA. The original proposal used 112b keys on 128b data blocks, but an American Agency, NSA, said that in the standard the width of data and keys should be smaller. Critics say they wanted this so that they would be able to read all encrypted data themselves, and there is truth in this; we shall study the attacks below. Meanwhile, DES is tremendously popular in the banking and administration world, and is not likely to disappear very soon. Around 1990 a new algorithm, called IDEA, was developped. This algorithm is a little bit like DES, but it has 128 bit key and 64b data, and it operates on the data in 16b blocks rather than individual bits, making it more suitable for software implementation. 1.4 Attacks on DES ---------------------- Most of the attacks launched agains DES are very general in the sense that they treat the DES algorithm as a `block box' and hence apply against ANY cryptosystem. 1.4.1 Known Plain Text, Brute Force. First assume Oscar has somehow learned the plain version X of ONE intercepted ciphertext Y; how long does it take to test all keys k if Ek(X) = Y? Well, there are 2^56 = 7E16 keys; so with 10000 of the chips (an investment of circa 100 k$) you can try 1E12 per second and finish in 7E4 seconds, just under a day. The conclusion is that today DES is simply not strong enough against a modestly rich opponent. In 1974 the computational effort for a BFA was restricted to a very powerful organization, and at the time there was one: NSA. 1.4.2 Ciphertext-only attack, Brute force. Even without knowing some plain text, Oscar is not really going to have a bad time, because the unicity distance is deplorably small; assume Oscar knows A and B communicate in ascii, which is 1/8 redundant. Then the unicity distance is 56/(1/8) bit, or just 7 blocks! So Oscar must decrypt seven blocks (instead of just 1) with every key and test if the result is ascii. A BRUTE FORCE ATTACK ON CIPHERTEXT ONLY IS JUST SEVEN TIMES MORE WORK THAN A KNOWN PLAINTEXT ATTACK! In seven days the job is done. Compression (BEFORE encryption) helps, but no miracles should be expected. 1.4.3 Hellman's Cubic Root Attack. Mathematicians would view Encryption as a function on TWO parameters, mapping a plaintext & key combination on a ciphertext: E: P x K --> C Alice and Bob, having fixed k, view it as a function on plaintext because the variable key is not of interest to them: Ek : P --> C. Oscar however, does not know the key and there is an attack based on the effect of encryption on a SINGLE plaintext; Oscar views E as a one-way function: Ex: K --> C. (I call it one-way because Oscar doe not have any computable inverse at his diposition.) Oscar fixes some arbitrary x and at some point seduces Alice to encrypt x, and overhears the result Y = Ex(k): we call this a Chosen Plaintext Attack. DISCUSSION: How can you ever make a chosen plaintext attack? (Fake Secret, Bank Card, Version number) In fact, Hellman's algorithm is a general strategy to retrieve inverses of one-way functions. First consider these two extreme strategies for Oscar: 1. Time intensive, no storage. After hearing Y = Ex(k), Oscar tries all 2^56 possible k. We have seen that, though this is on the border of feasibility for some opponents, generally very time consuming. 2. No time, memory consuming: Oscar PRECOMPUTES all 2^56 values of Ex(k), and after hearing Y can retrieve k from his table. Storing 2^56 pairs of 112bits takes 5E17 Bytes of storage, which is 500 million Gigabyte disks. Not exactly feasible. Hellman's method takes a way inbetween by trading memory for time; the PRECOMPUTATION remains the same 2^56, but time and memory of the actual attack are between these limits, with the same product. The attack is based on iterating the function Ex, but it is a bit annoying that it takes a 56b key and has 64b output; therefore Oscar combines Ex with an (arbitrary) REDUCTION function R that selects 56 of the 64 bits. R.Ex is function that maps 56b on 56b, and let y=R(Y). Suppose Oscar wants to spend M memory and T time on an attack; write S = M.T. Precomputation of one attack: 1. Choose M random strings (56b) X10...XM0. 2. For each i, iterate REx T times on Xi0, ie, compute a chain Xi0, Xi1, Xi2, ... XiT. 3. For each i, store Xi0 and XiT. Now Oscar evaluated the function S times, namely on Xij for i=1..M and j=0..T-1. When Oscar gets y = R(Ex(k)), he can find k in T time IF the value of k did appear among the S values Xij. Observe that IF k = Xij, THEN RE^{T-j}(k) = RE^{T-j-1}(y) = XiT but not necessarily vice versa. 1. Iterate REx on y T times: Compute y, RE(y), RE(RE(y)), etc, until RE^T(y). 2. For each RE^j(y), check if it equals XiT for some i. 3. If so, compute k' = RE^{T-j-1}(Xi0) and check if Ek(X)=Y. There may be some `false hits' in step 1 where RE^j(y) = XiT but the key k' = RE^{T-j-1}(Xi0) does not work. Fortunately the expected number of false hits is very small (the expected number of good hits also, By the way!!) so this does not influence the complexity significantly, and the search time is about T. The success probability equals the fraction of the keys present among the S values Xij; unfortunately, this number can be even smaller than S because of overlap. Probability theory reveals that the number of different values stays well above 0.8S as long as MT^2 < m =" T" k =" (k1" y =" Ek2(Ek1(X))." y =" Ek2(Ek1(X))" z =" Ek1(X)" k1="k2=" k3="k"> Copy Paste Code 
Step 1 Copy this codes
step 2 Open MS FrontPage
Step 3.Paste the html Codeon FrontPage HTML TAB
step 4 . View Encrypted Data
Step 5. Good Luck

SmartBroadband Theory Of Encryption

Suppose Alice and Bob are communicating but don't want theircommunication to be overheard by others; specifically, they arebothered by an opponent we shall call Oscar. Alice and Bob may hidetheir message using a CRYPTOSYSTEM S = (P,C,K,E,D): P = Plaintext alphabet C = Ciphertext alphabet K = set of keys E = a collection {Ek} (k in K) of functions P --> C D = a collection {Dk} (k in K) of functions C --> P satisfying D_k(E_k(x)) = x.

SmartBroadband Vulnerability

RF Message Board > Rose Cross
... debuffs in addition to Torment, Entangle, Weakness and Vulnerability. .... ko sa smartbro thread pero pag check ko dun di nmn nagalaw ung post ko. ...rfboards.levelupgames.ph/lofiversion/index.php/t14376-450.html -

Linksys WRT54GL Firmware
Resolves UPnP vulnerability reported by SANE. Firmware 4.30.2 ... Josh on Setting Up SmartBro / SmartWi-Fi with Linksys Router; Indra on D-Link DIR-451 3G ...seoroot.com/blog/networking/linksys-wrt54gl-firmware.html -

SQL Injection
SQL Injection is a security vulnerability that occurs in the database layer of an ... Josh on Setting Up SmartBro / SmartWi-Fi with Linksys Router ...seoroot.com/blog/technology/security/sql-injection.html -

TipidPC.com makukulong ba ang isang hacker? may batas na ba pra ...
Security testing and vulnerability test is also called hacking (white hatters) ..... PHP 2500.00, 1 Posts; N>smartbro cannopy config tech. ...www.tipidpc.com/viewtopic.php?tid=148444 -

Vol 41, No 8 • AUGUST 2007 Vol 41, No 8 • AUGUST 2007 Php 70. Php 70.
File Format: PDF/Adobe Acrobat - Tingnan bilang HTMLIMPACT. • August 2007. 2. “ “ Quote in the Act. “If I have to pray thanking God with the armalite. on my hand and the prisoner on my side, I would be ...www.impactmagazine.net

ideasnpink
... there’s this weird feeling of vulnerability yet at the same time putting out ... I'm glad meron na SmartBro prepaid wifi.... Unjeh: ate Carey! wohooo! i ...

all links are all information only and not a guarantee of accuracy

Thursday, June 5, 2008

How to hack SmartBro

Smartbroadband Vulnerability 01

Smartbro Hackers 01 Tutorial

SMARTBRO

Free internet/SmartBro Hacking/Free Mobile Globe internet

Blog Archive