Autore Topic: Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms  (Letto 286 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Flavio58

Advertisement
Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated Encryption Systems. Each attack is also supplemented with example challenges from "Capture The Flag" contests and their respective write-ups. Individuals who are already acquainted (or are into CTFs) with this field can use Crypton as a tool to solve challenges based on a particular existing vulnerability.
The library will be continuously updated with attack explanations and CTF challenges!

WARNING: The author in no way guarantees that the code is secure. The library is only meant for educational purposes and the code should not be used for implementing in real world. All the example scripts in the library are trivial implementations.

There are different sections in this README:
  • Motivation- What motivated me to create this library
  • Library Structure- Directory structure of Crypton
  • Domain Coverage- What all cryptosystems and attacks are covered in this library
  • Future Plans/TODO- Attacks/concepts that are to be included soon

Motivation
Help CTF players and individuals interested in the field of Cryptography provide a platform for learning attacks in crypto and for experienced CTF players to practice challenges systematically divided into attacks associated with different sub-domains in crypto. Also, illustrate through various attack explanations how proper implementation of protocols is crucial.

Library Structure


Domain Coverage

1. Block Ciphers
                                                                                                                                       
S.No.TopicExplanationImpl./ExploitChallenge#
1Block Cipher Basics- working of block ciphers, padding etc.[link]

2Modes of Encryption- different modes of operation on block ciphers: ECB, CBC, CTR[link]

3Block Size Detection- detect blocksize of a block cipher encrypting data on a remote service[link]

4Mode Detection- detect type of mode of encryption: independent or dependent encryption of blocks[link]

5ECB Byte at a Time- byte at a time decryption of a secret string running on a remote service encrypting input+secret in ECB mode[link]
[link] 
6CBC IV Detection- detect the value of Initialisation Vector on a remote service that is encrypting our input using a block cipher in CBC mode[link]  [link] 
7CBC Bit Flipping Attack- exploiting cookie generation mechanism to login as admin when cookie is generated using a block cipher in CBC mode[link] 
[link] 
8CBC Byte at a Time- byte at a time decryption of a secret string running on a remote service encrypting input+secret in ECB mode[link]  [link] 
9CBC Padding Oracle Attack- decryption of data encrypted by a vulnerable service providing encryption/decryption[link] 
[link] 
10CTR Bit Flipping- exploiting cookie generation mechanism to login as admin when cookie is generated using a block cipher in CBC mode[link] 
[link] 

2. RSA Encryption
                                                                                                                                                                           
S.No.TopicExplanationImpl./ExploitChallenge#
1Unpadded RSA Enc/Dec- key generation, distribution, encryption/decryption, verification of decryption formula and padding in RSA[link] 

2Direct Root Attack- attack on unpadded RSA with low public key exponent[link] 

3Fermat's Factorisation- technique used to factor modulus n when p and q values are in proximity[link][link]  [link] 
4Pollard's p-1 Factorisation- technique to factorise n when both of it's factors p & q, p-1 and q-1 have very small prime divisors[link][link]  [link] 
5Common Modulus Attack- decrypt ciphertext when it's corresponding plaintext is encrypted two different times with the same modulus n[link][link]  [link] 
6Common Prime Attack- retrieve factors of moduli n1 and n2 when they have a common factor [link]
 [link] 
7Wiener's Attack- get value of decryption key exponent d when d < N0.25[link][link]  [link] 
8Wiener's Attack Variant- get value of decryption key exponent d when d is a few bits greater than N0.25 or d < N0.25[link] [link]   [link] 
9Coppersmith's Attack- coppersmith's theorem, attack on stereotyped messages and factoring n with high bits known[link][link]  [link] 
10Franklin Reiter Related Message Attack- attack to retrieve related messages encrypted using the same modulus[link] [link]   [link] 
11Hastad's Broadcast Attack- with extension- attack to retrieve a message broadcasted among different people, encrypted using same exponent but different moduli [link][link]- script needs to be fixed  [link] 
12PKCS1-v1.5-Padded-RSA-Encryption/Decryption- ASN1 encoding, padded RSA encryption (needs to be fixed)


13Intro-RSA-Challenges- basic challenges in RSA related to Number Theory[link]
 [link] 

3. Message Authentication Codes (MACs)
                                                   
S.No.TopicExplanationImpl./ExploitChallenge#
1Message Authentication Code- internals and security analysis of MACs[link]

2CBC MAC Forgery- generating two message M1 and M2 having the same CBC-MAC authentication tag[link]
 [link] 
3Length Extension Attack on CBC-MAC- generate a valid authentication tag of message M1 || M2 (concatenation) given MAC(M1)[link][link] 

4. Discrete Logarithm Problem
                                       
S.No.TopicExplanationImpl./ExploitChallenge#
1DLP- cyclic groups, discrete logarithm problem, Baby-Step-Giant-Step algorithm[link]
 [link] 
2Elliptic Curve DLP- defining identity element, inverse of a point, cyclic groups over points on an EC, Hasse's theorem, ECDLP[link]


5. ElGamal Encryption
                           
S.No.TopicExplanationImpl./ExploitChallenge#
1ElGamal Cryptosystem- Encryption/Decryption- key generation, encryption, decryption in ElGamal Cryptosystem[link][link]  [link]

6. Authenticated Encryption (AE)
                                                                                       
S.No.TopicExplanationImpl./ExploitChallenge#
1AE basics & internals- working of authenticated encryption[link]

2AE with MACs- different techniques of implementing AE with MACs: Encrypt and MAC, MAC then encrypt and encrypt then MAC[link]

3Authenticated Ciphers [link]

4AE with Associated Data [link]

5AES-GCM- encryption in AES-GCM, Wegman-Carter MAC[link][link] 
6Forbidden Attack on AES-GCM- attack on AES-GCM due to nonce-reuse [link]
[link] 

7. Elliptic Curves
                           
S.No.TopicExplanationImpl./ExploitChallenge#
1Elliptic Curve Internals- defining Elliptic Curves, point addition, point doubling and scalar multiplication[link]


8. Digital Signatures
                                                                                       
S.No.TopicExplanationImpl./ExploitChallenge#
1ElGamal Signatures- key generation, signature generation, signature verification and correctness of ElGamal Signature scheme[link][link][link]
2Elliptic Curve DSA- signature generation, signature verification and correctness of signature algorithm[link]

3Attack k-reuse ECDSA- forging of ECDSA signatures due to reuse of k [link]

4Unpadded RSA Digital Signatures- signature generation and verification in RSA digital signature scheme[link][link]
5PKCS1-v1.5 padded RSA Digital Signatures[link] [link]
6e=3 Bleichenbacher's Attack[link] [link] [link]

TODO
  1. RSA Encryption
    • Chosen Ciphertext Attack on RSA Cryptosystem- Byte by Byte decryption
    • Padding Oracle Attack on PKCS1 padded RSA encryption systemat
    • Fermat's Factorisation
      • Sieve Improvement
    • Coppersmith's Attack
      • Boneh Durfee Attack
    • Hastad's Broadcast Attack
      • Implementation of HBA on padded messages
    • PKCS1-v1.5 Padded RSA encryption
  2. [More to be added]

Author
Ashutosh Ahelleya



Source: Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms


Consulente in Informatica dal 1984

Software automazione, progettazione elettronica, computer vision, intelligenza artificiale, IoT, sicurezza informatica, tecnologie di sicurezza militare, SIGINT. 

Facebook:https://www.facebook.com/flaviobernardotti58
Twitter : https://www.twitter.com/Flavio58

Cell:  +39 366 3416556

f.bernardotti@deeplearningitalia.eu

#deeplearning #computervision #embeddedboard #iot #ai

 

Related Topics

  Oggetto / Aperto da Risposte Ultimo post
0 Risposte
97 Visite
Ultimo post Giugno 08, 2018, 01:09:03 am
da Flavio58
0 Risposte
138 Visite
Ultimo post Settembre 15, 2018, 08:01:39 pm
da Ruggero Respigo
0 Risposte
85 Visite
Ultimo post Settembre 16, 2018, 06:04:23 pm
da Flavio58
0 Risposte
73 Visite
Ultimo post Settembre 22, 2018, 10:04:54 am
da Flavio58
0 Risposte
1 Visite
Ultimo post Gennaio 24, 2020, 04:15:06 pm
da Flavio58

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326