PZAPR Parallel Zip Archive Password Recovery CSCI5576 - High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar.

Slides:

Advertisements

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

IT-101 Section 001 Lecture #4 Introduction to Information Technology.

Passwords, Encryption Forensic Tools

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Fruitful functions. Return values The built-in functions we have used, such as abs, pow, int, max, and range, have produced results. Calling each of these.

Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.

Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.

CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Lucas Bang Lecture 15: Linked data structures.

CIS 450 – Network Security Chapter 8 – Password Security.

File Protection Mechanisms  All-None Protection Lack of trustLack of trust All or nothingAll or nothing Timesharing issuesTimesharing issues ComplexityComplexity.

Crypto Bro Rigby. History

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

WEP Protocol Weaknesses and Vulnerabilities

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

TE/CS 536 Network Security Spring 2005 – Lecture 8 Security of symmetric algorithms.

GPU ASSISTED LM HASH CRACKING WILLIAM GROESBECK UNIVERSITY OF NEVADA, RENO – SPRING 2013 (Psst, the 90’s called - they want their hashing algorithm back)

Overview and Applications

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.

Distributed WPA Cracking CSCI Distributed Systems Spring 2011 University of Colorado Rodney Beede Ryan Kroiss Arpit Sud

A Java implemented key collision attack on the Data Encryption Standard (DES) John Loughran, Tom Dowling NUI, Maynooth, Co. Kildare, Ireland PPPJ ‘03.

Wireless and Mobile Security

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

Cryptography and Its Algorithms Scott Chappell. What is Cryptography?  Definition: the art of writing or solving codes.

Various Attacks on Cryptosystems slides (c) 2012 by Richard Newman.

Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Understanding Security Policies Lesson 3. Objectives.

MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.

High Performance Computing on an IBM Cell Processor --- Bioinformatics

Cryptography Lecture 2.

Lecture 3: Symmetric Key Encryption

ATTACKS ON WINZIP ENCRYPTION

PHP: Security issues FdSc Module 109 Server side scripting and

Kiran Subramanyam Password Cracking 1.

Fundamentals of Python: First Programs

Presentation transcript:

PZAPR Parallel Zip Archive Password Recovery CSCI High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar

Topics The Team Introduction Framework Brute Force Dictionary Password Verification Process Data Collection Results & Conclusions Questions

Introduction ZipCrypto was first ZIP encryption o Easily defeated AES-256 o Standard o 2003 integrated into ZIP spec Password recovery of ZIP's not new o Proprietary companies Open source solution o Free (if you have hardware)

Framework MPI with C++ & C 3 Components o Password Generator  Brute Force  Dictionary o Password Verification Command Parameters o Log Path o Zip Path o Method (BRUTE | DICTIONARY) o Dictionary Path

Initialize password generator Next Password(BRUTE|DICTIONARY) AttemptPassword() Correct? Tell Everyone Else I Found It Anyone Else Find It? END NO MORE? NO YES NO YES Framework (cont) Initialize decrypt engine

Brute Force All alphanumeric from 1 to 7 length o 0-9, A-Z, a-z o 62 possible characters 3,579,345,993,194 possible passwords o 62^7 + 62^ ^1 Traditional increment o 'a' + 1 ==> 'b' o 'az' + 1 ==> 'b0' o Not feasible for parallel

Brute Force - Algorithm Pick number from 1 to 3 trillion o Called position Know password without increment The Algorithm: f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n)

Brute Force - Algorithm (cont) f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n) ALPHA_LEN => Alphabet length o Number possible characters o 62 (easy to expand)

Brute Force - Algorithm (cont) f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n) n = PASSWORD LENGTH o Start at maximum possible (7) o Based on position find max possible < position o Password length is 1 more than that length

Brute Force - Algorithm (cont) f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n) factor i is the ith character of the password o No factor can be zero o Must borrow from previous if zero factor i points to alphabet array index

Brute Force - Example position = 1,000,000 ALPHA_LEN = 62 n = 4 (password length) f(1,000,000) = factor 1 * (62)^(3) + factor 2 * (62)^(2) + factor 3 * (62)^(1) + factor 4 * (62)^(0) factors = 4, 12, 9, 2

Brute Force - Example (cont) factors = 4, 12, 9, 2 o Correspond to alphabet indexes const char PASSWORD_ALPHABET[] = { '\0', // always idx 0 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' }; PASSWORD = '3', 'B', '8', '1' or "3B81"

Dictionary Attack Mode Defeating a cipher or authentication mechanism by o Searching likely possibilities. o i.e. searching part of the key space. Not brute force Assumption: Potentially weak passwords

Building Dictionary Tool Used: John the Ripper o Permutations o Combinations Command o john --wordlist=all.lst --rules --stdout | unique mangled.lst

Building Dictionary (2) Rules o l (convert to lowercase) o C (lowercase the first character, and uppercase the rest) o r (reverse: "Fred" ==> "derF") o f (reflect: "Fred" ==> "FredderF") o d (duplicate: "Fred ==> "FredFred"") o and many more!! Time to permute: little over 4 hours Newer versions: o John the Ripper  Support for OpenMP directives.  (Source:openwall.info/wiki/john/parallelization)

Reading the Dictionary: Initialization

Reading the Dictionary: Indexing Indexing uses o displacement array o rank o per process word count Load is evenly distributed. o Eg: n = 103, m = 10 o n/m = 103/10 = 10 o n%m = 103%10 = 3 o rank 0 : 11 words o rank 1 : 11 words o rank 2 = 11 words o rank 3-9 = 10 words

Requirements for Cracking a zip file Zip file format Extracting information from zip file Verifying the password Decrypting the file data Used Dr. Brian Gladman’s code o C library for AES encryption o Used by WinZip

Zip file format HEADER FILE NAME EXTRA FIELD SALT PASSWORD VERIFIER ENCRYPTED FILE DATA AUTHENTICATION CODE (MAC)

Password Verification Process Zip File Given Password

Password Verification Process Zip File Salt Given Password

Password Verification Process Zip File Salt Given Password Password Verifier

Password Verification Process Zip File Salt Password Verifier Given Password Password Verifier

Password Verification Process Zip File Salt Password Verifier Match Given Password

Password Verification Process Zip File Salt Password Verifier Given Password Password Verifier Match Return False

Password Verification Process Zip File Salt Password Verifier Given Password Password Verifier Match Return False

Password Verification Process Zip File Salt Password Verifier Data Given Password Password Verifier Match Return False

Password Verification Process Zip File Salt Password Verifier Data Given Password Password Verifier Match Decrypt MAC Return False

Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Return False

Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Match Return False

Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Match Return False

Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Match Return False Return True

Speed ups Reducing file handling operations Quick 2 byte check Parallel implementation on GPU

Data Collection & Testing Frost o 32-bit, 700Mhz, 512MB Ram Janus o 64-bit, 2.8GHz, 2GB Ram o Ran in 32-bit mode Test Types o Brute and Dictionary o Nodes: 128, 1024, 2048, 4096 o First, Middle, Last, Never  (password positions) Model o Passwords / time unit for X nodes o Time to solution for X nodes

Results (Estimated Time: Brute, Janus )

Results (Estimated Time: Brute, Janus vs Frost)

Results (Estimated Time: Dictionary, Janus )

Results (Estimated Time: Dict., Janus vs Frost)

Conclusions Max throughput (Janus) o Brute = 172 passwords / second o Dictionary = 86 passwords / second Brute (Janus) o 7 alphanumeric = 60 days with 4096 processors o 8 alphanumeric = 9.9 years with 4096 processors o 10 alphanumeric = years with 4096 processors Dictionary (Janus) o 1 billion = 47.3 minutes with 4096 processors o 100 billion = hours with 4096 processors Conclusion o Choose good passwords

Questions?