DOC PREVIEW
SJSU CS 265 - WinZip

This preview shows page 1-2 out of 6 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 6 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 6 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 6 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Table of contentsATTACKS ON WINZIP ENCRYPTIONWinZip Encryption ArchitectureSecurity Issues and Possible AttacksInformation LeakagePossible Attacks using the metadataAttacks on file names and file extensionsProtocol Rollback AttackArchives with both Encrypted and Unencrypted filesKey collisions and repeated Key streamsDictionary AttacksFixesReferencesTable of contentsATTACKS ON WINZIP ENCRYPTION........................................................................2WinZip Encryption Architecture.................................................................................2Security Issues and Possible Attacks............................................................................3Information Leakage.................................................................................................3Possible Attacks using the metadata........................................................................3Attacks on file names and file extensions................................................................3Protocol Rollback Attack..........................................................................................4Archives with Encrypted and Unencrypted file......................................................4Key collisions and repeated Key streams.................................................................4Dictionary Attacks.....................................................................................................5Fixes................................................................................................................................5References.......................................................................................................................6ATTACKS ON WINZIP ENCRYPTIONWinZip has recently released WinZip® 9.0 beta version, in which it is using theencryption scheme AE-2 to encrypt the compressed files. The purpose of this paper is toexplain the attack on WinZip’s latest encryption method, Advanced Encryption (AE-2)and briefly suggest some solutions. WinZip is a common compression utility onMicrosoft windows machines. Even though the encryption schemes used in WinZip arevery secure, the implementation of these schemes in WinZip encryption makes itvulnerable to many side channel attacks and “man in the middle “attacks. WinZip Encryption ArchitectureWinZip 9.0 compresses files using “enhanced deflate” method [1], encrypts thosecompressed files independently and then archives into the WinZip archive. After the filesare compressed AE-2 encryption scheme is invoked to encrypt these files.AE-2 uses128,192 or 256 bit key to encrypt and 64-bit extensions to zip file to store unlimited datain the zip file [1]. WinZip derives AES and HMAC-SHA1 keys from the user’s passwordand then encrypts the output of the compressed files with AES in CTR mode. The lengthsof the compressed data and the encrypted data (after compression) are same. Afterencryption it authenticates the resulting cipher text with HMAC-SHA1 key. AES-CTRand HMAC-SHA1 together protects both privacy and integrity of the data. Everyencrypted file in WinZip contains information about the “salt value”,”passwordverification value”, “encrypted file data” and “authentication code” [1]. Length of saltvalue changes according to the key size. If the key size is 128 bytes salt is 8bytes, for 192bits 12bytes, for 256 bits 16 bytes. Password verification value is a two byte value,derived with the encryption password and stored in encrypted file [1], before decryptingverification value is derived from the decrypting password and verified with the valuestored in encrypted file. Encrypted file data value is the size of the compressed, encryptedfiles which is a variable size. Authentication code checks that the contents of anencrypted file have not been changed since they first encrypted [1]. This is a super CRC-check on the data in the file after compression and encryption [1]. All this encrypted filesand information about these files are stored in WinZip archive’s “main file record” and“central directory record” [2]. To reduce the zip file size WinZip does not encryptdirectories and folders as a result the archives contain both encrypted and unencryptedfiles. This AE-2 encryption is not using the CRC value and is set to “zero” [1]. 2Security Issues and Possible AttacksInformation Leakage The main cause of information leakage in WinZip is that the metadata of the encryptedfile appears in plaintext in WinZip’s archive. This metadata contains encrypted file’soriginal file name, length of the original plaintext file, length of the cipher text data, lastmodification date and time etc. Availability of this Meta information in plaintext makesthe attacker’s life easy. Using the length of an uncompressed data stream and the lengthof the compressed output, Attacker can learn information about the uncompressed data. Possible Attacks using the metadataThe information contained in the metadata such as chosen compression method and thelength of the original file are not authenticated by HMAC-SHA1.This might give a wayto “man in the middle” attack. The compression method and the original filed lengths arenot authenticated. So Attacker can easily change these fields. The attack can be asfollows: suppose if Alice encrypts file “info.zip”, compresses and sends to Bob, anattacker can intercept that file in between and can change the original field length of thefile, value of the compression method field in “info.zip” and send that “newinfo.zip” fileto Bob. Bob tries to decrypt that file. If the values changed by Attacker are correct or ifthe extraction tool does not check that field and decompresses the file, MAC will matchand doesn’t give any error to Bob, but as the value of the compression method has beenchanged in this new file, the file will be decompressed using the wrong algorithm and asa result Bob gets some garbage values. Then if Bob might sends an email to Aliceexplaining the problem, Attacker again can intercept the message and emails him backpretending to be Alice and asks Bob to send the garbage data so that he can resolve it.Then Bob


View Full Document

SJSU CS 265 - WinZip

Documents in this Course
Stem

Stem

9 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download WinZip
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view WinZip and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view WinZip 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?