[PDF] [PDF] Analysis of the WinZip Encryption Method Tadayoshi Kohno

Compression and Encryption • WinZip creates two records for each file – Main file record – Central directory record • Each Zip archive contains (in order):



Previous PDF Next PDF





[PDF] ZIP file encryption weaknesses - Instytut PWN

ZIP file encryption weaknesses Krystian Matusiewicz WinZip 9 0 and WinZip 10 0 stored all AES-encrypted files using the AE-2 file format, which does not 



[PDF] How to Use 7-Zip to Encrypt Files and Folders

Enter the password you wish you use to decrypt the data “Select Encrypt filenames,” “Solid Archive,” Exclude Mac resource forks,” and “Archive as single files ” 



[PDF] How To Encrypt a File using Windows Explorer and WinZip For Use

After sending the zipped file as an attachment, CALL your recipient(s) on the phone and give them the password The use of voicemail to convey the password is 



[PDF] Password-based encryption in ZIP files

15 déc 2015 · The ZIP file format was created in 1989 by PKWARE Inc [2] and was first implemented in the company's PKZIP utility The format has been 



[PDF] Analysis of the WinZip Encryption Method Tadayoshi Kohno

Compression and Encryption • WinZip creates two records for each file – Main file record – Central directory record • Each Zip archive contains (in order):



[PDF] Securing and Sending Files with 7-Zip

Open 7-Zip 2 Zip, Encrypt and Password Protect a File 3 Email the Encrypted File 3 Opening emails with confidential files attached 4 Download, Unzip and 



[PDF] How To Encrypt ZIP Files Using WinZip 11

Creating and encrypting ZIP files is a simple matter ZIP files are also called archives There are many advantages to using ZIP files, the main one being that an 



[PDF] Encrypting Files With 7-Zip & WinZip

File compression and encryption software (e g , 7-Zip, WinZip) allows employees to send files efficiently and securely within and outside of the Government 

[PDF] 7 zip portable 2020

[PDF] 7 zip portable edition

[PDF] 7 zip portable github

[PDF] 7 zip portable mac

[PDF] 7 zip portable reddit

[PDF] 7 zip portable sourceforge

[PDF] 7 zip portable x64

[PDF] 7 zip support

[PDF] 7 zip test file download

[PDF] 7.1 finding rational solutions of polynomial equations a/b answers

[PDF] 7.15 cu4 system requirements

[PDF] 7.2 finding complex solutions of polynomial equations answers

[PDF] 7.2 finding rational solutions of polynomial equations a/b answers

[PDF] 7.30 hours

[PDF] 7.62x39 headstamp codes

Analysis of the WinZip Encryption

Method

Paper by: Tadayoshi Kohno

Presented by: Ken, Mike, Jeremy & Paul

The popular compression utility fo

r

Microsoft Windows computers

Easy-to-use AES encryption"

A dvanced Encryption version two (AE-2) D erives AES and HMAC-SHA1 keys from user's passphrase• E ncrypts compression output with with AES-CTR A uthenticates resulting ciphertext with HMAC-SHA1

A Secure Implementation?

Proven

secure MAC: -H M A C S H A 1

Proven

secure Encryption: A

ES in counter mode

Proven

secure combination: E ncrypt-then-MAC

But...

S ecurity products must be evaluated as a

whole, and the security of a whole product may not follow as a simple corollary of the security of the underlying components."

Compression and Encryption

WinZip creates two records for each file

M ain file record C entral directory record E ach Zip archive contains (in order): T he main file records concatenated together T he central directory records concatenated together A n End-of-Archive record Note:

A WinZip archive can contain

multiple files. Each f ile is compressed/encrypted independently

Archive Contents

The Main Fil

e

Record

File Record IndicatorExtraction Version NeededGeneral Purpose Bit FlagCompression MethodLast Modified TimeLast Modified Date32-Bit CRCCompressed SizeUn

compressed S i ze

Filename LengthExtra Field LengthFilenameEx

tra Field

File Data

The Central Directory Record

Directory Re

cord Indicator

Version Made ByExtraction Version NeededGeneral Purpose Bit FlagCompression MethodLast Modified TimeLast Modified Date32-Bit CRCCompressed SizeUn

compressed S i ze Filename LengthExtra Field LengthFile Comment LengthDisk Number Star t

Internal/External File Attr

ibutes

Relative Header OffsetFilenameEx

tra Field

File Co

mment

Archive Contents

The Main Fil

e

Record

File Record IndicatorExtraction Version NeededGeneral Purpose Bit FlagCompre ssion Method

Last Modified TimeLast Modif

i ed Date

32-Bit

CRC Compressed SizeUncompressed SizeFilename LengthExtra Field LengthFilenameExtra FieldFile Data

The Central Directory Record

Directory Re

cord Indicator Version Made ByVersion Needed to ExtractGeneral Purpose Bit FlagCompre ssion Method

Last Modif

i ed Time

Last Modif

i ed Date

32-Bit

CRC Compressed SizeUncompressed SizeFilename LengthExtra Field LengthFile Comment LengthDisk Number Star t

Internal/External File Attr

ibutes

Relative Header OffsetFilenameExtra FieldFile Co

mment

Important Archive Contents

The Main Fil

e

Record

Compre

ssion Method

Last Modified TimeLast Modif

i ed Date

32-Bit

CRC

Uncompressed SizeFilenameExtra FieldFile Data

The Central Directory Record

Compre

ssion Method

Last Modif

i ed Time

Last Modif

i ed Date

32-Bit

CRC

Uncompressed SizeFilenameExtra Field

With AE-2 Encryption Enabled

the Extra Fields Contain:

Extra Fields Header IDData SizeVersion Numbe

r

Vendor IDEncryption StrengthActual Compre

ssion Method

With AE-2 Encryption Enabled

the File Data Field C ontains:

SaltPassword Verif

i cation Value Encry p ted File Data

Authentication Code

Plaintext-1

Plaintext-1

C o mpressed

Passphrase

Salt-n

Enc r y p ted

Ciphertext-1

Reco rd 1

Ciphertext

M AC

AES in CT

R Mod e (Counter=0)

HMAC-SHA1

Ciphertext-2

Reco rd 2

Ciphertext

M AC

Ciphertext-3

Reco rd 3

Ciphertext

M AC

Ciphertext-n

Reco rd n

Ciphertext

M AC MAC n

Ciphertext-n

File Record n

Pas s w o r d Ver i f i c a t i on Va lue

Metadata-n

Salt-n

Metadata-1

File Encryption and Authentication

Code Process

F

Counter Mode AES Encryption

X 0 CTR-0 M 0 C 0 Xor F X 1 CTR-1 C 1 Xor F X 2 CTR-2 Xor F X n CTR-n Xor M 2 M n M 1 C 2 C n

WinZip Security Problems:

Interactions between compression and the AE-2 encryption method.

The names of files and their interpretations

Information leakage from encrypted files' metadata Interactions with AE-1 and a chosen-protocol attack Archives with both encrypted and unencrypted files.

Key collisions and repeated keystreams

Exploiting the Interaction Between

Compression and Encryption

F.zip Alice Bob F .zip Mall ory changes the comp ressio n metho d o f F.zip to cre a te F .zip

Recall that the metadata is

not Authenticated , therefore Mallory can change these values without voiding the HMAC-SHA1 tag. W hen Bob attempts to decrypt F .zip (with the wrong compression method), the contents will be garbage.

Create Encrypted Zip Archive

Using 128-bit AES

Encryption

Change Compression Method Values:08 00Compressed00 00Not Compressed

Decryption of the Modified Archive -

WinZip 9.0

Garbage...

•If Mallory obtains this garbage, he can reconstruct F.zip.•Is it practical for Mallory to obtain this garbage?

Decryption of the Modified Archive -

WinZip 9.0 SR-1

Exploiting the Association of

Applications to Filenames

A variant of the previous scenario could also be to simply change the filename extension. (i.e. from .doc to .xls) O r the entire filename: Swap Alice-Salary.dat with Mallory-Salary.dat

Information Leakage

Cleartext Metadata:

F ilenames, modified dates & times, CRC's, & file lengths C ompression as a 'Side-Channel' (John Kelsey): C ompare original and compressed file sizes• S upplements pre-existing par tial knowledge C ompare the compression ra tios of related files •W h y Equotesdbs_dbs14.pdfusesText_20