• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Questions about Trucrypt & assignment question!

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software

View previous topic :: View next topic  
Author Message
angmat
Just Arrived
Just Arrived


Joined: 15 Mar 2010
Posts: 0


Offline

PostPosted: Mon Mar 15, 2010 3:50 pm    Post subject: Questions about Trucrypt & assignment question! Reply with quote

hey guys, I've got a assignment in uni regarding computer security & trucrypt. once you read the below material you will understand betetr. I am unable to find attacks in regards to the question below. I am hoping someone can give me a few ideas.


Background:
This assignment will assess your understanding of attack tree methodology, your skills in analysis of a concept and your research ability into cryptographic attack techniques and data retrieval. This assignment is the foundation for assignment 2. You are employed for a small firm which currently employs four (4) people including yourself. Each
of the four employees of the firm store sensitive files on a USB stick which is utilising Truecrypt to protect sensitive information. You have recently found one of these USB sticks on the floor in the office and you are certain that it belongs to one of the other three employees.

Rather than ask the other employees if they have lost a USB stick you have decided that you will browse through its contents instead. However, knowing that each employee utilises Truecrypt, you will first need to acquire the password to decrypt the contents.
Employees use Truecrypt to create an encrypted container file on the USB stick. This file is
encrypted using a number of strong symmetric algorithms including AES. When the sensitive information needs to be accessed, Truecrypt can ?mount? the encrypted file. This results in the encrypted file acting as a ?virtual drive?. When mounted the encrypted file appears as a removable drive (e: f: etc). Alice supplies a password in order to mount the drive. When the drive is mounted, each employee can read and manipulate the sensitive files as if they were stored on any other
removable drive. When the virtual drive is dismounted, it simply exists as an encrypted file on the USB stick.

Task:
Draw a set of attack trees which reflect your analysis of how you could successfully access the contents of the sensitive information on the USB stick. The attack trees can be annotated or you may have some discussion accompanying them (as you think necessary). You are only interested in breaching the confidentiality of the information and you do not wish to corrupt or delete/destroy the information.
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Tue Mar 16, 2010 2:41 pm    Post subject: Reply with quote

angmat,

Maybe you should ask your tutor for help? We can't answer this for you but I can find a plethora of information on the Internet regarding related attacks (http://en.wikipedia.org/wiki/Attack_tree and http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security) Ever consider a physical attack or maybe rootkit or other malware?

Matt_s
Back to top
View user's profile Send private message
angmat
Just Arrived
Just Arrived


Joined: 15 Mar 2010
Posts: 0


Offline

PostPosted: Tue Mar 16, 2010 3:57 pm    Post subject: Reply with quote

thanks for the reply matt_s, unfortunately tutors dont offer much help. we only got a few ideas from the tutor but not adequate enough to complete the assignment so we are left on our own. anyway i was hoping for some ideas so if anyone else anything please reply, thanks..
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Tue Mar 16, 2010 4:06 pm    Post subject: Reply with quote

angmat,

I did post a few ideas. Shame about your tutor.

Quote:
we only got a few ideas from the tutor
What ideas did the tutor give you?

Your choices are:
1 - Cryptographic attack
2 - Physical attack
3 - MITM attack
4 - Software attack

Each of these attack vectors can be broken down into smaller attacks. I can think of about a dozen ways you can tackle this. I am not however going to spell out how to do your homework. Thats why its great being a hacker, the quest for knowledge.

Matt_s
Back to top
View user's profile Send private message
angmat
Just Arrived
Just Arrived


Joined: 15 Mar 2010
Posts: 0


Offline

PostPosted: Thu Mar 18, 2010 3:01 pm    Post subject: Reply with quote

matt_s, I appreciate your input & advice. I was only looking for some info & you have provided it for me. thanks again.

as far as my tutor, the only advice he provided was he needs the tree to be technical, eg, if we used a virus, we need to mention what OS is vulnerable to it etc etc ... & explain the process. that doesn't really help when he is after a min of 15 trees.
Back to top
View user's profile Send private message
angmat
Just Arrived
Just Arrived


Joined: 15 Mar 2010
Posts: 0


Offline

PostPosted: Mon Mar 22, 2010 3:37 pm    Post subject: Reply with quote

does anyone have any example of software attacks?? I'm a little lost with this one.
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Mon Mar 22, 2010 9:56 pm    Post subject: Reply with quote

Can you tell us what you found while you were searching? Maybe we can help you filter them a little bit.
Back to top
View user's profile Send private message Visit poster's website
angmat
Just Arrived
Just Arrived


Joined: 15 Mar 2010
Posts: 0


Offline

PostPosted: Tue Mar 23, 2010 1:37 pm    Post subject: Reply with quote

well what is confusing me is with software attacks does it have to be a particular program installed on your system that will assist in recovering the password for the usb using true-crypt?

I have managed to find any that does this.

something like http://www.accessdata.com/decryptionTool.html only assists in recovering passwords from word, excel etc... so I don't know where to go with this one....
Back to top
View user's profile Send private message
angmat
Just Arrived
Just Arrived


Joined: 15 Mar 2010
Posts: 0


Offline

PostPosted: Tue Mar 23, 2010 3:08 pm    Post subject: Reply with quote

can i also confirm that if i used a java script or java based program to hack truecrypt would that be a software attack? excuse my ignorance here but I am new to computer security....
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register