Archive for the Security Category

OSINT Tools

| November 8th, 2017

First, get your OSINT API Keys!

shodan_api, censysio_id, censysio_secret, zoomeyeuser, zoomeyepass, clearbit_apikey, emailhunter, fullcontact, google_cse_key, google_cse_cx, github_travis_key.

Shodan_api

  • Register an account in shodan.
  • Visit your registered email id and activate the account.
  • Login to your account and you will find the API keys under profile overview tab.
  • Copy the API key and this is the value for shodan_api field in the config.py file.

Censysio ID and Secret

  • Register an account in censysio.
  • Visit your registered email id and activate the account.
  • Login to your account.
  • Visit Account tab to get API ID and Secret.
  • Your API key is the value for censysio_id field and API Secret is the value for censysio_secretfield in config.py file.

Clearbit API

  • Register an account in clearbit.
  • It will auto redirect to the account.
  • Visit API keys tab to get API key.
  • Copy the API key and this is the value for clearbit_apikey field in the config.py file.

Emailhunter API

  • Register an account in emailhunter.
  • Click on activation link send to your registered email address and it will auto redirect to the account.
  • Visit API keys tab to get API key.
  • Copy the API key and this is the value for emailhunter field in the config.py file.

Fullcontact API

  • Register an account in fullcontact.
  • Login.
  • It will ask for mobile number verification, complete that.
  • You will be redirected to the page where you can get the API key.
  • Additionally you will also get one email in the registered email id with API details.
  • Copy the API key and this is the value for fullcontact_api field in the config.py file.

Google Custom Search Engine API key and CX id

  • Go to https://console.developers.google.com/ > Credentials
  • Click on ‘Create Credentials’ and select API key.
  • Click on restrict key.
  • Select HTTP Headers (Websites) radio button.
  • Add *.secnet.com/* in restrictions. This is done in order to stop unintentional usage of your api key.
  • Copy the API key and click on save button. This is the value for google_cse_key field in the config.py file.
  • Go to https://cse.google.com/cse/all, Click on Add button.
  • In sites to search box, enter “pastebin.com” and “pastie.org”
  • Give any name to your search engine and click on Create button.
  • Go to https://cse.google.com/cse/all again and click on the search engine you just created.
  • Click on the ‘Search engine id’ button and copy your search engine id. This is the value for google_cse_cx field in config.py file.

SpyOnWeb Access Token

  • Register an account in SpyOnWeb.
  • SpyOnWeb will send a confirmation email with a link you will need to use to confirm the account.
  • Login and your Access Token will be on the main page.
  • Copy the Access Token and use as the value for the spyonweb_access_token field in the config.py file.

Zoomeye Username and Password

  • Register an user with zoomeye and use the credentials for this tool. (Don’t worry if you are redirected to sso.telnet404.com. This is how it works.)
  • Name of fields in the signup form – 1. email, 2. username, 3. nickname, 4. password, 5. confirm_password, 6. captcha
  • Once you fill out the details it will redirect you to the account page.
  • There you will found something: (Status: Inactive. Activate Now)
  • Click on activate now and two fileds will be populated.
  • The first field will be captcha and the second one will be email id.
  • Once you fill the email id in the second text box, click on send activation code.
  • Check the activation code your email account.
  • Put this activation code in the email id text box and click on determine.
  • Now your account is activated and use those credentials in the tool.
  • Email ID which you have used to sign up is your username and is the value for zoomeyeuserfield in config.py
  • Your account password is the value for zoomeyepass field in the config.py

Travis CI Access Token

  • Register an account with Github.
  • Login into Github (https://github.com/login) and go to the page ‘New personal access token’ (https://github.com/settings/tokens/new).
  • Generate a Github access token based on the instructions present at https://travispy.readthedocs.io/en/stable/getting_started/.
  • Copy the Access Token and use as the value for the github_travis_key field in the config.py file.

Google Hacks

| September 5th, 2014

Useful Google Hacks

Google is #1 ranked search engine in modern Internet. They are a giant who got access to your website, your mobile, your eCommerce site, your IRC site and god knows what else. That means they get a massive amount of information’s and data. Out of those there’s always the chance of leaked sensitive data such as server config, password file, backup file, proprietary materials such as eBooks, Music, PDF, Word Documents, Serial Number etc. In this post I will try to show how to use Google hacks to gather information and looks for exploitable information. If you find something important, please try to contact the owner and report the search string to Google rather than abusing it. I am not responsible how readers might or mights not use the information provided below.

 

useful-google-hacks

 

 

 

Hacking Security Cameras

Now this is a known one, We’ve all tried it at some point. I am not even sure if this is allowed or not, but I definitely think IP cameras should be more secured so that people can’t look into your Baby Monitor or simple Home Security Cameras. Different vendors provided product specific patches in different times, be sure to spread the word so that you’re not the victim of unsolicited prying.

There exists many security cameras used for monitoring places like parking lots, college campus, road traffic etc. which can be hacked using Google so that you can view the images captured by those cameras in real time. All you have to do is use the following search query in Google. Type in Google search box exactly as follows and hit enter

inurl:”viewerframe?mode=motion”

Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls.

You now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really a less refresh rate. But there are other search queries through which you can gain access to other cameras which have faster refresh rates. So to access them just use the following search query.

intitle:”Live View / – AXIS”

Click on any of the search results to access a different set of live cameras. Thus you have hacked Security Cameras using Google.

 

Hacking Personal and Confidential Documents

Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.

intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”

You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do so type the following search query and hit enter.

filetype:xls inurl:”email.xls”

Also it’s possible to gain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query

intitle:index.of finances.xls

Hacking Google to gain access to Free Stuffs

Ever wondered how to hack Google for free music or eBooks. Well here is a way to do that. To download free music just enter the following query on Google search box and hit enter.

“?intitle:index.of?mp3 eminem“

Now you’ll gain access to the whole index of Eminem album where in you can download the songs of your choice. Instead of Eminem you can substitute the name of your favorite album. To search for the eBooks all you have to do is replace “Eminem” with your favorite book name. Also replace “mp3? with “pdf” or “zip” or “rar”.

 

Using specialized search strings in Google

If I remember correctly, recent Google update (from HTTP to HTTPS) and backend modification fixed some of the following issues. However, here goes:

 

METHOD 1

For Example we can find:

  1. Credit Card Numbers
  2. Passwords
  3. Software / MP3’s

…… (and on and on and on) Presented below is just a sample of interesting searches that we can send to Google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:

 intitle:”Index of” passwords modified
 allinurl:authuserfile.txt
 “access denied for user” “using password”
 “A syntax error has occurred” filetype:ihtml
 allinurl: admin mdb
 “ORA-00921: unexpected end of SQL command”
 inurl:passlist.txt
 “Index of /backup”
 “Chatologica MetaSearch” “stack tracking:”
 Amex Numbers: 300000000000000..399999999999999
 MC Numbers: 5178000000000000..5178999999999999
 visa 4356000000000000..4356999999999999
 “parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 “parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 “parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 “parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 “parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 “parent directory ” Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

 

METHOD 2

Put this string in Google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

 Example: ?intitle:index.of? mp3 jackson

METHOD 3

Put this string in Google search:

inurl:microsoft filetype:iso

You can change the string to whatever you want, ex. Microsoft to adobe, ISO to zip etc…

“# -FrontPage-” inurl:service.pwd

FrontPage passwords.. very nice clean search results listing !!

 “AutoCreate=TRUE password=

This searches the password for “Website Access Analyzer”.

“http://:@www” domainname

This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

“http://:@www” bangbus or “http://:*@www”bangbus

Another way is by just typing

 “http://bob:bob@www”
“sets mode: +k”

This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

 allinurl: admin mdb

Not all of these pages are administrator’s access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:authuserfile.txt

DC Forum’s password file. This file gives a list of (crackable) passwords, usernames and email addresses for DC Forum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to Googledorks. =)

intitle:”Index of” config.php

This search brings up sites with “config.php” files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user

These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc

This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:”htaccess|passwd|shadow|htusers”

This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a Web server can have ugly consequences.

Let’s pretend you need a serial number for Windows XP Pro.

In the Google search bar type in just like this –

“Windows XP Professional” 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of ‘fake’ porn sites that trick you.

or if you want to find the serial for Winzip 8.1 – “Winzip 8.1? 94FBR

If you managed to find something useful using these search methods, I suggest you try out this guide:

How to hack Remote PC (Windows 2003 server) with Metasploits

Metasploit is a powerful took which helps users to hack their system. It’s easy to use and it’s informative at the same time.

 

Using special search string to find vulnerable websites

Following search strings in Google will come up with bunch of results. You can try one at a time and run SQLmap to hack a vulnerable website. See complete guide here

inurl:php?=id1
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num= andinurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=

I have shown you this info to let you know that there is a real risk putting your info online. If you do want to buy stuff online make sure the site you are using is secure normally if a site is secure you will see a pop up saying you are now entering a secure part of the site or a symbol of a padlock at the bottom of your browser or just use pay pal, pay pal is very safe to use. But most of the time just use common sense if a site looks cheap it normally hasn’t got the protection to keep your info safe. I am not saying don’t buy stuff online because that is one of the best thing’s about the internet i am just saying be aware of websites that want your bank details and there is no symbol of a padlock at the bottom of your browser.

Thanks for reading. Please share.

Sources and Credits as due:

  1. http://www.darkmoreops.com/
  2. http://johnny.ihackstuff.com/
  3. http://www.i-hacked.com/
  4. http://www.aagneyam.com/

The fix for me was to use the force-upgrade.php. But you’ve already done that, so here’s what else I found out.

I found that the most common solution seemed to have to do with a mis-match between your wp-config.php. First of all, make sure you (or the WordPress install) has correctly set up the database name, database user name, database password, and database host. See this link: http://codex.wordpress.org/Editing_wp-config.php

Secondly, make sure the database table prefix in your config.php matches the table name prefixes in your database. The default is wp_, but if you (or your wordpress install) changed your prefix to something else, it must match the database itself.

Here’s an example of the fields I’m talking about in the wp-config.php.

<?php
/** WordPress's config file **/
/** http://wordpress.org/   **/

// ** MySQL settings ** //
define('DB_NAME', 'madeupname');     // The name of the database
define('DB_USER', 'madeupuser');     // Your MySQL username
define('DB_PASSWORD', 'madeuppw'); // ...and password
define('DB_HOST', 'mysql.yoursite.com');     // ...and the server MySQL is running on
// Change the prefix if you want to have multiple blogs in a single database.
$table_prefix  = 'wp_';   // example: 'wp_' or 'b2' or 'mylogin_'

In your database, using phpMyAdmin, check that the tables all begin with the same prefix that you have in your wp-config.php. For example if you changed your table prefix to “b2”, the tables would be “b2_commentmeta”, b2_comments”, etc.
Also, you have to check inside two tables to see that certain field names are also changed. So, using the same prefix as above, in b2_options, the field wp_user_roles has to be changed to b2_user_roles. And in the b2_usermeta table, the fields wp_capabilities, wp_user_level, wp_user-settings, wp_user-settings-time, and wp_dashboard_quick_press_last_post_id should all have the prefix b2_ instead of wp_.

And lastly, within your database, look at the values in the wp_usermeta table as follows:

wp_capabilities should be a:1:{s:13:”administrator”;s:1:”1″;}

wp_user_level should be 10

All of this should automatically work if you used a quick install, but if you’ve changed anything along the way, or if your install did not work, it could be messed up. I did have this problem initially, and found out that the quick install done by Dreamhost was incomplete. Though I fixed the prefix problem, I still had the “permissions” error. However, when I tried that force.upgrade.php, all was resolved.

This list of rules by no means is a sure bet to secure your web services, but it will help in preventing script-kiddings from doing some basic browsing around.

MySQL injection attempts are one of the most common hacking attacks against PHP websites. If your website is hosted on a dedicated or virtual server, the best solution is to your server hardened with proper mod_security rules. However, if you’re on shared hosting, this is not an option. If you now think that it’s not possible to protect your website against various hacking methods on shared hosting, you’re wrong. Although it’s not possible to use advanced strategies to protect your website, you’re still able to protect it against hacking attempts using .htaccess rules. To implement such a protection, append your current .htaccess file with the following code, or create a new file called .htaccess, if you don’t use any yet, and place it in your website’s main folder):

Beginning of your .htaccess file to set the basics up

# Block access to the .htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>

# No web server version and indexes
ServerSignature Off
Options -Indexes
Options FollowSymLinks

HTTP Headers to Help Secure Your Website

Preventing cross-site request forgery (CSRF) attacks is hard and web applications must be built to prevent CSRF vulnerabilities. The first vulnerability is cross-site scripting (XSS).

Around 70.000 web sites have been catalogued by XSSed as being vulnerable to cross-site scripting (XSS). These attacks leave your users open to cookie theft, information theft, account hijacking, clickjacking and more.

Modern web browsers have some powerful protection build in nowadays but you need to tell the browser that you want those protection mechanisms used for your website. This can be archived by setting specific HTTP headers.

X-Frame-Options

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. This can be used to avoid clickjacking attacks, by ensuring that your content is not embedded into other sites.

This directive is pretty similar to the frame buster code explained in “Double Trouble on Google Images” except that it is only supported in the following browsers:

  • Internet Explorer 8+
  • Opera 10.50+
  • Safari 4+
  • Chrome 4.1.249.1042+
  • Firefox 3.6.9+ (or earlier with NoScript)

There are three possible values for this header:

  1. DENY – This setting prevents any pages served from being placed in a frame even if it is on the same website it originates from. should be used if you never intend for your pages to be used inside of a frame.
  2. SAMEORIGIN – This setting allows pages to be served in a frame of a page on the same website. If an external site attempts to load the page in a frame the request will be denied.
  3. ALLOW-FROM origin – If the value contains the token ALLOW-FROM origin, the browser will block rendering only if the origin of the top-level browsing context is different than the origin value supplied with the Allow-From directive.

The code below sets the directive to DENY, preventing our pages from being served in any frames, even from our own website.

# drop Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range
# optional logging.
#CustomLog insert-path-and-name-of-log common env=bad-range

# Don't allow any pages to be framed - Defends against CSRF
Header set X-Frame-Options DENY

# prevent mime based attacks
Header set X-Content-Type-Options "nosniff"

# Only allow JavaScript from the same domain to be run.
# Don't allow inline JavaScript to run.
Header set X-Content-Security-Policy "allow 'self';"

# Turn on IE8-IE9 XSS prevention tools
Header set X-XSS-Protection "1; mode=block"

MySQL Injection Prevention:

MySQL injection attempts are one of the most common hacking attacks against PHP websites. If your website is hosted on a dedicated or virtual server, the best solution is to your server hardened with proper mod_security rules. However, if you’re on shared hosting, this is not an option. If you now think that it’s not possible to protect your website against various hacking methods on shared hosting, you’re wrong. Although it’s not possible to use advanced strategies to protect your website, you’re still able to protect it against hacking attempts using .htaccess rules. To implement such a protection, append your current .htaccess file with the following code, or create a new file called .htaccess, if you don’t use any yet, and place it in your website’s main folder):

<IfModule mod_rewrite.c>
# Enable rewrite engine
RewriteEngine On

# Block suspicious request methods
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]

# Block WP timthumb hack
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteRule . - [S=1]

# Block suspicious user agents and requests
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]

# Block MySQL injections, RFI, base64, etc.
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

# PHP-CGI Vulnerability
RewriteCond %{QUERY_STRING} ^(%2d|\-)[^=]+$ [NC,OR]

#proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

</IfModule>

 

The Idea

The goal of the Advanced Crypto Software Collection (ACSC) is to provide a set of cryptographic tools to system developers. This site will primarily be focused on providing software that implements “advanced” cryptographic primitives. By advanced we typically mean cryptography that uses more modern methods and can’t necessarily be built from the traditional tools of hashing, signing, and basic encryption.

The collection is intended to provide a diverse set of tools ranging from low-level number theoretic primitives such as a bilinear-map implementation, to API’s for new efficient cryptographic primitives like Broadcast Encryption and Forward Secure Signatures, to applications. The software was developed by several different contributors, who are credited along with the project descriptions. The software provided here is primarily intended for the use of researchers in building system prototypes. Currently, most software has not been reviewed thoroughly enough for commercial deployment.

The Projects

Listed below are the current projects along with short descriptions. Click on a project’s name to access a longer description and software. Eight projects are currently available. Some are still under development, while others are fairly stable.

Some of these projects are hosted locally at the ACSC website. Other projects (notably the PBC Library) predate the ACSC and have their own homepage elsewhere; these are marked “external”.

  • Ciphertext-Policy Attribute-Based Encryption
    Developers: John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role)
    License: GPL
    Added to ACSC: December 1, 2006
    Last updated: March 24, 2011
    This project provides an implementation of a Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai and Waters. In such a system each user’s private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes “Senior” and “Human Resources” or has the attribute “Executive ”. One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.
  • Paillier Library
    Developer: John Bethencourt
    License: GPL
    Added to ACSC: July 21, 2006
    Last updated: January 30, 2010
    Paillier is a public key cryptosystem which offers an additive homomorphism, making it very useful for privacy preserving applications. This is a simple C library based on GMP which implements Paillier key generation, encryption, decryption, and also makes it easy to use the homomorphism.
  • Private Stream Searching Toolkit
    Developers: John BethencourtBrent Waters (advisory role)
    License: GPL
    Added to ACSC: July 21, 2006
    Last updated: September 28, 2009
    This toolkit provides programs implementing a private stream searching scheme due to Bethencourt, Song, and Waters that built upon work of Ostrovsky and Skeith. Suppose a client sends some search keywords to a server. The server checks some documents against the keywords and eventually sends back all the documents that matched. But the catch is that the client wants all this to take place without the server being able to learn what keywords they are interested in or which documents they end up with. These programs let you do that.
  • Forward-Secure Signatures with Untrusted Update
    Developers: Emily Shen (primary), John Bethencourt (build system)
    License: GPL
    Added to ACSC: September 13, 2007
    Last updated: October 22, 2007
    This C library implements a forward-secure signature scheme that allows “untrusted updates”. In most forward-secure signature constructions, a program that periodically updates a user’s private signing key must have full access to the private key. However, this prevents the common practice of encrypting it on disk under a passphrase. A scheme supporting untrusted updates, however, allows updates to the private key while it is encrypted.
  • Proxy Re-cryptography Library [external]
    Developers: Giuseppe AtenieseKevin FuMatthew GreenSusan Hohenberger
    License: only non-commercial use permitted
    Added to ACSC: March 28th, 2007
    Proxy re-encryption is a form of public-key encryption that allows a user Alice to “delegate” her decryption rights to another user Bob. In a proxy re-encryption scheme, Alice delegates a semi-trusted proxy to translate ciphertexts encrypted under her key into ciphertexts encrypted under Bob’s key. Once delegated, the proxy operates independently of Alice. The proxy is considered “semi-trusted” because it does not see the content of the messages being translated, nor can it re-encrypt Alice’s messages to users for whom Alice has not granted decryption rights. This project is a C++ implementation of the proxy re-encryption schemes proposed in NDSS 2005, using the MIRACL library. A future version of the library will incorporate “proxy re-signature” schemes from CCS 2005.
  • Percy++ [external]
    Developer: Ian Goldberg
    License: GPL
    Added to ACSC: March 6th, 2007
    Percy++ is an implementation of Private Information Retrieval (PIR) protocols in C++, as described in the paper Improving the Robustness of Private Information Retrieval, Ian Goldberg, IEEE Symposium on Security and Privacy (Oakland), 2007. Briefly, private information retrieval is the task of fetching a block of data from a database server (or group of distributed servers) without the server(s) learning which block it was that you were interested in. The protocols implemented in this project provide information-theoretic, computational, and hybrid privacy protection against configurable numbers of honest, faulty, or malicious servers.
  • Broadcast Encryption [external]
    Developers: Matt Steiner (original), Ben Lynn (current)
    License: GPL
    Added to ACSC: July 28, 2006
    A broadcast encryption scheme allows a broadcaster to send an encrypted message to a set of receivers S, each of which has a different private key. Given any subset S’ of S, the broadcaster may construct an encrypted message so that only the receivers in S’ may decrypt it. This may be trivially accomplished by having a key pair for every member of S. Then a copy of the message may be separately encrypted under the key of each receiver in S’. This of course results in very inefficient communication, however. The challenge is to construct a scheme which has communication sublinear in the number of receivers. This project is an implementation of the BGW broadcast encryption scheme (see also this more recent paper) based on the PBC Library.
  • Pairing-Based Cryptography Library [external]
    Developer: Ben Lynn
    License: GPL
    Added to ACSC: July 21, 2006
    Pairing-based cryptography (PBC) is a relatively young area of cryptography that revolves around a certain function with special properties. The PBC library (Pairing-Based Cryptography library) is a high performance C library built on top of theGMP library that contains routines which aid the implementation of pairing-based cryptosystems, including curve generation and pairing computation. In addition to the detailed documentation, simple implementations of many sample cryptosystems are included as examples of using PBC. PBC makes it very easy to quickly implement a great many of the recent advances in cryptography.
  • PIRATTE: Proxy-based Immediate Revocation of ATTribute-based Encryption
    Developers: Sonia JahidNikita Borisov (advisory role)
    License: GPL
    Added to ACSC: August 24, 2012
    Last updated: August 24, 2012
    This toolkit provides an implementation of Proxy-based Immediate Revocation of ATTribute-based Encryption (PIRATTE) system by Sonia Jahid and Nikita Borisov. PIRATTE is a revocation scheme for Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai, and Waters. Revocation in CP-ABE is challenging since most existing approaches are based on key expiration, re-keying every user, and/or re-encrypting existing ciphertext. A key and novel feature of PIRATTE architecture is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by introducing a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users.
  • Damgârd-Jurik Cryptosystem
    Developers: Frederick Douglas
    License: GPL
    Added to ACSC: September 12, 2012
    Last updated: September 12, 2012
    The Damgârd-Jurik cryptosystem is an extension of the Paillier public key cryptosystem (and libdj is an extension of libpaillier). DJ has additive homomorphism, and the ability to control the plain/ciphertext spaces that a given public key is currently encrypting from/to. Specifically, for a public key n, the plain/ciphertext spaces can be Zns, Zns+1 for any s. This lets a single key encrypt arbitrarily large messages – in particular, nested encryptions with only linear growth of the ciphertext are possible. This property, together with the homomorphism, enables e.g. an efficient private information retrieval scheme. libdj also includes a threshold version: rather than a single private key, many key shares capable of producing decryption shares exist, and some threshold of decryption shares must be gathered to decrypt. This version also has the homomorphism and size control.
  • Charm – A Rapid Prototyping Library for Cryptography
    Developers: Joseph Ayo Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, andAvi Rubin
    License: LGPL
    Added to ACSC: April 3, 2014
    Last updated: March, 2014
    Charm is a framework for rapidly prototyping advanced cryptosystems. Based on the Python language, it was designed from the ground up to minimize development time and code complexity while promoting the reuse of components. Charm uses a hybrid design: performance intensive mathematical operations are implemented in native C modules, while cryptosystems themselves are written in a readable, high-level language. Charm additionally provides a number of new components to facilitate the rapid development of new schemes and protocols. Charm ships with a library of implemented cryptosystems. This library includes public key encryption schemes, identity-based encryption schemes, attribute-based encryption schemes, digital signatures, privacy-preserving signatures, commitment schemes, zero-knowledge proofs, and interactive protocols such as anonymous credential and oblivious transfer schemes.
  • AutoTools – Automation Tools for Cryptographic Design
    Developers: Joseph Ayo AkinyeleMatthew W. PaganoMatthew Green, and Susan Hohenberger
    License: LGPL
    Added to ACSC: April 3, 2014
    Last updated: March, 2014
    The AutoTools project is a collection of automated compilers for performing various cryptographic design tasks. These consist of tools that improve efficiency and security of cryptographic primitives. For example, AutoBatch is an automated tool for finding efficient batch verification algorithms from high-level descriptions of digital signature schemes. AutoGroup is an automated tool for optimizing several types of pairing-based public-key encryption and signature schemes using Satisfiability Modulo Theories (SMT) solvers. Moreover, AutoStrong is a tool for converting existentially unforgeable signatures into ones that are strongly unforgeable. The tools demonstrate the notion that it is possible to transition some of the design work to computers and in most cases the automation can be performed in a matter of seconds.