11/19/13

Cryptographic Attacks.

Introduction & Summary.

There are many types of Cryptographic Attacks. There can be attacks whose goal is to decrypt message, find cryptographic key, or weakness in 'the secure system', or other. Some of them are more, some less, theoretical.


Ciphertext-Only Attack.

This is the situation in which Alice (message sender) and Bob (message receiver) are encrypting their data, and all attacker gets to know is the ciphertext. This is the most difficult type of attack, because of the least amount of information.


Known Plaintext Attack.

A known plaintext attack is one in which attacker knows both the plaintext (undisguised message) and the ciphertext (encrypted message). The object, of course is to find the encryption key (for example, to decrypt more messages incoming from message sender).

Plaintext messages are sometimes easy to guess.

Also another source of plaintext message is autoresponder message. When employee goes on vacations, and autoresponder produces unencrypted message to some users, and encrypted to others. They can be 'overheard' in the public Internet sometimes. Even if message is encrypted with regard of the all of the users, all of them 'know' both plaintext (they decrypted it) and ciphertext.

Many messages in the Internet are partially predictable (for example, email messages' data headers are known and guessable).

The more information the hacker has, the easier for him/her is to make succesful attack on cipher, allowing him to decrypt more than legally allowed, and get into more troubles.


Chosen Plaintext Attack.

Chosen plaintext attack is when attacker can choose the plaintext, without the need to guess it. This is a more powerful type of attack than a known plaintext attack.

Attacker can perhaps choose any number of plaintexts and get the corresponding ciphertexts.

Quite often Alice will get information from some outside source (e.g., one that can be influenced by the attacker) and then forward that information to Bob in encrypted form.

There are two variations of this attack:

* Offline attack: where list of all the plaintexts attacker wants to be encrypted before he/she gets corresponding ciphertexts is prepared in advance.
* Online attack: attacker can choose new plaintexts depending on ciphertexts he/she already received.

Online attack is more powerful version of Chosen Plaintext attack.


Chosen Ciphertext Attack.

The term 'chosen ciphertext' is a misnomer. It should really be called a 'chosen ciphertext and plaintext attack,' but that is too long.

In a chosen plaintext attack, attacker gets to choose both plaintext values and ciphertext values. For every plaintext that attacker chooses he/she gets the corresponding ciphertext, and for any ciphertext attacker chooses, he/she gets the corresponding plaintext.

Obviously the chosen ciphertext attack is more powerful than a chosen plaintext attack as attacker has more freedom. The goal still is to recover the key, for the key allows for more than just message encryption and message decryption. For example, there are certificates and digital signatures that use the cryptographic keys, and more. For key can be more complex than simple algorithm, that acts exactly same way for every purpose it's intended for.


Distinguishing Attacks.

The attacks described above recover the plaintext or the encryption key. There are attacks that do not recover a message, but reveal some partial information about the message. There are too many forms of attack to list here, and new forms of attack are thought up all the time. So what should we defend against?

The best solution is to define a distinguishing attack. A distinguishing attack is any nontrivial method that detects a difference between the ideal cipher and the actual cipher.


Birthday Attack.

Birthday attacks are named after the birthday paradox. If you have 23 people in a room, the chance that two of them will have the same birthday exceeds 50%. That is a suprisingly large probability, given that there are 365 possible birthdays.

Following this logic, hackers can monitor internet traffic and use it to penetrate the defenses of 'the secure system' somehow. When they find data packet having same MAC values (message authentication code values) as one of previously 'overheard' (or 'sniffed') data packets, they can insert that previous data packet in it's place, for example confirming financial transaction that never occured in reality.


Meet in the Middle Attack.

Meet-in-the-middle attacks are the cousins of birthday attacks (together we call them collision attacks). They are more common and more 'useful' than birthday attacks.

Instead of waiting for a key to repeat, hacker can build a table of keys that he/she has chosen for himself/herself. Then these keys can be used in conversation between parts of the system, to learn more about such, and prepare for complete attack routine.

For example: Trudy (Intruder) prepares many cryptographic keys. Once they appear in internet traffic with attacked system, in MAC codes (message authentication codes), they can be added to hacker's database, with association to these keys. Then this line of attack can be developed.


Increasing protection against collision attacks.

For a security level of n bits, every cryptographic value should be at least 2n bits long.

If possible, change block size, or at least key length.

An n-bit security level means that systems are designed to withstand attackers that can perform 2n operations in their attack.


Other Types of Cryptographic Attacks.

So far we have mostly talked about attacking encryption functions. Other functions, such as authentication, digital signatures, etc... can (but should not, most of times) also be attacked.


(More will be added later perhaps).

No comments:

Post a Comment