19.2 Cryptography attacks

Module19 – Cryptography, Section 19.2 – Cryptography attacks A cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme. This process is also called “Cryptanalysis". Cryptanalysis is the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to crack encryption algorithms or their implementations. Cryptography attacks Known plaintext attacks (KPA) Chosen plaintext attacks (CPA) Ciphertext only attacks (COA) Chosen ciphertext attacks (CCA) Man-in-the-middle attacks (MITM) Side channel attacks Brute force attacks Birthday attacks Chosen Plaintext Attack (CPA) Attacker has access to plain text and public key he wants to correlate and derive the private key which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts CPA is more powerful than KPA. Any cipher that prevents CPA is also secure against KPA and COA. Known Plaintext Attack (KPA) KPA is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal secret keys information. Ciphertext only Attack (COA) – COA or known ciphertext attack is where the attacker has access to a set of ciphertexts only, however the attacker has some knowledge of the plaintext and work with ciphertext-only. Chosen ciphertext Attack (CCA) – In CCA model the attacker can gather secret key information by obtaining the decryptions of chosen ciphertexts. Man-in-the-middle (MITM) attack – An attacker is between Victim and Server. Attacker sits in between uses sniffer to watch the conversation to capture session/cookie. Side-channel attack based on information gained from the physical implementation of a cryptosystem. – For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. – Some side-channel attacks require technical knowledge of the internal operation of the system on which the cryptography is implemented. A brute-force attack is a cryptanalytic attack is an attempt to decrypt any encrypted data The attacker systematically checks all possible passwords and passphrases until the correct one is found using guessing and dictionary attack. Brute-force attacks are an application of Brute-force search or exhaustive search which is problem-solving technique for systematically enumerating all possible candidates for the solution and checking each one. Any weaknesses in an encryption system make the task easier. Credential recycling is re-using username and password combinations gathered in previous brute-force attacks. Pigeonhole principle When 10 pigeons are put in 9 holes at least one hole has more than one pigeon. The probability reaches 100% when the number of people reaches 366, However, 99.9% probability is reached with just 70 people. Birthday problem is the probability of two out of some random people having the same birthday based on Pigeonhole principle. Birthday attack is cryptographic attack uses the probability model to reduce the complexity of finding a collision for a hash function. Exploits the mathematics behind the birthday problem in probability theory. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations. With a birthday attack, it is possible to find a collision of a hash function.