Cryptography: Cryptanalytic Attacks Examples

 

Known Ciphertext Attack

Example:

• Eve steals a bunch of ciphertexts from Alice's handbag, but has no idea what they mean.

Known Plaintext Attack

Example:

• Eve overhears an encrypted communication from Bob to Alice, and later observes them meeting at Baker Street - Eve can now guess that the communication contained the word "baker street" somewhere, a form of known plaintext attack.

Chosen Plaintext Attack

Example:

• A poorly designed file storage system uses the same key to encrypt everyone's files, and lets anyone see anyone's files (in encrypted form). Eve knows Bob uses the service, she registers as well and starts encrypting arbitrary files (which she can choose) and looks at the resulting ciphertext. From this she obtains the service's encryption key, and decrypts Bob's stuff.

 
 
Chosen Ciphertext Attack

Example:

• Eve breaks into Bob's house while he is sleeping, and replaces the ciphertext he was going to send to Alice tomorrow with a new one of her choosing. She then eavesdrops on their communications (encrypted or not) the next day to try and work out what Alice read when she decrypted the fake ciphertext (variants of this involve Eve not just creating a new ciphertext, but modifying the existing one slightly).

Cryptography: Cipher Strength

•Perfect or Unconditional security

–no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

•Computational or Conditional security

–given limited computing resources (e.g. time needed for calculations is greater than age of universe), the cipher cannot be broken 

In other words, security system is said to be conditionally secured if the cost of breaking the system is way higher than the hack value we get from breaking that system.

Cryptography: Cryptanalytic Attacks

•Ciphertext only attack

–In this method, the attacker has access to a set of ciphertext(s). One ciphertext or many?

–He does not have access to corresponding plaintext.

–COA is said to be successful when the corresponding plaintext can be determined from a given set of ciphertext.

–Occasionally, the encryption key can be determined from this attack.

–Modern cryptosystems are guarded against ciphertext-only attacks.

 

•Known plaintext attack

–In this method, the attacker knows the plaintext for some parts of the ciphertext.

–The task is to decrypt the rest of the ciphertext using this information.

–This may be done by determining the key or via some other method.

–Let’s say for example that Alice sends Bob a message everyday starting with “hello” messages…. If Darth analyzes those ciphertext to get the message.

 

•Chosen plaintext attack

–In this method, the attacker has the text of his choice encrypted.

–So he has the ciphertext-plaintext pair of his choice.

–This simplifies his task of determining the encryption key.

–A popular public key cryptosystem, RSA is also vulnerable to chosen-plaintext attacks.

–Chosen-plaintext attacks were used by Allied cryptanalysts in World War II for breaking of Enigma ciphers.

 

•Chosen ciphertext attack

–A cryptanalyst can analyze chosen ciphertexts together with corresponding plaintexts. His goal is to acquire a secret key or to get as many information about the attacked system, as possible.

–The attacker has capability to make the victim (who knows the secret key) decrypt a selected ciphertext and send him the result. Analyzing the chosen ciphertext and corresponding received plaintext, the intruder tries to guess the secret key which was used by the victim.

–Chosen-ciphertext attacks are usually used for breaking systems with public key encryption. For example, early versions of RSA cipher were vulnerable to such attacks. They are used less often for attacking systems protected by symmetric ciphers. Some self-synchronizing stream ciphers were attacked in that way.

 

Types of Attacks	Known to Cryptanalyst
Ciphertext Only	·Encryption algorithm ·Ciphertext
Known Plaintext	·Encryption algorithm ·Ciphertext ·One or more plaintext–ciphertext pairs formed with the secret key
Chosen Plaintext	·Encryption algorithm ·Ciphertext ·Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

 

Types of Attacks	Known to Cryptanalyst
Chosen Ciphertext	·Encryption algorithm ·Ciphertext ·Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Chosen Text	·Encryption algorithm ·Ciphertext ·Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key ·Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

•Chosen text attack
–This is a combination of Chosen plaintext attack and chosen ciphertext attack

Cryptography: Assumptions about the Security Environment and Attacker’s Capability

•Details of the Encryption Scheme

•The design of a cryptosystem is based on the following two cryptography algorithms −

–Public Algorithms − With this option, all the details of the algorithm are in the public domain, known to everyone.

–Proprietary/Private algorithms − The details of the algorithm are only known by the system designers and users.

 

•In case of proprietary algorithms, security is ensured through obscurity.

–Private algorithms may not be the strongest algorithms as they are developed in-house and may not be extensively investigated for weakness.

–They allow communication among closed group only. Hence they are not suitable for modern communication where people communicate with large number of known or unknown entities.

•According to Kerckhoff’s principle, the algorithm is preferred to be public with strength of encryption lying in the key.

•Thus, the first assumption about security environment is that the encryption algorithm is known to the attacker.

•Availability of Ciphertext

•We know that once the plaintext is encrypted into ciphertext, it is put on unsecure public channel (say email) for transmission.

•Thus, the attacker can obviously assume that it has access to the ciphertext generated by the cryptosystem.

•Availability of Plaintext and Ciphertext

•Not that obvious… because plaintext availability is what we are talking about.

•However, there may be situations where an attacker can have access to plaintext and corresponding ciphertext.

•Some such possible circumstances are −

–The attacker influences the sender to convert plaintext of his choice and obtains the ciphertext.

–The receiver may divulge the plaintext to the attacker inadvertently. The attacker has access to corresponding ciphertext gathered from open channel.

–In a public-key cryptosystem, the encryption key is in open domain and is known to any potential attacker. Using this key, he can generate pairs of corresponding plaintexts and ciphertexts.

 

Cryptography: Why do we Attack an Encryption System? What are its Approaches?

• 
  
  Typically, the objective of attacking an encryption system is to recover the key in use rather than simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme: 
  •Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext–ciphertext pairs.
  •This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
  •Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
  On average, half of all possible keys must be tried to achieve success.
  
  

Cryptography: Kerckhoff’s Principle

•A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

•security in secrecy of key alone, not in obscurity of the encryption algorithm