Upload
ashokatmellon
View
232
Download
0
Embed Size (px)
Citation preview
Cryptanalysis – An overview
Cryptosystem
A cryptosystem can be defined as a 3-step algorithm as follows:
– Key(s) Setup:
• INPUT: security parameter
• OUTPUT: key(s), public parameters
– Encryption:
• INPUT: key, plaintext, public parameters
• OUTPUT: ciphertext
– Decryption:
• INPUT: key, ciphertext, public parameters
• OUTPUT: plaintext
Crypto space: Key space; Message space; Ciphertext space
Unconditional Cryptography
• Cryptographic schemes that are provably 100% secure
• An opponent cannot break the scheme:– even if unlimited text is available– even if unlimited time is available– even if unlimited computing power is available
• Strength of scheme relies on a mathematical proof that the opponent does not have enough information to break the cryptographic scheme
Conditional Cryptography
• Cryptographic schemes that are not 100% secure
• An opponent can break the scheme:– if unlimited text is available– if unlimited time is available– if unlimited computing power is available
• Strength of such a scheme relies on the assumptionthat the opponent does not have sufficient resources (text, time, computers, money) to break the scheme
Kerckhoff’s Principle
• The security of a system should not rely on the obscurity of the encryption/decryption algorithm. – The algorithm is assumed to be known to the
adversary. – The security must depend on the secrecy of the key.
Threats & Attacks
• Data leaks :: Unauthorized access • Data manipulation :: Integrity loss • Data fraud :: Impersonation • Data destruction :: Computer viruses
Attack: Any action that compromises the security of a system.
Threat: A declaration of intention to inflict punishment or harm on another.
Attackers
• A malicious entity whose aim is to prevent the users of the system from achieving their goals
• Passive attackers listen communication channel, but not able to modify data. They try to obtain information they are not supposed to get
– Traffic analysis
• Active attackers listen communication channel and could modify data. They try to mislead other entities
– Replay, Impersonation
Attacks: from cryptographic point of view
Non-Cryptanalytic Attacks
Cryptanalytic Attacks
• Compromising a secret key
– Stealing devices and keys
– Getting old (or backup) keys
• Exhaustive Search
– Searching the key space
Non-Cryptanalytic Attacks
Some Non-cryptanalytic Attacks
– Replay: replaying intercepted message – Guessing: guessing PIN/password – Stolen-verifier: password/verifier table– Sniffing: listening to the communication– Snooping: stealing secrets or sensitive data– Spoofing: impersonating as another entity– Code Injection: viruses, applets– Reflection: parallel session– Denial-of-Service: flooding– Physical Attacks: tampering– Exhaustive search …
Eavesdropping and Packet Sniffing
Capturing and filtering out packets
Threats: Sniffing can be used to catch various information sent over the network– Login + Password– E-mails and other messages
Tampering
Modifying or destroying data/device
Threats:– Change records – tax payers’ info, criminal records, – Erase audit trails– Plant Trojan-horses for password gaining, and other purposes
Spoofing
• Impersonating other users or computers to obtain privileges
– Account stealing, password guessing
– IP spoofing: e-mail forging
• Threats:
– Forged messages
– Denial of Service
Jamming
Disabling a system or service– Engaging host in numerous activities until
exhausting its resources;
Threats:– Consume all resources on the attacked machines– Exploit bug to shut down hosts
Cryptanalytic Attacks
• Known Cipehrtext– Only the ciphertext is known to the attacker– Attacker requires to reveal the plaintext and/or the key
• Known Plaintext– Pairs of (plaintext , ciphertext) are known to the attacker– Attacker requires to reveal the key
• Relevant when plaintext is known / can be obtained
• Chosen Plaintext– Attacker chooses the plaintext and receives the ciphertext– Attacker requires to reveal the key
• Relevant when attacker can “inject” plaintext messages to the encryption module
Cryptanalytic Attacks
• Chosen Ciphertext– Attacker chooses the ciphertext and receives the
corresponding plaintext– Requires to reveal the key or break the scheme
• Relevant when attacker can “inject” ciphertext messages to the decryption module
• Adaptive Chosen Text– Attacker chooses successive plaintext and/or the ciphertext
messages in accordance to attack plan– Requires to reveal the key or break the scheme
• Relevant when attacker can “control” the encryption and decryption modules w. r. to chosen messages
Adversarial Model
q
Recommended Guideline
• Avoid proprietary guidelines
• Comply with some standard/specification
• In some cases, trust is a must requirement
• Technology + Policy + Management = Security Solution