Cryptanalysis – An overview

Cryptosystem

A cryptosystem can be defined as a 3-step algorithm as follows:

– Key(s) Setup:

• INPUT: security parameter

• OUTPUT: key(s), public parameters

– Encryption:

• INPUT: key, plaintext, public parameters

• OUTPUT: ciphertext

– Decryption:

• INPUT: key, ciphertext, public parameters

• OUTPUT: plaintext

Crypto space: Key space; Message space; Ciphertext space

Unconditional Cryptography

• Cryptographic schemes that are provably 100% secure

• An opponent cannot break the scheme:– even if unlimited text is available– even if unlimited time is available– even if unlimited computing power is available

• Strength of scheme relies on a mathematical proof that the opponent does not have enough information to break the cryptographic scheme

Conditional Cryptography

• Cryptographic schemes that are not 100% secure

• An opponent can break the scheme:– if unlimited text is available– if unlimited time is available– if unlimited computing power is available

• Strength of such a scheme relies on the assumptionthat the opponent does not have sufficient resources (text, time, computers, money) to break the scheme

Kerckhoff’s Principle

• The security of a system should not rely on the obscurity of the encryption/decryption algorithm. – The algorithm is assumed to be known to the

adversary. – The security must depend on the secrecy of the key.

Threats & Attacks

• Data leaks :: Unauthorized access • Data manipulation :: Integrity loss • Data fraud :: Impersonation • Data destruction :: Computer viruses

Attack: Any action that compromises the security of a system.

Threat: A declaration of intention to inflict punishment or harm on another.

Attackers

• A malicious entity whose aim is to prevent the users of the system from achieving their goals

• Passive attackers listen communication channel, but not able to modify data. They try to obtain information they are not supposed to get

– Traffic analysis

• Active attackers listen communication channel and could modify data. They try to mislead other entities

– Replay, Impersonation

Attacks: from cryptographic point of view

Non-Cryptanalytic Attacks

Cryptanalytic Attacks

• Compromising a secret key

– Stealing devices and keys

– Getting old (or backup) keys

• Exhaustive Search

– Searching the key space

Non-Cryptanalytic Attacks

Some Non-cryptanalytic Attacks

– Replay: replaying intercepted message – Guessing: guessing PIN/password – Stolen-verifier: password/verifier table– Sniffing: listening to the communication– Snooping: stealing secrets or sensitive data– Spoofing: impersonating as another entity– Code Injection: viruses, applets– Reflection: parallel session– Denial-of-Service: flooding– Physical Attacks: tampering– Exhaustive search …

Eavesdropping and Packet Sniffing

Capturing and filtering out packets

Threats: Sniffing can be used to catch various information sent over the network– Login + Password– E-mails and other messages

Tampering

Modifying or destroying data/device

Threats:– Change records – tax payers’ info, criminal records, – Erase audit trails– Plant Trojan-horses for password gaining, and other purposes

Spoofing

• Impersonating other users or computers to obtain privileges

– Account stealing, password guessing

– IP spoofing: e-mail forging

• Threats:

– Forged messages

– Denial of Service

Jamming

Disabling a system or service– Engaging host in numerous activities until

exhausting its resources;

Threats:– Consume all resources on the attacked machines– Exploit bug to shut down hosts

Cryptanalytic Attacks

• Known Cipehrtext– Only the ciphertext is known to the attacker– Attacker requires to reveal the plaintext and/or the key

• Known Plaintext– Pairs of (plaintext , ciphertext) are known to the attacker– Attacker requires to reveal the key

• Relevant when plaintext is known / can be obtained

• Chosen Plaintext– Attacker chooses the plaintext and receives the ciphertext– Attacker requires to reveal the key

• Relevant when attacker can “inject” plaintext messages to the encryption module

Cryptanalytic Attacks

• Chosen Ciphertext– Attacker chooses the ciphertext and receives the

corresponding plaintext– Requires to reveal the key or break the scheme

• Relevant when attacker can “inject” ciphertext messages to the decryption module

• Adaptive Chosen Text– Attacker chooses successive plaintext and/or the ciphertext

messages in accordance to attack plan– Requires to reveal the key or break the scheme

• Relevant when attacker can “control” the encryption and decryption modules w. r. to chosen messages

Adversarial Model

q

Recommended Guideline

• Avoid proprietary guidelines

• Comply with some standard/specification

• In some cases, trust is a must requirement

• Technology + Policy + Management = Security Solution