Cryptographic Attack
6. Cryptographic Attack
Cryptographic attacks are attempts to subvert the security of the crypto algorithms by exploiting weaknesses with the goal to decipher the ciphertext without knowing the key.
Classification of cryptographic attacks depends on the type of data available:
Known only attack
Known plaintext only attack A cryptanalyst has access to a plaintext and the corresponding ciphertext
Known ciphertext only attack The attacker only knows the ciphertext but no plaintext
Chosen attack
Chosen plaintext attack It is similar to 1 but the plaintext can be attacker's choosing
Chosen ciphertext attack This method is used when the attacker only knows the ciphertext of his choosing and works his way back towards the plaintext. This method is very commonly used against public-private key encryption because the public key is widely known and finding private key will defeat the cipher
Adaptive chosen attack In both methods, attacker can choose plaintext or ciphertext respectively one block after the other (based on previous results) which leads to the defeat of the cipher.
Adaptive chosen plaintext attack
Adaptive chosen ciphertext attack
6.1. Brute Force Attacks
A brute force attack attempts every combination of the key. It is most often used in a known plaintext or ciphertext-only attack when the attacker can esaily verify the correctness of the guess.
Encryption algorithm like DES that use a key length of 56 bits is now considered absolutely insecure as software that exploit FPGA's and CUDA computational power are available and can break keys in a resonable time.
6.2. Dictionary Attacks
A dicitonary attack attempts the most likely keys. Expecially for the symmetric key algorithms where keys are selected by users, this approach can work better than Brute force attack.
6.3. Rainbow Tables
A rainbow table makes use of the available storage to compute (and store) plaintext-ciphertext correspondences ahead of time.
Pre-computation is indeed the technique used with rainbow table.
The important thing about rainbow table is the reduction function, that maps hashes to plaintexts. It is not an inverse function, but a reverse function, since the purpose of hash function is that inverse function cannot be made.
Example: We have our plaintext that is [14sd5], and the hashing function generate this hash: [c80e626c993af50dc505209bb13adf2]
the reduction function could be something that takes the first 5 characters from the hash, to create a new plaintext to hash ([c80e6])
This is what is called a chain.
6.4. Side Channel Attacks
Side channel attacks don't rely just on plaintext/ciphertext information to attack crypto algorithms.
They also take into account physical implementation including the hardware used to encrypt or decrypt data.
Time taken to perform an encryption, CPU cycles used, and even absorbed power variations during the algorithm can produce important information to a crypto analyst.
Many practical side channel attacks have been discovered. Some of them have been used in attack such as finding the GSM v1 SIM card encryption key. The attack was based on time taken to encrypt the data which slowly leads to build up the keys of the key.
The birthday attack is the attack that can discover collisions in hashing algorithms. It is based on birthday paradox, which states that if there are 23 people in the room, the odds are slightly greater than 50% that two will share the same birthday.
The key to understanding the attack is remembering that it is the odds of any 2 people (out of 23) sharing a birthday, and it is not the odds of sharing a birthday with a specific person.
In a room with 23 people there are 22 chances and one candidate. Let's call the candidate Tom. If Tom doesn't have the birthday date matching the one of the 22, leaves the room.
So now there are 21 people plus another candidate, let's call him Chris. If he fails to match with the 21 he leaves and so on.
22 pairs, plus 21 pairs, plus 20 ... plus 1 pair equals 253 pairs. Each pair has a 1/365 chance of having a matching birthday, and the odds of a match cross 50% at 253 pairs.
The birthday attack is most often used to attempt discover collisions in hash functions, such as MD5 or SHA1.
Last updated