Methods of Attack

Attempts to crack a cryptosystem can be generally classified into four classes of attack methods:

Analytic attacks: An analytic attack uses algebraic manipulation in an attempt to reduce the complexity of the algorithm.

Brute-force attacks: In a brute-force (or exhaustion) attack, the cryptanalyst attempts every possible combination of key patterns, sometimes utilizing rainbow tables, and specialized or scalable computing architectures. This type of attack can be very time-intensive (up to several hundred million years) and resource-intensive, depending on the length of the key, the speed of the attacker’s computer . . . and the lifespan of the attacker.

Implementation attacks: Implementation attacks attempt to exploit some weakness in the cryptosystem such as vulnerability in a protocol or algorithm.

Statistical attacks: A statistical attack attempts to exploit some statistical weakness in the cryptosystem, such as a lack of randomness in key generation.

A rainbow table is a precomputed table used to reverse cryptographic hash functions in a specific algorithm. Examples of password-cracking programs that use rainbow tables include Ophcrack and RainbowCrack.

The specific attack methods discussed in the following sections employ various elements of the four classes we describe in the preceding list.

The Birthday Attack

The Birthday Attack attempts to exploit the probability of two messages producing the same message digest by using the same hash function. It’s based on the statistical probability (greater than 50 percent) that in a room containing 23 or more people, 2 people in that room have the same birthday. However, for 2 people in a room to share a specific birthday (such as August 3rd), 253 or more people must be in the room to have a statistical probability of greater than 50 percent (even if one of the birthdays is on February 29).

Ciphertext Only Attack (COA)

In a Ciphertext Only Attack (COA), the cryptanalyst obtains the ciphertext of several messages, all encrypted by using the same encryption algorithm, but he or she doesn’t have the associated plaintext. The cryptanalyst then attempts to decrypt the data by searching for repeating patterns and using statistical analysis. For example, certain words in the English language, such as the and or, occur frequently. This type of attack is generally difficult and requires a large sample of ciphertext.

Chosen Text Attack (CTA)

In a Chosen Text Attack (CTA), the cryptanalyst selects a sample of plaintext and obtains the corresponding ciphertext. Several types of Chosen Text Attacks exist, including Chosen Plaintext, Adaptive Chosen Plaintext, Chosen Ciphertext, and Adaptive Chosen Ciphertext:

Chosen Plaintext Attack (CPA): The cryptanalyst chooses plaintext to be encrypted, and the corresponding ciphertext is obtained.

Adaptive Chosen Plaintext Attack (ACPA): The cryptanalyst chooses plaintext to be encrypted; then based on the resulting ciphertext, he chooses another sample to be encrypted.

Chosen Ciphertext Attack (CCA): The cryptanalyst chooses ciphertext to be decrypted, and the corresponding plaintext is obtained.

Adaptive Chosen Ciphertext Attack (ACCA): The cryptanalyst chooses ciphertext to be decrypted; then based on the resulting ciphertext, he chooses another sample to be decrypted.

Known Plaintext Attack (KPA)

In a Known Plaintext Attack (KPA), the cryptanalyst has obtained the ciphertext and corresponding plaintext of several past messages, which he or she uses to decipher new messages.

Man-in-the-Middle Attack

A Man-in-the-Middle Attack involves an attacker intercepting messages between two parties on a network and potentially modifying the original message.

Meet-in-the-Middle Attack

A Meet-in-the-Middle Attack involves an attacker encrypting known plaintext with each possible key on one end, decrypting the corresponding ciphertext with each possible key, and then comparing the results in the middle. Although commonly classified as a brute-force attack, this kind of attack may also be considered an analytic attack because it does involve some differential analysis.

Replay Attack

A Replay Attack occurs when a session key is intercepted and used against a later encrypted session between the same two parties. Replay attacks can be countered by incorporating a time stamp in the session key.

Prep Test

1 The four modes of DES include all the following except

A ECB

B ECC

C CFB

D CBC

2 A type of cipher that replaces bits, characters, or character blocks with alternate bits, characters, or character blocks to produce ciphertext is known as a

A Permutation cipher

B Block cipher

C Transposition cipher

D Substitution cipher

3 Which of the following is not an advantage of symmetric key systems?

A Scalability

B Speed

C Strength

D Availability

4 The Advanced Encryption Standard (AES) is based on what symmetric key algorithm?

A Twofish

B Knapsack

C Diffie-Hellman

D Rijndael

5 A message that’s encrypted with only the sender’s private key, for the purpose of authentication, is known as a(n)

A Secure message format

B Signed and secure message format

C Open message format

D Message digest

6 All the following are examples of asymmetric key systems based on discrete logarithms except

A Diffie-Hellman

B Elliptic Curve

C RSA

D El Gamal

7 The four main components of a Public Key Infrastructure (PKI) include all the following except

A Directory Service

B Certification Authority

C Repository

D Archive

8 Which of the following Internet specifications provides secure e-commerce by using symmetric key systems, asymmetric key systems, and dual signatures?

A Public Key Infrastructure (PKI)

B Secure Electronic Transaction (SET)

C Secure Sockets Layer (SSL)

D Secure Hypertext Transfer Protocol (S-HTTP)

9 The minimum number of SAs required for a two-way IPSec session between two communicating hosts using both AH and ESP is

A 1

B 2

C 4

D 8

10 An IPSec SA consists of the following parameters, which uniquely identify it in an IPSec session, except

A Source IP Address

B Destination IP Address

C Security Protocol ID

D Security Parameter Index (SPI)

Answers

1 B. ECC. ECC is the Elliptic Curve cryptosystem, an asymmetric algorithm. ECB (Electronic Code Book), CFB (Cipher Feedback), CBC (Cipher Block Chaining), and OFB (Output Feedback) are all valid DES modes of operation. Review “Data Encryption Standard (DES).”

2 D. Substitution cipher. Transposition ciphers and permutation ciphers rearrange data to produce ciphertext. A block cipher is a type of cipher that operates on a block of data. Review “Types of ciphers.”

3 A. Scalability. Symmetric key systems aren’t scalable because of the difficulty of key management between individual pairs of communicating parties. Review “Symmetric key cryptography.”

4 D. Rijndael. The NIST selected the Rijndael Block Cipher as the AES. Twofish was a finalist for the AES standard but wasn’t selected. Knapsack and Diffie-Hellman are asymmetric key systems. Review “Advanced Encryption Standard (AES).”

5 C. Open message format. A secure message is encrypted by using the receiver’s public key to achieve confidentiality. A signed and secure message is encrypted with both the receiver’s public key and the sender’s private key. A one-way hashing function produces a message digest to digitally sign a message for authentication. Review “Asymmetric key cryptography.”

6 C. RSA. RSA is based on factoring large prime numbers. Review “RSA.”

7 A. Directory Service. The four basic components of a PKI are the Certificate Authority (CA), Registration Authority (RA), Repository, and Archive. Review “Public Key Infrastructure (PKI).”

8 B. Secure Electronic Transaction (SET). Only SET implements the concept of dual signatures for authentication. Review “Internet Security Applications.”

9 C. 4. Four Security Associations (SAs) are required because SAs are simplex (one-way) and an SA is required for each protocol. Review “IPSec.”

10 A. Source IP Address. The Source IP Address isn’t included in an SA. Review “IPSec.”