Skip to main content

Cryptography Basics, Part 2: Attack Models for Cryptanalysis

Welcome back my aspiring cyber warriors!
In an earlier tutorial, I tried to explain some of the basic concepts and terms of cryptography. Not only are those terms and concepts key to becoming effective in the world of cyber security, but they are required to pass such certification exams such as the CISSP, CWA, Security+ and many others.
In this tutorial we will address the various attack models for cryptanalysis. In other words, what methods can a cryptanalyst use to break the encryption without knowing the key. Besides being fascinating, you are likely to find these methods, concepts and analysis on the CISSP and CASP exams.
Terminology
Some terminology before we begin.
plaintext - text that has not been encrypted
ciphertext - text that has been encrypted
cryptanalyst - person knowledgeable in breaking encryption without the key
cipher - a way of hiding the content and message of plaintext
We can divide these methods into four types and further classify them as passive and active.
Let's look at the passive methods first.
Passive
Ciphertext-Only attackers (COA)
In this attack on the encryption, attacker/cryptanalyst can only observe the ciphertext. In order words, they can only see what all of us see, what appears to be indecipherable nonsense that comes out after the encryption such as that below.
The cryptananlyst doesn't have any of the plaintexts that went into the encryption algorithm, they have no idea what plaintexts created the ciphertexts, and they are totally passive (they can't send known--their own-- plaintext through the algorithm and observe the ciphertext.
Most encryption algorithms are NOT vulnerable to this type of attack and the attackers/cryptanalyst's probability of success is VERY low.
Known-Plaintext Attack (KPA)
In this attack, the attacker/cryptanalysts know the plaintext that generates the ciphertext. They can't select the plaintext, but they can observe plaintext-ciphertext pairs. This attack has a significantly better chance of success than KPA. Simple XOR ciphers and the old PKZIP were vulnerable to this attack.
From a historical context, this is one of the approaches taken at Bletchley Park by Allen Turing and his team to decipher the Nazi messages generated by the German Enigma machine (they knew that German messages had some common plaintext in their messages such as headers and weather forecasts).
Now, Let's look at two active attacks.
Active Attacks
Chosen-Plaintext Attack (CPA)
In this attack, the attacker/cryptanalyst can select or choose the plaintext that is sent through the encryption algorithm and observe the ciphertext that it generates. This is an active model where the attacker actually gets to chose the plaintext and do the encryption.
Being able to chose any plaintext and observing the ciphertext gives the attacker a strong foothold into the inner workings of the algorithm and secret key. One approach here would be to generate a database of popular plaintexts and ciphertexts and then use this database of common plaintext-ciphertext pairs to determine the cipher text input.
As you might imagine, by being able to select the plaintext and observe the ciphertext, the chances of breaking the encryption is significantly improved.
Chosen-Ciphertext Attack
In this attack, the attacker can both encrypt and decrypt. This means that they can select plaintext, encrypt it, observe the ciphertext and then reverse the entire process. Note that the cryptanalyst is not necessarily trying to find the plaintext, but rather is trying to decipher the algorithm and secret key used to encrypt the plaintext.
This model has a good probability of success.
Summary
Although this information might seem a bit geeky and obscure, the professional-level cyber warrior must be conversant in these techniques and concepts.


from hackers-arise full article here

Popular posts from this blog

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you're glad you did it where people don't know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network ( VPN ) can do for you: it can put you in a place where you are unknown. To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don't fall into the categories of people who say "I have nothing to hide" or "they already know everything about me" then you may care enough about your privacy to use a VPN. For the latest Malwarebytes Labs reader survey we asked "Do you use a VPN?" 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs. So...
Read more