2. Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmissions.
The goal of the opponent is to obtain information that is
being transmitted.
Two types of passive attacks are the release of message
contents and traffic analysis.
Active attacks involve some modification of the data stream
or the creation of a false stream and can be subdivided into
four categories: masquerade, replay, modification
of messages, and denial of service.
2
3. Differential cryptanalysis is a general form of
cryptanalysis applicable primarily to block ciphers, but
also to stream ciphers and cryptographic hash functions.
Differential attack is a chosen-plaintext attack .
can successfully cryptanalyze DES with an effort on the
order of
The main difference from linear attack is that
differential attack involves comparing the XOR of two
inputs to the XOR of the corresponding outputs .
This difference provide information that can be used to
determine the key .
4. 4
linear cryptanalysis is a general form of cryptanalysis
based on finding affine approximations to the action of
a cipher Attacks have been developed for block ciphers
and stream ciphers. Linear cryptanalysis is one of the
two most widely used attacks on block ciphers
Linear Cryptanalysis is (known plaintext attack).
This method can find a DES key given known
plaintexts .
Although this is a minor improvement, because it
may be easier to acquire known plaintext rather than
chosen plaintext, it still leaves linear cryptanalysis
infeasible
5. Meet-in-the-middle attack is performed on two blocks of
known ( plaintext–ciphertext ) , the probability that the correct
keys are determined .
The meet-in-the-middle attack targets block cipher cryptographic
functions ( double DES ) .
The name for this exploit comes from the method. Because the
attacker tries to break the two-part encryption method from
both sides , a successful effort enables him to meet in the middle
of the block cipher.
Meet-in-the-middle is a passive attack, which means that
although the intruder can access messages, in most situations he
can not alter them or send his own.
6. is an attack where the attacker secretly relays and
possibly alters the communication between two parties
who believe they are directly communicating with each
other. A man-in-the-middle attack can be used against
many cryptographic protocols. One example of man-in-
the-middle attacks is active eavesdropping, in which the
attacker makes independent connections with the victims
and relays messages between them to make them believe
they are talking directly to each other over a private
connection, when in fact the entire conversation is
controlled by the attacker. The attacker must be able to
intercept all relevant messages passing between the two
victims and inject new ones. This is straightforward in
many circumstances;
6
8. Alice sends a message to Bob, which is intercepted by Mallory:
Alice "Hi Bob, it's Alice. Give me your key.“ → Mallory Bob
Mallory relays this message to Bob; Bob cannot tell it is not really from
Alice: Alice Mallory "Hi Bob, it's Alice. Give me your key." → Bob
Bob responds with his encryption key:
Alice Mallory ← [Bob's key] Bob
Mallory replaces Bob's key with her own, and relays this to Alice, claiming
that it is Bob's key: Alice ← [Mallory's key] Mallory Bob
Alice encrypts a message with what she believes to be Bob's key, thinking
that only Bob can read it:
Alice "Meet me at the bus stop!" [encrypted with Mallory's key]
→ Mallory Bob
However, because it was actually encrypted with Mallory's key, Mallory can
decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and
forward it to Bob :
Alice Mallory "Meet me at the van down by the river!" [encrypted with
Bob's key] → Bob
Bob thinks that this message is a secure communication from Alice.
Bob goes to the van down by the river and gets robbed by Mallory . 8
9. Brute-Force attack
A brute-force attack does not depend on the specific algorithm
but depends only on bit length of the hash value .
A cryptanalysis, in contrast, is an attack based on weaknesses in a
particular cryptographic algorithm.
PREIMAGE AND SECOND PREIMAGE ATTACKS
For a preimage or second preimage attack, an adversary wishes to
find a value such that H(y) is equal to a given hash value .The
brute-force method is to pick values of at random and try each
value until a collision occurs. For an -bit hash value, the level of
effort is proportional to Specifically, the adversary would have to
try, on average, values of y to find one that generates a given hash
value .
10. COLLISION RESISTANT ATTACKS
For a collision resistant attack, an adversary wishes to find two
messages or data blocks , x and , y that yield the same hash
function: . This turns out to require considerably less effort than a
preimage or second preimage attack. if we pick data blocks at
random, we can expect to find two data blocks with the same hash
value within attempts.
11. As with encryption algorithms, cryptanalytic attacks on hash
functions seek to exploit some property of the algorithm to perform
some attack other than an exhaustive search. The way to measure
the resistance of a hash algorithm to cryptanalysis is to compare its
strength to the effort required for a brute-force attack. That is, an
ideal hash algorithm will require a cryptanalytic effort greater than
or equal to the brute-force effort.
Cryptanalysis of hash functions focuses on the internal structure
of f and is based on attempts to find efficient techniques for
producing collisions for a single execution of f.
f consists of a series of rounds of processing, so that the attack
involves analysis of the pattern of bit changes from round to
round..
12. a timing attack is one in which information about the key or the plaintext
is obtained by observing how long it takes a given implementation to
perform decryptions on various cipher texts . A timing attack exploits the
fact that an encryption or decryption algorithm often takes slightly different
amounts of time on different inputs.
Timing attacks are applicable not just to RSA, but to other public-key
cryptography systems. This attack is alarming for two reasons: It comes from
a completely unexpected direction, and it is a ciphertext-only attack.
A timing attack guessing the combination of a safe by observing how long it
takes for someone to turn the dial from number to number.
Although the timing atta`ck is a serious threat, there are simple
countermeasures that can be used, including the following : ( fix or resistant )
• Constant exponentiation time: Ensure that all exponentiations take the
same amount of time before returning a result .
• Random delay: Better performance could be achieved by adding a random
delay to the exponentiation algorithm to confuse the timing attack.
• Blinding: Multiply the ciphertext by a random number before performing
Exponentiation .This process prevents the attacker from knowing what
ciphertext bits are being processed inside the computer and therefore
prevents the bit-by-bit analysis essential to the timing attack.
13. A brute-force attack on a MAC is a more difficult undertaking
than a brute-force attack on a hash function because it
requires known message-tag pairs.
The attacker would like to come up with the valid MAC code
for a given message, There are two lines of attack possible:
attack the key space and attack the MAC value .
If an attacker can determine the MAC key, then it is possible to
generate a valid MAC value for any input x .
At least one key is guaranteed to produce the correct tag,
namely, the valid key that was initially used to produce the
known text–tag pair.
the objective is to generate a valid tag for a given message or to
find a message that matches a given tag
14. As with encryption algorithms and hash functions,
cryptanalytic attacks on MAC algorithms seek to exploit
some property of the algorithm to perform some attack
other than an exhaustive search .
The way to measure the resistance of a MAC algorithm
to cryptanalysis is to compare its strength to the effort
required for a brute-force attack. That is, an ideal MAC
algorithm will require a cryptanalytic effort greater than
or equal to the brute-force effort , There is much more
variety in the structure of MACs than in hash functions,
15. might think a 64-bit hash is secure
birthday attack works thus:
given user prepared to sign a valid message x
opponent generates 2m/2 variations x’ of x,
all with essentially the same meaning, and
saves them
opponent generates 2m/2 variations y’ of a
desired fraudulent message y
two sets of messages are compared to find
pair with same hash (probability > 0.5 by
birthday paradox)
have user sign the valid message, then
substitute the forgery which will have a valid
signature
conclusion is that need to use larger MAC/hash
15
16. Square Attack was first proposed by Daemenetal. in as a
dedicated attack on block cipher SQUARE, a forerunner
of AES. It was shown to be applicable to AES as well.
This attack consists of choosing a special set of plaintexts
and studying its propagation through the block cipher.
The attack on AES is illustrated as follows:
Consider a set of 28 plaintexts in which the first byte
takes all possible 256 values and the remaining bytes take
any constant value that remains same throughout the set.
We call such a set of plaintexts as -set. The byte which
takes all possible 256 values is termed as the active byte.
Rest of the bytes are termed as passive bytes.
16
17. Key-only attack: attacker only knows user’s public key.
Known message attack: attacker is given access to a set of messages
and their signatures.
Generic chosen message attack: attacker chooses a list of messages
before attempting to breaks user’s signature scheme, independent of user’s
public key. The attacker then obtains from a user valid signatures for the
chosen messages . The attack is generic, because it does not depend on
user’s public key; the same attack is used against everyone.
Directed chosen message attack: Similar to the generic attack, except
that the list of messages to be signed is chosen after the attacker knows
user’s public key but before any signatures are seen.
Adaptive chosen message attack: attacker is allowed to use user as an
“oracle.” This means the user may request signatures of messages that
depend on previously obtained message–signature pairs.
18. 18
attackAlgorithm
Brute force , Mathematical attacks , Timing
attacks , Chosen ciphertext attacks
RSA
Differential and linear cryptanalysisDES
Meet-in-the -middle attackDouble DES
Man-in-the-Middle AttackDiffie-Hellman
Brute-Force attack , CryptanalysisHash function
Brute-Force attack , CryptanalysisMac
Key-only attack , Known message attack , Generic
chosen message attack , Directed chosen message
attack , Adaptive chosen message attack
Digital signature
Known-Plaintext AttackTriple DES
19. Finding the relationship between two
quantitative variables without being able
to infer causal relationships
Correlation is a statistical technique used to
determine the degree to which two
variables are related
19
20. Regression: technique concerned with
predicting some variables by knowing
others
The process of predicting variable Y using
variable X
Uses a variable (x) to predict some
outcome variable (y)
Tells you how values in y change as a
function of changes in values of x
20