This document outlines various cryptographic and network attacks including frequency analysis, brute force attacks, meet-in-the-middle attacks, birthday attacks, replay attacks, man-in-the-middle attacks, and denial-of-service attacks. It provides details on how each attack works and potential defenses against attacks like using authentication, random session tokens, and timestamping.

1. BK
TP.HCM
Outline
Cryptographic Attacks
▫ Frequency analysis
▫ Brute force attack
▫ Meet-in-the-middle attack
▫ Birthday attack
Network Attacks
▫ Replay attack
▫ Man-in-the-middle attack
▫ Denial-of-service attack

2. BK
TP.HCM
Frequency analysis
Frequency
analysis is the
study of the
frequency of letters
or groups of letters
in a ciphertext. The
method is used as
an aid to breaking
classical ciphers.

3. BK
TP.HCM
Brute force attack
brute force attack is a strategy used to break the
encryption of data. It involves traversing the search
space of possible keys until the correct key is found.
The amount of time required to break a 128-bit key is
also daunting. Each of the 2128
possibilities must be
checked. A device that could check a billion billion keys
(1018
) per second would still require about 1013
years to
exhaust the key space.
This is a thousand times longer than the age of the
universe, which is about 13,000,000,000 (1.3×1010
)
years.

4. BK
TP.HCM
Meet-in-the-middle attack (1/3)
for small x, we have (1 x) ex
.for small x, we have (1 x)
ex
.
for small x, we have (1 x)
ex
.
The attack works by encrypting from one end
and decrypting from the other end, thus meeting
in the middle.
Assume the attacker knows a set of plaintext
and ciphertext: P and C. That is:

5. BK
TP.HCM
Meet-in-the-middle attack (2/3)
for small x, we have (1 x) ex
.for small x, we have (1 x)
ex
.
for small x, we have (1 x)
ex
.
The attacker can then compute EK(P) for all
possible keys K and store the results in memory.
Afterwards he can decrypt the ciphertext by
computing DK(C) for each K.
Any matches between these two resulting sets
are likely to reveal the correct keys. (To speed
up the comparison, the EK(P) set is stored in an
in-memory lookup table, then each DK(C) can be
matched against the values in the lookup table
to find the candidate keys.)

6. BK
TP.HCM
Meet-in-the-middle attack (3/3)
for small x, we have (1 x) ex
.for small x, we have (1 x)
ex
.
for small x, we have (1 x)
ex
.
Once the matches are discovered, they can be
verified with a second test-set of plaintext and
ciphertext. If the keysize is n, this attack uses
only 2n + 1
encryptions (and O(2n
) space) in
contrast to the naive attack, which needs 22n
encryptions (but only O(1) space).

7. BK
TP.HCM
Birthday attack (1/6)
exploits the mathematics behind the birthday problem in
probability theory.
What is the minimum value of k such that the probability
is greater than 0.5 that at least two people in a group of
k people have the same birthday?
P(n, k) = Pr[at least one duplicate in k items, with each
item able to take on one of n equally likely values
between 1 and n]
we are looking for the smallest value of k such that
P(365, k) 0.5

8. BK
TP.HCM
Birthday attack (2/6)
the probability that there are no duplicates,
which we designate as Q(365, k)
the number of different ways is:

9. BK
TP.HCM
Birthday attack (3/6)
P(365, 23) = 0.5073. For k = 100, the probability
of at least one duplicate is 0.9999997.

10. BK
TP.HCM
Birthday attack (4/6)
for small x, we have
(1 - x) ≅ ex
.

11. BK
TP.HCM
Birthday attack (5/6)

12. BK
TP.HCM
Birthday attack (6/6)
What value of k is required such that P(n, k)
0.5? To satisfy the requirement, we have:
For large k, we can replace k x (k -1) by k2
, and
we get
As a reality check, for n = 365, we get
which is very close to the
correct answer of 23.

13. BK
TP.HCM
Replay attack (1/2)
Use a simple method of exploiting a captured packet or
packets, and resend that traffic to cause unexpected
results.
Suppose Alice wants to prove her identity to Bob. Bob
requests her password as proof of identity, which Alice
dutifully provides (possibly after some transformation like
a hash function); meanwhile, Mallory is eavesdropping
the conversation and keeps the password. After the
interchange is over, Mallory connects to Bob posing as
Alice; when asked for a proof of identity, Mallory sends
Alice's password read from the last session, which Bob
accepts.

14. BK
TP.HCM
Replay attack (2/2)
A way to avoid replay attacks is using session tokens,
session tokens should be chosen by a (pseudo-) random
process.
Timestamping is another way of preventing a replay
attack. The advantage of this scheme is that does not
need to generate (pseudo-) random numbers.

15. BK
TP.HCM
Man-in-the-middle attack
The man-in-the middle attack intercepts a communication between
two systems
Once the TCP connection is intercepted, the attacker acts as a proxy,
being able to read, insert and modify the data in the intercepted
communication.
Various defenses against MITM attacks use authentication technique
that are based on PKI (Public Key Infrastructure)

16. BK
TP.HCM
Denial-of-service attack
DoS attack or DDoS is an
attempt to make a computer
resource unavailable to its
intended users.
Methods of attack
▫ ICMP flood
▫ Teardrop Attacks
▫ Peer-to-peer attacks
▫ …