Chapter 2 - 08 - Understand Cryptographic Attacks - 01_ocred_fax_ocred.pdf

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Module Understand Information Security Attacks Describe Hacking Methodologies and Frameworks Flow Understand Social Engineering Attacks Understand Wireless Network- specific Attacks Understand Network-level Attacks Understand IoT, OT, and Cloud Attacks Understand Applicationlevel and OS-level Attacks Understand Cryptographic Attacks Understand Cryptographic Attacks Attackers may implement various cryptography attacks to evade the security of a cryptographic system by exploiting vulnerabilities in code, ciphers, cryptographic protocols, or key management schemes. This section discusses various cryptographic attacks such as brute-force attacks, side-channel attacks, hash collision attacks, and rainbow-table attacks. Module 02 Page 385 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Cryptography Attacks a Cryptography attacks are based on the assumption that the cryptanalyst has access to the encrypted information Attacker has access to the cipher text; the goal of this attack is to recover the encryption key from the ciphertext Attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions Attacker defines their own plaintext, feeds it into the cipher, and analyzes the resulting ciphertext Attacker can obtain ciphertexts encrypted under two different keys; this attack is useful if the attacker can obtain the plaintext and matching cipher text Attacker constructs a dictionary of plaintext along with its corresponding ciphertext that they have learnt over a certain period of time Copyright © by E cil Al Rights Reserved. Reproduction is Strictly Prohibited Cryptography Attacks (Cont’d) Known-plaintext v’ Attacker has knowledge of some part of the plain text; using this information, the Chosen-ciphertext v’ Attacker obtains plaintexts corresponding to an arbitrary set of ciphertexts of their Attack Attack key used to generate ciphertext is deduced to decipher other messages own choosing v’ Extraction of cryptographic secrets (e.g., the password to an encrypted file) from a person by coercion or torture Chosen-key Attack v/ Attacker usually breaks an n bit key cipher into 2 "/2 operations Timing Attack / Itis basec! op repeated_ly measuring the exact execution times of modular exponentiation operations BEbherNose Attacx Man-in-the-middle Attack - - v’ Attacker performs this attack on the public key cryptosystems where key exchange is required before communication takes place Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cryptography Attacks Attackers conduct cryptography attacks by assuming that the cryptanalyst has access to the encrypted information. A cryptography attack or cryptanalysis involves the study of various principles and methods of decrypting the ciphertext back to the plaintext without knowledge of the key. Module 02 Page 386 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 The various types of cryptography attacks are as follows: Ciphertext-only Attack Ciphertext-only is less effective but much more likely for the attacker. The attacker only has access to a but is also the plaintexts (or information at collection of ciphertexts. This is much more likely than known plaintext most difficult. The attack is completely successful if the corresponding even better, the key) can be deduced. The ability to obtain any all about the underlying plaintext is still considered a success. So what does the attacker do with the ciphertexts he/she has accumulated? You can analyze them for patterns, trying to find something that would give you a hint as to the key that was used to crack them. Often, the result of this attack is just a partial break and not a complete break. Adaptive Chosen-plaintext Attack In this type of attack, an attacker has complete access to the plaintext message including its encryption, and he/she can also modify the content of the message by making a series of interactive queries, choosing subsequent plaintext blocks based on the information from the previous encryption queries and functions. To perform this attack, an attacker needs to interact with the encryption device. Chosen-plaintext Attack A chosen plaintext attack is a highly effective type of cryptanalysis attack. In this attack, the attacker obtains the ciphertexts corresponding to a set of plaintexts of his/her own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key. Basically, since the attacker knows the plaintext and the resultant ciphertext, he/she gains many insights into the key used. This technique can be difficult but is not impossible. Related-Key Attack The related-key attack is similar to the chosen plaintext attack, except that the attacker can obtain ciphertexts encrypted under two different keys. This is actually a very useful attack if you can obtain the plaintext and matching ciphertext. The attack requires that the differing keys be closely related, e.g., in a wireless environment where subsequent keys might be derived from previous keys. Then, while the keys are different, they are close. Much like the ciphertext-only attack, this type of attack is most likely only going to yield a partial break. Dictionary Attack In this attack, the attacker constructs a dictionary of plaintext along with its corresponding ciphertext that he/she has analyzed and obtained for a certain period of time. After building the dictionary, if the attacker obtains the ciphertext, he/she uses the already built dictionary to find the corresponding plaintext. Attackers use this technique to decrypt keys, passwords, passphrases, and ciphertext. Module 02 Page 387 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Exam 212-82 Known-plaintext Attack In this attack, the only information available to the attacker is some plaintext blocks along with the corresponding ciphertext and algorithm used to encrypt and decrypt the text. Using this information, the key used to generate the ciphertext is deduced so as to decipher other messages. This attack works on block ciphers and is an example of linear cryptanalysis. The known plaintext blocks are generated using a series of intelligent guesses and logic, and not by accessing the plaintext over a channel. = Chosen-ciphertext Attack The attacker obtains the plaintexts corresponding to an arbitrary set of ciphertexts of his own choosing. Using this information, the attacker tries to recover the key used to encrypt the plaintext. To perform this attack, the attacker must have access to the communication channel between the sender and the receiver. There are two variants of this attack: = o Lunchtime or Midnight Attack: In this attack, the attacker can have access to the system for only a limited amount of time or can access only a few plaintextciphertext pairs. o Adaptive Chosen-ciphertext Attack: In this attack, the attacker selects a series of ciphertexts and then observes the resulting plaintext blocks. Rubber Hose Attack Attackers extract cryptographic secrets (e.g., the password to an encrypted file) from a person by coercion or torture. In general, people under pressure cannot maintain security, and they will reveal secrets or hidden information. Attackers torture victims to reveal secret keys or passwords used to encrypt the information. = Chosen-key Attack In this type of attack, larger system, which is bit key cipher into 2 "2 the system, and he can further attacks. * an attacker dependent operations. control the not only breaks a ciphertext but also breaks into a of that ciphertext. The attacker usually breaks an nOnce an attacker breaks the cipher, he gets access to whole system, access confidential data, and perform Timing Attack It is based on repeatedly measuring the exact execution times of modular exponentiation operations. The attacker tries to break the ciphertext by analyzing the time taken to execute the encryption and decryption algorithm for various inputs. In a computer, the time taken to execute a logical operation may vary based on the input given. An attacker tries to extract the plaintext by giving varying inputs. = Man-in-the-Middle Attack This attack is performed against a cryptographic protocol. Here, an attacker intercepts the communication Module 02 Page 388 between a client and a server and negotiates the cryptographic Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 parameters. Using this attack, an attacker can decrypt the encrypted content and obtain confidential information such as system passwords. An attacker can also inject commands that can modify the data in transit. The attacker usually performs an MITM attack on public-key cryptosystems where key exchange is required before communication takes place. Alternatively, attackers use downgrade attacks to perform an MITM attack. In the downgrade attack, attackers force the server to use unsecure protocols based on older encryption algorithms with weak ciphers and small key lengths. Using this technique, attackers also forge digital signatures on digital certificates and make the victim believe that they are communicating with a legitimate entity. Module 02 Page 389 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Chapter 2 - 08 - Understand Cryptographic Attacks - 01_ocred_fax_ocred.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue