Skip to content

Cryptanalysis

Cryptanalysis

As we went along to trace the timeline of cryptography, with all its important developments and its outstanding characteristics, on how codes created even with the latest technological means can be dismantled over time. From the momentous decipherment of the Enigma codes, to the papers published revealing the vulnerabilities of encryption systems that are being used today, we know the ongoing battle between the cryptographers and their adversaries. In fact, the practice of breaking codes is an integral part of cryptography itself. As they say, necessity is the mother of invention. As adversaries go on to break codes, the need for stronger, more modern ones is made apparent. This is how cryptography evolved to its current state. The sub-discipline of cryptography that deals with the decipherment of codes from an adversarial vantage point is, as we have mentioned, called “Cryptanalysis”. It is a task that is mostly considered to be many times more tedious than the act of encrypting the plaintext. But thanks to idealized representations posed by the media, everyone seems to think that cryptanalysis is an all-powerful discipline that can break any ciphertext in its way.

Read: Cybersecurity – A Competitive Advantage to Your Company

There is one encryption method that is completely immune from all types of adversarial decryption even by the most talented and persistent cryptanalysts (provided that the requisite conditions for the code’s invulnerability are met) – the “One-Time Pad”. This invincibility has been established by Claude Shannon at Bell Labs, during World War II. But this is an outstanding case, as a majority of all existing ciphers can be broken given enough effort poured into a Brute-Force Attack. The only thing these codes could rely on to be “technically safe” is the establishment of the fact that the solution to the breaking of the key can only be obtained via an amount of work that would be impossible or infeasible for any known adversary. It is to be remembered that the effort that is needed to crack the code would ideally be exponentially dependent on the size of the key itself. No method aside from a time- and resource-intensive brute-force attack should be able to break any good modern cipher.

There is a wide variety of known cryptanalytic attacks, all classified in different ways. Distinctions are made based on what the adversary knows about the system and what capabilities are known to him.

Read: History of Cryptography Analysis & Decoding In The Early-Modern Era

Ciphertext Only Attack (COA)

These types of attacks are made by an adversary if he only has access to a set of ciphertexts. These are usually seen when encoded messages are intercepted, and one cannot obtain a copy of the key. Such an attack would be gauged to be successful when the messages hidden behind the code can be deduced, or, even better, the key to the code itself. When cryptographers employ a strategy known as traffic-flow security in which one sends a continuous flow of messages, it is also useful for any adversary to be able to distinguish any null transmissions.

In history, most early ciphers made without the use of electromechanical aids were routinely cracked using the encrypted messages alone. Primitive techniques such as frequency analysis were particularly useful (in literature, this was memorably portrayed in the Sherlock Holmes short story, “The Dancing Men”). In fact, even the cracking of the Enigma done by the Polish during the War was facilitated by doing ciphertext-only analysis, exploiting a certain protocol that indicated the settings of the machines.

However, each modern cipher that has been created attempts to provide protection against these types of activities. Extensive testing of any produced ciphertext is being undertaken to see if there is any type of statistical departure that will indicate the contents of a message – at best, the ciphertext should resemble random noise. The previously defined subset of steganography also evolved such techniques as mimic functions, allowing one piece of encrypted data to camouflage into the statistical profile of another.

One existing issue in this field is when corporations employ “homemade” algorithms that have not been subjected to thorough studies, resulting in modern systems that are still vulnerable to different types of ciphertext-only attacks. these include early versions of Microsoft’s Virtual Private Network, Wired Equivalent Privacy (WEP, the first encryption protocol for Wi-Fi), and ciphers whose key spaces are so small that a brute-force attack can be made from ciphertexts alone.

Known Plaintext Attack (KPA)

This technique is utilized when an adversary is able to obtain access to both the plaintext version of a message and it encrypted format. The plaintext is colloquially termed as “crib’, originating (like, as we have seen, most cyptographical concepts of the modern times) from the Allied decryption efforts of World War II.

The idea behind this type of attack is very simple. Cryptographers may be looking at an incomprehensible cipher, into which they may begin a ciphertext-only offense. However, if they have a piece of untranslated text that they know are included in the cryptograph they are studying, then this could be used as a “wedge”, a test or tool used to test the cipher. Random attacks on the code may be made until the obtained words or phrases are revealed, and then they would use the successful decryption algorithm on the rest of the text.

Again, we would use examples taken from the successful Enigma decryption. A good example of cribs appeared in German reports that told of the weather situation in a specific place, making the word Wetter (German for “weather”) appear in a set place in any document. Another German officer of the Africa Corps consistently sent the same message over and over – “Nothing to report”. Standard salutations and introductions were also noted. Despite the efforts of the German High Command to keep unencrypted texts out of Allied reach, such patterns allowed for the cracking of the German code.

Chosen Plaintext Attack (CPA)

An adversary may also choose to get certain arbitrary plaintexts to be run through an encrypting algorithm. The goal is to obtain something similar to the ciphertext in question. Normally, these attacks are made in order to reveal further information about the cryptographic scheme that is being used, but in an ideal scenario, this method may be able to reveal the secret key of the code itself. For some types of this technique, only a small portion of any obtained plaintext may be chosen by the attacker. This kind of technique is known as “plaintext injection” attack. A variation of this particularly helpful in warfare is called “gardening” – a term coined by the British in (again) World War II. This refers to forcing the enemy to put certain words in their transmissions so that the adversaries can use them as wedges. For example, German forces may transmit about an area mined by British troops, using the word Minen (German for “mine”) and the mines’ location.

While it may be difficult to think of a cryptanalyst working with a cryptographer to encode random messages via a different algorithms (a wild hit-or-miss strategy), modern technology has made it very feasible. These attacks have proved to be effective especially against public-key cryptography, where one key is public and the adversaries can use it to encode any text they wish.

There are two general types of chosen plaintext attack. The first one is the “batch” method which is a rougher form of the technique, utilizing a full chosen plaintext to be encrypted. The second strategy is the “adaptive” system, where the plaintext encrypted is only selected after studying the data from previous encryption attempts.

Ciphers that are immune against chosen plaintext cracking are also immune against the two previous techniques.

Chosen-Ciphertext Attack (CCA)

This technique is used by cryptanalysts who obtain a certain portion of the enemy’s ciphertext and decrypting it under a certain unknown key. An adversary may wish to decrypt these ciphertexts and obtain the resulting plaintexts, possibly obtaining the key in the process.

This type of attack is special as certain encryption methods that are otherwise secure can be defeated in this technique. For example, the Elgamal system that can remain secure under the chosen-plaintext approach, but not so when CCA is employed. A type of Adaptive Chosen-Ciphertext Attack can reveal keys used in SSL (Secure Socket Layer, an early Internet security cryptographic protocol). Smart cards (such as SIM cards) may also be vulnerable to this type of adversarial move.

Aside from the Adaptive Chosen-Ciphertext Attack (which allowed for the decryption of certain ciphertexts and the adoption of the resulting plaintext for future ciphertexts), a CCA type known as “Lunchtime”, “Midnight”, or “Indifferent” attack also exists. This is when an adversary attempts to use adaptive chosen-ciphertext queries for some time only, and then an improved ability to break through the system is displayed. The name was obtained from the idea that the decrypting computer would be available to the attacker when unattended by its user.

Systems that have been proved to be secure against CCA attacks include the afore-discussed Cramer-Shoup encryption technique and the RSA algorithm padded with OAEP (Optimal Asymmetric Encryption Padding) scheme.

Side Channel Attacks

While the previous techniques that we have discussed are used to exploit the weaknesses in the algorithms, there are also those that exploit the weaknesses of the real devices that use the encryption methods (though these methods are not considered by others as technically part of cryptanalysis). These weaknesses include reading fluctuations in the timing, power consumption (such as the case of Differential Power Analysis – statistically analyzing the power consumption evident in a system’s processors), sound and electromagnetic leaks.

Some of these attacks require that the adversary knows the system he is working on for the most part. A majority of these types of attacks are based on statistical models.

Others may classify the process of obtaining cryptographic information about a system through deception, coercion, and other similar activities as side channel attacks. These are more aptly placed in the realm of social engineering and in another subset of cryptography known as “Rubber Hose Cryptanalysis”, which deals with coercion and torture among others, in order to extract secrets.

Another interesting type of side channel attacks is the “Data Remanence” technique, in which one studies the remnants of a supposedly deleted piece of information. These remnants may remain due to several reasons, which an adversary can take advantage of. For example, a recovered CD may contain cryptographic secrets but had previously been reformatted without thoroughly removing previous recorded data. This would allow the holder of the CD to extract the valuable information.
The rise of “Software-as-a-Service” (SaaS) and Web 2.0 applications have increased the possibility of adversaries taking advantage of side-channel methods in order to break in, despite secured and encrypted transmissions.

Countermeasures against these types of cracking attempts require a system to either reduce the occurrence of such remnants or to reduce the statistical relations of such remnants to the actual secret data.

Traffic Analysis

Sometimes, even the simple undecrypted messages as they are can contain valuable information about the data it contains, if studied correctly. This type is mostly seen in military intelligence gathering, where frequent messages sent by an enemy may denote the planning stage of a certain plot. At the same time, short and random communications can denote negotiations, and silence can mean either lack of activity or the completion of a plan.

These analyses can also denote who is in charge, which enemy stations are active, as well as movement of enemy forces. Call signs may also be interpreted, which can result to valuable information being acquired.

Security against this approach will entail changing of call signs frequently as well as the sending of dummy traffic, causing the system to be busy at any given time. Even addresses should be encrypted whenever traffic is being sent out, and sending out a continuous encrypted signal done even when no traffic is being transmitted (also called “link encryption” or “masking”).

Social Engineering

Social Engineering

If algorithms and equipment can be broken in order to obtain valuable cryptographic information, so the same can be done with people. In fact, an entire subset of cryptography intersects the realm of social engineering, the act of manipulating people in such a way as to have them divulge confidential information.

There are several different techniques available to a cryptanalyst wishing to use this approach, among them bribery, baiting, phishing, extortion, and blackmail. In fact, some who are experts in the field have said that it would be much easier and would require less effort to obtain the password off of someone than to actually spend time hacking into the system.

Read: Who Is Responsible for Cybersecurity Concerns at Your Company?

nv-author-image

Era Innovator

Era Innovator is a growing Technical Information Provider and a Web and App development company in India that offers clients ceaseless experience. Here you can find all the latest Tech related content which will help you in your daily needs.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.