Welcome to third session on Cryptography.
Let us have quick revision of previous class!
Revision from previous class:
- Types of Cryptosystems
- Symmetric key encryption
- Asymmetric key encryption
Session 1 Link – Cryptography: Basic Understanding
Session 2 Link- Cryptosystem and its types
This is the age of information. Internet is driven by lots of information. So it is very crucial for us to protect the information from leakages. Owner spends huge amount of money just to protect the information.
Awareness provokes safety.
We will discuss and understand the major Cryptographic attacks. If we know them then we will find way for the safety measures against cryptographic attacks.
Kerckhoff’s Principle of Cryptography
Auguste Kerckhoff was very notable Dutch cryptographer; he gave very imperative principle during 19th century. He mainly emphasized on protecting encryption key. The whole of the cryptosystem can be secure even if we keep things in public domain, except keeping key private. So he thought key is the major concern in securing information from cryptographic attacks.
Kerchkoff stated six cipher principles, which are listed as below:
- If not mathematically, Cryptosystem should be unreadable practically
- Cryptosystem does not require any security, it should be available in public domain
- Security matters only to key. It should be easily communicable, Modifiable and Memorable
- Cipher text should be open in such a way that it could be sent through telegraph
- Its apparatus should dependent to only single person so that it could become easily portable
- System should be easy to use so that anyone could get into it without any strain
Attacks can be categorized into two types:
- Active Attacks
- Passive Attacks
Active attacks includes changing the information though some kind of conditioning like Modifying the information, Illegal transmission of information, Changes in authentication process, Deletion of the information and through denial of services.
It causes very expensive attacks. Intruder attacks the system through intercepting cipher text. It does not give any physical harm to the information rather it steals the complete set of data. Owner might not be aware about the stealing of the information.
What is needed before any Cryptographic attacks occur?
This is rehearsal question for attacker. Attacker pre-plans everything before giving any kind of cryptographic attacks. Here is the listed environment that attacker sets up for themselves to finish cryptographic attacks:
Breaking the algorithms
Attacker has assumptions that they know public algorithms and they only have to break up private algorithm. Private algorithms mainly developed in-house so they are not much strong.
Hacking the ciphertext
Plain texts are converted into ciphertext through encryption. Ciphertexts are available in public domain, moreover, if transferred they will be transferred through email. So they have assumption that they can steal ciphertext.
Major Cryptographic Attacks
Ciphertexts are in public domain so Attackers are aware of public algorithm. They only need to know the private decryption key to extract plain text from ciphertext. They adopt maximum possible ways to get the decryption keys; here are the lists of methods they use-
Know plain text attack- Attacker knows some part of plain text. They use linear cryptanalysis process to recover the unknown parts of plain text from ciphertext.
Ciphertext only attack– Attackers know the set of ciphertexts. They find out encryption key to determine the corresponding plain text. Currently cryptosystem is highly secure against this attack.
Chosen plain text attack– Attackers have the pair of plaintext and ciphertext. They intrude the system to know the encryption key only. Differential cryptanalysis is the example of this type or attack.
Fault analysis attack– Attackers induces the errors in the system and based on their study they retrieve the information.
Brute force attack– It is very famous attack. In this attack, attacker tries all the possible set of combinations to decrypt the system. Total number of combination will be 2(Total no. of bit)
Birthday attack– In this attack, attacker finds a set of combinations out of the birth date using mathematical formula.
Dictionary attack– This attack is based on the experience. Most experienced attacker creates a dictionary of ciphertext and plain text. When he gets any cipher text then he can easily find out corresponding plain text by looking into his dictionary.