Attacks on Cryptography

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Let's talk about some of the attacks that are designed
00:00
to break the protection that cryptography adds.
00:00
We're going to cover these specific attacks,
00:00
and these attacks are just
00:00
>> on the cryptographic elements.
00:00
>> There are million other attacks out there but here,
00:00
we're looking at breaking the privacy, authenticity,
00:00
integrity, non-repudiation elements that are added.
00:00
The first type of attack is
00:00
called a ciphertext only attack,
00:00
and so in this instance these
00:00
are the most common because basically
00:00
what this means is that the data is encrypted,
00:00
the attacker has captured encrypted data.
00:00
Now, they want to break the encrypted data
00:00
>> and so basically what they're going to have to do
00:00
>> is do a brute force attack.
00:00
>> They don't have any additional information,
00:00
nothing's going to help them.
00:00
They just have encrypted data and good luck,
00:00
brute force, trial these different combinations,
00:00
>> do what they can.
00:00
>> Now, one of the things to
00:00
know is that the more the attacker knows
00:00
>> about what exists in plain text and encrypted text,
00:00
>> the closer they are to breaking the algorithm.
00:00
The next attack, a known plain text attack,
00:00
assumes the attacker knows,
00:00
has captured the text in encrypted format
00:00
but he also knows
00:00
some elements of that text in a plain text.
00:00
For instance,
00:00
>> how many of you have an automatic signature?
00:00
>> Well, that automatic signature doesn't change.
00:00
Every single message,
00:00
your messages are signed the same way.
00:00
An attacker that captures your message,
00:00
they may have no idea what the content is,
00:00
but they know what your message
00:00
>> or they may know
00:00
>> what your message looks like in plain text,
00:00
>> and then they can see what it looks like in
00:00
an encryption or once it's been encrypted.
00:00
Being able to compare the two,
00:00
may give an attacker an indication
00:00
of what the algorithm does and if you'll remember,
00:00
this is what the Allies used to crack
00:00
>> the Enigma machine.
00:00
>> If you'll remember, the Allies
00:00
were able to determine that all the messages
00:00
>> that were encrypted with the Enigma machines
00:00
>> sent to soldiers on the field,
00:00
they all began with the day's date
00:00
>> and they all ended with the phrase Hail Hitler.
00:00
>> Even though the messages they captured,
00:00
they saw encrypted text,
00:00
they knew what the first entry of the message was,
00:00
and they knew what the last one was
00:00
and they were able to build out from there
00:00
>> and start to see the relationship from day to day,
00:00
>> how the same information looked.
00:00
So if you just have a little portion of information,
00:00
you can build outwards
00:00
>> and start working on breaking the cryptosystem.
00:00
>> It's a lot more than just trying to decipher
00:00
>> or to decode a specific piece of text.
00:00
>> Here, we're talking about breaking the cryptosystem.
00:00
I'm talking about being abl
00:00
>> to decrypt anything that you encrypt.
00:00
>> Now, thin text attack
00:00
doesn't mean it's going to be easy,
00:00
doesn't mean I'll be successful,
00:00
but I'm further along than I am
00:00
with just a ciphertext attack.
00:00
Now, a chosen plain text attack,
00:00
let's say that I
00:00
socially engineer a relationship with you.
00:00
We've sent a couple of emails
00:00
back and forth, you know me,
00:00
we've established a professional kind
00:00
of friendly relationship and I say,
00:00
"Hey look, I'm going to send you some information,
00:00
I'd like you to email it to your team.
00:00
Make sure it's encrypted though,
00:00
>> because it's sensitive."
00:00
>> Now, I've created that information
00:00
>> I want you to forward to your team.
00:00
>> I've been very purposeful in how it's been created.
00:00
I've chosen my words, my characters,
00:00
repetition of characters, very specific.
00:00
Because it comes from me,
00:00
I know the contents in plain text,
00:00
and then you send it out to your team members
00:00
and I capture that encrypted on the network.
00:00
So I know what the contents
00:00
of the text are in plain text.
00:00
I know what they are encrypted with your cryptosystem.
00:00
Now, can I compare the two
00:00
>> and figure out what the process
00:00
>> is that took my plain text to encrypted text?
00:00
More likely to be successful.
00:00
Again, this is still very high-end,
00:00
sophisticated types of attacks.
00:00
Doesn't mean we're going to be successful,
00:00
but we're getting closer.
00:00
Now ultimately, what led to us being able
00:00
to crack the cryptography
00:00
>> if the Enigma machine was, we captured one
00:00
>> and we could see anything in plain text
00:00
>> and then we could see what it would spit out,
00:00
>> how it would spit out the encrypted text.
00:00
I've compromised the system.
00:00
Sometimes, this attack is called
00:00
>> a lunchtime or midnight attack because
00:00
>> the easiest way to get somebody's computer
00:00
is to yell free pizza in the lobby.
00:00
Or "Hey, everybody,
00:00
let's go home for the night."
00:00
I've gotten access to somebody's workstation
00:00
or somebody's system that's
00:00
using the encryption mechanism.
00:00
Those are four main attacks on cryptography,
00:00
just general attacks on figuring out
00:00
>> what the cryptosystem is and what it does.
00:00
>> Then there's a last attack
00:00
that I think could come up on the exam,
00:00
called the meet in the middle attack.
00:00
Now you'll hear of man in
00:00
the middle attacks, this is different.
00:00
Meet in the middle attacks are targeted towards
00:00
specific algorithms that use multiple keys.
00:00
One of those algorithms is triple DES,
00:00
and we really didn't talk about triple DES
00:00
>> but triple DES
00:00
>> and DES was a 56-bit algorithm
00:00
or an algorithm that used a 56-bit key for encryption,
00:00
while triple DES uses 56-bit key to encrypt data
00:00
>> and it uses another 56-bit key to encrypt,
00:00
>> and then another 56-bit key to encrypt.
00:00
This meet in the middle attack says,
00:00
let's encrypt with Key 1
00:00
and then let's encrypt with Key 2,
00:00
and let's see what the differences are.
00:00
Now let's encrypt with Key 3.
00:00
Because we have these three different keys,
00:00
can we determine the differences
00:00
>> between Key 1, Key 2, and Key 3?
00:00
>> Can that lead us to determine
00:00
>> how to break the algorithm?
00:00
>> These are just some common attacks on
00:00
the cryptography itself,
00:00
and the mathematical tools
00:00
>> that we use to protect our data.
00:00
>> We looked at the attacks
00:00
of the chosen plain text, chosen ciphertext.
00:00
We talked about known plain text attacks.
00:00
We also talked about meet in the middle.
Up Next