Time
7 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
12

Video Transcription

00:01
Hey, guys, Welcome to another episode of the S S C P Exam Prep. I'm your host, Peter Civility.
00:08
This is going to be the fourth lesson.
00:11
Innocence Domain.
00:13
So far in the fifth domain, we've taken a look at some of the fundamental concepts of cryptography. We've taken a walk at symmetric encryption.
00:22
We've taken a look at asymmetric encryption. And now, finally, in this lesson, we're gonna look at methods on Krypton analytic attack. So we're gonna look at different ways. An attacker tries to break encryption using different out rooms,
00:38
glass get started,
00:41
any security system or product a subject to compromise or tax The following are a bunch of common attacks that the S s C P practitioner needs to be familiar with in case they are used against
00:56
ah system or some sort of thing in the organization. So the first is a chosen plain text attack.
01:03
This is where the attacker can choose our Viteri plain text and obtained the corresponding cipher text. So for with the chosen plain text, the attacker already knows what the encryption algorithm is and has plain text.
01:19
But what they don't have is the key. So in this case. They're trying to figure out what the key is by encrypting different plane texts on dhe, seeing what the result is in the cipher text.
01:33
Social engineering attack. This is manipulating individuals so they will divulge confidential information. This attack is usually the most successful, and it's also the most common. So this is where on attacker uses trickery where they pretend with
01:49
they are someone they're not in order to trick someone into
01:53
giving away sensitive information.
01:57
Bert Force Attack Trying all the possible keys until one has found that decrypt the cipher taxes a very straightforward attack. There is no there's nothing fancy about this attack. Just try a single combo and find one network's. This is possible through GP use a graphical processing units
02:17
Ah, which really have made the time it takes to go through all the possible keys.
02:23
Quite reasonable for many, many algorithms
02:28
differential crypt analysis. This is also known as a side channel attack. This study this attack uses the studies of differences in the input can affect the resulting difference at the output.
02:43
So this is where they check the exact execution times and the power required by the crypto device and they try to figure out, um what, what? That what the key might be or what? The hour of light
03:00
Linear crypt Analysis. This is a known plain text attack that uses linear approximations to describe the behavior off a block. Saiful. So if you have access to the plain text and the cipher text
03:13
and you keep converting different plane tax in the cipher text, you will be able to start to see bits of pieces, bits and pieces of information about the key that can be obtained and the Maur information Lauren. Eventually, you'll be able to figure out what the key is.
03:29
Outbreak the attack. This exploit vulnerabilities within the intrinsic algebraic structure of mathematical function.
03:38
Rainbow Table. This attack is really just a huge table off sorted hash outputs. So all the popular dictionary words on all of the commonly used passwords are hatched and the hashes are stored in a table. So later on an attacker,
03:54
where did you find if the hash of a password
03:58
he can compare it against the hash is he has to figure out if one of them is a match
04:04
cipher text only attack. This attack is where the Attackers assumed have access on Lee to a set of cipher text. This is one of the hardest attacks there is. That's difficult for the attacker in this attack. Because they have so little to work with. They only have a
04:23
bits and pieces of scrambled code, and they got out somehow
04:27
tried to put it back together.
04:30
Known plain text attack. This is where the Attackers assumed to have access to sets, of course, bonding, plain text and cipher text.
04:39
So now that they have the plain text in the cipher text, the goal of this attack is to find ah, what the algorithm they're using is what What kind of algorithm is converting the plain text into the cipher text? And better yet, what is the key that is being used
04:57
frequency analysis? This is used to identify weaknesses with encrypted systems by locating patterns in cipher text.
05:05
This works really well with other types of attacks. So just like in the English language, certain letters or used more frequently than others, don't let her such as E or s or Ah, I'm one of those things. Those letters you so often
05:25
it was a good chance of them being able to figure them out. If they are in a cipher text the same. It's the same thing here with
05:31
frequency analysis,
05:35
chosen cipher text. This attack is where the attacker choose the cipher text
05:40
and obtained this decryption under an unknown key.
05:45
This attack is similar to the chosen plane tax attack and that the attacker has access to the decryption device and software on it. It is, and they are trying to discover what the key is
05:58
birthday attack. This attack exploits the mathematics behind the birthday problem, which we looked at in the first lesson where there is a very high probability of people sharing the same birthday in a group of 23 people on this. The theory behind this attack is to try to force collisions
06:16
within
06:17
hashing functions to figure out what the hash might be, depending on what the point in Texas
06:26
dictionary attack. This encrypts all the words in the dictionary and see if the hash massive matches the password hash. This is very, very similar to a rainbow table, which we aren't discussed.
06:38
Replace Zack. This is when an attacker intercepts authentication information and replace the information became access to a security system. So this is when the hacker sits in between, um,
06:50
authentication system and kind of grabs or takes a look at the password.
06:58
Ah, that is going from the person who is identifying to the authentication server. And then they can re reuse that user name and password that they grabbed later on Thio River in order to pretend that they are the person that they originally took the credentials from
07:17
factory attacks. These were developed to break the RS a algorithm. He's trying to break down the very large prime numbers through factory
07:28
reverse engineering. This is the product that is reversed, engineered to find weaknesses in the system or gain information. So in order to reverse engineer, you can take an application. Or you can take some sort of, I guess, part of a system and look at the coat. Look at the code that built it
07:47
and try to figure out how the code works in order to modify it.
07:56
Implementation attacks. These are popular due to ease on system elements outside of the algorithm,
08:03
so side channel analysis. This focuses on things such as the time it takes for execution. How much power and processing is required. And the goal of this is to uncover ah sensitive data or to learn more about how the algorithm works.
08:20
Full analysis, this attempt to force the system into an air estate to gain error results. So if they forced the system into an air estate and might kick back saying, Hey, this is this is what the error is and that might lead some insight into what?
08:39
How the anger even works.
08:41
Probing attacks this attempt tow. Watch the circulatory
08:45
surrounding the cryptographic module on, hoping that new components will disclose information.
08:50
Additionally, new hardware may be added to cryptographic module to observe and inject any information.
09:01
In today's lecture, we discussed Kalman algorithm attacks.
09:05
It was time
09:07
an attacker has access to both the cipher, text and plain text versions of the same message.
09:13
The goal is to find the link.
09:16
What attack is this?
09:22
If you said seed known plain text attack, then you are correct. Remember with the known plain text the cipher Texas known on the plane Texas known on the goal is to figure out how they are related.
09:35
Thanks for watching guys. I hope you learned a lot in this video and I'll see you next time

Up Next

Systems Security Certified Professional (SSCP)

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Instructed By

Instructor Profile Image
Pete Cipolone
Cyber Security Analyst and Programmer
Instructor