StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Attacking Cryptography - Essay Example

Cite this document
Summary
The paper "Attacking Cryptography" highlights that generally, for attacking Alice’s workstation that is maintaining encrypted passwords via an open-source tool, Charlie can deploy and execute various attack methods as discussed in the body of the paper. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.7% of users find it useful
Attacking Cryptography
Read Text Preview

Extract of sample "Attacking Cryptography"

? Full Paper Table of Contents Attacking Cryptography …………………………………… Page 3- 6 Conclusion …………………………………… Page 6-7 References …………………………………… Page 7 Glossary of Terms …………………………………… Page 8 Attacking Cryptography The reason for using an open source operating systems is to customize and select appropriate technology that was set to default. In this rapidly changing digital world of advanced hackers, new prevention techniques are invented for maximum prevention along with minimizing risks. One cannot predict that the blowfish encryption algorithm will also be replaced by the new and more secure algorithm known as (Anonymous2007, 500-500) two fish that will also be replaced at some period of this information age. Security requires constant and periodic changes to pace up and counter the threats that are ever increasing. Similarly, cryptography also goes with the same approach of upgrading new state of the art encryption algorithms one after another and from safe to the safest, so that it cannot be cracked. Lastly, the future concerns for blow fish encryption algorithm are associated with minimizing the use of S boxes along with less iterative processes along with sub key calculation on the fly. Two fish that is considered to be the next state of the art encryption algorithm after blow fish will be considered as AES final with 128 bit block size and can handle more operations. Two fish incorporates a 16 round structure with additional options for inputs and outputs, as the plain text is converted in to 32 bit words. The inputs incorporates four key words followed by sixteen rounds and each round, two words on the left are utilized as inputs to the function donated by ‘g’ (Stinson and Tavares ). The tool utilized in this scenario is ‘keepass’ that is an open source tool for storing all the passwords in a database that is encrypted (Popov). The database can also be encrypted by blow fish (Anonymous2007, 71-71), as it incorporates no weak keys and the design is simple and understandable that supports analysis, algorithm integrity and repeatable block ciphers (Anderson. n.d). Likewise, block ciphers are 64 bits in length with variable length keys. S-boxes are dependent on large keys that are more resilient to cryptanalysis (Anderson. n.d). Moreover, permutations are key dependent with a support of diverse operations associated with mathematics that is integrated with XOR and addition (Anderson). For attacking the encrypted files, Charlie can use many attack methods for retrieving the password files stored in the database maintained by ‘keepass’. The plaintext and cipher text methods of attacks incorporates a cryptanalyst that has an access to plaintext and the conforming cipher text and pursues to find association in between the two. Whereas, a cipher text is associated with an attack in which cryptanalyst is accessible to cipher text and do not have access to conforming plaintext. Charlie can use generic ciphers such as Caesar, frequency analysis for cracking the cipher on Alice’s workstation. Moreover, Charlie can also use a plaintext and chosen cipher text attack for retrieving the passwords. This type of attack incorporates a cryptanalyst that is capable of encrypting a plaintext of choice and examines the results of cipher text. This type of attack is most generic for asymmetric cryptography, as Charlie can gain public key via cryptanalyst. Charlie can also choose cipher text attack that incorporates a cryptanalyst selecting a cipher text that seeks for a similar plaintext. Charlie can decrypt oracle that is a machine for decrypting data without exposure of key. Moreover, Charlie can also execute the attack on public key encryption, as it initiate with a cipher text and seeks for similar matched plaintext data available publically. Charlie can also utilize adaptive attacks (Krawczyk), as these attacks incorporate a cryptanalyst that selects plaintext or cipher text on the basis of previous results. Side channel attacks can also be utilized for data available in Alice’s workstation. These types of attacks extracts information associated with the physical deployment of cryptographic algorithm along with the hardware utilized for encrypting or decrypting data. These cryptographic methods mentioned earlier presume that access to plain text and cipher text is available to cryptanalyst and often to both types of data along with a possibility of cryptographic algorithms. Moreover, a side channel attack initiated by Charlie expands its scope such as CPU cycles utilize or time taken for calculation, voltage utilization etc. as Bruce Schneier wrote: “Some researchers have claimed that this is cheating. True, but in real-world systems, attackers cheat. Their job is to recover the key, not to follow some rules of conduct. Prudent engineers of secure systems anticipate this and adapt to it.” (Conrad, Misenar, and Feldman). Apart from this attack, Charlie can also use network based attacks against Open SSL, as it utilizes two types of multiplications.one of them is called as Karatsuba that is used for words having the characteristics of equal size along with multiplication of those words that are not equal in size. (Yazici and Sener) Karatsuba is robust as the variation is speed can be validated by utilizing SSL TCP/IP data connection, however, information can be hacked by an hacker by using this type of multiplication methodology. For instance, a research team located at Stanford initiated a side channel timing attack for recovering the 1Mega Bit RSA key located on OpenSSL server. Likewise, the researchers utilized two hours and one million queries for the attack. Charlie can utilize brute force attack that will try to retrieve every reachable key in a systematic manner. Likewise, this type of attack is associated with plain text or cipher text type of attacks. Charlie can attack Alice’s workstation by a 4 bit key. Charlie will allocate a limited length of key along with adequate time for a successful brute force attack. Likewise, encryption algorithms may become vulnerable to brute force attacks as the time passes by because CPU utilization increases. A single DES encryption incorporates an effective length key comprising of 56 bits, as the key can be cracked within two or three days by utilizing dedicated hardware components such as Electronic Frontier Foundation’s Deep Crack (Schneider). Charlie will not be able to crack a 168 bit key in the similar fashion because it incorporates Advanced Encryption Standards. Charlie must ensure when the success of brute force attack on only cipher text is accomplished. One of the examples of a brute force attack is demonstrated in Fig 1.1. Figure 1.1 Source: (Anonymous) Charlie can use yet another type of attack for retrieving encrypted passwords available on Alice’s workstation. Man in the middle attack can be executed by Charlie for attacking algorithms that are utilized for multiples keys associated with encryption. One of examples incorporates a successful man in the middle attack against double DES. For augmenting the solidity of 56 bit DES, double DES was suggested. As man in the middle attack is associated with plain text attacks, the cryptanalyst has accessibility to plaintext and the output cipher text (Paar, Jan Pelzl, and Preneel). One of the examples incorporates plaintext is ‘passwords’ and the double DES cipher text is named as ‘ABC’. The primary objective of cryptanalyst is to retrieve two keys i.e. Key 1 and Key 2 that were utilized for encryption. Charlie will first initiate a brute force attack on Key 1 by utilizing all 256 single DES keys for encrypting the plaintext of ‘passwords’ and stores all intermediate outputs of cipher texts and every key in a table. Secondly, Charlie will impose Key 2 and decrypts ‘ABC’ for 256 times. During the process of decrypting the intermediate cipher text available in the table for the second brute force attack, objective is accomplished and both keys are now visible to the cryptanalyst. Charlie was able to attack 256 attempts to retrieve the passwords. Conclusion For attacking Alice’s workstation that is maintaining encrypted passwords via an open source tool, Charlie can deploy and execute various attack methods as discussed in the body of the paper. Some of the attack methods discussed incorporates Meet-in-the-Middle Attack, Brute Force Attacks, Side Channel Attacks, Adaptive Chosen Plaintext and Adaptive Chosen Cipher text Attacks, Chosen Plaintext and Chosen Cipher text Attacks and Known Plaintext and Cipher text-Only Attacks. Bibliography Anderson, Ross. Fast Software Encryption: Cambridge Security Workshop, Cambridge, U. K., December 9-11, 1993: Proceedings Berlin ; Springer-Verlag, c1994. "Blowfish." 2007.Network Dictionary: 71-71. Conrad, Eric, Seth Misenar, and Joshua Feldman. CISSP Study Guide Syngress. Krawczyk, Hugo. Advances in Cryptology - CRYPTO '98: 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23-27, 1998, Proceedings (Lecture Notes in Computer Science) Springer. Popov, Dmitri. Hands on Open Source Lulu.com. Paar, Christof, Jan Pelzl, and Bart Preneel. Understanding Cryptography: A Textbook for Students and Practitioners Springer. Stinson, Douglas R. and Stafford Tavares. Selected Areas in Cryptograpy: 7th Annual International Workshop, SAC 2000, Waterloo, Ontario, Canada, August 14-15, 2000: Proceedings Berlin ; Springer, 2001. Schneider, Gary P. Electronic Commerce Course Technology. "Twofish." 2007.Network Dictionary: 500-500. Yazici, Adnan and Cevat Sener. Computer and Information Sciences -- ISCIS 2003: 18th International Symposium, Antalya, Turkey, November 3-5, 2003, Proceedings (Lecture Notes in Computer Science) Springer. Images "Complete Hacker's Handbook: Chapter Eight " , accessed 7/20/2012, 2012, http://www.telefonica.net/web2/vailankanni/HHB/HHB_CH08.htm. Glossary DES Digital Encryption Standards AES Advanced Encryption Standards CPU Central Processing Unit RSA Ron Rivest, Adi Shamir, and Leonard Adleman Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“IT - Attacking Cryptography Essay Example | Topics and Well Written Essays - 1250 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1454720-attacking-cryptography
(IT - Attacking Cryptography Essay Example | Topics and Well Written Essays - 1250 Words)
https://studentshare.org/information-technology/1454720-attacking-cryptography.
“IT - Attacking Cryptography Essay Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/information-technology/1454720-attacking-cryptography.
  • Cited: 0 times

CHECK THESE SAMPLES OF Attacking Cryptography

Attacking Cryptography Computer Security

This report "Attacking Cryptography Computer Security" discusses computer operating systems that use various data protection methods to prevent any form of malware and spyware from getting access to the data stored into a computer or a computer network.... Operating Systems store information about commonly used programs and through the network, programs such as KeePass can read encrypted files, posing a serious attack to cryptography as a data protection technique....
6 Pages (1500 words) Report

Cryptography Secure Socket Layer

Full Paper Title Name University Table of Contents cryptography …………………………………… Page 3- 6 Conclusion …………………………………… Page 6-7 References …………………………………… Page 7 Glossary of Terms …………………………………… Page 8 cryptography Secure Socket Layer v3 The reason for using an open source operating systems is to customize and select appropriate technology that was set to default....
4 Pages (1000 words) Research Paper

(DRE) voting systems

The device running the vote collection, also known as, the Diebold voting terminal, the ballot definition and voter cards, key parts of the election process are all susceptible to manipulation by measures such as exploiting the lack of cryptography, reverse engineering smartcard protocol, casting multiple votes by the use of several active smart cards and circumventing the administrator pin.... These were in shape of two main vectors for accessing and attacking the voting system's data; first by physical access to the device storing the data and second via man-in-the-middle attacks as the data is transported over some network....
1 Pages (250 words) Book Report/Review

Robot Network as a Specific Network or Server

Similarly, cryptography also goes with the same approach of upgrading the new state of the art encryption algorithms one after another and from safe to the safest, so that it cannot be cracked.... The focus of this paper "Robot Network as a Specific Network or Server" is on the reason for using an open-source operating system....
8 Pages (2000 words) Assignment

Framework and Assumptions for Creation of Information Security System

The paper "Framework and Assumptions for Creation of Information Security System" discusses that before understanding the concepts of online system security, it is necessary to attain a detailed understanding regarding the type of security breaches that might occur in the present information network....
13 Pages (3250 words) Coursework

Public Key Infrastructure in Information Security

These hacking tactics are usually easy to apply when attacking non encrypted networks.... For example, use of hard-copy files in keeping client information by financial institutions is no longer practical today.... Most organizations keep their data and information.... ... ... In addition, access, utilization and sharing of the digitized information takes place through secure servers....
4 Pages (1000 words) Case Study

Security via Technology, Public-Key Cryptography

Therefore, public key cryptography as well as associated standards and procedures are basics of the security features of numerous products including encrypted and signed Public key cryptography is a combination of elaborately created procedures and standards that are meant to protect communications from being listened to or tampered with or being affected by impersonation attacks....
4 Pages (1000 words) Research Paper

Securing Data Using IPSEC VPN over Satellite Communication

In this regard, cryptography mechanism plays an imperative role towards transforming and most vitally securing data from one specific location to other.... This reseaerch paper ''Securing Data Using IPSEC VPN over Satellite Communication'' intents how internet protocol security virtual private network (IPSEC VPN) secures the procedure of data transmission over other methods like satellite communication systems; and discusses the various significant....
18 Pages (4500 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us