Cryptoanalysis and Coded Breaking Chapter 6 – Agenda

Cryptoanalysis and Coded Breaking Chapter 6 – Agenda

Fundamentals of Cryptography Week 10

1

Cryptoanalysis and Coded Breaking Chapter 6 – Agenda

Week 10 Overview

Reading

Discussion Question

Quiz

Code breaking

2

Week 10 Overview

Reading – Chapter 6 in our text

Discussion Question 7 – Code Breaking

Quiz 5

3

Discussion Question 7

4

Peer Response(s):  Peer Response(s) are due by Sunday, October 29th (11:59:59pm ET)

Primary Task Response:

Primary Task Response:

Primary Response: Primary Discussion Response is due by Wednesday, October 25th (11:59:59pm Eastern Time Zone (ET))

Code Breaking

Discuss three basic principles that we can use to break codes or systems.

Select one of the puzzles from pages 165 – 168 of our text.

Work the puzzle you selected to break the code.

Present the solution and the steps you took to break the code.

Optional:  Create a puzzle of your own to challenge your peers to solve!  Don’t forget to provide the solution at the end of the week if no one can break it!

Discussion Question 7

5

– Read the responses from your peers and offer a constructive critique or additional information that adds substantively to the discussions.

Peer Response

– Remember, a response that simply states that their post was good or that you liked it is not considered substantive and will not earn credit.

– You should contribute to the learning via your posts and responses.

– Be sure to acknowledge any outside sources you use.

Code Breaking – Cryptoanalysis

Commonly called cryptoanalysis

The body of knowledge relating to studying cryptosystems

Taking encrypted data and decrypting it without a key

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Code Breaking – Cryptoanalysis

Basic Principles to Code Breaking

Look for keywords with repeating letters or keywords that are too short

Know patterns in words or predictable patterns

Certain letters in every language appear more often than others

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Code Breaking – Cryptoanalysis

Codes and Codebooks

Braille

Morse Code

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Brute Force

Trying all possible key combinations

Two factors: cost and time

Moore’s Law

Measured in MIPS per year

KEY

All Keys = Key Space

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Attack Types

Frequency Analysis

Cipher-text Only Attack

Known Plaintext Attack

Chosen Plaintext Attack

Dictionary Attacks

Rainbow Tables

Birthday Attacks

Implementation Issues

Timing and Power Analysis Attacks

People Attacks

Frequency Analysis

In these attacks, the attacker has the advantage of knowing the characteristics of the plaintext language

Knowing the frequency of certain letters or predictable patterns (such as “qu”) makes the job of the cryptanalyst much easier

Ciphertext Only Attack

In a ciphertext only attack, we assume that the attacker has samples of the encrypted text but may not know the algorithm, key, or system

This is the most difficult attack, since the cryptanalyst has the least amount of information with which to work

Known Plaintext Attack

The attacker has both the plaintext and the ciphertext; the attacker uses analysis to try to determine the key or cryptovariable being used in the encryption process

Chosen Attacks

Cryptosystem

Ciphertext

Plaintext

Cryptovariable

Dictionary Attacks

A dictionary attack is used against password files or hashed values; it hashes common words or password combinations to obtain a collision on a password hash

Rainbow Tables

Hashes and reductions

Combating rainbow tables with salts

Specialized/scalable

Architecture

Graphics Processor Unit (GPU)

Compute Unified Device Architecture (CUDA)

Birthday Attacks

Used to find weaknesses based on the Birthday Paradox.

The Birthday Paradox states that there is a 50 percent chance that two out of a group of 23 people will have the same birth date (the year is not used). Increase the group to 60 people and the chances are more than 99 percent. For the math challenged, we are betting that no one has the same birthday.

Implementation Issues

Poorly implemented systems or algorithms – such as the weakness in WEP due to implementation with a small IV

Timing and Power Analysis Attacks

Timing and power analysis attacks are based on measuring the exact execution times and power consumption of a chip while encrypting or decrypting data

Measuring this time can indicate the key length and type of algorithm in use

Side channel attacks

Differential Power Analysis

People Attacks

What are some examples of attacks against people?

Social Engineering – Con game

Purchase Key Attack – Bribery and Extortion

Rubber Hose Attack – Assault and Battery

21

Questions?

22


Comments are closed.