Discussion 7
anithareddy
Week10Lecture3.pptxFundamentals of Cryptography Week 10
1
Cryptoanalysis and Coded Breaking Chapter 6 - Agenda
Week 10 Overview
Reading
Discussion Question
Quiz
Code breaking
2
Week 10 Overview
Reading – Chapter 6 in our text
Discussion Question 7 – Code Breaking
Quiz 5
3
Discussion Question 7
4
Peer Response(s): Peer Response(s) are due by Sunday, October 29th (11:59:59pm ET)
Primary Task Response:
Primary Task Response:
Primary Response: Primary Discussion Response is due by Wednesday, October 25th (11:59:59pm Eastern Time Zone (ET))
Code Breaking
Discuss three basic principles that we can use to break codes or systems.
Select one of the puzzles from pages 165 – 168 of our text.
Work the puzzle you selected to break the code.
Present the solution and the steps you took to break the code.
Optional: Create a puzzle of your own to challenge your peers to solve! Don’t forget to provide the solution at the end of the week if no one can break it!
Discussion Question 7
5
- Read the responses from your peers and offer a constructive critique or additional information that adds substantively to the discussions.
Peer Response
- Remember, a response that simply states that their post was good or that you liked it is not considered substantive and will not earn credit.
- You should contribute to the learning via your posts and responses.
- Be sure to acknowledge any outside sources you use.
Code Breaking - Cryptoanalysis
Commonly called cryptoanalysis
The body of knowledge relating to studying cryptosystems
Taking encrypted data and decrypting it without a key
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Code Breaking - Cryptoanalysis
Basic Principles to Code Breaking
Look for keywords with repeating letters or keywords that are too short
Know patterns in words or predictable patterns
Certain letters in every language appear more often than others
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Code Breaking - Cryptoanalysis
Codes and Codebooks
Braille
Morse Code
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Brute Force
Trying all possible key combinations
Two factors: cost and time
Moore’s Law
Measured in MIPS per year
KEY
All Keys = Key Space
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Attack Types
Frequency Analysis
Cipher-text Only Attack
Known Plaintext Attack
Chosen Plaintext Attack
Dictionary Attacks
Rainbow Tables
Birthday Attacks
Implementation Issues
Timing and Power Analysis Attacks
People Attacks
Frequency Analysis
In these attacks, the attacker has the advantage of knowing the characteristics of the plaintext language
Knowing the frequency of certain letters or predictable patterns (such as “qu”) makes the job of the cryptanalyst much easier
Ciphertext Only Attack
In a ciphertext only attack, we assume that the attacker has samples of the encrypted text but may not know the algorithm, key, or system
This is the most difficult attack, since the cryptanalyst has the least amount of information with which to work
Known Plaintext Attack
The attacker has both the plaintext and the ciphertext; the attacker uses analysis to try to determine the key or cryptovariable being used in the encryption process
Chosen Attacks
Cryptosystem
Ciphertext
Plaintext
Cryptovariable
Dictionary Attacks
A dictionary attack is used against password files or hashed values; it hashes common words or password combinations to obtain a collision on a password hash
Rainbow Tables
Hashes and reductions
Combating rainbow tables with salts
Specialized/scalable
Architecture
Graphics Processor Unit (GPU)
Compute Unified Device Architecture (CUDA)
Birthday Attacks
Used to find weaknesses based on the Birthday Paradox.
The Birthday Paradox states that there is a 50 percent chance that two out of a group of 23 people will have the same birth date (the year is not used). Increase the group to 60 people and the chances are more than 99 percent. For the math challenged, we are betting that no one has the same birthday.
Implementation Issues
Poorly implemented systems or algorithms – such as the weakness in WEP due to implementation with a small IV
Timing and Power Analysis Attacks
Timing and power analysis attacks are based on measuring the exact execution times and power consumption of a chip while encrypting or decrypting data
Measuring this time can indicate the key length and type of algorithm in use
Side channel attacks
Differential Power Analysis
People Attacks
What are some examples of attacks against people?
Social Engineering – Con game
Purchase Key Attack – Bribery and Extortion
Rubber Hose Attack – Assault and Battery
21
Questions?
22
