Cryptography - Attacks

Question 1

Two categories of Cryptography Attacks

Answer 1

Passive, Active

Passive attack harder to detect because carried out by eavesdropping or packet sniffing

Active attacks involve attacker performing message alteration or file modification

Question 2

Ciphertext only attack

Answer 2

Attacker uses several encrypted messages (ciphertext) to figure out key used

Question 3

Known Plaintext attack

Answer 3

attacker uses plaintext and ciphertext versions of a message to discover key used.

Implements reverse engineering, frequency analysis or brute force to determine the key, so all messages can be deciphered

Question 4

Chosen Plaintext Attack

Answer 4

Attacker sends message hoping user will forward it as ciphertext to another user. Attacker captures ciphertext version and tries to determine key by comparing plaintext and ciphertext versions

Question 5

Chosen Ciphertext Attack

Answer 5

Attacker chooses ciphertext to be decrypted to obtain the plaintext. This is more difficult because control of the system that implements the algorithm is needed

Question 6

Social Engineering Attack

Answer 6

Attackers attempted to trick users into giving attacker the cryptographic key used

Question 7

Social Engineering Attack

Answer 7

Attackers attempt to trick users into giving attacker the cryptographic key used

Question 8

Brute Force Attack

Answer 8

Uses all possible keys until key is discovered that successfully decrypts the ciphertext

Question 9

Differential cryptanalysis (Side Channel Attack)

Answer 9

measures execution times and power required by cryptographic device to help determine key and algorithm used

Question 10

Linear cryptanalysis

Answer 10

Known plaintext attack that uses linear approximation, which describes behavior of the block cipher.

More successful when more plaintext and matching ciphertext messages are obtained

Question 11

Algebraic attack

Answer 11

Exploits known vulnerabilities of the algebra used, looking for those vulnerabilities can help attacker to determine key and algorithm used

Question 12

Frequency Analysis

Answer 12

relies on fact that substitution and transposition ciphers will result in repeated patterns in ciphertext

today’s algorithms considered too complex to be vulnerable to this, because of using IV’s and similar, but could change

Question 13

Birthday attack

Answer 13

Assumes finding two messages that result in same hash value is easier than than matching a message and its hash value.

Most hash algorithms can resist simple birthday attacks

Question 14

Dictionary attack

Answer 14

uses all words in a dictionary until a key is discovered that successfully decrypts the ciphertext

Question 15

Replay attack

Answer 15

attacker sends same data in attempt to trick receiving device, often authentication information

countermeasures are timestamps and sequence numbers

Question 16

Analytic attack

Answer 16

attackers use known structural weaknesses or flaws to determine algorithm used

i.e. RC4 used in WEP, and WEP was cracked because of way RC4 was implemented

Question 17

Statistical attack

Answer 17

use known statistical weaknesses of an algorithm to aid in attack

Question 18

Factoring attack

Answer 18

carried out against RSA algorithm by using solutions of factoring large numbers

Question 19

Reverse Engineering

Answer 19

Attacker obtains cryptographic product and attempts to reverse engineer it to discover confidential information about algorithm

Question 20

Meet in the middle attack

Answer 20

Attacker tries to break algorithm by encrypting from one end and decrypting from other end to determine mathematical problem used