Section 8.80 Cryptographic Attacks Flashcards
Objectives 1.4 Explain the importance of using appropriate cryptographic solutions. Objectives 2.3 Explain various types of vulnerabilities. Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity.
Cryptographic Attacks
Techniques and strategies that adversaries employ to exploit vulnerabilities in cryptographic systems with the intent to compromise the confidentiality, integrity, or authenticity of data
Downgrade Attacks
Force systems to use weaker or older cryptographic standards or protocols
■ Exploit known vulnerabilities or weaknesses in outdated versions
■ Countermeasures include phasing out support for insecure protocols and
version-intolerant checks
■ Example: POODLE attack on SSL 3.0
Collision Attacks
Find two different inputs producing the same hash output
■ Undermine data integrity verification relying on hash functions
■ Vulnerabilities in hashing algorithms, e.g., MD5, can lead to collisions
■ Birthday Paradox or Birthday Attack: The probability that two distinct inputs, when processed through a hashing function, will produce the same output, or a collision
Quantum Computing Threat
Quantum computing
● A computer that uses quantum mechanics to generate and manipulate quantum bits (Qubits) in order to access enormous processing powers.
● Uses quantum bits (qubits) instead of using ones and zeros
Quantum Computing Threat
Quantum Communication
A communications network that relies on qubits made of photons (light) to send multiple combinations of ones and zeros simultaneously which results in tamper resistant and extremely fast communications
Quantum computing is designed for very specific use cases
● Complex math problems
● Trying to do something like the modeling of an atom or atomic structure
Qubit
A quantum bit composed of electrons or photons that can represent numerous combinations of ones and zeros at the same time through superposition
● Enable simultaneous processing of multiple combinations
Quantum Threat
Threat to traditional encryption algorithms (RSA, ECC) by rapid factorization of large prime numbers
Post-quantum cryptography
● A new kind of cryptographic algorithm that can be implemented using
today’s classic computers but is also impervious to attacks from future
quantum computers
● Aims to create algorithms resistant to quantum attacks
● First method is to create post-quantum cryptography is to increase the
key size
○ Increases the number of permutations that are needed to be
brute-forced
Second method is to create something like lattice-based cryptography
and super singular isogeny key exchange
NIST selected four post-quantum cryptography standards
● CRYSTALS-Kyber - general encryption needs
● Digital signatures
○ CRYSTALS-Dilithium
○ FLACON
○ SPHINCS+
