0% found this document useful (0 votes) 1K views 3 pages ISS210 Chapter 8 Homework.pdf © © All Rights Reserved PDF, TXT or read online from Scribd Did you find this document useful?0% found this document useful (0 votes) 1K views3 pages ISS210 Chapter 8 Homework PDFOriginal Title:ISS210 Chapter 8 Homework.pdf Jump to Page You are on page 1of 3 Reward Your CuriosityEverything you want to read. Anytime. Anywhere. Any device. No Commitment. Cancel anytime. In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from malicious activities such as attacks. Let us consider the types of attacks to which information is typically subjected to. Attacks are typically categorized based on the action performed by the attacker. An attack, thus, can be passive or active. Passive AttacksThe main goal of a passive attack is to obtain unauthorized access to the information. For example, actions such as intercepting and eavesdropping on the communication channel can be regarded as passive attack. These actions are passive in nature, as they neither affect information nor disrupt the communication channel. A passive attack is often seen as stealing information. The only difference in stealing physical goods and stealing information is that theft of data still leaves the owner in possession of that data. Passive information attack is thus more dangerous than stealing of goods, as information theft may go unnoticed by the owner. Active AttacksAn active attack involves changing the information in some way by conducting some process on the information. For example,
Cryptography provides many tools and techniques for implementing cryptosystems capable of preventing most of the attacks described above. Assumptions of AttackerLet us see the prevailing environment around cryptosystems followed by the types of attacks employed to break these systems − Environment around CryptosystemWhile considering possible attacks on the cryptosystem, it is necessary to know the cryptosystems environment. The attacker’s assumptions and knowledge about the environment decides his capabilities. In cryptography, the following three assumptions are made about the security environment and attacker’s capabilities. Details of the Encryption SchemeThe design of a cryptosystem is based on the following two cryptography algorithms −
In case of proprietary algorithms, security is ensured through obscurity. Private algorithms may not be the strongest algorithms as they are developed in-house and may not be extensively investigated for weakness. Secondly, they allow communication among closed group only. Hence they are not suitable for modern communication where people communicate with large number of known or unknown entities. Also, according to Kerckhoff’s principle, the algorithm is preferred to be public with strength of encryption lying in the key. Thus, the first assumption about security environment is that the encryption algorithm is known to the attacker. Availability of CiphertextWe know that once the plaintext is encrypted into ciphertext, it is put on unsecure public channel (say email) for transmission. Thus, the attacker can obviously assume that it has access to the ciphertext generated by the cryptosystem. Availability of Plaintext and CiphertextThis assumption is not as obvious as other. However, there may be situations where an attacker can have access to plaintext and corresponding ciphertext. Some such possible circumstances are −
Cryptographic AttacksThe basic intention of an attacker is to break a cryptosystem and to find the plaintext from the ciphertext. To obtain the plaintext, the attacker only needs to find out the secret decryption key, as the algorithm is already in public domain. Hence, he applies maximum effort towards finding out the secret key used in the cryptosystem. Once the attacker is able to determine the key, the attacked system is considered as broken or compromised. Based on the methodology used, attacks on cryptosystems are categorized as follows −
Practicality of AttacksThe attacks on cryptosystems described here are highly academic, as majority of them come from the academic community. In fact, many academic attacks involve quite unrealistic assumptions about environment as well as the capabilities of the attacker. For example, in chosen-ciphertext attack, the attacker requires an impractical number of deliberately chosen plaintext-ciphertext pairs. It may not be practical altogether. Nonetheless, the fact that any attack exists should be a cause of concern, particularly if the attack technique has the potential for improvement. Which kind of attack on cryptosystems involves sequential guessing of all possible key combinations?Which kind of attack involves sequential guessing of all possible key combinations? The form of attack that uses pre-identified terms is called a dictionary attack. A brute force attack tries all possible combinations.
What is a cryptographic attack?A cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme. This process is also called "cryptanalysis". See also Category:Computer security exploits, Category:Malware.
What are the types of attacks in cryptography?Depending on the type of cryptographic system in place and the information available to the attacker, these attacks can be broadly classified into six types:. Brute force attack. ... . Ciphertext-only attack. ... . Chosen plaintext attack. ... . Chosen ciphertext attack. ... . Known plaintext attack. ... . Key and algorithm attack.. What are the 3 basic operations in cryptography?Encrypting, decrypting, and hashing are the three basic operations in cryptography. What is a hash function, and what can it be used for?
|