Attacking Crypto Systems

Posted in Cryptography by

A crypto system is secure, if the algorithm is public accessible and the secret key is only obtainable by the brute force method (or getting it from a human person).

man in the middle The following elements can help breaking a crypto system.

  • Knowledge of plain text
  • Knowledge of cipher text
  • Knowledge of the used algorithm
  • Knowledge if asymmetric cryptography is used
  • Access to the algorithm
  • Read/Write access to the transport

Attacks to symmetric cryptography are explained first, afterwards attacks to asymmetric ones.

Mono alphabetic crypto systems are weak, because the same elements of the plain vocabulary are always represented with the same element of the private vocabulary. Finding out which element is used often is done by counting the appearance of all elements and sorting them. If you got access to the crypto system, you can even find out, if your finding are true.

Poly alphabetic crypto system are a lot harder to break, because you first have to find the length of the secret key. Again, if you have access to the cryptosystem, you are able to do so, by trial and error. If you know enough cipher text is it possible to analyze it, because the secret key is used over and over. There is a possibility that the same element of a pain text is represented with the same element of the cipher text often. Using a computer, you can split the cipher text into parts and find reappearing elements. Once you got the length of the secret key, use the method from above to find out the secret key.

Write access to the transport offers various options. You can drop a cipher text and it will be transmitted again. Doing this, you will find out if the used cryptography system uses the same key again.

Asymmetric Cryptography is able to setup a secure communication option using a insecure transport, but if a man in the middle got write access to the transport, it can pretend to be the receiver. This way the sender will do the key exchange with the man in the middle, and the man in the middle can fool the receiver to be the sender and do another key exchange with the receiver. Only the use of certificates and detecting changes in latency can protect the key exchange and provide real security.

Two more things can be added. The reply attack records a cipher text and sends it again to the receiver. If the receiver does not detect that duplicate, one can do harm without even breaking the crypto system. Sender and receiver must be secure systems, cause both got the secret key. If only one of them got other vulnerabilities the hole system is no longer secure.

Published at , Updated at 2011-10-25

next: RSA Crypto System prev: Hill Cryptosystem