Attacks on Protocols

Attacks against Protocols

• Someone not involved in the protocol can eavesdrop on some or all of
the protocol. This is called a passive attack, because the attacker
does not affect the protocol.
• He observes the protocol and attempt to gain information.
• This kind of attack corresponds to a ciphertext-only attack
• Since passive attacks are difficult to detect, protocols try to prevent
passive attacks rather than detect them.
Attacks against Protocols
• An attacker try to alter the protocol to his own advantage.
• He could pretend to be someone else, introduce new messages in the
protocol, delete existing messages, substitute one message for
another, replay old messages, interrupt a communications channel, or
alter stored information in a computer.
• These are called active attacks, because they require active
intervention. The form of these attacks depends on the network.
Difference between Active and
Passive attackers
• Passive attackers try to gain information about the parties involved in
the protocol. They collect messages passing among various parties and
attempt to cryptanalyze them.
• Active attacker could be interested in obtaining information, degrading
system performance, corrupting existing information, or gaining
unauthorized access to resources.
• Active attacks are much more serious in protocols in which the different
parties don’t necessarily trust one another.
• The attacker does not have to be a complete outsider. He could be a
legitimate system user. He could be the system administrator. There
could even be many active attackers working together.
Passive and Active cheaters
• It is also possible that the attacker could be one of the parties
involved in the protocol. He may lie during the protocol or not follow
the protocol at all. This type of attacker is called a cheater.
• Passive cheaters follow the protocol, but try to obtain more
information than the protocol intends them to.
• Active cheaters disrupt the protocol in progress in an attempt to
cheat.
Communications Using Symmetric
Cryptography
Symmetric cryptosystems have the following problems:
— Keys must be distributed in secret. They are as valuable as all the messages
they encrypt, since knowledge of the key gives knowledge of all the messages.
— If a key is compromised (stolen, guessed, extorted, bribed, etc.), then Eve can
decrypt all message traffic encrypted with that key. She can also pretend to be
one of the parties and produce false messages to fool the other party.
— Assuming a separate key is used for each pair of users in a network, the total
number of keys increases rapidly as the number of users increases. A network
of n users requires n(n - 1)/2 keys. For example, 10 users require 45 different
keys to talk with one another and 100 users require 4950 keys. This problem
can be minimized by keeping the number of users small, but that is not always
possible.
One-Way Functions
• one-way function is central to public-key cryptography
• One-way functions are relatively easy to compute, but significantly
harder to reverse. That is, given x it is easy to compute f(x), but given
f(x) it is hard to compute x.
• “hard” is defined as something like: It would take millions of years to
compute x from f(x), even if all the computers in the world were
assigned to the problem.
Trapdoor one-way function
• A trapdoor one-way function is a special type of one-way function, one with a
secret trapdoor.
• It is easy to compute in one direction and hard to compute in the other
direction. But, if you know the secret, you can easily compute the function in
the other direction.
• That is, it is easy to compute f(x) given x, and hard to compute x given f(x).
However, there is some secret information, y, such that given f(x) and y it is easy
to compute x.
• It is easy to disassemble a watch into hundreds of minuscule pieces. It is very
difficult to put those tiny pieces back together into a working watch. However,
with the secret information—the assembly instructions of the watch —it is
much easier to put the watch back together.
One-Way Hash Functions
• A one-way hash function has many names: compression function,
contraction function, message digest, fingerprint, cryptographic
checksum, message integrity check (MIC), and manipulation detection
code (MDC).
• A hash function is a function, mathematical or otherwise, that takes a
variable-length input string (called a pre-image) and converts it to a
fixed-length (generally smaller) output string (called a hash value).
• Simple hash function would be a function that takes pre-image and
returns a byte consisting of the XOR of all the input bytes
• A one-way hash function is a hash function that works in one
direction: It is easy to compute a hash value from pre-image, but it is
hard to generate a pre-image that hashes to a particular value.
• A good one-way hash function is also collision-free: It is hard to
generate two pre-images with the same hash value.
• Given a hash value, it is computationally unfeasible to find a pre-
image that hashes to that value.
• A one-way hash function without a key, so that anyone can verify the
hash.
Message Authentication Codes
• A message authentication code (MAC), also known as a data
authentication code (DAC), is a one-way hash function with the
addition of a secret key.
• The hash value is a function of both the pre-image and the key.
• Someone with the key can verify the hash value.
• You can create a MAC out of a hash function or a block encryption
algorithm
Communications Using Public-Key
Cryptography
Public-keycryptography.
• They used two different keys—one public and the other private.
• It is computationally hard to deduce the private key from the public
key. Anyone with the public key can encrypt a message but not
decrypt it.
• Only the person with the private key can decrypt the message.
• Eg: Putting mail into mail box and removing it by the right person
Alice can send a message to Bob using public-key cryptography:
(1) Alice and Bob agree on a public-key cryptosystem.
(2) Bob sends Alice his public key.
(3) Alice encrypts her message using Bob’s public key and sends it to
Bob.
(4) Bob decrypts Alice’s message using his private key.
• A network of users agrees on a public-key cryptosystem.
• Every user has his or her own public key and private key, and the
public keys are all published in a database somewhere.
• Now the protocol is even easier:
(1) Alice gets Bob’s public key from the database.
(2) Alice encrypts her message using Bob’s public key and sends it to
Bob.
(3) Bob then decrypts Alice’s message using his private key.
Hybrid Cryptosystems
Public-key algorithms are not a substitute for symmetric algorithms.
They are not used to encrypt messages; they are used to encrypt keys.
There are two reasons for this:
1. Public-key algorithms are slow.
2. Public-key cryptosystems are vulnerable to chosen-plaintext
attacks.If C = E(P), when P is one plaintext out of a set of n possible
plaintexts,then a cryptanalyst only has to encrypt all n possible
plaintexts and compare the results with C (remember, the encryption
key is public). He won’t be able to recover the decryption key this way,
but he will be able to determine P.
Public-key cryptography is used to secure and distribute session
keys; those session keys are used with symmetric algorithms to
secure message traffic [879]. This is sometimes called a hybrid
cryptosystem.
(1) Bob sends Alice his public key.
(2) Alice generates a random session key, K, encrypts it using
Bob’s public key, and sends it to Bob.
EB(K)
(3) Bob decrypts Alice’s message using his private key to recover
the session key.
DB(EB(K)) = K
(4) Both of them encrypt their communications using the same
session key.
• Using public-key cryptography for key distribution solves a very
important key-management problem.
• With symmetric cryptography, the data encryption key sits around
until it is used. If Eve ever gets her hands on it, she can decrypt
messages encrypted with it.
• With the previous protocol, the session key is created when it is
needed to encrypt communications and destroyed when it is no
longer needed. This drastically reduces the risk of compromising the
session key.