Knowledge-based attacks go beyond the simplicity of brute force attacks and combine other information available to the attacker with cryptanalytic techniques to break the security of encrypted data. In this video, learn how attackers wage knowledge-based attacks against encryption algorithms.
- [Narrator] Knowledge-based attacks go beyond the simplicity of brute-force attacks. And combine other information available to the attacker, with cryptanalytic techniques, to break the security of encrypted data. The first knowledge-based attack is the Frequency Analysis Attack. In this attack, the person trying to break the code does statistical analysis of the ciphertext to try to detect patterns. The analyst might use many common characteristics, of the English language, to help with this analysis.
For example, you might know that the most common letters in the English language, are E, T, O, A, I and N. If you suspect that a simple substitution cipher was used to protect data, and see the letter X coming up repeatedly in the cipher text, there's a good chance that X was substituted for E. There are also lesser known rules that can assist with frequency analysis. For Example, researchers also can use pairs of letters that often appear together, known as digraphs.
If they see the same two letters popping up in cipher text, they may then guess that those two letters correspond to a common English diagraph such as TH, HE, IN, or ER. There are many other rules, like these, that can assist in frequency analysis. Fortunately, you won't need to know how to use these techniques on the exam. You just need to know that frequency analysis studies the patterns of letters in cipher text. In some cases, the analyst may have access to both the encrypted, and unencrypted versions, of a message.
In these cases, the additional information allows something called a Known-Plaintext Attack. Where the attacker uses this knowledge to try to crack the decryption key for other messages. Crypt analysts can also gain a further advantage when they have the ability to encrypt a message using a selected algorithm and key. In this type of attack, called a Chosen-Plaintext Attack, the attacker can study the algorithm's workings in greater detail. And attempt to learn the key being used.
Finally, Downgrade Attacks are possible when a system supports many different types of encryption. Some of which are insecure. In a downgrade attack, the attacker uses a man in the middle exploit, to force two other systems that attempting to communicate, to switch to a weak implementation of a cryptographic algorithm, that the attacker can eavesdrop on, and then crack. The poodle attack, was an example of a downgrade attack that became publicly known, in 2014.
This attack, which is an acronym for Padding Oracle On Downgraded Legacy Encryption, swept across the internet, affecting many systems, and making national news. Attackers discovered that they could exploit a flaw in a software library used for encryption by many browsers, and other applications. And then force the communicating systems to switch, from the secure TLS protocol, to the insecure SSL protocol.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities