Mạng máy tính 1 - Attacks overview

Attacks Overview Nguyen Cao Dat 1 BK TP.HCM Outline Cryptographic Attacks ▫ Frequency analysis ▫ Brute force attack ▫ Meet-in-the-middle attack ▫ Birthday attack Network Attacks ▫ Replay attack ▫ Man-in-the-middle attack ▫ Denial-of-service attack BK TP.HCM Frequency analysis Frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers. BK TP.HCM Brute force attack brute force attack is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found. The amount of time required to break a 128-bit key is also daunting. Each of the 2128 possibilities must be checked. A device that could check a billion billion keys (1018) per second would still require about 1013 years to exhaust the key space. This is a thousand times longer than the age of the universe, which is about 13,000,000,000 (1.3×1010) years. BK TP.HCM Meet-in-the-middle attack (1/3) for small x, we have (1 x) ex. for small x, we have (1 x) ex. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle. Assume the attacker knows a set of plaintext and ciphertext: P and C. That is: BK TP.HCM Meet-in-the-middle attack (2/3) for small x, we have (1 x) ex. for small x, we have (1 x) ex. The attacker can then compute EK(P) for all possible keys K and store the results in memory. Afterwards he can decrypt the ciphertext by computing DK(C) for each K. Any matches between these two resulting sets are likely to reveal the correct keys. (To speed up the comparison, the EK(P) set is stored in an in-memory lookup table, then each DK(C) can be matched against the values in the lookup table to find the candidate keys.) BK TP.HCM Meet-in-the-middle attack (3/3) for small x, we have (1 x) ex. for small x, we have (1 x) ex. Once the matches are discovered, they can be verified with a second test-set of plaintext and ciphertext. If the keysize is n, this attack uses only 2n + 1 encryptions (and O(2n) space) in contrast to the naive attack, which needs 22n encryptions (but only O(1) space). BK TP.HCM Birthday attack (1/6) exploits the mathematics behind the birthday problem in probability theory. What is the minimum value of k such that the probability is greater than 0.5 that at least two people in a group of k people have the same birthday? P(n, k) = Pr[at least one duplicate in k items, with each item able to take on one of n equally likely values between 1 and n] we are looking for the smallest value of k such that P(365, k) 0.5 BK TP.HCM Birthday attack (2/6) the probability that there are no duplicates, which we designate as Q(365, k) the number of different ways is: BK TP.HCM Birthday attack (3/6) P(365, 23) = 0.5073. For k = 100, the probability of at least one duplicate is 0.9999997. BK TP.HCM Birthday attack (4/6) for small x, we have (1 - x)  ex. BK TP.HCM Birthday attack (5/6) BK TP.HCM Birthday attack (6/6) What value of k is required such that P(n, k) 0.5? To satisfy the requirement, we have: For large k, we can replace k x (k -1) by k2, and we get As a reality check, for n = 365, we get which is very close to the correct answer of 23. BK TP.HCM Replay attack (1/2) Use a simple method of exploiting a captured packet or packets, and resend that traffic to cause unexpected results. Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Mallory is eavesdropping the conversation and keeps the password. After the interchange is over, Mallory connects to Bob posing as Alice; when asked for a proof of identity, Mallory sends Alice's password read from the last session, which Bob accepts. BK TP.HCM Replay attack (2/2) A way to avoid replay attacks is using session tokens, session tokens should be chosen by a (pseudo-) random process. Timestamping is another way of preventing a replay attack. The advantage of this scheme is that does not need to generate (pseudo-) random numbers. BK TP.HCM Man-in-the-middle attack The man-in-the middle attack intercepts a communication between two systems Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication. Various defenses against MITM attacks use authentication technique that are based on PKI (Public Key Infrastructure) BK TP.HCM Denial-of-service attack DoS attack or DDoS is an attempt to make a computer resource unavailable to its intended users. Methods of attack ▫ ICMP flood ▫ Teardrop Attacks ▫ Peer-to-peer attacks ▫