Professional Documents
Culture Documents
Over the years, many different types of attacks on cryptographic primitives and protocols
have been identified. The discussion here limits consideration to attacks on encryption and
protocols. Attacks on other cryptographic primitives will be given in appropriate chapters.
In x1.11 the roles of an active and a passive adversarywere discussed. The attacks these
adversaries can mount may be classified as follows:.
1. A passive attack is one where the adversary only monitors the communication channel.
A passive attacker only threatens confidentiality of data.
2. An active attack is one where the adversary attempts to delete, add, or in some other
way alter the transmission on the channel. An active attacker threatens data integrity
and authentication as well as confidentiality.
A passive attack can be further subdivided into more specialized attacks for deducing
plaintext from ciphertext, as outlined in x1.13.1.
Attacks on protocols
The following is a partial list of attackswhich might be mounted on various protocols. Until
a protocol is proven to provide the service intended, the list of possible attacks can never
be said to be complete.
1. known-key attack. In this attack an adversary obtains some keys used previously and
then uses this information to determine new keys.
2. replay. In this attack an adversary records a communication session and replays the
entire session, or a portion thereof, at some later point in time.
3. impersonation. Here an adversary assumes the identity of one of the legitimate parties
in a network.
4. dictionary. This is usually an attack against passwords. Typically, a password is
stored in a computer file as the image of an unkeyed hash function. When a user
logs on and enters a password, it is hashed and the image is compared to the stored
value. An adversary can take a list of probable passwords, hash all entries in this list,
and then compare this to the list of true encrypted passwords with the hope of finding
matches.
5. forward search. This attack is similar in spirit to the dictionary attack and is used to
secure if the perceived level of computation required to defeat it (using the best attack
known) exceeds, by a comfortable margin, the computational resources of the hypothesized
adversary.
Often methods in this class are related to hard problems but, unlike for provable security,
no proof of equivalence is known. Most of the best known public-key and symmetrickey
schemes in current use are in this class. This class is sometimes also called practical
security.
(v) Ad hoc security
This approach consists of any variety of convincing arguments that every successful attack
requires a resource level (e.g., time and space) greater than the fixed resources of a perceived
adversary. Cryptographic primitives and protocols which survive such analysis are said to
have heuristic security, with security here typically in the computational sense.
Primitives and protocols are usually designed to counter standard attacks such as those
given in x1.13. While perhaps the most commonly used approach (especially for protocols),
it is, in some ways, the least satisfying. Claims of security generally remain questionable
and unforeseen attacks remain a threat.