The following is an excerpt from the Official (ISC)2 Guide to the CISSP CBK, fourth edition, edited by Adam Gordon,...

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

CISSP-ISSAP, ISSMP, SSCP. This section from Domain 3 offers a comprehensive overview of the various methods attackers use to crack ciphertext and otherwise exploit cryptography systems.

Todays cryptography is far more advanced than the cryptosystems of yesterday. Organizations are able to both encrypt and break ciphers that could not even have been imagined before human civilization had the power of computers. Today's cryptosystems operate in a manner so that anyone with a computer can use cryptography without even understanding cryptographic operations, algorithms and advanced mathematics. However, it is still important to implement a cryptosystem in a secure manner. Any security system or product is subject to compromise or attack. The following explains common attacks against cryptography systems.

The ciphertext-only attack is one of the most difficult because the attacker has so little information to start with. All the attacker starts with is some unintelligible data that he suspects may be an important encrypted message. The attack becomes simpler when the attacker is able to gather several pieces of ciphertext and thereby look for trends or statistical data that would help in the attack. Adequate encryption is defined as encryption that is strong enough to make brute force attacks impractical because there is a higher work factor than the attacker wants to invest into the attack. Moores law states that available computing power doubles every 18 months. Experts suggest this advance may be slowing; however, encryption strength considered adequate today will probably not be sufficient a few years from now due to advances in CPU and CPU technologies and new attack techniques. Security professionals should consider this when defining encryption requirements.

For a known plaintext attack, the attacker has access to both the ciphertext and the plaintext versions of the same message. The goal of this type of attack is to find the link -- the cryptographic key that was used to encrypt the message. Once the key has been found, the attacker would then be able to decrypt all messages that had been encrypted using that key. In some cases, the attacker may not have an exact copy of the message; if the message was known to be an e-commerce transaction, the attacker knows the format of such transactions even though he does not know the actual values in the transaction.

To execute the chosen attacks, the attacker knows the algorithm used for the encrypting, or even better, he may have access to the machine used to do the encryption and is trying to determine the key. This may happen if a workstation used for encrypting messages is left unattended. Now the attacker can run chosen pieces of plaintext through the algorithm and see what the result is. This may assist in a known plaintext attack. An adaptive chosen plaintext attack is where the attacker can modify the chosen input files to see what effect that would have on the resulting ciphertext.

This is similar to the chosen plaintext attack in that the attacker has access to the decryption device or software and is attempting to defeat the cryptographic protection by decrypting chosen pieces of ciphertext to discover the key. An adaptive chosen ciphertext would be the same, except that the attacker can modify the ciphertext prior to putting it through the algorithm. Asymmetric cryptosystems are vulnerable to chosen ciphertext attacks. For example, the RSA algorithm is vulnerable to this type of attack. The attacker would select a section of plaintext, encrypt it with the victims public key, then decrypt the ciphertext to get the plaintext back. Although this does not yield any new information to the attacker, the attacker can exploit properties of RSA by selecting blocks of data, when processed using the victims private key, yields information that can he used in cryptanalysis. The weakness with asymmetric encryption in chosen ciphertext attacks can be mitigated by including a random padding in the plaintext before encrypting the data. Security vendor RSA Security recommends modifying the plaintext by using a process called optimal asymmetric encryption padding (OAEP). RSA encryption with OAEP is defined in PKCS #1 v2.1.

Also called a side-channel attack, this more complex attack is executed by measuring the exact execution times and power required by the crypto device to perform the encryption or decryption. By measuring this, it is possible to determine the value of the key and the algorithm used.

This is a known plaintext attack that uses linear approximations to describe the behavior of the block cipher. Linear cryptanalysis is a known plaintext attack and uses a linear approximation to describe the behavior of the block cipher. Given sufficient pairs of plaintext and corresponding ciphertext, one can obtain bits of information about the key, and increased amounts of data will usually give a higher probability of success. There have been a variety of enhancements and improvements to the basic attack. For example, there is an attack called differential -- linear cryptanalysis, which combines elements of differential cryptanalysis with those of linear cryptanalysis.

Implementation attacks are some of the most common and popular attacks against cryptographic systems due to their ease and reliance on system elements outside of the algorithm. The main types of implementation attacks include:

Side-channel attacks are passive attacks that rely on a physical attribute of the implementation such as power consumption/emanation. These attributes are studied to determine the secret key and the algorithm function. Some examples of popular side channels include timing analysis and electromagnetic differential analysis.

Fault analysis attempts to force the system into an error state to gain erroneous results. By forcing an error, gaining the results and comparing it with known good results, an attacker may learn about the secret key and the algorithm.

Probing attacks attempt to watch the circuitry surrounding the cryptographic module in hopes that the complementary components will disclose information about the key or the algorithm. Additionally, new hardware may be added to the cryptographic module to observe and inject information.

This attack is meant to disrupt and damage processing by the attacker, through the resending of repeated files to the host. If there are no checks such as time-stamping, use of one-time tokens or sequence verification codes in the receiving software, the system might process duplicate files.

Algebraic attacks are a class of techniques that rely for their success on block ciphers exhibiting a high degree of mathematical structure. For instance, it is conceivable that a block cipher might exhibit a group structure. If this were the case, it would then mean that encrypting a plaintext under one key and then encrypting the result under another key would always be equivalent to single encryption under some other single key. If so, then the block cipher would be considerably weaker, and tile use of multiple encryption cycles would offer no additional security over single encryption.

Hash functions map plaintext into a hash. Because the hash function is a one-way process, one should not be able to determine the plaintext from the hash itself. To determine a given plaintext from its hash, refer to these two ways to do that:

1. Hash each plaintext until matching hash is found; or

2. Hash each plaintext, but store each generated hash in a table that can used as a look up table so hashes do not need to be generated again. A rainbow table is a lookup table of sorted hash outputs. The idea here is that storing precomputed hash values in a rainbow table that one can later refer to saves time and computer resources when attempting to decipher tile plaintext from its hash value.

This attack works closely with several other types of attacks. It is especially useful when attacking a substitution cipher where the statistics of the plaintext language are known. In English, for example, some letters will appear more often than others will, allowing an attacker to assume that those letters may represent an E or S.

Because a hash is a short representation of a message, given enough time and resources, another message would give the same hash value. However, hashing algorithms have been developed with this in mind so that they can resist a simple birthday attack. The point of the birthday attack is that it is easier to find two messages that hash to the same message digest than to match a specific message and its specific message digest. The usual countermeasure is to use a hash algorithm with twice the message digest length as the desired work factor (e.g., use 160-bit SHA-1 to have it resistant to 280 work factor).

This is the most common type of attack and usually the most successful. All cryptography relies to some extent on humans to implement and operate. Unfortunately, this is one of the greatest vulnerabilities and has led to some of the greatest compromises of a nations or organizations secrets or intellectual property. Through coercion, bribery or befriending people in positions of responsibility, spies or competitors are able to gain access to systems without having any technical expertise.

The dictionary attack is used most commonly against password files. It exploits the poor habits of users who choose simple passwords based on natural words. The dictionary attack merely encrypts all of the words in a dictionary and then checks whether the resulting hash matches an encrypted password stored in the SAM file or other password file.

Brute force is trying all possible keys until one is found that decrypts the ciphertext. This is why key length is such an important factor in determining the strength of a cryptosystem. With DES only having a 56-bit key, in time the attackers were able to discover the key and decrypt a DES message. This is also why SHA-256 is considered stronger than MD5; because the output hash is longer and, therefore, more resistant to a brute force attack. Graphical Processor Units (GPU) have revolutionized brute force hacking methods. Where a standard CPU might take 48 hours to crack an eight character mixed password, a modern GPU can crack it in less than 10 minutes. CPUs have a large number of arithmetic/logic units and are designed to perform repetitive tasks continuously. These characteristics make them ideal for performing brute force attack processes. Due to the introduction of CPU-based brute force attacks, many security professionals are evaluating password length, complexity and multifactor considerations.

This attack is one of the most common. A competing firm buys a crypto product from another firm and then tries to reverse engineer the product. Through reverse engineering, it may be able to find weaknesses in the system or gain crucial information about the operations of the algorithm.

This attack was successful against the SSL installed in Netscape several years ago. Because the random number generator was too predictable; it gave the attackers the ability to guess the random numbers so critical in setting up initialization vectors or a nonce. With this information in hand, the attacker is much more likely to run a successful attack.

Most cryptosystems will use temporary files to perform their calculations. If these files are not deleted and overwritten, they may be compromised and lead an attacker to the message in plaintext.

Encryption 101: DES explained

Understand the differences between symmetric and asymmetric encryption

Implement identity management systems for cybersecurity readiness.

Read the original:
The ABCs of ciphertext exploits and other cryptography attacks - TechTarget

A new quantum cryptography-based Bitcoin standard has been proposed that could harden the popular cryptocurrency against the advent of full-fledged quantum computers. Bitcoin as it now exists involves traditional public key cryptography and thus could conceivably be hacked by a future quantum computer strong enough to break it. However, quantum cryptography, which is based not on difficult math problems but the fundamental laws of physics, is expected to be strong enough to withstand even quantum computer-powered attacks.

The proposal, dubbed qBitcoin, posits transmission of quantum cryptographic keys between a remitter and a receiver of the eponomous named cryptocurrency, qBitcoin. The system would use provably secure protocols such as theBB84quantum key distribution scheme.

To exchange qBitcoin, then, requires that there be a transmission network in place that can send and receive bits of quantum information, qubits. And that is no mean feat, considering it typically involves preserving the polarization states of individual photons across thousands of kilometers. To date, there are five knownquantum key distributionnetworks in the United States, Switzerland, Austria, and Japan. China is working ontheir ownmassive 2000-km link, as well. And a number of satellite-to-satellite and satellite-to-ground quantum key distribution networks are alsobeingdevelopedandprototyped.

Which is to say that qBitcoin or something like it could not be scaled up today. But if the quantum computer singularity is approaching, in which a powerful enough machinecould threaten existing cryptography standards, quantum cryptography would be an essential ingredient of the post-Y2Q age. So existing quantum key distribution networks might at least serve as outposts in a burgeoning global quantum network, like Western Union stations in the early days of the telegraph.

Some things about qBitcoin might appear the same to any Bitcoin user today. Bitcoin is a peer to peer system, and qBitcoin is also peer to peer, says Kazuki Ikeda, qBitcoins creator and PhD student in physics at Osaka University in Japan.Hesays compared to Bitcoin, qBitcoin would offer comparable or perhaps enhanced levels of privacy, anonymity, and security. (That said, his paper that makes this claim is still under peer review.)

However, the lucrative profession ofBitcoin mining, under Ikedas protocol, would be very different than what it is today. Transactions would still need to be verified and secured. Butinstead of todays system of acryptographic puzzles, qBitcoins security would rely on a 2001proposalfor creating aquantum digital signature.Such a signature would rely on the laws of quantum physics to secure the qBitcoin ledger from tampering or hacking.

Ikeda's proposal is certainly not the first to suggest a quantum-cryptographic improvement onclassical-cryptography-based digital currencies. Other proposals in2010,2016,and evenearlier this yearhave also offered up variations on the theme. All work to mitigate against the danger large-scale quantum computers would represent to Bitcoin.

Of course, not every solution to the quantum singularity is as promising as every other. A person going by the handle amluto criticized Ikedas qBitcoin proposal onaprominent message boardlast week. (amluto claimed to be author of one of aprevious quantum currency proposalsfrom 2010presumably the 2010 proposals co-author Andrew Lutomirski, althoughIEEE Spectrumwas unable to confirm this supposition at press time.)

This is nonsense It's like saying that you can transmit a file by mailing a USB stick, which absolutely guarantees that you, the sender, no longer have the original file. That's wrongall that mailing a USB stick guarantees is that you don't have the USB stick any more, not that you didn't keep a copy of the contents. Similarly, quantum teleportation eats the input state but says nothing about any other copies of the input state that may exist.

Ikeda says he disagrees with the analogy. The point, he says, is that there are no other copies of the input state as it's called abovein other words of the quantum keys that secure qBitcoin. So, Ikeda says, qBitcoin is safe just like Bitcoin is safe today.

But one day, thanks to quantum computers, Bitcoin, will no longer be safe. Someone will needto save it. And, no matter who devises the winning protocol, the thing that threatens Bitcoinmay in fact also be the thing that comes to its rescue: The cagey qubit.

IEEE Spectrums general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

The Beijing-Shanghai project will form the backbone of the nations quantum communications network 26Oct2016

What is a blockchain and why is it the future of the web? 8Jul2015

New 53-kilometer record for quantum cryptography through the air could enable a 24/7 space-based quantum Internet 24Jul

While the fictional geniuses in HBOs Silicon Valley aim to reinvent the Internet, Mozilla and the NSF hope prize money will attract real-world innovations 23Aug

Organizations, organisms, and communication networks all have similar growth dynamics 18Aug

Annual Las Vegas gathering of white-hat hackers breaks into e-voting and registration systems, sometimes in just a few hours 3Aug

It looks a lot different than its decentralized predecessors. Can it last? 30Jun

This weeks Ukrainian malware attack cribbed from last months WannaCry ransomware outbreakbut foreshadows worse to come 30Jun

Mouser and Grant Imahara team up with the creative minds at WIRED Brand Lab to take a look at the modern city

Qudits can have 10 or more quantum states simultaneously compared to just two for qubits 28Jun

Record distance for quantum entanglement set at more than 1,200 km 15Jun

The human neocortex learns and recognizes new songs with amazing efficiency. See how it works 10Jun

Researchers publish taxonomy of trolls, sybils, and other online troublemakers 9Jun

The Pied Piper of the TV show's fictional quest to reinvent the Internet trails the progress of MaidSafe and the University of Michigan 9Jun

Enel talks a blockchain energy market while advocating incremental change in the sector 24May

The networking trick made famous by Bitcoin could make car-to-cloud communication easier and more secure 24May

But would a digital cybertreaty of the future bind Redmond to operate Windows XP as a public utility? 16May

Owlet provides new parents with much-needed sleep knowing that their infants heart rate and oxygen levels are constantly and effectively monitored.

The fictional entrepreneur of "Silicon Valley" sets out his plan to reinvent the Internet, and decentralized Web pioneer Brewster Kahle says it sounds very familiar 8May

Sovrin joins Hyperledger Indy to build a permissioned open ledger for identity management 2May

Read the original post:
qBitcoin: A Way of Making Bitcoin Quantum-Computer Proof? - IEEE Spectrum

DNA security and privacy is a looming problem that scientists and researchers are only just starting to grapple with. A team at Stanford has now developed a technique that can cloak irrelevant genomic information, allowing scientists to access key disease-related mutations without revealing an individuals broader genome sequence.

In a world where everything from dating profiles to medical diagnoses are drawing on DNA data, were currently just forced to hope that each company with access to our DNA is acting responsibly with out genetic fingerprints. But for many, hope is not enough, and nor should it be. With genomic information becoming increasingly of value, a demand has arisen for a way to secure that data while still being able to enjoy the benefits of DNA analysis.

Often people who have diseases, or those who know that a particular genetic disease runs in their family, are the most reluctant to share their genomic information because they know it could potentially be used against them in some way, says Gill Bejerano, associate professor of developmental biology, of pediatrics and of computer science. They are missing out on helping themselves and others by allowing researchers and clinicians to learn from their DNA sequences.

To address such concerns, the Stanford team developed a technique based on a classic cryptographic protocol, known as garbled circuit or Yaos protocol. The individual encrypts their own genome using an algorithm on their smartphone or computer, which translates specific gene variants into a linear set of values that are securely uploaded into the cloud. On the other end of the transaction, the researcher (or any second-party) accesses only the data that is pertinent to their investigation.

In this way, no person or computer, other than the individuals themselves, has access to the complete set of genetic information, says Bejerano.

The team demonstrated the process by executing several practical demonstrations, including identifying specific gene mutations in patients with rare diseases and comparing a babys DNA with his parents to target the likely cause of a genetic disease. In all tested instances, at least 97 percent of each subjects unique DNA information was completely hidden from the researchers.

As well as protecting a persons privacy when having their DNA processed for medical reasons, this technique could theoretically be applied to more commercial contexts, such as ancestry genome studies or even the rising field of nutrigenomics.

There is a general conception that we can only find meaningful differences by surveying the entire genome, says Bejerano. But these meaningful differences make up only a very tiny proportion of our DNA. There are now amazing tools in computer science and cryptography that allow researchers to pinpoint only these differences while keeping the remainder of the genome completely private.

Just recently it was demonstrated that synthetic DNA could be created containing malware that allows a malicious party to gain control of the computer that sequences it. As we learn more and more about what our genetic fingerprint means, the value of that fingerprint will only increase. In the future, the DNA marketplace will be big business and security protocols such as this new Stanford technique are going to be important.

The teams research was published in the journal Science.

Source: Stanford Medicine

Read the rest here:
Genome cryptography is the new way to secure your DNA data - Gears Of Biz