Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Attacks on Cryptosystems > Plaintext-Based Attacks - Pg. 57

AnIntroductionToCryptography·Chapter3 57 It was mentioned earlier that cryptographic algorithms are public knowledge, and that the security of most cryptographic solutions are dependent on the security of the cryptographic key. Protecting the cryptographic key, whether it is a shared key in a symmetric cryptosystem or the private key in an asymmetric cryptosystem, is the most important security requirement to protect any implementation of cryptography. Many attackers target users using social engineering and various technological attacks, because getting access to a key is much easier than using cryptanalysis to break encryption. Attacks on cryptosystems also target weak implementations. Too often, cryptographic implemen- tations are not planned properly. A system does not become secure simply because a cryptographic technology was implemented. Sometimes security is weakened to increase usability. Attackers target these systems, as once again, it is easier to gain access to these systems than trying to break encryption. Sometimes MITM attacks target the cryptographic communication and the key exchange process. An attacker intercepts the communication channel, typically by pretending to be one of the communicators, and exchanges his or her own key with each of the communicators. The attacker can then decrypt and re-encrypt the message before passing it on to the intended person. In this scenario, the communicators are not aware that they have involuntarily disclosed the contents of the communication to a third party. The above shows that it is easier to target the users and the systems on which cryptographic controls are implemented, than to attack the cryptography itself. However, we know that cryptanalysis is a branch of cryptology that is concerned with the inversion of cryptography. There are several cryptanalysis techniques that are used to subvert cryp-