Breaking cryptography

Often underestimated, the easiest way to compromise cryptography involves exploiting human behavior. Deceiving users into revealing their keys or manipulating them into actions that create system vulnerabilities is a common tactic. Beyond these social engineering techniques, several other methods exist to break cryptography:

Brute-force attack: This involves systematically trying every possible key until the correct one is found. Its success depends on computational power and time; more power reduces the time needed. Increasing the key length effectively counters this by forcing attackers to expend significantly more resources and time. For instance, a 256-bit AES key would require testing approximately 2128 possibilities (on average). To put this into perspective, 2128 is roughly 3.402×1038, an astronomically large number. Even with the capacity to test ten billion keys per second, it would take an estimated 5.395×1029 years to crack such a key.
Cryptanalysis: This involves analyzing the encryption algorithm itself to discover inherent weaknesses that can be exploited to decrypt data. Cryptanalysis requires deep expertise in mathematics and computer science, either to directly attack the algorithm or to assess its resilience against potential attacks.
Side-channel attack: This method exploits unintentional information leakage from the physical implementation of a cryptosystem. Vulnerable characteristics include timing variations, power consumption patterns, and electromagnetic or acoustic emissions (Grassi, Garcia and Fenton, 2017). Instead of directly targeting the software code, this type of attack gathers intelligence by measuring or exploiting the indirect physical effects of the system's operation. For example, an attacker might monitor the power and electromagnetic fluctuations of a cryptographic device during its operation to glean enough information to break the encryption.

Implementing cryptography effectively is a complex undertaking. It demands a rigorous and systematic approach with meticulous attention to detail. Potential attackers will actively seek and exploit weaknesses in the design and/or implementation of a cryptographic system, encompassing technical (e.g., bugs, misconfigurations), organizational, and human aspects across the entire system. Consequently, defenders need a comprehensive risk management strategy for selecting and implementing cryptographic methods, considering dependencies on underlying technical components (e.g., operating systems, applications, libraries) as well as people and processes.

Furthermore, instead of investing heavily in trying to break robust encryption directly, attackers may opt for alternative attack vectors targeting other parts of the cryptosystem. This could involve gaining unauthorized access to secret keys without directly tampering with the encryption itself. Examples include exploiting vulnerabilities in the information system where keys are stored and processed or using social engineering tactics. A notable example is the 2011 attack on RSA, a prominent security firm founded by the co-inventors of asymmetric cryptography. Attackers successfully compromised RSA's network by tricking employees into opening a malicious email attachment. This malware allowed them to navigate the company's systems and ultimately access the cryptographic keys used to generate SecureID token values for RSA's two-factor authentication product. This incident severely damaged RSA's reputation, resulted in business and financial losses, and had a widespread impact on the security of its customers, who could no longer fully trust their SecureID tokens.

Attackers can also target the infrastructure that supports cryptographic methods, particularly the public key infrastructure (PKI). By compromising a certificate authority (CA), malicious actors can generate legitimate certificates. These can then be used to intercept encrypted communication or digitally sign malware, causing victims' machines to trust it and bypass security software. For example, in 2011, the Dutch CA DigiNotar was successfully compromised, leading to the issuance of numerous fraudulent digital certificates that affected the Dutch government and thousands of others. The company subsequently went bankrupt. In the same year, Comodo, a US-based CA, also suffered an attack.

The reality is that all CAs face constant threats from attackers trying to breach their systems, and some inevitably have vulnerabilities or inadequate security practices. Examples illustrate various origins of these weaknesses:

Mismanagement: As seen in 2013 when fraudulent certificates for Google domain names were issued by TurkTrust (Fisher, 2013).
Rapidly addressed vulnerabilities: Such as the security flaw in StartSSL's domain validation process in 2016, which could have allowed attackers to issue certificates for domains they didn't own (Security Week, 2016).
Self-detected vulnerabilities: Like the code vulnerability GoDaddy identified and fixed within three days during a security audit in 2018, which could have allowed attackers to bypass their validation controls (Tayer, 2018).

In some instances, incidents have eroded trust to the point where major actors cease to recognize a CA's digital certificates, as Microsoft did with StartCom/woSign certificates in 2017 (Microsoft, 2017). Furthermore, numerous reports exist of sophisticated attacks targeting CAs, often without revealing the CA's name. One example is the Billbug attack detected by Symantec in 2022, which compromised an Asian CA as part of a broader campaign targeting multiple Asian countries (Symantec, 2022). Compromising the digital certificate of a supply chain participant can be particularly effective for attackers, potentially allowing them to exploit their customers' systems. The infamous SolarWinds attack in 2021, for instance, saw malicious actors gain access to Mimecast's production environment (a cloud-based email management company) and a Mimecast-issued certificate used by some customers to authenticate various Microsoft 365 Exchange web services (Goodin, 2021).

Finally, attackers can also compromise the endpoints themselves to intercept information before encryption or after decryption. This could involve installing software that automatically captures and transmits screenshots when sensitive data is displayed. In such cases, while the confidential information is compromised, the underlying cryptographic method remains unbroken. These examples underscore that trust in a cryptographic method must extend beyond the core algorithms to encompass all supporting components, including the cryptographic infrastructure (e.g., PKI), operating system, applications, time source, random number generator, hardware, and network components. The security of each element within this broader cryptosystem involves human, procedural, and technological aspects. Crucially, the trustworthiness, integrity, and verifiability of each component's supply chain are also of paramount importance.

Page updated

Google Sites

Report abuse