Table of Contents Cyber Attacks Explained: Cryptographic Attacks
Scope of Article
Cryptographic solutions are used to encrypt data transmission over wireless or wired protocols. Unfortunately, these techniques are vulnerable to cyberattacks, and data can be stolen or disrupted.
In this article, we will learn about this problem and also understand various means to strengthen encryption techniques to protect the network infrastructure.
We will also explore how to use various methods to achieve the same, using FOSS-based solutions.
How Cryptography Works?
The heart of cryptographic network communication is Public Key Infrastructure (PKI), which is used to encrypt TCP/IP communication between two network endpoints.
PKI uses various encryption algorithms to ensure data security. The whole idea behind encryption is to make it so difficult that trying all possible keys becomes time-consuming.
For example, if a message is encrypted using an 8-bit key, there are 256 combinations to try, which any computer can solve in less than a second.
With a 32-bit key, 65,536 combinations are needed, taking more time. A 256-bit key requires such an enormous number of combinations that even powerful computers would take years to crack.
While key length is critical, the mathematical algorithm used for encryption and decryption is equally important. Algorithms like SHA1 and 3DES have their strengths and weaknesses.
Cryptography uses symmetric keys (one key for both encryption and decryption) and asymmetric keys (two complementary keys: public and private).
On the internet, cryptography powers SSL (Secure Socket Layer) and TLS (Transport Layer Security). These protocols encrypt and decrypt data to protect sensitive information during online transactions.
SSL/TLS uses asymmetric PKI key exchange and requires SSL certificates signed by trusted authorities like Verisign or Thawte.
Certificates validate the legitimacy of websites and tie them to domain names, enabling HTTPS communication via TCP port 443.
How Certificates Work
Digital certificates based on asymmetric PKI use two keys: a public key and a private key.
The private key is installed on the web server, while the public key is shipped with browsers.
Browsers support multiple certificate authorities and come equipped with their public keys and ciphers.
Certificates have expiration dates and must be renewed. When a digital certificate is installed on a server, its private key is stored securely.
During an SSL handshake:
- The browser challenges the server with its cipher strength.
- The server responds with its cipher strength and SSL certificate.
- The browser validates the certificate using trusted public keys.
- If verified, the browser sends a digitally signed response to initiate secure communication.
If the certificate cannot be verified, the browser alerts the user. While SSL/TLS provides security, it adds overhead to TCP/IP communication, resulting in larger packet sizes.
Cryptographic Attacks
Many administrators invest heavily in application, server, and infrastructure security but overlook cryptographic security.
Attacks can target the keys, data, or encryption mechanisms. Below are common cryptographic attacks:
1. SSL MITM (Man-in-the-Middle) Attack
The attacker intercepts HTTPS traffic, captures the server’s certificate, and creates a self-signed fake certificate.
Browsers warn users, but most ignore it, enabling the attacker to steal sensitive information.
2. SSL MITB (Man-in-the-Browser) Attack
Attackers inject JavaScript code into browsers to monitor SSL sessions and attempt to decipher keys.
This attack is becoming more common due to vulnerabilities in open-source browsers.
3. Key Hijacking
Attackers gain access to a compromised server’s certificate store to steal the private key.
They can then decrypt stored HTTPS sessions and steal personal data such as user IDs, addresses, and credit card numbers.
4. Birthday SSL Attack
Based on the birthday paradox, attackers generate data that produces the same hash as the original data, compromising integrity and helping derive encryption keys.
5. Chosen Dataset Attacks
In a chosen plaintext attack, attackers compare multiple encrypted outputs with known plaintext.
In a chosen ciphertext attack, attackers compare multiple decryption attempts against known results. Both require significant computational resources.
6. SSL Brute Force Attack
Attackers send small datasets through SSL, capture outputs, and gradually build the key. This process is slow but can be accelerated by combining with group key deciphering.
7. Group Key Deciphering
Multiple attackers use powerful machines to try different permutations of keys simultaneously.
Cracking even 128-bit encryption has been shown possible in a few days with enough computing power.
8. Compromised Key Attack
If a trusted certificate authority’s private key is stolen, attackers can issue fraudulent certificates that pass browser authenticity tests, leading to serious data theft.
9. SSL DoS Attack
Attackers overload SSL servers with bogus requests, exhausting CPU resources and causing outages.
They may also flood TCP port 443 with fragmented packets to achieve denial of service.
Protecting FOSS Systems
In FOSS environments, cryptography is primarily used on web servers via SSL.
Developers can digitally sign code to prevent tampering. Key protective measures include:
- Use digital certificates from trusted authorities with strong algorithms and 256-bit or higher keys.
- Protect the certificate store on servers, limiting access to administrators only.
- Implement intrusion detection systems (IDS) to prevent brute force and denial-of-service attacks.
- Use additional security measures like firewalls, UTMs, and anti-malware tools.
- Encrypt files or entire disks in Linux workstations for additional protection.
About the Author
The author has over 18 years of experience in IT hardware, networking, web technologies, and IT security.
Prashant is MCSE, MCDBA certified, an F5 load balancer expert, ethical hacker, and net-forensic specialist.
He runs Valency Networks in India (www.valencynetworks.com) offering IT security consultancy, audits, and infrastructure solutions.
Contact: prashant@valencynetworks.com
