What are the different cryptographic attacks?

What is a cryptographic attack?

A cryptographic attack allows the attacker to bypass the security of a cryptographic system by assessing the weakness in its cipherAn encrypted message., cryptographic protocol, and key management scheme, a process also referred to as cryptanalysis.

There are many different attacks that the attacker uses to bypass the security of a system. Some of these attacks are as follows:

• Known plain-text attack: In this case, the attacker knows the plain text and cipher text, and they try to calculate the key by reverse engineering the cipher.
• Cipher-only attack: The attacker knows the cipher of different messages encrypted using the key. They try to calculate the key using the ciphers provided.
• Chosen plain-text attack: This attack is similar to the known plain-text attack, but now the attacker chooses a plain text of their own choice and then generates the cipher against them using the key. Now the attacker tries to calculate the key using the chosen plain text and the corresponding cipher.
• Chosen cipher-text attack: The attacker chooses a cipher text and decrypted text portion of the cipher. The attacker then uses this to figure out the key.
• Replay attack: In this attack, the attacker captures some of the authentication information and resubmits it to the server to gain access to the information meant for the original owner only.
• Brute force: It is the method of trying all the possible combinations to figure out the key. It may be relatively easier if the size of the key is smaller, but if the size of the key increases, it becomes computationally infeasible to test all the options.

Types of cryptographic attacks

The attacks mentioned above help the attacker access the cryptographically encrypted communication channel. After gaining access, the attacker can choose to eavesdrop on the communication channel or eavesdrop and tamper with the messages. The cryptographic attacks can be classified into two categories based on their use case:

• Active attacks
• Passive attacks

Active attacks

Active attacks occur when the attacker gets access to the communication channel between the two entities. The attacker acts as the man in the middle and can eavesdrop and tamper with the messages being sent on the channel between the entities. These attacks are relatively easy to detect but still are considered to be the more dangerous of the two, as the attacker can manipulate the data being shared and gain access or privileges.

Use cases of active attacks

• Masquerade: This attack occurs when the attacker pretends to be the sender, trying to convince the receiver that it is the sender. This is possible if the authorization procedure is not secure, as the attacker can pretend to be another entity using stolen passwords.

• Modification of messages: Messages being shared between the two entities via a communication channel can be tampered with if the attacker gets access to the key used to encrypt/decrypt the messages.

• Denial-of-Service: The attacker in the middle of both the entities can either completely stop the messages from one entity from reaching another or overload an entity by relaying a message multiple times to overload the receiving entity. Both these cases result in a denial of service.

Passive attack

Passive attacks occur when the user gets access to the communication channel between the two entities and can eavesdrop on the ongoing communication between the two entities. However, the attacker can't tamper with the messages in this case as was possible in the active attack. Passive attacks are harder to detect and cause little less damage than active attacks, but the confidentiality of the messages is lost.

Use cases of passive attacks

• Traffic analysis: The attacker analyzes the traffic data, the origin, and the destination IP address of the message. They also monitor and analyze the human and machine identities on both ends.
• Release of message contents: The attacker listens to the information being shared on the compromised communication channel and releases the message's contents.