Java Reference
In-Depth Information
8.1.6.6 Side-Channel Attacks
Side-channel attacks are not really attacks that directly afect the cryptosystem. hese attacks
are aimed at obtaining meaningful information from the physical implementation of the crypto-
graphic algorithm and are used to decipher the cleartext or the key based on the observations of
factors such as CPU cycles (time taken), voltage used, and the electromagnetic radiation emitted,
which directly provide cleartexts and other useful information. Side-channel attacks have been
used successfully against SSL, with an RSA encryption, where the timing attack was used to look
for anomalies in the speed of network traic and the cleartext was obtained within a matter of
hours.
Cryptographers sometimes label side-channel attacks as being unfair, as the algorithm itself
does not give away the key or the cleartext, but it is important to note that the main motivation
of attackers is to get the data or the key encrypting it, and they usually do not adopt fair means
of doing so.
8.1.6.7 Linear and Differential Cryptanalysis
Linear cryptanalysis revolves around the theory of probability. he attacker performs a known-
cleartext attack against several diferent messages encrypted with the same key. he attacker, after
obtaining these messages, analyzes them for the probability of these values having speciic character-
istics, from which he derives the speciic key used to encrypt the cleartext messages. he aim here is to
obtain the key or the highest probability of key used for the purposes of encryption and decryption.
Diferential cryptanalysis is a process where the attacker passes two cleartext messages through
the process of encryption and observes the entire encryption process. he diference created out of
the substitution and transposition of the data blocks is used to map probability values for possible key
values. he key that has the highest probability is likely the key used for the encryption process.
8.1.6.8 Birthday Attack
he birthday attack relies on a theory that states that in any room of 23 people, there is a 50%
chance that two of those people will share a common birthday. One-way hash functions deliver a
hash value that is unique. he birthday attack occurs when the one-way hash function is run with
two diferent inputs and a common hash value is found in the results obtained. his is known as a
collision attack
. Collision attacks occur when secure hash functions are not equipped with the capa-
bility of
collision resistance
. One of the most well-known collision attacks was the collision attack
against the MD5 hashing algorithm in the year 2008, when researchers were able to generate forged
digital certiicates using the vulnerable MD5 algorithm and launch a rogue certiicate authority.
8.2 Crypto Implementation for Web Applications
8.2.1 Data Protection with Cryptography—A Primer
Implementation of cryptography into Web applications is one of the key security requirements
in the present day, where a large quantum of sensitive information is being transacted over the
Internet, via Web applications. It is important to ensure that the Web application has a solid access
control and logging mechanism and has been developed using secure coding practices. However,
Search WWH ::
Custom Search