Cryptography Reference
In-Depth Information
Fig. 1.6
Overview of cryptanalysis
Classical Cryptanalysis
Classical cryptanalysis is understood as the science of recovering the plaintext
x
from the ciphertext
y
, or, alternatively, recovering the key
k
from the ciphertext
y
.
We recall from the earlier discussion that cryptanalysis can be divided into ana-
lytical attacks, which exploit the internal structure of the encryption method, and
brute-force attacks, which treat the encryption algorithm as a black box and test all
possible keys.
Implementation Attacks
Side-channel analysis can be used to obtain a secret key, for instance, by measuring
the electrical power consumption of a processor which operates on the secret key.
The power trace can then be used to recover the key by applying signal processing
techniques. In addition to power consumption, electromagnetic radiation or the run-
time behavior of algorithms can give information about the secret key and are, thus,
useful side channels.
2
Note also that implementation attacks are mostly relevant
against cryptosystems to which an attacker has physical access, such as smart cards.
In most Internet-based attacks against remote systems, implementation attacks are
usually not a concern.
Social Engineering Attacks
Bribing, blackmailing, tricking or classical espionage can be used to obtain a secret
key by involving humans. For instance, forcing someone to reveal his/her secret key,
e.g., by holding a gun to his/her head can be quite successful. Another, less violent,
attack is to call people whom we want to attack on the phone, and say: “This is
2
Before you switch on the digital oscilloscope in your lab in order to reload your Geldkarte (the
Geldkarte is the electronic wallet function integrated in most German bank cards) to the maximum
amount of
200: Modern smart cards have built-in countermeasures against side channel attacks
and are very hard to break.
e
