' CRYPTANALYSIS AND BRUTE FORCE ATTACKS

Cryptanalysis and Brute For e Atta !s "a#es Pri e $rant%a# Uni&ersity $S'()

* Cryptanalysis and Brute For e Atta !s

Cryptanalysis and Brute For e Atta !s According to Hoque et al (2005), "Security is a major concern in modern society, especially given the utilization of digital techniques in the creation, editing and distribution of sensitive data. Digital data can easily be copied and multiplied without any information loss, but the ubiquity of the Internet makes it very difficult to control and trace such intrusions by unauthorized people".

Encryption

In order to address the similarities and differences between cryptanalysis and brute force attacks. There first is a need to cover what cryptography is and to explain the key terms being discussed in this paper. Cryptography is the science of hiding information in a message, or system, by changing its contents using a secret key which only the originator and the person intended to read the information know. The goals of encryption are to make data unintelligible to unauthorized readers and to make it extremely difficult to decipher data when attacked. There are two methods of key use; symmetric and asymmetric. Symmetric key encryption uses the same key to encrypt and decrypt data. There are two types of symmetric key encryption; block cipher and stream cipher. Asymmetric encryption uses a key-pair with a mathematical association. One key, the private key, is used to encrypt data. The other key, the public key, is used for decryption. Asymmetric encryption is often used for authentication and digital signatures.

According to Smith (2001), "Their are several basic methods that can be used to encrypt a message. One method is called a transposition cipher. This cipher only changes the order of the plaintext within the message, e.g. 'LEAVE AT NOON' might become 'EVAELTANOON'. Another method is known as a substitution cipher. This method exchanges the characters in the plain text with other characters defined by a key". Before the message becomes encrypted it is referred to as plaintext. After encryption the message in its new form is called cipher text. There are several encryption algorithms in use. Some well known encryption algorithms include: AES, DES, Triple DES, Blowfish, Serpent, and Two fish.

Cryptanalysis and brute force attacks

"There are two general approaches to attacking a conventional encryption scheme; cryptanalysis and brute force attack."(Stallings, 2014) Cryptanalysis is the detailed examination of information systems, which is done to discover hidden information from within the system. In other words, cryptanalysis is the study of cipher text in an attempt to restore the message to plain text. "Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the plaintext or even some plaintext-cipher text pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used."(Stallings, 2014) A brute force attack is a crypto analytic technique of attacking a system . In a brute force attack the attacker is attempting to use all possible keys on cipher-text until the correct one is found to access a system. The brute force technique becomes increasingly difficult to break through an encryption key as the key length being used gets longer. For example, it is more

) difficult to find the correct characters and their sequence to decrypt a 128-bit encryption algorithm key than it is to decrypt a 64-bit key. Brute force attacks can be conducted on

passwords or cipher text in a number of ways. If the length of the cipher text or password is known, every single combination of numbers, letters and symbols can be tried until a match is found. This is a slow process, especially as the length of the cipher text increases.

Cryptanalysis Techniques One of the most common techniques used in cryptanalysis is frequency counting. According to Smith (2011), The most common letters in the English language are E,T,N,R,O,A,I and S. These eight characters make up around 67% of the words in the English language. Vowels, A,E,I,O,and U make up around 40% of English text. The frequency may vary depending on what the plaintext is. A frequency count can be conducted on a cipher to determine what the least and most common characters are in the cipher. The frequency count method should be used on the substitution method. The more information known about the plaintext message, the easier it is to decipher the message. Formatting and pattern can be changed in a cipher text message to make it more difficult to determine the plaintext. For example, spaces and punctuation can be used for padding a message. Random length padding prevents an attacker from knowing the exact length of the plaintext message. ASCII code or Unicode are used to change words into 1's and 0's for the computer to work at the machine level. These 1's and 0's are called bits. Block ciphers are commonly used to encrypt messages. A block cipher uses fixed length groups of bits in a cipher text message.

What happens if attack is successful?

"If either type of attack succeeds in deducing the key, the effect is catastrophic; all future and past messages encrypted with that key are compromised." (Stallings, 2014) A data breach occurs as a result of a compromised encryption key. Secure information becomes insecure in this occurrence. A data breach can result in serious damage to an organization including loss of trade secrets, funding, leakage personally identifiable information, and compromise of client information. In the modern technology age it is essential to have a secure information system with good encryption applied. ,

/ Re.eren es 1. Hoque, S. S., Fairhurst, M. M., Howells, G. G., & Deravi, F. F. (2005). Feasibility of generating biometric encryption keys. Electronics Letters, 41(6), 309-311. doi:10.1049/el:20057524 2. Smith, C. (2001, NOV 17). Basic cryptanalysis techniques. Retrieved from http://www.sans.org/reading-room/whitepapers/vpns/basic-cryptanalysis-techniques-752 3. Stallings, W. (2014). Cryptography and network security : principles and practice. Boston: Pearson.