Cryptography Lecture Notes

Introduction to Cryptography

• Cryptography is used daily, often without awareness.
• Security of encrypted data depends heavily on the key used in encryption.
• Attackers often don't have access to keys and may attack the system's other vulnerabilities.

Importance of Examining Cryptography

• Cryptographic protocols and algorithms are public for examination.
• Public scrutiny helps identify weaknesses or workarounds.
• Secure algorithms must withstand the test of time.
• Implementation errors often provide attackers with vulnerabilities.

Attacks on Cryptographic Algorithms

Birthday Attack

• Example: In a room of 23 students, there's a 50% chance two share a birthday.
• In cryptography, this relates to hash collisions (two plaintexts producing the same hash).
• Brute force methods are often used to find collisions.
• Larger hash output sizes make collisions harder to find.

Hash Collision Example

• MD5, a message digest algorithm, was found to have collisions.
• Used to create seemingly legitimate certificates without proper authorization.

Implementation Vulnerabilities

Downgrade Attack

• Utilizes secure algorithms but exploits implementation weak points.
• Forces devices to use weaker encryption or no encryption.

SSL Stripping

• Form of downgrade attack combining with an on-path attack.
• Attacker in the middle removes HTTPS encryption, forcing HTTP usage.
• Example Scenario:
  • Visitor sends an HTTP request.
  • Attacker intercepts and prevents redirection to HTTPS.
  • Attacker communicates with the server using HTTPS, while visitor remains on HTTP.
  • User credentials and data sent unencrypted, accessible by attacker.
  • Attacker uses credentials to interact securely with the server, posing security risks.

Conclusion

• Awareness and correct implementation are essential for secure cryptographic practices.
• Constant evaluation and updates to cryptographic algorithms and their implementations are necessary to maintain security.