Computer Security from the Attack - Case Study Example

? Computer security Threat Modeling Attack goals The attack goal in to access and view sensitive encrypted files stored in Alice’s laptop located in her workspace. Attacker The attacker is Charlie who can only access the physical location within 43 minutes only. He plans to do it single handedly within 9 days. Security Assumption Physical location access is restricted to only 43 minutes, which is far less time to carry access the encrypted files. Also it is assumed the AES encryption method deployed by Alice is secure enough to restrict unauthorized access to the encrypted file as well as the fact that the password used is strong enough to warrant random guess (Eran Tromer, 2008). Characteristics of the attacker Motivation The motivation is to view encrypted files within the limited 9 days’ time frame after which the information loses relevance to the attacker. Access The attacker has only access to physical location of the workstation though the time is limited to only 43 minutes. Skills and risk aversion The attacker is risk averse and has idea on file encryption techniques. The attacker is not mindful of the legal and ethical ramifications of the operation but he is not willing to attain his goal through violent means. Basic Attack tree Possible attacks Special Equipment Required Attack tree against AES Goal: Read a message encrypted with AES 1. Decrypt the message itself. (OR) 1.1. Break asymmetric encryption.(OR) 1.1.1. Brute-force breaks asymmetric encryption. (OR) 1.1.2. Mathematically break asymmetric encryption (OR) 1.1.2.1. Break RSA. (OR) 1.1.2.2. Factor RSA modulus/calculate AES discrete log. 1.1.3 Cryptanalyze asymmetric encryption 1.1.3.1. General cryptanalysis of RSA/ AES (OR) 1.1.3.2. Exploiting weakness in RSA/ AES. (OR) 1.1.3.3. Timing attacks on RSA/ AES. 1.2. Break symmetric-key encryption. (OR) 1.2.1. Brute-force break symmetric-key encryption. (OR) 1.2.2. Cryptanalysis of symmetric-key encryption. 2. Determine the symmetric key used to encrypt the message via other means. 2.1 Use private public key whose private key is known. (OR) 2.1.1. Convince the file owner to that a fake key (With known private key) is the key of the intended recipient. 2.1.2. Convince the owner to encrypt using more than one key that is use of another key whose private key is known. 2.1.3. Have the file encrypted with a different public key in the background unknown to the owner. 2.2. Have the owner sign the encrypted symmetric key. (OR) 2.3. Monitor owner’s computer memory. (OR) 2.4. Monitor other user back-up storage memory. (OR) 2.5. Determine the key from pseudorandom number generator. (OR) 2.5.1. Determine the state of randseed. Bin when the message was encrypted. (OR) 2.5.2. Implant software (virus) that deterministically alters the state of randseed.bin. (OR) 2.5.3. Implant the software that directly affects the choice of symmetric key. 2.6. Implant a virus that exposes the symmetric key. 3. Get owner to (help) decrypt message. (OR) 3.1. Chosen cipher text attack on symmetric key. (OR) 3.2. Chosen cipher text attack on public key. (OR) 3.3. Ghost the drives to an external storage medium. (OR) 3.4. Monitor outgoing data from the owner’s computers through the network. (OR) 3.5. Intercept transferable data through the network (OR) 3.6. Read decrypted intercepted file. 3.6.1. Copy the message from the owner’s hard drive or virtual memory. (OR) 3.6.2. Copy the files from back-up media (OR) 3.6.3. Monitor network traffic. (OR) 3.6.4. Use electromagnetic snooping techniques to read files as they are displayed on the screen (OR) 3.6.5. Recover read message from print-out 4. Obtain private key from the owner 4.1. Factor RSA modulus/ calculate AES discrete log. (OR) 4.2. Get private key of owner. (OR) 4.2.1. Obtain encrypted owners private key ring. (OR) 4.2.1.1. Copy it from owner’s hard drive. (OR) 4.2.1.2. Copy it from disk backups. (OR) 4.2.1.3. Monitor network traffic. (OR) 4.2.1.4. Implant virus or worm to expose copy of the encrypted private key. 4.2.2. Decrypt Private Key. 4.2.2.1. Break AES encryption. (OR) 4.2.2.2.1.1. Brute-force breaks AES. (OR) 4.2.2.2.1.2. Cryptanalysis of AES 4.2.2.2. Learn passphrase. 4.2.2.2.3. Use keyboard-login software to record passphrase when typed by owner. (OR) 4.2.2.2.4. Guess passphrase 4.3. Monitor owner’s memory. (OR) 4.4. Implant virus to expose private key. 4.5 Generate insecure public / private key pair for owner. Explanation of the attack tree against AES The attack tree for AES encryption depicted above highlights the paths Charlie can use to access and read the files in Alice’s’ workstation. Since AES is a complex program, this alternative unlike the earlier methods cannot be illustrated graphically but only through an outline form. This particular attack tree has an encrypted file with AES as its goal. What becomes apparent from the outline is the use of RSA encryption algorithm is not suitable for AES attack. There are also several ways to read the encrypted files without necessarily breaking the cryptography. The attacker can capture their screen when the owner decrypt and read the files by deploying malware such as Trojan horse, TEMPEST receiver or secret camera to capture the private key as they are user enters the password. The use of back orifice as well as dedicated computer virus can be used to recover the owner’s password. Other means from the outline would involve the use of keyboard sniffers or brute force attack to force the owner’s passphrase. The use of brute force can guarantee much less entropy than 128-bit IDEA keys that it generates (Prince, 2009). In the process of attack, the choice of algorithm and the key length is probably the least important factor that affects the AES’s overall security. AES is not only secure, but it has to be used in an environment that leverages that security without creating any new insecurity (Fisher, 2012). Attack tree analysis Using the above outline specification we can be able to draw several conclusions on the attack possibilities on the AES encryption that Charlie has to factor in order to access Alice’s encrypted files and read them. Intrusiveness of the attack From the attack tree, we are made aware of several techniques each with different intrusiveness levels that Charlie can implements to access Alice’s encrypted files. For instance in all these probabilities all methods used have proved intrusive since they attempt to gain access though the violation of privacy without Alice’s authorization. Legality of attack Considering the strategies depicted, it is apparent that all methods executed in facilitating access to the encrypted files are illegal; this implies Charlie will have to consider all illegal avenues to access the encrypted files. However this is not a consideration considering Charlie has no regards for the legal ramifications it presents. Success probabilities The success of each attack path presents different challenges, but considering the AES explanation, it is the non-technical means that tend to prove most successful. Therefore Charlie has to adopt simpler techniques such as eavesdropping unlike technical methods such as brute force that takes long to implement as well as the fact that they are not likely certain they can decrypt encrypted data. Conclusion From the attack techniques that have been analyzed through the attack trees created, it further concludes that simpler attacks are more effective and efficient over technical data decryption models such as use of brute force, phishing this would imply that Charlie should use simpler techniques in accessing encrypted files that technical means that are time consuming and costly. Bibliography Eran Tromer, D. A. (2008). Efficient Cache Attacks on AES, and Countermeasures. Gjovik University College. Fisher, D. (2012, August 19). New Attack Finds AES Keys Several Times Faster Than Brute Force. Retrieved April 4, 2012, from Threat Post: http://threatpost.com/en_us/blogs/new-attack-finds-aes-keys-several-times-faster-brute-force-081911 Mackey, D. L. (2005). Ibm managed security service for security intelligence. IBM Global Sevices. Mauw, S. (2006). Foundation of attack trees. Eindhoven University of Technology. Prince, B. (2009, August 25). Latest AES Encryption Attack Not the End of the World. Retrieved April 4, 2012, from Security Watch: http://securitywatch.eweek.com/vulnerability_research/aes_encryption_attack_not_the_end_of_the_world.html Schneier, B. (2005). Attack Trees. Minneapolis: Counterpane. Yukiyasu Tsunoo, E. T. (2005, Novemeber). Improving cache attacks by considering cipher structure. International Journal of Information Security. Read More