Attacking Cryptography Computer Security - Report Example

? Attacking Cryptography Computer Security Table of Contents Introduction 2. Possibilities of Attack 2 Key Protection 2.2. Attach Trees 3. Conclusion 4. Glossary 1. Introduction Computer operating systems use various data protection methods to prevent any form of malware and spyware from getting access to the data stored into a computer or a computer network. The challenge with the data protection methods is that when two or more application programs are being executed concurrently, they share common resources such as the processor and the internal memory (Nedjah & Mourelle, 2005). As information shares the channels of transfer, there is a possibility of one program gaining access to the information in another program whether they have been encrypted or not (Yoshiura, 2006). Operating Systems store information about commonly used programs and through the network, programs such as KeePass can read encrypted files, posing a serious attack to cryptography as a data protection technique. Even so, the challenge for KeePass is that it operates for a limited duration beyond which it does not have the capability to read encrypted files. A number of encrypted data files stored in the various cache locations are at risk of attacks by such malicious program as KeePass. These programs can study the number of times a cryptographic system used the same cache locations (Dong & Chen, 2012). This study investigates and presents cryptographic attack trees which illustrate the methods Charlie can use to read Alice’s data files in the data transfer channel. KeePass can use the memory address information in the network to access the locations of the files using a set of secret coded access keys in the operation (Vacca, 2012). The attack trees demonstrate a clear and reliable procedure for studying the access keys considering the information on the patterns of memory access. The trees have to show the possibility of KeePass increasing its speed of data search in order to access the secret keys within a fraction of a second to enable the actual attack on cryptographic process to be successful. 2. Possibilities of Attack Out of the study, the expectation is to discover ways of improving cryptography as a means of data protection. Various computer security firms provide information about data protection methods, encryption and decryption being one of them (Echizen, Kunihiro & Sasaki, 2010). The experts in the field of information security use special software applications to block hackers from accessing information from their servers and in the entire unsecure channels in the networks. These hacker-proof programs are the targets of cryptography attack, using the same strategies as KeePass. Another common open source hacker-proof application in the global network is triple-DES security. In essence, it is intriguing to realize that secure channels are also at risk of being broken into at any time. Cryptography has for a long time been among the safest methods for transferring information in the global data transfer networks. With the possibility of breaking through the unbreakable security calls for newer ways of improving the cryptographic designs apart from discovering other alternative options of data protection (Handschuh & Hasan, 2005). The capability of KeePass and other key cracking software programs is a real proof that even strong cryptography keys get broken into. This implies that there are attacks that are beyond the capability men. Information security experts must first exhaustively identify the sources of cryptographic attacks (Anupam, 2009). This can be done through designing ways of modeling threats of attacks against computer systems. This requires a god understanding of all possible ways through which system attacks can be possible. This study focuses on ways of designing counterattacks methods such as access key protection in order to frustrate the possible attacks. 2.1. Key Protection The possibility of information attacks emerges as a result of ignorance of information user on the weaknesses of network security. Studies have shown that about 60 percent of the global population is not acquainted with the latest information security threats to various networks. Most of them depend on information sources which apply unique approaches to cryptography (Paillier & Verbauwhede, 2007). These information sources are based on theoretical proof security, to evaluate the cryptographic techniques with more confidence, then design error proof and hacker-proof cryptography, and finally understand how to apply many new techniques in identifying and the potential threats to cryptography. Designs for cryptography produced by information security experts give confidence and the possibility of using them owing to the inability of information hackers to break the keys. There are proven information security approaches that will enable Alice to go beyond the knowledge of Charlie to access the information. They will enable her to assess the available cryptographic designs and increase her level of scientific and empirical confidence, in deciding on the optimal design out of the various options (Johnson & Mohamed, 2006). When Charlie understands the techniques behind the use of provable information security, it does not matter how secure the designs are in protecting Alice’s files. From an informed point of view, he only needs to acquire an open source application from that is able to break the secret keys. Alice therefore has to improvise the capability of the encryption tools in a continuous basis as an approach to use secure design that are of minimal cost. 2.2. Attach Trees This study uses attack trees as a formal method of giving description of system security on the basis of various cryptographic threats. In the trees, we use a tree structure to give a picture of attacks on a computer system. There are two elements of the tree; the root node representing the goal and leaf nodes representing various methodical approaches of obtaining the goals. In the figure below, we show a simple attack tree for an attack against the physical components of a computer server: Figure 1: Representing Attack Nodes. (P: Possible, I: Impossible) Figure 2: All possible threats and Attacks costing below 100,000 US Dollars Figure 3: Low Cost Threats and attacks that require no special Equipment The goal or the driving force for Charlie is to opening and read the contents of the encrypted file. In order to open the file, Charlie can download KeePass from the internet for free and then increase the frequency of its access to the network to increase the chances of it reading the file (Karl & Bergstra, 2007). After decryption and reading the file contents, Charlie has the discretion to do anything with the information, depending on his character. He has the potential to destroy the data file, steal information, use it to blackmail Alice and issue threats to Alice. Worse still he can decide to share it with undesired groups of people. All the elements of the attack tree show the various ways that Charlie can use to attack the network servers and access the file. Each of the nodes becomes a sub-goal of the main goal. At the same time, they become the children of the node since they are ways of accessing and unlocking the file. 3. Conclusion Attack trees provide a formal methodology for analyzing the security of systems and subsystems. They provide a way to think about security, to capture and reuse expertise about security, and to respond to changes in security. Security is not a product -- it's a process. Attack trees form the basis of understanding that process. This is an attack tree for classical cryptography since it mainly discusses ways of unblocking the encrypted file. It does not however explain more the exact goal that the attacker is aiming at achieving. It does not provide practical mechanisms through which the objectives will be realized. Charlie will put more efforts on studying the methods in the symmetric encryption in defining the objectives of the security to understand the boundaries and implications of information security. In the light of this, it is possible for both the attacker and the victim to study the information security and the encryption schemes in secure channels. Experts of information security use various cryptographic software programs in the entire world. 4. Glossary Term Definition Encryption Conversion of normal text communication into coded messages for transfer through unsecure channels (Yoshiura, 2006). Decryption Converting encrypted files or information into normal text messages (Johnson & Mohamed, 2006). Cryptography Method of information security protection using encryption and decryption (Paillier & Verbauwhede, 2007). Secure Channel Channel of information transfer that is accessible by the whole world (Johnson & Mohamed, 2006). KeePass Open source program for cracking encryption keys (Karl & Bergstra, 2007). Appendix References Anupam, D. (2009). Advances in Computer Science, Information Security and Privacy: 13th Asian Computing Science Conference, Seoul, Korea, December 14-16, 2009, Proceedings. Seoul: Springer. Dong, L., & Chen, K. (2012). Cryptographic Protocol: Security Analysis Based on Trusted Freshness. New York: Springer. Echizen, I., Kunihiro, N., & Sasaki, R. (2010). Advances in Information and Computer Security: 5th International Workshop on Security, IWSEC 2010, Kobe, Japan, November 22-24, 2010, Proceedings. Seoul: Springer. Handschuh, H., & Hasan, A. (2005). Selected Areas in Cryptography: 11th International Workshop, SAC 2004, Waterloo, Canada, August 9-10, 2004, Revised Selected Papers. New York: Springer. Johnson, P. T., & Mohamed, E. (2006). Information Assurance and Computer Security. New York: IOS Press. Karl, M. M. L., & Bergstra, J. (2007). The History of Information Security: A Comprehensive Handbook. London: Elsevier. Nedjah, N., & Mourelle, L. D. M. (2005). Embedded Cryptographic Hardware: Design & Security. New York: Nova Publishers. Paillier, P., & Verbauwhede, I. (2007). Cryptographic Hardware and Embedded Systems - CHES 2007: 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings. New York: Springer. Vacca, J. R. (2012). Computer and Information Security Handbook. New York: Newnes. Yoshiura, H. (2006). Advances in Information and Computer Security: First International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006, Proceedings. New York: Springer. Read More