• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal in computer virology >Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis
【24h】

Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis

机译:密码学:全面的攻击或如何在不进行深入密码分析的情况下攻击密码学

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefore, focus will be set on errors, deliberate or not, from the implementation or the use of such tools, to information leakage. First, straight attacks on encryption keys are examined. They are searched in binary files, in memory, or in memory files (such as hibernation files). We also show how a bad initialization on a random generator sharply reduces key entropy, and how to negate this entropy by inserting backdoors. Then, we put ourselves in the place of an attacker confronted to cryptography. He must first detect such algorithms are used. Solutions for this problem are presented, to analyze binary files as well as communication streams. Sometimes, an attacker can only access encrypted streams, without having necessary tools to generate such a stream, and is unable to break the encryption used. In such situations, we notice that it often remains information leakages which appear to be clearly interesting. We show how classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information. We build for example sociograms able to reveal key elements rnof an organization, to determine the type of organization, etc. The final part puts in place the set of results obtained previously through the analysis of a closed network protocol. Packet format identification relies on the behavioural analysis of the program, once all the cryptographic elements have been identified.
机译:本文介绍了针对加密工具的操作攻击。从多个角度解决了问题,目标始终是在不依靠大量密码分析的情况下检索最大数量的信息。因此,将重点放在从实施或使用此类工具到信息泄漏的有意或无意的错误上。首先,检查对加密密钥的直接攻击。在二进制文件,内存或内存文件(例如休眠文件)中搜索它们。我们还展示了如何在随机生成器上进行不良的初始化如何急剧降低密钥熵,以及如何通过插入后门来消除该熵。然后,我们将自己置于攻击者面对密码术的地方。他必须首先检测出使用了这种算法。提出了该问题的解决方案,以分析二进制文件以及通信流。有时,攻击者只能访问加密的流,而没有必要的工具来生成这样的流,并且无法破坏所使用的加密。在这种情况下,我们注意到它经常仍然存在信息泄漏,这似乎很有趣。我们将展示在研究社交网络时,如何在网络监督,法医学和社会学中使用的经典方法如何带来相关信息。例如,我们构建了能够揭示组织中关键要素的社会图,确定组织的类型等。最后一部分将先前通过封闭网络协议的分析获得的结果集放到了地方。一旦所有密码元素都已被识别,数据包格式识别就依赖于程序的行为分析。

著录项

  • 来源
    《Journal in computer virology》 |2010年第3期|P.207-237|共31页
  • 作者

    Jean-Baptiste Bedrune; Eric Filiol; Frederic Raynal;

  • 作者单位

    Sogeti ESEC, Paris, France;

    Laboratoire de virologie et de cryptologie operationnelles,Laval, France;

    Sogeti ESEC, Paris, France MISC Magazine, Paris, France;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

  • 入库时间 2022-08-18 02:13:09

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号