Passive attack: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
No edit summary
imported>Meg Taylor
No edit summary
(15 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{subpages}}
{{subpages}}
{{main|Cryptanalysis}}
{{TOC|right}}
{{TOC-right}}
A '''passive attack''' on a communications system is one in which the attacker only eavesdrops; he may read messages he is not supposed to see, but he does not create or alter messages. This contrasts with an [[active attack]] in which the attacker may create, forge, alter, replace or reroute messages.


In [[cryptography]] a '''passive attack''' on a communications system is one in which the attacker only eavesdrops; he may read messages he is not supposed to see, but he does not alter messages. This contrasts with an [[active attack]] in which the attacker may forge, alter, replace or reroute messages.
Generally, the term "passive attack" is used in the context of [[cryptanalysis]]. However, the term is actually considerably broader than that. For example, wiretapping an unencrypted line is a passive attack. So is [[traffic analysis]], attempting to infer useful information from the source, destination, timing and size of messages without reading the content. There are also situations where the attacker is active in some way — such as probing an air defense system to obtain data on their radar systems or tricking an enemy into encrypting known text ([[ULTRA]] called this "gardening") — but the actual cryptanalysis is a passive attack.


There are three passive attacks that will ''in theory'' break any [[cipher]]; variants of these work for either [[block cipher]]s or [[stream cipher]]s:
There are three passive attacks that will ''in theory'' break any [[cipher]] except a [[one-time pad]]; variants of these work for either [[block cipher]]s or [[stream cipher]]s:
* [[brute force attack]] — try all possible keys
* [[brute force attack]] — try all possible keys
* [[algebraic attack]]  — write the cipher as a system of equations and solve for the key
* [[algebraic attack]]  — write the cipher as a system of equations and solve for the key
* [[code book attack]]  — collect all possible plaintext/ciphertext pairs for a [[block cipher]], or the entire pseudorandom stream for a [[stream cipher]]
* [[code book attack]]  — collect all possible plaintext/ciphertext pairs for a [[block cipher]], or the entire pseudorandom stream until it starts repeating for a [[stream cipher]]


However, all of those attacks are ''spectacularly impractical against real ciphers''. Brute force and algebraic attacks require the attacker to do ''far too much work''. For a code book attack, he needs ''far too much data'' — a huge collection of intercepts, all encrypted with the same key. If the cipher user changes keys at reasonable intervals, a code book attack is impossible.
However, all of those attacks are ''spectacularly impractical against real ciphers''. Brute force and algebraic attacks require the attacker to do ''far too much work''. For a code book attack, he needs ''far too much data'' — a huge collection of intercepts, all encrypted with the same key. If the cipher user changes keys at reasonable intervals, a code book attack is impossible.


Two passive attacks  — [[linear cryptanalysis]] and [[differential cryptanalysis]] — are very powerful. They are the only known attacks that break [[DES]] with less effort than [[brute force]] and are the most powerful known general-purpose attacks against [[block cipher]]s. Variants of them have also been applied against [[stream cipher]]s and [[cryptographic hash]]es. Both, however, require large samples of material encrypted with a single key, so frequent re-keying is a defense.
A [[meet-in-the-middle attack]] is quite effective if it can be used, but it cannot be used against most ciphers.


There are are whole range of other passive attacks; see [[cryptanalysis]].
A [[birthday attack]] can be used whenever the issue is finding repeated output from some cryptographic technique — for example a [[challenge-response protocol]] repeating a challenge, or two inputs [[cryptographic hash|hashing]] to the same result.
 
Two passive attacks  — [[linear cryptanalysis]] and [[differential cryptanalysis]] — are very powerful. They are the only known attacks that break [[DES]] with less effort than brute force, and are the most powerful known general-purpose attacks against [[block cipher]]s. Variants of them have also been applied against [[stream cipher]]s and [[cryptographic hash]]es. Both, however, require large samples of material encrypted with a single key, so frequent re-keying is a defense.
 
There are a whole range of other passive attacks; see [[cryptanalysis]].

Revision as of 00:06, 21 October 2013

This article is developing and not approved.
 Main Article
 Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
https://en.citizendium.org/wiki/index.php?title=Passive_attack&printable=yes
This editable Main Article is under development and subject to a disclaimer.

A passive attack on a communications system is one in which the attacker only eavesdrops; he may read messages he is not supposed to see, but he does not create or alter messages. This contrasts with an active attack in which the attacker may create, forge, alter, replace or reroute messages.

Generally, the term "passive attack" is used in the context of cryptanalysis. However, the term is actually considerably broader than that. For example, wiretapping an unencrypted line is a passive attack. So is traffic analysis, attempting to infer useful information from the source, destination, timing and size of messages without reading the content. There are also situations where the attacker is active in some way — such as probing an air defense system to obtain data on their radar systems or tricking an enemy into encrypting known text (ULTRA called this "gardening") — but the actual cryptanalysis is a passive attack.

There are three passive attacks that will in theory break any cipher except a one-time pad; variants of these work for either block ciphers or stream ciphers:

However, all of those attacks are spectacularly impractical against real ciphers. Brute force and algebraic attacks require the attacker to do far too much work. For a code book attack, he needs far too much data — a huge collection of intercepts, all encrypted with the same key. If the cipher user changes keys at reasonable intervals, a code book attack is impossible.

A meet-in-the-middle attack is quite effective if it can be used, but it cannot be used against most ciphers.

A birthday attack can be used whenever the issue is finding repeated output from some cryptographic technique — for example a challenge-response protocol repeating a challenge, or two inputs hashing to the same result.

Two passive attacks — linear cryptanalysis and differential cryptanalysis — are very powerful. They are the only known attacks that break DES with less effort than brute force, and are the most powerful known general-purpose attacks against block ciphers. Variants of them have also been applied against stream ciphers and cryptographic hashes. Both, however, require large samples of material encrypted with a single key, so frequent re-keying is a defense.

There are a whole range of other passive attacks; see cryptanalysis.

Retrieved from "https://citizendium.org/wiki/index.php?title=Passive_attack&oldid=548444"