Skip to main content
Log in

Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis

Journal in Computer Virology Aims and scope Submit manuscript

Abstract

This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefore, focus will be set on errors, deliberate or not, from the implementation or the use of such tools, to information leakage. First, straight attacks on encryption keys are examined. They are searched in binary files, in memory, or in memory files (such as hibernation files). We also show how a bad initialization on a random generator sharply reduces key entropy, and how to negate this entropy by inserting backdoors. Then, we put ourselves in the place of an attacker confronted to cryptography. He must first detect such algorithms are used. Solutions for this problem are presented, to analyze binary files as well as communication streams. Sometimes, an attacker can only access encrypted streams, without having necessary tools to generate such a stream, and is unable to break the encryption used. In such situations, we notice that it often remains information leakages which appear to be clearly interesting. We show how classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information. We build for example sociograms able to reveal key elements of an organization, to determine the type of organization, etc. The final part puts in place the set of results obtained previously through the analysis of a closed network protocol. Packet format identification relies on the behavioural analysis of the program, once all the cryptographic elements have been identified.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Shannon C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)

    MATH  MathSciNet  Google Scholar 

  2. Filiol E.: La simulabilités tests statistiques. MISC Magazine, vol. 22. Diamond Publishing, London (2005)

    Google Scholar 

  3. Filiol E., Josse S.: A statistical model for viral detection undecidability. J. Comput. Virol. 3(EICAR 2007 Special Issue), 65–74 (2007)

    Article  Google Scholar 

  4. Filiol, E.: Techniques virales avancées. Collection IRIS. Springer, Heidelberg (2007). An English translation is due beginning of 2009

  5. National Institute of Standards and Technology, (NIST), T.: A statistical test suite for random and pseudorandom number generators for cryptographic applications (2001). http://csrc.nist.gov/publications/nistpubs/800-22/sp-800-22-051501.pdf

  6. National Institute of Standards and Technology, (NIST), T.: Recommendation for random number generation using deterministic random bit generators (March 2007). http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March 2007.pdf

  7. Shamir, A., van Someren, N.: Playing “hide and seek” with stored keys. Lecture Notes in Computer Science, vol. 1648, pp. 118–124 (1999)

  8. Carrera, E.: Scanning data for entropy anomalies (May 2007). http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html

  9. Carrera, E.: Scanning data for entropy anomalies ii (July 2007). http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies-ii.html

  10. Bordes, A.: Secrets d’authentification windows. In: Proc. Symposium sur la S袵rités Technologies de l’Information et de la Communication (SSTIC) (June 2007). http://actes.sstic.org/SSTIC07/Authentification_Windows/

  11. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W.P.W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryption Keys. Technical report, Princeton University (2008). http://citp.princeton.edu/memory/

  12. Filiol, E.: New memory persistence threats. Virus Bull. 6–9 July, pp. 6–9 (2008). http://www.virusbtn.com

  13. Provos, N.: Encrypting Virtual Memory. Technical report, University of Michigan (2000). http://www.openbsd.org/papers/swapencrypt.ps

  14. Ruff, N., Suiche, M.: Enter sandman (why you should never go to sleep) (2007). http://sandman.msuiche.net/

  15. Johnston, M.: Mac OS X stores login/keychain/filevault passwords on disk (June 2004). http://seclists.org/bugtraq/2004/Jun/0417.html

  16. Appelbaum, J.: Loginwindow.app and Mac OS X (February 2008). http://seclists.org/bugtraq/2008/Feb/0442.html

  17. Liston, T., Davidoff, S.: Cold memory forensics workshop. In: CanSecWest (2008)

  18. Aumaitre, D.: A little journey inside windows memory. Journal in Computer Virology (to appear 2009) Also published in Proc. Symposium sur la Sécurité des Technologies de l’Information et de la Communication (SSTIC). http://www.sstic.org

  19. Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the random number generator of the windows operating system. Cryptology ePrint Archive, Report 2007/419 (2007). http://eprint.iacr.org/

  20. Kortchinsky, K.: Cryptographie et reverse-engineering en environnement win32. In: Actes de la conférence SSTIC 2004, pp. 129–144 (2004). http://www.sstic.org

  21. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Proceedings of the Ninth Workshop on Selected Areas in Cryptography (SAC 2002) (2002). http://www.scs.carleton.ca/~paulv/papers/whiteaes.pre.ps

  22. Jibz, Qwerton, Snaker, XineohP.: Peid. http://www.peid.info

  23. Guilfanov, I.: Findcrypt (January 2007). http://www.hexblog.com/2006/01/findcrypt.html

  24. Immunity, I.: Immunity debugger. http://www.immunitysec.com/products-immdbg.shtml

  25. Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27, 379–423; 623 – 656 (1948)

  26. Vernam G.S.: Cipher printing telegraph systems for secret wire and radio telegraphic communications. J. Am. Inst. Electr. Eng. 55, 109–115 (1926)

    Google Scholar 

  27. Filiol, E.: A family of probabilistic distinguishers for E0 (2009) (to appear)

  28. Filiol, E.: Modèles booléens en cryptologie et en virologie (Boolean Models in Cryptology and Computer Virologie). PhD thesis, Habilitation Thesis, Université de Rennes (2007)

  29. Filiol E.: Preuve de type zero knowledge de la cryptanalyse du chiffrement bluetooth. MISC Magazine, vol. 26. Diamond Publishing, London (2006)

    Google Scholar 

  30. Filiol, E.: Techniques de reconstruction en théorie des codes et en cryptographie (Reconstruction Techniques in Coding Theory and Cryptography). PhD thesis, École Polytechnique (2001)

  31. Pilon, A.: Sécurité des secrets du poste nomade. MISC Magazine Hors série 1, Diamond Publishing, London (2007)

  32. Aumaitre, D., Bedrune, J.B., Caillat, B.: Quelles traces se dissimulent malgré vous sur votre ordinateur? (February 2008). http://esec.fr.sogeti.com/FR/documents/seminaire/forensics.pdf

  33. Bejtlich, R.: The Tao of Network Security Monitoring: Beyond Intrusion Detection. Addison–Wesley, Reading (2004)

  34. Arcas G.: Network forensics: cherchez les traces sur le réseau. MISC Magazine, vol. 35. Diamond Publishing, London (2008)

    Google Scholar 

  35. Raynal F., Berthier Y., Biondi P., Kaminsky D.: Honeypot forensics, Part I: analyzing the network. IEEE Secur. Priv. J. 2(4), 72–78 (2004)

    Article  Google Scholar 

  36. Raynal F., Berthier Y., Biondi P., Kaminsky D.: Honeypot forensics, Part II: analyzing the compromised host. IEEE Secur. Priv. J. 2(5), 77–80 (2004)

    Article  Google Scholar 

  37. Barnes J.: Class and committees in a norwegian island parish. Hum. Relat. 7, 29–58 (1954)

    Article  Google Scholar 

  38. Granovette M.: The strength of weak ties. Am. J. Sociol. 78, 1360–1380 (1973)

    Article  Google Scholar 

  39. Burt R.: Structural Holes: The Social Structural of Competition. Harvard University Press, London (1992)

    Google Scholar 

  40. Raynal F., Filiol E.: La sécurité du wep. MISC Magazine, vol. 6. Diamond Publishing, London (2003)

    Google Scholar 

  41. Schneier B.: Secrets & Lies—Digital Security in a Networked World. Prentice-Hall PTR, Englewood Cliffs (2000)

    Google Scholar 

  42. Filiol, E.: Operational cryptanalysis of word and excel encryption. Technical report, Virology and Cryptology Laboratory (2008)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Éric Filiol.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bedrune, JB., Filiol, É. & Raynal, F. Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis. J Comput Virol 6, 207–237 (2010). https://doi.org/10.1007/s11416-008-0117-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-008-0117-x

Keywords

Navigation