Professional Documents
Culture Documents
Untitled
Untitled
ACTIVE ATTACKS:
On the other hand, active cryptography attacks
involve some kind of modification of the data or communication. In this case, the
attacker not only gains access to the data but also tampers with it.
1) Masquerade –
Department of Computer Engineering Srushti Patyane A678
A masquerade attack takes place when one entity pretends to be a different entity. A
Masquerade attack involves one of the other forms of active attacks. If an authorization
procedure isn’t always absolutely protected, it is able to grow to be extraordinarily liable to a
masquerade assault. Masquerade assaults may be performed using the stolen passwords and
logins, with the aid of using finding gaps in programs, or with the aid of using locating a
manner across the authentication process.
2) Modification of messages –
It means that some portion of a message is altered or that message is delayed or reordered to
produce an unauthorized effect. Modification is an attack on the integrity of the original data.
It basically means that unauthorized parties not only gain access to data but also spoof the
data by triggering denial-of-service attacks, such as altering transmitted data packets or
flooding the network with fake data. Manufacturing is an attack on authentication. For
Department of Computer Engineering Srushti Patyane A678
3) Repudiation –
This attack occurs when the network is not
completely secured or the login control has been
tampered with.
With this attack, the author’s information can be
changed by actions of a malicious user in order to
save false data in log files, up to the general
manipulation of data on behalf of others, similar to
the spoofing of e-mail messages.
4) Replay –
It involves the
passive capture of a
message and its
subsequent
transmission to
produce an
authorized effect.
In this attack, the
basic aim of the
attacker is to save a
copy of the data
originally present on that particular network and later on use this data for
personal uses. Once the data is corrupted or leaked it is insecure and unsafe for
the users.
5) Denial of Service –
Department of Computer Engineering Srushti Patyane A678
It prevents the normal use of communication facilities. This attack may have a specific
target. For example, an entity may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network either
by disabling the network or by overloading it with messages so as to degrade
performance.
PASSIVE ATTACKS:
Passive cryptography attacks intend to obtain unauthorized access to sensitive data or
information by intercepting or eavesdropping on general communication. In this
situation, the data and the communication remain intact and are not tampered with. The
attacker only gains access to the data.
1) Eavesdropping –
2) Traffic analysis –
In a traffic analysis attack, a hacker tries to access the same network as you to listen
(and capture) all your network traffic. From there, the hacker can analyse that traffic to
learn something about you or your company. So, unlike with other, more popular
attacks, a hacker is not actively trying to hack into your systems or crack your password.
Therefore, we classify this attack as a passive attack.
Types of cryptography attacks
Depending on the type of cryptographic system in place and the information available
to the attacker, these attacks can be broadly classified into six types:
2. Ciphertext-only attack
In this attack vector, the attacker gains access to a collection of ciphertext. Although
the attacker cannot access the plaintext, they can successfully determine the ciphertext
from the collection. Through this attack technique, the attacker can occasionally
determine the key.
$66,200 in “other currencies” were stolen. The platform said that its risk monitoring
systems “detected unauthorised activity
on a small number of user accounts where transactions were being approved without
the 2FA authentication control being inputted by the user.” Crypto.com noted that all
affected customers have been fully reimbursed for the losses. While the company has
confirmed the security breach, however, details of the exact method of compromise still
remain unclear.
The other most recent security breaches caused in cryptography are:
Uber announced on December 12th, 2022 that a hacker under the pseudonym “UberLeaks”
gained access to 70,000+ Uber employees data and was posting stolen corporate data. They
believe this data breach occurred because of a third-party vendor, Teqtivity (a tech asset
management company) who had their mobile device management compromised.
The recent hijacking of a Christian fundraising site, GiveSendGo, took place in response to
the Ottawa truckers’ protests, and resulted in the personal details of those who donated to
their funds being compromised. The hackers redirected the fundraising site to a page that
condemned the Freedom Convoy protests – a case of Distributed Denial of Service (DDoS)
Department of Computer Engineering Srushti Patyane A678
attack. They then published the personal information of the 90,000 donors who had
contributed to the initiative via the GiveSendGo website.
3. What are the losses that occurred because of these security attacks?
1. Revenue Loss
Significant revenue loss as a result of a security breach is common. Studies show that
29% of businesses that face a data breach end up losing revenue. Of those that lost
revenue, 38% experienced a loss of 20% or more. A nonfunctional website, for
example, may cause potential customers to explore other options. But any IT system
downtime can lead to work disruptions.
2. Damage to Brand Reputation
A security breach can impact much more than just your short-term revenue. The long-
term reputation of your brand is at stake as well. For one, you don’t necessarily want
your emails leaked. In most cases, you need these emails to remain private. However,
customers value their privacy, too — and breaches often involve customer payment
information. Potential leads will be hesitant to trust a business with a history of shoddy
data security.
‘
3. Loss of Intellectual Property
Loss of revenue and damaged reputation can be catastrophic. However, in some cases,
hackers will also target designs, strategies, and blueprints. Businesses within the
manufacturing and construction industries are more prone to this threat. Smaller
businesses tend to believe they won’t get hit. But 60% of hacks target small businesses.
This is because they’re easier to attack. Losing intellectual property can impact the
competitiveness of your business. Some rivals would not hesitate to take advantage of
stolen information.
Department of Computer Engineering Srushti Patyane A678
4. Hidden Costs
Surface-level costs are just the beginning. There are many hidden costs related to
breaches as well. For instance, legal fees may come into play. Also, you may need to
spend more on PR and investigations, not to mention insurance premium hikes.
Regulatory fines are another reality that many businesses overlook. In 2015, for
example, the FCC slammed AT&T with a $25 million fine. This was a result of a breach
that led to the disclosure of information related to thousands of accounts.
5. Online Vandalism
Some hackers fancy themselves as pranksters. In these cases, a security breach might
only lead to few word changes on your website. While this seems relatively harmless,
it can actually cause a lot of damage. Subtle changes are harder to notice. For example,
a hacker might change a few letters or numbers on your contact page. They may also
add vulgar content to some of your webpages.
• Regularly update the cryptographic algorithms and protocols to ensure they are not
obsolete.
Department of Computer Engineering Srushti Patyane A678
• Ensure that the data is appropriately encrypted so that even if it falls into the wrong hands,
it will be unreadable.
1) 3DES
3DES, or Triple Data Encryption Standard, is a block cipher and a modern cryptography
standard. 3DES is similar to the previous encryption method of the same type, namely
Data Encryption Standard, a method that uses 56-bit keys. Triple Data Encryption
Standard is unique in that it uses symmetric-key encryption, three distinct 56-bit keys.
This method encrypts data a full three times, essentially transforming your singular 56-
bit key into a 168-bit key.
While the thrice-encrypted data is more secure while stored or during transition, the
method itself is not as fast as other cryptographic techniques. In addition, since the
method uses block lengths that are shorter in comparison, it is easier for experienced
hackers to decrypt valuable data and exploit it.
Department of Computer Engineering Srushti Patyane A678
Business institutions and financial firms most commonly use this encryption method,
as they did the previous iterations. The method is also commonly used for electronic
payments.
Conclusion:
Hence, we studied about what security attacks are in term of cryptography. We also did a study
on the recent security attacks and how it was done and caused a huge loss overall. We also
learnt about the prevention techniques required in cryptography and understood a real-world
cryptography technique which companies use.