Computer Security Essay Example | Topics and Well Written Essays - 2000 words

Computer Security - Essay Example Characteristics of the attacker Motivation The motivation is to view encrypted files within the limited 9 days’ time frame after which the information loses relevance to the attacker. Access The attacker has only access to physical location of the workstation though the time is limited to only 43 minutes. Skills and risk aversion The attacker is risk averse and has idea on file encryption techniques. The attacker is not mindful of the legal and ethical ramifications of the operation but he is not willing to attain his goal through violent means. Basic Attack tree Possible attacks Special Equipment Required Attack tree against AES Goal: Read a message encrypted with AES 1. Decrypt the message itself. (OR) 1.1. Break asymmetric encryption.(OR) 1.1.1. Brute-force breaks asymmetric encryption. (OR) 1.1.2. Mathematically break asymmetric encryption (OR) 1.1.2.1. Break RSA. (OR) 1.1.2.2. Factor RSA modulus/calculate AES discrete log. 1.1.3 Cryptanalyze asymmetric encryption 1.1.3.1. General cryptanalysis of RSA/ AES (OR) 1.1.3.2. Exploiting weakness in RSA/ AES. (OR) 1.1.3.3. Timing attacks on RSA/ AES. 1.2. Break symmetric-key encryption. (OR) 1.2.1. Brute-force break symmetric-key encryption. (OR) 1.2.2. Cryptanalysis of symmetric-key encryption. 2. ... 2.1.3. Have the file encrypted with a different public key in the background unknown to the owner. 2.2. Have the owner sign the encrypted symmetric key. (OR) 2.3. Monitor owner’s computer memory. (OR) 2.4. Monitor other user back-up storage memory. (OR) 2.5. Determine the key from pseudorandom number generator. (OR) 2.5.1. Determine the state of randseed. Bin when the message was encrypted. (OR) 2.5.2. Implant software (virus) that deterministically alters the state of randseed.bin. (OR) 2.5.3. Implant the software that directly affects the choice of symmetric key. 2.6. Implant a virus that exposes the symmetric key. 3. Get owner to (help) decrypt message. (OR) 3.1. Chosen cipher text attack on symmetric key. (OR) 3.2. Chosen cipher text attack on public key. (OR) 3.3. Ghost the drives to an external storage medium. (OR) 3.4. Monitor outgoing data from the owner’s computers through the network. (OR) 3.5. Intercept transferable data through the network (OR) 3.6. Read dec rypted intercepted file. 3.6.1. Copy the message from the owner’s hard drive or virtual memory. (OR) 3.6.2. Copy the files from back-up media (OR) 3.6.3. Monitor network traffic. (OR) 3.6.4. Use electromagnetic snooping techniques to read files as they are displayed on the screen (OR) 3.6.5. Recover read message from print-out 4. Obtain private key from the owner 4.1. Factor RSA modulus/ calculate AES discrete log. (OR) 4.2. Get private key of owner. (OR) 4.2.1. Obtain encrypted owners private key ring. (OR) 4.2.1.1. Copy it from owner’s hard drive. (OR) 4.2.1.2. Copy it from disk backups. (OR) 4.2.1.3. Monitor network traffic. (OR) 4.2.1.4. Implant virus or worm to expose copy of the encrypted private key. 4.2.2. Decrypt Private Key.