CAPEC-97: Cryptanalysis

Description

Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).

Extended Description

Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first flows through the adversary, who has the opportunity to observe or alter it, before being passed on to the intended recipient as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for these attacks yields an implicit lack of trust in communication or identify between two components.

These attacks differ from Sniffing Attacks (CAPEC-157) since these attacks often modify the communications prior to delivering it to the intended recipient.

Severity :

Very High

Possibility :

Low

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-20: Encryption Brute Forcing Encryption Brute Forcing CAPEC-192: Protocol Analysis Protocol Analysis CAPEC-463: Padding Oracle Crypto Attack Padding Oracle Crypto Attack CAPEC-608: Cryptanalysis of Cellular Encryption Cryptanalysis of Cellular Encryption

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The target software utilizes some sort of cryptographic algorithm.
An underlying weaknesses exists either in the cryptographic algorithm used or in the way that it was applied to a particular chunk of plaintext.
The encryption algorithm is known to the attacker.
An attacker has access to the ciphertext.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

High Cryptanalysis generally requires a very significant level of understanding of mathematics and computation.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

OWASP Attacks | Cryptanalysis

Resources required

Computing resource requirements will vary based on the complexity of a given cryptanalysis technique. Access to the encryption/decryption routines of the algorithm is also required.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE-1204: Generation of Weak Initialization Vector (IV)

CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

CWE-1241: Use of Predictable Algorithm in Random Number Generator

CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready

Visit http://capec.mitre.org/ for more details.