Crytanalysis

Loading...

From the course by New York University Tandon School of Engineering

Introduction to Cyber Attacks

271 ratings

New York University Tandon School of Engineering

Introduction to Cyber Attacks

271 ratings

Course 1 of 4 in the Specialization Introduction to Cyber Security

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. Familiar analytic models are outlined such as the confidentiality/integrity/availability (CIA) security threat framework, and examples are used to illustrate how these different types of threats can degrade real assets. The course also includes an introduction to basic cyber security risk analysis, with an overview of how threat-asset matrices can be used to prioritize risk decisions. Threats, vulnerabilities, and attacks are examined and mapped in the context of system security engineering methodologies.

From the lesson

Understanding Basic Security Frameworks

This module introduces some fundamental frameworks, models, and approaches to cyber security including the CIA model.

Assignments and Reading2:53

Purpose of Cyber Security4:58

Adversary Types7:35

Vulnerability Types5:16

Threat Types5:22

Matching Quiz1:03

Matching Quiz Solution1:19

Confidentiality Threat6:06

Integrity Threat6:36

Availability Threat5:52

Fraud Threat5:15

Testing for Vultnerabilities4:58

Brute Force vs. Hueristic Attacks3:38

Crytanalysis5:07

Cryptanalyzing Caesar Cipher4:46

Welcome Jose Dominguez9:59

Meet the Instructors

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC
Computer Science

So the art and science of creating codes is called cryptography.

We're going to have a lot of fun learning basic cryptography in this course.

You're going to come out with an understanding of how it all works.

But the corresponding art and

science of breaking codes is called cryptanalysis.

So if you're making codes you're doing cryptography.

If you're breaking codes, you're doing cryptanalysis.

And it's a good case study as we learn more about cyber attacks and

think about them in the context of different taxonomies.

Now it turns out there is three strategies that we can follow for cryptanalysis,

we'll take them in order.

The first is called Ciphertext Only.

That's where you the attacker are looking at a stream of encrypted data and

you have absolutely no hints as to what is in there.

You just see the encryption and you have to come up with some means for

breaking the encryption.

And in a previous video we said one possibility is you do brute force attacks.

You try and decrypt using every key you can think of.

Another is to look at the in enciphermen.

We call that ciphertext, encrypted text.

See if there's something in there that you can figure out to somehow do the reverse

of the encryption which we called decryption or cryptanalytic processes.

So that's the hardest,

ciphertext only is the hardest case of cypher, of cryptanalysis.

No hints.

Now, there's a second possibility.

And that's where you do have a few hints.

Can imagine having a piece of paper that has some English text on it.

And having next to it the encrypted version of that.

And you get hints.

You look and you go, so that encrypts to that, I get it.

And in computing we think of that more as a challenge response between Alice

and Bob.

So a lot of times, encryption is implemented as a function.

So that one entity, Alice lobbing over a challenge to Bob,

and getting back a response, is like sending plain text, and

getting the encrypted cipher text back, you follow?

If Eve is watching this she sees the plaintext,

she sees the ciphertext [SOUND].

It's a hint.

It may not give you the whole function, certainly not.

But it's a hint, it's not nothing.

And we call that case Known Plaintext.

So ciphertext only, no hints.

Known plaintext, hints.

Follow? Now there is a third case.

And that's where actually have the encryption function, [LAUGH].

I go break into your building, and [SOUND] I take your encryptor and boom.

I drop it down.

Now obviously encryptors are not big pieces of equipment, but you get the idea.

If I have the encryption algorithm, then I create something known as a code book.

That's where I can literally feed input to the encryption function, look

at the output, the corresponding encrypted function, the ciphertext, a write it down.

And then I feed another input, encrypt it, write that down.

And I do that successively, over and over and over and

over again, and build up a code book.

Now you would think my gosh, if I can build a codebook, I have you.

I'd just sit there and build the codebook and I'm done.

How do we deal with something like that and what did we say earlier

was the type of attack that involves doing things over and over again?

Brute force, and how do we deal with brute force?

Size, right?

The complexity of the algorithm is irrelevant if I'm building a codebook.

I don't care how clever your scrambling and transposition and other types of

mathematical functions are, if I can just feed things in and read what comes out.

But the one thing I can’t deal with is if you’ve made the domain so enormously large

that it would take from now until the end of the universe to build the code book.

Let me say that again.

If I can build a domain size big enough that for

you to build a codebook would take from now until the end of the universe,

how motivated are you, you even begin?

It makes no sense.

Size is the way we deal with brute force attack.

So, lets keep this three things in mind.

We have Ciphertext Only, Known Plaintext and

Chosen Plaintext, that third case what we're building Codebook.

Obviously Codebook is the easiest of the three.

But if I make the domain size big enough, then you're going to have trouble.

It's a good case study and thinking through another taxonomy, yet

another taxonomy around cyber security.

We'll be back in a little bit with another session.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play