Skip to main content

Types of Attacks

In the realm of cybersecurity, we often encounter various types of attacks. We'll dig deeper into each of these attacks, providing a detailed breakdown of their mechanisms. But for now, let's look at the most comprehensive attacks, and explore other complex attacks, such as rainbow tables, and side-channel attacks, later on.

Brute-force attacks

These are attempts to randomly find the correct cryptographic key through trial-and-error. They are laborious and time-consuming but are virtually guaranteed to eventually succeed given enough computational power and time. However, the effectiveness of a brute force attack can be dramatically reduced by using complex, longer keys.

Dictionary Attacks
  • Description:
    • Use programs with built-in dictionaries.
    • Attackers try all dictionary words (usually a list of common passwords) hoping a has a common password. 

Man-in-the-Middle Attack

A man-in-the-middle attack (MitM) is a type of cyber attack where an attacker intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other. Think of it like a postal worker intercepting your mail, reading or modifying the letters, and then sending them on to the recipient. Neither the sender nor the recipient is aware that their communication has been tampered with. Take this example sourced from Wikipedia:

  1. Alice sends a message to Bob, which is intercepted by Mallory: "Hi Bob, it's Alice. Give me your key."
  2. Mallory relays this message to Bob; Bob cannot tell it is not really from Alice: "Hi Bob, it's Alice. Give me your key."
  3. Bob responds with his encryption key, which is intercepted by Mallory.
  4. Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key.
  5. Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it: "Meet me at the bus stop!" (This is actually encrypted with Mallory's key and intercepted by Mallory).
  6. Because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob: "Meet me at the van down by the river!"

Bob thinks that the message is secure and the communication came from Alice, not Eve. 

Meet-in-the-middle attack

Meet-in-the-middle attacks are a potential problem with multiple encryption methods, such as Double DES. This attack aims to crack the encryption by matching the intermediate ciphertext (the result after one round of encryption) with the partially decrypted plaintext (the result before the final round of decryption). This approach bypasses the need to crack the entire multiply encrypted ciphertext at once.

Alice and Bob are friends who like to share secret messages. They use a special system where they put the message in a box and lock it twice, each using a different key.

  1. Alice writes a secret message, puts it in a box, and locks it with her own lock (Lock A).
  2. She sends the box to Bob.
  3. Bob can't open Lock A, but he adds his own lock (Lock B) on the box too and sends it back to Alice.
  4. Alice can't open Bob's lock (Lock B), but she can open her own lock (Lock A).
  5. She takes off Lock A and sends the box back to Bob.
  6. Bob can then open his own lock (Lock B) and read the secret message inside.

Now, let's introduce Eve. Eve is nosy and wants to know what the secret message is.

  1. Eve has a huge collection of keys, all numbered.
  2. When Alice sends the box with Lock A to Bob, Eve intercepts the box.
  3. She can't open the lock, but she tries all her keys until she finds one that fits (Key A).
  4. She notes down the number but doesn't open it.
  5. When Alice sends the box back to Bob with only Lock B, Eve intercepts it again.
  6. She does the same thing, finds the key that fits (Key B), and notes down the number.
  7. Now, Eve knows which keys can open Alice's and Bob's locks.
  8. Using her key collection, she can open both locks and read the secret message.

This is a simple example of a "meet-in-the-middle" attack. In the real world, these "locks" and "keys" are codes used in computers, and trying every key until one works is a method called "brute force". But in reality, there are so many possible keys that this type of attack is very hard and takes a long time.

This scenario simplifies the concept of a meet-in-the-middle attack in a non-digital context. In a real cryptographic attack, the "keys" are cryptographic keys, and the "locks" are the encryption algorithms (like DES). The process of trying every key until she finds a match is the "brute force" element of the attack. The main difference is that in a real cryptographic system, the number of possible keys is astronomically large, making such an attack computationally infeasible against strong encryption.

Birthday Attack

The 'birthday problem' or 'birthday paradox' refers to the probability that, in a set of randomly chosen people, some pair of them will have the same birthday. Surprisingly, even with just 23 people, there's a 50% chance of a shared birthday.

The 'birthday attack' is an analogy of this problem. In the world of cryptography, it's about finding 'collisions' - different inputs that result in the same hash output. Similar to the birthday problem, it's surprisingly easy to find such collisions due to the birthday paradox. For a hash function with a 128-bit output, you'd expect to start finding collisions after hashing about 2^64 different inputs, not 2^128.

Birthday attacks are more relevant for things like digital signatures, where a collision could allow an attacker to forge a signature, although SHA-256, the standard for digital signatures protects well against this. 

Replay Attack

This is when an attacker retransmits a valid data transmission that has been previously made. In the context of Club Penguin, an attacker could use a tool like WPE Pro to intercept the packets sent from your computer to the game's server when you earn coins. They could then replay those packets to trick the server into thinking you're repeatedly earning coins. This attack can be prevented using timestamps or sequence numbers to ensure freshness of each communication.

If you'd like to check a basic, real life example, check out my blog post where I performed a basic replay attack to gain an advantage on an online video game.

Known Plaintext Attack

  • Description: The attacker possesses both the encrypted and plaintext version of a message. By comparing the two, they attempt to deduce the encryption method or key.
  • Real-world example: Imagine having a sealed envelope (encrypted) and an exact open copy (plaintext) of the letter inside. By examining the envelope's seal, you try to figure out the method used to seal it.

Chosen Ciphertext Attack

  • Description: The attacker selects certain parts of an encrypted message, decrypts them, and then tries to uncover the encryption key based on the results.
  • Real-world example: Think of it as having a locked box and various keys. You pick certain keys (ciphertexts), try them out, and observe which parts of the lock they engage with to deduce the correct key.

Chosen Plaintext Attack

  • Description: The attacker creates plaintext messages, encrypts them, and studies the resulting ciphertexts to decipher the encryption method.
  • Real-world example: Like making your own pottery (plaintext) and then observing how different glazes (encryption methods) alter its appearance (ciphertext). 

Good algorithm choices can prevent this.

Ciphertext Only Attack

  • Description: The attacker only has access to encrypted messages. Their challenge is to decrypt them without knowing the plaintext source or the encryption method.
  • Real-world example: Imagine trying to figure out a puzzle without having the original picture, only the scrambled pieces.
  • Callout (danger): RC4 & WEP vulnerable to this attack.

Frequency Analysis

  • Description: Involves tallying how often each letter appears in a ciphertext. The analysis hinges on known letter frequencies in a given language.
  • Real-world example: Observing that a bowl of alphabet soup has more of certain letters than others, and based on your knowledge of the English language, guessing the soup's "message."
  • Callout (quote): "E, T, A, O, I, N" are frequent in English.

This type of attack is quite broad, and is even possible if the attacker manages to obtain only encrypted information.

Digital Rights Management

You might remember trying to copy a PS3 game as a kid and finding out it wouldn't play. That was Console DRM at work, ensuring only legitimate games could run on the console.

DRM isn't only for video games; it protects a wide range of digital media, such as music, movies, and e-books, and it secures sensitive enterprise documents.

However, DRM sometimes faces criticism due to its poor implementation. For example, Grand Theft Auto V's always-online requirement was inconvenient for players who wished to play offline. Unsurprisingly, pirated versions offered more flexibility in this aspect.

On the flip side, when implemented well, DRM can balance copyright protection with user experience. Steam is a prime example. By tying games to user accounts, it allows flexibility and convenience for the user while protecting the developers' interests.

The easiest way to stop piracy is not by putting antipiracy technology to work. It’s by giving those people a service that’s better than what they’re receiving from the pirates.

—Gabe Newell, Co-founder and president, Valve

Back to top