0:00

[MUSIC]

So in this lesson we're going to consider how cryptosystems could be broken.

This might seem a strange thing to do, but sometimes the best way of understanding

something, is understanding how it might not work.

So at the end of this lesson, you'll be able to appreciate that cryptographic

algorithm is only one component of a wider cryptosystem.

0:22

And you'll be able to identify potential points of vulnerability in a cryptosystem.

So let's start with that word cryptosystem,

which is a new word we've introduced.

And it's important to realize that in the last lesson we talked about algorithms and

keys.

But in the real world, the algorithm is not going to exist in isolation.

0:50

But also the way it's implemented, the implementation,

the way it's embedded into the technology that we want to use that cryptosystem for.

But critically, also, the way the keys are managed.

Keys play a very, very important role in cryptography,

and they have to be looked after and integrated into a system.

So the management of keys is a critical part of a cryptosystem.

So there are two broad ways that we might break a cryptosystem in its wider sense.

And one would be,

somehow, to access the decryption key, somehow get hold of the decryption key.

If you're able to do that, all ciphertexts produced using the matching encryption key

will be recoverable.

An alternative is somehow to find a way of getting hold of plaintext,

without that decryption key.

And if either of these things happen, we'll consider the cryptosystem broken.

1:40

So let's start with the first component of that cryptosystem, the algorithm itself.

And an alarming piece of news, an algorithm can always be broken.

How is that?

Well, let's consider that an attacker observes a ciphertext

that has been scrambled.

And they recover the ciphertext by listening in to the channel in

which it's sent.

It doesn't make any sense to them.

1:59

But they know the algorithm that was used, and that is normal.

We normally know the algorithm that is used to produce ciphertext.

So if they know the algorithm, there's always the option of trying out

every single possible decryption key that exists.

Take the first decryption key, try it, decrypt the ciphertext.

See if that makes sense.

Take the second decryption key, decrypt the ciphertext,

see if that makes sense, and continue.

And this would be a very tiring process, hopefully, to conduct.

And that's why we call this an exhaustive key search.

You get to search the whole space of possible decryption keys.

So we've just seen that every encryption algorithm can be broken by this exhaustive

key search.

How would we stop this happening?

Well, the answer's simple.

Make sure there are so many decryption keys that this is just a waste of time for

anyone to conduct.

And that's exactly what happens.

In any encryption algorithm we use in the modern technology, there are so

many possible keys.

That it's just totally unrealistic on modern computers to search through all

these keys and find it by accident.

So in fact,

we shouldn't really worry in modern cryptography about exhaustive key search.

We're going to make that impossible to conduct in practice.

Now if we take real encryption algorithms

used in really commercial products like the advanced encryption standard.

It's probably fair to assume, in fact,

that the algorithm does not really have any weaknesses.

Why is that?

Well, most modern encryption algorithms are studied by experts.

They are submitted to standardization panels.

Many people have looked at them, analyzed them.

They cannot see any weaknesses.

And that doesn't mean they don't exist.

But it means that the sort of expert of belief, is that there are no weaknesses.

And it would be reasonable therefore to assume that in a modern technology,

normally, there's a good encryption algorithm being used.

And there are so many keys that attacking the cryptosystem by means of the algorithm

is not realistic.

3:51

However, remember that it's a cryptosystem we might be attacking, and

there are other points of weakness.

And one of these is implementation.

That strong algorithm has got to be put onto a real technology.

And during implementation, many things can go wrong.

Someone might not follow the instructions,

things might not work as expected, systems might not integrate as well as we hoped.

And there are a number of subtle implementation attacks

against modern encryption algorithms that include doing things like

analyzing the power consumption as a device performs encryption.

Analyzing timing as a device performs encryption, and

seeing if that data itself allows you to learn information about the plaintext and

keys being operated on at that time.

So these really exists.

And these are called side channel attacks.

But perhaps an even more straightforward part of a cryptosystem

to analyze is the key management.

And this is one of the weakest points in any cryptosystem, because

encryption keys and decryption keys have to be distributed around the system, and

looked after throughout the running of the system.

These keys have to be created.

They have to be generated.

They have to be established around the network,

in the right places where they are needed.

They have to be stored securely on devices.

And when their life time is over, they have to be destroyed.

5:46

Where are your bank card details?

Have you put them into a file on your computer?

Are they available to someone who's next to your computer and

can see the card details?

And what happens to the bank card details after the online store decrypts them?

What do they do with them?

6:14

So in summary, yes,

encryption algorithms are very crucial components of cryptosystems, but

in many ways they're the least likely part of a cryptosystem to be vulnerable.

The most common places we might expect to see weaknesses are the implementation,

the management of the keys, and management of data when it's not encrypted.

Plaintext, how's it exists at the end points of the system?

[MUSIC]