Basic Attacks Against SSL
Brute Force Cryptanalytic
Attack:
SSL implementations support a variety of public
and secret key crypto algorithms. The secret key algorithms use key lengths
ranging from 40 bits to 168 bits. The most common SSL software is limited to
40-bit secret keys and 521-bit RSA keys because of export restrictions. While there
has been no public demonstration of cracking a 512-bit public key, there have
been several demonstrations of cracking 40-bit secret keys.
Brute force search or Exhaustive key search is the basic technique of trying every possible in turn until the correct key is identified. To identify the correct key it may be necessary to possess a plaintext and its corresponding ciphertext, or if the plaintext has some recognizable characteristic, ciphertext alone might suffice.
Advances in technology and computing performance will always make exhaustive key search an increasingly practical attack against keys of a fixed length.
Known Plaintext “Dictionary”
Attack:
The known plaintext attack could be a particular risk in Web applications since many messages will contain predictable data, like the HTTP GET command. The most efficient form of known plaintext attack is a dictionary attack, and it is particularly effective when only a small number of secret crypto keys are used. The attackers construct a dictionary containing every possible encryption of the known plaintext message (GET command for example). When they receive an encrypted message, they take the portion containing the encrypted GET command and look up the ciphertext in the dictionary. The ciphertext should match against a dictionary entry that was encrypted with the same secret key. It they get a “hit” they immediately know the secret key. If they get several this, they can simply apply each of them to determine which is the right one.
SSL protects against dictionary attacks by not really using a 40-bit key. The key is really 128 bits long with only 40 bits of the key kept secret. The rest of the key is constructed from data that is disclosed in the Hello messages. However, this arrangement means that the dictionary cannot be simply 40 bits long. Since the 40-bit secret key is combined with 88-bit “disclosed” key, the resulting encryption does in fact use all 128 keys bits. Thus, the dictionary must also have separate entries for all of the 128-bit keys. This makes the attack impractical.
Replay Attack:
In this attack, Play-It-Again Sam collects messages sent earlier and replays them so that an interesting transaction gets repeated. For example, this could be a transaction that sends Sam some money. SSL defeats replay attacks during the handshake protocol by using a 128-bit nonce value that is unique to that connection. Sam cannot predict the nonce in advance, since it is based on events he likewise cannot predict. Therefore, a replayed nonce value won’t look right to the client or the server if Sam tries to replay a previous set of SSL handshake messages.
Man In The Middle Attack:
Consider two persons Alice and Bob who want to share some secret information. In this attack, an opponent Carol intercepts Alice's public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. Carol and Alice thus agree on one shared key and Carol and Bob agree on another shared key. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. SSL blocks this attack by using signed certificates to authenticate the server’s public key, and the digital signature of a trusted entity called the certificate authority. The certificate authority’s public key is distributed with the SSL client software, which allows the client software to verify that the certificate’s contents are genuine and unmodified. This lets the SSL client verify both the server’s name and its public key value.
Internet
Cryptography:- Richard E. Smith