0:00

[MUSIC]

Â So in this lesson we're going to consider how cryptosystems could be broken.

Â This might seem a strange thing to do, but sometimes the best way of understanding

Â something, is understanding how it might not work.

Â So at the end of this lesson, you'll be able to appreciate that cryptographic

Â algorithm is only one component of a wider cryptosystem.

Â 0:22

And you'll be able to identify potential points of vulnerability in a cryptosystem.

Â So let's start with that word cryptosystem,

Â which is a new word we've introduced.

Â And it's important to realize that in the last lesson we talked about algorithms and

Â keys.

Â But in the real world, the algorithm is not going to exist in isolation.

Â 0:50

But also the way it's implemented, the implementation,

Â the way it's embedded into the technology that we want to use that cryptosystem for.

Â But critically, also, the way the keys are managed.

Â Keys play a very, very important role in cryptography,

Â and they have to be looked after and integrated into a system.

Â So the management of keys is a critical part of a cryptosystem.

Â So there are two broad ways that we might break a cryptosystem in its wider sense.

Â And one would be,

Â somehow, to access the decryption key, somehow get hold of the decryption key.

Â If you're able to do that, all ciphertexts produced using the matching encryption key

Â will be recoverable.

Â An alternative is somehow to find a way of getting hold of plaintext,

Â without that decryption key.

Â And if either of these things happen, we'll consider the cryptosystem broken.

Â 1:40

So let's start with the first component of that cryptosystem, the algorithm itself.

Â And an alarming piece of news, an algorithm can always be broken.

Â How is that?

Â Well, let's consider that an attacker observes a ciphertext

Â that has been scrambled.

Â And they recover the ciphertext by listening in to the channel in

Â which it's sent.

Â It doesn't make any sense to them.

Â 1:59

But they know the algorithm that was used, and that is normal.

Â We normally know the algorithm that is used to produce ciphertext.

Â So if they know the algorithm, there's always the option of trying out

Â every single possible decryption key that exists.

Â Take the first decryption key, try it, decrypt the ciphertext.

Â See if that makes sense.

Â Take the second decryption key, decrypt the ciphertext,

Â see if that makes sense, and continue.

Â And this would be a very tiring process, hopefully, to conduct.

Â And that's why we call this an exhaustive key search.

Â You get to search the whole space of possible decryption keys.

Â So we've just seen that every encryption algorithm can be broken by this exhaustive

Â key search.

Â How would we stop this happening?

Â Well, the answer's simple.

Â Make sure there are so many decryption keys that this is just a waste of time for

Â anyone to conduct.

Â And that's exactly what happens.

Â In any encryption algorithm we use in the modern technology, there are so

Â many possible keys.

Â That it's just totally unrealistic on modern computers to search through all

Â these keys and find it by accident.

Â So in fact,

Â we shouldn't really worry in modern cryptography about exhaustive key search.

Â We're going to make that impossible to conduct in practice.

Â Now if we take real encryption algorithms

Â used in really commercial products like the advanced encryption standard.

Â It's probably fair to assume, in fact,

Â that the algorithm does not really have any weaknesses.

Â Why is that?

Â Well, most modern encryption algorithms are studied by experts.

Â They are submitted to standardization panels.

Â Many people have looked at them, analyzed them.

Â They cannot see any weaknesses.

Â And that doesn't mean they don't exist.

Â But it means that the sort of expert of belief, is that there are no weaknesses.

Â And it would be reasonable therefore to assume that in a modern technology,

Â normally, there's a good encryption algorithm being used.

Â And there are so many keys that attacking the cryptosystem by means of the algorithm

Â is not realistic.

Â 3:51

However, remember that it's a cryptosystem we might be attacking, and

Â there are other points of weakness.

Â And one of these is implementation.

Â That strong algorithm has got to be put onto a real technology.

Â And during implementation, many things can go wrong.

Â Someone might not follow the instructions,

Â things might not work as expected, systems might not integrate as well as we hoped.

Â And there are a number of subtle implementation attacks

Â against modern encryption algorithms that include doing things like

Â analyzing the power consumption as a device performs encryption.

Â Analyzing timing as a device performs encryption, and

Â seeing if that data itself allows you to learn information about the plaintext and

Â keys being operated on at that time.

Â So these really exists.

Â And these are called side channel attacks.

Â But perhaps an even more straightforward part of a cryptosystem

Â to analyze is the key management.

Â And this is one of the weakest points in any cryptosystem, because

Â encryption keys and decryption keys have to be distributed around the system, and

Â looked after throughout the running of the system.

Â These keys have to be created.

Â They have to be generated.

Â They have to be established around the network,

Â in the right places where they are needed.

Â They have to be stored securely on devices.

Â And when their life time is over, they have to be destroyed.

Â 5:46

Where are your bank card details?

Â Have you put them into a file on your computer?

Â Are they available to someone who's next to your computer and

Â can see the card details?

Â And what happens to the bank card details after the online store decrypts them?

Â What do they do with them?

Â 6:14

So in summary, yes,

Â encryption algorithms are very crucial components of cryptosystems, but

Â in many ways they're the least likely part of a cryptosystem to be vulnerable.

Â The most common places we might expect to see weaknesses are the implementation,

Â the management of the keys, and management of data when it's not encrypted.

Â Plaintext, how's it exists at the end points of the system?

Â [MUSIC]

Â