-
18.2.1 Advances in cryptanalysis In June 2013, The Guardian and Washington Post simultaneously published an article about a secret order issued by the United States Foreign Intelligence Surveillance Court ordering Verizon, one of the largest telecommunication providers in the US, to hand over all call records and the metadata of millions Verizon customers to the […]
-
18.2.2 Cryptographic agility To cope with possible future advances in cryptology, good security systems are built in a way that makes it easy to replace individual cryptographic algorithms with new ones if needed. This design pattern is called algorithm agility or cryptographic agility (or crypto-agility, for short) and allows maintaining the security of a system, […]
-
18.3 ChaCha20 ChaCha20 is a fast block cipher defined in RFC 8439 ChaCha20 and Poly1305 for IETF Protocols [131]. The number 20 in the cipher’s name refers to a specific ChaCha variant that uses 20 rounds or, equivalently, 80 quarter rounds to compute the ciphertext. ChaCha20’s state is stored in a 4 by 4 matrix […]
-
18.3.3 ChaCha20 encryption algorithm The ChaCha20 cipher uses the ChaCha20 block function – with the same key and home, and increasing block counter – to generate a key stream block. The key stream blocks are concatenated into a key stream. The cipher subsequently XORs the key stream to the plaintext. Algorithm 8 shows the complete […]
-
18.4.1 Generating the Poly1305 key using ChaCha20 The Poly1305 key k can be generated pseudorandomly, for example, using the ChaCha20 block function. In this case, Alice and Bob need a dedicated 256-bit session key intended specifically for message authentication. Generation of the authentication key (r,s) is done by computing the ChaCha20 block function with the […]
-
18.6 Mandatory-to-implement cipher suites For compatibility purposes, every TLS endpoint must fulfill a minimum set of requirements. To ensure this, Chapter 9 in RFC 8446 defines three types of compliance requirements: If there is no dedicated application profile standard that prescribes different algorithms, TLS 1.3 specification requires a TLS endpoint to implement cipher suites given […]
-
19.1 Preliminary remarks On the most abstract level, a cryptographic protocol such as TLS can be viewed as a cryptographic system, that is, a system that utilizes cryptographic techniques to achieve certain protection goals. In the present chapter, we will discuss various types of cryptographic attacks. However, we will not consider malware-based attacks (see https://en.wikipedia.org/wiki/Category:Cryptographic_attacks […]
-
The malware subsequently started to quickly spread over networks by exploiting a security vulnerability in Windows operating systems called EternalBlue. EternalBlue, a security flaw in the Server Message Block (SMB) protocol used for sharing files over Windows networks, was originally discovered by the NSA. It allowed NotPetya to gain access to vulnerable Windows systems without […]
-
19.3 Local versus remote attacks Geographic constraints imposed on the attacker form the second fundamental attack characteristic in practical cryptography and information security.Figure 19.3 shows a local attack where Mallory needs to be co-located with Bob. What the term co-located exactly means depends on the specific attack. Figure 19.3: Local attack In some cases, the […]
-
19.3.1 The scalability of local and remote attacks Why do we care whether an attack is local or remote? The answer is scalability – an attack characteristic closely related to the economic concept of marginal cost. In economics, the marginal cost of goods refers to the additional cost incurred by producing one more unit of […]