E-Commerce Security

Coursework March 2004

Jonathan Lelliott - A052956

Part II - 1

The RSA Algorithm is a form of asymmetric public key cryptography that bases its security in the difficulty of factoring numbers. For Eve to properly decrypt the message that she intercepted, she would normally require the private key of the intended recipient. The sender issues a public key to each intended recipient of the message who then use import it into their 'key ring'. They use this key encrypt and decrypt messages from that particular sender.

Eve's ambition is to attack the RSA algorithm and find out which month of the twelve was written in the message. There are several ways of going about this task. If Eve can actually tamper with the communication between you and lecturer as well as listening passively, then she can substitute her public key for the lecturers and then use her private key to decrypt the message.

Cryptanalytic attacks are usually divided into six categories that distinguish the extent of information the attacker has available to mount an attack. The categories are, cipher text-only, chosen-plaintext, adaptive-chosen-plaintext, chosen-cipher text and adaptive-chosen-cipher text. Given that Eve knows the message is a month of the year, Eve can use the sender's public key and use it to encrypt each month of the year and then compare this cipher text with that of the encrypted email she intercepted, a chosen-plaintext method of attack. This is the basis for an exhaustive key search (also known as a Brute Force Attack), a technique of trying every possible key in turn until the correct key is identified. It is made easier for Eve as she posses a piece of plaintext (i.e. it's got to be one of the months of the year) and its corresponding cipher text. According...