Ecommerce Security  «Prev  Next»
Lesson 5 Attacks on encrypted data
Objective Identify various methods of attacking encrypted data.

Attacks on Encrypted Data

A thief possesses a number of tools of the trade; perhaps a device to pick locks, or gloves to prevent fingerprints, or all black clothes to blend into the night. The cyber-thief or hacker also possesses a variety of tools and techniques to undermine the security of your Web-based e-commerce site. Though encryption/decryption is enough to keep most hackers at bay, the most sophisticated hackers have developed techniques that can compromise a cryptosystem. This lesson offers an overview of some of those techniques.

Attacks on Cryptosystem

Attacks on a cryptographic system, or cryptosystem, occur in a variety of ways. one of the forms described in the table below.
Forms of attack Description
Ciphertext-only attack From the ciphertext of several messages encrypted using the same key, the attacker works backwards in an attempt to derive either the plaintext or the key.
Plaintext attack An attempt to find the value of a specific key is known as a plaintext attack. Once the key is discovered, a subsequent message sent from the network can be deciphered. In a known plaintext attack, the attacker attempts to derive the key from both the ciphertext and the corresponding plaintext of several messages. A chosen plaintext attack is one in which someone can choose some plaintext but no ciphertext, and then generate encrypted text to derive the key.
Brute force attack Previously considered slow and cumbersome, in this approach all possible key values are tested by the cryptanalyst until the correct one is found. However, with the rapid increase of processing power and the development of special purpose encryption hardware, brute force attacks have become more prevalent.

In the next lesson, you will learn how to fend off attacks on your data with various encryption methods.