The Cryptographic Attacks: E-Fail & Krack Attacks

Question

Task: This assessment asks you to apply what you have learnt on the module to two recently discovered, very high-profile vulnerabilities, are commonly referred to as E-FAIL (original paper here: https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak) and KRACK (original paper here: https://papers.mathyvanhoef.com/ccs2017.pdf). Answer the following questions in part a for E-FAIL, and part b for KRACK. I expect answers to be between 4 and 8 pages in total.

Question 1: 40%
Research each attack and explain the cryptographic weaknesses that make the attack possible, and explain how the attack is performed.

Question 2: 30%
Explain what can be done with the E-FAIL and KRACK attacks? What do each of them allow an attacker to do, and what kind of access does the attacker need?

Question 3: 30%
Assume you have been asked by a business to assess the risks these attacks pose to them. Write some advice for the business. Can the business know if the attacks were used against them? State what the impact of the attacks might have been and what the business should do.

Answer

Answer 1
E-Fail Attacks
The forms of security and privacy attacks on the information sets are changing with the development in the technology. Cryptographic attacks are one of the latest forms of the security attacks in which the manipulation or attack on the cryptographic algorithm is done to hamper the information properties. There are several different cryptographic attacks that have been created and one of these types is the E-fail attacks (Poddebniak et al., 2018). The name E-fail is derived from the popular electronic communication method called e-mail. This is because these Cryptographic attacks target the emails and acquire the secure information from the same. The web users share a lot of private and professional information on the mail channels. The security of these mails is maintained and guaranteed through the encryption protocols and standards (Khandelwal, 2020). The standards used for the encryption may vary from one email client to the other. The two very popular standards and PGP and S/MIME that stand for Pretty Good Privacy and Secure Multipurpose Internet mail Extensions respectively. Some of the email clients involve an addition resource which may be external to the network for the purpose of encryption. The probability of the e-fail attack occurrence is more on such cases. The malicious attacker can carry out the e-fail attacks when the mail access is provided to them. The manipulation and modification in the mail is done with the misuse of the access. The attacker also ensures that the user does not get to know about these undue modifications and the unauthorized use of access is done for the same. There are different forms of attack measures that are used within the e-fail attack. One is the impersonation attack wherein the user is made to falsely believe the mail source to be authentic so that the private information can be extract from the user. There are several languages that are used to create the web pages and one of the most common out of all is the hypertext mark-up language. The use of tags in this language is done which are also used to carry out the e-fail Cryptographic attacks. The misuse of the image tag is done to gain access to the plain-text mail information and manipulate the same as per the choice.

KRACK Attack
Another form of the cryptographic attack is the KRACK attack. It is the full-form of the Key Reinstallation Attack and it has the potential to cause damage to the information properties. There has been massive transformation and development that has occurred in the field of networking and communication over the past several years. The users in the present times rely on the wireless mode of networks for connectivity and information sharing. WPA2 is one of the security techniques applicable on these networks so that the information can be securely shared. There are certain securities loopholes present in the method which is used by the attackers for carrying out the KRACK attacks. The use of 4-way handshake process is done in the KRACK attack which is one of the Cryptographic attacks, over the WPA2 security method. There are messages that are exchanged between the access points and the clients in the 4-way handshake process. The initial message may be exposed to the eavesdropping attack and the use of cloning may be done as well to make changes in the actual path of the message. The user may develop connection with a cloned access point and the process may continue till the exchange of the third message (Zhang & Ma, 2019, p. e4192). The fourth message may be blocked by the attacker and may be retransmitted by the client. This is where the attacker may get the opportunity to carry out the attack and alter the value of the nonce counter as well. The data packets shared further may be able access the plaintext and the overall security of the mail content may be put at risk.

Answer 2
It is essential that there are specific measures followed to deal with the cryptographic attacks. The absence of the countermeasures will lead to the enhancement of the degree of the impact and it may become difficult to maintain the security and privacy of the information.

E-Fail Attacks
It is essential that the measures are adopted to bring down the attack surface and the attack window. The initial steps shall include the involvement of a third-party security app for the purpose of decryption. The mail rendering shall be avoided as a significant measure. The attackers mainly use email abuse as the attack method. This will have a direct implication on the attack window and the attack surface. The business firms can also adopt the additional measures which shall include the changes in the information security policies. Many of the business firms do not maintain a regular patch management process. This shall not be the case and the patch management must be done on a regular basis. This will make sure that the loopholes in security are filled and the possibility of the attack is reduced (Venkatraman & Overmars, 2019, p.20).

KRACK Attacks
The KRACK attacks are one of the Cryptographic attacks that can be controlled with the installation of the proper security patches. The security patches will ensure that the updates are made in the security policies and measures and the latest security tools are used. The KRACK attacks primarily occur when the retransmission of the message is done. The business firms and the security experts shall ensure that the key replay counter is utilized in the process so that the scope of the attack execution is reduced (Lee, 2018, pp. 40–47). The KRACK attacks were identified as the vulnerability and the measures to control the same were implemented so that the Cryptographic attacks do not occur. The use of the common security methods must be done in the process so that the security attack is avoided. The users shall be trained on the security practices and must avoid the sharing of authorized information with the unauthorized entities. The basic network security shall be improved with the use of networking firewalls and the proxy servers.

Attacker Activities & Access Needed
There are specific accesses that are required by the malicious entities to carry out both the e-fail and the KRACK attacks. The e-fail attacks occur on the e-mails that may be sent for personal or professional use (Vanhoef & Piessens, 2017). The attackers need access to the mails so that they can carry out the further process in the execution of the attack. The information that may be captured by the attackers may be misused and it may go against the information owner and the associated business organization. The private details of the business firm may get exposed in the process which may lead to legal obligations.

The KRACK attacks are carried out by the malicious entities with the aid of the WPA2 method used for network security. The access to these networking channels is one of the pre-requisites that are required for the execution of the KRACK attacks. Once the attacker succeeds in carrying out these attacks, it can have severe implications. This is because the wireless networks are nowadays used by the users to share the critical information. The attackers may gain access to such critical data which may be manipulated or misused and this may have severe implications on the owners of these data sets. The attackers may also share the information with the rivals of a business firm which may be used by the rival party to carry out the security attack. This can cause devastating impacts on the organization.

Answer 3
There are ways in which the businesses can get to know if any of the two Cryptographic attacks occurred. There are system and network logs that are maintained by the business firms and the occurrence of any of the Cryptographic attacks will bring changes in these logs. One of the measures to determine if the Cryptographic attacks occurred is the analysis of these logs. There are automated systems, such as intrusion detection systems that are also used by the business firms and these can be used to understand if there is any variation. It is essential that the measures are adopted to bring down the attack surface and the attack window. The underlying steps will include the involvement of an outsider security application with the end goal of decryption. The mail rendering will be avoided as a huge measure. The attackers for the most part use email abuse as the attack method. This will have direct ramifications on the attack window and the attack surface. The business firms can likewise embrace the extra measures which will include the changes in the data security policies. A considerable lot of the business firms don't keep up a regular patch management process. This will not be the case and the patch management must be done on a regular premise. This will make sure that the loopholes in security are filled and the chance of the attack is reduced. The KRACK attacks can be controlled with the installation of the proper security patches. The security patches will ensure that the updates are made in the security policies and measures and the latest security tools are used. The KRACK attacks principally happen when the retransmission of the message is done. The business firms and the security experts will ensure that the key replay counter is utilized in the process with the goal that the scope of the Cryptographic attacks execution is reduced. The KRACK attacks were identified as the vulnerability and the measures to control the same were implemented with the goal that the attacks don't happen. The use of the normal security methods must be done in the process so the security attack is avoided. The users will be trained on the security practices and should evade the sharing of authorized data with the unauthorized entities. The fundamental network security will be improved with the use of networking firewalls and the proxy servers (Yuanyuan, 2018, pp. 104–107).

Apart from the measures specific to both the Cryptographic attacks i.e. e-fail and KRACK attacks, it is essential that the additional security measures are adopted by the business firms across all the three levels as administrative, technical, and physical security. All the organizations must have a defined information security plan in place and this security plan shall be updated on a regular basis. This is because there are new developments that occur in the field of information security and these must be included in the administrative security plan. On a technical level, the business firms need to be vigilant and the latest information security tools must be implemented. For instance, the network security tools are developed and there is a wide range available in the market. The needs assessment of the business firms shall be done and the selection of the tools shall be done on the basis of the needs. There are integrated security packages that are also available and these shall be installed in the business organizations. The malware protection and access control shall also be ensured with the use of technical tools and equipment. The users in the business firms and the associated customers shall be provided awareness and information on the common security practices to avoid the security risks due to users’ negligence. There are several security risks and attacks that occur because of the negligence of the users. For example, the employees of the business firm share the confidential information at home or outside of the office. This leads to the violation of information confidentiality. It has also been observed that some of these Cryptographic attacks are planned and carried out with a personal motive. Such Cryptographic attacks can be avoided with strong access control and the ethical policies to control these scenarios. The employees need to know the impacts that can emerge with the occurrence of the security attack. This can only be done if the collaborated security measures are followed and implemented in the business organizations. The physical security must be upgraded as well and it shall include the installation of the security and surveillance tools along with the identity management systems to safeguard the information sets and systems (Pathari & Sonar, 2018, pp. 264–280). The integrated security approach will make sure that the overall status of security in the business organization is improved and the occurrence of the security risks and Cryptographic attacks is controlled as well. This will also provide the ability to keep the information properties intact at all times.

References
Khandelwal, S. (2020). Here’s How eFail Attack Works Against PGP and S/MIME Encrypted Emails. Retrieved March 19, 2020, from The Hacker News website: https://thehackernews.com/2018/05/efail-pgp-email-encryption.html

Lee, Y. (2018). Detecting Code Reuse Attacks with Branch Prediction. Cryptographic attacks Computer, 51(4), 40–47. https://doi.org/10.1109/mc.2018.2141035

Pathari, V., & Sonar, R. (2018). Identifying linkages between statements in information security policy, procedures and controls. Information Management & Computer Security, 20(4), 264–280. https://doi.org/10.1108/09685221211267648

Poddebniak, D., Dresen, C., Müller, J., Ising, F., Schinzel, S., Friedberger, S., … Schwenk, J. (2018). Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. Retrieved from www.usenix.org website: https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak

Vanhoef, M., & Piessens, F. (2017). Key Reinstallation Attacks. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS ’17. https://doi.org/10.1145/3133956.3134027

Venkatraman, & Overmars. (2019). New Method of Prime Factorisation-Based Attacks on RSA Authentication in IoT. Cryptography, 3(3), 20. https://doi.org/10.3390/cryptography3030020

Yuanyuan, W. (2018). The Establishment and Implementation of Information Network Security Plan. Cryptographic attacks International Journal of Advanced Network, Monitoring and Controls, 3(2), 104–107. https://doi.org/10.21307/ijanmc-2018-050

Zhang, L., & Ma, M. (2019). Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11ah networks. International Journal of Communication Systems, 33(2), e4192. https://doi.org/10.1002/dac.4192