Data encryption and decryption schemes, or cryptographic algorithms (a.k.a., ciphers), are well known. Data encryption generally includes concealing the meaning and/or content of data transmitted between a data source and one or more data destination(s), from unauthorized access by eavesdroppers (e.g., adversaries, attackers, interceptors, interlopers, intruders, opponents, or enemies). Data requiring encryption may include financial transaction data, military data, etc. Many data encryption/decryption schemes further include an authentication, integrity and non-repudiation process to establish, usually by challenge and response, that a data transmission attempt is authorized and valid, that the data has not been modified in transit and that the data was actually sent by the sender. That is, the authentication, integrity and non-repudiation process makes it possible for the receiver of the transmitted data to ascertain the data origin to ensure that it originated from an authorized data source or sender.
Modern encryption/decryption schemes use encryption keys to encrypt and decrypt data. In some cases, the encryption keys are random-bit strings generated by some automatic process. Encryption/decryption schemes may be based on either a symmetric algorithm where an encryption key can be calculated from the decryption key, and vice versa, or an asymmetric algorithm, or public-key algorithm, where the encryption key cannot generally be calculated from the decryption key. Symmetric algorithms can be further divided into two categories; stream algorithms that operate on the data one bit (or sometimes byte) at a time, and block algorithms that operate on the data in groups of bits called blocks. Stream cipher coding using stream algorithms is generally considered more secure than block cipher coding using block algorithms. During operation of a symmetric algorithm, unencrypted data, or plaintext, is encrypted at the sending end to form ciphertext. Conversely, at the receiving end, the ciphertext is decrypted to form the original plaintext.
Most users of data encryption/decryption schemes utilize a standardized, well known, underlying communications protocol that is independent of the encryption/decryption schemes. For example, a symmetric algorithm may be used to encrypt data that has been configured using a protocol based on the IEEE 802.3 Ethernet standard. These communication protocols often utilize error detection and correction techniques (e.g., cyclic redundancy check (CRC), checksum) that allow the receiving device to determine when data (e.g., a decrypted data packet) has been corrupted during transmission, and to then discard the corrupted data. These error detection techniques are designed to reliably detect data inadvertently corrupted due to, for example, bursts of additive white Gaussian noise. They are not designed to necessarily detect malicious activity.
Unfortunately, data formatted into data packets having well-known communication protocol structures may be determined by inspection, even when the data is encrypted. For example, some communication protocols use delay delimited frames where a data packet is considered terminated when the data transmitter has not transmitted data for a predetermined period of time. When not transmitting data packets, the data transmitter is said to be idle. If an eavesdropper intercepts ciphertext configured using the delay delimited protocol, the eavesdropper may be able to discern the beginning and end of a data packet by detecting the idle time between packets.
An eavesdropper may alter the contents of one or more encrypted data packets such that the alteration goes undetected by error detection techniques. Such an alteration is achieved when the eavesdropper intercepts the ciphertext, and using “reverse engineering” methods, is able to correctly alter the CRC portion of the data packet to match malicious alteration of another portion of the data packet so that a receiving device does not detect the alteration when performing error detection on the plaintext generated by a decryptor.
Although there are a number of “hacking” methods used by an eavesdropper, one method commonly used involves knowledge of a portion of the plaintext and calculation of the random number sequence used to encrypt that portion of the plaintext (i.e., a known-plain attack). Having knowledge of a portion of the plaintext allows the eavesdropper to decrypt the associated ciphertext to determined the random number sequence, alter the plaintext, determine the new CRC field, and then re-encrypt the altered plaintext with the determined random number sequence to form altered ciphertext. Upon receiving the altered ciphertext, the decryptor converts it to plaintext and forwards the plaintext to the receiving device where no errors are detected using its error detection technique. In this way an eavesdropper is able to introduce altered data into the receiver that may cause damage to the system connected to the receiving device.
To perform a known-plaintext attack, the eavesdropper calculates the random number sequence, or encryption stream, from the ciphertext. This may be accomplished by inspecting each data packet of the ciphertext to determine a structure known to be consistent with a fixed content data packet. For example, a communication protocol may use a well known fixed-content data packet to enable some functionality in the receiving device, where the contents of the fixed-content data packet transmitted at a first time are identical to the contents of the fixed-content data packet transmitted at a second time, third time, etc. By monitoring ciphertext and looking for specific data packets having the discerned length of the fixed-content data packet, the eavesdropper calculates the encryption stream by XORing the encrypted fixed-content data packet with the known, fixed contents of the data packet. After calculating the encryption stream, the eavesdropper can alter the data packet as described above or the eavesdropper can construct an entirely different type of data packet, selected to cause maximum damage to the system connected to the receiving device.