[MUSIC] So in this lesson we're going to consider how cryptosystems could be broken. This might seem a strange thing to do, but sometimes the best way of understanding something, is understanding how it might not work. So at the end of this lesson, you'll be able to appreciate that cryptographic algorithm is only one component of a wider cryptosystem. And you'll be able to identify potential points of vulnerability in a cryptosystem. So let's start with that word cryptosystem, which is a new word we've introduced. And it's important to realize that in the last lesson we talked about algorithms and keys. But in the real world, the algorithm is not going to exist in isolation. A cryptographic algorithm is only one part of the wider system in which it is implemented. So we can think of a cryptosystem as consisting of the algorithm. But also the way it's implemented, the implementation, the way it's embedded into the technology that we want to use that cryptosystem for. But critically, also, the way the keys are managed. Keys play a very, very important role in cryptography, and they have to be looked after and integrated into a system. So the management of keys is a critical part of a cryptosystem. So there are two broad ways that we might break a cryptosystem in its wider sense. And one would be, somehow, to access the decryption key, somehow get hold of the decryption key. If you're able to do that, all ciphertexts produced using the matching encryption key will be recoverable. An alternative is somehow to find a way of getting hold of plaintext, without that decryption key. And if either of these things happen, we'll consider the cryptosystem broken. So let's start with the first component of that cryptosystem, the algorithm itself. And an alarming piece of news, an algorithm can always be broken. How is that? Well, let's consider that an attacker observes a ciphertext that has been scrambled. And they recover the ciphertext by listening in to the channel in which it's sent. It doesn't make any sense to them. But they know the algorithm that was used, and that is normal. We normally know the algorithm that is used to produce ciphertext. So if they know the algorithm, there's always the option of trying out every single possible decryption key that exists. Take the first decryption key, try it, decrypt the ciphertext. See if that makes sense. Take the second decryption key, decrypt the ciphertext, see if that makes sense, and continue. And this would be a very tiring process, hopefully, to conduct. And that's why we call this an exhaustive key search. You get to search the whole space of possible decryption keys. So we've just seen that every encryption algorithm can be broken by this exhaustive key search. How would we stop this happening? Well, the answer's simple. Make sure there are so many decryption keys that this is just a waste of time for anyone to conduct. And that's exactly what happens. In any encryption algorithm we use in the modern technology, there are so many possible keys. That it's just totally unrealistic on modern computers to search through all these keys and find it by accident. So in fact, we shouldn't really worry in modern cryptography about exhaustive key search. We're going to make that impossible to conduct in practice. Now if we take real encryption algorithms used in really commercial products like the advanced encryption standard. It's probably fair to assume, in fact, that the algorithm does not really have any weaknesses. Why is that? Well, most modern encryption algorithms are studied by experts. They are submitted to standardization panels. Many people have looked at them, analyzed them. They cannot see any weaknesses. And that doesn't mean they don't exist. But it means that the sort of expert of belief, is that there are no weaknesses. And it would be reasonable therefore to assume that in a modern technology, normally, there's a good encryption algorithm being used. And there are so many keys that attacking the cryptosystem by means of the algorithm is not realistic. However, remember that it's a cryptosystem we might be attacking, and there are other points of weakness. And one of these is implementation. That strong algorithm has got to be put onto a real technology. And during implementation, many things can go wrong. Someone might not follow the instructions, things might not work as expected, systems might not integrate as well as we hoped. And there are a number of subtle implementation attacks against modern encryption algorithms that include doing things like analyzing the power consumption as a device performs encryption. Analyzing timing as a device performs encryption, and seeing if that data itself allows you to learn information about the plaintext and keys being operated on at that time. So these really exists. And these are called side channel attacks. But perhaps an even more straightforward part of a cryptosystem to analyze is the key management. And this is one of the weakest points in any cryptosystem, because encryption keys and decryption keys have to be distributed around the system, and looked after throughout the running of the system. These keys have to be created. They have to be generated. They have to be established around the network, in the right places where they are needed. They have to be stored securely on devices. And when their life time is over, they have to be destroyed. Sometimes they need to be changed. And all of these phases are phases where, in theory at least, a cryptosystem could be weak, if any one of these stages are is exploited. There's one other part of a cryptosystem that's very vulnerable. And it's a somewhat obvious part of a cryptosystem, but it's one many people overlook. And that's the end points. Think about buying something online, for example. The plaintext you want to protect here are typically your bank card details. Normally, we encrypt that traffic as it goes across the internet, it arrives at the online store, they decrypt these details. But the question is, what happens to the bank card details at either end? Where are your bank card details? Have you put them into a file on your computer? Are they available to someone who's next to your computer and can see the card details? And what happens to the bank card details after the online store decrypts them? What do they do with them? Sometimes we don't know. And it's important to realize that these two endpoints, where plaintext exists both before it is encrypted and after it's decrypted, are vulnerable points with cryptosystem that we have to focus on. So in summary, yes, encryption algorithms are very crucial components of cryptosystems, but in many ways they're the least likely part of a cryptosystem to be vulnerable. The most common places we might expect to see weaknesses are the implementation, the management of the keys, and management of data when it's not encrypted. Plaintext, how's it exists at the end points of the system? [MUSIC]