使公民系统更安全:实用的加密绕过和对策

Marios Adam Sirgiannis, C. Manifavas, I. Papaefstathiou
{"title":"使公民系统更安全:实用的加密绕过和对策","authors":"Marios Adam Sirgiannis, C. Manifavas, I. Papaefstathiou","doi":"10.1109/ISCC55528.2022.9912814","DOIUrl":null,"url":null,"abstract":"Cryptography is used to protect the confidentiality, integrity, and authenticity of information by preventing unauthorized users from accessing or modifying them. Encryption techniques are used to protect personal or company data. This work demonstrates practical scenarios where, under certain conditions, encryption may be bypassed. Bypassing encryption, either by recovering the encryption key, a password used to generate the encryption key, or a plaintext copy of the encrypted data, allows for accessing data which appear to be inaccessible in the first place. There are six categories for bypassing encryption: find the key, guess the key, compel the key, exploit a flaw in the encryption scheme, access unencrypted message when the device is in use and locate an unencrypted copy of the message. In this study we utilize publicly available software to demonstrate real-world scenarios that fall into most of the aforementioned categories and show how, in those specific cases, encryption may be successfully bypassed. Moreover, we underline that bypassing encryption is possible only when certain conditions are met (e.g., software misconfiguration, physical access to the target device, etc.) and we highlight each one of them so as to effectively suggest countermeasures to the demonstrated techniques for encryption bypassing. The main aim of this paper is to highlight how encryption can be bypassed and thus make citizens set up their system in such a way that it would be more difficult to be hacked. This is especially important for citizens that may have limited knowledge/exposure to technology as they can be, for example. people from certain diversity groups such as elderly and/or people of very low income.","PeriodicalId":309606,"journal":{"name":"2022 IEEE Symposium on Computers and Communications (ISCC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Making Citizens' systems more Secure: Practical Encryption Bypassing and Countermeasures\",\"authors\":\"Marios Adam Sirgiannis, C. Manifavas, I. Papaefstathiou\",\"doi\":\"10.1109/ISCC55528.2022.9912814\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cryptography is used to protect the confidentiality, integrity, and authenticity of information by preventing unauthorized users from accessing or modifying them. Encryption techniques are used to protect personal or company data. This work demonstrates practical scenarios where, under certain conditions, encryption may be bypassed. Bypassing encryption, either by recovering the encryption key, a password used to generate the encryption key, or a plaintext copy of the encrypted data, allows for accessing data which appear to be inaccessible in the first place. There are six categories for bypassing encryption: find the key, guess the key, compel the key, exploit a flaw in the encryption scheme, access unencrypted message when the device is in use and locate an unencrypted copy of the message. In this study we utilize publicly available software to demonstrate real-world scenarios that fall into most of the aforementioned categories and show how, in those specific cases, encryption may be successfully bypassed. Moreover, we underline that bypassing encryption is possible only when certain conditions are met (e.g., software misconfiguration, physical access to the target device, etc.) and we highlight each one of them so as to effectively suggest countermeasures to the demonstrated techniques for encryption bypassing. The main aim of this paper is to highlight how encryption can be bypassed and thus make citizens set up their system in such a way that it would be more difficult to be hacked. This is especially important for citizens that may have limited knowledge/exposure to technology as they can be, for example. people from certain diversity groups such as elderly and/or people of very low income.\",\"PeriodicalId\":309606,\"journal\":{\"name\":\"2022 IEEE Symposium on Computers and Communications (ISCC)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Symposium on Computers and Communications (ISCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC55528.2022.9912814\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC55528.2022.9912814","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

密码学用于防止未经授权的用户访问或修改信息,从而保护信息的机密性、完整性和真实性。加密技术用于保护个人或公司数据。这项工作演示了在某些条件下可以绕过加密的实际场景。通过恢复加密密钥、用于生成加密密钥的密码或加密数据的明文副本来绕过加密,可以访问从一开始就无法访问的数据。有六种绕过加密的方法:找到密钥、猜测密钥、强制密钥、利用加密方案中的漏洞、在设备使用时访问未加密的消息以及定位消息的未加密副本。在本研究中,我们利用公开可用的软件来演示属于上述大多数类别的真实场景,并展示如何在这些特定情况下成功绕过加密。此外,我们强调,只有在满足某些条件(例如,软件错误配置,对目标设备的物理访问等)时才有可能绕过加密,并且我们突出了其中的每一个,以便有效地建议对加密绕过演示技术的对策。本文的主要目的是强调如何绕过加密,从而使公民以更难以被黑客入侵的方式设置他们的系统。例如,这对那些可能知识有限/接触技术有限的公民来说尤其重要。来自某些不同群体的人,如老年人和/或低收入者。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Making Citizens' systems more Secure: Practical Encryption Bypassing and Countermeasures
Cryptography is used to protect the confidentiality, integrity, and authenticity of information by preventing unauthorized users from accessing or modifying them. Encryption techniques are used to protect personal or company data. This work demonstrates practical scenarios where, under certain conditions, encryption may be bypassed. Bypassing encryption, either by recovering the encryption key, a password used to generate the encryption key, or a plaintext copy of the encrypted data, allows for accessing data which appear to be inaccessible in the first place. There are six categories for bypassing encryption: find the key, guess the key, compel the key, exploit a flaw in the encryption scheme, access unencrypted message when the device is in use and locate an unencrypted copy of the message. In this study we utilize publicly available software to demonstrate real-world scenarios that fall into most of the aforementioned categories and show how, in those specific cases, encryption may be successfully bypassed. Moreover, we underline that bypassing encryption is possible only when certain conditions are met (e.g., software misconfiguration, physical access to the target device, etc.) and we highlight each one of them so as to effectively suggest countermeasures to the demonstrated techniques for encryption bypassing. The main aim of this paper is to highlight how encryption can be bypassed and thus make citizens set up their system in such a way that it would be more difficult to be hacked. This is especially important for citizens that may have limited knowledge/exposure to technology as they can be, for example. people from certain diversity groups such as elderly and/or people of very low income.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Convergence-Time Analysis for the HTE Link Quality Estimator OCVC: An Overlapping-Enabled Cooperative Computing Protocol in Vehicular Fog Computing Non-Contact Heart Rate Signal Extraction and Identification Based on Speckle Image Active Eavesdroppers Detection System in Multi-hop Wireless Sensor Networks A Comparison of Machine and Deep Learning Models for Detection and Classification of Android Malware Traffic
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1