Meet our Team members:
- Krupali Patel
- Akshar Ketanbhai Patel
- Harshad Krishnaraj
- Shah Zaib
- Md. Saidul Arifin Shuvo
An Introduction to our Project :
In today’s digital age, cryptography plays a vital role in securing communication, protecting sensitive data, and ensuring the integrity of information. However, as cryptographic techniques evolve, so too do the methods used by attackers to undermine them. This Teaching Aide will help you to understand a few of the many Cryptographic Attacks that are threatening today’s modern world as well as how to prevent falling for them.
We also have discussion questions in the comment. Feel free to engage with them as it will test your understanding for the topic.
Thank you for your interest and we hope you like our work.
Please find our video here : https://youtu.be/nFOdA_WU2A0
Scope:
Our teaching aide brings into discussion the various methods attackers may use to attack and compromise a system; through our comprehensive guide, we will focus on these Cryptographic attacks so that a student who is presented with our aide has a better understanding. Some of the different types of cryptographic attacks one will find when within our teaching aid are side-channel attacks, brute force, and man-in-the-middle, which starts with a definition and the
description of an attack, followed by this is an explanation of how these attacks operate and exploit system vulnerabilities.
The key points include:
– Types of Cryptographic Attacks: Clear definitions and operational mechanics of each attack.
– Vulnerability Exposure: Explanation of how these attacks works and cause vulnerabilities.
– Prevention Measures: Proven strategies and effective methods to protect against
such attacks.
– Real-World Examples: Actual instances that demonstrate the relevance and impact of each attack.
– Algorithm Analysis: Highlighting cryptographic algorithms that are either resilient or vulnerable to specific attack types.
– Attack Categorization: Categorizing the different types of cryptographic attacks,
such as passive and active attacks.
Engaging Learning Style:
The format of our teaching aid is designed to engage audiences, so our chosen method of teaching this subject is animated video. This allows us to create an interactive learning environment and helps simplify complex concepts within cryptographic security. Additionally, the animations help break down technical details visually, while the audio explains details in further context, making the information easy to understand and retain.Our goal when starting this project was that, in the case of university students using this animation as a teaching tool, they would better comprehend complex technical concepts through an easily digestible format that brings together a wide range of cryptographic attacks. For example,
topics such as side-channel, differential, and brute-force attacks are often very complex due to their nature involving complex, intricate mathematics, which helped us focus the scope of the aid to distilling these technical details into a clear, concise explanation. By utilizing this direction in our project, we wanted students to grasp the fundamentals of these attacks and then build onto the
foundation for why they are also dangerous in real-world scenarios. These real-world attack examples will help to see the practical aspects of the contextualized theoretical concepts, which will further tie together the implications of these vulnerabilities.
Bridging the Gap Between Academic Research and Student Learning:
By implementing a teaching aid in this medium, we aim to bridge the gap between complex academic research papers with vast amounts of valuable information in a step-by-step breakdown to help students learn better. Additionally, many scholarly papers hold a large volume of technical jargon that can overwhelm new readers who may not already have a foundation for these topics. Our aid crafts together technical high-level concepts using an approachable method. The
animation allows us to transform detailed research into a learning experience that is more dynamic and will enable students to retain information without too much strain.
Conclusion:
From the beginning of our project, we sought to create a highly informative walkthrough, highlighting a different educational format that motivates viewers to explore cryptographic attacks and prevention methods further. By utilizing a technique that combines audio and visual aspects, students will be able to see the provocative necessities of data protection and security awareness. The result is a resource that encourages students to dive deeper into cryptographic security,
allowing them to engage with more material and utilize these findings in real-world scenarios.
Scope:
Our teaching aide brings into discussion the various methods attackers may use to attack and compromise a system; through our comprehensive guide, we will focus on these Cryptographic attacks so that a student who is presented with our aide has a better understanding. Some of the different types of cryptographic attacks one will find when within our teaching aid are side-channel attacks, brute force, and man-in-the-middle, which starts with a definition and the description of an attack, followed by this is an explanation of how these attacks operate and exploit system vulnerabilities.
The key points include:
– Types of Cryptographic Attacks: Clear definitions and operational mechanics of each attack.
– Vulnerability Exposure: Explanation of how these attacks weaken security
protocols and cause vulnerabilities.
– Prevention Measures: Proven strategies and effective methods to protect against
such attacks.
– Real-World Examples: Actual instances that demonstrate the relevance and impact of each attack.
– Algorithm Analysis: Highlighting cryptographic algorithms that are either resilient or vulnerable to specific attack types.
– Attack Categorization: Categorizing the different types of cryptographic attacks,
such as passive and active attacks.
Engaging Learning Style:
The format of our teaching aid is designed to engage audiences, so our chosen method of teaching this subject is animated video. This allows us to create an interactive learning environment and helps simplify complex concepts within cryptographic security. Additionally, the animations help break down technical details visually, while the audio explains details in further context, making the information easy to understand and retain.
Our goal when starting this project was that, in the case of university students using this animation as a teaching tool, they would better comprehend complex technical concepts through an easily digestible format that brings together a wide range of cryptographic attacks. For example, topics such as side-channel, differential, and brute-force attacks are often very complex due to their nature involving complex, intricate mathematics, which helped us focus the scope of the aid
to distilling these technical details into a clear, concise explanation. By utilizing this direction in our project, we wanted students to grasp the fundamentals of these attacks and then build onto the foundation for why they are also dangerous in real-world scenarios. These real-world attack examples will help to see the practical aspects of the contextualized theoretical concepts, which will further tie together the implications of these vulnerabilities.
Bridging the Gap Between Academic Research and Student Learning:
By implementing a teaching aid in this medium, we aim to bridge the gap between complex academic research papers with vast amounts of valuable information in a step-by-step breakdown to help students learn better. Additionally, many scholarly papers hold a large volume of technical jargon that can overwhelm new readers who may not already have a foundation for these topics. Our aid crafts together technical high-level concepts using an approachable method. The
animation allows us to transform detailed research into a learning experience that is more dynamic and will enable students to retain information without too much strain.
Conclusion:
From the beginning of our project, we sought to create a highly informative walkthrough, highlighting a different educational format that motivates viewers to explore cryptographic attacks and prevention methods further. By utilizing a technique that combines audio and visual aspects, students will be able to see the provocative necessities of data protection and security awareness. The result is a resource that encourages students to dive deeper into cryptographic security,
allowing them to engage with more material and utilize these findings in real-world scenarios.
Discussion Question:
1. Can you distinguish between active and passive attacks?
2. What are the most effective initiatives that work for all cyberattacks?
3. Common reasons for a system getting affected by hackers?
Great teaching aide, I loved the animation. In response to the first question (1), the distinguish between the active versus the passive attacks, the eavesdropper in the active attack targets the system directly to break it such as a brute force attack using a dictionary (e.g., wireless WiFi access attacks). In this case, the actions of the attacker are detected. In contrast, in passive attacks, the attacker is sniffing ciphered messages and tries to decrypt them offline to access the original message, such as the DES attack. In passive attacks, the actions of the attacker are hard to detect.
Teaching aid: Discussion Questions and Answers
1. Can you distinguish between active and passive attacks?
Answer: Cyberattacks can be categorized into two main items, active attacks, and passive
attacks. To have a clear idea of the cyber-attacks in depth, we must understand the key
differences between active and passive attacks.
• Active Attack: The attack that impacts directly on data manipulation and has immediate
causalities on the system is called an active attack. The attackers targeted changing the
content of messages, which led to a breach of data integrity.
• Passive Attack: In this attack type, the integrity of data remains intact; however, data
confidentiality becomes compromised. As a result, the main target is to get sensitive
data that can be used in future attacks.
Differences between active and passive attacks:
Data tempering take place || There is no data tempering
Threatening to data integrity and availability || Threatening to data confidentiality
Consider closely on prevention || Consider closely on detection
The live system got affected during the attack || There is no harm in live system during attack
System get alert at the time of attack || System does not get any alert
The active service got hampered || The information got leaked
Difficult to create barrier to prevent the attack || Easy to prevent compared to active attack
Can easily identify || Tough to detect
Main goal of this attack is to damage the system || Main goal is to learn the system
Duration is short but complexity is high || Duration is long but complexity is low
References:
GeeksforGeeks. (2024a, September 5). Difference between active attack and passive attack.
https://www.geeksforgeeks.org/difference-between-active-attack-and-passive-attack/
2. What are the most effective initiatives that work for all cyberattacks?
Answer: In today’s digital realm, everyone likes to store their sensitive information on digital
platforms, as those are easy to access and cost-effective. On the other hand, it is essential to
maintain proper security measures to keep those digital storages safe. For that, some effective
initiatives can be taken against any kind of cyberattack. Some of them are:
• Develop a solid cyber security policy. A hierarchy-based cyber security policy must be
set up for different departments of a company. Most of the time, a company’s system
falls into cyber vulnerability due to the end user’s lack of awareness. To be on the safe
side, ACL (Access Control List) should be implemented in the company’s system.
• Secure IoT communication channels: Presently we are dependent on various IoT
devices for our day-to-day work, like a close circuit camera, a smart lock, a central
heating system, a printer, and many more. Those can be an access point to enter the
core system. For that reason, every company should enhance their security parameters
by separating IoT devices from the core server.
• Create awareness among the end user: Statistics show that 74% of system networks fall
because of the involvement of a human. We cannot deny that the end user is a vital part
of a system. For that reason, it is important that all the end users go through a proper
training process so that they understand what policies they should follow to keep the
system safe.
• Regularly observe the third-party app and their privileges. Third-party apps sometimes
breach your database if they have unauthorized privileges. So, the best prevention is
checking regularly on those apps installed in the system.
• User ID and Password Management: Choosing a proper user ID and password
credentials are crucial points of cyber security. Both administrative and local users
should maintain a properly updated password policy to keep the system safe. Effective
password policy can be:
❖ Choose a strong password. If possible then hashed the original password text.
❖ Lock accounts on certain number of incorrect password attempts
❖ Slow down the next attempts after giving wrong passwords proportionally
❖ Using CAPCHA (Completely Automated Public Turing test to tell Computers and
Human Apart) before the login portal
❖ Use pseudonym as username. Usernames like “admin”, “administrator” should
be avoided. Personal and business IDs should be separated
❖ Failed login attempts messages like “incorrect username”, “incorrect password”,
“wrong password” should be blocked
❖ Apply biometric security
❖ Multi factor authentication• Conduct secure supply chain: supply chain cyberattacks have increased in recent times.
One company’s partners, vendors, suppliers, and other parties involved in the core
system can be another source of data breach. To overcome this weak point, companies
can use tools like Cyber Supply Chain Risk Management (C-SCRM) for better visibility
and involvement of the supply chain.
• Operating regular cybersecurity audits: Operating a cybersecurity audit is also a vital
point of keeping the system safe. It helps to identify system vulnerabilities, compliances,
and doubtable activity of the end user.
Reference:
Pryimenko, L. (2024, February 20). 12 cybersecurity best practices to prevent cyber-attacks in
2024 | ekran system. Ekran. https://www.ekransystem.com/en/blog/best-cyber-securitypractices
3. Common reasons for a system getting affected by hackers?
Answer: Data breaches or cyberattacks is one of the most talked-about topics of today’s time.
We heard news about cyberattacks by attackers very frequently. There are some common
causes behind it:
i. Stealing weak login credentials: The most common reason for system breaches is using
a quite easy and predictable user ID and password. Hackers are using social engineering
tools and dictionary-based attacks to find the user ID and password.
ii. Backdoor application: Hackers always look for the loophole of a system so that they can
access the system. In most cases, developers concentrate on the core area of the system
but leave the lethal part of the system. Attackers find that part and try to corrupt the
system.
iii. Malware: Malware is a famous attacking tool used by cybercriminals. It is malicious
software that has applications used to manipulate the system.
iv. App privilege: Sometimes, to make the system user-friendly, we privilege apps with a lot
of permission. Those permissions are sometimes not necessary for a particular app, but
they still want those permissions. Through these extra advantages, hackers try to enter
the system.
v. End user thread: Another common reason a system got affected is the end user.
Knowingly and unknowingly, users sometimes perform such outside policy work that
helps hackers find a window to affect the server.
vi. Improper configuration and physical attacks: Not all the time attacks come from onlinebased platforms. Occasionally, improper configuration of the wire or malicious devices
on the system server can cause a server breach.
Reference:
Sutcliffe, A. (2024, February 14). 8 most common causes of Data Breach. Sutcliffe Insurance.
https://www.sutcliffeinsurance.co.uk/news/8-most-common-causes-of-data-breach/
The teaching aide looks very interesting. Thanks for sharing!
Great teaching aide, I loved the animation. In response to the first question (1), the distinguish between the active versus the passive attacks, the eavesdropper in the active attack targets the system directly to break it such as a brute force attack using a dictionary (e.g., wireless WiFi access attacks). In this case, the actions of the attacker are detected. In contrast, in passive attacks, the attacker is sniffing ciphered messages and tries to decrypt them offline to access the original message, such as the DES attack. In passive attacks, the actions of the attacker are hard to detect.
Great teaching aide, I loved the animation. In response to the first question (1), the distinguish between the active versus the passive attacks, the eavesdropper in the active attack targets the system directly to break it such as a brute force attack using a dictionary (e.g., wireless WiFi access attacks). In this case, the actions of the attacker are detected. In contrast, in passive attacks, the attacker is sniffing ciphered messages and tries to decrypt them offline to access the original message, such as the DES attack. In passive attacks, the actions of the attacker are hard to detect.