Cryptanalysis

密碼分析中分析未知密文的標準程序是什麼?

  • June 30, 2017

分析未知密文的***“密碼分析標準程序”是什麼?***

換句話說:是否有任何協議、官方認可的清單或類似的東西代表密碼分析中的***“標準”***方法來分析未辨識的密文?如果是,那會是哪一個?要走的路是什麼?

澄清

我非常了解密碼分析程序,例如檢測算法等。我的問題是:在進行密碼分析時,密碼學中是否有任何*“官方認可的協議” ?*

在任何人走錯路之前要弄清楚一點:這與*“只有壞人才會問這樣的事情……”無關。因為情況實際上是相反的。這就是為什麼我要求“官方承認的協議”,如“當局合法接受的證據和/或證據”*。想想“白皮書”,而不是“逆向工程”。

目標是“擷取和辨識來自通信流的數字證據”,然後以當局接受的方式將該資訊轉發給當局。我知道如何獲取我想要傳遞的粗略資訊(例如辨識所使用的加密算法),但我想遵循當局接受為“正確收集的數字證據”的正確路徑/順序/程序。

政府、(安全)公司和機構必須遵循一些協議。說到“證據”,總有一種“具體的做法”。問題是:在分析未知密文時會是哪一個?

所以,總結一下:我不是在問如何分析未辨識的密文,我是在問這樣做時要遵循什麼協議,因為我需要稍後傳遞收集到的證據!

我認為我對@mikeazo 的評論回复非常完美地總結了我的問題:

收集到的證據在公司內部網路中被擷取。我們確保了完整的訪問日誌並確定了傳輸的來源和目標。目前,消息來源否認它只是隨機文本。對擷取的數據副本進行快速分析會顯示不同的加密算法。作為證據,這不是隨機文本,我想將我的發現添加到收集的其他證據中。這樣做,我想確保他們接受我辨識算法等的方式。這就是為什麼我想知道是否有一個“官方協議”可以遵循“官方接受”(當局)。

已接受答案的附錄

在通過 twitter 獲得提示後,事實證明,美國國家司法研究所 (NIJ) 的出版物中有幾個指針:

  1. Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition (April 2008, NCJ 219941)
  2. Forensic Examination of Digital Evidence: A Guide for Law Enforcement (April 2004, NCJ 199408)
  3. Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors (January 2007, NCJ 211314)

Those provide some hints, but even those don’t really handle the details of standard procedures to follow in cryptanalysis. Like the accepted answer already implied, cryptanalysis obviously isn’t enjoying any standard protocols (yet).

Unfortunately Crypto.SE probably has very few lawyers, law enforcement officers, public policy experts, etc. Furthermore, Legal.SE doesn’t exist yet. To further complicate the situation (at least in the US) the answer will probably vary from state to state.

So, I’m going to do the best I can, but you are probably best off either calling police or a lawyer in your jurisdiction.

Here is the deal, it is hard to prove a negative. Thus, I don’t feel sufficiently knowledgeable to say no such protocol/procedure exists. That said, I don’t know of one. I did find this flowchart for collecting digital evidence if you are in the US. Step one seems to imply that some knowledge of local/agency policies must be followed. But this deals more with evidence collection and not analysis.

My guess is that (at least in US), once you have the relevant network traffic and logs, your job is done. This is especially true if you have any motive/interest in seeing the offending party get in trouble.

So, assuming evidence is collected properly (since that is beyond the scope of your question) my guess is that the prosecuting attorney will hire an expert witness to examine the evidence and give testimony at a trial. They would probably also call you up to testify as to the collection procedures, etc.

Some added thoughts

The answer probably also depends on the exact protocols/software used. For example, if after an expert analyzes the ciphertext, they can determine that PGP or some other piece of software was used in which a long-term secret is used for encryption, a judge could order the defendant to disclose the encryption password or long-term secrets. At this point, no additional cryptanalysis would be needed. This would become more difficult if say TLS is used as the client often has no long-term secrets. I suppose a judge could force the party owning the server to reveal long-term secrets so decryption could take place (assuming the initial handshake was captured). If TLS, or whatever protocol used, is used in such a way that ephemeral keys are used, then even this would not work.

引用自:https://crypto.stackexchange.com/questions/8895