To understand how a cut and paste attack gains power, one must understand block cipher encryption. Block cipher is a method of encryption in which blocks of plaintext, compiled of bits in multiples of eight (8), are assigned a single unit of encryption. These blocks are changed from plaintext into cyphertext and assigned a key. When the receiver’s application processes the cyphertext, it applies its own key to unlock the encrypted data and reassembles it into readable form on their side. A cut and paste attack takes advantage of the vulnerability presented in the blocking of the data. An intruder CUTS certain blocks of the transmission, and PASTES information that is similar but not the same. This attack can have different end results, but all involve corruption of information.
For example, Jane Smith orders an item online from Mary’s Gift Shop. Within the transaction, Jane must enter personally-identifiable information, including name, address, and payment, as well as the item ID number and quantity. In the midst of Jane’s transmission to Mary, an Intruder intercepts the data, cuts out Jane’s address and inputs his own, but retains Jane’s form of payment. Mary, when processing the order, is none the wiser, because everything appears normal and the transaction, when decrypted into plaintext, did not set off any security interface because of the close similarity to the original data.
Aside from e-commerce, a common application for a cut and paste attack is an online bank transaction. Data integrity is compromised through the misassignment of funds to a designated account. It can take many forms, but most often in scenarios involving diversion: I.E., a cash deposit to Account Holder A is intercepted and redirected to the account of Account Holder B. A cut and paste attack in bank transactions can also impact (or flip) the amount being transferred, so that instead of one thousand dollars ($1,000) being withdrawn from Account Holder A, ten thousand dollars ($10,000) is withdrawn and redistributed.
Another way a cut and paste attack affects data integrity is through corruption which directly impacts the readability of content. In this example, an Intruder cuts out blocks of information, and inserts blocks of gibberish code that result in the inability to reassemble the content in usable form, greatly hindering business processes that rely on the information now lost.
Block cipher is a common method of encryption because of the utility it affords, but it is susceptible to breaches and compromise. Having security measures in place that prevent inadvertent third party access to secret tokens, which lead to the ability to intrude on an A to B transaction, is imperative.