Cryptography Part 1: A Quick Summary

February 1, 2017 | Views: 10215

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Estimated reading time: 4 minutes

Cryptography Part 1: A Quick Summary

TOC:

  1. Cryptography in History
  2. Services Cryptography can Provide
  3. Confidentiality
  4. Symmetric Cryptography
  5. Asymmetric Cryptography
  6. Hybrid Cryptography
  7. Hashing and Hashing Collisions
  8. Digital Signatures
  9. Full Disk Encryption
  10. Tools

>Cryptography in History:

*Caesar Cipher

– Caesar’s Era…
– Shift characters 3 spaces.

Scytale

– Spartans’ Era…
– Wrapping tape (cipher) around a rod: the rod diameter is the pre-agreed key (upon secret)

Vignere

– First “poly-alphabetic cipher”
– Again, key (word) was exchanged ahead of time

*Vernam

– One-Time Pad (Key)
– The only mathematically unbreakable form of cryptography
– Key must be used only once
– Pad must be at least as long as the message
– Key Pad is statistically unpredictable
– Key Pad must be delivered and stored securely

*Enigma Machine and Purple Machine

– they were rotary based (3 to 4 rotors)…
– Used by the German and the Japanese in WWII
– The Polish broke it down pretty quick
– The breaking is credited with shaving months off the war


>Services that Cryptography can provide:

Privacy (Confidentiality) – Prevent unauthorized disclosure

– Social Engineering
– Media Reuse (Zeroing or destroying media…)
– Eavesdropping

Authenticity – We get a little authenticity from:

– MAC
– Digital Signature

Integrity

– Accidental Modification
– Hash/Message Digest
– Intentional Modification
– MAC (Message Authentication Code)
– Digital Signature (requires an infrastructure (PKI))

Non-Repudiation (the assurance that someone cannot deny something)

– Digital Signature

Mnemonic: PAIN

– (P)rivacy
– (A)uthenticity
– (I)ntegrity
– (N)on Repudiation


>Confidentiality (Privacy)
Plaintext + Initialization Vector (optional) + Algorithm + Key = Ciphertext

– Initialization Vector uses pseudo-random (computers don’t do random…)


>Symmetric Cryptography (= same):

– Private Key
– Secret Key
– Shared Key
– Session Key (for ex.: disposable after some time)
– Block
– ex.: AES, 3DES
(- PGP: idea)
– Stream – bit by bit (very efficient, fast, but not as secure)
– ex.: RC-4
(- XOR…)

Nonces: Attach information to each packet without it being sequential…
Key Generation: Again, uses pseudo-randomness.

Block Cipher is slower but more secure.

Confusion (substitution)
– Good Strong Math

Diffusion
– Permutation (rounds)

KEY:

1 – We want a long key, but math involved matters too;
2 – We also want our key to use as much randomness as possible;
3 – Of course, we want the key to be kept a secret!
*** If all things are equal, the longer the key, the better;
*** All keys in the symmetric world are private.

Stream Cipher is a bit by bit encryption type.

XOR, transposition, substitution
– RC-4: WEP, WPA
but, btw, WPA2 uses AES…

Pros and Cons of Symmetric Cryptography:

Con:

– Out of band key distribution (hard to exchange a key)
– Not Scalable (too many keys…) => #Keys = (N*(N-1))/2
– 1: No authenticity
– 2: No integrity
– 1+2=THEN: No non-repudiation

Pro:

– FAST, FAST, FAST!


>Asymmetric Cryptography – Public Key Cryptography (= different):
– 2 KEYS, ie. a key pair (1 Public & 1 Private)
– Anything encrypted with one key (ex.: public) can only be decrypted with the other key (ex.: private)…
– Uses:
– Discrete Logarithms
– ex.: Diffie-Hellman, ECC, El Gamal
– Factorization
– ex.: RSA

Asymmetric Cryptography (Gives P.A.I.N.):
– Privacy (only the receiver has the private key)
– Authenticity (successful decryption implies the sender owns the private key…)
– Integrity (with hash)
– Non-Repudiation (Privacy + Authenticity + Integrity = Non-Repudiation)
– A mechanism called a “digital signature” (hash with private key…)


>Hybrid Cryptography (SSL/TLS):
– Asymmetric Key Exchange, but Symmetric Data Exchange!
– 1: The client requests the server a public key (or a certificate containing the public key);
– 2: The Server gives its public key to the Client;
– 3: The Client generates a symmetric session key with the public key;
– 4: Now all data exchanged is encrypted with the symmetric session key.
– It creates some sort of secure channel…

– Problem: Authenticity of server in step 1…
– Solution: Trusted CA (Certificate Authority, ex.: Verisign CA)

– PKI (Public Key Infrastructure (not cheap…))

– CRL (Certificate Revocation List)
– OCSP (Online Certificate Status Protocol)
– To make is easier for the client to check if a certificate has been revoked.

————————————————–

– Key (Crypto-Variable): Instructions on how we’re going to use the algorithm…


>Hashing and Hashing Collisions

– We only get Integrity, so no Authenticity, etc.
Add a Digital Signature and you get true Integrity, Authenticity, and Non-Repudiation.
But, a Digital Signature requires a PKI (Public Key Infrastructure)

MAC = Message Authentication Code = Message + “Symmetric Key” + Hashing Algorithm
But, true Non-Repudiation comes through asymmetric encryption.

Hash Collision: 2 different documents giving the same hash.
(possible, because of maths involved…)

————————————————–

>Digital Signatures

– Hash + Asymmetric Algorithm (RSA is the standard)

————————————————–

>Full Disk Encryption: TPM (Trusted Platform Module (TPM chip on the motherboard…))

– BitLocker
– PGP

————————————————–

>Tools to explore cryptography: CRYPTOOL, Advanced Encryption Package, and HashMyFiles.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
16 Comments
  1. Awesome Article

  2. Very useful information provided here, helps beginners in order to archive their goals

  3. Straight & to-the-point, liked it.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel