Cryptography Part 1: A Quick Summary

Estimated reading time: 4 minutes

Cryptography Part 1: A Quick Summary

TOC:

1. Cryptography in History
2. Services Cryptography can Provide
3. Confidentiality
4. Symmetric Cryptography
5. Asymmetric Cryptography
6. Hybrid Cryptography
7. Hashing and Hashing Collisions
8. Digital Signatures
9. Full Disk Encryption
10. Tools

>Cryptography in History:

*Caesar Cipher

– Caesar’s Era…
– Shift characters 3 spaces.

Scytale

– Spartans’ Era…
– Wrapping tape (cipher) around a rod: the rod diameter is the pre-agreed key (upon secret)

Vignere

– First “poly-alphabetic cipher”
– Again, key (word) was exchanged ahead of time

*Vernam

– One-Time Pad (Key)
– The only mathematically unbreakable form of cryptography
– Key must be used only once
– Pad must be at least as long as the message
– Key Pad is statistically unpredictable
– Key Pad must be delivered and stored securely

*Enigma Machine and Purple Machine

– they were rotary based (3 to 4 rotors)…
– Used by the German and the Japanese in WWII
– The Polish broke it down pretty quick
– The breaking is credited with shaving months off the war

>Services that Cryptography can provide:

Privacy (Confidentiality) – Prevent unauthorized disclosure

– Social Engineering
– Media Reuse (Zeroing or destroying media…)
– Eavesdropping

Authenticity – We get a little authenticity from:

– MAC
– Digital Signature

Integrity

– Accidental Modification
– Hash/Message Digest
– Intentional Modification
– MAC (Message Authentication Code)
– Digital Signature (requires an infrastructure (PKI))

Non-Repudiation (the assurance that someone cannot deny something)

– Digital Signature

Mnemonic: PAIN

– (P)rivacy
– (A)uthenticity
– (I)ntegrity
– (N)on Repudiation

>Confidentiality (Privacy)
Plaintext + Initialization Vector (optional) + Algorithm + Key = Ciphertext

– Initialization Vector uses pseudo-random (computers don’t do random…)

>Symmetric Cryptography (= same):

– Private Key
– Secret Key
– Shared Key
– Session Key (for ex.: disposable after some time)
– Block
– ex.: AES, 3DES
(- PGP: idea)
– Stream – bit by bit (very efficient, fast, but not as secure)
– ex.: RC-4
(- XOR…)

Nonces: Attach information to each packet without it being sequential…
Key Generation: Again, uses pseudo-randomness.

Block Cipher is slower but more secure.

Confusion (substitution)
– Good Strong Math

Diffusion
– Permutation (rounds)

KEY:

1 – We want a long key, but math involved matters too;
2 – We also want our key to use as much randomness as possible;
3 – Of course, we want the key to be kept a secret!
*** If all things are equal, the longer the key, the better;
*** All keys in the symmetric world are private.

Stream Cipher is a bit by bit encryption type.

XOR, transposition, substitution
– RC-4: WEP, WPA
but, btw, WPA2 uses AES…

Pros and Cons of Symmetric Cryptography:

Con:

– Out of band key distribution (hard to exchange a key)
– Not Scalable (too many keys…) => #Keys = (N*(N-1))/2
– 1: No authenticity
– 2: No integrity
– 1+2=THEN: No non-repudiation

Pro:

– FAST, FAST, FAST!

>Asymmetric Cryptography – Public Key Cryptography (= different):
– 2 KEYS, ie. a key pair (1 Public & 1 Private)
– Anything encrypted with one key (ex.: public) can only be decrypted with the other key (ex.: private)…
– Uses:
– Discrete Logarithms
– ex.: Diffie-Hellman, ECC, El Gamal
– Factorization
– ex.: RSA

Asymmetric Cryptography (Gives P.A.I.N.):
– Privacy (only the receiver has the private key)
– Authenticity (successful decryption implies the sender owns the private key…)
– Integrity (with hash)
– Non-Repudiation (Privacy + Authenticity + Integrity = Non-Repudiation)
– A mechanism called a “digital signature” (hash with private key…)

>Hybrid Cryptography (SSL/TLS):
– Asymmetric Key Exchange, but Symmetric Data Exchange!
– 1: The client requests the server a public key (or a certificate containing the public key);
– 2: The Server gives its public key to the Client;
– 3: The Client generates a symmetric session key with the public key;
– 4: Now all data exchanged is encrypted with the symmetric session key.
– It creates some sort of secure channel…

– Problem: Authenticity of server in step 1…
– Solution: Trusted CA (Certificate Authority, ex.: Verisign CA)

– PKI (Public Key Infrastructure (not cheap…))

– CRL (Certificate Revocation List)
– OCSP (Online Certificate Status Protocol)
– To make is easier for the client to check if a certificate has been revoked.

————————————————–

– Key (Crypto-Variable): Instructions on how we’re going to use the algorithm…

>Hashing and Hashing Collisions

– We only get Integrity, so no Authenticity, etc.
Add a Digital Signature and you get true Integrity, Authenticity, and Non-Repudiation.
But, a Digital Signature requires a PKI (Public Key Infrastructure)

MAC = Message Authentication Code = Message + “Symmetric Key” + Hashing Algorithm
But, true Non-Repudiation comes through asymmetric encryption.

Hash Collision: 2 different documents giving the same hash.
(possible, because of maths involved…)

————————————————–

>Digital Signatures

– Hash + Asymmetric Algorithm (RSA is the standard)

————————————————–

>Full Disk Encryption: TPM (Trusted Platform Module (TPM chip on the motherboard…))

– BitLocker
– PGP

————————————————–

>Tools to explore cryptography: CRYPTOOL, Advanced Encryption Package, and HashMyFiles.