Cryptography Part 1: A Quick Summary
Cryptography Part 1: A Quick Summary
TOC:- Cryptography in History
- Services Cryptography can Provide
- Confidentiality
- Symmetric Cryptography
- Asymmetric Cryptography
- Hybrid Cryptography
- Hashing and Hashing Collisions
- Digital Signatures
- Full Disk Encryption
- Tools
- Caesar's Era...- Shift characters 3 spaces.
Scytale- Spartans' Era...- Wrapping tape (cipher) around a rod: the rod diameter is the pre-agreed key (upon secret)
Vignere- First "poly-alphabetic cipher"- Again, key (word) was exchanged ahead of time
*Vernam- One-Time Pad (Key)- The only mathematically unbreakable form of cryptography- Key must be used only once- Pad must be at least as long as the message- Key Pad is statistically unpredictable- Key Pad must be delivered and stored securely
*Enigma Machine and Purple Machine- they were rotary based (3 to 4 rotors)...- Used by the German and the Japanese in WWII- The Polish broke it down pretty quick- The breaking is credited with shaving months off the war
>Services that Cryptography can provide:Privacy (Confidentiality) - Prevent unauthorized disclosure
- Social Engineering- Media Reuse (Zeroing or destroying media...)- Eavesdropping
Authenticity - We get a little authenticity from:- MAC- Digital Signature
Integrity- Accidental Modification- Hash/Message Digest- Intentional Modification- MAC (Message Authentication Code)- Digital Signature (requires an infrastructure (PKI))
Non-Repudiation (the assurance that someone cannot deny something)- Digital Signature
Mnemonic: PAIN- (P)rivacy- (A)uthenticity- (I)ntegrity- (N)on Repudiation
>Confidentiality (Privacy)Plaintext + Initialization Vector (optional) + Algorithm + Key = Ciphertext- Initialization Vector uses pseudo-random (computers don't do random...)
>Symmetric Cryptography (= same):- Private Key- Secret Key- Shared Key- Session Key (for ex.: disposable after some time)- Block- ex.: AES, 3DES(- PGP: idea)- Stream - bit by bit (very efficient, fast, but not as secure)- ex.: RC-4(- XOR...)Nonces: Attach information to each packet without it being sequential...Key Generation: Again, uses pseudo-randomness.Block Cipher is slower but more secure.Confusion (substitution)- Good Strong MathDiffusion- Permutation (rounds)KEY:
1 - We want a long key, but math involved matters too;2 - We also want our key to use as much randomness as possible;3 - Of course, we want the key to be kept a secret!*** If all things are equal, the longer the key, the better;*** All keys in the symmetric world are private.
Stream Cipher is a bit by bit encryption type.XOR, transposition, substitution- RC-4: WEP, WPAbut, btw, WPA2 uses AES...Pros and Cons of Symmetric Cryptography:Con:
- Out of band key distribution (hard to exchange a key)- Not Scalable (too many keys...) =>#Keys = (N*(N-1))/2- 1: No authenticity- 2: No integrity- 1+2=THEN: No non-repudiation
Pro:
- FAST, FAST, FAST!
>Asymmetric Cryptography - Public Key Cryptography (= different):- 2 KEYS, ie. a key pair (1 Public & 1 Private)- Anything encrypted with one key (ex.: public) can only be decrypted with the other key (ex.: private)...- Uses:- Discrete Logarithms- ex.: Diffie-Hellman, ECC, El Gamal- Factorization- ex.: RSAAsymmetric Cryptography (Gives P.A.I.N.):- Privacy (only the receiver has the private key)- Authenticity (successful decryption implies the sender owns the private key...)- Integrity (with hash)- Non-Repudiation (Privacy + Authenticity + Integrity = Non-Repudiation)- A mechanism called a "digital signature" (hash with private key...)
>Hybrid Cryptography (SSL/TLS):- Asymmetric Key Exchange, but Symmetric Data Exchange!- 1: The client requests the server a public key (or a certificate containing the public key);- 2: The Server gives its public key to the Client;- 3: The Client generates a symmetric session key with the public key;- 4: Now all data exchanged is encrypted with the symmetric session key.- It creates some sort of secure channel...- Problem: Authenticity of server in step 1...- Solution: Trusted CA (Certificate Authority, ex.: Verisign CA)- PKI (Public Key Infrastructure (not cheap...))- CRL (Certificate Revocation List)- OCSP (Online Certificate Status Protocol)- To make is easier for the client to check if a certificate has been revoked.--------------------------------------------------- Key (Crypto-Variable): Instructions on how we're going to use the algorithm...
>Hashing and Hashing Collisions- We only get Integrity, so no Authenticity, etc.Add a Digital Signature and you get true Integrity, Authenticity, and Non-Repudiation.But, a Digital Signature requires a PKI (Public Key Infrastructure)MAC = Message Authentication Code = Message + "Symmetric Key" + Hashing AlgorithmBut, true Non-Repudiation comes through asymmetric encryption.Hash Collision: 2 different documents giving the same hash.(possible, because of maths involved...)-------------------------------------------------->Digital Signatures
- Hash + Asymmetric Algorithm (RSA is the standard)
-------------------------------------------------->Full Disk Encryption: TPM (Trusted Platform Module (TPM chip on the motherboard...))- BitLocker- PGP
-------------------------------------------------->Tools to explore cryptography: CRYPTOOL, Advanced Encryption Package, and HashMyFiles.