Cryptography Part 2: An In-Depth Review

 

Estimated reading time: 6 minutes

Cryptography Part 2: An In-Depth Review

PKI (Public Key Infrastructure):

- CA (Certificate Authority)The CA stores issues, and signs the digital certificates.- RA (Registration Authority)Verifies the identity of entities requesting their digital certificates to be stored at the CA.- X.509 (PKIX)X.509 is an important standard for a public key infrastructure to manage digital certificates[1] and public-key encryption[2] and a key part of the Transport Layer Security protocol used to secure web and email communication (Secret-Bases).- IKE (Internet Key Exchange)IKE and SSL together are used during the initial set-up of a secure channel. Initial set-up uses Asymmetric Cryptography and then Symmetric Cryptography is used to exchange data, creating some sort of a secure tunnel or channel.- ISAKMP (Internet Security Association and Key Management Protocol)ISAKMP provides a framework for authentication and key exchange and is designed to be key exchange independent. It creates a channel for the key exchange between the IPsec peers.- CRL (Certificate Revocation List)The Certificate Revocation List is a list of certificates that have been revoked, and therefore should no longer be trusted.

Symmetric Cryptography:

* Symmetric means that there is only one "secret" key.- AES"Advanced Encryption Standard" is a symmetric-key block cipher that was developed by two Belgian cryptographer, Joan Daemen, and Vincent Rijmen. AES is a subset of the Rijndael cipher. More info can be found at https://aesencryption.net- DES"Data Encryption Standard" is a symmetric-key block cipher developed in the early 1970s at IBM and based on an earlier design by the Horst Feistel cipher. It was published by the National Institute of Standards and Technology (NIST). It uses 16 round Feistel structure. The block size is 64-bit.- 3DES"Triple Data Encryption Standard" is a symmetric-key block cipher that applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. The key size is increased in Triple DES to ensure additional security through encryption capabilities.- IDEA"International Data Encryption Algorithm", originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. It is a minor revision of the Proposed Encryption Standard (PES). IDEA operates on 64-bit blocks using a 128-bit key, and consists of a series of eight identical transformations called a round (Wikipedia, IDEA).- CASTCAST is a general procedure for constructing a family of symmetric-key block ciphers; individual ciphers have names like CAST-128 (CAST5) and CAST-256 (CAST6). CAST-128 appears to be the default cipher in some versions of GPG and PGP. CAST ciphers are Feistel ciphers using large S-boxes, 8*32 rather than the 6*4 of DES.- 2FISHTwofish is a symmetric-key block cipher with a block size of 128 bits and key sizes up to 256 bits. Its distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. One-half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes).- BlowfishBlowfish is a symmetric-key block cipher designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. It was a predecessor to 2FISH.- SerpentSerpent is a symmetric-key block cipher that has a block size of 128 bits and supports a key size of 128, 192 or 256 bits. The cipher is a 32-round substitution-permutation network operating on a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. It was designed by Ross Anderson, Eli Biham, and Lars Knudsen.- RijndaelRijndael (pronounced rain-dahl) is actually the algorithm that has been selected by the U.S. National Institute of Standards and Technology (NIST) as the candidate for the Advanced Encryption Standard (AES).* You can notice that all of these symmetric encryption algorithms are using block ciphers...

Asymmetric Cryptography:

* Note: Public-Key cryptography was first invented in the 1970s by Whitfield Diffie, Martin Hellman, and Ralph Merkle. Asymmetric means that there are two different keys.- DH (Diffie-Hellman)Diffie-Hellman is an algorithm used to establish a shared secret between two parties. It is primarily used as a method of exchanging cryptography keys for use in symmetric encryption algorithms like AES. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. More info about the maths involved can be found at http://mathworld.wolfram.com/Diffie-HellmanProtocol.html.- ElGamalThe ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange. It was described by Taher Elgamal in 1985. ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems (rehat.com). ElGamal encryption can be defined over any cyclic group G. Its security depends upon the difficulty of a certain problem in G related to computing discrete logarithms.- DSA (Digital Signature Algorithm)DSA is a bit faster than RSA when creating a signature (an encrypted token to be used by one or both sides), but slower than RSA when analyzing/validating that signature (token). Similarly, DSA is faster to decrypt, but slow(er) to encrypt; RSA is opposite. The patent for DSA was first filed July 26, 1991 and attributed to David W. Kravitz, a former NSA employee, and is a variant of the ElGamal Signature Scheme.- RSA (stands for Ron Rivest, Adi Shamir and Leonard Adleman)RSA is the algorithm used by modern computers to encrypt and decrypt messages. It provides establishment of an SSL/TLS session. This is also called public key cryptography, because one of them can be given to everyone. The other key must be kept private. It is based on the fact that finding the factors of an integer is hard (the factoring problem). RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978.- ECC (Elliptic Curve Cryptography)ECC is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.- KnapsackThe Merkle–Hellman knapsack cryptosystem was one of the earliest public key cryptosystems invented by Ralph Merkle and Martin Hellman in 1978. The ideas behind it are simpler than those involving RSA. Knapsack has since been broken, as it is based on the subset sum problem (a special case of the knapsack problem). The problem is as follows: given a set of numbers A and a number b, find a subset of A which sums to b. In general, this problem is known to be NP-complete. However, if the set of numbers (called the knapsack) is superincreasing, meaning that each element of the set is greater than the sum of all the numbers in the set lesser than it, the problem is "easy" and solvable in polynomial time with a simple greedy algorithm.

---

Sources: Mostly Google and Wikipedia...

Secret-Bases: http://www.secret-bases.co.uk/wiki/X.509_certificate

Wikipedia, IDEA: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

Redhat.com: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/apas02s06.html