December 15, 2022
CISSP Study Guide: Encryption in Cryptography
December 15, 2022
Algorithms are the basis of cryptography. Encryption, a type of cryptography, refers to the mechanism of scrambling information so it cannot be deciphered or read by an unauthorized observer. An algorithm is a procedure for taking the original message, called plaintext, and using instructions combined with a message key to create a scrambled message, referred to as ciphertext.
A cryptographic key is a piece of data used to encrypt plaintext to ciphertext, or ciphertext to plaintext, or both. Crypto is of Greek origin of the word kruptos, which means hidden. The end goal of cryptography is to conceal information so that only the intended recipients can “unhide” it. This concealing of information is called encryption, and when the information is unhidden, it is called decryption.
There are two different subclasses of algorithms: block ciphers and stream ciphers. Block ciphers process “blocks” or chunks of text in a series. Encryption is a form of cryptography that “scrambles” plain text into unintelligible ciphertext. Encryption is the basis of security measures such as digital signatures, digital certificates, and the public key infrastructure (PKI). Computer-based encryption techniques use keys to encrypt and decrypt data.
A key is a variable that is a large binary number. Measurement of key length is based on bits, and the more bits in a key, the more challenging the key will be to “crack.” A key is only one aspect of the encryption process. It’s coupled with an encryption algorithm to produce the cipher text. Encryption techniques are classified as either symmetric or asymmetric, depending on the number of keys that are used.
A symmetric algorithm uses the same key for encrypting and decrypting data. Symmetric algorithms supply confidentiality by encrypting data or messages. Some previous and current symmetric key encryption algorithms include Data Encryption Standard (DES), Triple DES (3DES), Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), Blowfish, and RC4.
Speed: The algorithms used with symmetric encryption are fast, so they have less interference with system performance and are particularly effective with encrypting large amounts of data. Strength: Symmetric algorithms are hard to decode without the correct algorithm. Well-tested symmetric algorithms such as 3DES and AES are almost impossible to decipher without the correct key. There is a method of taking encrypted data and encrypting it a second or even third time. Some of the disadvantages of using symmetric keys:
- Poor key distribution mechanism.
- There is no simplistic method to securely distribute a shared secret, thus wide-scale deployment of symmetric keys is difficult.
Single key: A single key or single shared secret. When a single key secret is compromised, the impact is extensive. Because there is a single key that can be shared with some or many, symmetric keys are not suited to provide integrity, authentication, or nonrepudiation. Some of the characteristics of specific symmetric keys:
- DES: 56-bit key, U.S. Government standard until 1998, but not considered strong enough for today’s standards, relatively slow.
- Triple DES: Performs 3DES operations, equivalent of 168-bit keys, more secure than DES, widely used, relatively slow.
- AES: Variable key lengths, latest standard for U.S. Government use, replacing DES.
- DEA: 128-bit key, requires licensing for commercial use.
- Blowfish: Variable key length, free algorithm, extremely fast.
- RC4: Variable key length, stream cipher, effectively in public domain.
Asymmetric algorithms use different keys to encrypt and decrypt data. An example of asymmetric encryption is public key cryptography. Public key cryptography uses two keys that form a key pair called the public key and the private key. The key that encrypts the plaintext cannot be used to decrypt the ciphertext. The public key encrypts the plaintext, and the private key decrypts the ciphertext.
- Public key: provided to those who send you encrypted data.
- Private key: a key in the sole possession of the user.
When a plaintext message is encrypted using the public key, only the possessor of the private key can decrypt the ciphertext. When a plaintext message is encrypted using the private key it can be decrypted by anyone who has the public key. There is absolute certainty the plaintext message originated with the possessor of the private key. Asymmetric keys provide authentication, integrity, and nonrepudiation. They can also support confidentiality when used for key management.
There are pros and cons to using asymmetric keys. When using a public key and a private key, the public key can be given to anyone who intends to send encrypted information, but only the recipient can decrypt that information. This helps preserve data confidentiality. A private key can be used to produce a digital signature which is a verification method of the person’s (possessor of private key) identity. This helps provide authentication and nonrepudiation.
Some drawbacks in using asymmetric keys are asymmetric algorithms are slower than symmetric algorithms because of the high-complexity involved with encrypting and decrypting data; therefore it’s not proficient in providing confidentiality for large amounts of data.
Some features of specific asymmetric keys are:
RSA: Variable-length key, de facto standard for public key encryption. Diffie-Hellman: Variable-length key, used to securely establish a shared secret.
Elliptic curve cryptography: Variable-length key, not up to par with speed for widespread implementation. Cryptography is used to secure confidentiality, integrity, identification and authentication, and nonrepudiation. Still, it is possible for a hacker to decrypt the information given enough time and persistence. The strength of symmetric and asymmetric keys is derived from the length of the key and the algorithm used to encrypt the data.
DES and Triple DES: DES uses a single 64-bit key—56 bits of data and 8 bits of parity—and operates on data in 64-bit chunks. Each round consists of a substitution phase, wherein the data is substituted with pieces of the key, and a permutation phase. S Boxes are where the substitution process occurs. The permutation process, also known as diffusion operations, occurs in Pboxes. DES security is rooted in the fact that substitution operations are non-linear. Permutation operations supply another layer of security by scrambling the already partially encrypted message.
Triple DES (3-DES) is a technique that uses the DES cipher to enhance its security. In 3-DES, two to three 56-bit DES subkeys are linked to form a single 112 or 168-bit 3-DES key. The end-result is ciphertext that’s impervious to attacks from all currently known brute-force attacks and techniques. For 112-bit security, two different DES keys are used and one is repeated, and for 168-bit security, three different DES keys are connected together.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals