What is Cryptography?
Cryptography is the practice of encoding information in a manner that it cannot be decoded without access to the required decryption key. It was invented over 4,000 years ago and it’s still used till this day.
Cryptography consists of two main operations:
Encryption
Transforms plain-text information into ciphertext using an encryption key Decryption
Transforms ciphertext back into plain text using a decryption key
Important Goals of Cryptography
Confidentiality
Organizations use encryption to protect sensitive information from prying eyes. Integrity
Organizations use cryptography to ensure that data is not maliciously or unintentionally altered. Authentication
Authentication refers to uses of encryption to validate the identity of individuals. Nonrepudiation
Ensures that individuals can prove to a third party that a message came from its purported sender.
What is a Cipher?
A Cipher is a method used to scramble or obfuscate characters to hide their value. Ciphering is the process of using a cipher to do that type of scrambling to a message.
Two primary types of nonmathematical cryptography or ciphering methods:
Substitution
Substitution is a type of coding or ciphering system that changes one character or symbol into another. The Substitution operation forms the basis of many modern encryption algorithms. Ex. Caesar Cipher: The system involves simply shifting all letters a certain number of spaces in the alphabet. Supposedly, Julius Caesar used a shift of three to the right. This simply means that you turn the A's of a message into D's, the B's into E's, and so on. Polyalphabetic Substitution changes the underlying letter and word frequency of the text. For example, you might shift the first letter by three to the right, the second letter by two to the right, and the third letter by one to the left; then repeat this formula with the next three letters. Vignere Ciphers are often paired with substitution method. Transposition Ciphers
A Transposition Cipher involves transposing or scrambling the letters in a certain manner, a message is broken into blocks of equal size, and each block is then scrambled.
Columnar transposition is a classic example of a transposition cipher. The number of rows is given in advance, as it is the key here! You then write your message by placing successive characters in the next row until you get to the bottom of a column. The key is to use the row number to recreate the matrix and read down the columns instead of across the rows!
Steganography
Steganography is the art of using cryptographic techniques to embed secret messages within another file. Steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files.
Obfuscation is the process of taking something that would commonly be relatively easy to understand and make it very difficult to understand.
The Cover Text is the container the message is hidden inside of. Audio
You could put documents, spreadsheets and other types of data within an audio file, send that audio file to someone else, and they could extract all of that information on their side. Video
Allows you to transfer the most information in a lot of cases. Video steganography is the process of hiding secret information inside videos. The secret information can be any media like text, audio, images, video, and binary file and the carrier video can be raw/compressed in any format. Image
Changes in the code are so minor that it has no actual change on the image itself. An image might embed a secret message within an illustration on an otherwise innocent web page. The larger the image, the more information you’re able to transfer. Network
Network Steganography is a technique that uses common network protocols (the header field, the payload field or both) to hide a secret message. If you can add some additional bits of information to these network packets, you can collect those bits on the other side. And now you can put together information that no one had any idea was being transmitted that way.
Goals of Cryptography
Four main goals of Cryptography is: Confidentiality, Integrity, Authentication, and Nonrepudiation.
Confidentiality
Confidentiality ensures that data remains private in three different situations: when it is at rest, when it is in transit, and when it is in use. Two main types of cryptosystems enforce confidentiality: Symmetric Cryptosystems
Use a shared secret key available to all users of the cryptosystem. Asymmetric Cryptosystems
Use individual combinations of public and private keys for each user of the system. 3 Types of Data to consider when making cryptosystems for Confidentiality.
Data at Rest, or stored data, is that which resides in a permanent location awaiting access. Examples of data at rest include data stored on hard drives, backup tapes, cloud storage services, USB devices, and other storage media. Vulnerable to theft of the actual physical devices. Data in Motion, or data on the wire, is data being transmitted across a network between two systems. Data in motion might be traveling on a corporate network, a wireless network, or the public Internet. Vulnerable to eavesdropping attacks. Data in Use is data that is stored in the active memory of a computer system where it may be accessed by a process running on that system. Data that is currently being updated, processed, erased, accessed or read by a system. Vulnerable to unauthorized permission level-based access. Ex. Someone having the incorrect permission level accessing a document they’re not meant to see.
Obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Integrity
Integrity ensures data is not altered without authorization. The recipient of a message can be certain that the message received is identical to the message that was sent. Integrity checks can ensure that stored data was not altered between the time it was created and the time it was accessed Integrity controls protect against all forms of alteration, including intentional alteration by a third party attempting to insert false information, intentional deletion of portions of the data, and unintentional alteration by faults in the transmission process. Digital Signature
Digital Signatures are created before a digital message is transmitted. Upon receiving the message, the recipient validates the digital signature. This ensures the message wasn’t tampered with.
Authentication
Authentication verifies the claimed identity of system’s users; It’s a major part of cryptosystems. For example, suppose that Bob wants to establish a communications session with Alice and they are both participants in a shared secret communications system. Alice might use a challenge-response authentication technique to ensure that Bob is who he claims to be. Nonrepudiation
Nonrepudiation provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender. It also prevents the sender from claiming that they never sent the message in the first place (also known as repudiating the message). Not offered by Symmetric Key Algorithms, but it is offered by Asymmetric Key algorithms. Symmetric vs Asymmetric
Symmetric Cryptosystems
Use a shared secret key available to all users of the cryptosystem. This same key is used by all parties to both encrypt and decrypt messages, so the sender and the receiver both possess a copy of the shared key. The sender encrypts with the shared secret key and the receiver decrypts with it. The larger and longer the key is, the more secure symmetric key algorithms are; It is primarily employed to perform bulk encryption and only provides confidentiality. Strength: Very Fast. 1,000 - 10,000x than Asymmetric algorithms. Key distribution is a major problem. 
2.8 Summarize the basics of cryptographic concepts
