Explore

2.8 Summarize the basics of cryptographic concepts

Last edited 871 days ago by Makiel [Muh-Keel].

What is Cryptography?

Cryptography is the practice of encoding information in a manner that it cannot be decoded without access to the required decryption key. It was invented over 4,000 years ago and it’s still used till this day.

Cryptography consists of two main operations:

Encryption

Transforms plain-text information into ciphertext using an encryption key

Decryption

Transforms ciphertext back into plain text using a decryption key

Important Goals of Cryptography

Confidentiality

Organizations use encryption to protect sensitive information from prying eyes.

Integrity

Organizations use cryptography to ensure that data is not maliciously or unintentionally altered.

Authentication

Authentication refers to uses of encryption to validate the identity of individuals.

Nonrepudiation

Ensures that individuals can prove to a third party that a message came from its purported sender.

What is a Cipher?

A Cipher is a method used to scramble or obfuscate characters to hide their value. Ciphering is the process of using a cipher to do that type of scrambling to a message.

Two primary types of nonmathematical cryptography or ciphering methods:

Substitution

Substitution is a type of coding or ciphering system that changes one character or symbol into another.

The Substitution operation forms the basis of many modern encryption algorithms.

Ex. Caesar Cipher: The system involves simply shifting all letters a certain number of spaces in the alphabet. Supposedly, Julius Caesar used a shift of three to the right. This simply means that you turn the A's of a message into D's, the B's into E's, and so on.

⁠

Polyalphabetic Substitution changes the underlying letter and word frequency of the text.

For example, you might shift the first letter by three to the right, the second letter by two to the right, and the third letter by one to the left; then repeat this formula with the next three letters.

Vignere Ciphers are often paired with substitution method.

⁠

Transposition Ciphers

A Transposition Cipher involves transposing or scrambling the letters in a certain manner, a message is broken into blocks of equal size, and each block is then scrambled.

Columnar transposition is a classic example of a transposition cipher.

The number of rows is given in advance, as it is the key here!

You then write your message by placing successive characters in the next row until you get to the bottom of a column.

Ex.

⁠

The key is to use the row number to recreate the matrix and read down the columns instead of across the rows!

Steganography

Steganography is the art of using cryptographic techniques to embed secret messages within another file. Steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files.

Obfuscation is the process of taking something that would commonly be relatively easy to understand and make it very difficult to understand.

The Cover Text is the container the message is hidden inside of.

⁠

Audio

You could put documents, spreadsheets and other types of data within an audio file, send that audio file to someone else, and they could extract all of that information on their side.

⁠

Video

Allows you to transfer the most information in a lot of cases.

Video steganography is the process of hiding secret information inside videos. The secret information can be any media like text, audio, images, video, and binary file and the carrier video can be raw/compressed in any format.

Image

Changes in the code are so minor that it has no actual change on the image itself.

An image might embed a secret message within an illustration on an otherwise innocent web page. The larger the image, the more information you’re able to transfer.

⁠

Network

Network Steganography is a technique that uses common network protocols (the header field, the payload field or both) to hide a secret message.

If you can add some additional bits of information to these network packets, you can collect those bits on the other side. And now you can put together information that no one had any idea was being transmitted that way.

⁠

Goals of Cryptography

Four main goals of Cryptography is: Confidentiality, Integrity, Authentication, and Nonrepudiation.

Confidentiality

Confidentiality ensures that data remains private in three different situations: when it is at rest, when it is in transit, and when it is in use.

Two main types of cryptosystems enforce confidentiality:

Symmetric Cryptosystems

Use a shared secret key available to all users of the cryptosystem.

Asymmetric Cryptosystems

Use individual combinations of public and private keys for each user of the system.

3 Types of Data to consider when making cryptosystems for Confidentiality.

Data at Rest, or stored data, is that which resides in a permanent location awaiting access. Examples of data at rest include data stored on hard drives, backup tapes, cloud storage services, USB devices, and other storage media.

Vulnerable to theft of the actual physical devices.

Data in Motion, or data on the wire, is data being transmitted across a network between two systems. Data in motion might be traveling on a corporate network, a wireless network, or the public Internet.

Vulnerable to eavesdropping attacks.

Data in Use is data that is stored in the active memory of a computer system where it may be accessed by a process running on that system.

Data that is currently being updated, processed, erased, accessed or read by a system.

Vulnerable to unauthorized permission level-based access. Ex. Someone having the incorrect permission level accessing a document they’re not meant to see.

Obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand.

Integrity

Integrity ensures data is not altered without authorization. The recipient of a message can be certain that the message received is identical to the message that was sent.

Integrity checks can ensure that stored data was not altered between the time it was created and the time it was accessed

Integrity controls protect against all forms of alteration, including intentional alteration by a third party attempting to insert false information, intentional deletion of portions of the data, and unintentional alteration by faults in the transmission process.

Digital Signature

Digital Signatures are created before a digital message is transmitted. Upon receiving the message, the recipient validates the digital signature. This ensures the message wasn’t tampered with.

Authentication

Authentication verifies the claimed identity of system’s users; It’s a major part of cryptosystems.

For example, suppose that Bob wants to establish a communications session with Alice and they are both participants in a shared secret communications system. Alice might use a challenge-response authentication technique to ensure that Bob is who he claims to be.

⁠

Nonrepudiation

Nonrepudiation provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender.

It also prevents the sender from claiming that they never sent the message in the first place (also known as repudiating the message).

Not offered by Symmetric Key Algorithms, but it is offered by Asymmetric Key algorithms.

⁠

Symmetric vs Asymmetric

Symmetric Cryptosystems

Use a shared secret key available to all users of the cryptosystem.

This same key is used by all parties to both encrypt and decrypt messages, so the sender and the receiver both possess a copy of the shared key. The sender encrypts with the shared secret key and the receiver decrypts with it.

The larger and longer the key is, the more secure symmetric key algorithms are; It is primarily employed to perform bulk encryption and only provides confidentiality.

Strength: Very Fast. 1,000 - 10,000x than Asymmetric algorithms.

Weaknesses:

Key distribution is a major problem.

There’s no way to prove where a message came from.

Extremely difficult for large groups to communicate.

Each time a participant leaves the group, All the keys known by this ex-member must be discarded.

⁠

Asymmetric Cryptosystems

Asymmetric Cryptosystems, also known as public key algorithms, use individual combinations of public and private keys for each user of the system.

Each user has two keys: a public key, which is shared with all users, and a private key, which is kept secret and known only to the owner of the keypair.

Opposite and related keys (one public or one private) must be used in tandem to encrypt and decrypt. In other words, if the public key encrypts a message, then only the corresponding private key can decrypt it, and vice versa.

Example

If Alice wants to send a message to Bob using public key cryptography, she creates the message and then encrypts it using Bob's public key.

The only possible way to decrypt this ciphertext is to use Bob's private key, and the only user with access to that key is Bob.

Therefore, Alice can't even decrypt the message herself after she encrypts it. If Bob wants to send a reply to Alice, he simply encrypts the message using Alice's public key, and then Alice reads the message by decrypting it with her private key.

⁠

Strengths:

The addition of new users requires the generation of only one public-private key pair.

This same key pair is used to communicate with all users of the asymmetric cryptosystem; This makes the algorithm extremely scalable.

Users can be removed far more easily from asymmetric systems.

Asymmetric cryptosystems provide a key revocation mechanism that allows a key to be canceled, effectively removing a user from the system.

Key regeneration is required only when a user's private key is compromised.

If a user leaves the community, the system administrator simply needs to invalidate that user's keys. No other keys are compromised and therefore key regeneration is not required for any other user.

Asymmetric key encryption can provide integrity, authentication, and nonrepudiation.

If a user does not share their private key with other individuals, a message signed by that user can be shown to be accurate and from a specific source and cannot be later repudiated.

No preexisting communication link needs to exist.

Two individuals can begin communicating securely from the start of their communication session. Asymmetric cryptography does not require a preexisting relationship to provide a secure mechanism for data exchange.

Weaknesses

Major weakness of public key cryptography is its slow speed of operation.

⁠

Quantum Computing

This is computing based on Quantum physics rather than being based on classical physics that uses 1s and 0s. This is not an upgrade to your existing computing system, but a type of computing that’s used alongside of our existing computers.

Quantum computing

Mostly a theoretical field, but if it advances to a practical stage, it will make our current cryptography obsolete.

At the same time, quantum computing can be used to develop even stronger algorithms that would far exceed our current technology.

In traditional computers we use classical mechanics, which uses bits. Those bits are 0s and 1s, and we can apply algorithms towards those 1s and 0s to come up with a solution to a particular problem.

Quantum computing no longer uses bits, it uses quibits.

Qubits

These bits are not 1s, and they’re not 0s, but instead, they exist somewhere in the middle between 1 and 0. They are effectively a 0 and a 1 at the same time, and therein lies some of the complexities surrounding quantum mechanics.

⁠

Only real advantage of quantum computing is the scalability.

By being able to represent more values with less bits, it allow us to search through enormous amounts of data in a very short period of time.

This would change medical technology, it might allow us to change the way we’re able to predict the weather, this could have an impact in astrophysics, and so much more.

⁠

Post-Quantum

Quantum computing has a direct effect on current cryptography. Quantum computing is able to dizzily perform the very large calculations needed to crack our modern-day cryptography.

Quantum computers would be able to brute force all of our encrypted data very, very quickly.

Our current cryptography methods use massive prime numbers during the encryption process; Quantum computers can theoretically greatly shorten the process of being able to factor this information.

No financial transaction would be safe and no data would be private.

Researchers are already working to develop much needed cryptography to directly combat quantum computing. One method is the NTRU!

NTRU (N-th degree Truncated polynomial Ring Units) is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It relies on the “Closet-Vector” problem that is still difficult for quantum computers to crack.

It’s one of the foremost contenders for the title quantum secure cryptosystem of the future, and allows for a lot of further development on its basic structure and concepts.

Quantum Communication

One interesting characteristic of quantum computing is that if you examine the quantum bits, you will effectively be changing those quantum bits.

This allows us to send information over a quantum network, and on the other side, we’re able to tell if anyone was monitoring that conversation. This is especially useful if you want to distribute encryption keys.

Quantum Key Distribution, or QKD

Allows us to send our encryption keys across the network to the other side without the worry of someone being able to intercept that key somewhere in the middle.

We would send that random string of qubits, which was effectively our encryption key, across that quantum network channel

Once the key is received, both sides can verify that key, and if it’s identical, then no one viewed that key during the transmission process.

If someone was to monitor that conversation, it would change the keys that were received on the other side, and those two keys would not verify.

⁠

Cryptographic Keys

Key Length

The Key Length is an important parameter of symmetrical or asymmetric encryption processes. It provides information on how many different key values a key can accept in a specific protocol.

Provided that an encryption algorithm actually supports different key lengths, the general rule is that the longer the key, the better.

Longer Key length means it takes an adversary longer to figure out what your key actually is.

Key Stretching

Key Stretching or Key Strengthening is the process of making your keys stronger. There are several ways of achieving key stretching, including: using hash functions, applying block ciphers, or using key stretching values. We can also add salt values to defend against hash or rainbow table attacks.

Key Exchange

Key Exchange is exactly what it sounds like. It’s the need to be able to share keys between two people so that you can then perform an encryption. The challenge though, is how do you transfer a key to someone, over a medium that is inherently insecure?

Out-of-band Exchange is a secure way of exchanging key information. Any method that exchanges the key physically. Out of Band because you’re transferring this key outside of the network.

In-person exchange

Over the phone

Courier

In-Band Exchange is sending the encryption key quickly over the network. It’s much more convenient if you’re able to transfer this key directly across the network and have it appear instantly on the other side.

Very common to use asymmetric encryption to send a key to someone.

Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.

Each user has a private key — Bob has a private key & Alice has a private key.

Each user uses the opposite user’s public key — Bob uses Alice’s public key & Alice uses Bob’s public key. (Possible because their public keys are “publicly known”).

Each user combines their own private key with the public key of the desired recipient.

Bob combines his own private key with Alice’s public key to make a new symmetric key, and vice versa. Alice does the same.

⁠

Real-time encryption/decryption of In-Band Key Exchange

You could use asymmetric encryption to be able to encrypt the symmetric key during the In-Bank key exchange.

The client would take this symmetric key, which would be the plaintext, and would encrypt it using a server’s public key to create the Ciphertext (encrypted text transformed from plaintext using an encryption algorithm).

That ciphertext is then sent to the server.

The server is able to decrypt that ciphertext using its private key, which would allow it access to the session or symmetric key that we originally started with.

At the end of all this, we transferred this symmetric key across the network in an encrypted form that uses asymmetric encryption, to transfer a symmetric key.

Ephemeral Keys

You need to be careful not to make your symmetric key something too predictable! If you’re using the symmetric key as a temporary session key, then it needs to be changed often.