7.1. An Overview of Cryptography

Cryptography is a field almost as old as humankind. The first recorded cryptographic efforts occurred 4,000 years ago. These early efforts included translating messages from one language into another or substituting characters.

The following sections briefly discuss three categories of cryptography—physical, mathematical, and quantum—as well as code breaking. Quantum cryptography is extremely classified and is relatively new. The other methods discussed are well known and commonly used.

7.1.1. Understanding Physical Cryptography

Physical cryptography includes several different approaches. The more common methods involve transposition or substitution of characters or words. Physical methods also include a method of encryption called steganography, which is the science of hiding information within other information, such as within a picture.

In general, physical cryptography refers to any method that doesn't alter a value using a mathematical process.

A cipher is a method used to encode characters to hide their value. Ciphering is the process of using a cipher to encode a message. The three primary types of cryptography, or ciphering methods—substitution, transposition, and steganography—are discussed in the following sections. The hybrid model, which is also discussed, uses one or more methods to accomplish encryption.

It's important to know that cryptography is always changing in an effort to make algorithms that are more difficult to crack. Not that long ago, single-digit bit encryption was good enough; now triple digits are almost a minimum requirement.

7.1.1.1. Substitution Ciphers

A substitution cipher is a type of coding or ciphering system that changes one character or symbol into another. Character substitution can be a relatively easy method of encrypting information. You may see this method used in a childhood toy such as a decoder ring. For example, let's say you had the following message:

You can do this easily if you put your mind to it.

And here is how the encrypted message read:

You can do qhis zasily if you puq your mind to iq.

Notice in the encrypted example that every instance of z is a substitute for e and that every instance of q is a substitute for t. This code, while simple, may prevent someone from understanding the message for a very short period of time.

This type of coding creates two potential problems. Obviously, the system isn't highly secure. In addition, how do you know the q isn't really a q? Nevertheless, this method has been used in simple codes since time immemorial.

Working with rot13 One of the oldest known encoding algorithms is rot13—said by some to have been used in the days of Caesar. This simple algorithm rotates every letter 13 places in the alphabet. Thus an A becomes an N, a B becomes an O, and so forth. The same rotation of 13 letters that is used to encrypt the message is also used to decrypt the message. Many newsgroups offer a rot13 option that allows you to encrypt/decrypt postings. See if you can solve these encryptions: Neg snve qrohgf urer Fngheqnl. Gevcyr pbhcbaf ng Xebtre! Gel lbhe unaq ng chmmyrf. One of the easiest ways to solve rot13 text messages is to take a sheet of paper and write the letters from A to M in one column and from N to Z in a second. To decipher, replace the letter in the encrypted message with the one that appears beside it in the other column. Here are the answers: Art fair debuts here Saturday. Triple coupons at Kroger! Try your hand at puzzles.

7.1.1.2. Transposition Ciphers

A transposition cipher (also referred to as a transposition code) involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled. In the simple example shown in Figure 7.1, the characters are transposed by changing the order of the group. In this case, the letters are rotated three places in the message. You could change the way Block 1 is transposed from Block 2 and make it a little more difficult, but it would still be relatively easy to decrypt.

7.1.1.3. Steganography

Steganography is the process of hiding one message in another. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message. This type of encryption can be somewhat harder to detect, but it's still breakable. Consider the following message:

"Meet the mini me that ate later."

The real message is every third word:

"Meet me later."

7.1.1.4. Hybrid Systems

By combining two or more of these methods of physical cryptography, you can make a pretty good cipher system. These types of systems are widely used, and they're difficult to break using manual methods. Many systems, such as the Enigma machine used during World War II to encode messages between the German command and their U-boats, used a combination of substitution and transposition to make a very sophisticated system.

7.1.2. Understanding Mathematical Cryptography

Mathematical cryptography deals with using mathematical processes on characters or messages. The most common is a function called hashing. Hashing refers to performing a calculation on a message and converting it into a numeric hash value. The hash value of the example in Figure 7.2 is computed by multiplying each character by 2, adding those results together, and then dividing the sum by 10.

As you can see, this hash value is a single number. The hash value can't be used to derive the meaning of the message. The number is transmitted with the message to the receiver, and the receiving end uses the same hash function to determine that the message is authentic. If the hash value is different, the message has been altered in some way. This process is also known as performing a checksum.

This type of hashing is called a one-way process. There is no way to reverse the hash and turn the number back into the original message. This method of hashing is used to verify message authenticity, and it may be used in conjunction with one of the other encryption methods previously defined. It's important to note that a one-way hash can't be used to decrypt a message that is used primarily for authenticity verification. Nevertheless, it's considered an encryption process, used primarily to verify the integrity of the message.

As you can imagine, calculating all the numbers in a larger, more complicated message by hand would be cumbersome and time consuming. Computers make hashing a very fast process.

A Trusted Platform Module (TPM) can be used to assist with hash key generation. A TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. The TPM can be used to generate values used with whole disk encryption (discussed in Chapter 5) as well as protect cell phones and devices other than PCs. More information on TPM can be found at the Trusted Computing Group's website: https://www.trustedcomputinggroup.org/home.

7.1.3. Working with Passwords

Many password-generation systems are based on a one-way hashing approach. You can't take the hash value and reverse it to guess the password. In theory, this makes it harder to guess or decrypt a password.

Passwords should be as long and as complicated as possible. Most security experts believe a password of 10 characters is the minimum that should be used if security is a real concern. If you use only the lowercase letters of the alphabet, you have 26 characters with which to work. If you add the numeric values 0 through 9, you'll get another 10 characters. If you go one step further and add the uppercase letters, you'll then have an additional 26 characters, giving you a total of 62 characters with which to construct a password.

Most vendors recommend that you use nonalphabetic characters such as #, $, and % in your password, and some go so far as to require it.

If you used a 4-character password, this would be 62 × 62 × 62 × 62, or approximately 14 million password possibilities. If you used 5 characters in your password, this would give you 62 to the fifth power, or approximately 920 million password possibilities. If you used a 10-character password, this would give you 62 to the tenth power, or 8.4 × 10¹⁷ (a very big number) possibilities. As you can see, these numbers increase exponentially with each position added to the password. The 4-digit password could probably be broken in a fraction of a day, while the 10-digit password would take considerably longer and much more processing power.

If your password used only the 26 lowercase letters from the alphabet, the 4-digit password would have 26 to the fourth power, or 456,000 password combinations. A 5-character password would have 26 to the fifth power, or over 11 million, and a 10-character password would have 26 to the tenth power, or 1.4 × 10¹⁴. This is still a big number, but it would take considerably less time to break it.

Mathematical methods of encryption are primarily used in conjunction with other encryption methods as part of authenticity verification. The message and the hashed value of the message can be encrypted using other processes. In this way, you know that the message is secure and hasn't been altered.

As a security administrator, you should know how to work with hashing within your operating system.

7.1.4. Understanding Quantum Cryptography

Quantum cryptography is a relatively new method of encryption. Prior to 2002, its application was limited to laboratory work and possibly to secret governmental applications. This method is based on the characteristics of the smallest particles known. It may now be possible to create unbreakable ciphers using quantum methods.

The process depends on a scientific model called the Heisenberg Uncertainty Principle for security. Part of the Heisenberg Uncertainty Principle basically states that in the process of measuring the results, the results are changed. Werner Heisenberg's early works were published in 1926, and they have been greatly debated by physicists ever since.

Imagine you have a bowl of water and you want to measure the temperature of the water. When you put a thermometer into the water, you change the temperature of the water: The presence of the thermometer makes the temperature of the water rise or drop slightly. In short, the act of measuring the water temperature changes the water temperature, making it impossible to know the true temperature of the water before you measured it.

In quantum cryptography, a message is sent using a series of photons. If the receiver knows the sequence and polarity of the photons, they can decode the message. Otherwise, the photons look like random noise. If someone intercepts the photons, some of the photon positions will change polarity and the message will be altered. This will inform the receiver that someone is listening in on the message. The sender, when informed, can change the pattern and resend the message with a new photon position key. Intercepting the data alters the data and ruins the message.

Figure 7.3 demonstrates this concept. In this example, each photon is polarized in one of several directions. The process of intercepting these photons alters the polarity of some of the photons and makes the message unreadable. This alerts the receiver that an interception activity is occurring. As you can see in this example, the message has been altered as a result of the interception. Each bar in the message is part of the message: The interception changes the polarity of some of the photons (represented by the bars), making the message unreadable.

Quantum cryptography has become a solution available for private users, although it's very expensive and has a limited range. It will be interesting to see what the future holds for this technology.

7.1.5. Uncovering the Myth of Unbreakable Codes

If time has taught us anything, it is that people frequently do things that other people thought were impossible. Every time a new code or process is invented that is thought to be invincible, someone comes up with a method of breaking it.

The following list includes some common code-breaking techniques:

Frequency analysis

Frequency analysis involves looking at blocks of an encrypted message to determine if any common patterns exist. Initially, the analyst doesn't try to break the code but looks at the patterns in the message. In the English language, the letters e and t and words like the, and, that, it, and is are very common. Single letters that stand alone in a sentence are usually limited to a and I.

A determined cryptanalyst looks for these types of patterns and, over time, may be able to deduce the method used to encrypt the data. This process can sometimes be simple, or it may take a lot of effort.

Algorithm errors

An algorithm is a method or set of instructions used to perform a task or instruction. In computers, algorithms are implemented in programs to perform repetitive operations. Sometimes complex algorithms produce unpredictable results; when discovered, the results can cause the entire encryption algorithm to be compromised. Cryptographic systems may have fundamental flaws in the way they're designed. An error or flaw in either the design or the implementation of the steps can create a weakness in the entire coding system. This weakness may leave a coding system open to decryption regardless of the complexity of the algorithm or steps used to process the codes.

Brute-force attacks

Brute-force attacks can be accomplished by applying every possible combination of characters that could be the key. For example, if you know that the key is three characters long, then you know that there is a finite number of possibilities that the key could be. Although it may take a long time to find the key, the key can be found.

Although it could take a long time to succeed with a brute-force attack, hackers use programs that run thousands of brute-force trial-and-error attempts in a short period of time.

Human error

Human error is one of the major causes of encryption vulnerabilities. If an e-mail is sent using an encryption scheme, someone else may send it in the clear (unencrypted). If a cryptanalyst gets hold of both messages, the process of decoding future messages will be considerably easier. A code key might wind up in the wrong hands, giving insights into what the key consists of. Many systems have been broken as a result of these types of accidents.

A classic example involved the transmission of a sensitive military-related message using an encryption system. Most messages have a preamble that informs the receiver who the message is for, who sent it, how many characters are in the message, the date and time it was sent, and other pertinent information. In this case, the preamble was sent in clear text and this information was also encrypted and put into the message. As a result, the cryptanalysts gained a key insight into the message contents. They were given approximately 50 characters that were repeated in the message in code. This error caused a relatively secure system to be compromised.