In this chapter you will learn about several methods of cryptography that were used in ancient Greece. You will also examine encryption algorithms used today and how you can apply encryption to maintain two of the three security principles—confidentiality and integrity.
- 1.
Summarize general cryptography concepts.
- 2.
Apply appropriate cryptographic tools and products.
Cryptography
Cryptography is the science of taking plain, readable text and applying an algorithm to it, encrypting it to create ciphertext, which appears to be gibberish until it is decrypted. Encryption is used to maintain confidentiality. Cryptography itself is not a modern technology.
Keys : A key is used by an algorithm to encrypt or decrypt a message. The key is an important component in the encryption algorithm. An algorithm is only as good as the key being used. The more complexity involved, the more secure the algorithm is. Key management is an issue that needs to be addressed since the key is such an important component in the process.
Substitution Cipher: A substitution cipher like the shift cipher was easy to crack. All you have to do is look for patterns and letters that appear in multiple words. Substitution ciphers work on the principle of substituting a different letter for every letter, for instance, a becomes g, and b becomes d. The letters are not in order as they are in shift ciphers.
The key in this encryption system is still the password. This algorithm is simple, but it still provides strong security. Even if someone knows about the table, they do not know the key, or password, so the message cannot be decrypted.
One-Time Pad: The one-time pad is almost impossible to crack. The name comes from the fact that two identical pads of paper containing the key material were used. The top sheet could be torn off and destroyed after it was used. The encrypted message provides no information about the original message. The problem is that the one-time pad requires perfectly random key material which is the challenge with a modern-day application. The key exchange is also an issue.
A one-time pad is unbreakable, dependent on random pad generation, and requires both parties to have the identical pad and that they start at the same point in the pad. The need to have both parties to have the identical pad and start from the same point in the pad is impractical for most common applications for reasons such as these large pads may be required, it is difficult to generate truly random numbers, and it is difficult to get the pads to both parties.
Common Uses of Hashing Functions
Hashing functions are used to ensure that a message or data has not changed. In other words, we are talking about maintaining integrity. If you download a program from the Internet, you may see that a message digest value is noted using a particular hashing algorithm. After you download the file, use a hash calculator on that file. Your result should be an exact match to the value provided at the website. If the values are not the same, it means that the file has been tampered with in some way.
Hash Algorithms
Two widely used hash algorithms are SHA and Message Digest. There are also numerous tools available on the Internet that you can use to calculate hash values for files or character strings.
SHA
Accepts up to 264 bits or less and then compresses it down to a smaller number of bits (i.e., 160 bits for SHA-1)
SHA-256, SHA-384, and SHA-512.
Longer hash results mean more difficult to attack successfully.
SHAKE-128 and SHAKE-256 are introduced in the latest hashing algorithm SHA-3.
Message Digest (MD)
Creates a 128-bit hash of a message of any length and segments the message into 512-bit blocks
Symmetric Encryption
Key Management
Keys must be managed at all stages. That requires securing it on the local computer, securing it on the remote system, protecting it from data corruption, protecting it from loss, and, probably the most important step, protecting it while it is transmitted between the two parties. For symmetric algorithms, the most important lesson is to store and send the key only by a known, secure means. Public key cryptography greatly eases the key management issue.
Trusted Platform Module (TPM)
The Trusted Platform Module provides a hardware-based key storage location that can be used by many applications. Combining hardware with software provides better security than a software-only solution. To learn more, review “Windows Trusted Platform Module Management Step-by-Step Guide.”2
Symmetric Algorithms
You should be familiar with the various symmetric algorithms and their main characteristics. Most of the algorithms listed are block ciphers, which means that they operate on a fixed-length group of bits with a fixed, unvarying transformation. If the length of the plaintext message is not a multiple of the length of a block, the plaintext message must be padded. A stream cipher applies a cryptographic key and algorithm to each binary digit in a data stream and can encrypt plaintext messages of variable length. Please see the following details regarding the various symmetric algorithms and their main characteristics.
Block cipher
The block size is 64-, 56-bit key length
Uses either two or three keys
Multiple encryption— goes through the DES algorithm three times
Block cipher that separates data input into 128-, 192-, or 256-bit blocks
Key sizes of 128, 192, and 256 bits, with the size of the key affecting the number of rounds used in the algorithm
Uses 64-bit block size for 64- and 128-bit keys
128-bit block size for the 256-bit key version
128-bit block size, keys sizes: 128, 192, 256
Runs well on 32-bit computers and resistant to brute force attacks
Stream cipher
Uses key lengths of 8 to 2048 bits, most vulnerable to possibility of weak keys
Block mode cipher, using 64-bit blocks and a variable key length from 32 to 448 bits
Runs well on 32-bit machines
Block mode cipher using 64-bit block size and 128-bit key
Asymmetric Encryption
Asymmetric encryption is also known as public key encryption. This method relies on having a key pair—the public key and a private key. The two keys are mathematically related, but you cannot figure out the private key just because you know someone’s public key.
A key pair gets generated. The public key gets published to a third-party server where others will be able to access it. A user’s private key stays with the user (e.g., within the software application). One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.
Asymmetric Algorithms
RSA: Used for encryption and digital signatures; uses the product of two very large prime numbers (between 100 and 200 digits long and of equal length)
Diffie–Hellman: Electronic key exchange method of the Secure Sockets Layer (SSL) protocol; TLS, SSH, and IPsec protocols; enables the sharing of a secret key
ElGamal: This system was never patented and is free for use; used as the US government standard for digital signatures
Elliptic Curve Cryptography (ECC): Works on the basis of elliptic curves
Steganography
Steganography is the method of hiding data (the message) in another file. Data can be hidden in graphic, audio, or other text files. The advantage of steganography over cryptography is that the message does not attract any special attention. You would never know that a picture actually contained a secret message by viewing the file either electronically or in hard copy.
Cryptography Algorithm Use: Confidentiality
Maintaining confidentiality often is important for both stored data and transmitted data. In both cases, symmetric encryption is favored because of its speed and because some asymmetric algorithms can significantly increase the size of the object being encrypted.
In the case of a stored item, a public key is typically unnecessary, as the item is being encrypted to protect it from access by others. In the case of transmitted data, public key cryptography is typically used to exchange the secret key, and then symmetric cryptography is used to ensure the confidentiality of the data being sent.
Asymmetric cryptography does protect confidentiality, but its size and speed make it more efficient at protecting the confidentiality of small units for tasks such as electronic key exchange. In all cases, the strength of the algorithms and the length of the keys ensure the secrecy of the data in question. Please review the following aspects of “Cryptography Algorithm Use: Confidentiality.”
Confidentiality
Encryption excels at providing confidentiality.
Maintains confidentiality on data stored or transmitted.
Integrity
Crucial component of message security.
The hash functions compute the message digests, and this guarantees the integrity of the message.
Nonrepudiation
The message sender cannot later deny that they sent the message.
This is important in electronic exchanges of data.
Authentication
Allows you to prove you are who you say you are
Key Escrow
Keeps a copy of the encryption key with a trusted third party
Cryptography Algorithm Use: Digital Signatures
Unprotected digital documents are very easy for anyone to change. If a document is edited after an individual signs it, it is important that any modification can be detected.
Cryptography Algorithm Use: Digital Rights Management (DRM)
Digital rights management, or DRM, is the process for protecting intellectual property from unauthorized use. DRM is used by hardware manufacturers, publishers, and individuals that want to limit the use of digital content after it has been sold. Those who are for the technology argue that it is necessary to fight copyright infringement. Those opposed say it restricts them from performing legal tasks such as making a backup copy.
Cryptographic Applications
- 1.
Pretty Good Privacy (PGP): PGP applications can be plugged into popular email programs to handle the majority of day-to-day encryption tasks using a combination of symmetric and asymmetric encryption protocols.
One of the unique features of PGP is its ability to use both symmetric and asymmetric encryption methods, accessing the strengths of each method and avoiding the weaknesses of each as well. Symmetric keys are used for bulk encryption, taking advantage of the speed and efficiency of symmetric encryption. The symmetric keys are passed using asymmetric methods, capitalizing on the flexibility of this method.
- 2.
TrueCrypt: TrueCrypt is an open source solution for encryption. It is designed for symmetric disk-based encryption of your files. It features Advanced Encryption Standard (AES) ciphers and the ability to create a deniable volume, encryption stored within encryption so that volume cannot be reliably detected. TrueCrypt can perform file encryption and whole disk encryption. Whole disk encryption encrypts the entire hard drive of a computer, including the operating system.
- 3.
FreeOTFE: FreeOTFE is similar to TrueCrypt. It offers “on-the-fly” disk encryption as an open source, freely downloadable application. It can encrypt files up to entire disks with several popular ciphers, including AES.
- 4.
GnuPG: GnuPG, or Gnu Privacy Guard , is an open source implementation of the OpenPGP standard. This command line-based tool is a public key encryption program designed to protect electronic communications such as email. It operates similarly to PGP and includes a method for managing public/private keys.
File system encryption is becoming a standard means of protecting data while in storage. Even hard drives are available with built-in AES encryption. Microsoft introduced BitLocker, its Encrypting File System (EFS).
- 5.
BitLocker: BitLocker is a boot sector encryption method that protects data on the latest Windows operating systems. BitLocker utilizes AES encryption to encrypt every file on the hard drive automatically. All encryption occurs in the background, and decryption occurs seamlessly when data is requested. The decryption key can be stored in the Trusted Platform Module (TPM) or on a Universal Serial Bus (USB) key.
Summary
In this chapter you learned about fundamental concepts relating to cryptography. You reviewed the basics of cryptography and the common uses of hashing functions, symmetric encryption, symmetric algorithms, and asymmetric algorithms. In this chapter, you also became familiar with cryptography as used for exchanging information which requires confidentiality and the use of digital signatures. This chapter highlighted various cryptographic tools and products that can be implemented to maintain confidentiality and integrity which are two of the three security principles.