Chapter 16

Summarizing the Basics of Cryptographic Concepts

This chapter covers the following topics related to Objective 2.8 (Summarize the basics of cryptographic concepts) of the CompTIA Security+ SY0-601 certification exam:

  • Digital signatures

  • Key length

  • Key stretching

  • Salting

  • Hashing

  • Key exchange

  • Elliptic-curve cryptography

  • Perfect Forward Secrecy

  • Quantum

    • Communications

    • Computing

  • Post-quantum

  • Ephemeral

  • Modes of operation

    • Authenticated

    • Unauthenticated

    • Counter

  • Blockchain

    • Public ledgers

  • Cipher suites

    • Stream

    • Block

  • Symmetric vs. asymmetric

  • Lightweight cryptography

  • Steganography

    • Audio

    • Video

    • Image

  • Homomorphic encryption

  • Common use cases

    • Low power devices

    • Low latency

    • High resiliency

    • Supporting confidentiality

    • Supporting integrity

    • Supporting obfuscation

    • Supporting authentication

    • Supporting non-repudiation

  • Limitations

    • Speed

    • Size

    • Weak keys

    • Time

    • Longevity

    • Predictability

    • Reuse

    • Entropy

    • Computation overheads

    • Resource vs. security constraints

Cryptography is the art and science of keeping data secure. Cryptographic techniques are used to encrypt (scramble) messages before the messages are stored or transmitted. When data is encrypted, the message and an encryption key are passed to the encryption algorithm. To decrypt the data, the ciphertext and a decryption key are passed to the decryption algorithm.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Chapter Review Activities” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 16-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 16-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

Digital Signatures

1

Hashing

2

Quantum

3–4

Blockchain

5

Cipher Suites

6

Steganography

7

Common Use Cases

8

Limitations

9

Key Stretching

10

Key Derivation

11

Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. Which is one of the three digital signature scheme algorithms?

  1. A key generation algorithm that selects a private key

  2. A key generation algorithm that selects a data path

  3. A file encryption algorithm that encrypts files

  4. A triple-DES communication encryption algorithm

2. Which of the following properties are not ideal cryptographic hash function properties?

  1. Provides a quick response to any mathematical subfunction

  2. Is unable to compute the hash value for any given message

  3. Is quick to compute the cryptographic key’s salt value

  4. Is infeasible to find two different messages with the same hash value

3. The complexity of quantum properties lies in the principles of quantum mechanics that are behind quantum cryptography. Which is one of the primary principles?

  1. Changing the zero bit in the x state moves the bit 35 degrees left.

  2. Measuring the quantum property adds two qubits.

  3. Quantum mechanics cannot fix a laser while in operation.

  4. You can’t measure a quantum property without changing or disturbing it.

4. When a sender transmits photons through a filter that randomly gives one of four possible polarizations and bit designations, what is it set as?

  1. 35-degree left (zero bit)

  2. Horizontal (zero bit)

  3. Vertical (45 bit)

  4. Top 45-degree left (seven bit)

5. A blockchain is a specific type of database that differs from a typical database in the way it stores information. Which is the most accurate description of storage in a blockchain?

  1. Data is stored in blocks that are then chained together.

  2. Data is stored in segments that are linked.

  3. Data is linked to a SQL database stored in blocks.

  4. Data is chained to specific blocks in a linked mathematical code.

6. Today’s cipher suite is a set of algorithms that help secure a network connection that uses Transport Layer Security (TLS). The set of algorithms that cipher suites usually contain includes which of the following?

  1. A bulk repository hashing key

  2. A bulk encryption algorithm

  3. A hash exchange and management algorithm

  4. Key exchange repository for storage

7. Steganography is the practice of hiding a secret message inside or even on top of something that is not secret. Which of the following is not a tool that can be used to perform steganography on data?

  1. Steghide

  2. Foremost

  3. Stegais

  4. Future

8. IoT low-power devices have limited power. What effect does that have on a cryptographic algorithm that does not compromise security?

  1. Smaller symmetric key sizes

  2. The use of dual asymmetric keys

  3. The use of 32-bit 3DES encryption

  4. The use of shorter RC4 encryption keys

9. Timing attacks that use side channels to analyze the time taken to execute a cryptographic algorithm are based on which method?

  1. Smaller keys for quicker analysis

  2. Larger keys for faster mathematical calculations

  3. Time

  4. Length

10. Which of the following runs a password through an algorithm to produce an enhanced key, usually at least 128 bits long?

  1. IV

  2. Steganography

  3. Entropy

  4. Key stretching

11. Which of the following are key derivation functions (KDFs) that are primarily used for key stretching? (Select two.)

  1. Symmetric key algorithms

  2. Asymmetric key algorithms

  3. Bcrypt

  4. PBKDF2

Foundation Topics

Digital Signatures

Digital signatures are a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication) and that the message was not altered in transit (integrity).

Digital signatures are a standard element of most cryptographic protocol suites and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering. Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a signature.

Digital signatures employ asymmetric cryptography. In many instances, they provide a layer of validation and security to messages sent through a nonsecure channel. Properly implemented, a digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures properly implemented are more difficult to forge. Digital signature schemes, in the sense used here, are cryptographically based and must be implemented properly to be effective. Digital signatures can also provide nonrepudiation, meaning that the signer cannot successfully claim he or she did not sign a message, while also claiming his or her private key remains secret. Some nonrepudiation schemes offer a timestamp for the digital signature so that even if the private key is exposed, the signature is valid.

A digital signature scheme typically consists of three algorithms:

  • A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.

  • A signing algorithm that, given a message and a private key, produces a signature.

  • A signature verifying algorithm that, given the message, public key, and signature, either accepts or rejects the message’s claim to authenticity.

Two main properties are required for a digital signature:

  • The authenticity of a signature generated from a fixed message and fixed private key can be verified by using the corresponding public key.

  • Generating a valid signature for a party without knowing that party’s private key should be computationally infeasible.

A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature. The Digital Signature Algorithm (DSA), developed by the National Institute of Standards and Technology (NIST), is one of many examples of a signing algorithm.

Note

As organizations move away from paper documents with ink signatures, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document and also acknowledge informed consent and approval by a signatory.

Key Length

Key length is equal to the number of bits in an encryption algorithm’s key. A short key length means poor security. However, a long key length does not necessarily mean good security. The key length determines the maximum number of combinations required to break an encryption algorithm.

The strength of encryption is related to the difficulty of discovering the key, which in turn depends on both the cipher used and the length of the key.

Encryption strength is often described in terms of the size of the keys used to perform the encryption: longer keys may provide stronger encryption. Key length is measured in bits. The 128-bit keys for use with the RC4 symmetric-key cipher supported by SSL provide significantly better cryptographic protection than 40-bit keys for use with the same cipher. Obviously, 128-bit RC4 encryption is 3 × 1026 times stronger than 40-bit RC4 encryption.

Different ciphers require different key lengths to achieve the same level of encryption strength. The RSA cipher used for public-key encryption, for example, can use only a subset of all possible values for a key of a given length, due to the nature of the mathematical problem on which it is based. Other ciphers, such as those used for symmetric key encryption, can use all possible values for a key of a given length, rather than a subset of those values.

Thus, a 128-bit key for use with a symmetric-key encryption cipher would provide stronger encryption than a 128-bit key for use with the RSA public-key encryption cipher. This difference explains why the RSA public-key encryption cipher must use a 512-bit key (or longer) to be considered cryptographically strong, whereas symmetric key ciphers can achieve approximately the same level of strength with a 64-bit key.

Note

Many cryptographical implementations are broken before the actual encryption itself is broken; see RC4 and WEP.

Key Stretching

Key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) needed to test each possible key. Key stretching is the practice of converting a password to a longer and more random key for cryptographic purposes. The process of converting a password into a key is accomplished by a type of algorithm known as a key derivation function that may include salt and pepper with the password to make the key more difficult to guess. Table 16-2 provides an overview of key stretching, highlighting its strengths and weaknesses.

Table 16-2 Key Stretching

Type

Cryptography

Information Security

Definition

The practice of converting a password to a longer and more random key for cryptographic purposes such as encryption.

Notes

Key stretching can also be applied to a master key as opposed to a password.

If a password is extremely long, key stretching can result in a shorter and less secure key.

Related Concepts

Cryptography Key Derivation Function

Strong Password

Cryptographic Keys

Information Security

Salt

Generation of random data that is used as an additional input to a one-way function that hashes data.

Pepper

Like a salt in that it is a randomized value added to a password hash, and it should be kept secret. Also referred to as a secret salt.

Salting

In cryptography, salting refers to the generation of random data that is used as an additional input to a one-way function that hashes data, a password, or a passphrase. Salts are used to safeguard passwords in storage. A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the output hash value (but not the original password) is stored with the salt in a database.

Salts defend against a precomputed hash attack. Because salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other. Figure 16-1 depicts the password salting process.

A block diagram of password salting process is shown.

FIGURE 16-1 Password Salting

Hashing

A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size to a bit array of a fixed size. It is a one-way function—that is, a function that is practically infeasible to invert. Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match or use a rainbow table of matched hashes.

The ideal cryptographic hash function has the following main properties:

  • It is deterministic, meaning that the same message always results in the same hash.

  • It is quick to compute the hash value for any given message.

  • It is infeasible to generate a message that yields a given hash value or to reverse the process that generated the given hash value.

  • It is infeasible to find two different messages with the same hash value.

  • A small change to a message should change the hash value so extensively that the new hash value appears uncorrelated with the old hash value avalanche effect.

Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption.

Key Exchange

Key exchange, also known as key establishment, is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and to decrypt messages received. The nature of the equipping they require depends on the encryption technique they might use. If they use a code, both require a copy of the same source code. If they use a cipher, they need appropriate keys. If the cipher is a symmetric key cipher, both need a copy of the same key. If it is an asymmetric key cipher with the public/private key property, both need the other’s public key. Figure 16-2 illustrates the key exchange process.

A figure depicts the process of symmetric key exchange process.

FIGURE 16-2 Symmetric Key Exchange Process

Elliptic-Curve Cryptography

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography based on plain Galois fields to provide equivalent security. An algebraic structure consists of a nonempty set “A” (called the underlying set, carrier set, or domain); a collection of operations on A of finite arity, typically binary operations; and a finite set of identities, known as axioms, that these operations must satisfy.

Elliptic curves are applicable for key agreement and digital signatures, and indirectly can be used for encryption by combining the key agreement with a symmetric encryption scheme. They are also used in several integer factorization algorithms based on elliptic curves that have applications in cryptography, such as Lenstra elliptic-curve factorization.

An elliptic curve is a plane curve over a finite field, rather than the real numbers that consist of the points satisfying the following equation:

y2 = x3 + ax + b

To use ECC, all parties must agree on all the elements defining the elliptic curve, the domain parameters of the scheme. The domain parameters are not typically generated by each participant. Calculating the number of points on a curve is time consuming and complicated to implement. As a result, several standards bodies published domain parameters of elliptic curves for several common field sizes. Such domain parameters are commonly known as standard curves or named curves; a named curve can be referenced either by name or by the unique object identifier.

Perfect Forward Secrecy

In cryptography, forward secrecy, also known as perfect forward secrecy, is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.

Perfect forward secrecy means that a piece of an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised, it exposes only a small portion of the user’s sensitive data.

Encryption tools with perfect forward secrecy switch their keys as frequently as every message in text-based conversation, every phone call in the case of encrypted calling apps, or every time a user loads or reloads an encrypted web page in his or her browser.

While schemes for perfect forward secrecy date back to the early 1990s, the feature was first practically implemented in Off-The-Record Messaging, a protocol for encrypted instant messaging invented in 2004 that encrypted messages with a new key every time a sender alternated in an instant messaging conversation. In that system, multiple messages sent back to back by the same sender still used the same key.

Quantum

Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best-known example of quantum cryptography is quantum key distribution, which offers an information-theoretically secure solution to the key exchange problem.

Cryptography is the process of encrypting data or converting plain text into scrambled text so that only someone who has the right “key” can decode and read it. Quantum cryptography, by extension, simply uses the principles of quantum mechanics to encrypt data and transmit it in a way that cannot be hacked.

While the definition sounds simple, the complexity lies in the principles of quantum mechanics behind quantum cryptography:

  • The particles that make up the universe are inherently uncertain and can simultaneously exist in more than one place or more than one state of being.

  • Photons are generated randomly in one of two quantum states.

  • You can’t measure a quantum property without changing or disturbing it.

  • You can clone some quantum properties of a particle, but not the whole particle.

Communications

Quantum cryptography, or quantum key distribution (QKD), uses a series of photons (light particles) to transmit data from one location to another over a fiber-optic cable. By comparing measurements of the properties of a fraction of these photons, the two endpoints can determine what the key is and if it is safe to use. Breaking the process down further helps to explain it better.

The sender transmits photons through a filter (or polarizer), which randomly gives them one of four possible polarizations and bit designations: vertical (one bit), horizontal (zero bit), 45-degree right (one bit), or 45-degree left (zero bit).

The photons travel to a receiver, which uses two beam splitters (horizontal/vertical and diagonal) to “read” the polarization of each photon. The receiver does not know which beam splitter to use for each photon and has to guess which one to use.

Once the stream of photons has been sent, the receiver tells the sender which beam splitter was used for each of the photons in the sequence they were sent, and the sender compares that information with the sequence of polarizers used to send the key. The photons that were read using the wrong beam splitter are discarded, and the resulting sequence of bits becomes the key.

If the photon is read or copied in any way by an eavesdropper, the photon’s state changes. The change is detected by the endpoints. In other words, this means you cannot read the photon and forward it on or make a copy of it without being detected.

Computing

Quantum computing is the use of quantum phenomena such as superposition and entanglement to perform computation. Computers that perform quantum computations are known as quantum computers.

Post-Quantum

Post-quantum cryptography refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer. These complex mathematical equations take traditional computers months or even years to break. If you are planning to store “secret” or private data for long periods of time, how can you protect it—for the long term? This is where post-quantum approaches can be implemented using today’s computers, but that would be impervious to attacks from tomorrow’s quantum units. When you increase the size of digital keys, the number of permutations that need to be searched using brute computing power rises exponentially. Just doubling the size of a key from 128 bits to 256 bits effectively squares the number of possible permutations that a quantum machine using Grover’s algorithm would have to search through. Grover’s algorithm is a quantum algorithm that finds with high probability the unique input to a black box function that produces a particular output value.

By contrast, quantum computers running Shor’s algorithm can break math-based systems in moments. Shor’s algorithm is a polynomial-time quantum computer algorithm for integer factorization. Informally, it solves the following problem: Given an integer N, find its prime factors.

NIST is reviewing and working on 26 post-quantum proposals for a government standard because there is currently no set standard; however, one is expected to be released in draft sometime in 2022.

Quantum cryptography uses the principles of quantum mechanics to secure messages and, unlike mathematical encryption, is truly unhackable.

Ephemeral

A cryptographic key is called ephemeral if it is generated for each execution of a key-establishment process and meets other requirements of the key type, unique to each message or session.

Ephemeral key agreement keys are the private key plus its corresponding public keys of asymmetric key pairs that are used for a single key establishment transaction to establish one or more keys and optionally other keying material such as initialization vectors (IVs).

Ephemeral keys are designed to be used for a single transaction or session. Ephemeral describes a temporary or short duration; in this case it’s a key generated for a single use. Figure 16-3 illustrates the ephemeral key process.

A figure depicts the purpose of ephemeral keys process.

FIGURE 16-3 Ephemeral Key Process

Modes of Operation

A mode of operation describes how to repeatedly apply a cipher’s single-block operation to securely transform amounts of data larger than a block. Most modes require a unique binary sequence, often called an initialization vector, for each encryption operation.

The IV has to be nonrepeating and, for some modes, random as well. The initialization vector is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key. Block ciphers might be capable of operating on more than one block size, but during transformation, the block size is always fixed. Block cipher modes operate on whole blocks and require that the last part of the data be padded to a full block if it is smaller than the current block size. There are, however, modes that do not require padding because they effectively use a block cipher as a stream cipher.

Later cipher development regarded integrity protection as an entirely separate cryptographic goal. Some modern modes of operation combine confidentiality and authenticity in an efficient way and are known as authenticated encryption modes.

Authenticated modes include authenticated encryption (AE) and authenticated encryption with additional or associated data (AEAD). With AE, the requirement is to both protect the privacy of the message and to ensure authenticity. A method for achieving both of these goals at the same time is called authenticated encryption. With AEAD, the header needs to be authenticated but should not be encrypted. The task of encrypting the message and authenticating both the header and the message is called authenticated encryption with associated data. There are other methods such as deterministic authenticated encryption with associated data (DAEAD). AE/AD constructions use a nonce, which is distinct for every message. Deterministic authenticated encryption does away with the nonce. Only the message is processed using a secret (random) key to produce the ciphertext. An extension of this functionality allows the authentication of associated data and the message.

In unauthenticated mode, communication is encrypted, but users do not have to authenticate or verify their credentials. Deployment automation automatically uses this mode for server/agent communication. SSL unauthenticated mode can also be used for HTTP communication.

Counter mode uses an arbitrary number, the counter, that changes with each block of text encrypted. The counter is encrypted with the cipher, and the result is XOR’d (exclusive OR’d) into ciphertext. Because the counter changes for each block, the problem of repeating ciphertext that results from the Electronic Code Book method is avoided.

Electronic Code Book Mode

Electronic Code Book (ECB) is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value. In fact, ECB can support a separate encryption key for each block type. ECB encodes each block independently. A problem arises when there is identical input; in this case, you end up with identical output, so it is predictable. Figure 16-4 shows this function in action.

An illustration of electric code book is shown.

FIGURE 16-4 ECB Electronic Code Book

Cipher Block Chaining Mode

Cipher Block Chaining (CBC) is a mode of operation for a block cipher, one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block. The initialization vector is of a certain length. One of its key characteristics is that it uses a chaining mechanism that causes the decryption of a ciphertext block to depend on all the preceding ciphertext blocks. One limitation of CBC mode is that encryption errors propagate: an encryption error in one block cascades through subsequent blocks due to the chaining, destroying their integrity.

Rearrangement of the order of the ciphertext blocks causes decryption to become corrupted. Basically, in cipher block chaining, each plaintext block is XOR’d with the immediately previous ciphertext block and then encrypted. Identical ciphertext blocks can result only if the same plaintext block is encrypted using both the same key and initialization vector, and if the ciphertext block order is not changed. This mode has an advantage over Electronic Code Book mode in that the XOR’ing process hides plaintext patterns. Figure 16-5 shows this function.

An illustration of cipher block chaining is shown.

FIGURE 16-5 Cipher Block Chaining (CBC)

Cipher Feedback Mode

Cipher Feedback (CFB) mode is similar to CBC mode, but the primary difference is that CFB is a stream mode cipher. Like CBC, CFB uses an initialization vector and destroys patterns, so errors will be propagated.

CFB mode allows a block cipher with a block size of n bits to be used as a stream cipher with a data encryption unit of m bits. This is represented as for any m > n. For example, to encrypt m bits of data, the block cipher is used to encrypt the contents of the register, the left most m bits of the result are XOR’d with the m bits of data, and the result is m bits of ciphertext. In addition, the register is shifted left by m bits, and those m ciphertext bits are inserted in the rightmost m register bits to be used in processing the next m bits of plaintext. To run the CFB operation mode as a stream cipher, FIPS 81 defines CFB variations where plaintext blocks can have any size less than 64 bits. To describe CFB variations, you need the following additional notations:

Decryption reverses the process. The register initially contains the initialization vector. To decrypt m bits of ciphertext, the block cipher is used to encrypt the contents of the register, and the resulting leftmost m bits are XOR’d with the m ciphertext bits to recover m plaintext bits. The m ciphertext bits are then shifted left into the register.

Unlike in CBC, a single transmission error in the ciphertext causes an error in n/m + 1 blocks as the affected ciphertext block is shifted through the register and then the system recovers. With 8-bit CFB, if a byte is lost, one byte of plaintext is lost and the next 8 bytes are garbled. After that, the plaintext decrypts properly. If a byte is added to the ciphertext, a byte of garbage is added, and the following 8 bytes are garbled but the rest is okay.

Note

The encryption function of the block cipher is used in encryption and decryption of CFB mode, and the decryption function of the block cipher is not used at all.

Figure 16-6 shows the k-bit stream block function and how k-bit functions operate in CFB mode.

A diagrammatic representation of the process of k-bit CFB mode.

FIGURE 16-6 k-bit Cipher Feedback (CFB) Mode

Output Feedback Mode

Output Feedback (OFB) mode is a mode of operation for a block cipher. It has some similarities to the Ciphertext Feedback mode in that it permits encryption of differing block sizes, but a key difference is that the output of the encryption block function is the feedback (instead of the ciphertext). The XOR (exclusive OR) value of each plaintext block is created independently of both the plaintext and ciphertext. This mode is used when there can be no tolerance for error propagation because there are no chaining dependencies. Like the ciphertext feedback mode, it uses an initialization vector. Changing the IV in the same plaintext block results in different ciphertext.

In terms of error correction, output feedback can tolerate ciphertext bit errors but is incapable of self-synchronization after losing ciphertext bits because it disturbs the synchronization of the aligning keystream. A problem with output feedback is that the plaintext can be easily altered, but by using a digital signature scheme, you can overcome this problem. Figure 16-7 illustrates OFB mode.

A diagrammatic representation of the process of k-bit OFB mode.

FIGURE 16-7 k-Bit OFB Mode

Counter Mode

Counter (CTR) mode is a simple counter-based block cipher implementation in cryptography. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext or original text, it results in a ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in parallel in this mode. CTR generates the next keystream block by encrypting successive values named counters.

This counter can be any purpose or function which generates a sequence that is guaranteed not to call for a long time, although an actual increment-by-one counter is the simplest and most popular. When utilization of the easiest deterministic input function, the implementation reveals a cryptosystem with known systematic input, and therefore represents a risk.

CTR mode, like OFB, turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a counter. CTR mode has similar characteristics to OFB but also allows a random-access property during decryption.

CTR can be considered as a counter-based version of CFB mode without the feedback in this cryptography. In this mode, both the sender and receiver need to get access to a reliable counter, which finds out a new shared value each time a ciphertext block is exchanged or changes the value, which is shared. This shared counter is not necessarily a secret value, but the challenge is that both sides must keep the counter synchronized at a time when both are active. Figure 16-8 illustrates CTR mode.

An illustration of Counter mode is shown.

FIGURE 16-8 Counter (CTR) Mode

The main disadvantage of CTR mode is that it requires a synchronous counter at the sender and receiver. Decreases in synchronization lead to the incorrect recovery of plaintext or original text.

Blockchain

Blockchain is a specific type of database. It differs from a typical database in the way it stores information: blockchains store data in blocks that are then chained together. As new data comes in, it is entered into a fresh block. When a block is filled with data, it is chained onto the previous block, which makes the data chained together in chronological order. Different types of information can be stored on a blockchain, but the most common use so far has been as a ledger for transactions.

Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system.

A blockchain is essentially a digital ledger of transactions that is duplicated and distributed across the entire network of computer systems on the blockchain. Each block in the chain contains a number of transactions, and every time a new transaction occurs on the blockchain, a record of that transaction is added to every participant’s ledger. The decentralized database managed by multiple participants is known as Distributed Ledger Technology (DLT).

The public ledger organizes into a long chain of blocks of information. When a buyer and seller engage in a transaction, the blockchain verifies the authenticity of their accounts. This is done by using the public ledger and by checking if the funds are available to proceed with the transactions. However, if the funds are not available in the buyer’s account or are promised to another party, the sale is prevented, effectively making double buying impossible. Instead of the public ledger being maintained and monitored by a central authority, like banks or governments, the public ledger is stored on the personal computers or electronic devices of the individuals and businesses who use the blockchain. To use the blockchain, you must donate to the collective. In this way, the need for a central authority is eliminated because every member of the blockchain has access to the ledger. Further, the ledger itself cannot be falsified. If one individual tampers with his or her ledger, the blockchain verifies that ledger against the other ledgers owned by the rest of the community and rejects it quickly.

Cipher Suites

A cipher suite is a set of algorithms that help secure a network connection that uses Transport Layer Security (TLS). Cipher suites usually contain a set of algorithms that include a key exchange algorithm, bulk encryption algorithm, and message authentication code (MAC) algorithm.

The key exchange algorithm is used to exchange a key between two devices. This key is used to encrypt and decrypt the messages being sent between two machines. The bulk encryption algorithm is used to encrypt the data being sent. The MAC algorithm provides data integrity checks to ensure that the data sent does not change in transit. In addition, cipher suites can include signatures and an authentication algorithm to help authenticate the server and/or client. Hundreds of different cipher suites contain different combinations of these algorithms. Some cipher suites offer better security than others.

The structure and use of the cipher suite concept are defined in the TLS standard document. TLS 1.2 was the most prevalent version of TLS. The newer version of TLS (TLS 1.3) includes additional security requirements to cipher suites. Cipher suites defined for TLS 1.2 cannot be used in TLS 1.3, and vice versa, unless otherwise stated in their definition. TLS 1.2 was defined in RFC 5246 and was in use after 2008 by the majority of all web browsers. On March 21, 2018, TLS 1.3 was finalized. As of August 2018, the final version of TLS 1.3 was published (RFC 8446). In short, the major benefits of TLS 1.3 versus that of TLS 1.2 are improved security and faster speed.

A stream cipher is a symmetric key cipher in which plaintext digits are combined with a pseudorandom cipher digit stream known as a keystream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Because encryption of each digit is dependent on the current state of the cipher, it is also known as a state cipher. A digit is typically a bit, and the combining operation is an exclusive OR (XOR).

The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers. The seed value serves as the cryptographic key for decrypting the ciphertext stream. Stream ciphers represent a different approach to symmetric encryption from block ciphers. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly; in particular, the same starting state seed must never be used twice.

A block cipher is an encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text instead of encrypting one bit at a time as in stream ciphers. For example, a common block cipher, AES, encrypts 128-bit blocks with a key of predetermined length: 128, 192, or 256 bits. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut. In some modes of operation, a block cipher primitive is used in such a way that it acts effectively as a stream cipher.

Symmetric vs. Asymmetric Encryption

Asymmetric encryption is more secure than symmetric encryption. Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message, whereas asymmetric encryption uses a pair of public keys and a private key to encrypt and decrypt messages when communicating. Asymmetric algorithms are often referred to as public key algorithms because they use the public key as the focal point for the algorithm.

As shown in Figure 16-9, symmetric is the simplest kind of encryption; it involves only one secret key to cipher and decipher information. Symmetric encryption is an old and the best-known technique. It uses a secret key that can either be a number, word, or string of random letters. It is a blended with the plaintext of a message to change the content in a particular way. The sender and recipient should know the secret key that is used to encrypt and decrypt all the messages.

A figure depicts the process of symmetric key exchange process.

FIGURE 16-9 Symmetric Encryption

Examples of symmetric encryption include Blowfish, Twofish, AES, RC4, and DES. The most widely used symmetric algorithms are AES-128, AES-192, and AES-256. The main disadvantage of symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.

Blowfish is a symmetric-key block cipher. Although it was invented in 1993, currently there is no effective cryptanalysis of it found to date. RC4, which means Rivest Cipher 4 or ARC4, was created in 1987 and is a stream cipher. Multiple vulnerabilities have been discovered, thus making it obsolete. The Data Encryption Standard (DES) is a symmetric-key algorithm that has a short key length. Invented in 1975 by IBM, it has had a significant impact on the advancement of cryptography. It has since been replaced by Triple DES, which has also been compromised. Now more advanced encryption standards like Advanced Encryption Standard (AES) are being more commonly deployed. The original name for AES was Rijndael, and it is a symmetric block cipher. AES includes three block ciphers: AES-128, AES-192, and AES-256.

Symmetric is known as a secret key cipher, which uses the same key for encryption and decrypting.

Asymmetric encryption uses two keys to encrypt plaintext. Secret keys are exchanged over the network. This type of encryption ensures that malicious persons do not misuse the keys. It is important to note that anyone with a secret key can decrypt the message, so this is why asymmetric encryption uses two related keys to boost security. A public key is made freely available to anyone who might want to send a message. The second private key is kept a secret so that only the recipient or the sender will know.

A message that is encrypted using a public key can only be decrypted using a private key, whereas a message encrypted using a private key can be decrypted using a public key. Security of the public key is not required because it is publicly available and can be passed over the network or Internet. The asymmetric key has far better power in ensuring the security of information transmitted during communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet. Asymmetric key encryption algorithms include EIGamal, RSA, DSA, elliptic-curve techniques, and PKCS.

Figure 16-10 illustrates asymmetric encryption.

An illustration of asymmetric encryption is shown. The process is similar to symmetric encryption except that, different keys are used for encryption and decryption. Encryption is carried out with a public key. Decryption is carried out with secret key.

FIGURE 16-10 Asymmetric Encryption

To use asymmetric encryption, you must have a way of discovering public keys. One typical technique is to use digital certificates in a client/server model of communication. A certificate is a package of information that identifies a user and server. It contains information such as an organization’s name, the organization that issued the certificate, the user’s email address and country, and the user’s public key. When a server and client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other party’s public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.

In an asymmetric key system, each user has a pair of keys: a private key and a public key. To send an encrypted message, you must encrypt the message with the recipient’s public key. The recipient then decrypts the message with his or her private key. Remember that public keys encrypt, and private keys decrypt.

Table 16-3 highlights the differences between symmetric and asymmetric encryption.

Table 16-3 Symmetric vs. Asymmetric Encryption

Symmetric Encryption

Asymmetric Encryption

Uses a single key that needs to be shared among the people who need to receive the message, whereas asymmetric encryption uses a pair of public keys and a private key to encrypt and decrypt messages when communicating.

Was introduced to complement the inherent problem of the need to share the key in the symmetric encryption model, eliminating the need to share the key by using a pair of public-private keys.

Is an old technique compared to asymmetric encryption.

Takes relatively more time than symmetric encryption.

Lightweight Cryptography

Lightweight cryptography is an encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices such as the ever-expanding Internet of Things (IoT) market. Encryption is an effective countermeasure, and IoT developers are now required to apply encryption to sensor devices in environments with various restrictions that have not previously been subject to encryption. Lightweight cryptography is a technology researched and developed to respond to this issue.

The biggest security-related threat of IoT systems from the traditional IT systems is that even devices used for data collection from the real world can become the target of cyber attacks. For example, the purpose of applying IoT to a manufacturing plant is to significantly improve the productivity and maintainability by collecting data from a large number of sensors installed in production equipment, analyzing it, and performing autonomous control in real time. If sensor data should be falsified during this process, incorrect analysis results would be produced, and erroneous control would result due to such an occurrence having the potential of leading to major damage. Because measurement data and control commands could be trade secrets associated with the know-how of production and management, preventing leakage of information is also important from the viewpoint of competitiveness.

Applying encryption to sensor devices means the implementation of data protection for confidentiality and integrity, which can be an effective countermeasure against threats. Lightweight cryptography enables the application of secure encryption, even for devices with limited resources.

The following factors regarding the implementation are required for lightweight cryptography:

  • Size (circuit size, ROM/RAM sizes)

  • Power available

  • Power consumption

  • Processing speed (throughput, delay)

Because the power is greatly dependent on the hardware, such as the circuit size or processor in use, size becomes a reference point for the lightness of the encryption method and for the power. The power consumption depends on the processing speed due to the execution time, so the number of computations that determine the processing speed becomes the index of the lightness. The throughput depends greatly on the parallel processing capability.

Even when the block length and/or secret key length are set shorter than used in standard cryptography, by prioritizing the ease of implementation, such as via a 64-bit block and 80-bit secret key, for example, you still must correctly apply a proven method.

The international standard ISO/IEC 29192, “Lightweight Cryptography,” was established at ISO/IEC JTC 1/SC 27. NIST, which issues guidelines on cryptographic technologies, initiated the Lightweight Cryptography Project in 2013 and announced a public call for applications of lightweight cryptographies in 2017.

Steganography

Steganography is the practice of hiding a secret message inside or even on top of something that is not secret. That something can be just about anything you want. These days, many examples of steganography involve embedding a secret piece of text inside a picture or hiding a secret message or script inside a Microsoft Word or Excel document.

The purpose of steganography is to conceal and deceive. It is a form of covert communication and can involve the use of any medium to hide messages. Steganography is not a form of cryptography because it doesn’t involve scrambling data or using a key. Instead, it is a form of data hiding and can be executed in unique ways.

Steganography has been used for centuries, but these days, hackers and IT pros have started to use it. The word steganography is composed of the Greek root steganos for hidden or covered, and the root graph for to write. Put these words together, and you have something close to hidden writing or secret writing. A number of apps can be used for steganography, including Steghide, Foremost, Xiao, Stegais, and Concealment.

Tip

The Kali Linux distribution has a number of steganography tools that can be useful in not only hiding data but also detecting and uncovering steganography data.

Audio Steganography

You not only can hide secret information in images and documents but also can hide data and files in audio files. Audio steganography is a technique used to transmit hidden information by modifying an audio signal in an imperceptible manner. It is the science of hiding some secret text or audio information in a host message.

The host message before steganography and steganography messages after steganography have the same characteristics. Tools like DeepSound allow you to hide and extract secret data or files directly from audio files. Newer tools also support encrypting secret files using AES-256 to improve data protection.

Embedding secret messages in digital sound is a more difficult process. Various techniques for embedding information in digital audio have been established. Audio steganography consists of a carrier or audio file, message, and password. The carrier is also known as a cover-file, which conceals the secret information. In the steganography model, the secret message that the sender sends wants it to remain secret. The secret message can be any source: file, text, image, or another audio file. The file is encoded (steg) with the secret key, which is provided to the receiver, who can decode the message and corresponding file. The cover-file with the secret information combined is known as a stego-file. Figure 16-11 shows the audio steganography process.

A figure depicts the audio steganography model.

FIGURE 16-11 Audio Steganography Model

Video Steganography

Video steganography is a technique used to hide any kind of file into a cover video file. The use of video-based steganography can be more secure than other multimedia files because of the size and complexity. A video is a collection of frames, and each frame is an image. So if you pull out all the frames from a video, you can use this method to store the data using least significant bit (LSB) steganography and stitch those frames back into a video with the secret message. You can use tools like OpenCv to extract frames from a video, and to extract audio, you could use FFmpeg, which is free and open source. After you have mixed in the steg, you can use FFmpeg to stitch it all together with the hidden message to form a video. How many videos have you watched streamed from the Internet? Now imagine that at least 5 percent of them have some hidden data.

Image Steganography

Image steganography is a technique used to hide any kind of file into an image file. There are currently three effective methods in applying image steganography:

  • Least significant bit (LSB) substitution: This method works by iterating through the pixels of an image and extracting the Alpha, Red, Green, and Blue (ARGB) hexadecimal values. It then separates the color channels and gets the least significant bit. Meanwhile, it also iterates through the characters of the message, setting the bit to its corresponding binary value.

  • Blocking: This method works by breaking up an image into blocks and using Discrete Cosine Transforms (DCT). Each block is broken into 64 DCT coefficients that approximate luminance and color—the values of which are modified for hiding messages.

  • Palette modification: This method replaces the unused colors within an image’s color palette with colors that represent the hidden message.

Homomorphic Encryption

Homomorphic encryption is a form of encryption allowing you to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form. When decrypted, the output is the same as if the operations had been performed on the unencrypted data.

Common Use Cases

Many use cases combine both symmetric and asymmetric cryptography to improve speed and security at once. Most of these instances use symmetric cryptography to encrypt the bulk of the information and then use asymmetric cryptography to encrypt the symmetric encryption/decryption key (which can in turn be used to decrypt the full message contents).

  • Low-power devices: Limited by the amount of power or battery available; the most common use cases are mobile devices, tablets, and portable systems. Because of the low-power draw requirements, you can use smaller symmetric key sizes and elliptic-curve asymmetric encryption.

  • Low-latency devices: Require you to limit the amount of time accessing the CPU, such as instant response time like authentication or read/write. So with that, you need to be able to encrypt and decrypt information rather quickly, and that’s where symmetric encryption and smaller keys come in. Some block ciphers like PRINCE that use a 64-bit block cipher with a 128-bit key perform well.

  • High-resiliency applications: Generally require an encryption method that provides integrity of the data being exchanged. You would want to use large keys and a strong encryption method that would also include hashing to ensure that integrity.

  • Supporting confidentiality: One of the main reasons for using encryption is to make sure your data remains confidential, and you have some guarantee of secrecy and privacy. It’s common to use drive-level, file-level, and even email encryption.

  • Supporting integrity: When you are sending information to someone else, you want to make sure the information that person receives is the original information you sent and wasn’t modified. Implementation of this feature guarantees that information wasn’t tampered with. It’s common to use hashes to provide the integrity, where you take the hash prior to sending and then verify on the receiving end. You use integrity to prevent modification of data, protect file downloads. and store passwords.

  • Supporting obfuscation: This approach can be used with cryptography to obfuscate or hide data. Modern malware has been used to embed secret messages in state and corporate espionage. Enterprises often need to hide data from unauthorized viewing and access, especially business-critical data or personal information. Obfuscation can be used for data security reasons or compliance related to data protection. Where there is a need for a full data set, obfuscation is used to preserve privacy. This need might exist for several reasons, such as data exports and secure transactions.

  • Supporting authentication: This approach is always used with authentication, where it takes the original password and takes a hash of it. In more modern methods, it also adds a salt to help randomize the stored password hashes. In this case, if someone gains access to the stored password hashes on the system, the salt ensures identical passwords are still different, making it harder to crack.

  • Supporting nonrepudiation: This approach allows you to confirm or prove the authenticity of any information you received from a third party—that it did really come from the sender. Using digital signatures can provide integrity and nonrepudiation of data that has been sent/received.

Limitations

The limitations of cryptography in action are typically specific to a platform, such as IoT devices, with low power and limited CPU capabilities, meaning the key size may need to be smaller, be replaced more often, and take longer to encrypt data in/out of the device. Using weak keys or implementations of specific cryptography itself might be more acceptable if there are expected off-device protections (such as firewalls and other controls). Limitations to keep in mind include the following:

  • Speed: Encryption is taxing on a system, so if speed of data encryption and decryption is important, you need higher power, a more capable CPU, and more memory. The trade-off comes when you have smaller embedded systems with limited power, smaller CPUs, and less memory.

  • Size: Key size matters. When used properly and to its full extent, encryption requires large keys and higher levels of encryption. As we have seen, a larger key with the right algorithm and cipher provides much higher-level protection, whereas having the wrong cipher and a large key can lead to guessable keys.

  • Weak keys: These are the same as weak passwords: they allow a system to be easily compromised. Weak keys are generally the result of poorly implemented cryptography, not in the standard but in the manner in which it has been implemented in a particular technology.

  • Time: As related to cryptography, time is extremely important because timing attacks use side channels to analyze the time taken to execute a cryptographic algorithm. Time can also be used in generating keys used in cryptography; these have been mostly replaced with more randomness.

  • Longevity: This factor concerns the lifecycle of a cryptographic key. After a key is generated, the key management system should control the sequence of states that a key progresses over its lifecycle and allow an authorized administrator to manage them. From NIST, a crypto period is the operational life of a key and is determined by a number of factors, such as the sensitivity of the data or keys to be protected, and how much data or how many keys are being protected.

  • Predictability: Predictability is the enemy of secure cryptography because the entire cryptographic system is only as good or strong as the source of randomness used to generate the primes. Prime numbers are whole numbers greater than 1 and are divisible only by the number 1 or itself. Random number generators come in two basic forms: software and hardware. Software solutions are not capable of providing true randomness because they are based on deterministic computer programs, such as time. Most hardware random number generators rely on classical physics to produce what looks like a random stream of bits. However, in reality, determinism is hidden behind complexity.

  • Reuse: This is a characteristic of a generally badly developed algorithm. Reuse of keys is considered a bad practice because of the potential for exact results, collisions and similar data, keys, and decryption producing the same results, leading to weak keys.

  • Entropy: This is the foundation upon which all cryptographic functions operate. Entropy, in cybersecurity, is a measure of the randomness or diversity of a data-generating function. Data with full entropy is completely random, and no meaningful patterns can be found.

  • Computational overheads: Current constructions of cryptographic primitives involve a large multiplicative computational overhead that grows with the desired level of security. There is constant growth when implementing higher-level security with cryptographic primitives with a constant computational overhead.

  • Resource vs. security constraints: The more secure the encryption used and the higher the key length, the more processing power and memory that the server will need. The goal in any implementation should be to strike a balance between the hardware resources that the server has and the amount of processing power.

Chapter Review Activities

Use the features in this section to study and review the topics in this chapter.

Review Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 16-4 lists a reference of these key topics and the page number on which each is found.

Table 16-4 Key Topics for Chapter 16

Key Topic Element

Description

Page number

Section

Digital Signatures

395

Section

Key Length

396

Section

Key Stretching

397

Section

Salting

397

Section

Hashing

398

Section

Key Exchange

399

Section

Elliptic-Curve Cryptography

399

Section

Perfect Forward Secrecy

400

Section

Quantum

401

Section

Post-Quantum

402

Section

Ephemeral

403

Section

Modes of Operation

403

Section

Counter Mode

408

Section

Blockchain

409

Section

Cipher Suites

410

Section

Symmetric vs. Asymmetric Encryption

411

Section

Lightweight Cryptography

414

Section

Steganography

415

Section

Homomorphic Encryption

417

List

How to apply encryption for common use cases

417

List

Various factors that affect the functionality of cryptography

418

Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:

digital signatures

key length

key stretching

salting

hash

key exchange

elliptic-curve cryptography (ECC)

perfect forward secrecy

quantum cryptography

post-quantum cryptography

ephemeral keys

authenticated mode

unauthenticated mode

counter mode

blockchain

public ledger

cipher suite

stream cipher

block ciphers

symmetric encryption

asymmetric encryption

lightweight cryptography

steganography

audio steganography

video steganography

image steganography

homomorphic encryption

entropy

Review Questions

Answer the following review questions. Check your answers with the answer key in Appendix A.

1. Digital signatures employ which stream type?

2. What are key stretching techniques used for?

3. What does salting passwords protect against?

4. What type of key do block ciphers use?

5. What type of encryption is known as public key cryptography?

6. With an asymmetric key system, to send an encrypted message to someone, what must you encrypt the message with?

7. What kind of key is designed to be used for a single transaction or session?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.238.82.77