Cryptography provides an invaluable service to security by providing a means to safeguard information against unauthorized disclosure, and also provides a means to detect modification of information. Cryptography additionally provides the ability to have confidence as to the true origin of information through what is known as nonrepudiation.

Cryptography is not a new technique, and understanding some of the older techniques may assist in understanding the process. Several forms of cryptography appear throughout history; for example, Julius Caesar used a cipher to communicate sensitive information with his generals. The cipher works by means of what is known as a key shift, in which each character in a message is moved the same number of spaces to the left or right. (Caesar used a key of 3, meaning A encrypted to D, B encrypted to E, and so on.)

We call ciphers that are similar to what he used "Caesar ciphers." While simple in practice and easily broken today, the cipher preserved confidentiality for two reasons: illiteracy was high outside the Roman Empire, and anyone who was literate might assume that the message was in another language. Indeed only those who knew what they were looking at could reverse the process and, presumably, these people were limited to Caesar and his generals. As one can see, encryption, while not a new technique, still has the same function to protect information from all but the authorized parties.

Understanding the information-hiding or confidentiality aspect of encryption requires that one understand several terms and concepts starting with codes and ciphers. Codes and ciphers have a history of being used interchangeably, but this is not correct. Specifically, codes are a mechanism that relies on the usage of complete words or phrases, whereas ciphers utilize single letters to perform encryption. Some common forms of ciphers include substitution (the Caesar cipher is a type of substitution), stream, and block. Many forms and types of ciphers and codes exist, but each one tends to share the goal of confidentiality of information. In today's world, ciphers and codes are used in cryptographic systems to protect e-mail, transmitted data, stored information, personal information, and e-commerce transactions.

The next area that is commonly associated with and involves encryption is authentication. Authentication is the process of positively identifying a party as a user, computer, or service. Authentication is being used more often in the software industry to ensure that applications software and items such as software drivers are actually genuine. In the case of software-based items, authentication is used in the form of a digital signature to show that a piece of software is genuine. Authentication of drivers plays a vital role in system stability because having a driver signed and verified as coming from the actual vendor and not from some other unknown (and untrusted) source assures that the code in question has met certain standards. Authentication in the context of electronic messaging provides the ability to validate that a message has come from a source that is known and can be trusted. With messaging authentication in place, you can have a system where messages that cannot be authenticated are not accepted as being genuine. Finally, encryption plays a prominent role in the actual authentication process. Consider that the information used to authenticate an identity such as a PIN or password needs to be kept secret to prevent disclosure to unauthorized parties. For example, through the use of hashing, passwords don't need to be transmitted over a network (the hashes are instead), and they can be compared with what is previously known without sending the password. Because the hashes would already be associated with a known user, if the two hashes match (the one transmitted and the one stored and associated with the user), then the user can be said to be validated.

Two well-known examples or protocols in which encryption can play an important role are File Transfer Protocol (FTP) and Telnet. Both were designed at a time when security threats weren't considered as they are today. In practice FTP and Telnet do not include any form of encryption or protection, which means that the authentication and data transmission processes are all easily viewable by software such as packet sniffers. Through the introduction of additional mechanisms that can provide encryption where these protocols cannot, it is possible to overcome the limitations of the protocol by encrypting or hashing the password prior to transmission, thereby keeping the password secret during transmission. An even better solution to the challenges posed by having FTP and Telnet is to use Secure Shell (SSH) instead, which encrypts the logon and transmission of information. Virtual private networks (VPNs) also use authentication, but instead of a cleartext username and password, they use special tunneling protocols that leverage the power of encryption to provide security for data. VPNs can also leverage other techniques that rely on cryptographic techniques such as digital certificates and digital signatures to more accurately identify the user and protect the authentication process from spoofing.

Integrity is another widely used and important role of cryptography. Integrity is the ability to verify that information has not been altered and has remained in the form originally intended by the creator. Consider the potential impact of a receiving a piece of information that has been altered at some point between the sender and receiver—if such information were altered to say yes instead of no or up instead of down, the results could be catastrophic. Envision a scenario in which you receive an official but nonconfidential message from a business partner, stating that a customer wants to purchase a product for $50,000. Consider what would happen in this scenario if instead of $50,000 an unethical customer intercepted and altered the message to say $5.00. Obviously, if this happens often, it could cause a company enough losses that they would be out of business or suffer significant financial loss. You can see that integrity is very important to detecting alterations to data, but it cannot preserve confidentiality on its own.

Following confidentiality and integrity of information is nonrepudiation, or the ability to have definite proof that a message originated from a specific party. Common examples of nonrepudiation measures are digital certificates and message authentication codes (MACs). One of the more common uses of nonrepudiation is in messaging or e-mail systems. In an e-mail system, if nonrepudiation mechanisms are deployed, usually through digital signatures, it is possible to achieve a state where every official message can be confirmed as coming from a specific party or sender. In such systems, it would be nearly impossible for an individual to deny sending a message because the digital signature can be applied only by the person who has exclusive access to the private key. In enterprise or high-security environments, a state in which it is impossible for a party to deny sending a message or initiating an action is desirable. Also consider another fact of today's world; with the Internet allowing communication between parties who may never meet, having nonrepudiation to track an action back to a specific party is a benefit. A common example of a nonrepudiation measure is the digital signature; additional measures include digital certificates and MACs.

Up to this point, a lot of attention has been given to the value of encryption for transmission and verification of data in storage. In today's work environment, increasing numbers of workers are being provided laptops or other similar mobile devices to work on the road. These mobile devices are misplaced now and then, and whether the device is stolen or left behind at an airport security checkpoint, the problem is still the same: the data on the system is lost. For example, the U.S. Department of Veterans Affairs (VA) and the Transportation Security Agency (TSA) have lost laptops containing highly sensitive information that included personal information of patients, in the former example, and personal data on registered travelers, in the latter. In both cases and in numerous others, the impact could have been lessened if encryption had been used to protect the hard drives of the laptops. Of course, encryption cannot prevent the loss or theft of a device, but it can serve as a formidable obstacle for whoever finds it, preventing them from obtaining sensitive information. Many state, local, and federal agencies have made it mandatory to encrypt hard drives or laptops in order to lessen the potential impact of a lost device. For example, in the state of California, Senate Bill 1386 provides legal protection for entities that accidentally disclose information if the hard drives on those systems can be shown to have been encrypted.

Within encryption, there are two types of cryptographic mechanisms: symmetric and asymmetric. The differences between the two mechanisms are significant. Symmetric cryptography is a mechanism that uses a single shared key for encrypting and decrypting. The alternative method is asymmetric cryptography, which utilizes two keys, one public and one private; what is performed with one key can only be reversed with the other. At this point, it is important to understand that for both symmetric and asymmetric cryptography, data is encrypted by applying the key to an encryption algorithm. The algorithm uses the key to perform mathematical substitutions, transpositions, permutations, or other binary math on plaintext to create ciphertext.

Substitution ciphers replace each letter or group of letters with another letter or group of letters. Probable words or phrases can be guessed by knowing the language in which the original unencrypted message was written. Substitution ciphers preserve the order of the plaintext symbols but disguise them. An example of a simple substitution cipher can be found in many daily newspapers in the puzzle section. Although there are 15,511,210,043,331,000,000,000,000 (15 septillion) possible keys, because the substitution cipher preserves so much of the original information, the correct key can often be discovered by an average person over a cup of coffee. This demonstrates that just because an encryption scheme has a large number of possible keys, it isn't necessarily secure. It is the algorithm that creates security. Don't be confused by vendors who claim their solutions are better because they support longer keys. Size isn't everything in cryptography.

Transposition ciphers are different from substitution ciphers in that they reorder the letters but do not replace them. The cipher is keyed by use of a word or phrase.

Symmetric encryption uses the same key to encrypt and to decrypt information. When encrypting a given piece of information, there are two different mechanisms an algorithm can use: stream cipher or block cipher. Stream ciphers operate one bit at a time by applying a pseudorandom key to the plaintext. In a block cipher, data is divided into fixed lengths, or blocks (usually 64 bits); all the bits are then acted upon by the cipher to produce an output. The output size of each of these ciphers is the same as the input size, which means they can be used for real-time applications such as voice and video. A large number of encryption algorithms are block ciphers.

Here are some basic concepts to understand:

Symmetric encryption is in widespread usage in various applications and services as well as techniques such as data transmission and storage. Symmetric, like any other encryption technique, relies on the secrecy of and strength of the key. If the key generation process is weak the entire encryption process will be weak.

In symmetric encryption, one key is used for both the encryption and decryption processes; as such, the key must be distributed to all the parties who will need to perform encryption or decryption of data in the system. Due to this arrangement, it is necessary for a process to be in place to distribute the keys to all parties involved because keys cannot be simply transmitted in the same way as the encrypted data lest it be intercepted by unauthorized parties. In symmetric encryption, additional steps are needed to protect the key because the interception of a key will allow unrestricted access to the secured information. To prevent the unauthorized disclosure of a key to parties not authorized to possess it, you can use what is known as out-of-band communications. Using this technique it is possible to distribute a key in a manner different from the data, thereby preventing someone from intercepting the key with the data. This would be akin to sending an e-mail to someone in an encrypted format and then calling them on the phone and giving them the key. If a large key and a strong algorithm are used with symmetric encryption, the strength of the system increases dramatically, but this strength does not amount to much if the key is accessible to unauthorized parties. An example of symmetric encryption is shown in Figure 3.3.

Figure 3-3. Symmetric encryption.

Another important characteristic that makes symmetric encryption preferable to asymmetric encryption is that it is inherently faster due to the nature of the computations performed. When processing a large amount of data, this performance advantage becomes significant. To get the best of both worlds, modern cryptography usually utilizes asymmetric encryption to establish the initial "handshake," passing a symmetric encryption key from one party to another. That key is then used by both parties to encrypt and decrypt the bulk of the information.

The most widely recognized symmetric-key algorithm is the DES. Other symmetric algorithms include the following:

The algorithms listed here are only a small number of the symmetric algorithms available, but they represent the ones most commonly used in encryption systems. While each is a little different, they do share certain characteristics, such as the common single key to encrypt and decrypt and the performance benefits associated with symmetric systems.

To ensure confidentiality among multiple users of a symmetric encryption system, each pair of users must share a unique key. This means the number of key pairs increases rapidly, and for n users, is represented by the sum of all of the numbers from 1 to (n—1). This is expressed as follows:

A system of 5 users would need 20 unique keys, and a system of 100 users would need 4,950 unique keys. As the number of users increases, so does the problem of key management. With so many keys in use, the manager of keys must define and establish a key management program. Key management is the process of carefully considering everything that possibly could happen to a key, from securing it on the local device to securing it on a remote device and providing protection against corruption and loss. The following responsibilities all fall under key management:

The other type of encryption in use is asymmetric encryption. It was originally conceived to address some of the problems in symmetric encryption. Specifically, asymmetric encryption addresses the problems of key distribution, generation and nonrepudiation.

Asymmetric-key cryptography is also called public key cryptography, which is the name by which it is commonly known. Asymmetric encryption was derived from group theory, which allows for pairs of keys to be generated such that an operation performed with one key can be reversed only with the other. The key pair generated by asymmetric encryption systems is commonly known as public and private keys. By design, everyone generally has access to the public key and can use it at any time to validate or reverse operations performed by the private key. By extension, any key that has its access restricted to a small number or only one individual becomes a private key because not everyone can use it. Anyone who has access to the public key can encrypt data, but only the holder of the corresponding private key can decrypt it. Conversely, if the holder of the private key encrypts something with the private key, anyone with access to the public key can decrypt. Figure 3-4 provides an overview of the asymmetric process.

Figure 3-4. Asymmetric encryption.

Without getting into too much mathematics, let's note that asymmetric key cryptography relies on what is called NP-hard problems. Roughly speaking, a math problem is considered to be NP-hard if it cannot be solved in polynomial time; that is, something similar to x² or x³. An NP-hard problem might require 2^x time to solve. So comparing these three types of times to solve a problem, x², x³, and 2^x, let's see what happens when we increase the size of x. Table 3-1 shows the results.

Asymmetric cryptography relies on types of problems that are relatively easy to solve one way, but are extremely difficult to solve the other way. Here's a simple example: Without using a calculator, what is 233 times 347? Pretty simple: 80,851. OK, if you didn't know those two numbers, and someone asked you to figure out the prime factors of 80,851, how would you do it? You'd try dividing by 2, 3, 5, 7, 11, 13, and so on until you got up to 233. That takes a while—a lot longer than simply multiplying two numbers. This is an example of what is called a one-way problem. It's not really one-way—you can go backward—it just takes a lot more work to do so.

With asymmetric encryption, the information is encrypted by the sender with the receiver's public key. The information is decrypted by the receiver with the private key. Examples of asymmetric algorithms include the following:

The strength of asymmetric encryption is that it addresses the most serious problem of symmetric encryption: key distribution. Although symmetric encryption uses the same key to encrypt and decrypt, asymmetric uses two related but different keys that can reverse whatever operation the other performs. Due to the unique properties that are a characteristic of asymmetric encryption, simply having one key does not give insight into the other. A public key can be placed in a location that is accessible by anyone who may need to send information to the holder that has the corresponding private key. Someone can safely distribute the public key and not worry about compromising security in any way. This public key can be used by anyone needing to send a message to the owner of the public key. Because once the public key is used to encrypt a message, it cannot be used to decrypt that message. Thus, there is no fear of unauthorized disclosure. When a message is delivered, it is decrypted with the private key. Users must keep their private keys protected at all times. If compromised, they could be used to forge messages and decrypt previous messages that should remain private. Similarly, directories that house public keys must resist tampering or compromise. Otherwise, an attacker could upload a bogus public key to the public repository, and messages intended for the real recipient could be read only by the attacker. The biggest disadvantage of asymmetric cryptology is that the algorithms take much longer to process, and thus it suffers from performance issues in comparison with symmetric encryption. These performance shortcomings become very apparent with bulk data, which is why asymmetric keys are often used to just to exchange the symmetric key used to encrypt the rest of the message stream.

To better understand the difference between symmetric and asymmetric encryption, take a moment to review Table 3-2.

Digital Signatures

Another capability provided by cryptographic technologies is that of digital signatures. Digital signatures are a combination of public key cryptography and hashing. First, to understand what a digital signature is designed to provide and what the cryptographic techniques are meant to do, consider what a traditional signature is designed to provide. In a traditional signature on a document, two features are offered. First, the signature of an individual is unique to that individual and therefore proof of that person's identity. The other ability offered with traditional signatures is implied by the document it is written on; when a person signs a document, he or she is providing a means of proving which document he or she agreed to. This process can be considered an exercise in nonrepudiation because the signature is unique to that person, and integrity because the signature is applied only to the document that person agreed to.

Digital signatures are a combination of public key cryptography and hashing. To create a digital signature, two steps take place that result in the actual signature that is sent with data. First, the message or information to be sent is passed through a hashing algorithm that creates a hash to verify the integrity of the message. Second, the hash is passed through the encryption process using the sender's private key as the key in the encryption process. This signature is then sent, along with the original unencrypted message, to a recipient who can reverse the process. When the message is received with the signature, the receiver will first validate the identity of the sender and then retrieve the public key to decrypt the signature. Once the message is decrypted, the hash is revealed; at this point the receiver will run the same hashing algorithm to generate a hash of the message. Then the hashes, both the original and the one newly created, should match; if they do not, the message has been altered; if they do, the message has been proven to come from a specific party and has been unaltered. Figure 3-5 shows an example of a digital signature in use.

Figure 3-5. The use of a digital signature.

One of the more commonly used mechanisms that involve cryptography is that of public key infrastructure (PKI). PKI provides a mechanism through which two parties can establish a trusted relationship even if the parties have no prior knowledge of one another. For an example of PKI in use, consider e-commerce applications that are used to purchase products or services online. Examine the environment that e-commerce functions in and contrast it with how things work in the real world. In the real world, you can walk into a store, see who it is you are dealing with face to face, and get a sense of whether you should trust the business or not. In cyberspace, a trust relationship is much harder to establish because you cannot just walk into a real-world store, either because said store is not nearby or a brick and mortar storefront does not exist. In such situations, you cannot see whom you are dealing with and have to decide whether to trust the business or not. PKI addresses these concerns and bring trust, integrity, and security to electronic transactions. The PKI framework exists to manage, create, store, and distribute keys and digital certificates safely and securely. The components of this framework include the following:

The issue of key management becomes much larger as the pool of users interacting with the system grows. Consider the fact that in small groups it is possible for users to exchange public keys based on a previously established level of trust. At the size of an enterprise or the Internet, knowing one another ahead of time and basing key exchange on this is not feasible. PKI provides a solution to this problem because it provides a mechanism through which keys can be generated and bound to a digital certificate that can be viewed and validated by all parties. To ensure trust, PKI also addresses storing, managing, distributing, and maintaining the keys securely. For any PKI system to be used, a level of support for the binding between a key and its owner requires that both a public key and a private key be created and maintained for each user. Public keys must be distributed or stored in a secure manner that prevents the keys from being tampered with or altered in any way.

Another important issue is key recovery. In any complex environment like PKI, the possibility for key loss or for a key to be compromised exists, so the system must have safeguards in place for this. Consider a scenario in which an employee or other individual leaves an organization on less than ideal terms such as being terminated for cause. In such situations, there exists a real possibility that retrieving the key from the individual may be impossible or unlikely. In these situations, there must be safeguards to retrieve said key or provide backup mechanisms in the event that vital data must be decrypted, for example. One option in this situation is known as key escrow, which can be used as a way to delegate responsibility of keys to a trusted third party. In such mechanisms, the third party holding the keys securely is known as a key escrow agent. In this situation, keys are kept safe by the third party and access to the keys is granted only if certain predefined guidelines have been met.

Finally, determine how long a key will be valid and set a key lifetime. The lifetime for a key can be any length that is determined to be useful or practical in a given situation. Keys used more frequently tend to be assigned shorter life spans, whereas keys that are used less frequently tend to have much longer life spans. Keys that are used more frequently tend to have shorter lifetimes simply because increased usage means more of it has been used with more encryption operations, so there are many more pieces of information an attacker can analyze to determine the key. Another common factor in determining key lifetime is that of usage, specifically what the key will be used for in practice. For example, an organization may assign keys of different lifetimes to temporary versus permanent employees. Suppose that some information may be valuable only for a short period of time, while other data may need protection for longer periods of time. For example, if the piece of information being encrypted will be essentially useless in a week's time, a key lifetime longer than a week may be pointless. Also consider what happens at the end of a key's lifetime. Keys cannot simply be erased from media or deleted in some other way; they must be carefully destroyed using the proper technique suitable for the environment. Even more important to the issue of key lifetime and destruction is the fact that keys might not simply be retired, but they may have been lost or compromised, which can be more serious issues in some cases.

The Role of Certificate Authorities (CAs)

Certificate authorities perform several important functions that make them important PKIs. The main function or capability of the CA is to generate key pairs and bind a user's identity to the public key. The identity that the public key is bound to by the CA is the digital certificate that validates the holder of the public key. Because the CA is validating the identity of users and creating items such as key pairs that are in turn used to perform sensitive operations, it is important that the CA be trusted. The CA must be a trusted entity in much the same way as the DMV is trusted with driver's licenses and the State Department is trusted with passports. The CA and the PKI systems function on a system of trust, and if this is in question, serious problems can result. The CA issues certificates to users and other certification authorities or services. CAs issue certification revocation lists (CRLs) that are periodically updated and post certificates and CRLs to a repository. CAs include the types shown here:

• Root CA—The CA that initiates all trust paths. The root CA is also the principal CA for that domain. The root CA can be thought of as the top of a pyramid if that pyramid represents the CA hierarchy.

  Peer CA—Has a self-signed certificate that is distributed to its certificate holders and used by them to initiate certification paths.

• Subordinate CA—A certification authority in a hierarchical domain that does not begin trust paths. Trust initiates from some root CA. In some deployments, it is referred to as a child CA.

Note

Because RAs do not have a database or generate certificates or keys, they do not have the same security requirements as a CA. In most cases, an RA will have lesser security than a CA. However in those cases such as with LRAs, higher security is a necessity as these unique versions do issue certificates as delegated by a CA.

Registration Authority (RA)

The RA is an entity positioned between the client and the CA that is used to support or offload work from a CA. Although the RA cannot generate a certificate, it can accept requests, verify a person's identity, and passes along the information to the CA that would perform the actual certificate generation. RAs are usually located at the same location as the subscribers for which they perform authentication.

Certificate Revocation List (CRL)

A CRL is a list of certificates that have been revoked. Typically, a certificate is added to a CRL because it can no longer be trusted. Whether there is a loss of a key or an employee has left the company is unimportant—if trust is lost, onto the CRL it goes. It is for these reasons that the CRL must be maintained. CRLs also provide important mechanisms for documenting historical revocation information. The CRL is maintained by the CA, and the CA signs the list to maintain its accuracy. Whenever problems are reported with digital certificates and they are considered invalid, and the CA would have their serial numbers added to the CRL. Anyone requesting a digital certificate can check the CRL to verify the certificate's validity.

Digital Certificates

Digital certificates provide an important form of identification on the Internet and in other areas. Digital certificates play a key role in digital signatures, encryption, and e-commerce, among others. One of the primary roles that the digital certificate serves is ensuring the integrity of the public key and making sure that the key remains unchanged and in a valid form. The digital certificate also validates that the public key belongs to the specified owner and that all associated information is true and correct. The information needed to accomplish these goals is determined by the CA and by the policies in place within the environment. Some information is mandatory in a certificate; other data is optional and up to the administrators of the structure. To ensure compatibility between CAs, digital certificates are formatted using the X.509 standard. The X.509 standard is a commonly used format used in the creation of digital certificates. An X.509 certificate includes the following elements (see Figure 3-6):

• Version

• Serial Number

• Algorithm ID

• Issuer

• Validity

• Not Before

• Not After

• Subject

• Subject Public Key Info

• Public Key Algorithm

• Subject Public Key

• Issuer Unique Identifier (Optional)

• Subject Unique Identifier (Optional)

• Extensions (Optional)

Note

The most current version of X.509 is version 3.

Clients are usually responsible for requesting certificates and for maintaining the secrecy of their private key. Because loss or a compromise of the private key would mean that communications would no longer be secure, holders of such keys need to be aware of and follow reporting procedures in the event a key is lost or compromised. Loss of a private key could result in compromise of all messages intended for that recipient, even if the key is posted immediately to a CRL.

There are seven key management issues that organizations should be concerned with:

• Generation

• Distribution

• Installation

• Storage

• Key Change

• Key Control

• Key Disposal

Figure 3-6. X509 certificate.

There are several ways to properly protect keys, including split knowledge and what is known as dual control. Split knowledge and dual control are used to protect the centrally stored secret keys and root private keys, secure the distribution of user tokens, and initialize all crypto-modules in the system to authorize their cryptographic functions within a system.

A one-way hashing function is a concept in cryptography that is responsible for integrity. It is designed to be relatively easy to compute one way, but hard to undo or reverse. Hashing is designed to provide a unique data fingerprint that will change dramatically in the event of data alteration or tampering. Hashed values or message digests are the result of a variable amount of data being compressed into a fixed-length field. Hashes are not used for encryption, but for authentication as well as ensuring integrity. A one-way hash function is also known as a fingerprint.

Some of the most common hashing algorithms include the following:

The process of hashing is one way, and any change to the data being hashed will result in a completely different hash. An example of hashing can be seen in Table 3-3.

Organizations that store or transmit sensitive information can benefit from cryptographic protection. Although current U.S. laws do not place any restrictions on the types and nature of cryptosystems that can be sold within U.S. borders, exportation of cryptosystems from the U.S. is regulated. In the past, encryption systems were placed into the same category as munitions or weapons technology, so approval from the State Department was needed to export the technology. In recent history, however, cryptosystems have been reclassified as dual-use technology, so export controls are somewhat more relaxed. One of the problems with controlling the export of cryptosystems in today's world is that the Internet allows cryptographic systems to be much more easily used. Another factor that lessens the impact of export controls is the increasingly popularity of non-U.S. cryptographic systems such as the IDEA protocol.

Some common cryptographic systems include the following:

Cryptographic systems much like any security control have attacks specially designed to exploit weaknesses in the system. In the case of encryption, specific attacks may be more aggressive and targeted because the use of encryption suggests that something of increased value is present and desirable to access. When you examine the strength and power of encryption, it is easy to believe, at least initially, that the technology is unbreakable in all but a few cases. Most encryption can be broken if an attacker has the computing power, creativity, smarts, and sufficient time. Attacks that often work against cryptography include brute-force attack methods, which try every possible sequence of keys until the correct one is found. One problem with the brute-force attack, however, is that as the key lengths grow, so do the power and time required to break them. For example, DES is vulnerable to brute-force attacks, whereas Triple-DES encryption is very resistant to brute-force attack. To illustrate this concept, consider Table 3-4.

Some attacks that have been and are employed are:

An attack that is successful in some situations is the replay attack, which consists of the recording and retransmitting of packets on the network. This attack takes place when an attacker intercepts traffic using a device such as a packet sniffer and then reuses or replays them at a later time. Replay attacks represent a significant threat for applications that require authentication sequences due largely to an intruder who could replay legitimate authentication sequence messages to gain access to a system. A somewhat similar but more advanced version of this attack is the man-in-the-middle attack (MitM), which is carried out when the attacker gets between two users with the goal of intercepting and modifying packets. Consider that in any situation in which attackers can insert themselves in the communications path between two users there is the possibility that interception and modification of information can occur.

Do not forget that social engineering can be effective in attacking cryptographic systems. End users must be trained on how to protect sensitive items such as private cryptographic keys from unauthorized disclosure. Attackers are successful if they have obtained cryptographic keys, no matter how the task was accomplished. If they can decrypt sensitive information, it is "game over" for the defender. Social engineering attacks can take many forms, including fooling or coercing a user to accept a self-signed certificate, exploiting vulnerabilities in a Web browser, or taking advantage of the certificate approval process to receive a valid certificate and apply it to the attacker's own site.

Passwords represent one of the most commonly sought after and attacked items in IT and security. There are several methods that can be employed to attack and obtain passwords:

When examining the problems with passwords and the attacks that can be used, it is important not to forget some of the reasons why the attacks work. One of the common problems is the simple fact that many people use ordinary words as their password. When a user happens to choose a password that comes from the dictionary or is a name, it is much easier for an attacker to obtain the password by using methods such as a dictionary attack. To crack a password all an attacker has to do is obtain a piece of software with a dictionary list, which is easily obtainable. In most cases, the dictionary list or word files contain long lists of various words that have been predefined and can be quickly downloaded for use. While having a dictionary file will work against weak passwords, there is still the issue of obtaining the passwords in a format that can be used. To provide protection, passwords are commonly stored in a hashed format instead of in the clear. If hashing is used to store passwords, it is possible to thwart it by using an attack technique commonly known as comparative analysis. Simply put, each possible dictionary word is hashed and then compared with the encrypted password. Once a match is found, the password is discovered. If a match is not found, the process repeats until termination or a subsequent match is found.

Brute-force password-cracking programs employ a decidedly lower-tech approach to breaking passwords by attempting every possible combination of characters in varying lengths. Brute-force attacks will eventually be successful given enough time, but that time might extend into the millions of years. Brute-force attacks can be very effective if many computers are used in parallel to perform the password search, creating a large network with the power to do so. Brute-force software has been fine-tuned over the last few years to work more efficiently using techniques designed to decrease their search time by looking at things such as the password minimum length, the password maximum length, and password case sensitivity to further speed the recovery process.

A relative newcomer on the scene of password cracking is an attack that uses a technique known as rainbow tables, in which a lookup table is used to offer a time-memory tradeoff. In layman's terms, a rainbow table is a database of precomputed hashes. These hashes are stored and then compared with encrypted password values with the goal of uncovering a match. Once a value matches the plaintext, the password is then revealed. The only downside of a rainbow table is the size of the data generated and the time taken to initially generate the tables.

This chapter reviewed the concepts of cryptography. Although an extremely detailed knowledge of encryption is not necessary, an understanding of the mechanics of cryptography is important. Symmetric encryption works well at bulk encryption, but it does have drawbacks such as problems with key exchange and scalability.

Asymmetric encryption resolves the problems symmetric encryption has with key exchange and scalability, but is computationally more complex, and thus takes more processing time. Asymmetric encryption also makes use of two keys called key pairs. In asymmetric encryption, what one key does, the second undoes. Combining symmetric and asymmetric systems results in a very powerful solution because the best of both systems can be used. Modern cryptographic systems such as IPSec, SSH, SET, and others make use of both symmetric and asymmetric encryption.

This chapter also reviewed hashing and how it is used to ensure integrity. When hashing is implemented into the digital signature process, the user gains integrity, authenticity, and nonrepudiation. Digital signature techniques rely on the creation of a digest or fingerprint of the information using a cryptographic hash, which can be signed more efficiently than the entire message.

Finally, various types of cryptographic attacks were examined, including known plaintext attacks, ciphertext attacks, man in the middle attacks, and password attacks. Passwords can be attacked via dictionary, hybrid, brute force, or rainbow tables.