TODO•SEC

Search…

v2 - Compact Menu

Cloud and Networked Systems

Cryptography

"Secret writing" circa 1900 B.C., Egypt

We have a secret that we may or may not want to share. When employing a non-trusted medium to communicate, we protect the unencrypted data (plaintext) by encrypting it into ciphertext (encrypted data) with a cryptography scheme and a key that can be used to decrypt the data back into plaintext.

**cryptography**: development/creation of mathematical algorithms used to encrypt/decrypt data.**cryptanalysis**: analyzing/breaking encryption schemes**cryptology**: broad study of secret creation, encompasses cryptography and cryptanalysis.

"Features"

Cryptography provides methods to preserve the confidentiality (privacy) of the unaltered (integrity) secrets from unauthenticated (authentication) third parties (adversaries).

The sender and receiver perform a key exchange of crypto keys. Cryptography provides verification that the sender is who they claim to be (non-repudiation).

Types of Algorithms

SKC - Secret Key Cryptography

A single key is used for encryption by the sender and decryption by the receiver. Hence the name, Symmetric encryption a single key is used for encryption/decryption - Most common in privacy/confidentiality applications. Two most common types:

Encrypts 1 bit/byte of the unencrypted data at a time. A "stream" of pseudorandom bits (that should never be reused to ensure secrecy) are the key.

It is important to note that stream ciphers employ feedback mechanisms that result in the key constantly changing. 2 main stream ciphers:

**Self-Synchronizing stream ciphers **

Each bit is calculated as a function of the previous n-bits in the keystream.

The encryption process stays synchronized with the decryption process by the length of the n-bit keystream being processed.

For this reason also, error propagation is a concern.

Keystreams are generated independently of the message stream by employing the same keystream generation function by sender and receiver.

Since they are periodic the keystream repeats eventually.

**Alert: **If the "One-time Pad" or key used to generate the pseudorandom is not at least as long as the plaintext, perfect-secrecy cannot be guaranteed. i.e 940 bytes of plaintext require at least 940 bytes of One-Time Pad for perfect secrecy to be achieved. Strong encryption can be achieved without perfect secrecy.

Most common example in Software Development is **RC4 - Rivest Cipher 4.** Used in WEP/WPA as well as TLS. RFC 7465 forbids use of RC4 in TLS.

These algorithms encrypt a fixed size of n-bits of data (block) at once. 256 bits of unencrypted data can be encrypted into 256 bits of ciphertext - Padding schemes can be employed to *fill in* when the plaintext is smaller than the logical block size (56 bits of plaintext would be encrypted in a 64 bits sized block).

Common implementations are DES, 3DES, AES, IDEA and Blowfish

Its biggest drawback is the key distribution process that would need to be protected as well.

Its main difference with Stream Ciphers is that Block Ciphers always encrypt plaintext to the same ciphertext

PKC - Public Key Cryptography

Asymmetric encryption that is commonly used for key exchange, non-repudiation and authentication

Hash Functions

Data is transformed mathematically in an irreversible manner, the result is a digital fingerprint. This application ensures integrity of the data.

Trust Models

PGP

Kerberos

Public Key Certificates and Certification Authorities

Cryptographic Algorithms applied

Password Protection

Diffie-Hellman Key Exchange

RSA Public Key Cryptography

DES, Compromising DES, and DES flavors

Pretty Good Privacy

IP Security (IPsec) Protocol

Secure Transactions with SSL and TLS

Elliptic Curve Cryptography (ECC)

Advanced Encryption Standard and Rijndael

Cisco's Stream Cipher

TrueCrypt

Encrypting File System (EFS)

RC4 minutiae

Challenge-Handshake Authentication Protocol (CHAP)

Encryption in eMail and S/MIME

Interesting Resources for deeper understanding:

Last modified 8d ago