sec_07_crypto
asymmetric (public key) encryption - An encryption method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it.
Asymmetric encryption (public key encryption) Uses two different but related keys; either key can encrypt or decrypt message If Key A encrypts message, only Key B can decrypt Highest value when one key serves as private key and the other serves as public key
public key infrastructure (PKI) An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates
If you wish to receive encrypted messages from someone using asymmetric cryptography, you need to provide them your public key. • email it to them • post it in a public place • register it with a Certificate Authority Certificate Authorities will: • provide others your public key upon request • verify that a public key belongs to you
Work factor
The amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key, the algorithm, or both are unknown
Ciphertext or cryptogram
The encoded message resulting from an encryption.
Keyspace
The entire range of values that can be used to construct an individual key
Steganography
The hiding of messages—for example, within the digital encoding of a picture or graphic.
Key or cryptovariable
The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. The key can be a series of bits used by a computer program, or it can be a passphrase used by people that is then converted into a series of bits used by a computer program.
Plaintext or cleartext
The original unencrypted message, or a message that has been successfully decrypted.
Code
The process of converting components (words or phrases) of an unencrypted message into encrypted components.
cryptography
The process of making and using codes to secure the transmission of information. - Encryption - Decryption
cryptanalysis
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.
Cryptology
The science of encryption, which encompasses cryptography and cryptanalysis.
Algorithm
The steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; sometimes refers to the programs that enable the cryptographic processes.
DES
There are a number of popular symmetric encryption cryptosystems. One of the most widely known is the Data Encryption Standard (DES)
Decipher/Decrypt
To decrypt, decode, or convert ciphertext into the equivalent plaintext
Encipher/Encrypt
To encrypt, encode, or convert plaintext into the equivalent ciphertext.
transposition cipher/permutation cipher
an encryption method that involves simply rearranging the values within a block based on an established pattern to create the ciphertext.
Secure Multipurpose Internet Mail Extensions (S/MIME)
builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication
Bit stream cipher: An encryption method that involves converting plaintext to ciphertext one bit at a time
each plaintext bit is transformed into a ciphertext bit
Frequency attacks
if we can obtain enough encrypted data we can simply count the ciphertext character occurences, resulting in hints to crack the cipher message with a lot of e's we need fewer e's to escape dectection
tempest defense
involves the following procedures: ensuring that computers are placed as far as possible from outside perimeters, installing special shielding inside the CPU case, and implementing a host of other restrictions, including maintaining distances from plumbing and other infrastructure components that carry radio waves
symmetric encryption algorithms
Data Encryption Standard (DES): one of most popular symmetric encryption cryptosystems 64-bit block size; 56-bit key Adopted by NIST in 1976 as federal standard for encrypting non-classified information Triple DES (3DES): created to provide security far beyond DES Advanced Encryption Standard (AES): developed to replace both DES and 3DES 128+ bit keys
Securing Web transactions with SET, SSL, and S-HTTP
Secure Electronic Transactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud Uses DES to encrypt credit card information transfers Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores
symmetric (private key) encryption
Symmetric encryption: uses same "secret key" to encrypt and decipher message Encryption methods can be extremely efficient, requiring minimal processing Both sender and receiver must possess encryption key If either copy of key is compromised, an intermediate can decrypt and read messages (and this could be invisible) communication of key must be "out of band"
TEMPEST - technology that prevents the possible loss of data from the emission of electromagnetic radiation (EMR)
- A U.S. government program designed to protect computers from electronic remote eavesdropping by reducing EMR emissions
Protocols for Secure Communications
- Secure Socket Layer (SSL) protocol -Secure Hypertext Transfer Protocol (S-HTTP): - Securing E-mail with S/MIME, PEM, and PGP - Securing Web transactions with SET, SSL, and S-HTTP
modern cipher methods
- block cipher - bit stream cipher
Secure Hypertext Transfer Protocol (S-HTTP)
- extended version of Hypertext Transfer Protocol; provides for encryption of individual messages between client and server across Internet - S-HTTP is the application of SSL over HTTP; allows encryption of information passing between computers through protected and secure virtual connection
exclusive OR operation (XOR) XOR bit stream cipher
A function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result is a binary 1.
Link encryption
A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts the message using different keys and sends it to the next neighbor. This process continues until the message reaches the final destination.
polyalphabetic substitution
A substitution cipher that incorporates two or more alphabets in the encryption process
monoalphabetic substitution
A substitution cipher that only incorporates a single alphabet in the encryption process.
Vigenère cipher
An advanced type of substitution cipher that uses a simple polyalphabetic code.
substitution cipher
An encryption method in which one value is substituted for another.
Cipher or cryptosystem
An encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.
block cipher weaknesses
plaintext character encodes to same ciphertext • frequency attacks • known plaintext attacks • repeated letter attacks
Privacy Enhanced Mail (PEM)
proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption
Pretty Good Privacy (PGP)
uses IDEA Cipher for message encoding
Secure Sockets Layer (SSL)
uses public key encryption to secure channel over public Internet
known plaintext attacks
where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). even a short note helps
hybrid symmetric / asymmetric encryption
• Alex selects a private key • Alex encrypts his plaintext with the private key • Alex retrieves Rachel's public key, encrypting his private key with it • Alex sends the whole shebang to Rachel • Rachel decrypts Alex's private key with her private key • Rachel can now use Alex's private key to decrypt Alex's message • and to respond to Alex . . .
one-time pad ("Vernam cipher") - An encryption process that generates a random substitution matrix between letters and numbers that is used only one time. Also called a one-time pad.
• a robust symmetric key that is used only once • most secure encryption known • relies on out-of-band communication of the key • useful as symmetric part of hybrid system
DES overview
• block of plaintext is permuted • key is permuted • plaintext and key are divided • in a round • R half substitution • XOR with left half • key and ciphertext combined • halves are shuffled • initial permutation is reversed
PKI issues
• certificate issuance is not free • no certification process to become a CA • difficult to revoke certificates in real time • dis-avowed liability of certificate agencies • legally-binding certificate status • CAs are targets • falsification of certificates • certificates issued to known malware (lack of vetting) • CA websites hacked
Block cipher: An encryption method that involves dividing the plaintext into blocks or sets of bits and then converting the plaintext to ciphertext one block at a time
• plaintext message is sub-divided into blocks (e.g. 8- or 16- or 32-bit blocks) • each block is transformed into ciphertext • cipher function (algorithm) • key
XOR cipher weaknesses
• repeating key • block size (character) mod key length • few different encodings for same plaintext
digital signatures - Encrypted message components that can be mathematically proven as authentic
• sender encrypts message using their private asymmetric key • sender adds a plaintext "signature" with CA information • sender encrypts whole shebang using recipient's public asymmetric key (perhaps obtained from a CA) • recipient decrypts with their private asymmetric key • recipient can see sender's signature and locate sender's public asymmetric key at CA • recipient decrypts message with sender's public asymmetric key
cryptographic algorithms
• symmetric key algorithms • asymmetric key algorithms • hybrid algorithms