2.8 Summarize the basics of cryptographic concepts
Stream Cipher
breaks a plaintext message down into single bits, which then are converted individually into ciphertext using key bits. You could encrypt the content one page at a time (block cipher) or one letter at a time (this)
Block Cipher
breaks down plaintext messages into fixed-size blocks before converting them into ciphertext using a key.
Digital signatures
electronic certificates that are used to authenticate the validity of individuals and companies conducting business electronically.
Modes of operation: Authenticated
forms of encryption which simultaneously assure the confidentiality and authenticity of data.
Key exchange
The process of sending and receiving secure cryptographic keys.
high resiliency
it's also important that we're able to ensure the data remain valid. We want to be sure that there's no opportunity for data to change or be modified without us knowing about it. So using some type of hashing provides that data integrity. We could also use larger key size and increase the quality of the type of encryption that we're doing to be sure that we have the most powerful encryption available
Ephemeral
lasting a very short time if it is generated for each execution of a key establishment process generated for each execution of a key-establishment process and that meets other requirements of the key type (e.g., unique to each message or session).
Hashing
one-way encryption process such that a hash value cannot be reverse engineered to get to the original plain text. This is used in encryption to secure the information shared between two parties. The passwords are transformed into hash values so that even if a security breach occurs, PINs stay protected.
Salting
random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.
resource vs. security constraint
A limitation in providing strong cryptography due to the tug-of-war between the available resources (time and energy) and the security provided by cryptography.
Limitations: Entropy
refers to the randomness collected by a system for use in algorithms that require random data. A lack of good this can leave a cryptosystem vulnerable and unable to encrypt data securely.
Blockchain
A distributed and decentralized ledger that records and verifies transactions and ownership, making it difficult to tamper with or shut down. is focused on creating trust in an untrusting ecosystem, making it a potentially strong cybersecurity technology. The ledger system is decentralized, but information is transparently available to members of the specific this. All members (or nodes) can record, pass along and view any transactional data that is encrypted onto this. This process creates trust while also maintaining a high level of data integrity. In essence, the distributed nature of this provides no "hackable" entrance or point of failure that detrimentally exposes entire datasets.
Quantum computing
A field of computer design using the principles of quantum mechanics in which a single bit of information can be not just a 0 or a 1 but in both states at the same time. In today's computers the smallest data carrier is the bit, which can have only the value 0 or 1. But the quantum equivalent, known as a quantum bit or qubit, can have both the value 0 and 1 at the same time as a result of superposition. Two qubits can have four values at the same time - 00, 01, 10 and 11 - and each additional qubit doubles the number of possible states. This means that a quantum computer with 300 qubits would be able to represent more values than there are particles in the entire universe. And it only takes 50-60 qubits to exceed the computing power in today's supercomputers. The first ideas involving the use of quantum systems for calculations came in the 1980s, but at the outset they were not considered to have any practical significance. There was both a lack of usable algorithms (quantum computers cannot be programmed in the same way as normal computers) and nobody knew how to correct the errors that would inevitably arise in a quantum computer.
Steganography
A field within cryptography; uses images to hide data.
Key stretching
A technique used to increase the strength of stored passwords. it adds additional bits (called salts) and can help thwart brute force and rainbow table attacks. we could hash a password and then hash the hash of the password, and so on. This makes it very difficult for an attacker to be able to brute force the original plain text. They would have to brute force each one of the subsequent hashes to be able to finally get back to the original plaintext. This means the attacker has to spend much more time on the brute force process, making it that much more difficult to be able to determine what the original plaintext might have been.
Limitations: Resource vs. security constraints
And it's in these Internet of Things devices where we start to see large differences between the requirements for encryption and the resources that we might have available to provide that encryption. IoT devices have a limited CPU. They have just enough memory to keep the system running and, in some cases, are running on battery power or limited power sources. If this IoT device is monitoring something in real time, there's not a lot of cycles available to perform encryption or decryption. So there needs to be a happy medium between security on the device and having the device application work properly. You might also find that these IoT devices are not really built for security. So it's up to you to determine what's going to be required to provide the proper amount of security and the security updates for those Internet of Things devices.
Post-quantum
Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have access to significant quantum processing capability.
Supporting integrity
By using hashing we can also maintain the integrity of data, we could use a hash as we're downloading files to make sure that the file download has occurred properly or we may want to store information like passwords and hashing allows us to store the password without revealing that password to others
Lightweight cryptography
Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices. an encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices and its related international standardization and guidelines compilation are currently underway.
Supporting obfuscation
Cryptography also allows us to hide information through the use of obfuscation. For example, malware very commonly encrypts the malware itself within the software that it's transferring in order to get around the signature based detection that we have in most antivirus and anti-malware products. When the application is executed, the malware is decrypted and it becomes executing on the local machine
Limitations: Predictability
Cryptography also relies on randomization. If you know what's going to happen next, you may be able to predict what's going to happen with the encryption. So having some type of random number generation that can't be easily predicted is crucial for any type of cryptography. For example, Cloudflare has their wall of lava lamps that provides them with a type of randomization that they can then apply back to their encryption. And, of course, if you're creating some type of passphrase, it needs to be something that can't be predicted. And something very random is a much more powerful passphrase than something that can be predicted.
Homomorphic encryption
Enables processing of encrypted data without the need to decrypt the data. It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first. it allows computation to be performed directly on encrypted data without requiring access to a secret key. The result of such a computation remains in encrypted form, and can at a later point be revealed by the owner of the secret key.
Symmetric Key Encryption
Encryption system in which a single key is used for both encryption and decryption.
asymmetric key encryption
Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.
Video Steganography
Hiding messages in video files. Can be done via Discrete Cosine Transform a technique to hide any kind of files into a cover Video file. The use of the video based Steganography can be more secure than other multimedia files, because of its size and complexity.
Low latency
If we need encryption that works very fast and very efficiently, we can use the low latency is associated with symmetric encryption. Symmetric encryption also has smaller key sizes, so it might be a better fit for a number of different encryption projects.
Limitations: size
If we're using a block cipher to be able to encrypt data, it's important to know that if we're encrypting 16 bytes of data, that usually the encrypted information is also 16 bytes. So by using this encryption, we're not increasing the amount of storage that we might need. The only place where that does become important to consider is when we might be encrypting less than this of the block. For example, if your block this is 16 bytes and you're encrypting some data that is 8 bytes in this, you have to fill in the other remaining 8 bytes so that you have a full 16 bytes to be able to encrypt. If the block cipher is 16 bytes in this, then the amount of data that's encrypted has to be 16 bytes as part of its plain text. That means that we would have to add another 8 bytes to this, which would effectively double the storage this of what we happen to be saving. We also have to think about this of the keys that we're using during the encryption process. And generally, larger keys will make it much more difficult to brute force. A good example of where a weak key could be a significant problem was in the wireless encryption that we used for WEP. The weak initialization variable that was used in RC4 resulted in cryptographic vulnerabilities that made it very easy for someone to gain access to our wireless data.
Supporting confidentiality
If you want to keep information secure then you'll want to use some type of encryption. This cryptography allows us to keep things secret and private and we can encrypt information that's either part of a file. We can encrypt information on an entire drive or perhaps even on an entire device
Supporting Authentication
If you've ever logged into a device or authenticated onto a network then you've taken advantage of the authentication capabilities of cryptography. We often use hashing to be able to protect those passwords and we're usually doing this so that no one can see the password that we happen to be using. We might also add salt or some other type of randomization to the password, so that everyone's hash password is very different than everyone else is.
Limitations: Reuse
In most implementations, the process for encryption doesn't change. But the key that's used during the encryption process does change. However, changing that key can add additional overhead. So using the same key is something that's commonly seen in a number of encryption mechanisms. The problem with that, of course, is that if someone gains access to that key, they would effectively have access to everything that was encrypted using that key. So although there is some work involved to change that key, there are some significant security advantages to doing that. It may be that some of the devices you have don't allow you to change the key. For example, Internet of Things devices are relatively straightforward in simple devices and, in some cases, have the key embedded in the firmware itself. That means if you need to change the key, you have to update the entire firmware for that IoT device. And it's in these Internet of Things devices where we start to see large differences between the requirements for encryption and the resources that we might have available to provide that encryption.
Elliptical curve cryptography
Instead of using these very large prime numbers, we'll use curves, to be able to create, the asymmetric keys that we would use for public and private key encryption and decryption. This can use smaller keys, to maintain the same security as non-This algorithms, and they require, a smaller amount of storage and a smaller amount of data that would need to be transmitted across the network. This allows us to have access to the powerful features available with asymmetric encryption, while we're using our mobile devices and IoT devices.
Limitations: Time
It takes this to perform encryption or hashing. And, of course, larger files are going to take a larger amount of this. You might also want to consider the type of encryption you're using. If you perform asymmetric encryption, it may take much longer to perform that function than if you had used symmetric encryption. It's also important to think about how long this encryption type is able to be used. As this goes on, our CPUs get much more powerful, and we're able to do brute forcing much faster than we have in the past. A good example of this is when Data Encryption Standard, or DES, was released in 1977, it was considered to be a very secure encryption type. But only 22 years later in 1999, we were able to put together technology that was able to brute force DES in just 22 hours. If you use larger keys instead of smaller keys, you might be able to extend the life of that encryption method.
quantum communication
Our internet-based society with internet banks, digital medical records, web-based commerce etc, is based on the secure transmission of information. Today encryption is used, which is based on problems which are presumed to be difficult to calculate such as finding the prime number factors which have created a specific very large number. But when the quantum computer makes its appearance, cracking today's encryption will be child's play. However, quantum technology also offers a solution - the secure transmission of encryption keys via quantum communication. This is the only known solution which can guarantee that an outsider cannot read the encrypted message. The encryption key is the code that the recipient needs in order to decode the encrypted message. The sender uses individual photons to send the encryption key to the recipient. Since it is not possible to measure a photon without it being affected, you can be sure of detecting whether an outsider has tried to steal the encryption key. Nowadays there are commercial systems which can transfer quantum encryption keys via an unbroken optical fibre over a distance of approximately 100 kilometres, but at a fairly low speed. In order to guarantee the security of the next generation of communications systems, a global quantum network must be developed, which can rapidly and securely transmit encryption keys between many different points. The quantum phenomenon of entanglement (see section 2.2) play a key role when it comes to strengthening and transmitting quantum signals in a large network.
Perfect forward secrecy
Public key systems that generate random public keys that are different for each session. an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed.
Key length
The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information. Usually, larger keys create more secure encrypted data. And sometimes using multiple keys in this encryption cipher create another level of protection.
Limitations: Weak keys
We also have to think about the size of the keys that we're using during the encryption process. And generally, larger keys will make it much more difficult to brute force. A good example of where this could be a significant problem was in the wireless encryption that we used for WEP. The weak initialization variable that was used in RC4 resulted in cryptographic vulnerabilities that made it very easy for someone to gain access to our wireless data.
Supporting Non-Repudiation
We can combine this hashing with asymmetric encryption to create non-repudiation, this allows us to confirm that the information that we're receiving from someone really did come from that person. This is usually implemented as a digital signature, so that you can be assured that not only did that data come from that person but none of the data that you're looking at as part of that digital signature was altered from the time that it was originally sent.
Limitations: Speed
We have to make sure that the application can perform quick enough with the type of cryptography that we're using. We have to think about the overhead associated with encrypting or decrypting this data. That means we need to make sure that the CPU can handle this encryption and decryption process and that we have enough power in the system to be able to support that. When we implement this encryption, it will put additional load on the CPU. It will use more power and more battery life. And we, of course, need to consider that when implementing the cryptography.
Low power devices
We rely on our mobile phones, our tablets, and other devices to be able to provide us with information throughout the day. But these mobile devices have limited storage, limited CPU, there's a certain battery life associated with these devices. And we still want to be sure that all of the data on these devices is secure, so of course encryption is a great way to protect the data that's on these devices. But because there is a limited amount of power in the CPU, we need specialized encryption for these devices. So it's very common to use a smaller symmetric key, especially in conjunction with elliptic curve cryptography or ECC, which is specifically designed for environments like this, where we need very powerful encryption on a device with a limited number of resources
Modes of operation: Unauthenticated
Without this, you can't even be sure you have confidentiality. Case in point: in the CBC scheme contemplated here, you can do more than change words in the plaintext; you can recover the entire plaintext, by feeding the decrypter a series of blocks with strategically corrupted padding.
Limitations: Longevity
You also have to consider how this someone's willing to wait for this encryption or decryption process. It takes time to perform encryption or hashing. And, of course, larger files are going to take a larger amount of time. You might also want to consider the type of encryption you're using. If you perform asymmetric encryption, it may take much longer to perform that function than if you had used symmetric encryption. It's also important to think about how this this encryption type is able to be used. As time goes on, our CPUs get much more powerful, and we're able to do brute forcing much faster than we have in the past. A good example of this is when Data Encryption Standard, or DES, was released in 1977, it was considered to be a very secure encryption type. But only 22 years later in 1999, we were able to put together technology that was able to brute force DES in just 22 hours. If you use larger keys instead of smaller keys, you might be able to extend the life of that encryption method.
Blockchain: Public ledgers
a series (or chain) of blocks on which transaction details are recorded after suitable authentication and verification by the designated network participants.
Audio Steganography
a technique used to transmit hidden information by modifying an audio signal in an imperceptible manner. It is the science of hiding some secret text or audio information in a host message. The host message before steganography and stego message after steganography have the same characteristics.
Limitations: Computational overheads
any combination of excess or indirect computation time, memory, bandwidth, or other resources that are required to attain a particular goal. It is a special case of engineering overhead.
Image Steganography
the process of hiding information which can be text, image or video inside a cover image. The secret information is hidden in a way that it not visible to the human eyes.
Modes of operation: Counter
uses an arbitrary number (this) that changes with each block of text encrypted. The counter is encrypted with the cipher, and the result is XOR'd into ciphertext. Since this changes for each block, the problem of repeating ciphertext that results from the electronic code book (ECB) method is avoided.