Cryptography

• History of Cryptography
• Cryptography components and their relationships
• Government involvement in cryptography
• Symmetric and asymmetric key algorithms
• Public key infrastructure (PKI) concepts and mechanisms
• Hashing algorithms and uses
• Types of attacks on cryptosystems

Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered the science of protecting information by encoding it into an unreadable format.

History of Cryptography

roots began in 2000 B.C. in Egypt decorating tombs in hieroglyphics. A Hebrew method required the alphabet to be flipped so that each letter in the original alphabet was mapped to a different letter in the flipped, or shifted, alphabet.

ABCDEFGHIJKLMNOPQRSTUVWXYZ
ZYXWVUTSRQPONMLKJIHGFEDCBA

Around 400 B.C the Spartans used a system of encrypting: they would write a message on sheet of papyrus that was wrapped around a staff which was then delivered and wrapped around a different staff by the recipient. The message was only readable if it was wrapped around the same size staff. Known as scytale cipher.

The most famous rotor encrytion machine is the Enigma used by the Germans in WWII

Types: substitution, monoalphabetic substitution, polyalphabetic substitution, atbash,Vigenere

Cryptography Definitions and Concepts

plaintext - readable data
ciphertext - data that appears to be random and unreadable
cryptosystem - a system or product that provides encryption and decryption
algorithm - the set of rules, dictates how enciphering and deciphering take place

Kerckhoff's Principle (p596)

Strengths of the cryptosystem
the strength of an encryption method comes from the algorithm, secrecy of the key, length of the key, initialization vectors, and how they all work together within the cryptosystem.

Services
Confidentiality - denies unauthorized parties access to information
Authenticity - validates the source of the message, to ensure that the sender is properly identified
Integrity - provides assurance that the message was not modified, accidentally or intentionally
Nonrepudiation - establishes that a particular sender has sent the message so that they cannot deny having sent the message at a later date

One-time pad
a perfect encryption scheme because it considered unbreakable if implemented properly. Invented by Gilbert Vernam in 1917

Running and Concealment Ciphers
The running key cipher could use a key that does not require an electric algorithm and bit alterations, but cleverly steps in the physical world around you.
A concealment cipher is a message within a message.

Steganography - a method of hiding data in another media type so that the very existence of the data is concealed.

Government Involvement with Cryptography

Wassenaar Arrangement - "The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies"
The following outlines the characteristics of a specific algorithm types that are considered too dangerous to fall into the hands of the enemy and thus are restricted:

• Symmetric algorithms with key sizes over 56 bits
• Asymmetric algorithms that carry our factorization of an integer with key sizes over 512 bits (such as RSA)
  
• Asymmetric algorithms that compute discrete logarithms in a field with key sizes over 512 bits (such as El Gamal)
• Asymmetric algorithms that compute discrete logarithms in a group (not a field) with key sizes over 112 bits (such as ECC)

Types of Ciphers

Substitution Cipher
Transposition Cipher

Methods of Encryption

Symmetric vs. Asymmetric Algorithms
Symmetric algorithms use secret keys while asymmetric algorithms us public and private keys.

Block Cipher
the message is divided into blocks of bits
Stream Cipher
treats the message as a stream of bits and performs mathematical functions on each bit individually

A strong and effective stream cipher contains the following characteristics

• Long periods of no repeating patterns within keystream values
• Statistically unpredictable keystream
• A keystream not linearly related to the key
• Statistically unbiased keystream (as many 0s as 1s)

Hybrid Encryption Methods - Asymmetric and Symmetric Algorithms used together
Session Keys -a symmetric key that is used to encrypt messages between two users.

Types of Symmetric Systems

• Data Encryption Standard (DES)
• 3DES
• AES
• International Data Encryption Algorithm (IDEA)
• Blowfish
• RC4
• RC5

Types of Asymmetric Systems
Diffie-Hellman Mathematical Steps

1. Tanya chooses a large random integer (x) and sends to Erika
2. Erika also chooses a large random integer (y) and sends it to Tanya
3. Tanya's software computes the following: K=Y^x mod n
4. Erika's software computes the following: K=X^y mod n

Man in the middle attack

El Gamal - a public key algorithm that can be used for digital signatures, encryption, and key exchange

Elliptic Curve Crytosystem

Knapsack
Zero Knowledge Proof

Message Integrity

One way hash - a function that takes a variable length string and produces a fixed length value called a hash value
HMAC
CBC-MAC

Various Hashing Algorithms

• Hash should be computed over the entire message
• Hash should be a one-way function so that messages are not disclosed by their values
• Given a message and its hash value, computing another message with the same hash value should be impossible
• Function should be resistant to birthday attacks

MD2
MD4
MD5
SHA
HAVAL

Attack against one way hash functions
collision - the algorithm produces that same value for two distinctly different messages
birthday attack - attacker attempts to force a collision

Digital Signatures

• A message can be encrypted, which provides confidentiality
• A message can be hashed, which provides integrity
• A message can be digitally signed, which provides authentication, nonrepudiation, and integrity
• A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity

Digital Signature Standard

Public Key Infrastructure (PKI)
consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion
Certificate Authorities
Registration Authority

Key Management
The key length should be long enough to provide the necessary level of protection
Keys should be stored and transmitted by secure means
Keys should be extremely random and the algorithm should use the full spectrum of the key space
The key's lifetime should correspond with the sensitivity of the data it is protecting
The more the key is used, the shorter its lifetime should be
Keys should be backed up or escrowed in case of emergencies
Keys should be properly destroyed when their lifetime comes to an end.

Link Encryption vs. End-to-End Encryption
E-Mail Standards
Multipurpose Internet Mail Extension(MIME) - a technical specefication indicating how multimedia data and e-mail attachments are to be transferred
Secure MIME (S/MIME)
Privacy-Enhanced Mail (PEM)

• Messages encrypted with AES in CBC mode
• Public key management, provided by using RSA
• X.509 standard, used for certification structure and format

Message Security Protocol (MSP)
Pretty Good Privacy (PGP)

ATTACKS (p676)

Ciphertext-Only Attack
Known-Plaintext Attack
Chosen-Plaintext Attack
Chosen-Ciphertext Attack
Differential Cryptanalysis
Linear Cryptanalyis
Side Channel Attack
Replay Attack