1) Symmetric Encryption
a) Data Encryption and Decryption
Cryptography: is the science of encoding and decoding information to keep the content secure. Encryption is a technique through which source information is converted into a form that cannot be read by anyone other than the intended recipient. Decryption is the opposite of encryption. It is the process through which an encrypted messaged returned to its original form. Encryption/decryption is accomplished through an algorithm, which is a mathematical or physical means to transform the message.
The algorithm used to decrypt data can be – but is not necessarily – the inverse of the algorithm used to encrypt it. The 2 algorithms form a pair and are designed to work with each other to encrypt and decrypt data. This pair of algorithms is known as a cipher.
When the plaintext is encrypted, it is called ciphertext.
Conventional names in Cryptography community: Alice and Bob: two parties in a secure communication session, Eve: a passive eavesdropper, Mallory: a malicious, Trudy: an intruder
Types of ciphers:
Substitution Ciphers: Units of plaintexts are replaced with ciphertext according to a regular system. Units may be single letters, pairs of letters and so on.
ROT13: is an example of very simple substitution cipher. In rotate 13 ciphers, characters are replaced with the character whose ASCII value is 13 higher. For example: A => N, B => O and so forth. Decrypting involves simply rotating to the left to reverse the process.
Transposition Ciphers: here, units of plaintext characters are rearranged or transposed into a different order.
Character Cipher operates on each character in the plaintext; a block cipher operates on an entire group of plaintext characters, such as a whole word.
A key is a piece of information that determines the result of an encryption algorithm. When the same key is used to encrypt and decrypt a piece of data, the cipher is said to be symmetric.
Asymmetric ciphers use different encryption and decryption keys.
Key management includes techniques and procedures that support
key sharing and storage
access to keys
Symmetric Key Algorithms are relatively short and are suitable for encrypting high volumes of data. But there is a single key for both encrypting and decrypting; hence more vulnerable to attack than asymmetric ciphers.
Types of symmetric ciphers:
Data Encryption Standard (DES): is a symmetric-key block cipher operating on 64-bit blocks of data. DES uses 56-bit key and 16 rounds of transposition and substitution to compute the ciphertext.
Brute Force is the best attack on DES – trying all the possible key combinations. With a 56-bit key, an attacker would have to try all 56 combinations of ones and zeros to find the correct key.
Triple Data Encryption Standard (3DES): is a block cipher formed from the DES cipher by applying 3 times. It is more secure than DES because it requires 3 rounds of DES encryption, using either 2 or 3 different and separate keys. A variant of 3DES is called 2TDES which uses the same key for rounds one and three. It remains popular in the electronic payment industry.
Advanced Encryption Standard (AES): is a block cipher operating on 128-bit blocks of data. AES can use a 128-, 192- or 256-bit key (AES256) and 10, 12, 14 rounds of processing to compute the ciphertext.
Rijndael: is essentially the same as AES with both key and block sizes between 128 to 256 bits in multiples of 32 bits.
Blowfish: is a public-domain block cipher designed to be replacement for DES. It uses 64-bit blocks and variable-length keys with 0 to 448-bit keys.
International Data Encryption Algorithm (IDEA): is a block cipher designed as replacement for DES and 3DES. It operates on 64-bit blocks using 128-bit key. It finishes with an output transformation called a half-round. So IDEA is said to perform 8.5 rounds compared to 16 rounds in DES.
Rivest Cipher 5 (RC5): is a block cipher with a variable block size 32-, 64- or 128- bits. It also supports variable key sizes from 0 to 2040 bits and variable number of rounds 0 to 255. Generally, 64-bit blocks, 128-bit keys and 12 rounds of processing are recommended as a minimum.
Rivest Cipher 6 (RC6): is just a derivation of RC5.
One-time (OTP): combines the plaintext message with a key of equal length. The key is never re-used and is kept secret. In OTP, the key is a stream of numbers indicating by how much each character should be rotated.
b) Hashing and Steganography
Hash: is created using an algorithm. It is a unique fixed-length mathematical derivation of a plaintext messages. Hashes are also known as digests, used to convert plaintext messages into their numeric equivalents. Once converted, a message is called a hash or a digest.
No two plaintext messages should ever generate the same hash. If a flaw exists in the algorithm and two plaintexts result in the same hash, the condition is called a collision. Finding collisions is a common way of identifying flaws or even cracking a hashing algorithm.
Producing hashes from plaintext message is a one-way operation. Trying to determine the plaintext from a hash is described as “computationally infeasible”.
The algorithms used to produce a hash ensure that every hash of the same length, regardless of the length of the plaintext. For example: The MD5 hashing algorithm creates a 128-bit digest whether you calculate the hash of a one-character file or 10MB JPEG image.
Uses of Hashes:
Data verification: enables to verify that a file or data transmission is valid if the publisher also provides a hashed version of the data. You download the file and create a digest of it. If the calculated digest matches with the digest provided by the publisher, the download file has not been altered since being published.
Secure password storage: Rather than storing a plaintext password in a database, web sites store digest versions of the password. When someone logs in, the web site hashes the password entered by the user in the logon form. The web site then compares the digest to the digest stored in the database. If they match, the user must have entered the correct password and is granted access to the site.
Secure password transmission: A server can send user a plaintext string. A digest is then computed using the user’s password and string which is sent back to the sever. The server computes the digest using the string and the stored password. If they match, user’s identity is verified with transmitting the password across the network.
Document Signing: provides the electronic equivalent of a signature by calculating the digest of a document. Using certain types of encryption, the hash is encrypted and transmitted the ciphertext along with the document. A recipient can verify the signature by decrypting the digest and comparing it to a newly-calculated digest. This capability relies on asymmetric encryption.
Birthday Attacks: New hashing algorithms are continually developed as new vulnerabilities are found in existing algorithms. Hashing algorithms are especially vulnerable to birthday attacks. The birthday problem states that if there is a group of 23 or more people, it is least 50% probable that two people within a group will share a same birthday. The probability increases as the group grows larger. In a group of 57 or more people, its 99% probable that at least one pair will share a birthday. Using the probability theory behind the birthday problem, birthday attacks use brute force to calculate hashes from random plaintexts until they find a collision.
Message Digest Version 5 (MD5): It is also known as RFC1321 that creates a 128-bit hash from a variable-length of plaintext. The 128 bits proves for 3.4 X 10^38 distinct hash values. MD5 is still vulnerable to birthday attacks because using brute-force attack on half (64-bits) can make it easy target.
Secure Hash Algorithm version 1 (SHA-1): SHA is a family of hash algorithms developed by US NSA. There are 5 versions, and SHA-1 is one of these. SHA-1 creates a 160-bit digest using principles similar to MD5. For a successful attack on SHA-1, an attacker would require 640000 times more effort than with MD5. SHA-1 is widely used in networking protocols and systems including TLS, SSL, PGP, SSH, S/MIME and IPs.
Hash algorithms are also vulnerable of unintended use of search engines like Google. When user log on to a web site, the password is typically sent in plaintext from the browser to the web server. After the user is logged on, some web sites include the hashed value of the password in the URL, which is then returned to the user. All this data ends up being cached by the search engines. In some sites (www.md5oogle.com), if you simply supply hash value, it passes search to Google, processes the results and displays the corresponding plaintext.
Steganography: is a system that hides a message sot that only the sender and recipient realize a message is being transmitted. Here the message is no encrypted but simply concealed. Using steganography, a message can be concealed within any seemingly legitimate file or within images, random/spam text or multimedia data. The item that carries the true message is called the covertext. Normally, messages are encrypted before encoded into covertext.
2) Asymmetric Encryption
a) Public Key Cryptography
In private-key or symmetric cryptography, the receiver uses the key created by the sender to decrypt the message. Hence the key needs to be sent from the sender to the receiver across the network. The problem with this method is that the cipher is only as secure as the means to share the key. It can easily be intercepted and then the message can be decrypted no matter how strong the cipher is. To overcome the shortcomings of symmetric cryptography and eliminate the need to securely share a key, asymmetric or public-key cryptography was introduced.
In asymmetric cryptography, each user possesses two keys that are linked to each other mathematically. One key is kept private or secret and other is made public and is available to anyone. All encrypted communications involve the public key and the private key is never exchanged so it cannot be intercepted.
The plaintext is encrypted using private-key and the ciphertext can be decrypted using public-key. It is not possible to decrypt with the same key used to encrypt the message.
When two users wish to exchange data privately, a receiver sends a public-key to sender. Then the sender encrypts plaintext using the public key and sends ciphertext message to receiver. Finally the receiver uses his private-key to decrypt the ciphertext.
The keys in asymmetric cryptography are generated secretly as an interrelated pair. Hence theoretically, it is possible to calculate the private-key from the public-key. But this is made extremely difficult through the sophisticated mathematics involved in asymmetric algorithms. This includes number theory, finite fields, abelian groups, elliptic curves and more.
Asymmetric key algorithms are based on the concepts of one-way and trapdoor functions.
In one-way function, it is easy and requires very little time to perform a function in one direction, but is very difficult and time consuming to perform it in the opposite direction. For instance, the RSA cipher begins with two very large, randomly chosen prime numbers. These two numbers are the user’s private-key. The product of that number is published as the public-key. Even though it is easy to compute the product of two numbers, it is computationally difficult to reverse the process.
Trapdoor function is based on knowing a certain piece of information that makes it possible to easily compute one-way function in both directions. For instance it could be one of the two prime numbers that make up the private-key.
More the bits in the keys, more it is difficult to derive the private-key from the public-key. A minimum of 1024 bits is the recommended key size based on current and near-term computing capabilities.
Advantages of using asymmetric cryptography:
a) Key management: use of key pair made it possible to the safe distribution of secret key
b) Scalability: it is not necessary to have a distinct key for each person trying to communicate. The receiver needs only one key pair and sender can send secure message using the receiver’s public key. For example, if 1000 people want to communicate securely with each other using asymmetric cryptography, only 1000 key pairs are needed; whereas with symmetric cryptography, it would involve 499500 keys.
c) Security services: in addition to provide privacy through encryption, it also provides a range of security services such as access control, authentication, data integrity, and nonrepudiation.
The limitation of using asymmetric cryptography is that the algorithms are very slow to process because of the complexity of the mathematical calculations involved.
Types of asymmetric ciphers:
a) Diffie-Hellman: it’s one of the oldest public-key ciphers. This algorithm is used as a key-agreement protocol and not as an encryption algorithm. Through a series of mathematical steps, the sender and receiver calculate a shared secret key using their undisclosed private keys. This shared key can be used to encrypt all communications between them, but however it does not provide any means of authentication.
Here, starting values for the calculations are set before communication begins. Then new private values are chosen to calculate the session key, which is discarded at the end of the session. A new key is calculated for each session.
This cipher is vulnerable to a man-in-the-middle attack in which a third-party intercepts the communication, calculates a new session key and sends it out without the communicating parties realizing it; because the exchange of the session key is not authenticated.
b) RSA: here, the public-key is used to encrypt a message and only the corresponding private-key can decrypt it. It can be used for both encryption and digital signatures.
RSA is vulnerable to brute-force attacks where the attacker attempts to calculate the private-key from the public-key. It is also vulnerable to a man-in-the-middle attack where the third-party intercepting communications can make the communicating parties believe that the substituted keys actually belong to each other. Various features of the public-key infrastructure (PKI) prevent such attacks.
c) Elliptical curve: E-C ciphers use mathematical system based on the algebra of elliptic curves of large finite fields to calculate a pair of keys. Due to the increased mathematical complexity, E-C keys can be shorter than RSA keys for a given level of security. This also means that it provides faster processing speed than RSA. It is used in OpenSSL, Bouncy Castle – a set of programming libraries for Java, C# and .NET framework.
d) ElGamal: here the keys are generated using the mathematical principle of the cyclic group. It is similar to Diffie-Hellman key-agreement protocol but has the added feature of enabling message encryption as well. Hence it can be used for both encryption and digital signatures. It is used in recent versions of PGP, GNU Privacy Guard and other systems.
A disadvantage of the ElGamal cipher is it has a slow processing speed, especially when calculating digital signatures.
e) DSA: Digital Signature Algorithm designed for digitally signing communications. It is not used for general-purpose encryption.
Digital Certificate: is used to ensure that the correct public-keys are being used. A digital certificate is an electronic document issued by a trusted third-party that includes holder’s identification information and public-key. The certificate also contains the digital signature of the third-party issuer in order to verify the authenticity of the certificate.
Digital certificates simplify the task of managing public-keys and ensure that users are getting correct keys in digital signature and encryption applications.
X.509: certificates are the standard format for digital certificates, which cover a broad range of PKI components. They contain: version number, serial number, algorithm ID, issuer name, validity dates, subject, and subject’s public key and digital signature
Self-issuedcertificates: are issued by an individual or company to themselves and are typically used for only development or testing.
Starter certificates: are inexpensive certificates based on automated identity verification and are typically issued immediately to the requester.
Plus certificates: covers variations in a name or a greater level of identity verification.
Wildcard certificates: cover all or many of the systems within an Internet domain.
Extended validation (EV) certificates: are backed by an extensive identity verification process. They are pretty expensive and are mostly used by large corporate that required a very high level of trust.
3) PKI and Trusted Models
The public key infrastructure (PKI) was developed to provide a way to exchange data securely and privately over a non-secured network. PKI is the underlying technology that provides for issuing, receiving, storing and revoking certificates.
The PKI consists of:
Certification Authority (CA): Users and computers can verify their identity by referencing an association they have with a trusted third-party or CA. The CA issues digital certificate containing a key pair that the certificate holder uses to encrypt and decrypt data and verify their identity.
Registration Authority (RA): authenticates requestor, which is the key to generating trustworthy certificates. The RA collects and stores identifying information such as contact information, user’s public-keys, and system capabilities and so on. An RA does not issue keys or certificates; it mediates between the users and CA.
Certificate Server (CS): maintains a database or repository of certificates. Repository technologies include FTP servers, X.500, LDAP and DNS. The term “Certificate Server” comes from the original name of Microsoft implementation of its CA software, which is now called Certificate Services.
Apart from authentication, PKI provides 2 other primary services: integrity and confidentiality.
Integrity gives assurance to users that the data has not been altered in any way during the exchange.
Confidentiality gives assurance to users that only the intended party will be able to read the information that is being exchanged.
Services components of an efficient PKI are:
Certificate revocation: refers to breaking the association of a public-key to an entity. Certificates may be revoked if the related private-key has been compromised or the entity’s name has changed. The certificate revocation list (CRL) lists the revoked certificates.
Key backup and recovery: enables the recovery process of the private-keys. But it does not actually recover data or messages.
Automatic key update: As certificates are always issued with a specific validity period, when certificates expire they have to be updated or renewed. Hence it is necessary to have efficient system whereby certificates are automatically renewed when the expiration date is reached.
Key history: Since the keys are updated at regular interval, users build up a collection of expired certificates over time. This collection is called the user’s key history. The management of the history should be done automatically.
Cross-certification: refers the trust relationship that enables users from unrelated PKIs to accept one another’s certificates.
Nonrepudiation: refers that a PKI needs to prove that a specific user/computer sent a particular piece of data.
Timestamping: is an important element in the authentication and nonrepudiation services of a PKI. This must be done securely and all users need to trust the PKI time source.
Client software: is the code that implements PKI services and makes them available t users.
Certificate policies and certificate practice statements are two primary documents that address the intended use of the certificates and operating procedures of a CA and PKI respectively.
A certificate policy dictates under what circumstances a certificate will be used. It is also defined as a set of rules indicating how a certificate is applicable to a specific community of users or which common security requirements are covered by the certificate described in the policy. For instance, a CA can issue one type of certificate for e-transactions, a second for e-mail and third for application software.
C As use certificate policies to protect themselves from claims of loss if a certificate is misused. The policy identifies the user community conforming to the policy; the names of CA and RA and the certificate’s OID (Object Identifier).
A certificate practice statement (CPS) is a published document that explains how a CA is structured, which standards and protocols are used and how certificates are managed. When dealing with security systems, it should be ensured that the CA has a policy covering each item required. In case of private or internal PKI system, the PKI administrator has to provide information. CAs that doesn’t publish their CPS should not be trusted.
In small organizations, it is easy to trace a certification path back to the CA that granted a certificate. But it is difficult to trust communications from entities that don’t appear in an organization’s CA. Hence the organizations typically follow a trust model, which explains how users can establish a certificate’s validity.
Following are the most commonly used trust models:
1) Web of trust (mesh trust): key holders of the Web of Trust model sign each other’s certificates, thereby validating the certificates based on their own knowledge of the key holder. Anyone can sign someone else’s public key, becoming an introducer in the process. If a user knows and trusts the introducer, he or she should be by association be willing to trust the public key. It is used in encryption applications such as PGP, where there is no central authority. It is most suitable for small groups made of entities who have established relationship. It is analogous to hiring a handyman for minor repair work who does it in his spare time and was recommended by a friend.
The main vulnerability with Web of Trust is the careless or malicious user who signs bad keys which can affect the whole group.
2) Single-authority trust (third-party trust): here one central third-party CA signs a key and authenticates the owner of the key. The users trust the CA and by association, trust all keys issued by that CA.
It is analogous to installing a security system in business premises, where you prefer someone having the credentials of a large recognized security company.
The single-authority trust model is suitable for larger environments where the parties are not as intimately involved as in Web of Trust model.
Hierarchical trust: here, a top-level CA known as root CA, issues certificates to intermediate subordinate CAs, which further can issue certificates to their subordinate CA. The lowest level of the CA hierarchy issues certificates to end users, servers and other entities that use certificates. The process builds a pyramid of CAs with the trust path leading back to the root CA.
This model allows for enforcement of policies and standards throughout the infrastructure. It is suitable for large organizations with strong security needs and made up of multiple division spread over large geographic locations or in cooperation with another organization.
Bridge trust model: is used when dealing with large companies, geographically dispersed organizations and companies that are in cooperation with one another. Each company will have a root CA which will have subordinate CAs under it for user certification and each root CA will handle all cross certifications between the organizations while the intermediate CAs will only communicate with their respective root CA.
Typically, a single pair of keys are generated; a public and a private-key. The private key is used both for encryption and digital signature. Nowadays, many systems support the generation of two pairs of keys. One of the private-key is for encrypting and other private-key for signing. The certificate issued for the single key pair system is called single-key certificate and the dual-key certificate for dual-key pair system, where one is the signing certificate and other is the encryption certificate.
Benefits of using dual-key certificate:
It strengthens non-repudiation by employees. As the signing key is never backed up, there is a reduced chance that a signature can be forged. The single point of vulnerability is the security of the user’s account in which the signing certificate is stored.
In case the encryption key is lost or deleted, it can be restored from the backup and used to decrypt data.
If the user’s signing key is lost or destroyed, it can still be used. Signatures made from the lost key can still be verified with its public key.
PKI normally backup the encryption certificate whereas the signing certificate is never backed up or copied.
Algorithms used in modern computer applications:
DES: rarely used because its flaws are widely published
3DES: used by the electronic payment industry
AES/AES256/Rijndael: used in Java and OpenSSL
Blowfish: used in SSH, Open BSD and SSLeafy free
Elliptical Curve: used in CNG, the Bouncy Castle Java crypto classes and some open SSL implementations
RSA: used in signing digital documents and user-authentication systems. It is the foundation of public-key algorithm
RC5: used in some OpenSSL implementations.
OTP: not commonly used, but used in espionage applications