Week 7: Cryptography

avatar
Created by
High-pitchedBeetle8111

Cards (115)

  • Cryptography comprises the algorithms, or ciphers, used to encrypt and decrypt data, which are collectively called a cryptosystem.
  • Most of these cryptographic ciphers take unencrypted data, called plaintext, and use one or more keys (i.e., a string of numbers or characters known only to the sender and/or recipient) to transform the plaintext into a secret message, which is called ciphertext.
  • The security of a cryptosystem usually depends on the secrecy of the keys, rather than the secrecy of the cipher.
  • A strong system should also produce ciphertext that appears random to all standard statistical tests and resists all known previous methods for performing cryptanalysis, or the process of breaking codes.
  • Essentially, cryptography is the art of concealing information from others, transforming a readable message into a form that is readable only by authorized users
  • Cryptography accomplishes four security goals:
    • Confidentiality
    • Integrity
    • Authentication
    • Nonrepudiation
    • Unencrypted information—Information in understandable form, which is called plaintext, or cleartext
    • Encrypted information—Information in scrambled form, which is called ciphertext
  • Encryption is the process of scrambling plaintext into ciphertext, and decryption is the opposite process (i.e., unscrambling ciphertext into plaintext). For decryption to work properly, the decrypted plaintext must be the same as the original plaintext before encryption.
  • Traditional encryption and decryption use known mathematical processes, called algorithms (i.e., repeatable processes that produce the same result from the same input), for performing their functions.
  • An algorithm that specifically encrypts or decrypts information is called a cipher.
  • Note that the algorithm you use to encrypt information may or may not be the same one you use to decrypt that information.
  • Some encryption algorithms have no decryption algorithms, which are one-way algorithms, or hashing functions. The output of a one-way algorithm is a hash. Hashing functions are useful for protecting data from unauthorized changes.
  • Most common encryption ciphers require plaintext and at least one cryptographic key as input, which the encryption cipher uses to vary its output so that the intended correspondents can protect their information from anyone else who has the same cipher. By changing the key, you change the output of the cryptographic function, even if the plaintext remains the same.
  • Encryption ciphers fall into two general categories:
    • Those that use the same key to encrypt and decrypt are private (symmetric) key ciphers.
    • Those that use different keys to encrypt and decrypt are public (asymmetric) key ciphers.
  • The goal of cryptography is not to make ciphertext undecipherable but rather to make the cost or the time required to decrypt it without the key exceed the value of the protected information.
  • To determine the mathematical weaknesses in ciphers, experts from around the world use open source (i.e., public, as opposed to hidden, closed source, or proprietary) ciphers to subject them to extensive analysis, searching for flaws and weaknesses that could diminish the cipher’s strength.
  • Any cipher is far more secure if it withstands public scrutiny without anyone identifying major flaws. The most scrutinized cipher in history is the Data Encryption Standard (DES).
  • In today’s information systems, there are two primary uses of cryptography: to protect data in transit and to protect data at rest:
    • Data in transit refers to any data as it is exchanged, most commonly via a network connection
    • Data at rest is any data that is stored on storage media and any data in memory.
  • There are two main approaches to securing communications: encrypting each message before it is sent, which requires software to encrypt and decrypt messages separate from the communications functions, and letting the communication software encrypt and decrypt the messages as they are transmitted or received (often called connection, or transport, encryption because the encryption and decryption occur at the transport layer in the network stack).
  • Cryptography can enforce integrity with hashes or checksums, which are one-way calculations of information that yield a result that is usually much smaller than the original message and is difficult to duplicate.
  • When it comes to information security, cryptography can satisfy these requirements:
    • Confidentiality - Keeps information secret from unauthorized users
    • Integrity - Ensures that no one, not even the sender, changes information after transmitting it
    • Authentication - Confirms the identity of an entity, whether that be the sender, the sender’s computer, a device, or information
    • Nonrepudiation - Enables you to prevent a party from denying a previous statement or action
  • Each cipher has specific characteristics that may make it desirable or undesirable for any situation. The first issue to consider when evaluating a cipher is its intended use. Are you trying to secure data in transit or data at rest? Once you select a cipher, you still must make additional decisions about such things as key size and operational mode, such as a stream cipher or a block cipher:
    • A stream cipher encrypts one byte (or bit) at a time
    • A block cipher encrypts an entire block of data at a time
  • Two fertile areas of research are elliptic curve cryptography (ECC) and quantum cryptography
  • ECC ciphers
    Depend on the algebraic structures of elliptic curves over finite fields and can result in very secure ciphertext using smaller keys than more traditional ciphers
  • Quantum cryptography
    Bases its algorithms on the properties of quantum mechanics, a factor that separates basic classic cryptography from quantum cryptography in the difficulty in breaking the cipher. Breaking quantum cryptography ciphers is theoretically impossible
  • Classic cryptography still dominates in today’s implementations
  • Ciphers come in two basic forms:
    • Transposition ciphers—A transposition cipher rearranges characters or bits of data.
    • Substitution ciphers—A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.
  • A simple transposition cipher writes characters into rows in a matrix and then reads the columns as output. Transposition ciphers keep all the elements of the original message and simply scramble the information so that it can be reassembled later.
  • One of the simplest substitution ciphers is the Caesar cipher, in which each letter in the English alphabet is shifted a fixed number of positions, with Z wrapping back to A.
  • Another type of substitution cipher is a keyword mixed alphabet cipher, which uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
  • To make it harder to break these codes, you can use multiple encryption schemes in succession. For example, you could encrypt every letter with its own substitution scheme, which is known as a Vigenère (veezhen-AIR) cipher. This cipher works like multiple Caesar ciphers, each with its own shift characters.
  • Instead of transforming each letter a fixed number of positions, you can increase the complexity of a substitution cipher by allowing any letter to uniquely map to any other letter. This type of cipher, called a simple substitution cipher, can be found in many newspapers as a puzzle called a cryptogram.
  • To make sure a substitution cipher stays secure, you must do three things: (1) ensure that the key is a random sequence without repetition, (2) ensure it is as long as the encrypted information, and (3) use it only once. Such a cipher is known as a one-time pad.
  • Product Cipher
    • Combination of multiple ciphers, each of which could be a transposition or substitution cipher
    • Example: Data Encryption Standard (DES)
    Exponentiation Cipher
    • Involves computing exponentials over a finite mathematical field and relies on the difficulty of factoring large numbers
    • Example: Rivest–Shamir–Adelman (RSA)
  • Some ciphers use a branch of mathematics known as field theory. A field is any domain of numbers in which every element other than 0 has a multiplicative inverse.
  • Symmetric key ciphers use the same key to encrypt plaintext into ciphertext and then to decrypt ciphertext back into plaintext, a fact that inherently represents a basic limitation for these cryptosystems. Because these ciphers require that both parties first exchange keys to be able to securely communicate, the parties must first be able to talk securely to exchange keys.
  • With symmetric keys, the key-encrypting key must be exchanged at some point, which means that an attacker can intercept the key-encrypting key when it is exchanged. To overcome this dilemma, a message must travel on a path that an outside party cannot monitor, which is known as out-of-band communication, using a secure channel.
  • Symmetric key systems do not scale well.
  • As a solution to the common problems encountered with key distribution scalability, the concept of public key cryptography, which is referred to as asymmetric key cryptography in the chapter, was introduced. Public key cryptography is a system that allows correspondents to communicate only over a public channel using publicly known techniques.
  • Asymmetric key ciphers have four key properties:
    • Two associated algorithms that are inverses of each other exist
    • Each algorithm is easy to compute.
    • It is computationally infeasible to derive the second algorithm if you know the first algorithm
    • Given some random input, you can generate associated key pairs that are inverses of each other