Security in Data Domains

Cryptography

1. Scrambling information so it appears unreadable

2. Transforms information into secure form

3. Provides five basic information protections

   • Confidentiality

     • Insures only authorized parties can view it

   • Integrity

     • Insures information is correct and unaltered

   • Availability

     • Authorized users can access it

   • Authenticity of the sender

     • refers to the proven fact that something is legitimate or real

   • Nonrepudiation/Accountability

     • Proves that a user performed an action

Encryption

Changing original text into a secret message using cryptography

Decryption

Changing secret message back to original form

Plaintext

Data to be encrypted

Input into an encryption algorithm

Ciphertext

Data that was encrypted

Key

Mathematical value entered into the algorithm to produce ciphertext and vice versa

Symmetric Cryptographic Algorithm

Uses a secret key to encrypt and to decrypt messages.

The secret key cannot be made public and known only to the sender and receiver.

Need a secure channel to distribute the key

Perform faster than most public key cryptographic algorithms

Weakness of symmetric algorithm:

Distributing and maintaining a secure single key among multiple users distributed geographically

Examples:

• Data Encryption Standard (DES)

• Triple DES (3DES)

• Advanced Encryption Standard (AES)

• RC4

Stream Cipher

Symmetric algorithm category that encrypts data one bit (or character) at a time as they become available

Block cipher

Symmetric algorithm category that works on entire block of plaintext at a time

Separate blocks of 8 to 16 bytes encrypted independently

Blocks randomized for additional security

Substitution cipher

Substitutes characters in plaintext with their respective characters in a substitution alphabet.

Transposition cipher

Rearranges letters without changing them

Other symmetric algorithms

Rivest Cipher

Family of cipher algorithm designed by Ron Rivest

International Data Encryption Algorithm

Used in European nations

Block cipher processing 64 bits with a 128-bit key with 8 rounds

Blowfish

Block cipher operating on 64-bit blocks with key lengths from 32-448 bits

No significant weaknesses have been identified

Asymmetric Cryptographic Algorithm

Weakness:

Needs more computing power than symmetric

Also known as public key cryptography

Uses two mathematically related keys

Public key available to everyone and freely distributed

Private key known only to individual to whom it belongs

Different keys are used to encrypt and decrypt message

Examples:
RSA

Hashing Algorithm

A cryptographic hash algorithm produces a irreversible fixed length string or hash from variable length message known as hash value/message digest.

Unlikely that different messages produce the same hash value

Used for confidentiality (to store passwords securely) and for authentication, non repudiation, and integrity (as part of a digital signature)

Examples:

• Message Digest 5 (MD5)

• Secure Hash Algorithm (SHA)

Digital Signature

Verifies the sender

Used to prove a document originated from a valid sender

Prevents sender from disowning the message

Proves message integrity

Steganography

Hiding the existence of data

Embedding messages into image, audio, or video files

Achieved by dividing data and hiding in unused portions of the file

Invisibly altering the structure of a digital image