ISMN 5730 - Cryptography Study Guide

Cryptography

- The art and science of writing secrets

- Storing and transmitting information in a form that allows it to be revealed only to those intended

- Accomplished by a cryptosystem

types of cryptography

privacy, integrity, authenticity, non-repudiation

privacy

only intended recipient can read the message

contents of a message that you only want one person to read

integrity

the message cant be changed or altered in any way

integrity of the message that we are trying to maintain

the integrity of the message is what we are trying to maintain (contents)

authentication

we know who we are communicating with (how do we know?)

how can we prove who we claim to be

- Who were sending to or whos sending to us

non-repudiation

once you send a message to someone, you cant say you didn't send it later on

- Trail of evidence that proves that it was you

purpose of cryptography

- Protect sensitive information from disclosure

- Identify the corruption or unauthorized change information

- Make compromise too expensive or too time consuming

Cryptanalysis

- Practice of defeating attempts to hide information

- Reduction or solution of secret messages without knowledge of the system or the key or the possession of a code book

cryptanalysis is the study of what

the study and practice of finding weaknesses in ciphers

plaintext/clear text

wod document, email, and basic writing

Ciphertext/Cryptogram

scrambled/encrypted data (encrypted data)

encrypt

the act of putting information into a secret code to be deciphered later

decrypt

descramble with key

Cryptology

- includes both cryptography and cryptanalysis

- Encrypting and decrypting messages

algorithms

many different types of algorithms

more business use case than casual

Stream Ciphers

a method of encryption that encrypts a single bit of plaintext at a time, continuously. It is usually implemented in hardware. Ex: DirecTV satellite box uses this to decrypt a show's data and display it on your TV

Block Ciphers

a method of encryption that operates on fixed size of plain text (usually 64 bits). More suitably implemented in software to execute on general-purpose computers. Generally slower than stream ciphers

substitution ciphers

shift alphabet (A-D, B-E)

scramble alphabet (substitute one letter for a random other letter)

transposition cipher

left to right by rows

Flip the rows to columns, etc.

We can also do it diagonally

Rearranging rows or columns

DES (Data Encryption Standard)

- the best-known block cipher created in 1976.

- Designed by IBM based on Lucifer, improved by National Security Agency

- Worldwide acceptance due to its strength

- used for VPN Products, e-mail products, web security, etc

what is the order of well known symmetric ciphers

DES [most well known, 64 bit] --> AES[most commonly used, 256 bit, block cipher] --> RC4 [stream cipher]

Public Key

- the idea of __________ _______ cryptography was introduced in 1976

- at the time, we did not have the computing capabilities to process this idea

Symmetric

__________ cryptography involves a single key that must be shared by both the sender and receiver.

- DES is the common example of this

- significant problem with this is getting the key to the recipient without it being disclosed to anyone else

symmetric key

the key you use to encrypt and decrypt the data are shared, same on both sides

symmetric key traits

It is very fast

can encrypt large numbers of data efficiently

difficult to break

Availability Many different algorithms that use symmetric processes

weaknesses if symmetric keys

key management, key has to be secured

Key distribution

Every key you share with someone has to be different and unique to the next person (who youre talking to)

•Limited security

•

-Symmetric keys only encrypt data and restrict its access.

-

Does not provide proof of origin or non-repudiation

scalability weakness in symmetric keys

more people= more keys

symmetric encryption provides what

confidentiality and intergrity

scalability symmetric key

everyone needs a key for every other person to communicate

10 people= 45 keys (N (N-1) / 2

-Since a unique symmetric key must be used between the sender and each recipient, number of keys grows exponentially with the number of users : N (N-1) / 2

do symmetric keys have proof of origin

no

Asymmetric

___________ cryptography involves 2 keys, 1 private and 1 public. They are related to each other mathematically. It is computationally infeasible to derive the provate key from knowledge of the public key

both asymmetric keys are different, but they have what

a relationship, one way function

asymmetric is east to compute in one direction, but what

impossible to go backwards

X+9=16

X+9=?

assymetric: email example

Send you an email, need to encrypt so use your public key

CANT ENCRYPT SOMETHING WITH PRIVATE KEY AND EXPECT IT TO BE CONFIDENTIAL, NEED TO USE PUBLIC KEY (sender)

THE RECIVERS PRIVATE KEY IS USED TO UNLOCK THE EMAIL FOR THE RECIEVER

Sender used the receivers public key, once the receiver opens it, their private key will allow it to open

confidentiality in asymmetric

only the people that should read it, can read it

confidentiality keys

Sender used the receivers public key, once the receiver opens it, their private key will allow it to open

proof of origin

-Prove the message was not changed

-Prove the source of the message

-Make sure the signature isn't fake

proof of origin/ authentication asymmetric

-Sign with the private key (sender)

-Verify with the public key (receiver has senders public key)

strengths of asymmetric key

Strengths

Can provide five security elements:

•Confidentiality/Privacy (Data cannot be decrypted without the appropriate private key)

•

•Access Control (The private key should be limited to one person)

•

•Authentication (Identity of sender is confirmed)

•

•Integrity (Data has not been tampered with)

•

•Non-repudiation (Sender cannot deny sending)

strengths of asymmetric continued

Strengths

•Provides efficient encryption and digital signature services

•

•Efficient symmetric key distribution

•

•Scalability

-Only two keys needed per user

•1,000 people need total of 2,000 keys (easier to manage than the 499,500 needed for symmetric)

asymmetric weaknesses

computationally intensive

slow (1000 or more times slower than symmetric)

Computer needs to do a lot of processing

Nano seconds, really doesnt matter to humans

Most important asymmetric algorithm

RSA

RSA asymmetric example

Paypal website: public key is listed on website (HTTPS)

Primary for web traffic and web communications

message integrity controls

accidental changes: Hash Function, Checksum and Parity.

intentional changes: digital signature, keyed hash HMAC, CBC-MAC

hash function is the thing that gives us what

digitial signatures

What does a hash function do?

allows the digital signature to verify the contents of a message

the hash function verifies what

integrity (doesnt give confidentiality or proof of origin)

digital signatures

authentication tool to verify a message origin and sender identity

what do digital signatures prove

non repudiation, authentication (not confidentiality, just verifying)

digital signatures resolve what

authentication issues

provides proof of origin

-Block of data attached to message (document, file, record, etc.).

•Binds message to individual whose signature can be verified.

-By receiver or third party.

-Difficult to forge.

most popular digital signature sceheme

SHA-1- secure hash algorithm

DES-EDE3

a mode of triple DES that does 3 DES operations (encrypt-decrypt-encrypt) with 3 different keys

DES-EEE2 (DES-EDE2)

a mode of triple DES that does 3 DES operations (encrypt-decrypt-encrypt) but uses the same key for the 1st and 3rd operation

RC4

- the most commonly implemented stream cipher

- variable key size

- highly efficient, much faster the block cipher

- stream ciphers can be difficult to implement correctly

Larger

the __________ the key size of an algorithm, the stronger it is

Confidentiality

In public key algorithms, the operation of encrypting the originator's message with the public key of the receiver, then the receiver decrypting the message with the private key of the receiver ensures ______________

Proof of Origin

in public key algorithms, the operation of encrypting the originator's message with the private key of the originator, then the receiver decrypting the message with the public key of the originator ensures _____________

RSA

a public key algorithm that meets all three asymmetric needs: 1) data encryption, 2) key distribution of symmetric keys, 3) digital signatures for non-repudiation.

- it is the primary public key application we use

- mathematical problem of factoring the product of large prime integers

SHA-256

the most commonly used hashing function

AES (advanced encryption standard)

symmetric crypto, keeps constantly running transposition and substitution