DACS 2201 / 06-Basic Cryptography

Introduction to Cryptography and Steganography

  • Terminology and Concepts:     * Cryptography: The process of scrambling data so it cannot be read or understood. It transforms information into an unintelligible, secure form to prevent unauthorized access.     * Steganography: Unlike cryptography which scrambles data, steganography hides the very existence of the data.     * Historical Steganography: Ancient Greeks performed this by writing messages on wooden tablets, covering them with wax, and then writing a fake, innocuous message on the wax.     * Modern Steganography: Data is hidden within digital files such as images, audio, or video.         * This is achieved by embedding data in unused portions of the file, such as header fields or between sections of metadata.         * Metadata: Data used to describe the content or structure of the actual data.

Cryptographic Terminology

  • Encryption: The process of converting original text into a secret message using cryptography.
  • Decryption: The reverse process of encryption; changing a secret message back into its original plaintext form.
  • Plaintext: Data that is unencrypted or the output after decryption has occurred.
  • Ciphertext: The scrambled, unreadable output resulting from the encryption process.
  • Cleartext: Data that is stored or transmitted without any form of encryption.
  • Cipher: A cryptographic algorithm that acts as the mathematical formula or procedure used to transform plaintext into ciphertext and vice versa.

Fundamental Cryptographic Principles

  • Kerckhoff’s Principle: A core rule in cryptography stating that the algorithm itself should not be secret; only the key must remain secret.     * If a system relies on a secret algorithm and that algorithm is leaked, the entire system fails.     * Most modern cryptographic algorithms are public and well-vetted.
  • Key: A specific value used by a cryptographic algorithm to produce unique ciphertext. In keyed systems, if a key is used for encryption, a key is also required for decryption.
  • Core Techniques:     * Substitution: Replacing one letter or character with another.     * Transposition: Rearranging the order of the original letters in the message.

Historical and Basic Ciphers

  • Caesar Cipher:     * One of the oldest keyed substitution algorithms, attributed to Julius Caesar for military communications.     * It uses a "shift" key. Caesar famously used a key of 33.     * Example: Using Key 33, "I HAVE NO SECRETS" becomes "L KDYH QR VHFUHWV".     * ROT-13: A specific Caesar cipher where the key is set to 1313.

  • Pigpen Cipher:     * A keyless substitution cipher historically used by the Freemasons.     * Letters are substituted with symbols based on the geometric shapes (grids and Xs) that enclose them in a specific diagram template.

  • Vigenre Cipher:     * A generalization of the Caesar cipher that uses a keyword (password) instead of a single number.     * Process: It uses a grid where the horizontal axis represents plaintext letters and the vertical axis represents key letters.     * If the message is longer than the key, the keyword is repeated.     * The ciphertext letter is found at the intersection of the plaintext row and the key column.     * Example: Keyword "BUCK" applied to "HELLO" results in "IYNVP".

  • Rail Fence Cipher (Zig-Zag Cipher):     * A transposition algorithm where letters are written vertically in a zig-zag pattern across a specified number of lines (the key).     * Encryption Process:         1. Write the message in a zig-zag pattern across the rows.         2. Read the results line by line horizontally to form the ciphertext.     * Decryption Process:         1. Create a grid with the appropriate number of lines.         2. Mark the zig-zag path with placeholder characters.         3. Fill the placeholders horizontally with the ciphertext characters.         4. Read the message by following the diagonal zig-zag pattern.

Modern Cryptographic Methods

  • Modern algorithms utilize computer-based computation and mathematical proofs to process data in three ways:     * Stream Ciphers: Replace one character at a time.     * Block Ciphers: Manipulate data in entire blocks (e.g., 88 or 16 bytes16\text{ bytes}) simultaneously.     * Sponge Functions: Accept input of any length and return output of a requested variable length.

Hash Algorithms

  • A hash algorithm takes an input (message or file) and produces a fixed-length string (the hash or message digest).

  • Characteristics of Secure Hashes:     * Fixed Size Output: A single letter and a massive file will result in hashes of the exact same length.     * Collision Resistant: Every unique input must produce a unique output. Different inputs should never result in the same hash.     * Digital Fingerprint: Because they are unique, hashes verify file integrity.     * Originality: It is impossible to reverse-engineer or create a data set to match a specific predefined hash.     * One-way Encryption: Hashes cannot be "decrypted" back to the original data.

  • Common Functions:     * Message Digest (MD): MD5 is the most famous but is now considered insecure due to vulnerabilities.     * Secure Hash Algorithm (SHA):         * SHA-1: No longer recommended.         * SHA-2: Includes SHA-256, SHA-384, and SHA-512; currently considered secure.         * SHA-3: Standardized in 2015; optimized for low-power IoT devices and sensors.     * RIPEMD (Race Integrity Primitives Evaluation Message Digest): Features two independent parallel computation chains combined at the end. Versions include RIPEMD-128, 256, and 320.

Symmetric Cryptographic Algorithms

  • Also known as Private Key Cryptography.
  • Uses a single, identical key for both encryption and decryption. This key must be kept secret between communicating parties.
  • Common Algorithms:     * DES (Data Encryption Standard): Once popular, now insecure.     * 3DES (Triple DES): Performs DES three times; now considered unsuitable.     * RC (Rivest Cipher): Family of six stream ciphers; RC4 is common but currently insecure.     * AES (Advanced Encryption Standard): Processes data in 128-bit128\text{-bit} blocks; currently has no known successful attacks.     * Blowfish: A block cipher with no known successful attacks.

Asymmetric Cryptographic Algorithms

  • Also known as Public Key Cryptography.
  • Solves the "key distribution problem" inherent in symmetric systems where users cannot easily meet to exchange keys.
  • Key Pairs: Uses two mathematically related keys.     * Public Key: Available to everyone and freely distributed.     * Private Key: Known only to the owner.
  • How it Works: If a message is encrypted with a public key, it can only be decrypted by the matching private key (and vice versa).
  • Common Algorithms:     * RSA (Rivest, Shamir, and Adleman): Uses prime number characteristics. Secure if keys are sufficiently large.     * ECC (Elliptic Curve Cryptography): Relies on the mathematics of elliptic curves. It provides higher security with smaller key sizes, leading to faster computation and lower power use. Used in modern OSs and mobile devices.     * DSA (Digital Signature Algorithm): Primarily used for electronic sender verification.

Key Exchange and Advanced Asymmetric Concepts

  • Key Exchange Algorithms: These allow two parties to agree on a symmetric secret key while communicating over an insecure medium.     * Diffie-Hellman (DH): Parties agree on a large prime number and a related integer. Through computation, they independently derive the same secret key.     * Diffie-Hellman Ephemeral (DHE): Uses temporary keys that are discarded after one use.     * Elliptic Curve Diffie-Hellman (ECDH): Combines DH with ECC principles.
  • Perfect Forward Secrecy: Generates random public keys for every session. Even if one key is compromised, only that specific session's data is exposed.

Comparison: Symmetric vs. Asymmetric

PropertySymmetricAsymmetric
Key UsageSame key for Encr/DecrPublic/Private Key pair
Key LengthSmall (100 bits\sim 100\text{ bits})Large (2,000 bits\sim 2,000\text{ bits})
SpeedFastSlow (Resource intensive)
Number of Keysn(n1)2\frac{n(n-1)}{2} (One per pair)2n2n (22 per person)
ConfidentialityYesYes
Digital SigningNoYes
ExamplesRC4, AES, 3DES, BlowfishRSA, Diffie-Hellman, ECC, El Gamal
UsageATM, Backup/RestoreSSL, SSH, Digital Signing
  • Hybrid Approach: In practice, asymmetric algorithms are often used first to securely exchange a symmetric key, which is then used for the duration of the session for speed.

Cryptography in Security Applications

  • Data Protections Provided:     * Confidentiality: Only authorized parties can view data.     * Integrity: Ensures data is unaltered; if data is unreadable, it cannot be modified meaningfully.     * Authentication: Verifies the sender (e.g., via digital signatures).     * Nonrepudiation: Proves a user performed a specific action; they cannot deny it.     * Obfuscation: Making something obscure or unclear to hide the logic or key.
  • Protection States:     * Data in Transit: Protected via protocols like SSL/SSH.     * Data in Use / At Rest:         * Software Solutions: VeraCrypt, Windows BitLocker, Apple FileVault.         * Hardware Solutions: Self-Encrypting Drives (SED), Hardware Security Modules (HSM).

Questions & Discussion

  • Question: Which cryptographic algorithm uses transposition?     * Answer: Rail Fence cipher.
  • Scenario: Ali wants to encrypt a message for Sameera using an asymmetric algorithm. To ensure secrecy so only Sameera can read it, what must happen?     * Answer: Ali must use Sameera's public key to encrypt the message. Sameera must then use her private key to decrypt it.