DACS 2201 / 06-Basic Cryptography
Introduction to Cryptography and Steganography
- Terminology and Concepts: * Cryptography: The process of scrambling data so it cannot be read or understood. It transforms information into an unintelligible, secure form to prevent unauthorized access. * Steganography: Unlike cryptography which scrambles data, steganography hides the very existence of the data. * Historical Steganography: Ancient Greeks performed this by writing messages on wooden tablets, covering them with wax, and then writing a fake, innocuous message on the wax. * Modern Steganography: Data is hidden within digital files such as images, audio, or video. * This is achieved by embedding data in unused portions of the file, such as header fields or between sections of metadata. * Metadata: Data used to describe the content or structure of the actual data.
Cryptographic Terminology
- Encryption: The process of converting original text into a secret message using cryptography.
- Decryption: The reverse process of encryption; changing a secret message back into its original plaintext form.
- Plaintext: Data that is unencrypted or the output after decryption has occurred.
- Ciphertext: The scrambled, unreadable output resulting from the encryption process.
- Cleartext: Data that is stored or transmitted without any form of encryption.
- Cipher: A cryptographic algorithm that acts as the mathematical formula or procedure used to transform plaintext into ciphertext and vice versa.
Fundamental Cryptographic Principles
- Kerckhoff’s Principle: A core rule in cryptography stating that the algorithm itself should not be secret; only the key must remain secret. * If a system relies on a secret algorithm and that algorithm is leaked, the entire system fails. * Most modern cryptographic algorithms are public and well-vetted.
- Key: A specific value used by a cryptographic algorithm to produce unique ciphertext. In keyed systems, if a key is used for encryption, a key is also required for decryption.
- Core Techniques: * Substitution: Replacing one letter or character with another. * Transposition: Rearranging the order of the original letters in the message.
Historical and Basic Ciphers
Caesar Cipher: * One of the oldest keyed substitution algorithms, attributed to Julius Caesar for military communications. * It uses a "shift" key. Caesar famously used a key of . * Example: Using Key , "I HAVE NO SECRETS" becomes "L KDYH QR VHFUHWV". * ROT-13: A specific Caesar cipher where the key is set to .
Pigpen Cipher: * A keyless substitution cipher historically used by the Freemasons. * Letters are substituted with symbols based on the geometric shapes (grids and Xs) that enclose them in a specific diagram template.
Vigen re Cipher: * A generalization of the Caesar cipher that uses a keyword (password) instead of a single number. * Process: It uses a grid where the horizontal axis represents plaintext letters and the vertical axis represents key letters. * If the message is longer than the key, the keyword is repeated. * The ciphertext letter is found at the intersection of the plaintext row and the key column. * Example: Keyword "BUCK" applied to "HELLO" results in "IYNVP".
Rail Fence Cipher (Zig-Zag Cipher): * A transposition algorithm where letters are written vertically in a zig-zag pattern across a specified number of lines (the key). * Encryption Process: 1. Write the message in a zig-zag pattern across the rows. 2. Read the results line by line horizontally to form the ciphertext. * Decryption Process: 1. Create a grid with the appropriate number of lines. 2. Mark the zig-zag path with placeholder characters. 3. Fill the placeholders horizontally with the ciphertext characters. 4. Read the message by following the diagonal zig-zag pattern.
Modern Cryptographic Methods
- Modern algorithms utilize computer-based computation and mathematical proofs to process data in three ways: * Stream Ciphers: Replace one character at a time. * Block Ciphers: Manipulate data in entire blocks (e.g., or ) simultaneously. * Sponge Functions: Accept input of any length and return output of a requested variable length.
Hash Algorithms
A hash algorithm takes an input (message or file) and produces a fixed-length string (the hash or message digest).
Characteristics of Secure Hashes: * Fixed Size Output: A single letter and a massive file will result in hashes of the exact same length. * Collision Resistant: Every unique input must produce a unique output. Different inputs should never result in the same hash. * Digital Fingerprint: Because they are unique, hashes verify file integrity. * Originality: It is impossible to reverse-engineer or create a data set to match a specific predefined hash. * One-way Encryption: Hashes cannot be "decrypted" back to the original data.
Common Functions: * Message Digest (MD): MD5 is the most famous but is now considered insecure due to vulnerabilities. * Secure Hash Algorithm (SHA): * SHA-1: No longer recommended. * SHA-2: Includes SHA-256, SHA-384, and SHA-512; currently considered secure. * SHA-3: Standardized in 2015; optimized for low-power IoT devices and sensors. * RIPEMD (Race Integrity Primitives Evaluation Message Digest): Features two independent parallel computation chains combined at the end. Versions include RIPEMD-128, 256, and 320.
Symmetric Cryptographic Algorithms
- Also known as Private Key Cryptography.
- Uses a single, identical key for both encryption and decryption. This key must be kept secret between communicating parties.
- Common Algorithms: * DES (Data Encryption Standard): Once popular, now insecure. * 3DES (Triple DES): Performs DES three times; now considered unsuitable. * RC (Rivest Cipher): Family of six stream ciphers; RC4 is common but currently insecure. * AES (Advanced Encryption Standard): Processes data in blocks; currently has no known successful attacks. * Blowfish: A block cipher with no known successful attacks.
Asymmetric Cryptographic Algorithms
- Also known as Public Key Cryptography.
- Solves the "key distribution problem" inherent in symmetric systems where users cannot easily meet to exchange keys.
- Key Pairs: Uses two mathematically related keys. * Public Key: Available to everyone and freely distributed. * Private Key: Known only to the owner.
- How it Works: If a message is encrypted with a public key, it can only be decrypted by the matching private key (and vice versa).
- Common Algorithms: * RSA (Rivest, Shamir, and Adleman): Uses prime number characteristics. Secure if keys are sufficiently large. * ECC (Elliptic Curve Cryptography): Relies on the mathematics of elliptic curves. It provides higher security with smaller key sizes, leading to faster computation and lower power use. Used in modern OSs and mobile devices. * DSA (Digital Signature Algorithm): Primarily used for electronic sender verification.
Key Exchange and Advanced Asymmetric Concepts
- Key Exchange Algorithms: These allow two parties to agree on a symmetric secret key while communicating over an insecure medium. * Diffie-Hellman (DH): Parties agree on a large prime number and a related integer. Through computation, they independently derive the same secret key. * Diffie-Hellman Ephemeral (DHE): Uses temporary keys that are discarded after one use. * Elliptic Curve Diffie-Hellman (ECDH): Combines DH with ECC principles.
- Perfect Forward Secrecy: Generates random public keys for every session. Even if one key is compromised, only that specific session's data is exposed.
Comparison: Symmetric vs. Asymmetric
| Property | Symmetric | Asymmetric |
|---|---|---|
| Key Usage | Same key for Encr/Decr | Public/Private Key pair |
| Key Length | Small () | Large () |
| Speed | Fast | Slow (Resource intensive) |
| Number of Keys | (One per pair) | ( per person) |
| Confidentiality | Yes | Yes |
| Digital Signing | No | Yes |
| Examples | RC4, AES, 3DES, Blowfish | RSA, Diffie-Hellman, ECC, El Gamal |
| Usage | ATM, Backup/Restore | SSL, SSH, Digital Signing |
- Hybrid Approach: In practice, asymmetric algorithms are often used first to securely exchange a symmetric key, which is then used for the duration of the session for speed.
Cryptography in Security Applications
- Data Protections Provided: * Confidentiality: Only authorized parties can view data. * Integrity: Ensures data is unaltered; if data is unreadable, it cannot be modified meaningfully. * Authentication: Verifies the sender (e.g., via digital signatures). * Nonrepudiation: Proves a user performed a specific action; they cannot deny it. * Obfuscation: Making something obscure or unclear to hide the logic or key.
- Protection States: * Data in Transit: Protected via protocols like SSL/SSH. * Data in Use / At Rest: * Software Solutions: VeraCrypt, Windows BitLocker, Apple FileVault. * Hardware Solutions: Self-Encrypting Drives (SED), Hardware Security Modules (HSM).
Questions & Discussion
- Question: Which cryptographic algorithm uses transposition? * Answer: Rail Fence cipher.
- Scenario: Ali wants to encrypt a message for Sameera using an asymmetric algorithm. To ensure secrecy so only Sameera can read it, what must happen? * Answer: Ali must use Sameera's public key to encrypt the message. Sameera must then use her private key to decrypt it.