Week 6 Notes: Cryptography & Access Control

Week 6 Notes: Cryptography & Access Control

Cryptography – Part 1
  • Definition and purpose
    • Cryptography protects information and communications using codes so that only intended recipients can read/process it.
    • Origin of terms:
    • crypto: hidden/secret
    • ology: study of/theory of
    • graph: write/writing
  • Related fields
    • Cryptology: study of codes (math foundations) including number theory and algorithms behind cryptography and cryptanalysis.
    • Cryptanalysis: code breaking; studying ciphertext/ciphers/cryptosystems to defeat or weaken them; aims include decrypting ciphertext without plaintext, key, or algorithm knowledge; may target secure hashing, digital signatures, etc.
  • Key concepts and vocabulary
    • Plaintext: text not tagged or encoded; input to cryptographic algorithms; sometimes confused with cleartext (data transmitted or stored unencrypted).
    • Ciphertext: result of encrypting plaintext with a cipher; unreadable without the proper key; not the same as codetext (code-based output).
    • Encryption: process of encoding a message so only authorized parties can access it (does not prevent interference, but hides intelligible content).
    • Decryption: reverse of encryption; transforms ciphertext back to plaintext; may use keys/passwords.
    • Symmetric (private-key) vs Asymmetric (public-key) cryptography.
    • Plaintext vs Ciphertext distinction reiterated; ensure clarity when discussing transformations.
  • Quick cipher history and examples
    • Caesar Cipher: simple substitution; shift letters by a fixed number; e.g., shift = 1 maps A→B, B→C; easily breakable; origin linked to Julius Caesar.
    • Vigenère Cipher: polyalphabetic, extends Caesar; uses multiple shift alphabets; ROT13 is a Caesar cipher with a shift of 13; Caesar alone offers little real security.
    • Substitution ciphers: replace each plaintext symbol with another symbol according to a fixed scheme; key is the substitution mapping; example provided shows mapping with key = 3.
    • Polyalphabetic ciphers: use multiple alphabets; Vigenère is a classic example; Enigma machine is a real-world polyalphabetic substitution cipher device.
  • Enigma machine (historical example)
    • Early-mid 20th century device used for secure communications; rotor mechanism scrambles 26 letters; operator inputs plaintext, lights indicate ciphertext; daily changing settings and pre-shared secret key material were essential; Allied cryptanalysis leveraged procedural weaknesses and captured materials to turn the tide in WWII.
  • Block vs Stream ciphers (high-level) – key distinction
    • Block ciphers: encrypt fixed-size blocks of data (n bits) at a time; common block sizes: 64, 128, 256 bits; padding used when plaintext length is not a multiple of the block size.
    • Stream ciphers: encrypt data one bit/byte at a time using a keystream; aim to approximate a one-time pad; keystream should be unpredictable and keys must not be reused.
  • One-time pad (OTP) and practical limits
    • OTP can achieve “perfect secrecy” if key is purely random, as long as the message, and never reused.
    • Practical issue: key length must be at least as long as plaintext; e.g., encrypting 500 MB video would require a key of 4 Gbits; thus OTP is impractical for everyday use.
  • Stream cipher concepts
    • Synchronous stream cipher: keystream generated independently of plaintext/ciphertext and XORed with plaintext for encryption; typical form uses binary digits (bits).
    • Self-synchronising stream ciphers (asynchronous CTR-style/CTAK): keystream depends on prior ciphertext; can recover synchronization after some ciphertext; example: Cipher Feedback (CFB) mode behaves like a self-synchronising stream cipher.
    • RC4: very popular historical stream cipher; widely used in WEP, WPA, TLS; vulnerabilities discovered over time; RFC 7465 (Feb 2015) prohibited RC4 in TLS; pushed use of alternative stream ciphers.
    • Attacks on RC4 include several named attacks (e.g., Fluhrer-Mantin-Shamir, Klein, NOMORE, Royal Holloway, Bar-Mitzvah) indicating weakening RC4’s security.
  • DES and successors (block ciphers)
    • DES (Data Encryption Standard): 64-bit block cipher with 56-bit effective key length (8 parity bits included in 64-bit key, yielding 56 bits of actual key material).
    • DES has 16 rounds; initial and final permutations; per-round keys are 48 bits derived from the 56-bit key.
    • Decryption uses the same structure with round keys applied in reverse order.
  • 3DES (Triple DES) and keying options
    • 3DES encrypts each 64-bit block three times in a specific sequence; effective security depends on keying option:
    • Option 1: K1, K2, K3 are all independent; 3 × 56-bit keys = 168-bit security (3TDEA); strongest option but vulnerable to meet-in-the-middle (MITM) attacks requiring ~2^56 steps for some MITM variants; MITM is a primary reason Double DES failed and 3DES with 168 bits faced such concerns.
    • Option 2: K1 and K2 independent, K3 = K1; 112-bit effective key; sometimes called 2TDEA; MITM caveats remain; deprecated by NIST.
    • Option 3: K1 = K2 = K3; effectively DES; backward compatible but not secure for modern use; not allowed by ISO/IEC 18033-3 and not allowed by NIST.
    • Encryption sequence: Ciphertext = EK3(DK2(E_K1(Plaintext)))
    • Decryption sequence: Plaintext = DK1(EK2(D_K3(Ciphertext)))
  • DES internals and Feistel structure (brief)
    • DES uses a Feistel network with 16 rounds; input split into L0 and R0; for each round n: L{n+1} = Rn; R{n+1} = Ln
    • The Mangler Function (F-function) takes Rn, expands to 48 bits, XORs with per-round key Kn, goes through S-boxes to produce a 32-bit value, which is XORed with Ln to form R{n+1}.
    • The E-Box (Expansion), Key Mixing, S-Boxes, and P-Box (Permutation) operations realize confusion and diffusion.
  • DES security and side considerations
    • DES is now considered deprecated for new designs due to short key length; today, Triple DES or AES preferred.
  • Other notable block ciphers
    • IDEA: 64-bit block, 128-bit key, Lai–Massey structure; decryption uses a different key schedule but reversible in the same direction as encryption; considered a DES successor in some contexts.
    • Blowfish: 64-bit block, variable key length 32–448 bits, 16 rounds; uses P-arrays and four large S-boxes; fast in software; not as widely used as AES; Schneier later recommended Twofish as modern successor.
    • RC5: flexible block size (32/64/128), key length 0–2040 bits, 0–255 rounds; simple design; susceptible to differential attacks if under-parameterised; 12 rounds originally suggested; higher rounds recommended for stronger security.
    • RC4: stream cipher (noted earlier); widespread historical use but vulnerabilities led to deprecation in TLS (RFC 7465).
  • RSA and other asymmetric algorithms (brief)
    • RSA and DSA mentioned as examples of asymmetric key algorithms; DH (Diffie-Hellman) for secure key exchange; ECC (elliptic curve cryptography) as other asymmetrical approaches.
  • Advanced Encryption Standard (AES) and Rijndael (detailed)
    • AES: standardized as Rijndael with block size 128 bits; key lengths 128, 192, 256 bits; structure is substitutions-permutations, not a Feistel network; operates on 4x4 byte state; calculations largely in a finite field.
    • Rijndael family supports varying block sizes in theory, but AES standard uses 128-bit blocks.
  • AES round structure and stages
    • Rounds: 10 (128-bit key), 12 (192-bit), 14 (256-bit).
    • Each round includes SubBytes, ShiftRows, MixColumns (except final round which omits MixColumns), and AddRoundKey.
    • KeyExpansion derives a separate 128-bit round key for each round plus one extra key block for initial AddRoundKey.
    • State array is 4x4 bytes; round transformations are performed on this state.
    • Final round structure mirrors the initial rounds but without the MixColumns step.
  • AES implementation considerations and attacks
    • Until 2009, public attacks on AES were mostly side-channel (timing, power, electromagnetic leaks) rather than cryptanalytic weaknesses in the algorithm itself.
    • Side-channel attacks are practical concerns in real implementations, though the algorithm remains secure when correctly implemented.
  • Block cipher modes of operation (to securely use ciphers for larger data)
    • Need a mode of operation to securely transform longer data; IVs are commonly used to randomize encryption.
    • Common modes: ECB, CBC, CFB, OFB, CTR, GCM.
  • ECB mode
    • Encrypts each block independently; poor diffusion; identical plaintext blocks yield identical ciphertext blocks; not recommended for confidentiality.
  • CBC (Cipher Block Chaining) mode
    • Each plaintext block XORed with previous ciphertext block before encryption; requires IV for first block; sequential (not parallelizable) and requires padding to block size; one-bit changes affect all following blocks; ciphertext stealing can handle non-multiple-length messages.
  • Effects of incorrect IV and padding oracle risks
    • Decrypting with wrong IV corrupts the first plaintext block; subsequent blocks can still decrypt correctly because XOR uses previous ciphertext, not previous plaintext.
    • Decryption with incorrect IV can lead to POODLE-like attacks, where padding or decryption behavior leaks information.
  • CFB (Cipher Feedback) mode
    • Transforms a block cipher into a self-synchronising stream cipher; decryption is nearly the inverse of CBC encryption; if part of ciphertext is lost, receiver can continue decrypting after resynchronisation; encryption cannot be parallelized; decryption can be parallelized.
    • Similar to CBC in propagation characteristics; does not require padding (though padding can be used in other modes).
  • OFB (Output Feedback) mode
    • Turns a block cipher into a synchronous stream cipher; keystream blocks XOR with plaintext; flipping a ciphertext bit flips the corresponding plaintext bit.
    • Encryption and decryption are the same operation; cannot be parallelized across blocks because keystream depends on previous outputs.
  • CTR (Counter) mode
    • Also a stream-like mode; keystream blocks produced by encrypting successive counter values; random access property in decryption; well-suited for parallel encryption of blocks; IV/nonce must be non-repeating to avoid collisions; counter can be incremented or combined with nonces as long as the counter stream is unique.
  • GCM (Galois Counter Mode)
    • Authenticated encryption mode combining confidentiality and integrity; efficient in hardware and software; 128-bit block ciphers (AES) with GCM provide both encryption and authentication.
    • Widely adopted in network security protocols and standards (IEEE 802.1AE, IEEE 802.11ad, IPSec, TLS, SSH, etc.); included in NSA Suite B.
  • Key takeaways for modes
    • ECB should be avoided for confidentiality due to pattern leakage.
    • CBC, CFB, OFB, CTR each have distinct properties in terms of parallelizability, padding, and error propagation.
    • GCM provides authenticated encryption; important for integrity as well as confidentiality.
Access Control – Overview
  • Core concept
    • Access Control regulates who or what can view or use resources in a computing environment.
    • Two main domains: Physical access control (campuses, buildings, rooms, physical IT assets) and Logical access control (networks, systems, data).
  • Core triad: Identification, Authentication, Authorization
    • Identification: claiming who someone is (e.g., via a username). Foundation for access control.
    • Authentication: verifying the claimed identity (proof of who you are).
    • Authorization: verifying that an authenticated entity can perform a requested action on a resource.
  • Multifactor Authentication (MFA)
    • MFA requires two or more authentication factors from independent categories to strengthen security.
    • Goal: layered defence; if one factor is compromised, others still protect access.
  • Authentication factors (three classic categories)
    • Knowledge: something you know (password, passphrase, PIN, secret questions) – caveat: questions can be weak due to public information.
    • Possession: something you have (OTP device, smart card, security token, USB token, key fob).
    • Inherence: something you are (biometrics: fingerprint, iris/retina, voice, face, etc.).
  • Additional potential factors
    • Location: where you are (geolocation) can be used as a fourth factor.
    • Time: when you authenticate (time-based constraints) can be used as a fourth or fifth factor.
  • Authentication, Authorization, and Identification in practice
    • A user is identified, authenticated, and then authorized to access resources per policies.
    • Even if authenticated, lack of proper authorization can block access.
Access Control Models
  • Overview
    • Models govern how access rights are assigned and enforced; many models exist depending on policy, compliance, and security needs.
  • Attribute-based Access Control (ABAC)
    • Access decisions based on attributes of users, resources, and environment; flexible in distributed and dynamic environments.
    • Examples of attributes: user attributes, resource attributes, environmental conditions; see NIST SP 800-162 for more details.
  • Discretionary Access Control (DAC)
    • Owners or data/resource owners define who may access resources; centralised control may be lacking; common in many systems (hierarchies of permissions).
  • Mandatory Access Control (MAC)
    • Central authority assigns access rights based on security labels (e.g., CONFIDENTIAL, SECRET, TOP SECRET); users do not determine access; often used in government/military contexts.
  • Role-Based Access Control (RBAC)
    • Access determined by job roles; reduces discretionary control; roles include role authorisations and permissions; can enforce MAC and DAC frameworks; example: HR personnel should not create network accounts—this is a role for admins.
  • Rule-Based Access Control (Rule-Based RBAC)
    • System administrators define rules that govern access; rules can depend on conditions like time of day or location; often implemented alongside role-based controls; includes access-control lists.
  • Other model variants mentioned
    • Graph-Based Access Control (GBAC)
    • History-Based Access Control (HBAC)
    • Identity-Based Access Control (IBAC)
    • Lattice-Based Access Control (LBAC)
    • Organization-Based Access Control (OrBAC)
    • Ruleset Based Access Control (RSBAC)
    • Responsibility Based Access Control (RBAC)
  • Practical notes
    • Many organisations use combinations of models (e.g., RBAC with ABAC or RBAC with rule-based constraints) to reflect complex policies.
Week 6 Activities and Readings
  • Read all Week 6 materials on vUWS
  • Optional/extra reading: Pfleeger & Pfleeger, Security in Computing (5th ed., 2015)
    • Chapter 2 Section 1: Authentication
    • Chapter 2 Section 2: Access Control
    • Chapter 2 Section 3: Cryptography
    • Chapter 12 Section 1: Cryptology
    • Chapter 12 Section 2: Symmetric Encryption Algorithms
  • Engage with online resources and prepare questions for discussion at the next lecture.
Quick references and formulas from the lecture
  • DES Feistel round relations (schematic):
    • L<em>n+1=R</em>nL<em>{n+1} = R</em>n
    • R{n+1} = Ln igoplus M{Rn}(K_n)
    • where Mangler Function $M{Rn}$ expands $Rn$, xors with round key $Kn$, passes through S-boxes, producing a 32-bit output fed back to XOR with $L_n$.
  • DES round structure summary: 16 rounds with 64-bit input/output; 56-bit effective key; initial permutation and inverse permutation.
  • 3DES encryption/decryption formulas (three DES operations in sequence):
    • Ciphertext=E<em>K3(D</em>K2(EK1(extPlaintext)))Ciphertext = E<em>{K3}(D</em>{K2}(E_{K1}( ext{Plaintext})))
    • extPlaintext=D<em>K1(E</em>K2(DK3(extCiphertext)))ext{Plaintext} = D<em>{K1}(E</em>{K2}(D_{K3}( ext{Ciphertext})))
  • AES block and round structure (high level)
    • Block size: 128 bits; key sizes: 128, 192, 256 bits.
    • Rounds: 10, 12, 14 depending on key size.
    • Rounds consist of SubBytes, ShiftRows, MixColumns (except final round), and AddRoundKey; key expansion derives round keys.
  • Block cipher modes – key concepts
    • ECB leaks patterns; CBC uses previous ciphertext for chaining; IV ensures uniqueness; CFB, OFB turn block ciphers into stream ciphers with varying synchronisation properties; CTR uses a counter to generate keystream; GCM provides authenticated encryption.
  • AES structural stages (high level)
    • KeyExpansion → AddRoundKey → [SubBytes, ShiftRows, MixColumns, AddRoundKey] repeated for each round; final round omits MixColumns.
Notes on practical relevance and implications
  • Security landscape overview
    • Symmetric ciphers (DES, 3DES, AES, Blowfish, Twofish, IDEA, RC5/RC6) are the workhorses for bulk data encryption; modern deployments favor AES (128/192/256).
    • RSA/DSA/DH/ECC are common asymmetric tools used for key exchange, digital signatures, and identity verification.
    • Mode choice (ECB/CBC/CFB/OFB/CTR/GCM) has critical implications for security properties like confidentiality, integrity, parallelism, and resistance to padding and timing attacks.
  • Industry considerations and best practices
    • RC4 is deprecated due to vulnerabilities; migrate away from RC4 in TLS and other protocols.
    • Use AES-GCM or AES in secure modes with authenticated encryption to guard both confidentiality and integrity.
    • Apply MFA to strengthen authentication processes; combine with robust access control models to enforce least privilege.
  • Ethical and practical implications
    • Proper key management, padding schemes, and IV/nonce handling are essential to prevent subtle security flaws.
    • Side-channel attacks underscore the importance of secure implementation, not just algorithmic strength.
    • Compliance and policy alignment (MAC/DAC/RBAC/ABAC, etc.) are crucial for large organisations to meet regulatory and governance requirements.