CryptographyCryptography
TerminologyTerminology
AlgorithmAlgorithm Mathematical rules used for encryption and Mathematical rules used for encryption and
decryptiondecryption
CiphertextCiphertext Data in encrypted formatData in encrypted format
Plaintext or cleartextPlaintext or cleartext Data in readable formatData in readable format
NonrepudiationNonrepudiation Sender cannot deny sending the message, receiver Sender cannot deny sending the message, receiver
cannot deny receiving itcannot deny receiving it
CryptosystemCryptosystem Hardware or software implementation of Hardware or software implementation of
cryptography that transforms a message to cryptography that transforms a message to ciphertext and back to plaintext Cryptanalysisciphertext and back to plaintext Cryptanalysis
Practice of obtaining plaintext from ciphertext Practice of obtaining plaintext from ciphertext without a keywithout a key
EncipherEncipher Act of converting plaintext to ciphertextAct of converting plaintext to ciphertext
DecipherDecipher Act of converting ciphertext to plaintextAct of converting ciphertext to plaintext
KeyKey Sequence of bits and instructions that Sequence of bits and instructions that
governs the act of encryption and decryptiongoverns the act of encryption and decryption
Key ClusteringKey Clustering Instance when two different keys generate the Instance when two different keys generate the
same ciphertext from the same plaintextsame ciphertext from the same plaintext
KeyspaceKeyspace Possible values used to construct keysPossible values used to construct keys
Work factorWork factor Estimated time, effort, and resources Estimated time, effort, and resources
necessary to break a cryptosystemnecessary to break a cryptosystem
Strength of CryptosystemsStrength of Cryptosystems
StrengthStrength refers to the work factor to break refers to the work factor to break an encryption algorithm or keyan encryption algorithm or keyStrength increases by:Strength increases by: Using a large keyspaceUsing a large keyspace Using a large key lengthUsing a large key length Making sure the key is not predictable (truly Making sure the key is not predictable (truly
random)random) Using a mathematically thorough and complex Using a mathematically thorough and complex
algorithmalgorithm
Cipher TypesCipher Types
Substitution cipherSubstitution cipher Replaces bit, bytes, or blocks of characters Replaces bit, bytes, or blocks of characters
with different valueswith different values
Transposition cipherTransposition cipher Rearranges bits, bytes, or blocks of Rearranges bits, bytes, or blocks of
characterscharacters
Both are vulnerable to Both are vulnerable to frequency analysisfrequency analysis Certain words occur more frequently than Certain words occur more frequently than
others (the, a, and) so there will be patterns in others (the, a, and) so there will be patterns in the ciphertextthe ciphertext
Concealment cipherConcealment cipher Ciphertext is hidden in another message or Ciphertext is hidden in another message or
filefile SteganographySteganography
Act of hiding messages in graphic imagesAct of hiding messages in graphic images
Least significant bit in each byte is replaced with Least significant bit in each byte is replaced with message without degrading the image enough to message without degrading the image enough to be detectedbe detected
Messages can also be hidden in sound files Messages can also be hidden in sound files and in media and in media slack space, slack space, free space, or free space, or clusters marked badclusters marked bad
U.S. Government & CryptoU.S. Government & CryptoNational Security Agency (NSA) conducts National Security Agency (NSA) conducts research and regulates encryption research and regulates encryption algorithmsalgorithmsNSA funded research has yielded most of NSA funded research has yielded most of the encryption techniques we use todaythe encryption techniques we use todayNSA supports NSA supports key escrowskey escrows, where private , where private key is held by a separate entity and key is held by a separate entity and available to law enforcementavailable to law enforcement Fair cryptosystemsFair cryptosystems go one step further and go one step further and
break the private key into 2 or more pieces break the private key into 2 or more pieces that are held by multiple entitiesthat are held by multiple entities
Encryption MethodsEncryption Methods
Symmetric cryptographySymmetric cryptography Both parties use the same Both parties use the same secret keysecret key for encryption for encryption
and decryptionand decryption StrengthsStrengths
Very fastVery fast
Hard to break with large key sizeHard to break with large key size WeaknessesWeaknesses
Secure exchange of secret keys is difficultSecure exchange of secret keys is difficult
Difficulty of managing many keys limits scalabilityDifficulty of managing many keys limits scalability
Provides confidentiality, but not authenticity or Provides confidentiality, but not authenticity or nonrepudiationnonrepudiation
Asymmetric cryptographyAsymmetric cryptography Message is encrypted using one key and decrypted using a Message is encrypted using one key and decrypted using a
different key (one way function)different key (one way function) Used in public key cryptography, one key held by a person is Used in public key cryptography, one key held by a person is
called the called the private keyprivate key, one widely known key is called the , one widely known key is called the public public keykey
Can insure confidentialityCan insure confidentialitySender encrypts message using receivers public key (Sender encrypts message using receivers public key (Secure Secure Message FormatMessage Format))
Can provide authentication (digital signature)Can provide authentication (digital signature)Sender encrypts message using their own private key (Sender encrypts message using their own private key (Open Open Message FormatMessage Format))
Can provide confidentiality and authenticationCan provide confidentiality and authenticationSender encrypts message using their own private key then encrypts Sender encrypts message using their own private key then encrypts the ciphertext using the receivers public key (the ciphertext using the receivers public key (Secure and Signed Secure and Signed FormatFormat))
WeaknessesWeaknessesMuch slower than symmetrical systemsMuch slower than symmetrical systems
Symmetric Cipher TypesSymmetric Cipher Types
Block cipherBlock cipher Message is divided into blocks of bitsMessage is divided into blocks of bits Blocks go through mathematical substitution Blocks go through mathematical substitution
and/or transposition algorithmsand/or transposition algorithms
Stream cipherStream cipher Each bit or byte is transformed individually Each bit or byte is transformed individually
using using keystream datakeystream data The same plaintext bit or byte will yield a The same plaintext bit or byte will yield a
different cyphertext bit or bytedifferent cyphertext bit or byte
Symmetric CryptosystemsSymmetric CryptosystemsData Encryption Standard (DES)Data Encryption Standard (DES)
56-bit key56-bit key Considered weakConsidered weak
Triple-DES (3DES)Triple-DES (3DES) 168-bit key168-bit key 225656 time stronger than DES time stronger than DES
ModesModes Electronic Code Book (ECB) ModeElectronic Code Book (ECB) Mode
Block cipher method where a given plaintext block will always yield the same Block cipher method where a given plaintext block will always yield the same ciphertextciphertextIncorporates padding to make sure blocks are of a specific sizeIncorporates padding to make sure blocks are of a specific size
Cipher Block Chaining (CBC) ModeCipher Block Chaining (CBC) ModeBlock cipher method algorithm utilizes a value from the previous block so Block cipher method algorithm utilizes a value from the previous block so that different ciphertext is produced for an identical plaintext blockthat different ciphertext is produced for an identical plaintext block
Cipher Feedback (CFB) ModeCipher Feedback (CFB) ModeBlock cipher where previous data block is combined with the next block Block cipher where previous data block is combined with the next block
Output Feedback (OFB) ModeOutput Feedback (OFB) ModeSimilar to CFB mode except It is working as a stream cipherSimilar to CFB mode except It is working as a stream cipher
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES) NSA replacement for 3DES to protect sensitive NSA replacement for 3DES to protect sensitive
unclassified dataunclassified data Rijndael Algorithm (developed by Daemon & Rijmen)Rijndael Algorithm (developed by Daemon & Rijmen) 128-bit, 192-bit, 256-bit keys128-bit, 192-bit, 256-bit keys
International Data Encryption Algorithm (IDEA)International Data Encryption Algorithm (IDEA) 128-bit key128-bit key Similar to DES but much strongerSimilar to DES but much stronger Not an open standard (costs $ to use)Not an open standard (costs $ to use)
BlowfishBlowfish Variable key length to 448-bitVariable key length to 448-bit
RC5RC5 Variable key length to 2048-bitVariable key length to 2048-bit
Asymmetric CryptosystemsAsymmetric Cryptosystems
RSARSA Most popular asymmetric systemMost popular asymmetric system Used in SSL and PGPUsed in SSL and PGP
El GamalEl Gamal
Elliptical Curve Cryptosystem (ECC)Elliptical Curve Cryptosystem (ECC) Similar to RSA, but takes less computing Similar to RSA, but takes less computing
power for encryptionpower for encryption
Hybrid Cryptosystem - PKIHybrid Cryptosystem - PKIPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
All crypto components necessary to support confidentiality, All crypto components necessary to support confidentiality, nonrepudiation, and integrity among dispersed groups of usersnonrepudiation, and integrity among dispersed groups of users
Defined by the X.509 ISO StandardDefined by the X.509 ISO Standard SSL uses PKISSL uses PKI
Random Random session keysession key is created by sender (by browser in SSL is created by sender (by browser in SSL protocol)protocol)Sender encrypts message with session key (with SSL, session key Sender encrypts message with session key (with SSL, session key will be used to encrypt all traffic between the server and the will be used to encrypt all traffic between the server and the browser)browser)Sender encrypts session key with receivers public keySender encrypts session key with receivers public keyPublic key is provided to sender by a trusted Certificate Authority Public key is provided to sender by a trusted Certificate Authority (CA)(CA)
The CA has verified the identity of the key holder and has bound an The CA has verified the identity of the key holder and has bound an identifying certificate to the keyidentifying certificate to the key
Sender transmits message ciphertext and session key ciphertextSender transmits message ciphertext and session key ciphertextReceiver decrypts session key ciphertext using private key Receiver decrypts session key ciphertext using private key (nonrepudiation, integrity)(nonrepudiation, integrity)Receiver decrypts message using session key (confidentiality)Receiver decrypts message using session key (confidentiality)
HashesHashes
Known one-way function that takes a variable Known one-way function that takes a variable length string and creates a fixed length hash length string and creates a fixed length hash valuevalueIdentical string yields exactly the same hash Identical string yields exactly the same hash valuevalueNo other string will yield an identical hash valueNo other string will yield an identical hash valueHash value is also called a Hash value is also called a message digestmessage digestUsed to create a fingerprint of a message or fileUsed to create a fingerprint of a message or fileMD2, MD4, MD5MD2, MD4, MD5 128-bit hash value128-bit hash value
Secure Hash Algorithm (SHA)Secure Hash Algorithm (SHA) 160-bit hash value160-bit hash value
Digital SignaturesDigital Signatures
An encrypted hash valueAn encrypted hash valueMessage has a one-way hash run on itMessage has a one-way hash run on itHash value is encrypted using senders private keyHash value is encrypted using senders private keyMessage and encrypted hash value (digital signature) is Message and encrypted hash value (digital signature) is transmittedtransmittedReceiver runs same one-way hash function on messageReceiver runs same one-way hash function on messageReceiver decrypts transmitted digital signature using Receiver decrypts transmitted digital signature using senders public key and compares it to the receiver senders public key and compares it to the receiver generated hash valuegenerated hash valueIf they agree, message has not been modified (integrity) If they agree, message has not been modified (integrity) and was sent by private key holder (authentication)and was sent by private key holder (authentication)If the whole message is encrypted, confidentiality is If the whole message is encrypted, confidentiality is achievedachievedSHA is commonly used for digital signaturesSHA is commonly used for digital signatures
Communications EncryptionCommunications Encryption
Link encryptionLink encryption All data, headers, trailers, All data, headers, trailers,
routing data are encrypted routing data are encrypted between two pointsbetween two points
Packets are decrypted at Packets are decrypted at each hopeach hop
AdvantagesAdvantagesWorks without user Works without user interventioninterventionAll data is encryptedAll data is encrypted
DisadvantagesDisadvantagesMore points of vulnerabilityMore points of vulnerabilityKey distribution is a Key distribution is a challengechallenge
End-to-end encryptionEnd-to-end encryption Data is encrypted, headers, Data is encrypted, headers,
trailers, routing data is nottrailers, routing data is not Data is only decrypted at Data is only decrypted at
the destinationthe destination AdvantagesAdvantages
Keys only need to be Keys only need to be shared at origin and shared at origin and destinationdestinationData stays encrypted from Data stays encrypted from start to finishstart to finish
DisadvantagesDisadvantagesHeaders and routing data Headers and routing data are readable are readable Origin and destination Origin and destination must agree on encryptionmust agree on encryption
E-mail SecurityE-mail Security
Privacy-Enhanced Mail (PEM)Privacy-Enhanced Mail (PEM) Internet standard for protecting emailInternet standard for protecting email Message is DES encryptedMessage is DES encrypted Authenticated using MD5Authenticated using MD5 Key management using RSAKey management using RSA X.509 standard (PKI) used for key distributionX.509 standard (PKI) used for key distribution
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP) Widely used email cryptosystemWidely used email cryptosystem Public keys are distributed using “web of trust” model Public keys are distributed using “web of trust” model
– users sign others public keys and distribute them or – users sign others public keys and distribute them or user accepts public key directly from a trusted senderuser accepts public key directly from a trusted sender
List of public keys are called List of public keys are called key ringkey ring
Web SecurityWeb Security
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL) Protects the entire communication channel Protects the entire communication channel
between the browser and the serverbetween the browser and the server SSL can be used for other communication SSL can be used for other communication
protocols like FTP or SMTPprotocols like FTP or SMTP
HTTPSHTTPS SSL over HTTPSSL over HTTP
Remote Terminal SecurityRemote Terminal Security
Secure Shell (SSH)Secure Shell (SSH) Creates an encrypted tunnel between two Creates an encrypted tunnel between two
computerscomputers Provides authentication and confidentialityProvides authentication and confidentiality Includes a built-in key sharing mechanismIncludes a built-in key sharing mechanism Commonly used with unix, routers, switchesCommonly used with unix, routers, switches Popular Windows clients:Popular Windows clients:
PuTTYPuTTY
SecureCRTSecureCRT
AttacksAttacks
Man-in-the-Middle AttackMan-in-the-Middle Attack Attacker inserts himself in the middle of a secure Attacker inserts himself in the middle of a secure
communications path and intercepts all communications. communications path and intercepts all communications. Sender believes they are communicating with the receiver when Sender believes they are communicating with the receiver when
they are actually communicating with the attacker, and the they are actually communicating with the attacker, and the attacker is communicated with the receiver. attacker is communicated with the receiver.
Dictionary AttackDictionary Attack Passwords are commonly stored as one-way hash valuesPasswords are commonly stored as one-way hash values Attacker can one-way hash an entire dictionary of words and Attacker can one-way hash an entire dictionary of words and
compare the hash values to the hashed passwords, likely finding compare the hash values to the hashed passwords, likely finding at least one matchat least one match
Replay AttackReplay Attack Attacker captures transmitted encrypted credentials and sends Attacker captures transmitted encrypted credentials and sends
those same strings to the server at a later time to impersonate those same strings to the server at a later time to impersonate the userthe user
HomeworkHomework
Read chapter 9Read chapter 9
Visit the Visit the www.sans.orgwww.sans.org reading room. reading room. Select and read 4 articles of your choice (I Select and read 4 articles of your choice (I recommend you look for ones that will help recommend you look for ones that will help you do your security audit group project). you do your security audit group project). Write a one paragraph summary of each Write a one paragraph summary of each article and include the URL of each article and include the URL of each document.document.