Cryptography

Objectives

Understanding Cryptography Concepts, Overview of Encryption Algorithms, Cryptography, Cryptography Tools, Understanding Public key Infrastructure, Understanding Email Encryption, Understanding disk encryption, Understanding cryptographic attacks, cryptanalysis

Cryptography Concepts

  • The conversion of data into a scrambled code that is decrypted and sent over a private or public network
    • Used for email messages, chat sessions, web transactions, personal data, corporate data, e-commerce apps, etc.
  • Types of Cryptography
    • Symmetric Encryption: Uses the same key for encryption as it does for decryption
    • Asymmetric Encryption: Uses different key for encryption for encryption and decryption
  • Government Access to Keys (GAK)
    • Software companies will give copies of all keys
    • Government promises they will hold on to the keys in a secure will, and will only use them when a court issues a warrant to do so
      • Gives them ability to wiretap phones

Encryption Algorithms

  • Cipher is an algorithm for performing encryption and decryption
    • Classical Cipher: Most basic type, operates on the alphabet (A-Z)
    • Modern Ciphers: provide secrecy, integrity, and authentication of sender. Uses a one-way mathematical function capable of factoring large prime numbers *Block Ciphers: Deterministic algorithm operating on block of fixed size with an unvary transofmration specified by a symmetric key.
      • Stream Ciphers: Symmetric key ciphers are plaintext digits combined with a key stream (random).
    • Data Encryption Standard (DES)
      • Uses a secret key for both encryption and decryption (symmetric). 62 bit secret key.
    • Advanced Encryption Standard (AES): Symmetric key algorithm for securing sensitive but unclassified material by U.S. Government agencies (128 bit)
    • RC4 variable key size stream cipher
    • RC5: parameterized algorithm with variable block size, 128 bits
    • RC6: Symmetric key block cipher derived from RC5
    • Digital Signature Algorithm(DSA): Specifies algorithm to be used in the generation and verification of digital signatures for sensitive, unclassified application
    • Digital Signature: Computed using a set of rules (I.e, the DSA) and a set of parameters
    • RSA (Rivest Shamir Adleman)
      • RSA is an internet encryption and authentication system
      • Widely used and is one of the de facto encryption standard
      • Uses modular arithmetic and elementary number theories
    • Message Digest (one way Hash)
      • Hash functions calculate a unique fixed-size bit string
      • Every output bit has a 50% of changing
      • MD5, SHA 128/256
  • Secure Hashing Algorithms
    • SHA-1: Produces 160 digest with maximum length 264-1, resembles MD5
    • SHA-2: comprised of SHA-256 and SHA-512(64 bit)
    • SHA-3: Uses sponge construction in which message block are XORed
  • What is SSH (Secure Shell)
    • Replacement for telnet
    • Provides an encrypted channel
    • Provides strong host-to-host and user authentication

Public Key Infrastructure

  • Public Key infrastructure (PKI): set of hardware, software, people, policies, and procedures required to create, manage, distribute, use , store, and revoke digital certificates
  • Signed CA vs Self Signed: Signed is more trustworthy

Email Encryption

  • Digital signature used asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form
    • A digital signature may be further protection, by encrypting the signed email
  • SSL (Secure Sockets Layer): SSL is an app protocol developed for netscape for managing the security of a message transmission on the internet
    • It uses RSA asymmetric (public key) encryption
  • Transport Layer Security (TLS): Protocol to establish a secure connection between a client and a sever. Uses RSA algorithm with 1024 and 2048 bit strengths

Cryptographic Attacks

  • Ciphertext only attack: goal of this attack to recover encryption key from cipher text
  • Adaptive Chosen-plaintext attack: attacker makes a series of interactive queries
  • Chosen-plaintext attack: attacker defines his own plaintext, feeds it into the cipher, and analyzes the resulting cipher text
  • Chosen-plaintext Attack: Attacker defines his own plaintext, feeds it into the cipher, and analyzes the resulting ciphertext
  • Known-plaintext Attack: Attacker has knowledge of some part of the plain text
  • Code Breaking Methodologies:
    • Trickery and Deceit: Social Engineering techniques
    • Brute Force: trying every possible combination
    • One-Time pad: contains many non-repeating groups of letters or number keys which are randomly chosen
    • Frequency Analysis: Study the frequency of letters or groups of letters in a ciphertext
  • MITM on digital sig schemes
    • Attack works by encrypting one end and decrypting from the other end, the meeting in the middle
      • Can be used for forging signatures even on digital signatures
  • Side Channel Attack: Physical attack performed on a cryptographic device/cryptosystem to gain sensitive informations

results matching ""

    No results matching ""