Lesson 4: Basic Cryptography Concepts Flashcards
plaintext (or cleartext)
unencrypted message
ciphertext
an encrypted message
cipher
process (or algorithm) used to encrypt and decrypt a message
cryptanalysis
art of breaking or “cracking” cryptographic systems
cryptography
- “secret writing”
- historically, operated using simple substitution or transposition ciphers
security through obscurity
- to keep something secret by hiding it
- attempts to hide details of cipher (secret algorithm)
transport encryption
confidentiality means that a message cannot be deciphered without having the appropriate cipher and key (or alternatively the means to crack the cipher)
non-repudiation
- concept that the sender cannot deny sending message
- linked to identification and authentication
T or F. Cryptography can be used to design highly resilient control systems
True
control system
system with multiple parts, such as sensors, workstations, and servers, and complex operating logic
obfuscation
- art of making a message difficult to understand
- term used in conjunction with source code used to design computer applications
- obfuscated source code is rewritten in a way that does not affect the computer compiles or executes code, but makes it difficult for a person reading the code to understand how it works
white box cryptography
- attempts to protect an embedded key while preserving the functionality of the code have all been broken
- would offer much better Digital Rights Management (DRM) protection for copyright content such as music, video, and books
substitution ciper
- involves replacing units (a letter or blocks of letters) in the plaintext with different ciphertext
- simple substitution ciphers rotate or scramble letters of the alphabet
- example:
ROT13 (an example of Caesarian cipher) rotates each letter 13 places (so A becomes N for instance)
“Uryyb Jbeyq” means “Hello World”
transposition cipher
- units stay the same in plaintext and ciphertext, but their order is changed
- example: “HLOOLELWRD”
rail fence cipher
if you’re having trouble with the transposition cipher, try arranging groups of letters into columns
key
- most ciphers use a key to increase the security of the encryption process
- example: if you consider the Caesar cipher ROT13, you should realize that the key is 13
- key is important, because it means that even if the algorithm or cipher method is known, a message still cannot be decrypted without knowledge of the specific key
T or F. Most modern ciphers are made stronger by being open to review (cryptanalysis) by third-party researchers
True
keyspace
range of key values available to use with a particular cipher
- roughly equivalent to two to the power of the size of key
- some keys within the keyspace may be considered easy to guess (“weak”) and should not be used
- using a longer keys (2048 bits rather than 1024 bits, for instance) makes the encryption scheme stronger
T or F. Basic substitution and transposition ciphers are vulnerable to cracking by frequency analysis
True
frequency analysis
depends on the fact that some letters and groups of letters appear more frequently in natural language than others
T or F. A secure cipher must exhibit the properties of confusion and diffusion
True
confusion
- key should not be derivable from the ciphertext
- if one bit in key changes, many bits in ciphertext should change (each plaintext bit should have a 50% chance of flipping)
- same key should not be used by the algorithm in a predictable way when outputting ciphertexts from different plaintexts
- achieved by using complex substitutions, employing both whole key parts of the key to output ciphertext blocks
- confusion prevents attackers from selectively generating encrypted versions of plaintext messages and looking for patterns in their relationship to try to derive the key
diffusion
- means that predictable features of the plaintext should not be evident in the ciphertext
- if one bit of the plaintext is changed, many bits in the ciphertext should change as a result
- obtained through transposition
- prevents attackers from selectively determining parts of the message
- modern ciphers must use both substitution and diffusion to resist cryptanalysis attacks
trapdoor functions
basis of mathematical ciphers is to use an operation that is simple to perform one way (when all the values are known) but difficult to reverse
one-time pad
- an unbreakable encryption mechanism
- encryption key
- consists of exactly the same number of characters as the plaintext and must be generated by a truly random algorithm
- if used properly, one-time pads are unbreakable
XOR
- bitwise operation
- produces 0 if both values are the same and 1 if the values are different, or, put another way, an XOR operation outputs to truly only if one input is true and the other input is false
- advantage of XOR compared to an AND or an OR operation is that XOR has a 50% chance of outputting one or zero, whereas AND is more likely to output zero and OR is more likely to output one
- makes the ciphertext harder to analyze
nonce
principal characteristic of a nonce that it is never reused (“number used once”)
initialization vector (IV)
random (or pseudo-random)
salt
random (or pseudo-random) number or string
weak cipher suites and implementations
- critical vulnerability for an organization
- data that is being stored and processed is not secured
available inputs for cryptanalysis are as follows
- known ciphertext - analyst has obtained the ciphertext but has no additional information about it
- known plaintext - attacker knows or can guess some of plaintext present in ciphertext, but not its exact location or context
- chosen plaintext - attacker can submit plaintexts to the same cryptographic process to derive corresponding ciphertexts, facilitating analysis
- chosen ciphertext -
attacker can submit ciphertexts to the same cryptographic processes to derive corresponding plaintexts
weak key
- one that produces ciphertext that is easy to cryptanalyze
- examples of weak keys:
- DES
- RC4
- IDEA
- Blowfish
Random Number Generator (RNG)
- module in cryptographic implementation is critical to its strength
- two principal ways for an RNG to work:
- true random number generator (TRNG) - sample some sort of physical phenomena, such as atmospheric noise, with a high rate of entropy (lack of order)
- pseudorandom number generator (PRNG) - uses software routines to simulate randomness
side channel attacks
- represents a completely different approach to cryptanalysis
- monitors timing, power consumption, and electromagnetic emanation
resource versus security constraints
comparative strength of one cipher over another largely depends on the bit-strength of the key and the quality of the algorithm
low power devices
- require more processing cycles and memory space
- slower and means they consume more power
low latency uses
if cryptography is deployed with a real time-sensitive channel, such as voice or video, the processing overhead on both the transmitter and receiver must be low enough not to impact the quality of the signal
data at rest
this means that the data is in some sort of persistent storage media
- examples:
- financial information stored in databases
- archived audiovisual media
- operational policies and other management documents
- system configuration data
data in transit (or data in motion)
- this is the state when data is transmitted over a network
- examples:
- website traffic
- remote access traffic
- data being synchronized between cloud repositories
data in use
state when data is present in volatile memory, such as system RAM or CPU registers and cache
cryptographic algorithms
- computer security systems:
- hash functions
- symmetric encryption
- asymmetric encryption
cryptographic primitive
- single hash function, symmetric cipher, asymmetric cipher
crypto module or API (application programming interface)
- algorithms underpinning cryptography must be interpreted and packaged as a computer program (or programming library)
cryptographic service provider (CSP)
- makes use of Windows crypto module to perform encryption and/or authentication services
hashing algorithms
widely used in computer programming to short representation of data
checksums
ensure validity of data
message digest
produces fixed length string
secure hash algorithm (SHA)
- one of the Federal Information Processing Standards (FIPS)
- SHA-1
- this was quickly released to address a flaw in the original SHA algorithm
- 160-bit digest
- SHA-2
- variants using longer digests (notably 256 bits and 512 bits)
Message Digest Algorithm (MDA/MD5)
- uses a 128-but hash value
- no longer considered secure for password hashing or signing digital certificates
Research and Development in Advanced Communications Technologies in Europe (RACE)
- program set up by European Union
message authentication
- prove the integrity and authenticity of a message
- one-way
hash-based message authentication code
key and message are combined in a way designed to be resistant to “extension” attacks against other means of generating MACs
symmetric encryption
- two-way encryption algorithm in which encryption and decryption are both performed by a single secret key
symmetric encryption
two-way encryption algorithm in which encryption and decryption are both performed by a single secret key
stream cipher
each byte or bit of data in plaintext is encrypted one at a time
rivest ciphers (Ron’s Code)
- family of different encryption technologies designed by Ron Rivest
block cipher
plaintext is divided into equal-size blocks (usually 64- or 128-bit)
data encryption standard cipher
- using 64-bit blocks and 56-bit key
advanced encryption standard (AES)
- faster and more secure than 3DES
blowfish
- uses 64-bit blocks and variable key sizes
- related cipher Twofish was developed by an extended team to enter AES competition
modes of operation
refers to way a cryptographic product processes multiple blocks
Electronic Code Book (ECB)
applies same key to each plaintext block
Cipher Block Chaining (CBC)
improves ciphertext integrity by applying an Initialization Vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext
public and private keys in a key pair
- each key is capable of reversing the operation of its pair
- example:
if public key is used to encrypt a message, only the paired private key can decrypt the ciphertext produced. the publich key cannot be used to decrypt the ciphertext, even though it was used to encrypt it
digital signature
prove identity of sender of message and show that message has not been tampered with since sender posted it
digital envelop
secret key (symmetric) encryption is generally faster than public key cryptography, but public key cryptography can provide higher levels of convenience and security. therefore, often, both are used
digital certificates
certificate authority (CA) - validate use of public key by issuing subject with a certificate
transport encryption
refers to encrypting data as it is sent over a network
key exchange
process by which sender and receiver share key to use for encryption
ephemeral key
transport encryption often makes use of a different secret key for each session
elliptic curve cryptography (ECC)
another type of trapdoor function used to generate public/proving
Man-in-the-Middle (MitM) attack
typically focused on public key cryptography
downgrade attack
can be used to facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths
replay attack
consists of intercepting a key or password hash then reusing it to gain access to a resource, such as the pass-the-hash attack
birthday attack
type of brute force attack aimed at exploiting collisions in hash functions
