A “substitution cipher” is where one character is replaced with another. “Monoalphabetic” substitution uses only one alphabet.
Enigma Machine: The crucial and secret part of the process (the key) was how the operators advanced the rotors when encrypting and decrypting a message.
Cryptosytem: A system that provides encryption and decryption
Key: The secret piece of a well-known encryption algorithm
Keyspace: Range of values that can be used to construct a key.
Cryptography: The science of encrypting written communication.
Cryptanalaysis: The process of trying to decrypt encrypted data without the key.
Work Factor: Estimate of the effort it would take an attacker to penetrate an encryption method.
Cryptology: Study of both cryptography and cryptanalysis.
Key Clustering: When two (or more) different keys generate the same ciphertext from the same plain text, this is known as “key clustering”.
Goals of CryptoSystems:
Confidentiality – Unauthorized parties cannot access the information.
Authenticity – Validating the source of a message.
Integrity – Assurance that a message was not modified during transmission.
Non-Repudiation – Sender cannot layer deny sending the message and the receiver cannot deny receiving it.
Types of Ciphers:
Substitution: Uses a key to know how substitution should be carried out.
Transposition: Permutation is used. Does not replace original text with different text – text is moved around.
Simple substitution and transposition methods are vulnerable to “frequency analysis”
Running and Concealment Ciphers:
Running Key Cipher: Does not require a key or algorithms, but steps in the physical world. For example, references to a book. The “key” in this situation is “which book?”
Concealment Cipher: A cipher that hides the message among garbage. For example, have each word appear every 5th word in a sentence. “Buy gold” might become “Product is a good buy, it has ten percent gold content”.
Government Involvement with Cryptography:
v Harry Truman created the NSA in 1952.
v In 1993, government introduced the Clipper chip, based on the Skipjack algorithms. Each chip unit has a key, which encrypts a copy of each user’s session key. Each chip also has a unique serial number and a copy of the unit key is stored in a database under this serial number. The transmitted message contains a Law Enforcement Access Field (LEAF), which contains the serial number of the chip that encrypted the message. The unit key can be retrieved from the database, used to decrypt the session key, which in turn can be used to decrypt the message.
Weaknesses in the Clipper Chip include:
- SkipJack algorithm was never publicly scrutinized and tested
- 80 bit key is weak by current standards.
- 16 bit checksum can be defeated
- The clipper chip ID tagged and identified every communication session.
Unit key split in two and given to two different agencies to maintain. Officer needs a court order to request the unit key.
Methods of Encryption
Cryptographic algorithms can use either symmetric keys (secret keys) or asymmetric keys (public keys).
- Both parties use the same key for encryption and decryption
- Each pair of users exchanging messages needs their own set of keys – key management becomes a pain.
- Initial key exchange needs to be out of band
- Because the same keys are used for encryption and decryption, it does not provide authentication and non-repudiation.
- Fast and hard to break when a large key size is used.
The following algorithms all use Symmetric (Secret) Key Cryptography:
- Data Encryption Standard (DES)
- Triple DES (3DES)
- RC4, RC5 and RC6
Each entity has different keys, a private key and a public key. The two keys are mathematically related, but cannot be derived from one another.
A message can only be decrypted with the public key if it was encrypted with the private key – provides authentication.
If confidentiality is most important, the sender encrypts with the receiver’s public key and the message can now only be read with the receiver’s private key. This is called a secure message format.
If authentication is most important, the sender encrypts with his own private key. The receiver knows it came from the sender because it can be decrypted with the sender’s public key. This is known as open message format because anyone with the sender’s public key can read it.
For a message to be A secure and signed format, the sender should encrypt with his own private key and then again with the receiver’s public key.
Strengths of Asymmetric cryptography:
- Better key distribution than with symmetric systems.
- Better scalability than symmetric systems
- Can provide confidentiality, authentication and non-repudiation.
- Works much slower than symmetric systems.
The following are asymmetric key algorithms:
- Elliptical Curve Cryptosystem (EC)
- Digital Signature Standard (DSS)
Stream and Block Ciphers:
There are two main types of symmetric algorithms: stream and block ciphers:
Block Cipher: The message is divided into blocks and bits and the blocks are then put through transposition, substitution and other functions. Block ciphers use confusion and diffusion in their methods. The key dictates what S-boxes are used and in what order.
Stream Cipher: Entire message is treated as a stream of bits or bytes. Some stream ciphers use a “keystream generator”. The key provides randomness to the keystream that is applied to the plaintext.
A strong stream cipher algorithm has the following characteristics:
- Long periods of non-repeating patterns within keystreams.
- Statistically unpredictable
- Keystreams are not linearly related to the key.
- Statistically unbiased – as many 0s as 1s.
Stream ciphers are more suited to hardware encryption because they operate a bit at a time. Block ciphers are better suited to software-based encryption.
Types of Symmetric Encryption Systems
Data Encryption Standard:
DES is a block encryption algorithm using 64-bit blocks. It uses a 64-bit key: 56 bits of true key and 8 for parity. Characters are put through 16 rounds of transposition and substitution.
- Devised in 1972 as a derivation of the “Lucifer” system
- DES Describes the DEA (Data Encryption Algorithm)
- FIPS PUB 46-1 (1977) and ANSI X3.92 (1981)
- 64bit blocks, 56 bit key and 16 rounds of transformation
- Uses confusion and diffusion for encrypting plain text.
Confusion: Conceals statistical connection between ciphertext and plain text. Uses non-linear substitution boxes (S-Boxes)
Diffusion: Spreads the influence of a plain text character over many ciphertext characters.
DES has 4 distinct modes of operation:
Electronic Code Book (ECB): Native encryption method for DES. Electronic codebook literally operates like a codebook. For a given block of plaintext and a given key, the same set of ciphertext is always produced. ECB uses padding to round up to a 64-bit block boundary. ECB is used for small amounts of data such as challenge-response or key management. Not good for large amounts of data as patterns would eventually show.
Cipher Block Chaining (CBC): In Cipher Block Chaining, the value of the previous block processed is a part of the algorithm and key for the next block, so, patterns are not revealed. This chaining effect means that a particular ciphertext block is dependant on all the blocks that came before it, not just the current block.
Cipher Feedback Mode (CFB): Previously generated ciphertext from the last block is input to the algorithm to generate random values. Another way of chaining blocks together, but instead of using a value from the previous block, CFB uses the previous block in the ciphertext and combines it with the next block. This mode is used when encrypting individual characters is required.
Output Feedback Mode (OFB): Similar to CFB but functions like a stream cipher by generating a random stream of bits to be combined with the plaintext to create ciphertext.
Simulates a one-time pad. Ciphertext is fed back to the algorithm to form a portion of the next input to encrypt the stream of bits.
Triple DES (3DES):
Encrypting plaintext with one DES key and then encrypting it with a second DES key is no more secure than using a single DES key, therefore, Triple DES is used to obtain stronger encryption:
DES-EDE2: 2 keys are used. Encrypt with 1, decrypt with 2 and then encrypt with 1 again.
DES-EEE2: 2 keys used. Encrypt with 1, encrypt with 2, encrypt with 1.
DES-EEE3: 3 keys used. Encrypt with 1, encrypt with 2, encrypt with 3. Most secure, but requires 3 keys.
Advanced Encryption Standard (AES):
Uses Rjindael block cipher, which can use 128, 192 or 256 bit keys. AES itself specifies fixed block size of 128 bits. AES is the government standard for encrypting SBU information.
The number of rounds of transformation is a function of the key size used:
256 bit – 14 rounds.
192 bit – 12 rounds.
128 bit – 10 rounds.
128 bit blocks in 16 rounds. Key lengths can be up to 256 bits.
A block cipher operating on 64 bit blocks with a key length of up to 448 bits. The blocks go through 16 rounds of crypto functions.
Ideas stands for International Data Encryption Algorithm. It operates on 64 bit blocks and uses a 128 bit key. Performs 8 rounds on 16 bit sub-blocks. Each 64 bit block is divided into 16 smaller blocks and each block has 8 rounds of mathematical functions performed on it. IDEA is harder to crack than DES for the same keysize and is used in PGP.
Block cipher of variable block length. Key can be 0-2048 bits, blocks can be 32, 64 or 128 bits and the number of rounds can be 0 – 255. Created by Ron Rivest and patented by RSA data.
Asymmetric Encryption Algorithms
Defactor standard for public encryption. Invented by Ron Rivest, Adi Shamir and Leonard Adleman. Developed at MIT. Security comes from the difficulty of factoring large numbers. Public and private key are functions of a pair of large prime numbers. RSA is used in many web browsers with SSL.
Based on calculating discrete logarithms in a finite field. El-gamal extended Diffie-Hellman to apply to encryption and digital signatures.
Elliptical Curve Cryptosystem (ECC):
Provides much of the same functionality as RSA: Digital signatures, secure key distribution and encryption. ECC is very resource efficient – ideal for smaller devices. ECC providers higher protection with smaller keys than RSA. An ECC key of 160 bits is equivalent to a 1024-bit RSA key.
Public Key Cryptography:
Public key cryptography uses an asymmetric encryption for key encryption and secret key encryption for data. We use an asymmetric algorithm to encrypt the secret key.
Diffie-Hellman: Used for key distribution, NOT encryption and decryption. Subjects can exchange session keys over a non-secure medium without exposing the keys.
Session-Key: “Secret” key used for one data exchange only. Usually randomly generated then encrypted using public cryptography.
Public Key Infrastructure (PKI):
PKI is an ISO authentication framework that uses public key cryptography and X.509 standard protocols.
PKI provides authentication, confidentiality, non-repudiation and message integrity.
The PKI infrastructure contains the pieces that will identify the user, distribute and maintain keys, distribute and maintain certificates and allow certificate revocation.
Each individual taking part in PKI needs a digital signature signed by a CA. Some well-known Certification Authorities are Entrust and VeriSign. Revocation is handled by the certification revocation list (CRL).
PKI is made up of the following entities and functions:
- Certification Authorities
- Registration Authorities
- Certificate Repository
- Certificate Revocation System
- Key backup and recovery system
- Automatic key update
- Management of key histories
- Cross-certification with other Cas
- Time stamping
- Client side software
LDAP is the standard format for accessing certification repositories. Availability and Integrity of LDAP servers is a concern.
ISAKMP: Internet Security Association and Key Management Protocol.
IKE: ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley, combined.
- ISAKMP defined the phases for establishing a secure relationship
- SKEME describes a secure exchange mechanism
- Oakley defined the modes of operation needed to establish a secure connection.
A one-way hash takes a variable length input and produces a fixed-length output, or hash value. A hash value is also known as a message digest. If a sender only wants a specific person to view the hash value sent with the message, the value would be encrypted with a key. This is referred to as the message authentication code. Basically, the MAC is a one-way hash value that is encrypted with a symmetric key.
A digital signature is an encrypted hash value. A digital signature provides authentication because the message digest is encrypted with the sender’s private key.
- A message can be encrypted, providing confidentiality.
- A message can be hashed, providing integrity.
- A message can be digitally signed, providing authentication and integrity.
- A message can be encrypted and signed, providing confidentiality, authentication and integrity.
Digital Signature Standard – DSS:
The Federal Government requires its departments to use the DSA & SHA. SHA creates a
60-bit output which is then input to DSA which signs the message.
The DSA (Digital Signature Algorithm) can only be used for signatures, not encryption.
Different Hashing Algorithms
Good hash functions should have the following characteristics:
- Computed on the entire message, not a part of it.
- One-way function so that messages are not disclosed by their signatures.
- Should be impossible, given a message and its hash value, to compute another message with the same hash value.
- Should be resistant to birthday attacks – should not be able to find two messages with the same hash value (collision free).
Some common hashing algorithms include:
MD2: 128 bit hash, slower than MD4 and MD5
MD4: 128 bit hash.
MD5: 128 bit hash. More complex than MD4. Processes text in 512 bit blocks.
HAVAL: Variable length hash. Haval is a modification of the MD5 algorithm with more protection from common attacks against MD5. Processes text in 1024 bit blocks.
SHA: 160-bit hash value. Used with DSA.
SHA-1: Updated version of SHA.
Attacks against one-way hash functions:
Birthday Attack: Using collusions to reverse engineer hash values. Finding two messages that produce the same hash value.
A one time pad, implemented correctly, is unbreakable as each pad is used only once. A non-repeating set of bits are XORed with the message to produce ciphertext. The key is the same size at the message and the sender and receiver must be perfectly in synch. This encryption method is not practically used much.
Key management causes one of the biggest headaches in encryption implementation. RSA and Diffie-Hellman are key exchange protocols.
General rules for keys and key management include:
- Key length should be enough to provide the necessary level of protection.
- Keys should be stored and transmitted by secure means.
- Keys should be extremely random and use full spectrum of the keyspace
- Key lifetime should correspond with the sensitivity of the data it is protecting.
- The more the key is used, the shorter its lifetime should be.
- The key should be backed up or escrowed in case of emergencies.
- The key should be properly destroyed once its lifetime comes to an end.
Link Vs End to End Encryption
Advantages of end-to-end encryption:
- Protects information from start to finish
- More flexibility for the user in choosing what gets encrypted and how
- Higher granularity of encryption is available because each application or user can choose a different key.
- Each hop on the network does not need to have a key to decrypt each packet.
Disadvantages of end-to-end encryption:
- Headers, addresses and router information is not encrypted and therefore not protected.
- Destination needs to have same encryption mechanisms to properly decrypt the message.
Advantages of link (lower layer) encryption:
- All data is encrypted, including headers, addresses and routing information.
- Users do not need to do anything to initiate it.
Disadvantages of link encryption:
- Each hop must have a key, making key distribution and management more complex.
- Messages are decrypted at each hop, thus more points of vulnerability.
Privacy Enhanced Email (PEM):
PEM is a series of message authentication and encryption procedures developed by several governing groups. Primary features are:
- Messages are encrypted with DES in CBC mode.
- Authentication is provided by MD2 or MD5
- Public key management using RSA
- X.509 standard for certification structure and format.
Message Security Protocol (MSP):
MSP is the military’s PEM. It was developed by the NSA and is an X.400 compatible application layer protocol.
Pretty Good Privacy (PGP):
PGP uses RSA public key encryption for key management, IDEA for bulk encryption of data and MD5 for authenticity. PGP does not use Certification Authorities but relies instead on a “web of trust”.
“The web is not the internet. The web runs on top of the internet.”
Secure Hypertext Transport Protocol. In this protocol, the client and server agree on a protection method and then the client sends the server its public key. The server generates a session key, encrypts it with the client public key and sends it back. S-HTTP maintains an option connection for the duration of the session.
SSL is similar to S-HTTP but protect the communication channel itself instead of individual messages. The server sends a message to the client that a secure session is required and the client sends its public key and security requirements back to the server. The server compares the security parameters with its own to find a match and then sends the client a digital certificate. If the client trusts the certificate, the process continues. SSL keeps the communication path open.
MIME: Multipurpose Internet Mail Extension:
If a message or document contains a multimedia attachment, MIME dictates how that portion of the message should be handled.
S/MIME is a standard for encrypting and digitally signing mail that contains attachments.
SET – Secure Electronic Transaction:
Security technology proposed by Visa and Mastercard for more secure online credit card transactions. Suppliers never see the credit card information.
Sometimes cookies can contain login and password information that is either not encrypted or encrypted weakly. This is a vulnerability.
Secure Shell (SSH):
SSH functions as a type of tunneling mechanism that provides terminal like access to remote computers.
IPSEC (Internet Protocol Security):
The IPSEC protocol is a method of setting up a secure channel for protected data exchange between two devices. IPSEC is a widely accepted standard for secure network layer transport. It is usually used to establish VPNs.
IPSEC uses two basic protocols: Authentication Header (AH) and Encapsulating security Payload (ESP).
IPSEC works on one of two modes:
Tunnel Model: only the payload is encrypted.
Transport Mode: payload, routing and header information are all encrypted.
Each device has one security association (SA) for each session connection, one for inbound and one for outbound. The SA contains the configuration that the device needs to know about. Each device has a security parameter index that keeps track of each SA.
When a packet is received, the steps are:
- Identify appropriate SA, secret key and algorithm.
- Calculate hash value of the packet to authenticate source and verify data integrity.
- Authenticate the source.
- Identify correct cryptographic algorithm (DES or 3DES) and secret key.
- Decrypt the message.
ISAKMP: Internet Security Associated and Key Management Protocol.
The following sections go over active attacks that can relate to cryptography:
Ciphertext Only Attack: Attacker has the ciphertext of several messages encrypted using the same algorithm.
Known Plaintext Attack: Attacker has plaintext and ciphertext of one or more messages. The goal is to discover the key used to encrypt the messages.
Chosen Plaintext Attack: Attacker has plaintext and ciphertext and can choose the plaintext that gets encrypted.
Chosen Ciphertext Attack: Attacker can choose ciphertext to be decrypted and has access to the decrypted plaintext.
Intercepting public key and replacing it with your own, and then intercepting subsequent messages intended for someone else. Using digital signatures during session-key exchange can circumvent man in the middle attacks.
Running dictionaries of words through one-way HASH functions to see if the hash value matches what you have. Common method of cracking Unix passwords.
When an attacker copies a ticket, breaks the encryption and tries to impersonate the client by resubmitting the ticket at a later time. Kerberos is particularly vulnerable to this type of attack.
Timestamps and sequence numbers are two common counter-measures to replay vulnerabilities.
Wireless Application Security (WAP):
WAP is a set of protocols that cover layer 7 to layer 3 of the ISO model. The WAP protocol stack contains the following:
- Wireless Markup Language (WML)
- Wireless Application Environment (WAE)
- Wireless Session Protocol (WSP)
- Wireless Transport Protocol (WTP)
- Wireless Transport Layer Security Protocol (WTLS)
- Wireless Datagram Protocol (WDP)
WTLS provides 3 classes of security:
Class 1: Anonymous authentication. Neither client or server is certain of the identify of the other.
Class 2: Server authentication.
Class 3: Two-way client and server authentication.
HDML: Handheld device markup language is a simple alternative to WML.
C-HTML: Compact HTML, widely used in Japan.
Wired Equivalent Privacy:
Secret key shared between clients and access points. Must have the shared key to associate with the access point.
WEP uses the RC4 variable key-size stream cipher encryption algorithm. RC4 was developed in 1987 by Ronald Rivest and operates in output feedback mode.
Security of the WEB algorithm is weak, in the native 40-bit and even the 128 bit versions.