Cryptography Basics You Should Know for a Job in Information Security - dummies

Cryptography Basics You Should Know for a Job in Information Security

By Peter H. Gregory

You will need to know some cryptography basics if you want to work in information security. Encryption is the process of transforming plaintext into ciphertext, via an encryption algorithm and an encryption key. Decryption is the process of transforming ciphertext back into plaintext, again with an encryption algorithm and the encryption key. In part, the strength of encryption is based on the key length and the complexity of the encryption key.

Types of encryption

The two basic ways to encrypt data are by block cipher and by stream cipher. Details follow:

  • Block cipher: A block cipher encrypts and decrypts data in batches, or blocks. Block ciphers are prevalent on computers and on the Internet, where they encrypt hard drives and thumb drives, and protect data in transit with SSL and TLS. Notable block ciphers are

    • Advanced Encryption Standard (AES): Selected in 2001 by NIST (National Institute of Standards and Technology) to replace DES, AES is based on the Rijndael cipher and is in wide use today.

    • Data Encryption Standard (DES): The leading official encryption standard in use from 1977 through the early 2000s. DES was considered obsolete mostly because of its short key lengths.

    • Triple DES (3DES): Derived from DES, 3DES was essentially DES with a longer key length and, hence, more resistant to compromise than DES.

    • Blowfish: Developed in 1993, Blowfish was developed as an alternative to DES, which was nearly twenty years old. Blowfish is unpatented and in the public domain.

    • Serpent: Another public domain algorithm, Serpent was a finalist in the AES selection process.

  • Stream cipher: A stream cipher encrypts a continuous stream of information such as a video feed or an audio conversation. The most common stream cipher is RC4.

Hashing, digital signatures, and digital certificates

Hashing is used to create a short, fixed-length message digest from a file or block of data. Hashing is often used to verify the integrity and/or originator of a file. Common hashing algorithms include:

  • MD-5 is a formerly popular hashing algorithm developed in 1992. It is now considered too weak for reliable use and obsolete.

  • SHA-1 is another popular hashing algorithm that was determined in 2005 to be too weak for continued use. By 2010, U.S. government agencies were required to replace SHA-1 with SHA-2.

  • SHA-2 is a family of hashing algorithms including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. These are all considered reliable for ongoing use.

A digital signature is a hashing operation carried out on a file. Depending on the implementation, the digital signature may be embedded in the file or separate from it. A digital signature is used to verify the originator of a file.

A digital certificate is an electronic document that consists of a personal or corporate identifier, a public encryption key, and is signed by a certificate authority (CA). The most common format for a digital certificate is known as X.509. The use of digital certificates and other tools such as strong authentication can lead to the failure for an individual to be able to plausibly deny involvement with a specific transaction or event. This is known as non-repudiation.

Encryption keys

The two main types of encryption keys in use today are

  • Symmetric key: Both the sender and the receiver have the same encryption key.

  • Asymmetric key: Also known as public key cryptography, utilizes a pair of encryption keys — a public key and a private key. A user who creates a keypair would make the public key available widely and protect the private key as vigorously as one would protect a symmetric key.

Private keys and symmetric keys must be jealously guarded from adversaries. Anyone who obtains a private or symmetric encryption key can decrypt any incoming encrypted message. The management and protection of encryption keys is known as key management.

Attacks on cryptosystems

There are several types of attacks of a cryptosystem. They are

  • Frequency analysis: An attacker analyzes ciphertext to see what patterns regarding the frequency of occurrence of each character may lead to the discovery of the plaintext or the encryption key.

  • Birthday attacks: An attack on a hashing algorithm, this is an attempt to develop messages that have the same hash value. The name “birthday attack” comes from the birthday paradox that states that out of a group of 23 or more randomly chosen people, a 50 percent chance exists that two of them share the same birthday.

  • Known plaintext attack: The attacker possesses both plaintext and ciphertext and uses them in an attempt to discover the encryption key.

  • Chosen ciphertext attack: The attacker can choose ciphertext, have it decrypted by the cryptosystem, and obtain the resulting plaintext.

  • Ciphertext only attack: The attacker has only ciphertext and uses frequency analysis and possibly other techniques in an attempt to discover the plaintext or the encryption key.

  • Man-in-the-middle attack: An attacker is able to observe and potentially interfere with a session.

  • Replay attack: An attacker intercepts communications for playback later.

  • Rubber hose attack: An attacker has access to someone in possession of encryption keys or other vital secrets about a targeted cryptosystem, and may use means of coercing those secrets.

  • Social engineering: Face it: every system is vulnerable to attack if its owners or administrators can be tricked into providing vital information such as a password.

Encryption alternatives

Two techniques are available that provide some of the same features as a cryptosystem:

  • Steganography (stego): A message is hidden in a larger file, such as an image file, a video, or sound file. Done properly, this technique can be as effective as encryption.

  • Watermarking: A visible imprint is added to a document, an image, a sound recording, or a video recording. Watermarking is a potentially powerful deterrent control because someone may not want to utilize an object with watermarking, which indicates that some other party owns the object.