Cryptography- Part 1
This page we discuss cryptography, concepts, algorithms, attacks, and management.
The sensitivity of assets is determined by confidentiality and integrity requirements and the impact of compromise on the corporation.
Cryptography is the science of encrypting and decrypting communications to make them unintelligible for all but the intended recipient.
Cryptography used to implemented several goals of information security, including confidentiality, integrity, and authentication.
It is no exaggeration to say that encryption is the mainstay of information and data security today. Data that does not have encryption is never considered secure.
- Confidentiality: Cryptography protects the confidentiality of information. The encrypted information is practically useless to persons without the proper keys for decryption.
- Integrity: Cryptography can be used to ensure the integrity (or accuracy) of information through the use of hashing algorithms and message digests.
- Authentication: Cryptography can be used for authentication services through digital signatures, digital certificates, or a Public Key Infrastructure (PKI).
The cryptographic life cycle involves the following steps:
- Plain-Text: At this step, it means a text that has no encryption and is in its original state and can be easily read. (example: CISSP)
- Encryption: A process that uses cryptographic algorithms and techniques to converts a Plain-text into a ciphertext so that text cannot be understood by humans or machines.
- Cipher-text: information that is not in a human or machine-readable format. The ciphertext is the encrypted version of the plain text. (example SDE15E7Ja)
- Decryption: Converting process a ciphertext to a plain-text at the destination.
- Plain-Text: At this step, it is a text that has been decrypted and can be easily read again. (example: CISSP)
A cryptographic key is used on the operation for encryption and decryption of a text.
Each encryption algorithm has a keyspace that uses that space to generate the key. This space actually contains a large number of random values. Now, the larger the key space,algorithm can generates the more keys.For example, if an algorithm allows a key length of 2 bits, the key space for that algorithm would be 4, which indicates the total number of different keys that would be possible. The more random the keys are, the difficult it is for intruders to figure them out.
Today, using key sizes are 128, 256, 512, 1,024 bits and larger. So a key size of 512 bits would provide 2^512 possible combinations of the key space.
There are three primary types of modern encryption:
- Symmetric: It uses a single and same key to encrypt and decrypt. This type of encryption is also called Secret Key Cryptography (SKC).
- Asymmetric: This method uses two different keys, one to encrypt and the other to decrypt.
- Hashing: This method uses one-way cryptographic conversion using an algorithm, but no key.
Types of Symmetric Key Algorithm
First of all, you need to know a few concepts.
Block Cipher: Block ciphers operate on a single fixed block of plaintext to produce the corresponding ciphertext. Using a given key in a block cipher, the same plaintext block always produces the same ciphertext block.
Round: It is a transformation (permutations and substitutions) that an encryption algorithm performs on a block of plaintext to convert (encrypt) it into ciphertext.
Now it’s time to discuss different types of symmetric encryption algorithms:
- Data Encryption Standard (DES): It is operates on 64-bit blocks, and uses 56-bit Key size that is too small to protect data consisting. This algorithm is consisting of 16 rounds processing the data with the 16 intermediary round keys of 48-bit generated from 56-bit cipher key by a Round Key Generator.
- RC2: A block-mode cipher that encrypts 64-bit blocks of data by using a variable-length key.
- RC4: A stream cipher that uses a variable length key (often 128 bit).
- RC5: Similar to RC2, but includes a variable-length key (0 to 2,048 bits), variable block size (32, 64, or 128 bits), and a variable number of processing rounds (0 to 255).
- RC6: Derived from RC5 and a finalist in the AES selection process. It uses a 128-bit block size and variable-length keys of 128, 192, or 256 bits.
- Triple DES (3DES): This standard extended the life of the DES algorithm. In Triple DES implementations, a message is encrypted by using one key, encrypted by using the second key and then again encrypted by using either the first key or a third key.
- International Data Encryption Algorithm (IDEA): This algorithm is a block cipher that operates on 64- bit plaintext blocks by using a 128-bit key. IDEA performs eight rounds on 16-bit subblocks and can operate in four distinct modes similar to DES. Of course, the IDEA isn’t not widely used today.
- Rivest Cipher: The Rivest Ciphers are a series of symmetric algorithms that include RC2, RC4, RC5, and RC6.
- Advanced Encryption Standard (AES): Advanced Encryption Standard (AES) is a 128-bit block cipher that employs 128, 192, or 256-bit keys. AES is official successor to DES.
- BLOWFISH: This algorithm operates on 64-bit blocks, employs 16 rounds, and uses variable key lengths of up to 448 bits. To date, there are no known successful cryptanalytic attacks against this algorithm.
- TWOFISH: This algorithm is a symmetric block cipher that operates on 128-bit blocks employing 16 rounds with variable key lengths up to 256 bits. To date, there are no known successful cryptanalytic attacks against this algorithm.
All modes of the DES algorithm
- Electronic Code Book (ECB): This mode is the native mode for DES operation. ECB mode operates on 64-bit blocks of plaintext independently and produces 64-bit blocks of ciphertext. This mode isn’t very reliable, because, the same plaintext, encrypted with the same key, always produces the same ciphertext.
- Cipher Block Chaining (CBC): This mode is the most common mode of DES operation. CBC mode operates on 64-bit blocks of plaintext to produce 64-bit blocks of ciphertext. However, CBC mode, produce a more random ciphertext result. One disadvantage of CBC mode is that errors propagate. However, this problem is limited to the block in which the error occurs and the block that immediately follows, after which, the decryption resynchronizes.
- Cipher Feedback (CFB): In this mode, previously generated ciphertext is used as feedback for key generation in the next keystream. The resulting ciphertext is chained together, which causes errors to be multiplied throughout the encryption process.
- Output Feedback (OFB): It is often used to encrypt satellite communications. In this mode, previous plaintext is used as feedback for key generation in the next keystream. Because the resulting ciphertext is not chained together, errors don’t spread throughout the encryption process.