Cryptography

Dr Lyron Andrews Rules of Cryptography

1	When one half of a key pair is used for encryption the other must be used for decryption
2	Encryption with a private key provides proof of origin.  The private key provides “AIN (authentication, integrity, and non-repudiation), it cannot provide any confidentiality.
3	Encrypting with a public key gives confidentiality. The public key can only provide the “CA (confidentiality and access control)” in CAAIN.
4	A digital signature binds a document to a person or entity.  A digital signature is created by encrypting a hash with a private key.  So we have proof of origin plus integrity.
5	A certificate binds a public key to an entity and is signed with the private key of the certificate authority.
6	A message encrypted with a symmetric key must be decrypted with the same key.  Encrypting with a symmetric key is primarily for confidentiality, but symmetric key encryption can be used to create a keyed hash

Excellent review of Cryptography – https://www.tutorialspoint.com/cryptography/index.htm

 

HASH

• A given input should generate a unique output.  The output should always be the same size in bytes.

 

• 

Key Space

• 

• Work factor would be how long it would take to break through all 65,536 keys vs 72 quad keys.

• Key clustering is when different keys give the same ciphertext from the same plaintext

Digital Signature

• The digital signature takes a hash, generted from a document, and encrypts the hash with the participant’s private key.
• Hash + private key = Digital Signature

Digital Certificate

Digital certificate can be likened to a drivers license.  A Certificate Authoriity issues a digital certificate that identifies the certificate holder, or the subject, and the Certificate Authority also vouches for their identity.  The digital certificate contains the public key of the subject and uses a digital  signature from the certificate authority (CA).

Certificate Authority – An entity that issues, revokes, and manages digital certificates.

• Let’s Encrypt, GeoTrust, Comodo, Symantec are common public certificate authorities.  Most browsers are configured to ‘trust’ these CAs by default
• Corporations typically will have an internal certificate authority.  Browsers need to be configured to ‘trust’ an internal certificate authority.

Registration Authority – Performs registration services on behalf of the CA.  Performs user validation.  Offloads work from CA, but it requires a CA.

Cryptology Terminology

• Plaintext/Cleartext – Unencrypted text, Human readable
• Ciphertext/Cryptogram – Encrypted text
• Cryptosystem – Cryptographic operation including algorithm, key, key management
• Algorithm – A mathematical function used in encryption/decryption.  Utilizes XOR
• Non-Repudiation – Sender/receiver cannot deny being involved in the communication
• Initialization Vector – Used in some symmetric ciphers to ensure that the first encrypted block of data is random.
• Cipher – An algorithm for performing encryption or decryption

Encoding vs Encryption

• Encoding changes the message.  Encoding does not provide confidentiality.
• Morse code uses encoding.

Symmetric Ciphers

• Ceaser
• ROT13
• One Time Pad
• Data Encryption Standard (DES)
• Advanced Ecncryption Standard (AES)

One of the first cipher developed is Ceaser.  It simply shifts the alphabet three characters to the right.  ROT13 is similar in that it shifts the alphabet 13 letters.

ROT 13 uses a shift of thirteen, because thirteen is the value for which encoding and decoding are equivalent, thereby allowing the convenience of a single command for both.[5] ROT13 is typically supported as a built-in feature to newsreading software.[5] Email addresses are also sometimes encoded with ROT13 to hide them from less sophisticated spam bots.[6] It is also used to circumvent email screening and spam filtering. By obscuring an email’s content, the screening algorithm is unable to identify the email as, for instance, a security risk, and allows it into the recipient’s in-box.

In encrypted, normal, English-language text of any significant size, ROT13 is recognizable from some letter/word patterns. The words “n”, “V” (capitalized only), and “gur” (ROT13 for “a”, “I”, and “the”), and words ending in “yl” (“ly”) are examples.  This is an indirect example of Frequency Analysis.  Certain letters appear more frequently than others in written language.

ROT13 is not intended to be used where secrecy is of any concern—the use of a constant shift means that the encryption effectively has no key, and decryption requires no more knowledge than the fact that ROT13 is in use.

In December 1999, it was found that Netscape Communicator used ROT13 as part of an insecure scheme to store email passwords.[9] In 2001, Russian programmer Dimitry Sklyarov demonstrated that an eBook vendor, New Paradigm Research Group (NPRG), used ROT13 to encrypt their documents; it has been speculated that NPRG may have mistaken the ROT13 toy example—provided with the Adobe eBook software development kit—for a serious encryption scheme.[10] Windows XP uses ROT13 on some of its registry keys.[11] ROT13 is also used in the Unix fortune program.

Characteristics of Symmetric Ciphers

Symmetric encryption is much stronger for given ‘bit size”, symmetric is the first column below.  ECC is stonger than RSA/DSA.

Block/Stream Ciphers

 

Cyrptographics Functions