The last section of the book focuses on cryptography and public key infrastructure. The first chapter of this section is about broad cryptographic concepts.
This is a continuation of my blog post series on the CompTIA Security+ exam.
Cryptography is the science of encrypting (hiding) information. This has gone on for hundreds of years. For a great historical + technical introduction to cryptography, I suggest you read The Code Book. The word “cipher” originates from the Arabic word “sifr” which means empty/zero.
General Cryptographic Concepts
Throughout history, cryptography has been a cat-and-mouse game where one side improves encryption methods, and the other side learns how to break it. This has continued and now encryption (and decryption) use computing power to aid in their calculations.
Cryptography can offer protection of confidentiality, hashing for the protection of integrity, digital signatures for non-repudiation, and more.
The basic idea of cryptography is taking plaintext that needs to be protected, and modifying it into ciphertext, which keeps unauthorized people from intercepting or altering it. Cryptanalysis is the process of analyzing ciphertext and other information in an attempt to translate ciphertext back into plaintext. Cryptanalysis can be differential or linear. Both compare the plaintext and ciphertext copies to determine the key, but linear cryptanalysis puts the plaintext through a simplified cipher as part of the analysis.
When using cryptographic functions, it’s important to use proven, tested technologies. This means “don’t roll your own crypto.”
Symmetric vs Asymmetric Algorithms
Cryptographic operations require a message to be encrypted, an encryption algorithm, and a key.
Symmetric algorithms are the oldest form of encrypting data. It requires both the sender and receiver to have the same key. This results in faster computations, which makes them well-suited to bulk encryption. However, the shared key is also a downside. How do you get the key, securely, to all parties? This problem is known as key exchange. To have secure messages, you need to have a secure sharing of the symmetric key between parties.
Common symmetric algorithms include 3DES, AES, Blowfish, Twofish and RC4.
Asymmetric algorithms uses two keys instead of one. This was first developed by Diffie and Hellman in 1975. Other asymmetric algorithms include RSA, elliptic curve cryptography, and ElGamal. In asymmetric algorithms, the sender and receiver each have a private key, which they keep to themselves, and a public key, which they can share. Each person’s private and public keys are mathematically related, but in a way that outsiders can’t determine the private key, given the public one. This solves the problem of securely sharing keys. This means that the sender and receiver don’t have to meet first, or have a trusted intermediary. Asymmetric keys are often distributed using certificates.
Modes of Operation
Modes of operation are used to deal with multiple blocks of identical input data, so that the cipher text doesn’t have repeated blocks of encrypted data. Common methods include Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feedback Mode (CFB), Output Feedback Mode (OFB) and Counter Mode (CTR). This will get covered more in the next chapter.
Elliptic Curve
Elliptic-curve cryptography, or ECC uses (surprise!) elliptic curves. They have special mathematical properties that allow a sender and receiver to openly pick a spot on the curve, and then individually derive keys from that point.
ECC is newer, and not tested as much as other algorithms. The book seems optimistic about its chances, though. ECC is ideal for use in low-power mobile devices, since it is not as computationally expensive as other algorithms.
Deprecated Algorithms
As time goes by, computational power increases, which means that algorithms are not as secure. Additionally, flaws are found in different algorithms. You should keep up to date about which cryptographic methods should still be used.
Hashing
Hashing is a special mathematical function that performs one-way encryption. It’s easy to hash something, but it’s virtually impossible to determine the original content based on the hash. This is a good way of storing computer passwords, and also ensuring message integrity.
The book again mentions HMAC, or Hashed Message Authentication Code, which is a subset of hashing that hashes a message using a previously shared secret. This allows for integrity as well as authentication.
Some hashing algorithms are vulnerable to collision attacks, which means the attacker finds two different messages that hash to the same value. This means that integrity is lost–you can’t prove that they started with the correct/original message.
Common hashing algorithms include MD2, MD4, MD5, SHA-1, SHA-256, SHA-384 and SHA-512, some of which have been found to suffer from collisions.
Salt, IV and Nonces
Salting is the addition of a high-entropy piece of data (random characters) to an input to make it more difficult for the attacker to determine the original data.
Initialization vectors, or IV, are also used to help achieve randomness with deterministic inputs.
Lastly, a nonce is similar to salts and IVs, but is only used once. This is helpful in stream ciphers to break stateful properties.
Cryptographic Objectives
The point of using cryptography is to protect the integrity and confidentiality of data.
Digital Signatures
This is a cryptographic implementation meant to demonstrate authenticity and identity for a given a message. This uses public key cryptography. A person will hash a message, and then encrypt it with their private key. The receiver can then decrypt it with the sender’s public key. If they hash the original message, and it matches the decrypted message, they know that the message hasn’t been altered, and they also know that the sender sent it.
Diffusion
This is the principle that the statistical analysis of plaintext and ciphertext results in a form of dispersion rendering one structurally independent of the other. In layman’s terms, it means that one character change in the plaintext should correspond to multiple changes in the cipher text.
Confusion
The principle that affects randomness of an output. Each ciphertext character should depend on several parts of the key.
Collision
When two different inputs have the same output on a cryptographic function.
Steganography
The science of hiding data inside other data. This has the advantage of not attracting attention. One such method is hiding data in the Least Significant Bit (LSB) of an image, which alters the image as little as possible.
Obfuscation
This is masking an item so that it’s unreadable, yet still functions. One famous example is the obfuscated C challenge. Security through obscurity, which means hiding what is being secured, is not a solid security strategy. Still, it can be useful and slow an attacker down.
Stream vs. Block
Encryption can happen as block operations, which are performed on blocks of data. This means you can do both transposition and substitution operations. Alternatively, you can also do stream ciphers on stream data, which is common with streaming audio and video. This has to happen in smaller chunks, so it can do substitution only.
Key Strength
The strength of a cryptographic operation is dependent on the key strength. However, it isn’t an apples-to-apples comparison.
If a key is not strong enough, it can be “stretched” to improve security against brute force attacks.
Session and Ephemeral
A session key is a symmetric key for encrypting messages during a communication session. It’s generated from random seeds, and provides perfect forward secrecy.
Ephemeral keys are keys that are only used once after generation. These also have perfect forward secrecy.
Forward secrecy is the property of a public key system in which a key derived from another key is not compromised, even if the original key is compromised in the future.
Secret Algorithms
While most algorithms are known, leaving the key as the crucial part, you can also have secret algorithms. This means that the attacker must reverse engineer the algorithm in addition to finding they key. However, since you aren’t sharing your algorithm, it doesn’t get vetted, so there’s a chance that it has serious flaws in it.
If you use a known algorithm, you might use a cryptographic service provider (CSP), which is a software library that implements cryptographic functions.
Random Number Generation
Several of these operations rely on a random number input. It’s important that the number is truly random–something that computers have a hard time doing. There are specialized pseudo-random number generators that try to minimize the predictability of not-actually-random numbers that are generated by computers.
Data Protection
Data can be protected in transit, at rest and in use.
Transport encryption is used to protect data-in-transit. This includes things like Transport Layer Security on the transport level.
Protection of data-at-rest is also known as data encryption. This includes things like whole disk encryption.
Data-in-use means data that’s stored in a non-persistent state (RAM, CPU caches, CPU registers, etc.) New techniques like Intel’s Software Guard Extensions can encrypt this data.
Common Use Cases
Low power devices (like phones) need cryptographic functions. They typically use ECC and other functions that aren’t computation-heavy.
Low latency refers to situations that have extreme time constraints. This might require special cryptographic functions that can deliver results quickly. Stream ciphers are an example.
High resiliency is the capability of resuming normal operations after an external disruption.
Confidentiality is protecting data against unauthorized reading.
Integrity can demonstrate that data hasn’t been altered.
Obfuscation is protecting something from casual observation.
Authentication is a property of proving the identity of a party (user, hardware, etc.)
Non-repudiation is the ability to verify that a message has been sent or received such that the sender or receiver can’t refute sending or receiving it.
And, of course, there’s the usual trade-off between levels of security vs. the resources that they require.
