COSC019W: Applied Cryptography Quiz

Modern Cryptosystems Algorithms

• Data Encryption Standard (DES):
  • Developed by IBM and adopted by NIST in 1977
  • 64-bit blocks and 56-bit keys
  • Small key space makes exhaustive search attack feasible since late 90s
  • Symmetric encryption algorithm
• Triple DES (3DES):
  • Nested application of DES with three different keys (KA, KB, and KC)
  • Effective key length is 168 bits, making exhaustive search attacks unfeasible
  • C = EKC (DKB (EK A(P))); P = DKA (EK B(DK C(C)))
  • Equivalent to DES when KA=KB=KC (backward compatible)

Advanced Encryption Standard (AES)

• Selected by NIST in 2001 through open international competition and public discussion
• 128-bit blocks and several possible key lengths: 128, 192, and 256 bits
• Exhaustive search attack not currently possible
• AES-256 is the symmetric encryption algorithm of choice

Block Cipher Modes

• Electronic Code Book (ECB) Mode:
  • Simplest mode
  • Block P[i] encrypted into ciphertext block C[i] = EK(P[i])
  • Block C[i] decrypted into plaintext block M[i] = DK(C[i])
  • Weakness: patterns in the plaintext are repeated in the ciphertext
• Cipher Block Chaining (CBC) Mode:
  • C[i] = EK(C[i − 1] ⊕ P[i])
  • C[−1] = V, a random block separately transmitted (Initialization Vector)
  • Decryption: P[i] = C[i − 1] ⊕ DK(C[i])
  • Symmetric encryption algorithm

Rivest Cipher 4 (RC4)

• Designed in 1987 by Ron Rivest for RSA Security
• Trade secret until 1994
• Symmetric encryption algorithm with up to 2,048 bits keys
• Simple algorithm and remarkable speed

Asymmetric Crypters: RSA

• RSA (Rivest–Shamir–Adleman) is a public key cryptosystem that uses block cipher
• Example: RSA Visual

One-Time Pad (OTP)

• Extremely powerful type of substitution cipher
• For a one-time pad encryption scheme to be considered unbreakable, each pad must:
  • Be made up of truly random values
  • Be used only one time
  • Be securely distributed/generated for both sides
  • Be secured at sender’s and receiver’s sites
  • Be at least as long as the message
• One-time Pad is a form of Stream Cipher

Key Management and Distribution

• Keys: uses a message digest
• Keyspace: set of all possible keys
• Key management: one of the most difficult and critical parts of a cryptosystem

Key Distribution Techniques

• Paper distribution: requires no technology, but requires a person to install the key
• Digital distribution: can be in the form of CDs or email, but must be protected during transmission
• Hardware distribution: keys distributed via hardware, such as a smart card or a plug-in module

Purpose of Public Key Infrastructure (PKI)

• Provides a mechanism for establishing a trusted relationship between two parties
• PKI brings trust, integrity, and security to electronic transactions
• PKI framework used to manage, create, store, and distribute keys and digital certificates

Diffie-Hellman Key Exchange

• Enables two users to exchange a secret key securely
• Limited to the exchange of keys
• Algorithm itself is not used for encryption of messages

Hash and Digital Signature

• Digital signatures combine public key cryptography and hashing
• Digital signatures (certificates) are stored in a public key infrastructure domain
• Creating a digital signature involves:
  1. Passing the message through a hashing algorithm
  2. Encrypting the hash using the sender's private key

Cryptanalysis

• Cryptanalysis involves various methods used to decipher encrypted data
• Objective: break cryptographic security systems and gain access to encrypted messages
• Methods:
  • Brute Force Attack
  • Dictionary Attack
  • Frequency Analysis
  • Known Plaintext Attack
  • Differential Cryptanalysis
  • Rainbow Table Attack
  • Quantum Computing### Boolean Mathematics
• Boolean mathematics defines the rules used for the bits and bytes that form the nervous system of a computer.
• It is based on logical functions that manipulate data.

Logical Operations

• AND Operation (∧):
  • Checks if both input values are true.
  • Truth table: two true inputs yield true, otherwise false.
• OR Operation (∨):
  • Checks if at least one input value is true.
  • Truth table: two false inputs yield false, otherwise true.
• NOT Operation (∼ or !):
  • Reverses the value of an input variable.
  • Truth table: true becomes false, and false becomes true.
• XOR Operation (⊕):
  • Returns true only when one input value is true.
  • Truth table: two true inputs or two false inputs yield false, otherwise true.

Prime Numbers

• Prime numbers have only divisors of 1 and itself.
• They cannot be written as a product of other numbers.
• Examples: 2, 3, 5, 7, 11, 13, 17, 19, 23, and 29.

Modulus Function

• If a is an integer and n is a positive integer, amodn is the remainder when a is divided by n.
• The modulus function is extremely important in cryptography.
• It is represented by the abbreviation "mod" or the "%" operator.

Nonce and Initialization Vectors

• A nonce is a random number generator used to add randomness to the encryption process.
• It is a placeholder variable in mathematical functions.
• Initialization vectors (IVs) are random values used with algorithms to ensure patterns are not created during encryption.
• IVs are used with keys and do not need to be encrypted.

Cryptography Basics

• Cryptography is the area of study of schemes used for encryption.
• Cryptanalysis is the technique used to decipher a message without knowledge of the enciphering details.
• Unencrypted information is called plaintext or cleartext.
• Encrypted information is called ciphertext.

Cryptography Goals

• The primary goal of cryptography is to hide information from unauthorized individuals.
• A more realistic goal is to make obtaining the information too work-intensive or time-consuming to be worthwhile to the attacker.

Cryptosystems

• A cryptosystem is a system that includes all the necessary components for encryption and decryption.
• It includes software, algorithms, protocols, and keys.
• Cryptosystems can be used to achieve confidentiality, integrity, authentication, and non-repudiation.

Cryptography Capabilities

• Cryptography can provide various capabilities, including:
  • Privacy or confidentiality
  • Certification
  • Timestamping
  • Witnessing
  • Ownership
  • Anonymity
  • Non-repudiation

Cryptographic Functions and Ciphers

• Each cipher has specific characteristics that make it desirable or undesirable.
• When evaluating a cipher, consider its intended use, key size, and operational mode.

Confusion and Diffusion

• Cryptographic algorithms rely on two basic operations: confusion and diffusion.
• Confusion occurs when the relationship between the plaintext and key is complicated.
• Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Steganography

• Steganography is a method of hiding data in another media type.
• The message is not encrypted, just hidden.
• Steganography is a type of security through obscurity.

The Strength of the Cryptosystem

• The strength of a cryptosystem comes from the algorithm, secrecy of the key, key length, initialization vectors, and how they all work together.
• The strength of a cryptosystem correlates to the amount of necessary processing power, resources, and time required to break the cryptosystem.### Cryptography Overview
• Cryptography is the practice of protecting the confidentiality, integrity, and authenticity of information by using algorithms to transform messages into unreadable formats.

Symmetric Encryption

• In symmetric encryption, the same key is used for both encryption and decryption.
• The sender and receiver use two instances of the same key for encryption and decryption.
• Symmetric keys are also called secret keys.
• Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key.
• The security of symmetric encryption is completely dependent on how well users protect the key.
• Symmetric cryptosystems can provide confidentiality but not authentication or non-repudiation.
• The equation used to calculate the number of symmetric keys needed is N ∗ (N − 1)/2 = number of keys.

Strengths and Weaknesses of Symmetric Encryption

• Strengths:
  • Great speed at which it can operate.
  • Symmetric keying is very fast, often 1,000 to 10,000 times faster than asymmetric.
  • Symmetric encryption algorithms are also hard to break if a large key size is used.
• Weaknesses:
  • Requires a secure mechanism to deliver keys properly.
  • Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, possibly making key management overwhelming.
  • Provides confidentiality but not authenticity or non-repudiation.

Asymmetric Encryption

• In asymmetric encryption, sometimes called public key systems, each user has two keys:
  • The public key can be known to everyone, and the private key must be known and used only by the owner.
  • The two different asymmetric keys are mathematically related.
  • If a message is encrypted by one key, the other key is required in order to decrypt the message.
• Each user using an asymmetric encryption algorithm needs two keys, one public key and one private key.
• The equation used to calculate the number of asymmetric keys needed is N ∗ 2 = number of keys.

Asymmetric Encryption Functions

• Asymmetric algorithms can provide authentication and non-repudiation, depending on the type of algorithm being used.
• Asymmetric systems also provide for easier and more manageable key distribution than symmetric systems and do not have the scalability issues of symmetric systems.
• How is authentication provided:
  • A message can be decrypted with a public key only if the message was encrypted with the corresponding private key.
  • This provides authentication.
• How is confidentiality provided:
  • If confidentiality is needed, Alice would encrypt the file with the receiver's public key.
  • This is called a secure message format because it can only be decrypted by the person who has the corresponding private key.
• How is non-repudiation provided:
  • If Alice encrypts the message with her private key.
  • Only her public key can decrypt it.
  • Alice cannot deny sending this message if her public key can decrypt it. This is non-repudiation.

Strengths and Weaknesses of Asymmetric Encryption

• Strengths:
  • Better key distribution than symmetric systems.
  • Better scalability than symmetric systems.
  • Can provide authentication and non-repudiation.
• Weaknesses:
  • Works much more slowly than symmetric systems.
  • Mathematically intensive tasks.

Ciphers

• Cipher systems have long been used by individuals and governments interested in preserving the confidentiality of their communications.
• The scytale was used by the Spartans to decipher encrypted messages.

Block Cipher

• Encrypts a block of input to a block of output.
• Typically, the two blocks are of the same length.
• Most symmetric key systems block size is 64.
• In AES block size is 128.
• Different modes for encrypting plaintext longer than a block.

Stream Cipher

• A stream cipher does not divide a message into blocks.
• A stream cipher treats the message as a stream of bits and performs mathematical functions on each bit individually.
• Stream ciphers use keystream generators, which produce a stream of bits that is XORed with the plaintext bits to produce ciphertext.
• Stream cipher is very similar to the one-time pad substitution cipher.

Hashing Algorithms

• The most common hashing functions create the message digest for digitally signed messages.
• Hashing is also used to protect user passwords.
• Hashing-type functions can also be used with symmetric key cryptography, and the result of the operation is called a message authentication code (MAC).

Hash Function and Integrity

• Hash functions:
  • Help detect forgeries.
  • Compute a checksum of a message.
  • Combine the checksum with a cryptographic function so that the result is tamperproof.
• A hash is:
  • A checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message.
  • Usually a fixed size, resulting in a hash value, which is larger than checksum values.

Common Hashing Algorithms

• MD5 message digest algorithm—Takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by finding another input.
• Secure Hashing Algorithm (SHA) variants are the most common variants of hashing functions found in commercial software.
  • Secure Hash Algorithm (SHA-1)—Produces a 160-bit hash from a message of any arbitrary length.
  • SHA256 with a digest size of 256 bits is one the most widely used hash algorithms.
  • Hash message authentication code (HMAC)—A hash function that uses a key to create the hash, or message digest.