MODULE 10

Cryptography

Upon completion of this material, you should be able to: Yet it may roundly
1 Chronicle the most significant events and discoveries in the history of cryptology be asserted that
2 Explain the basic principles of cryptography human ingenuity
cannot concoct a
3 Describe the operating principles of the most popular cryptographic tools
cipher which human
4 List and explain the major protocols used for secure communications
ingenuity cannot
resolve.
—Edgar Allan Poe, The Gold Bug

Opening Scenario
Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an e-mail from the manager of the accounting
department. The e-mail had an attachment—probably a spreadsheet or a report of some kind—and from the file icon he could
tell it was encrypted. He saved the file to his computer’s hard drive and then double-clicked the icon to open it.
His computer operating system recognized that the file was encrypted and started the decryption program, which
prompted Peter for his passphrase. Peter’s mind went blank. He couldn’t remember the passphrase. “Oh, good grief!” he said
to himself, reaching for his phone. “Charlie, good, you’re still here. I’m having trouble with a file in my e-mail program. My
computer is prompting me for my passphrase, and I think I forgot it.”
“Uh-oh,” said Charlie.
“What do you mean ‘Uh-oh’?”
“I mean you’re S.O.L.” Charlie replied. “Simply outta luck.”
“Out of luck?” said Peter. “Why? Can’t you do something? I have quite a few files that are encrypted with this PGP program.
I need my files.”
Charlie let him finish, then said, “Peter, remember how I told you it was important to remember your passphrase?”
Charlie heard a sigh on the other end of the line but decided to ignore it. “And do you remember I said that PGP is only free
for individuals and that you weren’t to use it for company files since we didn’t buy a license for the company? I only set that
program up on your personal laptop for your home e-mail—for when your sister wanted to send you some financial records.
When did you start using it on SLS systems for company business?”
384 Principles of Information Security

“Well,” Peter answered, “the manager of my accounting department had some financials that were going to be ready a
few weeks ago while I was traveling. I sort of told him that you set me up on this PGP crypto thing and he googled it and set
up his own account. Then I swapped public keys with him before I left, and he sent the files to me securely by e-mail while I
was in Dubai. It worked out great. So the next week, I encrypted quite a few files. Now I can’t get to any of them because I can’t
seem to remember my passphrase.” There was a long pause, and then he asked, “Can you hack it for me?”
Charlie chuckled and then said, “Sure, Peter, no problem. Send me the files and I’ll put the biggest server we have to work
on it. Since we set you up in PGP with 256-bit AES, I should be able to apply a little brute force and crack the key to get the
plaintext in a hundred trillion years or so.”

Introduction To Cryptography
The science of cryptology is not as enigmatic as you might think. A variety of cryptographic techniques are used
regularly in everyday life. For example, open your newspaper to the entertainment section and you’ll find the daily
cryptogram, a word puzzle that involves unscrambling letters to find a hidden message. Also, although it is a dying art,
many secretaries still use shorthand, or stenography, an abbreviated, symbolic writing method, to take rapid dictation.
A form of cryptography is used even in knitting patterns, where directions are written in coded patterns such as K1P1
(knit 1, purl 1) that only an initiate can understand. While these techniques are not intended to prevent others from
understanding the message, it isn’t a huge leap from the use of codes for efficiency to their use in obfuscating the
underlying meaning of the message.
The science of encryption, known as cryptology, encompasses cryptography
cryptology and cryptanalysis. Cryptography comes from the Greek words kryptos, meaning
“hidden,” and graphein, meaning “to write,” and involves making and using codes
The field of science that encompasses
cryptography and cryptanalysis. to secure messages. Originally, cryptography was used to conceal military and
political secrets while the information was in transport. Cryptanalysis involves
cryptography cracking or breaking encrypted messages back into their unencrypted origins.
The process of making and using
Cryptography uses mathematical algorithms that are usually known to all. After all,
codes to secure information. it’s not the knowledge of the algorithm that protects the encrypted message; it’s
the knowledge of the key—a series of characters or bits injected into the algorithm
cryptanalysis along with the original message to create the encrypted message. An individual or
The process of obtaining the plain- system usually encrypts a plaintext message into ciphertext, making it unreadable
text message from a ciphertext to unauthorized people—those without the key needed to decrypt the message back
message without knowing the keys into plaintext, where it can be read and understood.
used to perform the encryption.
The field of cryptology is so vast that it can fill many volumes. This textbook
provides only a general overview of cryptology and some specific information about
a few cryptographic tools. In the early sections of this module, you will learn the
background of cryptology as well as key concepts in cryptography and common tools. In later sections, you will learn
about common cryptographic protocols and some of the attack methods used against cryptosystems.

The History of Cryptology

Cryptology has an extensive, multicultural history. People have been making, using, and breaking codes for thousands
of years, and they will not stop any time soon. Table 10-1 provides some highlights from the history of cryptology.
Today, many common IT tools use embedded encryption technologies to protect sensitive information within
applications. For example, all the popular Web browsers use built-in encryption features to enable secure online
banking, Web shopping, and other e-commerce.
Since World War II, there have been restrictions on the export of cryptosystems, and they continue today. In
1992, encryption tools were officially listed as Auxiliary Military Technology under the Code of Federal Regulations:
International Traffic in Arms Regulations.1 These restrictions are due in part to the role cryptography played in
 Module 10 Cryptography 385

Table 10-1 History of Cryptology

Date Event
1900 B.C. Egyptian scribes used nonstandard hieroglyphs while inscribing clay tablets; this is the first
documented use of written cryptography.
487 B.C. The Spartans of Greece developed the skytale, a system consisting of a strip of papyrus
wrapped around a wooden staff. Messages were written down the length of the staff, and
the papyrus was unwrapped. The decryption process involved wrapping the papyrus around
a shaft of similar diameter.
50 B.C. Julius Caesar used a simple substitution cipher to secure military and government
communications. To form an encrypted text, Caesar shifted the letters of the alphabet three
places. In addition to this monoalphabetic substitution cipher, Caesar strengthened his
encryption by substituting Greek letters for Latin letters.
1466 Leon Battista Alberti, the father of Western cryptography, worked with polyalphabetic
substitution and designed a cipher disk.
1914–17 Throughout World War I, the Germans, British, and French used a series of transposition and
substitution ciphers in radio communications. All sides expended considerable effort to try
to intercept and decode communications, and thereby created the science of cryptanalysis.
British cryptographers broke the Zimmerman Telegram, in which the Germans offered
Mexico U.S. territory in return for Mexico’s support. This decryption helped to bring the
United States into the war.
1917 Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a
nonrepeating random key.
1919 Hugo Alexander Koch filed a patent in the Netherlands for a rotor-based cipher machine;
in 1927, Koch assigned the patent rights to Arthur Scherbius, the inventor of the Enigma
machine.
1939–42 The Allies secretly broke the Enigma cipher, undoubtedly shortening World War II.
1976 Whitfield Diffie and Martin Hellman introduced the idea of public-key cryptography.
1977 Ronald Rivest, Adi Shamir, and Leonard Adleman developed a practical public-key cipher
both for confidentiality and digital signatures; the RSA family of computer encryption
algorithms was born.

For more information on the history of cryptology, visit the National Cryptologic Museum’s Web site at www.nsa
i .gov/about/cryptologic-heritage/museum/ or visit the online Crypto Museum at www.cryptomuseum.com.

World War II and the belief of the American and British governments that the cryptographic tools they developed
were far superior to those in less developed countries. As a result, both governments believe such countries
should be prevented from using cryptosystems to communicate potential terroristic activities or gain an economic
advantage.

Key Cryptology Terms

To understand the fundamentals of cryptography, you must know the meanings of the following terms:

• Algorithm—The mathematical formula or method used to convert an unencrypted message into an encrypted
message; sometimes refers to the programs that enable the cryptographic processes.
• Bit stream cipher—An encryption method that involves converting plaintext to ciphertext one bit at a time.
• Block cipher—An encryption method that involves dividing the plaintext into blocks or sets of bits and then
converting the plaintext to ciphertext one block at a time.
386 Principles of Information Security

• Cipher—When used as a verb, the transformation of the individual components (characters, bytes, or bits)
of an unencrypted message into encrypted components or vice versa (see Decryption and Encryption); when
used as a noun, the process of encryption or the algorithm used in encryption, and a term synonymous with
cryptosystem.
• Ciphertext or cryptogram—The unintelligible encrypted or encoded message resulting from an encryption.
• Code—The process of converting components (words or phrases) of an unencrypted message into encrypted
components.
• Decipher—See Decryption.
• Decryption—The process of converting an encoded or enciphered message (ciphertext) back to its original
readable form (plaintext); also referred to as deciphering.
• Encipher—See Encryption.
• Encryption—The process of converting an original message (plaintext) into a form that cannot be used by
unauthorized individuals (ciphertext); also referred to as enciphering.
• Key or cryptovariable—The information used in conjunction with the algorithm to create the ciphertext
from the plaintext; it can be a series of bits used in an algorithm or the knowledge of how to manipulate the
plaintext. Sometimes called a cryptovariable.
• Keyspace—The entire range of values that can be used to construct an individual key.
• Link encryption—A series of encryptions and decryptions between a number of systems, wherein each sys-
tem in a network decrypts the message sent to it, re-encrypts the message using different keys, and sends it
to the next neighbor. This process continues until the message reaches the final destination.
• Plaintext or cleartext—The original unencrypted message that is encrypted and the message that results
from successful decryption.
• Steganography—The process of hiding messages; for example, hiding a message within the digital encoding
of a picture or graphic so that it is almost impossible to detect that the hidden message even exists.
• Work factor—The amount of effort (usually expressed in units of time) required to perform cryptanalysis on
an encoded message.

Encryption Methods
There are two methods of encrypting plaintext: the bit stream method and the block cipher method, as defined in the
previous section. In the bit stream method, each bit in the plaintext is transformed into a cipher bit one bit at a time.
In the block cipher method, the message is divided into blocks—for example, sets of 8-, 16-, 32-, or 64-bit blocks—and
then each block of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and a key. Bit
stream methods commonly use algorithm functions like the exclusive OR operation (XOR), whereas block methods can
use substitution, transposition, XOR, or some combination of these operations, as described in the following sections.
Note that most computer-based encryption methods operate on data at the level of its binary digits (bits), while others
operate at the byte or character level.
You may wonder if you need to know all of the technical details about cipher methods that follow in this
section. Although most security professionals will not get involved in designing cryptographic algorithms (or
cipher methods) or even wind up using them directly, you probably use many of them indirectly when you browse
the Web, and it is certainly helpful to understand how the tools work. At some point, you may need to know these
fundamental building blocks of cryptography so you can understand your options when evaluating commercial
or open-source cipher methods. It is also useful to understand the cryptographic notation methods shown in the
nearby feature.
 Module 10 Cryptography 387

Cryptographic Notation
The notation used to represent the encryption process varies depending on its source. The notation in this text uses the
letter M to represent the original message, C to represent the ending ciphertext, E to represent the enciphering or encryption
process, D to represent the decryption or deciphering process, and K to represent the key. This notation can be used as follows:
• E(M) = C. Encryption (E) is applied to a message (M) to create ciphertext (C).
• D[C] = D[E(M)] = M. By decrypting (D) an encrypted message [E(M)], you get the original message (M).
• E(M,K) = C. Encrypting (E) the message (M) with the key (K) results in the ciphertext (C). If more than one key (K) is used
in a multiple-round encryption, the keys are numbered K1, K2, and so on.
• D(C,K) = D[E(M,K),K] = M. That is, decrypting the ciphertext with key K results in the original plaintext message.
To encrypt a plaintext set of data, you can use one of two methods: bit stream or block cipher, as described at the
beginning of this section.

Substitution Cipher substitution cipher

An encryption method in which one
A substitution cipher exchanges one value for another—for example, it might value is substituted for another.
exchange a letter in the alphabet with the letter three values to the right, or it might
substitute one bit for another bit four places to its left. A three-character substitution
to the right results in the following transformation of the standard English alphabet. monoalphabetic
substitution
A substitution cipher that incor-
Initial alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ yields porates a single alphabet in the
Encryption alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC encryption process.

Within this substitution scheme, the plaintext MOM would be encrypted into polyalphabetic
the ciphertext PRP. substitution
This is a simple enough method by itself, but it becomes very powerful if A substitution cipher that incorpo-
combined with other operations. The previous example of substitution is based rates two or more alphabets in the
on a single alphabet and thus is known as a monoalphabetic substitution. More encryption process.
advanced substitution ciphers use two or more alphabets, and are referred to as
polyalphabetic substitutions.
To extend the previous example, consider the following block of text:

Plaintext:
Substitution cipher 1
Substitution cipher 2
Substitution cipher 3
Substitution cipher 4
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
GHIJKLMNOPQRSTUVWXYZABCDEF
JKLMNOPQRSTUVWXYZABCDEFGHI
MNOPQRSTUVWXYZABCDEFGHIJKL

The first row here is the plaintext, and the next four rows are four sets of substitution ciphers, which when taken
together constitute a single polyalphabetic substitution cipher. To encode the word TEXT with this cipher, you sub-
stitute a letter from the second row for the first letter in TEXT, a letter from the third row for the second letter, and
so on—a process that yields the ciphertext WKGF. Note how the plaintext letter T is transformed into a W or an F,
depending on its order of appearance in the plaintext. Complexities like these make this type of encryption substan-
tially more difficult to decipher when one doesn’t have the algorithm (in this case, the rows of ciphers) and the key,
which is the substitution method. A logical extension to this process is to randomize the cipher rows completely in
order to create a more complex operation.
388 Principles of Information Security

One example of a monoalphabetic substitution cipher is the cryptogram in the daily newspaper (see Figure 10-1).
Another example is the once famous Radio Orphan Annie decoder pin (shown in Figure 10-2), which consisted of two
alphabetic rings that could be rotated to a predetermined pairing to form a simple substitution cipher. The device was
made to be worn as a pin so one could always be at the ready. As mentioned in Table 10-1, Julius Caesar reportedly used
a three-position shift to the right to encrypt his messages (A became D, B became E, and so on), so this substitution
cipher was given his name—the Caesar Cipher.
An advanced type of substitution cipher that uses a simple polyalphabetic code is the Vigenère cipher. The cipher
is implemented using the Vigenère square (or table), also known as a tabula recta—a
Vigenère cipher term invented by Johannes Trithemius in the 1500s. Table 10-2 illustrates the setup of
the Vigenère square, which is made up of 26 distinct cipher alphabets. In the header
An advanced type of substitution
cipher that uses a simple row and column, the alphabet is written in its normal order. In each subsequent row,
polyalphabetic code. the alphabet is shifted one letter to the right until a 26 × 26 block of letters is formed.

E F A Z D P E T D V B D P Q N V V R

M A J X T U E Q A P N U P A A T U M :
:

' M A J X T U E Q U M P V E D
'

H T V R X J E O X E D H T V J A M M '
'

- O T X J A M J F P A U A T
-

Figure 10-1 Daily cryptogram

Source: www.RadioArchives.com.

Figure 10-2 Radio Orphan Annie’s decoder pin

 Module 10 Cryptography 389

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Table 10-2 The Vigenère Square

You can use the Vigenère square in several ways. For example, you could perform an encryption by simply starting
in the first row, finding a substitute for the first letter of plaintext, and then moving down the rows for each subsequent
letter of plaintext. With this method, the word SECURITY in plaintext becomes TGFYWOAG in ciphertext.
A much more sophisticated way to use the Vigenère square is to use a keyword to represent the shift. To accomplish
this, you begin by writing a keyword above the plaintext message. For example, suppose the plaintext message is “SACK
GAUL SPARE NO ONE” and the keyword is ITALY. We thus end up with the following:

ITALYITALYITALYITA
SACKGAULSPARENOONE

Now you use the keyword letter and the message (plaintext) letter below it in combination. Returning to the Vigenère
square, notice how the first column of text, like the first row, forms the normal alphabet. To perform the substitution,
start with the first combination of keyword and message letters, “IS.” Use the keyword letter to locate the column and
the message letter to find the row, and then look for the letter at their intersection. Thus, for column I and row S, you
will find the ciphertext letter “A.” After you follow this procedure for each letter in the message, you will produce the
encrypted ciphertext “ATCVEINLDNIKEYMWGE.” One weakness of this method is that any keyword-message letter
combination containing an “A” row or column reproduces the plaintext message letter. For example, the third letter
in the plaintext message, the “C” (of “SACK”), has a combination of AC, and thus is unchanged in the ciphertext. To
minimize the effects of this weakness, you should avoid choosing a keyword that contains the letter “A.”
390 Principles of Information Security

transposition cipher Transposition Cipher

A cryptographic operation that
involves simply rearranging the
values within a block based on an
established pattern; also known as
a permutation cipher.
permutation cipher
See transposition cipher.
Like the substitution operation, the transposition cipher is simple to understand, but
if properly used, it can produce ciphertext that is difficult to decipher. In contrast to
the substitution cipher, however, the transposition cipher or permutation cipher
simply rearranges the bits or bytes (characters) within a block to create the cipher-
text. For an example, consider the following transposition key pattern.

Key pattern: 8 → 3, 7 → 6, 6 → 2, 5 → 7, 4 → 5, 3 → 1, 2 → 8, 1 → 4

In this key, the bit or byte (character) in position 1 moves to position 4. When operating on binary data, position 1
is at the far right of the data string, and counting proceeds from right to left. Next, the bit or byte in position 2 moves
to position 8, and so on. This cipher is similar to another newspaper puzzle favorite: the word jumble, as illustrated in
Figure 10-3. In the jumble, words are scrambled, albeit with no defined pattern. Upon unscrambling, the words provide
key characters used to decode a separate message.
The following rows show the numbering of bit locations for this key; the plaintext message 001001010110101110
01010101010100, which is broken into eight-bit blocks for clarity; and the ciphertext that is produced when the previ-
ously depicted transposition key is applied to the plaintext.

Bit locations: 87654321 87654321 87654321 87654321

Plaintext 8-bit blocks: 00100101 | 01101011 | 10010101 | 01010100
Ciphertext: 00001011 | 10111010 | 01001101 | 01100001

Reading from right to left in this example, the first bit of plaintext (position 1 of the first byte) becomes the fourth
bit (in position 4) of the first byte of the ciphertext. Similarly, the second bit of the plaintext (position 2) becomes the
eighth bit (position 8) of the ciphertext, and so on.
To examine further how this transposition key works, look at its effects on a plaintext message comprised of let-
ters instead of bits. Replacing the eight-bit block of plaintext with the example plaintext message presented earlier,
“SACK_GAUL_SPARE_NO_ONE,” yields the following.

Letter locations: 87654321 | 87654321 | 87654321

Plaintext: __ENO_ON | _ERAPS_L | UAG_KCAS
Key: Same key as previously, but characters transposed, not bits
Ciphertext: ON_ON_E_ | _AEPL_RS | A_AKSUGC

R S T U T
“Ben Franklin’s Airport Woes”
H P R I C E

E D N O E C

D I N E H D
“Those who desire to give up freedom in
order to gain will not have, nor do
V I Y P A R C they deserve, either one.”

ANSWER:
B I E S S C R

Figure 10-3 Word jumble

 Module 10 Cryptography 391

Here, you read from right to left to match the order in which characters would be transmitted from a sender on
the left to a receiver on the right. The letter in position 1 of the first block of plaintext, “S,” moves to position 4 in
the ciphertext. The process is continued until the letter “U,” the eighth letter of the first block of plaintext, moves
to the third position of the ciphertext. This process continues with subsequent blocks using the same specified
pattern. Obviously, the use of different-sized blocks or multiple transposition patterns would enhance the strength
of the cipher.
In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early
version of the transposition cipher. In the Caesar block cipher, the recipient of the coded message knows to fit the text
to a prime number square. In practice, this means that if there are fewer than 25 characters, the recipient uses a 5 × 5
square. For example, if you received the Caesar ciphertext shown next, you would make a square of five columns and
five rows and then write the letters of the message into the square, filling the slots from left to right and top to bottom.
You would then read the message from the opposite direction—that is, from top to bottom, left to right.

Ciphertext: SGS_NAAPNE CUAO_KLR _ _ _EO

S G S _ N
A A P N E
C U A O _
K L R _ _
_ _ E O _

Reading from top to bottom and left to right reveals the plaintext “SACK_GAUL_SPARE_NO_ONE.”
When mechanical and electronic cryptosystems became more widely used, transposition ciphers and substitution
ciphers were combined to produce highly secure encryption processes. To make the encryption even stronger and more
difficult to cryptanalyze, the keys and block sizes can be increased to 128 bits or more, which produces substantially
more complex substitutions or transpositions. These systems use a block padding method to fill the last block of the
plaintext with random characters to facilitate the algorithm.

Exclusive OR
The exclusive OR operation (XOR) is a function of Boolean algebra in which two bits are compared and a binary
result is generated. XOR encryption is a very simple symmetric cipher that is used in many applications where
security is not a defined requirement. Table 10-3 shows an XOR table with the results of all possible combinations
of two bits.

Table 10-3 XOR Table

First Bit Second Bit Result

0 0 0
0 1 1
1 0 1
1 1 0

To see how XOR works, consider an example in which the plaintext is the
word “CAT.” The ASCII binary representation of the plaintext is 01000011 01000001
01010100. exclusive OR operation
In order to encrypt the plaintext, a key value should be selected. In this case, (XOR)
the bit pattern for the letter “V” (01010110) is used, and is repeated as many times A function within Boolean algebra
used as an encryption function in
as necessary for each of the characters that need to be encrypted, written from left which two bits are compared; iden-
to right. Performing the XOR operation on the two bit streams (the plaintext and the tical bits result in a binary 0 while
key) produces the result shown in Table 10-4. different bits result in a binary 1.
392 Principles of Information Security

Table 10-4 Example of XOR Encryption

Text Value Binary Value

CAT as bits 010000110100000101010100
V repeated three times as a key 010101100101011001010110
Cipher 000101010001011100000010

The bottom row of Table 10-4, “Cipher,” is read from left to right and contains the bit stream that will be transmitted.
When this cipher is received, it can be decrypted using the key value “V.” Note that the XOR encryption method is very
simple to implement and equally simple to break. The XOR encryption method should not be used by itself when an
organization is transmitting or storing sensitive data. Actual encryption algorithms used to protect data typically use
the XOR operator as part of a more complex encryption process.
You can combine XOR with a block cipher to produce a simple but powerful operation. In the example that follows
(again read from left to right), the first row shows a character message “5E5+•” requiring encryption. The second row
shows this message in binary notation. In order to apply an eight-bit block cipher method, the binary message is broken
into eight-bit blocks in the row labeled “Message blocks.” The fourth row shows the eight-bit key (01010101) chosen
for the encryption. To encrypt the message, you must perform the XOR operation on each eight-bit block by using the
XOR function on the message bit and the key bit to determine the bits of the ciphertext. The result is shown in the row
labeled “Ciphertext.” This ciphertext can now be sent to a receiver, who will be able to decipher the message simply
by knowing the algorithm (XOR) and the key (01010101).

Message (text): “5E5+•”

Message (binary): 00110101 01000101 00110101 00101011 10010101
Message blocks: 00110101 01000101 00110101 00101011 10010101
Key: 01010101 01010101 01010101 01010101 01010101
Ciphertext: 01100000 00010000 01100000 01111110 11000000

If the receiver cannot apply the key to the ciphertext and derive the original message, either the cipher was applied
with an incorrect key or the cryptosystem was not used correctly.

Vernam Cipher
Also known as the one-time pad, the Vernam cipher, developed by Gilbert Vernam in 1917 while working at AT&T
Bell Labs, uses a set of characters only one time for each encryption process (hence the name one-time pad).
The pad in the name comes from the days of manual encryption and decryption when the key values for each
ciphering session were prepared by hand and bound into an easy-to-use form—a pad of paper. To perform the
Vernam cipher encryption, the pad values are added to numeric values representing the plaintext that needs to be
encrypted. Each character of the plaintext is turned into a number and a pad value for that position is added to
it. The resulting sum for that character is then converted back to a ciphertext letter for transmission. If the sum
of the two values exceeds 26, then 26 is subtracted from the total. The process of keeping a computed number
within a specific range is called a modulo; thus, requiring that all numbers be in the range of 1–26 is referred to as
modulo 26. In this process, a number larger than 26 has 26 sequentially subtracted
Vernam cipher from it until the number is in the proper range.
A cryptographic technique devel- To examine the Vernam cipher and its use of modulo, consider the following
oped at AT&T and known as the example, which uses “SACK GAUL SPARE NO ONE” as plaintext. In the first step of
“one-time pad,” this cipher uses this encryption process, the letter “S” is converted into the number 19 because it
a set of characters for encryption
operations only once and then dis- is the 19th letter of the alphabet. The same conversion is applied to the rest of the
cards it. letters of the plaintext message, as shown here.
 Module 10 Cryptography 393

Plaintext: S A C K G A U L S P A R E N O O N E
Plaintext value: 19 01 03 11 07 01 21 12 19 16 01 18 05 14 15 15 14 05
One-time pad F P Q R N S B I E H T Z L A C D G J
text:
One-time pad 06 16 17 18 14 19 02 09 05 08 20 26 12 01 03 04 07 10
value:
Sum of plaintext 25 17 20 29 21 20 23 21 24 24 21 44 17 15 18 19 21 15
& pad:
After modulo 03 18
subtraction:
Ciphertext: Y Q T C U T W U X X U R Q O R S U O

Rows three and four in this example show the one-time pad text that was chosen for this encryption and the one-time
pad value, respectively. As you can see, the pad value, like the plaintext value, is derived from the position of each pad
text letter in the alphabet. Thus, the pad text letter “F” is assigned the position number 06. This conversion process is
repeated for the entire one-time pad text. Next, the plaintext value and the one-time pad value are added together—the first
sum is 25. Because 25 is in the range of 1 to 26, no modulo 26 subtraction is required. The sum remains 25, and yields the
ciphertext “Y,” as shown above. Skipping ahead to the fourth character of the plaintext, “K,” you find that its plaintext value
is 11. The pad text is “R” and the pad value is 18. The sum of 11 and 18 is 29. Because 29 is larger than 26, 26 is subtracted
from it, which yields the value 3. The ciphertext for this plaintext character is then the third letter of the alphabet, “C.”
Decryption of any ciphertext generated from a one-time pad requires either knowledge of the pad values or the
use of elaborate and very difficult cryptanalysis (or so the encrypting party hopes). Using the pad values and the
ciphertext, the decryption process works as follows: “Y” becomes the number 25, from which you subtract the pad
value for the first letter of the message, 06. This yields a value of 19, or the letter “S.” This pattern continues until the
fourth letter of the ciphertext, where the ciphertext letter is “C” and the pad value is 18. Subtracting 18 from 3 yields
negative 15. Because of modulo 26, which requires that all numbers are in the range of 1–26, you must add 26 to the
negative 15. This operation yields a sum of 11, which means the fourth letter of the message is “K.”

For more information about Gilbert Vernam and his cryptography work, view the video “Encryption, Episode 2:
i The Vernam Cipher” by visiting http://techchannel.att.com/ and using the search box.

Book-Based Ciphers
Two related encryption methods made popular by spy movies involve using the text in a book as the key to decrypt a
message. These methods are the book cipher and the running key cipher. A third method, the template cipher, is not
really a cipher but is related to this discussion.

Book Cipher
In a book cipher, the ciphertext consists of a list of codes representing the page number, line number, and word number
of the plaintext word. The algorithm is the mechanical process of looking up the references from the ciphertext and
converting each reference to a word by using the ciphertext’s value and the key (the book). For example, from a copy
of a particular popular novel, one may send the message 259,19,8; 22,3,8; 375,7,4; 394,17,2. Although almost any book
can be used, dictionaries and thesauruses are typically the most popular sources, as they are likely to contain almost
any word that might be needed. The recipient of a running key cipher must first know which book is used—in this
case, suppose it is the science fiction novel A Fire Upon the Deep, the 1992 TOR edition. To decrypt the ciphertext, the
receiver acquires the book, turns to page 259, finds line 19, and selects the eighth word in that line (which is “sack”).
Then the receiver turns to page 22, line 3, selects the eighth word again, and so forth. In this example, the resulting
message is “SACK ISLAND SHARP PATH.” If a dictionary is used, the message consists only of the page number and
the number of the word on the page. An even more sophisticated version might use multiple books, perhaps even in
a particular sequence for each word or phrase.
394 Principles of Information Security

Running Key Cipher

Similar in concept to the book cipher is the running key cipher, which uses a book for passing the key to a cipher that
is similar to the Vigenère cipher. The sender provides an encrypted message with a short sequence of numbers that
indicate the page, line, and word number from a predetermined book to be used as the key or indicator block. Unlike
the Vigenère cipher, if the key needs to be extended in a running key cipher, you don’t repeat the key. Instead, you
continue the text from the indicator block. From this point, you follow the same basic method as the Vigenère cipher,
using the tabula recta to find the column based on the plaintext, and the row based on the key-indicator block letter.
Reversing the processes deciphers the ciphertext, using the ciphertext letter and key. You simply use the row or column
corresponding to the key letter, find the ciphertext in the row or column of text, and then identify the letter on the opposing
axis. The mirrored layout of the table simplifies the selection of rows or columns during encryption and decryption.

Template Cipher
The template cipher or perforated page cipher is not strictly an encryption cipher, but more of an example of steganog-
raphy. The template cipher involves the use of a hidden message in a book, letter, or other message. The receiver must
use a page with a specific number of holes cut into it and place it over the book page or letter to extract the hidden
message. Commonly shown in movies where an inmate sends coded messages from
hash functions prison, this cipher is both difficult to execute and easy to detect, provided either
Mathematical algorithms that gen- party is physically searched. The presence of the perforated page is a clear indica-
erate a message summary or digest tor that some form of hidden message communication is occurring. A much simpler
(sometimes called a fingerprint) to
confirm the message’s identity and
method would be to employ a variation of acrostics, where the first letter of each line
integrity. of a message (or every nth letter) would spell out a hidden message.

hash algorithms
Public functions that create a hash
value, also known as a message
digest, by converting variable-
length messages into a single fixed-
length value.
hash value
See message digest.
message digest
A value representing the applica-
tion of a hash algorithm on a mes-
sage that is transmitted with the
message so it can be compared
with the recipient’s locally calcu-
lated hash of the same message;
also known as a hash value.
message
authentication code
(MAC)
A key-dependent, one-way hash
function that allows only specific
recipients (symmetric key holders)
to access the message digest.
Secure Hash Standard
(SHS)
A standard issued by the National
Institute of Standards and Tech-
nology (NIST) that specifies secure
algorithms, such as SHA-1, for com-
puting a condensed representation
of a message or data file.
Hash Functions
In addition to ciphers, another important encryption technique that is often
incorporated into cryptosystems is the hash function. Hash functions are
mathematical algorithms used to confirm the identity of a specific message and
confirm that the content has not been changed. While they do not create ciphertext,
hash functions confirm the message’s identity and integrity, both of which are critical
functions in e-commerce.
Hash algorithms are used to create a hash value, also known as a message digest, by
converting variable-length messages into a single fixed-length value. The message digest
is a fingerprint of the author’s message that is compared with the recipient’s locally
calculated hash of the same message. If both hashes are identical after transmission,
the message has arrived without modification. Hash functions are considered one-way
operations in that the same message always provides the same hash value, but the hash
value itself cannot be used to determine the contents of the message.
Hashing functions do not require the use of keys, but it is possible to attach a
message authentication code (MAC) to allow only specific recipients to access
the message digest. Because hash functions are one-way, they are used in password
verification systems to confirm the identity of the user. In such systems, the hash
value, or message digest, is calculated based on the originally issued password, and
this message digest is stored for later comparison. When the user logs in for the next
session, the system calculates a hash value based on the user’s password input, and
this value is compared against the stored value to confirm identity.
The Secure Hash Standard (SHS) is issued by the National Institute of Standards
and Technology (NIST). Standard document FIPS 180-4 specifies SHA-1 (Secure Hash
Algorithm 1) as a secure algorithm for computing a condensed representation of a
message or data file. SHA-1 produces a 160-bit message digest, which can be used as
an input to a digital signature algorithm. SHA-1 is based on principles modeled after
MD4, which is part of the MD family of hash algorithms created by Ronald Rivest.
The SHA-2 family of hash algorithms includes SHA-256, SHA-384, SHA-512, and related
 Module 10 Cryptography 395

Source: SlavaSoft HashCalc.

Figure 10-4 Various hash values

variants. The number of bits used in the hash algorithm is a measurement of the algorithm’s strength against collision
attacks, where two different messages can result in an identical hash value. SHA-256 is essentially a 256-bit block cipher
algorithm that creates a key by encrypting the intermediate hash value, with the message block functioning as the
key. The compression function operates on each 512-bit message block and a 256-bit intermediate message digest.2
As shown in Figure 10-4, free tools are available that can calculate hash values using a number of popular
algorithms.

For more information on the Secure Hash Standard, read FIPS 180-4 at http://csrc.nist.gov/publications/PubsFIPS
i .html.

An attack method called rainbow cracking has generated concern about the strength of the processes used for
password hashing. In general, if attackers gain access to a file of hashed passwords, they can use an application like
RainbowCrack with its combination of brute force and dictionary attacks to reveal user passwords. Databases of
hashed passwords and their plaintext equivalents are stored in rainbow tables and are easily used to do a reverse
lookup on a hash value rather than trying to use a brute force approach.
Passwords that are short, contain dictionary words, or are poorly constructed can be easily cracked. The current
industry standard is the 10.4 password standard—a password should include at least 10 characters, with at least one
uppercase letter, one lowercase letter, one number, and one special character. Well-constructed passwords that are
of sufficient length can take a long time to crack even using the fastest computers, but by using a rainbow table—a
database of precomputed hashes from sequentially calculated passwords—the rainbow cracker simply looks up the
hashed password and reads out the text version. No brute force is required. This type of attack is more properly
classified as a time-memory trade-off attack.
To defend against such an attack, you must first protect the file of hashed passwords and implement strict limits
on the number of attempts allowed per login session. You can also use an approach called password hash salting. Salting
is the process of providing a random piece of data to the hashing function when the hash is first calculated. The use
of the salt value creates a different hash; when a large set of salt values are used, rainbow cracking fails because the
time-memory trade-off is no longer in the attacker’s favor. The salt value is not kept a secret: It is stored along with the
account identifier so that the hash value can be re-created during authentication.3 Additional techniques include key
stretching and key strengthening. Key stretching involves repeating the hashing algorithm up to several thousand times
to continuously inject the password, salt value, and interim hash results back into the process. Key strengthening
extends the key with the salt value but then deletes the salt value.
396 Principles of Information Security

secret key
A key that can be used in symmet- Cryptographic Algorithms
ric encryption both to encipher and
decipher the message. In general, cryptographic algorithms are often grouped into two broad categories—
symmetric and asymmetric—but in practice, today’s popular cryptosystems use a
symmetric encryption combination of both algorithms. Symmetric and asymmetric algorithms are distin-
A cryptographic method in which guished by the types of keys they use for encryption and decryption operations.
the same algorithm and secret key
are used both to encipher and deci-
pher the message. Symmetric Encryption
Encryption methodologies that require the same secret key to encipher and
private-key encryption
decipher the message are performing symmetric encryption, also known as private-
See symmetric encryption.
key encryption. Symmetric encryption methods use mathematical operations that
can be programmed into extremely fast computing algorithms so that encryption
and decryption are executed quickly, even by small computers. As you can see in
Figure 10-5, one of the challenges is that both the sender and the recipient must have the secret key. Also, if either
copy of the key falls into the wrong hands, messages can be decrypted by others, and the sender and intended receiver
may not know a message was intercepted. The primary challenge of symmetric key encryption is getting the key to the
receiver, a process that must be conducted out of band to avoid interception. In other words, the process must use a
channel or band other than the one carrying the ciphertext.
There are a number of popular symmetric encryption cryptosystems. One of the most widely known is the Data
Encryption Standard (DES); it was developed by IBM and is based on the company’s Lucifer algorithm, which uses
a key length of 128 bits. As implemented, DES uses a 64-bit block size and a 56-bit key. DES was adopted by NIST in
1976 as a federal standard for encryption of non-classified information, after which it became widely employed in
commercial applications. DES enjoyed increasing popularity for almost 20 years until 1997, when users realized that a
56-bit key size did not provide acceptable levels of security. In 1998, a group called the Electronic Frontier Foundation
(www.eff.org) used a specially designed computer to break a DES key in slightly more than 56 hours. Since then, it has
been theorized that a dedicated attack supported by the proper hardware (not necessarily a specialized computer)
could break a DES key in less than a day.4
Triple DES (3DES) was created to provide a level of security far beyond that of DES. 3DES was an advanced
application of DES, and while it did deliver on its promise of encryption strength beyond DES, it soon proved too weak
to survive indefinitely—especially as computing power continued to double every 18 months. Within just a few years,
3DES needed to be replaced.

Private
courier

Rachel at ABC Corp. generates a secret key. She must somehow

get it to Alex at XYZ Corp. out of band. Once Alex has it, Rachel can
use it to encrypt messages, and Alex can use it to decrypt and read them.

The deal 2LW0^M The deal

is a “go.” $AC6>1! is a “go.”

Secret key A The corresponding Secret key A

encrypts message ciphertext is transmitted decrypts message

Figure 10-5 Example of symmetric encryption

 Module 10 Cryptography 397

The successor to 3DES is the Advanced Encryption Standard (AES). AES is Advanced Encryption
a federal information processing standard (FIPS) that specifies a cryptographic Standard (AES)
algorithm used within the U.S. government to protect information in federal agencies The current federal standard for
that are not part of the national defense infrastructure. (Agencies that are considered the encryption of data, as speci-
fied by NIST; based on the Rijndael
a part of national defense use more secure methods of encryption, which are
algorithm.
provided by the National Security Agency.) The requirements for AES stipulate that
the algorithm should be unclassified, publicly disclosed, and available royalty-free
worldwide. AES was developed to replace both DES and 3DES. While 3DES remains an approved algorithm for some
uses, its expected useful life is limited. Historically, cryptographic standards approved by FIPS have been adopted on a
voluntary basis by organizations outside government entities. The AES selection process involved cooperation among
the U.S. government, private industry, and academia from around the world. AES was approved by the U.S. Secretary
of Commerce as the official federal governmental standard on May 26, 2002.
AES implements a block cipher called the Rijndael Block Cipher with a variable block length and a key length of 128,
192, or 256 bits. Experts estimate that the special computer used by the Electronic Frontier Foundation to crack DES within
a couple of days would require approximately 4,698,864 quintillion years (4,698,864,000,000,000,000,000) to crack AES.

i For more information on the Advanced Encryption Standard, read FIPS 197 at https://csrc.nist.gov/publications/fips.

Asymmetric Encryption
While symmetric encryption systems use a single key both to encrypt and decrypt a
message, asymmetric encryption uses two different but related keys. Either key can
be used to encrypt or decrypt the message. However, if key A is used to encrypt the asymmetric encryption
message, only key B can decrypt it; if key B is used to encrypt a message, only key A A cryptographic method that incor-
can decrypt it. Asymmetric encryption can be used to provide elegant solutions to porates mathematical operations
involving both a public key and a
problems of secrecy and verification. This technique has its greatest value when one key private key to encipher or decipher
is used as a private key, which means it is kept secret (much like the key in symmetric a message; either key can be used
encryption) and is known only to the owner of the key pair. The other key serves as a to encrypt a message, but the other
key is required to decrypt it.
public key, which means it is stored in a public location where anyone can use it. For this
reason, the more common name for asymmetric encryption is public-key encryption.
Consider the following example, as illustrated in Figure 10-6. Alex at XYZ public-key encryption
Corporation wants to send an encrypted message to Rachel at ABC Corporation. Alex See asymmetric encryption.

Public key
repository

Alex at XYZ Corp. wants to send a message to Rachel at ABC Corp. Rachel
stores her public key where it can be accessed by anyone. Alex retrieves Rachel’s
key and uses it to create ciphertext that can be decrypted only by Rachel’s private key,
which only she has. To respond, Rachel gets Alex’s public key to encrypt her message.
Alex then uses his private key to read the message.

Sounds LLQ03& Sounds

great! M1MQY great!
Thanks. >_WU# Thanks.

Private key B Corresponding Public key B

decrypts message ciphertext is transmitted encrypts message

Figure 10-6 Example of asymmetric encryption

398 Principles of Information Security

goes to a public-key registry and obtains Rachel’s public key. Remember that the foundation of asymmetric encryption
is that the same key cannot be used both to encrypt and decrypt the same message. So, when Rachel’s public key is
used to encrypt the message, only her private key can be used to decrypt the message; that private key is held by
Rachel alone. Similarly, if Rachel wants to respond to Alex’s message, she goes to the registry where Alex’s public key is
held and uses it to encrypt her message, which of course can only be read by Alex’s private key. This approach, which
keeps private keys secret and encourages the sharing of public keys in reliable directories, is an elegant solution to
the key management problems of symmetric key applications.
Asymmetric algorithms are one-way functions, meaning they are simple to compute in one direction but complex
to compute in the opposite direction. Again, this is the foundation of public-key encryption. It is based on a hash value,
which is calculated from an input number using a hashing algorithm, as you learned earlier in this module. This hash
value is essentially a summary of the original input values. It is virtually impossible to derive the original values without
knowing how they were used to create the hash value. For example, if you multiply 45 by 235, you get 10,575. This is simple
enough, but if you are only given the number 10,575, can you determine which two numbers were multiplied to produce it?
Now assume that each multiplier is 200 digits long and prime. The resulting multiplicative product could be up to
400 digits long. Imagine the time you’d need to factor out those numbers. There is a shortcut, however. In mathematics,
it is known as a trapdoor (which is different from a software trapdoor). A mathematical trapdoor is a secret mechanism
that enables you to easily accomplish the reverse function in a one-way function. With a trapdoor, you can use a key
to encrypt or decrypt the ciphertext, but not both, thus requiring two keys. The public key becomes the true key, and
the private key is derived from the public key using the trapdoor.
One of the most popular public-key cryptosystems is RSA, whose name is derived from Rivest, Shamir, and
Adleman, the algorithm’s developers. The RSA algorithm was the first public-key encryption algorithm developed (in
1977) and published for commercial use. It is very popular and has been embedded in essentially all widely available
Web browsers to provide security for e-commerce applications. The patented RSA algorithm has become the de facto
standard for public-use encryption applications.

For more information on how the RSA algorithm works, read RFC (Request for Comments) 3447, “Public-Key
i Cryptography Standards (PKCS) #1: RSA Cryptography Specifications,” Version 2.1, which is available from
www.rfc-editor.org/rfc/rfc3447.txt.

The problem with asymmetric encryption, as shown in Figure 10-6, is that holding a single conversation between two
parties requires four keys—two public keys and two related private keys. Moreover, if four organizations want to exchange
communications, each party must manage its private key and four public keys. In such scenarios, determining which public
key is needed to encrypt a particular message can become a rather confusing problem, and with more organizations in the
loop, the problem expands. This is why asymmetric encryption is sometimes regarded by experts as inefficient. Compared
with symmetric encryption, asymmetric encryption is also not as efficient in terms of CPU computations. Consequently,
hybrid systems, such as those described later in this module, are more commonly used than pure asymmetric systems.

RSA is now a division of Dell EMC Infrastructure Solutions Group. For information about the annual RSA security
i conference, see www.rsaconference.com.

Encryption Key Size

When deploying ciphers, it is important for users to decide on the size of the cryptovariable or key, because the
strength of many encryption applications and cryptosystems is measured by key size. How exactly does key size
affect the strength of an algorithm? Typically, the length of the key increases the number of random guesses that have
to be made in order to break the code. Creating a larger universe of possibilities increases the time required to make
guesses, so a longer key directly influences the strength of the encryption.
It may surprise you to learn that when it comes to cryptosystems, the security of encrypted data is not dependent
on keeping the encrypting algorithm secret. In fact, algorithms should be published and often are, to enable research
 Module 10 Cryptography 399

to uncover their weaknesses. The security of any cryptosystem depends on keeping some or all elements of the
cryptovariable(s) or key(s) secret; effective security is maintained by manipulating the size (bit length) of the keys
and following proper procedures and policies for key management.
For a simple example of how key size is related to encryption strength, suppose you have an algorithm that uses
a three-bit key. You may recall from earlier in the module that keyspace is the range from which the key can be drawn.
Also, you may recall that in binary notation, three bits can be used to represent values from 000 to 111, which corre-
spond to the numbers 0 to 7 in decimal notation and thus provide a keyspace of eight keys. This means an algorithm
that uses a three-bit key has eight possible keys; the numbers 0 to 7 in binary are 000, 001, 010, 011, 100, 101, 110, and
111. If you know how many keys you have to choose from, you can program a computer to try all the keys in an attempt
to crack the encrypted message.
The preceding statement makes a few assumptions: (1) you know the algorithm, (2) you have the encrypted
message, and (3) you have time on your hands. It is easy to satisfy the first criterion. The encryption tools that use
DES can be purchased over the counter. Many of these tools are based on encryption algorithms that are standards,
as is DES itself, so it is relatively easy to get a cryptosystem based on DES that enables you to decrypt an encrypted
message if you possess the key. The second criterion requires the interception of an encrypted message, which is
illegal but not impossible. As for the third criterion, the task required is a brute force attack, in which a computer
randomly or sequentially selects possible keys of the known size and applies them to the encrypted text or a piece
of the encrypted text. If the result is plaintext—bingo! But, as indicated earlier in this module, it can take quite a long
time to exert brute force on more advanced cryptosystems. In fact, the strength of an algorithm is determined by how
long it takes to guess the key.
When it comes to keys, how big is big? At the beginning of this section, you learned that a three-bit system has eight
possible keys. An eight-bit system has 256 possible keys. If you use a 24-bit key, which is puny by modern standards,
you have almost 16.8 million possible keys. Even so, a modern PC, such as the one described in Table 10-5, could dis-
cover this key in mere seconds. But, as the table shows, the amount of time needed to crack a cipher by guessing its
key grows exponentially with each additional bit.

Table 10-5 Encryption Key Power

It is estimated that to crack an encryption key using a brute force attack, a computer needs to perform a
maximum of 2^k operations (2k guesses), where k is the number of bits in the key. The average estimated time to
crack is approximately half that time.
Maximum Number of Estimated Average Time to
Key Length (Bits) Operations (Guesses) Maximum Time to Crack Crack
16 65,536 0.000000112 seconds 0.000000056 seconds
24 16,777,216 0.0000287 seconds 0.0000143 seconds
32 4,294,967,296 0.00734 seconds 0.00367 seconds
56 72,057,594,037,927,900 34.2 hours 17.1 hours
64 18,446,744,073,709,600,000 364.7 days 182.35 days
128 3.40E+38 18,431,695,314,143,700,000 9,215,847,657,071,860,000
years years
256 1.16E+77 6,271,980,907,862,400,000, 3,135,990,453,931,200,000,
000,000,000,000,000,000,000, 000,000,000,000,000,000,
000,000,000,000,000,000 000,000,000,000,000,000,000
years years
512 1.34E+154 7.26E+134 years 3.63E+134 years
Note: Estimated Time to Crack is based on a 2020-era Intel i9-10900X 10 Core CPU performing 585 Dhrystone GFLOPS (giga/billion floating point operations per
second) at 5.2 GHz (overclocked). Modern workstations are capable of using multiple CPUs, further decreasing time to crack, or simply splitting the workload among
multiple systems.
Note: The authors acknowledge that this benchmark is based on a very specific application test and that the results are not generalizable. However, these
calculations are shown to illustrate the relative difference between key length and resulting strength rather than to accurately depict time to crack.
400 Principles of Information Security

One thing to keep in mind is that even though the estimated time to crack grows rapidly with respect to the number
of bits in the encryption key and the odds of cracking seem insurmountable at first glance, Table 10-5 doesn’t account
for the fact that high-end computing power has increased and continues to be more accessible. Another challenge is
the use of graphics processing units (GPUs) found in video cards, as well as the emergence of quantum computing
processors. These powerful approaches to computation can be used to perform cryptanalysis calculations, usually at
a faster rate than a typical computer’s primary CPU. Therefore, even the once-standard 56-bit encryption can’t stand
up anymore to brute force attacks by personal computers, especially if multiple computers are used together to crack
the keys. Each additional computer reduces the amount of time needed. Two computers can divide the keyspace—the
entire set of possible combinations of bits that can be the cryptovariable or key—and crack the key in approximately
half the time, and so on. This means people who have access to multiple systems, grid computing environments, GPU
computation clusters, or future quantum computers could radically speed up brute force key-breaking efforts. However,
an even greater concern is the ease with which you can read messages encrypted by what appear to be uncrackable
algorithms if you have the key. Key management (and password management) is the most critical aspect of any cryp-
tosystem in protecting encrypted information, and is even more important in many cases than key strength.
Why, then, do encryption systems such as DES incorporate multiple elements or operations? Consider this: If a cryp-
tosystem uses the same operation (XOR, substitution, or transposition) multiple consecutive times, it gains no additional
benefit. For example, using a substitution cipher and substituting B for A, then R for B, and then Q for R has the same effect
as substituting Q for A. Similarly, instead of transposing a character in position 1, then position 4, and then position 3, a
cryptosystem could more easily have transposed the character from position 1 to position 3. There is no net advantage
for sequential operations unless each subsequent operation is different. Therefore, to substitute, then transpose, then
run an XOR operation, and then substitute again, the cryptosystem will have dramatically scrambled, substituted, and
recoded the original plaintext with ciphertext, all in the hopes of making information unbreakable without the key.

Cryptographic Tools
The ability to conceal the contents of sensitive messages and to verify the contents of messages and the identities of
their senders can be important in all areas of business. To be useful, these cryptographic capabilities must be embodied
in tools that allow IT and information security practitioners to apply the elements of cryptography in the everyday
world of computing. This section covers some of the widely used tools that bring the functions of cryptography to
the world of information systems.

Public Key Infrastructure (PKI)

Public key infrastructure (PKI) systems are based on public-key cryptosystems and include digital certificates and certificate
authorities (CAs). Digital certificates allow the PKI components and their users to validate keys and identify key owners.
(Digital certificates are explained in more detail later in this module.) PKI systems and their digital certificate registries
enable the protection of information assets by making verifiable digital certificates readily
available to business applications. This, in turn, allows the applications to implement
public key several key characteristics of information security and integrate these characteristics
infrastructure (PKI) into the following business processes across an organization:
An integrated system of software,
encryption methodologies, proto- • Authentication—Individuals, organizations, and Web servers can validate the
cols, legal agreements, and third- identity of each party in an Internet transaction.
party services that enables users
to communicate securely through
• Integrity—Content signed by the certificate is known not to have been altered
the use of digital certificates. while in transit from host to host or server to client.
• Privacy—Information is protected from being intercepted during transmission.
• Authorization—The validated identity of users and programs can enable authorization
digital certificates
rules that remain in place for the duration of a transaction; this reduces overhead
Public-key container files that allow
and allows for more control of access privileges for specific transactions.
PKI system components and end
users to validate a public key and • Nonrepudiation—Customers or partners can be held accountable for transactions,
identify its owner. such as online purchases, which they cannot later dispute.
 Module 10 Cryptography 401

A typical PKI solution protects the transmission and reception of secure certificate authority
information by integrating the following components: (CA)
• A certificate authority (CA), which issues, manages, authenticates, signs, In PKI, a third party that manages
users’ digital certificates.
and revokes users’ digital certificates. These certificates typically contain the
user’s name, public key, and other identifying information.
• A registration authority (RA), which handles certification functions such as registration authority
(RA)
verifying registration information, generating end-user keys, revoking certifi-
In PKI, a third party that operates
cates, and validating user certificates, in collaboration with the CA. under the trusted collaboration
• Certificate directories, which are central locations for certificate storage that of the certificate authority and
provide a single access point for administration and distribution. handles day-to-day certification
functions.
• Management protocols, which organize and manage communications among
CAs, RAs, and end users. This includes the functions and procedures for set-
ting up new users, issuing keys, recovering keys, updating keys, revoking keys, certificate revocation
and enabling the transfer of certificates and status information among the list (CRL)
parties involved in the PKI’s area of authority. In PKI, a published list of revoked or
terminated digital certificates.
• Policies and procedures, which assist an organization in the application and
management of certificates, in the formalization of legal liabilities and limita-
tions, and in actual business use.

Common implementations of PKI include systems that issue digital certificates to users and servers, directory
enrollment, key issuing systems, tools for managing key issuance, and verification and return of certificates. These
systems enable organizations to apply an enterprise-wide solution that allows users within the PKI’s area of authority
to engage in authenticated and secure communications and transactions.
The CA performs many housekeeping activities for keys and certificates that are issued and used in its zone of
authority. Each user authenticates himself or herself with the CA. The CA can issue new or replacement keys, track
issued keys, provide a directory of public-key values for all known users, and perform other management activities.
When a private key is compromised or the user loses the privilege of using keys in the area of authority, the CA can
revoke the user’s keys. The CA periodically distributes a certificate revocation list (CRL) to all users. When important
events occur, specific applications can make a real-time request to the CA to verify any user against the current CRL.
The issuance of certificates and their keys by the CA enables secure, encrypted, nonrepudiable e-business
transactions. Some applications allow users to generate their own certificates and keys, but a key pair generated by
the end user can only provide nonrepudiation, not reliable encryption. A central system operated by a CA or RA can
generate cryptographically strong keys that are considered independently trustworthy by all users, and can provide
services for users such as private-key backup, key recovery, and key revocation.
The strength of a cryptosystem relies on both the raw strength of its key’s complexity and the overall quality of its
key management security. PKI solutions can provide several mechanisms for limiting access and possible exposure of
the private keys. These mechanisms include password protection, smart cards, hardware tokens, and other hardware-
based key storage devices that are memory-capable, like flash memory or PC memory cards. PKI users should select
the key security mechanisms that provide an appropriate level of key protection for their needs. Managing the security
and integrity of the private keys used for nonrepudiation or the encryption of data files is critical to successfully using
the encryption and nonrepudiation services within the PKI’s area of trust.5

For more information on public-key cryptography, read FIPS 191, “Entity Authentication Using Public Key
i Cryptography,” at https://csrc.nist.gov/publications/fips.

Digital Signatures
Digital signatures were created in response to the rising need to verify information transferred via electronic systems.
Asymmetric encryption processes are used to create digital signatures. When asymmetric cryptography is used on
a sender’s private key to encrypt a message, the sender’s public key must be used to decrypt the message. When
the decryption is successful, the process verifies that the message was sent by the user and thus cannot be refuted.
402 Principles of Information Security

nonrepudiation
The process of reversing public-key
encryption to verify that a message
was sent by the user and thus
cannot be refuted.
digital signatures
Encrypted message components
that can be mathematically proven
as authentic.
Digital Signature
Standard (DSS)
The NIST standard for digital sig-
nature algorithm usage by federal
information systems; based on a
variant of the ElGamal signature
scheme.
This process is known as nonrepudiation and is the principle of cryptography that
underpins the authentication mechanism collectively known as a digital signature.
Digital signatures, therefore, are encrypted messages that can be mathematically
proven as authentic. The management of digital signatures is built into most Web
browsers. In general, digital signatures should be created using processes and
products that are based on the Digital Signature Standard (DSS). When processes
and products are certified as DSS compliant, they have been approved and endorsed
by U.S. federal and state governments, as well as by many foreign governments, as a
means of authenticating the author of an electronic document.
DSS algorithms can be used in conjunction with the sender’s public and private
keys, the receiver’s public key, and the Secure Hash Standard to quickly create
messages that are both encrypted and nonrepudiable. This process first creates a
message digest using the hash algorithm, which is then input into the digital signature
algorithm along with a random number to generate the digital signature. The digital
signature function also depends on the sender’s private key and other information
provided by the CA. The resulting encrypted message contains the digital signature,
which can be verified by the recipient using the sender’s public key.

i For more information on the Digital Signature Standard, read FIPS 186-4 at https://csrc.nist.gov/publications/fips.

Digital Certificates
As you learned earlier in this module, a digital certificate is an electronic document or container file that contains a key
value and identifying information about the entity that controls the key. The certificate is often issued and certified by a
third party, usually a certificate authority. A digital signature attached to the certificate’s container file certifies the file’s
origin and integrity. This verification process often occurs when you download or update software via the Internet. For
example, the window tabs in Figure 10-7 show that the downloaded files come from the purported originating agency,
Amazon.com, and thus can be trusted.
Unlike digital signatures, which help authenticate the origin of a message, digital certificates authenticate the
cryptographic key that is embedded in the certificate. When used properly, these certificates enable diligent users
to verify the authenticity of any organization’s certificates. This process is much like what happens when the Federal
Deposit Insurance Corporation (FDIC) issues its logo to assure customers that a bank is authentic. Different client-
server applications use different types of digital certificates to accomplish their assigned functions, as follows:

• The CA application suite issues and uses certificates (keys) that identify and establish a trust relationship
with a CA to determine what additional certificates can be authenticated.
Source: Microsoft.

Figure 10-7 Example digital certificate

 Module 10 Cryptography 403

• Mail applications use Secure/Multipurpose Internet Mail Table 10-6 X.509 v3 Certificate Structure6
Extension (S/MIME) certificates for signing and encrypting
e-mail as well as for signing forms. Version
• Development applications use object-signing certifi- Certificate Serial Number
cates to identify signers of object-oriented code and • Algorithm ID
scripts. • Algorithm ID
• Web servers and Web application servers use Secure
• Parameters
Sockets Layer (SSL) certificates to authenticate servers
via the SSL protocol in order to establish an encrypted Issuer Name
SSL session. The SSL protocol is explained later in this • Validity
module. • Not Before
• Web clients use client SSL certificates to authenticate • Not After
users, sign forms, and participate in single sign-on
Subject Name
solutions via SSL.
Subject Public-Key Information
Two popular certificate types are created using Pretty Good • Public-Key Algorithm
Privacy (PGP) and applications that conform to International • Parameters
Telecommunication Union’s (ITU-T) X.509 version 3. The X.509
• Subject Public Key
v3 certificate, whose structure is outlined in Table 10-6, is an
ITU-T recommendation that essentially defines a directory Issuer Unique Identifier (Optional)
service that maintains a database of information (also known as Subject Unique Identifier (Optional)
a repository) about a group of users holding X.509 v3 certificates. Extensions (Optional)
These certificates bind a distinguished name (DN), which uniquely • Type
identifies a certificate entity, to a user’s public key. The certificate
• Criticality
is signed and placed in the directory by the CA for retrieval
and verification by the user’s associated public key. The X.509 • Value
v3 standard’s recommendation does not specify an encryption Certificate Signature Algorithm
algorithm, although RSA, with its hashed digital signature, is Certificate Signature
typically used. Source: Stallings, W. Cryptography and Network Security, Principles
and Practice.

Hybrid Cryptography Systems

Excepting its use in digital certificates, asymmetric key encryption in its pure form is not widely used. However,
it is often used in conjunction with symmetric key encryption—in other words, as part of a hybrid encryption
system. The most common hybrid system is based on the Diffie–Hellman key exchange, which uses asymmetric
encryption to exchange session keys. These are limited-use symmetric keys that allow two entities to conduct
quick, efficient, secure communications based on symmetric encryption, which is more efficient than asymmetric
encryption for sending messages. Diffie–Hellman provides the foundation for subsequent developments in public-
key encryption. It protects data from exposure to third parties, which is sometimes a problem when keys are
exchanged out of band.
A hybrid encryption approach is illustrated in Figure 10-8, and it works as follows:
Alex at XYZ Corp. wants to communicate with Rachel at ABC Corp., so Alex first creates
a session key. Alex encrypts a message with this session key and then gets Rachel’s Diffie–Hellman key
public key. Alex uses Rachel’s public key to encrypt both the session key and the exchange
message, which is already encrypted. Alex transmits the entire package to Rachel, A hybrid cryptosystem that facili-
tates exchanging private keys using
who uses her private key to decrypt the package containing the session key and the
public-key encryption.
encrypted message, and then uses the session key to decrypt the message. Rachel
can then continue to use only this session key for electronic communications until the
session key expires. The asymmetric session key is used in the much more efficient
session keys
processes of symmetric encryption and decryption. After the session key expires,
Limited-use symmetric keys for
usually in a few minutes, a new session key is chosen and shared using the same temporary communications during
process. an online session.
404 Principles of Information Security

Public key
repository

Rachel at ABC Corp. stores her public key where it can be accessed. Alex at XYZ
Corp. retrieves it and uses it to encrypt his session (symmetric) key. He sends it to
Rachel, who decrypts Alex’s session key with her private key and then uses Alex’s
session key for short-term private communications.

Session key 2MUR0 Session key

$*1A%

Private key B Corresponding Public key B

decrypts message ciphertext is transmitted encrypts message

Figure 10-8 Example of hybrid encryption

For more information on the Diffie–Hellman Key Agreement Method, visit the Internet Engineering Task Force
i (IETF) Web site and review RFC 2631 at https://tools.ietf.org/html/rfc2631.

Steganography
The word steganography—the art of secret writing—is derived from the Greek words siéganos, meaning “covered,”
and graphein, meaning “to write.” The Greek historian Herodotus described one of the first steganographers, a
fellow Greek who warned of an imminent invasion by writing a message on the wood beneath a wax writing tablet.7
While steganography is technically not a form of cryptography, it is another way of protecting the confidentiality of
information in transit. The most popular modern version of steganography involves hiding information within files
that contain digital pictures or other images.
To understand how this example of steganography works, you must first know a little about how images are
stored. Most computer graphics standards use a combination of three color values—red, blue, and green (RGB)—to
represent a picture element, or pixel. Each of the three color values usually requires an eight-bit code for that color’s
intensity; for example, 00000000 (or just 0) is the value for no red and 11111111 (or 255) is maximum red. Each color
image pixel requires 3 colors × 8 bits = 24 bits to represent the color mix and intensity. Some image encoding standards
use more or fewer bits per pixel. When a picture is created by a digital camera or a computer program, the number
of horizontal and vertical pixels captured and recorded is known as the image’s resolution. Thus, for example, if 1,024
horizontal pixels are recorded and 768 vertical pixels are captured, the image has 1,024 × 768 resolution and is said
to have 786,432 pixels, or three-quarters of a megapixel. An image that is 1,024 × 768 pixels contains 786,432 groups
of 24 bits to represent the red, green, and blue data. The raw image size can be calculated as 1,024 × 768 × 24, or
5.66 megabytes. There are plenty of bits in this picture data file in which to hide a secret message.
To the naked eye, there is no discernible difference between a pixel with a red intensity of 00101001 and a
slightly different pixel with a red intensity level of 00101000. Using this approach provides a steganographer with
one bit of payload per color (or three bits per pixel) to be used to encode data
steganography into an image file. If a steganographic process uses three bits per pixel for all
The process of hiding messages; for 786,432 pixels, it will be able to store 236 kilobytes of hidden data within the
example, hiding a message within uncompressed image.
the digital encoding of a picture
Some steganographic tools can calculate the largest image that can be stored
or graphic so that it is almost
impossible to detect that the hidden before being detectable. Messages can also be hidden in computer files that do not
message even exists. hold images; if such files do not use all of their available bits, data can be placed
 Module 10 Cryptography 405

where software ignores it and people almost never look. Some applications can hide messages in .bmp, .wav, .mp3,
and .au files, as well as in otherwise unused storage space on CDs and DVDs. Another approach is to hide a message
in a text or document file and store the payload in what appears to be unused whitespace.
Even before the attacks of September 11, 2001, U.S. federal agencies came to believe that terrorist organizations
were “hiding maps and photographs of terrorist targets and posting instructions for terrorist activities in sports chat
rooms, pornographic bulletin boards, and other Web sites” using steganographic methods. No documented proof of
this activity has been made public.8 However, the Electronic Frontier Foundation (www.eff.org) established that the
U.S. Secret Service worked with several manufacturers of color laser printers to use steganography to encode printer
serial numbers in printed documents.

Protocols For Secure Communications

Most of the software applications currently used to protect the confidentiality of information are not true cryptosys-
tems. Instead, they are applications to which cryptographic protocols have been added. This is perhaps particularly
true of Internet protocols; some experts claim that the Internet and its corresponding protocols were designed without
any consideration for security, which was added later as an afterthought. Whether this is true or not, the lack of threats
in the environment in which the Internet was launched allowed it to grow rapidly. But, as the number of threats grew,
so did the need for additional security measures. Secure communication protocols are summarized in Table 10-7.

Securing Internet Communication with HTTPS and SSL

HTTPS (Secure Hypertext Transfer Protocol) and SSL are two protocols designed to enable secure network
communications across the Internet. HTTPS and SSL ensure Internet security via
different mechanisms and can be used independently or together.
Netscape developed the Secure Sockets Layer (SSL) protocol to use public- Secure Sockets Layer
(SSL)
key encryption to secure a channel over the Internet, thus enabling secure
A security protocol developed by
communications. Most popular browsers, including Internet Explorer, use SSL. In
Netscape to use public-key encryp-
addition to providing data encryption, integrity, and server authentication, SSL can tion to secure a channel over the
provide client authentication when properly configured. Internet.

i For more information on the SSL protocol, read RFC 6101 at www.rfc-editor.org/info/rfc6101.

Table 10-7 Secure Communication Protocols

Protocol Use
Secure Sockets Layer (SSL) Enables secure network communications over the Internet
Secure HTTP (HTTPS) Enables secure browser communications over the Internet
Secure/Multipurpose Internet Mail Extensions (S/MIME) Enables secure transmission of e-mail
Privacy-Enhanced Mail (PEM)
Pretty Good Privacy (PGP) Enables secure transmission of e-mail and TCP/IP
communications
Secure Electronic Transactions (SET) Enables secure Web transactions
Wired Equivalent Privacy (WEP) Enables secure network communications over wireless
Wi-Fi Protected Access (WPA) connections

Wi-Fi Protected Access version 2 (WPA2)

Robust Secure Network (RSN)
Bluetooth
IP Security (IPSec) Enables secure transmission over TCP/IP communications
406 Principles of Information Security

Even widely used protocols with a long history can have new vulnerabilities discovered. In 2014, a vulnerability was
revealed in a widely used implementation of the SSL protocol. Web servers with the Heartbleed bug allow an attacker
to bypass some of the controls that protect sensitive information, and Web servers that use an unpatched version of
the popular OpenSSL tool to implement SSL/Transport Layer Security (SSL/TLS) can be tricked by an attacker to reveal
the memory areas of the server. Those areas may contain critical information such as encryption keys, passwords,
or account numbers. The Heartbleed bug is classified as a buffer overread error. The OpenSSL tool is widely used for
Internet sites around the world. After the bug was made widely known, a patched version of the OpenSSL toolset was
soon released, and most server administrators and Web hosting providers were able to make their platforms secure
again. Unless the toolset is updated and the Web sites purge the keys that have been issued, the sites remain vulnerable
to data loss.
The name of the Heartbleed bug comes from a feature implemented in OpenSSL that maintains the connection
between the host and client while data is not being transmitted between them. The so-called heartbeat packets were
intended to maintain session awareness between the server and the client. The bug was that the heartbeat message
included a feature to allow the transmission of a selectable quantity of data. In normal use, no data was requested by
the client. However, if the server allowed the client to request data from the heartbeat packet, significant quantities
of current server memory would be sent to the client system, including data the server administrator would not want
released. The patch corrects this unintended data from being sent.
The SSL protocol works as follows: During a normal client/server HTTP session, the client requests access to a
portion of the Web site that requires secure communications, and the server sends a message to the client indicating
that a secure connection must be established. The client sends its public key and security parameters. This handshaking
phase is complete when the server finds a public key match and sends a digital certificate to the client to authenticate
itself. Once the client verifies that the certificate is valid and trustworthy, the SSL session is established. Until the client
or the server terminates the session, any amount of data can be transmitted securely.
SSL provides two protocol layers within the TCP framework: SSL Record Protocol and Standard HTTP. The
SSL Record Protocol is responsible for the fragmentation, compression, encryption, and attachment of an SSL
header to the plaintext prior to transmission. Received encrypted messages are decrypted and reassembled
for presentation to the higher levels of the protocol. The SSL Record Protocol provides basic security and
communication services to the top levels of the SSL protocol stack. Standard HTTP provides Internet
communication services between clients and hosts without consideration for encryption of the data that is
transmitted between clients and servers.
Secure HTTP (HTTPS) is an extended version of Hypertext Transfer Protocol that provides for the encryption of
individual messages transmitted via the Internet between a client and server. HTTPS is the application of SSL over HTTP,
which allows the encryption of all information passing between two computers through a protected and secure virtual
connection. Unlike SSL, in which a secure channel is established for the duration of a session, HTTPS is designed for
sending individual messages over the Internet; therefore, a session must be established for each individual exchange of
data. To establish a session, the client and server must have compatible cryptosystems and agree on the configuration.
The HTTPS client then must send the server its public key so that the server can generate a session key. The session key
from the server is then encrypted with the client’s public key and returned to the client. After the client decrypts the key
using its private key, the client and server possess identical session keys, which they can use to encrypt the messages
sent between them.
HTTPS can provide confidentiality, authentication, and data integrity through a variety of trust models and cryp-
tographic algorithms. In addition, this protocol is designed for easy integration with existing HTTP applications and
for implementation in conjunction with HTTP.

Securing E-Mail with S/MIME, PEM,

Secure HTTP (HTTPS)
An extended version of Hypertext
Transfer Protocol that provides for
the encryption of protected Web
pages transmitted via the Internet
between a client and server.
and PGP
A number of cryptosystems have been adapted to work with the dominant e-mail
protocols in an attempt to incorporate some degree of security into this notoriously
insecure communication medium. Some popular adaptations are described in this
section.
 Module 10 Cryptography 407

Secure/Multipurpose Internet Mail Extensions (S/MIME) builds on the encoding Secure/Multipurpose

format of the Multipurpose Internet Mail Extensions (MIME) protocol and uses digital Internet Mail
signatures based on public-key cryptosystems to secure e-mail. In 1993, the IETF Extensions (S/MIME)
proposed the Privacy-Enhanced Mail (PEM) standard to use 3DES symmetric key A security protocol that builds on
encryption and RSA for key exchanges and digital signatures; however, it was never the encoding format of the Multi-
purpose Internet Mail Extensions
widely deployed. Pretty Good Privacy (PGP) was developed by Phil Zimmermann and
(MIME) protocol and uses digital
uses the IDEA cipher for message encoding. PGP also uses RSA for symmetric key signatures based on public-key
exchange and digital signatures. PGP is discussed in more detail later in this module. cryptosystems to secure e-mail.
The first commonly used Internet e-mail standard was SMTP/RFC 822, also called
SMTP, but this standard has problems and limitations, such as an inability to transmit Privacy-Enhanced Mail
executable files or binary objects and an inability to handle character sets other than (PEM)
seven-bit ASCII. These limitations make SMTP unwieldy for organizations that need A standard proposed by the
greater security and support for international character sets. MIME was developed IETF that uses 3DES symmetric
to address the problems associated with SMTP. MIME’s message header fields were key encryption and RSA for key
exchanges and digital signatures.
designed to identify and describe the e-mail message and to handle a variety of e-mail
content. In addition to the message header fields, the MIME specification includes
predefined content types and conversion transfer encodings, such as seven-bit, eight-
bit, binary, and radix-64, which it uses to deliver e-mail messages reliably across a wide range of systems.
S/MIME, an extension to MIME, is the second generation of enhancements to the SMTP standard. MIME and S/MIME
have the same message header fields, except for those added to support new functionality. Like MIME, S/MIME uses a
canonical form format, which allows it to standardize message content types among systems, but it has the additional
ability to sign, encrypt, and decrypt messages. Table 10-8 summarizes the functions and algorithms used by S/MIME as
an extension to those used by MIME. It should be mentioned that PGP is functionally similar to S/MIME, incorporates
some of the same algorithms, and can interoperate with S/MIME to some degree.

For more information on securing MIME, visit www.rfc-editor.org and search on “S/MIME” and “MIME” to see the
i numerous standards on the subject.

Securing Web Transactions with SET, SSL, and HTTPS

Just as PGP, PEM, and S/MIME work to secure e-mail operations, a number of related protocols work to secure Web
browsers, especially at e-commerce sites. Among these protocols are SET, SSL, HTTPS, Secure Shell (SSH-2), and IP
Security (IPSec). You learned about SSL and HTTPS earlier in this module.
Secure Electronic Transactions (SET) was developed by MasterCard and Visa in 1997 to protect against electronic
payment fraud. SET uses DES to encrypt credit card information transfers and uses RSA for key exchange. SET provides
security for both Internet-based credit card transactions and credit card swipe systems in retail stores. SSL also
provides secure online e-commerce transactions. SSL uses a number of algorithms but mainly relies on RSA for key
transfer and uses IDEA, DES, or 3DES for encrypted symmetric key-based data transfer.
Secure Electronic
Figure 10-7, shown earlier, illustrates the kind of certificate and SSL information that
Transactions (SET)
appears when you check out of an e-commerce site. If your Web connection does not
A protocol developed by credit card
automatically display such certificates, you can click the lock in your browser’s URL companies to protect against elec-
field window to view the connection encryption and certificate properties. tronic payment fraud.

Table 10-8 S/MIME Functions and Algorithms

Function Algorithm
Hash code for digital signatures Secure Hash Algorithm 1 (SHA-1)
Digital signatures DSS
Encryption session keys ElGamal (variant of Diffie–Hellman)
Digital signatures and session keys RSA
Message encryption 3DES, RC2
408 Principles of Information Security

Securing Wireless Networks with WPA and RSN

Wireless local area networks (WLANs, also known by the brand name Wi-Fi, or wireless fidelity networks) are thought
by many in the IT industry to be inherently insecure. The communication channel between the wireless network
interface of any computing device and the access point that provides its services uses radio transmissions. Without
protection, these radio signals can be intercepted by anyone with a wireless packet sniffer. To prevent interception of
these communications, wireless networks must use some form of cryptographic security control. Two sets of protocols
are widely used to help secure wireless transmissions: Wired Equivalent Privacy and Wi-Fi Protected Access. Both are
designed for use with the IEEE 802.11 wireless networks.

Wired Equivalent Privacy (WEP)

WEP was an early attempt to provide security with the 802.11 network protocol. It is now considered too
cryptographically weak to provide any meaningful protection from eavesdropping, but for a time it did provide some
measure of security for low-sensitivity networks. WEP uses the RC4 cipher stream to encrypt each packet using a
64-bit key. This key is created using a 24-bit initialization vector and a 40-bit key value. The packets are formed with
an XOR function to use the RC4 key value stream to encrypt the data packet. A four-byte integrity check value (ICV) is
calculated for each packet and then appended.9 According to many experts, WEP is too weak for use in most network
settings for the following reasons:10
• Key management is not effective because most networks use a single shared secret key value for each node.
Synchronizing key changes is a tedious process, and no key management is defined in the protocol, so keys
are seldom changed.
• The initialization vector (IV) is too small, resulting in the recycling of IVs. An attacker can reverse-engineer the
RC4 cipher stream and decrypt subsequent packets, or the attacker can forge future packets. In 2007, a brute
force decryption was accomplished in less than one minute.11

In summary, an intruder who collects enough data can threaten a WEP network in just a few minutes by
decrypting or altering the data being transmitted, or by forging the WEP key to gain unauthorized access to the
network. WEP also lacks a means of validating user credentials to ensure that only authorized network users are
allowed to access it.

Wi-Fi Protected Access (WPA and WPA2)

WPA was created to resolve the issues with WEP. WPA has a key size of 128 bits; instead of static, seldom-changed
keys, it uses dynamic keys created and shared by an authentication server. WPA accomplishes this through the use
of the Temporal Key Integrity Protocol (TKIP). TKIP is a suite of algorithms that attempts to deliver the best security
possible given the constraints of the wireless network environment. The algorithms are designed to work with legacy
networking devices. TKIP adds four new algorithms in addition to those that were used in WEP:
• A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries
• A new IV sequencing discipline to remove replay attacks from the attacker’s arsenal
• A per-packet key mixing function to decorrelate public IVs from weak keys
• A rekeying mechanism to provide fresh encryption and integrity keys, undoing the threat of attacks stemming
from key reuse.12

While it offered dramatically improved security over WEP, WPA was not the most secure wireless protocol design.
Some compromises were made in the security design to allow compatibility with existing wireless network components.
Protocols to replace TKIP are currently under development. Table 10-9 provides a summary of the differences between
WEP and WPA.
In 2004, WPA2 was made available as a replacement for WPA. WPA2 provided many of the elements missing from
WPA, most notably AES-based encryption. Beginning in 2006, WPA2 became mandatory for all new Wi-Fi devices. WPA2
is backward-compatible with WPA, although some older network cards have difficulty using it.
The latest version, WPA3, was deployed in 2018; it uses 192-bit keys and eliminates the Pre-Shared key by using
Simultaneous Authentication of Equals. This is expected to improve the overall security of wireless communications
and implement options for IoT devices without user display interfaces.
 Module 10 Cryptography 409

Table 10-9 WEP versus WPA

WEP
Encryption Broken by scientists and hackers
40-bit key
Static key—the same value is used by
everyone on the network
Manual key distribution—each key is
typed by hand into each device
Authentication Broken; used WEP key itself for
authentication
Source: www.wi-fi.org/files/wp_8_WPA%20Security_4-29-03.pdf.
WPA
Overcomes all WEP shortcomings
128-bit key
Dynamic keys—each user is
assigned a key per session with
additional keys calculated for
each packet
Automatic key distribution
Improved user authentication,
using stronger 802.1X and EAP

For more information on WPA, read the 802.11-2016 standard available from https://standards.ieee.org/
i standard/802_11-2016.html or visit the Wi-Fi Alliance security page at www.wi-fi.org/discover-wi-fi/security.

Next Generation Wireless Protocols

Robust Secure Network (RSN) is a protocol for establishing secure communications over an 802.11 wireless network.
It is a part of the 802.Hi standard. RSN uses AES along with 802.lx and EAP. RSN extends AES with the Counter Mode
CBC MAC Protocol (CCMP). AES supports key lengths of up to 256 bits, but it is not compatible with older hardware.
However, a specification called Transitional Security Network (TSN) allows RSN and WEP to coexist on the same WLAN.
Note, however, that a WLAN on which devices still use WEP is not optimally secured.
The RSN protocol functions as follows:
1. The wireless network interface card (NIC) sends a probe request.
2. The wireless access point sends a probe response with an RSN Information Exchange (IE) frame.
3. The wireless NIC requests authentication via one of the approved methods.
4. The wireless access point provides authentication for the wireless NIC.
5. The wireless NIC sends an association request with an RSN IE frame.
6. The wireless access point sends an association response.13

Bluetooth
Bluetooth is a de facto industry standard for short-range wireless communications between devices. It is used to
establish communications links between wireless telephones and headsets, between PDAs and desktop computers, and
between laptops. It was established by Ericsson scientists and soon involved Intel, Nokia, IBM, and Toshiba. Microsoft,
Lucent Technologies, and 3Com joined the industry group shortly after its inception. Billions of Bluetooth-enabled
devices are already in use, and more are placed into service every day.
The Bluetooth wireless communications link can be exploited by anyone within a range of approximately 30 feet
unless suitable security controls are implemented. In discoverable mode—which allows other nearby Bluetooth sys-
tems to detect and connect—devices can easily be accessed, much like a shared folder on a networked computer. Even
in non-discoverable mode, the device is susceptible to access by other devices that have connected with it in the past. 14
By default, Bluetooth does not authenticate connections; however, Bluetooth does implement some degree of security
when devices access certain services, such as dial-up accounts and local area file transfers. Paired devices—usually a
computer or a phone and a peripheral that a user plans to connect to it—require that the same passkey be entered on
both devices. This key is used to generate a session key, which is used for all future communications. Unfortunately,
some attacks can get around this key. If attackers use a device to simulate a Bluetooth access point, they can trick the
device into connecting with it. The fake access point can capture and store all communications, including the passkey
submission.
410 Principles of Information Security

In August 2005, one of the first attacks on Bluetooth-enabled smartphones occurred. At the World Championships in
Athletics in Helsinki, a virus called Cabir infected dozens of phones. It spread quickly via a prompt that many users accepted
without thinking, thus downloading the virus. Cabir only drained the phones’ batteries, but it demonstrated that such devices
are not immune to attack. A Finnish security firm, F-Secure, deployed staff to the event to assist in removing the virus.15
The only way to secure Bluetooth-enabled devices is to incorporate a twofold approach: Turn off Bluetooth when
you do not intend to use it and do not accept an incoming communications pairing request unless you know the
identity of the requestor.

Securing TCP/IP with IPSec and PGP

IP Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocol
standards. It is used to secure communications across IP-based networks such as LANs, WANs, and the Internet. The
IP Security (IPSec)
The primary and dominant cryp-
tographic authentication and
encryption product of the IETF’s IP
Protocol Security Working Group;
provides application support for all in Module 8. IPSec itself is actually an open framework.
uses within TCP/IP, including virtual
private networks.
transport mode
In IPSec, an encryption method
in which only a packet’s IP data
is encrypted, not the IP headers
themselves; allows intermediate
nodes to read the source and
destination addresses.
tunnel mode
In IPSec, an encryption method
in which the entire IP packet is
encrypted and inserted as the pay-
load in another IP packet; requires
other systems at the beginning and
end of the tunnel to act as proxies
to send and receive the encrypted
packets and then transmit the pack-
ets to their ultimate destination.
protocol is designed to protect data integrity, user confidentiality, and authenticity at
the IP packet level. IPSec is the cryptographic authentication and encryption product
of the IETF’s IP Protocol Security Working Group. It is often described as the security
system from IP version 6, the future version of the TCP/IP protocol, retrofitted for use
with IP version 4 (the current version). IPSec is defined in RFC 1825, 1826, and 1827,
and is widely used to create virtual private networks (VPNs), which were described
IPSec includes the IP Security protocol itself, which specifies the information to
be added to an IP packet as well as how to encrypt packet data. IPSec also includes
the Internet Key Exchange, which uses an asymmetric-based key exchange and
negotiates the security associations. IPSec operates in two modes: transport and
tunnel. In transport mode, only the IP data is encrypted, not the IP headers. This
allows intermediate nodes to read the source and destination addresses. In tunnel
mode, the entire IP packet is encrypted and then placed into the content portion
of another IP packet. This requires other systems at the beginning and end of the
tunnel to act as proxies to send and receive the encrypted packets. These systems
then transmit the decrypted packets to their true destinations.
IPSec uses several different cryptosystems:
• Diffie–Hellman key exchange for deriving key material between peers on a public
network
• Public-key cryptography for signing the Diffie–Hellman exchanges to guarantee
the identity of the two parties
• Bulk encryption algorithms, such as DES, for encrypting the data
• Digital certificates signed by a certificate authority to act as digital ID cards16

Within IPSec, IP layer security is achieved by means of an authentication header

authentication header
(AH) protocol
In IPSec, a protocol that provides
system-to-system authentication
and data integrity verification
but does not provide secrecy
for the content of a network
communication.
encapsulating security
payload (ESP) protocol
In IPSec, a protocol that provides
secrecy for the contents of network
communications as well as system-
to-system authentication and data
integrity verification.
protocol or an encapsulating security payload protocol. The authentication
header (AH) protocol provides system-to-system authentication and data
integrity verification, but does not provide secrecy for the content of a network
communication. The encapsulating security payload (ESP) protocol provides
secrecy for the contents of network communications as well as system-to-system
authentication and data integrity verification. When two networked systems form
an association that uses encryption and authentication keys, algorithms, and key
lifetimes, they can implement either the AH or the ESP protocol, but not both. If
the security functions of both protocols are required, multiple security associations
must be bundled to provide the correct sequence through which the IP traffic must
be processed to deliver the desired security features.
The AH protocol is designed to provide data integrity and IP packet authentication.
Although AH does not provide confidentiality protection, IP packets are protected
from replay attacks and address spoofing as well as other types of cyberattacks
 Module 10 Cryptography 411

IPSec Authentication Header Protocol Encapsulating Security Payload Protocol

Next header Payload length Reserved Security parameters index

Security parameters index Sequence number

Sequence number Payload data (variable length)

Authentication data (variable length) Padding Pad length Next header

Authentication data (variable length)

Next header: Identifies the next-higher-level
protocol, such as TCP or ESP.
Payload length: Specifies the AH content’s length.
Reserved: For future use.
Security parameters index: Identifies the
security association for this IP packet.
Sequence number: Provides a monotonically
increasing counter number for each packet
sent. Allows the recipient to order the packets
and provides protection against replay attacks.
Authentication data: Variable-length data (multiple
of 32 bits) containing the ICV (integrity
check value) for this packet.
Security parameters index: Identifies the
security association for this IP packet.
Sequence number: Provides a monotonically
increasing counter number for each packet
sent. Allows the recipient to order the packets
and provides protection against replay attacks.
Payload data: Contains the encrypted data
of the IP packet.
Padding: Space for adding bytes if required by
encryption algorithm; also helps conceal
the actual payload size.
Pad length: Specifies how much of the payload
is padding.
Next header: Identifies the next-higher-level
protocol, such as TCP.
Authentication data: Variable-length data (multiple
of 32 bits) containing the ICV (integrity check
value) for this packet.

Figure 10-9 IPSec headers

against open networks. Figure 10-9 shows the packet format of the IPSec authentication header protocol. As shown in
this diagram, the security parameters index (SPI) references the session key and algorithm used to protect the data
being transported. Sequence numbers allow packets to arrive out of sequence for reassembly. The integrity check
value (ICV) of the authentication data serves as a checksum to verify that the packet itself is unaltered. Whether used
in IPv4 or IPv6, authentication secures the entire packet, excluding mutable fields in the new IP header. In tunnel mode,
however, the entire inner IP packet is secured by the authentication header protocol.
The ESP protocol provides confidentiality services for IP packets across insecure networks. ESP can also provide
the authentication services of AH. The right side of Figure 10-9 shows information about the ESP packet header. ESP
in tunnel mode can be used to establish a virtual private network, assuring encryption and authentication between
networks communicating via the Internet. In tunnel mode, the entire IP packet is encrypted with the attached ESP
header. A new IP header is attached to the encrypted payload, providing the required routing information.
An ESP header is inserted into the IP packet prior to the TCP header, and an ESP trailer is placed after the IPv4
packet. If authentication is desired, an ESP authentication data field is appended after the ESP trailer. The complete
transport segment, in addition to the ESP trailer, is encrypted. In an IPv6 transmission, the ESP header is placed
after the hop-by-hop and routing headers. Encryption under IPv6 covers the transport segment and the ESP trailer.
Authentication in both IPv4 and IPv6 covers the ciphertext data plus the ESP header. IPSec ESP-compliant systems must
support the implementation of the DES algorithm using the CBC (cipher block chaining) mode, which incorporates the
following encryption algorithms: Triple DES, IDEA, RC5, CAST, and Blowfish.

For more information on IPSec, read RFC 4301, “Security Architecture for the Internet Protocol,” at www.rfc-editor
i .org/info/rfc4301. Other related RFCs include RFC 4302, “IP Authentication Header,” RFC 4303, “IP Encapsulating
Security Payload,” and a host of related RFCs. Search on “IPSec” at www.rfc-editor.org/ for more information.
412 Principles of Information Security

Table 10-10 PGP Functions17

Function Algorithm Application

Public-key encryption RSA/SHA-1 or DSS/SHA-1 Digital signatures
Conventional encryption 3DES, RSA, IDEA, or CAST Message encryption
File management ZIP Compression
Source: The OpenPGP home page.

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is a hybrid cryptosystem that combines some of the best available cryptographic
algorithms. It has become the open-source de facto standard for encryption and authentication of e-mail and file
storage applications. Both freeware and low-cost commercial versions of PGP are available for a wide variety of
platforms. Table 10-10 lists the PGP functions.
The PGP security solution provides six services: authentication by digital signatures, message encryption, com-
pression, e-mail compatibility, segmentation, and key management.
As shown in Table 10-10, one of the algorithms used in PGP public-key encryption is Secure Hash Algorithm
1 (SHA-1), which computes hash values for calculating a 160-bit hash code based on the plaintext message. The
hash code is then encrypted with DSS or RSA and appended to the original message. The recipient uses the
sender’s public key to decrypt and recover the hash code. Using the same encryption algorithm, the recipient
then generates a new hash code from the same message. If the two hash codes are identical, then the message
and the sender are authentic. A sender may also want the entire contents of the message protected from unau-
thorized view. 3DES, IDEA, or CAST, which are all standard algorithms, may be used to encrypt the message
contents with a unique, randomly generated 128-bit session key. The session key is encrypted by RSA using the
recipient’s public key and then appended to the message. The recipient uses his or her private key with RSA to
decrypt and recover the session key. The recovered session key is used to decrypt the message. Authentication
and message encryption can be used together by first digitally signing the message with a private key, encrypt-
ing the message with a unique session key, and then encrypting the session key with the intended recipient’s
public key.
PGP uses the freeware ZIP algorithm to compress the message after it has been digitally signed but before it
is encrypted. This saves space and generates a more secure encrypted document because a smaller file offers an
attacker fewer chances to look for patterns in the data and fewer characters with which to perform frequency analysis.
PGP also uses a process known as Radix-64, which encodes nontextual data and assures that encrypted data can be
transferred using e-mail systems by maintaining the required eight-bit blocks of ASCII text. The format maps three
octets of binary data into four ASCII characters and appends a cyclic redundancy check (CRC) to detect transmis-
sion errors.
Because many Internet facilities impose restrictions on message size, PGP can automatically subdivide messages
into a manageable stream size. This segmentation is performed after all other encryption and conversion functions
have been processed. At the recipient end, PGP reassembles the segment’s message blocks prior to decompression
and decryption.
PGP does not impose a rigid structure for public-key management, but it can assign a level of trust within the
confines of PGP, though it does not specify the actual degree of trust the user should place in any specific key. Trust
can be addressed and assured by using the public-key ring structure. In this structure, each specific set of public-key
credentials is associated with a key legitimacy field, a signature trust field, and an owner trust field. Each of these fields
contains a trust-flag byte that identifies whether the credential is trusted in that field. If the trust of a given credential
is broken, as when a key is compromised, the owner can issue a digitally signed key revocation certificate that updates
the credential trust bytes when the credential is next verified.
 Module 10 Cryptography 413

Closing Scenario
Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter.
“Hi, Peter,” Charlie said into the receiver. “Want me to start the file cracker on your spreadsheet?”
“No, thanks,” Peter answered, taking the joke well. “I remembered my passphrase. But I want to get your advice on what
we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the
value in using it for certain kinds of information, but I’m worried about forgetting a passphrase again, or even worse, that
someone else forgets a passphrase or leaves the company. How would we get their files back?”
“Well, to do that we would need to use a feature called key recovery, which is usually part of PKI software,” said Charlie.
“Actually, if we invest in PKI software, we could solve that problem as well as several others.”
“OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use
of encryption?”

Discussion Questions
1. Was Charlie exaggerating in the opening scenario when he gave Peter an estimate for the time required to crack
the encryption key using a brute force attack?

Ethical Decision Making

Suppose Charlie had installed software to record all keystrokes entered on all company computer systems (known as a keylogger)
and had made a copy of Peter’s encryption key, but without policy authority and without anyone’s knowledge, including Peter’s.
1. Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?
2. Suppose that Charlie had implemented the keylogger with the knowledge and approval of senior company
executives, and that every employee had signed a release acknowledging that the company can record all infor-
mation entered on company systems. Two days after Peter’s original call, Charlie calls back to give Peter his key:
“We got lucky and cracked it early.” If Charlie says this to preserve Peter’s illusion of privacy, is such a “little white
lie” an ethical action on Charlie’s part?

Selected Readings
• Applied Cryptography, 2nd Edition, by Bruce Schneier. 1996. John Wiley & Sons.
• Public Key Infrastructure: Building Trusted Applications and Web Services, by John R. Vacca. 2004. Auerbach.

Module Summary
• Encryption is the process of converting a message into a form that is unreadable to unauthorized people.
• The science of encryption, known as cryptology, encompasses cryptography (making and using encryption
codes) and cryptanalysis (breaking encryption codes).
• Cryptology has a long history and continues to change and improve.
• Two basic processing methods are used to convert plaintext data into encrypted data—bit stream and block
ciphering. The other major methods used for scrambling data include substitution ciphers, transposition
ciphers, the XOR function, the Vigenère cipher, and the Vernam cipher.
• Hash functions are mathematical algorithms that generate a message summary, or digest, that can be used to
confirm the identity of a specific message and confirm that the message has not been altered.
414 Principles of Information Security

• Most cryptographic algorithms can be grouped into two broad categories: symmetric and asymmetric. In
practice, most popular cryptosystems are hybrids that combine symmetric and asymmetric algorithms.
• The strength of many encryption applications and cryptosystems is determined by key size. All other things
being equal, the length of the key directly affects the strength of the encryption.
• Public key infrastructure (PKI) is an integrated system of software, encryption methodologies, protocols,
legal agreements, and third-party services that enables users to communicate securely. PKI includes digital
certificates and certificate authorities.
• Digital signatures are encrypted messages that are independently verified by a central facility and provide
nonrepudiation. A digital certificate is an electronic document, similar to a digital signature, which is attached
to a file to certify it came from the organization that claims to have sent it and was not modified from its
original format.
• Steganography is the hiding of information. It is not technically a form of cryptography, but is similar in that
it protects confidential information while in transit.
• Secure Hypertext Transfer Protocol (HTTPS), Secure Electronic Transactions (SET), and Secure Sockets Layer
(SSL) are protocols designed to enable secure communications across the Internet. IPSec is the protocol
used to secure communications across any IP-based network, such as LANs, WANs, and the Internet. Secure/
Multipurpose Internet Mail Extensions (S/MIME), Privacy-Enhanced Mail (PEM), and Pretty Good Privacy (PGP)
are protocols that are used to secure electronic mail. PGP is a hybrid cryptosystem that combines some of
the best available cryptographic algorithms; it has become the open-source de facto standard for encryption
and authentication of e-mail and file storage applications.
• Wireless networks require their own cryptographic protection. Originally protected with WEP and WPA,
most modern Wi-Fi networks are now protected with WPA2. Bluetooth—a short-range wireless protocol used
predominantly for wireless phones and PDAs—can be exploited by anyone within its 30-foot range.

Review Questions
1. What are cryptography and cryptanalysis?
2. What was the earliest reason for the use of
cryptography?
3. What is a cryptographic key, and what is it used for?
What is a more formal name for a cryptographic key?
4. What are the cryptographic tools discussed in this
module, and what does each accomplish?
5. What is a hash function, and what can it be used for?
6. What does it mean to be “out of band”? Why is
it important to exchange keys out of band in
symmetric encryption?
7. What is the fundamental difference between
symmetric and asymmetric encryption?
8. How does public key infrastructure add value to
an organization seeking to use cryptography to
protect information assets?
9. What are the components of PKI?
10. What is the difference between a digital signature
and a digital certificate?
11. What critical issue in symmetric and asymmetric
encryption is resolved by using a hybrid method
like Diffie–Hellman?
12. What is steganography, and what can it be used
for?
13. Which security protocols are predominantly used
in Web-based electronic commerce?
14. Which security protocols are used to protect
e-mail?
15. IPSec can be implemented using two modes of
operation. What are they?
16. Which kind of attack on cryptosystems
involves sequential guessing of all possible key
combinations?
17. Consider the earlier module discussion about
encryption key power and key strength, and
then review Table 10-5. If you were setting up an
encryption-based network, what key size would
you choose and why?
18. What are the strongest key sizes used in encryption
systems today?
19. What encryption standard is currently
recommended by NIST?
20. What are the most popular protocols used to
secure Internet communication?
 Module 10 Cryptography 415

Exercises
1. Go to a popular online electronic commerce site like
Amazon.com. Place several items in your shopping
cart, and then go to check out. When you reach the
screen that asks for your credit card number, right-
click on the Web browser and select Properties.
You may need to use the help feature of your
browser to find the security protocols in use and
the certificates used to secure your transactions.
What did you find out about the cryptosystems and
protocols in use to protect the transaction?
2. Repeat Exercise 1 on a different Web site, perhaps
ebay.com. Does this site use the same protocols or
different ones? Compare and contrast the protocols
and certificates being used.
3. Perform a Web search for “Proton mail.” Create
the free trial account. Use the tool to compose
and send a secure e-mail to your personal
e-mail account. This will require you to use
the “encryption” option in the Compose dialog
box, which looks like a padlock. Set a message
password. When you receive the message in your
e-mail account, what looks different in the e-mail,
compared with your other e-mails?
4. Perform a Web search for “Announcing the
Advanced Encryption Standard (AES).” Read
this document, which is a FIPS 197 standard.
Write a short overview of the development and
implementation of this cryptosystem.
5. Search the Web for “steganographic tools.” What
do you find? Download and install a trial version of
one of the tools. Embed a short text file within an
image. In a side-by-side comparison, can you tell
the difference between the original image and the
image with the embedded file?

References
1. Epic.org. “International Traffic in Arms Regulations: Code of Federal Regulations [EXCERPTS].” Title
22—Foreign Relations; Chapter I—Department of State; Subchapter M. April 1, 1992. Accessed October 23,
2020, from https://epic.org/crypto/export_controls/itar.html.
2. FIPS PUB 180-4, “Secure Hash Standard (SHS).” National Institute of Standards and Technology. Accessed
October 23, 2020, from https://csrc.nist.gov/publications/detail/fips/180/4/final.
3. Paladion. “Sending Salted Hashes Just Got More Tricky.” Paladion High Speed Cyber Defense. Accessed
October 23, 2020, from www.paladion.net/blogs/sending-salted-hashes-just-got.
4. Electronic Frontier Foundation. “Eff Des Cracker Machine Brings Honesty to Crypto Debate.” Accessed
October 23, 2020, from www.eff.org/press/releases/eff-des-cracker-machine-brings-honesty-crypto-debate.
5. Kuhn, D., Hu, V., Polk, W., and Chang, S. NIST SP 800-32, “Introduction to Public Key Technology and the
Federal PKI Infrastructure.” National Institute of Standards and Technology. February 2001. Accessed
October 23, 2020, from https://csrc.nist.gov/publications/detail/sp/800-32/final.
6. Stallings, W. Cryptography and Network Security, Principles and Practice. 1999. New Jersey: Prentice Hall.
7. Conway, M. “Code Wars: Steganography, Signals Intelligence, and Terrorism.” Knowledge, Technology &
Policy 16, 45-62 (2003). Accessed October 23, 2020.
8. McCullagh, D. “Bin Laden: Steganography Master?” Accessed October 23, 2020, from http://archive.wired
.com/politics/law/news/2001/02/41658?currentPage=all.
9. Scarfone, K., Dicio, D., Sexton, M., and Tibbs, C. SP 800-48, Rev. 1, “Guide to Securing Legacy IEEE 802.11
Wireless Networks.” National Institute of Standards and Technology. July 2008. Accessed October 23, 2020,
from https://csrc.nist.gov/publications/detail/sp/800-48/rev-1/archive/2008-07-25.
10. Interop Net Labs. “What’s Wrong with WEP?” September 9, 2002. Accessed October 23, 2020, from
www.opus1.com/www/whitepapers/whatswrongwithwep.pdf.
11. Leyden, J. “WEP Key Wireless Cracking Made Easy.” The Register. April 4, 2007. Accessed October 23, 2020,
from www.theregister.co.uk/2007/04/04/wireless_code_cracking.
12. CISCO. “Security: Encryption Manager.” Accessed October 23, 2020, from www.cisco.com/web/techdoc/
wireless/access_points/online_help/eag/123-02.JA/1400BR/h_ap_sec_ap-key-security.html.
416 Principles of Information Security

13. “What Is RSN (Robust Secure Network)?” Tech FAQ Online. Accessed October 23, 2020, from www.tech-faq
.com/rsn-robust-secure-network.html.
14. Bialoglowy, M. “Bluetooth Security Review, Part I: Introduction to Bluetooth.” Created April
24, 2005, and updated October 23, 2020. Accessed August 28, 2016, from https://community
.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/
viewdocument?DocumentKey=4ac4d5c6-3bf1-4e66-acf0-6f07482cfae1&CommunityKey=1ec
f5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments.
15. Leyden, J. “Cabir Mobile Worm Gives Track Fans the Run Around.” The Register. August 12, 2005. Accessed
October 23, 2020, from www.theregister.co.uk/2005/08/12/cabir_stadium_outbreak/.
16. ITL Bulletin. National Institute of Standards and Technology. March 2001. Accessed October 23, 2020, from
https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-bulletin/itlbul2001-03.pdf.
17. The OpenPGP Home Page. Accessed October 23, 2020, from www.openpgp.org/.