Study Notes Cryptography 2022
Study Notes Cryptography 2022
Crypto Basics
● Goals of Crypto
o Confidentiality
o Preservation of secrecy of stored information
o Symmetric crypto systems use a secret key shared by
all users
o Asymmetric crypto systems use individual combos of
public and private keys for each user
o Data in transit aka data on the wire - exam terms,
same thing
o Integrity
o Message digests - aka digital signatures, created
when message is transmitted, used to ensure data
wasn’t altered
o Authentication
o Challenge-response authentication
o Prove that one can encrypt/decrypt something to
validate identity
o Nonrepudiation
o Only offered by asymmetric systems
o Assurance that the message originated by the sender,
not someone pretending to be the sender
● Cryptography Concepts
o Plaintext - Before a message is coded
o Ciphertext - After a message is encrypted
o Keys - Used in encryption calculations.
o Key space - The range of values that are valid for use as a
key in a specific algorithm, aka bit size
o Kerckhoff’s Principle - A Cryptographic system should
be secure even if everything about the system, except the key,
is public knowledge
o Cryptovariable - Sometimes used to refer to keys
o Cryptography - Implementing secret codes and ciphers
o Cryptanalysis - The study of methods to defeat codes and
ciphers
o Cryptology - Cryptography and cryptanalysis together
Cryptographic Mathematics
Transposition Ciphers
Substitution Ciphers
One-Time Pads
Block Ciphers
Stream Ciphers
Modern Crypto
● Crypto keys
o Kerckhoff’s Principle - Opening algorithms to public scrutiny
actually improves their security
o Modern cryptosystems rely on secrecy of one or more
cryptographic keys
● Symmetric Key Algorithms
o AKA secret key and private key crypto
o Rely on a shared secret
o Weaknesses
o Need to distribute the key - See Diffie-Hellman
o Does not implement nonrepudiation
o Algo doesn’t scale well - secure private comms between
individuals can only be achieved if every possible combo
of users has their own shared key
o (n * (n - 1)) / 2 = number of keys needed
o Keys need to be regenerated every time group
membership changes
o Very fast
● Asymmetric Key Algorithms
o AKA public key algos
o Each user has two keys
o Public key - Shared with all users
o Private key - Kept secret, known only to the user
o Supports digital signing
o Transience - new users requires only one new public-private
key pair, users can be easily removed
o Only need to regenerate keys when a user’s private key is
compromised
o Can provide integrity, authentication, nonrepudiation
o Simple key distribution
o No pre-existing communication link needs to exist
o Big disadvantage is slow speed of operation
o Lots of applications use a asymmetric crypto to establish a
connection, and exchange a symmetric secret, then the rest of
the session is encrypted with symmetric crypto
Symmetric Cryptography
Cryptographic Lifecycle
Hash Functions
● Hash functions - Take a potentially long message and generate a
unique output value derived from the content of the message
o Message digest - The output of a hash function
● Basic hash function requirements
o Input can be any length
o Output has a fixed length
o Should be relatively easy to compute for any input
o Hash function is one-way which means it is extremely hard to
determine the input when provided the output
o Collision free - hard to find two inputs that produce the same
message digest
● SHA - Secure Hash Algorithm
o SHA-1 produces 160 bit digest
o Processes 512 bit blocks
o Pads messages to fit
o SHA-256 produces 256 bit messages using 512 bit block size
o SHA-224 uses truncated version of SHA-256 hash to make a
224 bit message with 512 bit block size
o SHA-512 produces 512 bit message digests using a 1024 bit
block size
o SHA-384 uses truncated SHA-512 to produce 384 bit digest
with 1024 bit block size
● MD5
o 512 bit blocks
o 4 distinct rounds of computation
o Message length must be 64 bits less than a multiple of 512
bits
o Uses padding to make up the difference
● Hash of Variable Length (HAVAL) - MD5 variant
o Hash value length: 128, 160, 192, 224, 256 bits
Digital Signatures
● Enforces nonrepudiation
● Assures the recipient that the message was not altered while in
transit
● If Alice wants to sign a message she’s sending to Bob…
o Alice generates a message digest of the original plaintext
using a hashing algo
o Alice encrypts the message digest using her private key - this
is the digital signature
o Alice appends the signed message digest to the plaintext
o Alice transmits the appended message to Bob
o Bob decrypts the digital signature using Alice’s public key
o Bob uses the same hashing function to create a message
digest of the full plaintext received from Alice
o Bob compares the decrypted message digest he got from
Alice with the message digest he computed himself
o If the hashes match, the signature is verified and the
message was sent from Alice
o If the hashes do not match, the signature is invalid and
either the message didn’t come from Alice, or it was
modified in transit
● Does not provide privacy/confidentiality
● Does provide integrity, authentication, nonrepudiation
● HMAC - Hashed Message Authentication Code
o Provides integrity, does not provide nonrepudiation
o Depends on a shared secret key
If you want to
Encrypt a message
Decrypt a message sent to you
Digitally sign a message you are sending to someone else
Verify the signature on a message sent by someone else
● Certificates
o Endorsed copies of a public key
o International standard: X.509
o Contains
o Version of X.509 it conforms to
o Serial number
o Signature algo identifier
o Issuer name
o Validity period
o Subject’s name
o Subject’s public key
o Certificate extensions are custom variables inserted into a
certificate
● Certificate Authorities
o Neutral organizations that offer notarization services for digital
certificates
o Registration authorities assist by verifying user’s identities
prior to issuing certificates but do not issue certs themselves
o Certificate Path Validation - CPV. Each certificate in the
certificate path from the original start or root of trust down to
the server or client in question is valid and legitimate.
● Certificate Generation and Destruction
o Enrollment
o Prove your identity to the CA
o Provide them your public key
o CA signs your certificate with their private key
o Verification
o Verify the cert by checking the CA’s digital signature
using the CA’s public key
o Make sure it was not revoked (Certificate Revocation
List - CRL)
o Or Online Certificate Status Protocol (OCSP)
o A certificate is valid if:
o The digital signature of the CA is authentic
o You trust the CA
o The certificate is not listed on a CRL
o The certificate contains the data you are trusting
o Revocation
o Revoking a certificate declares it invalid before it’s
natural expiry
o Certificate Revocation Lists (CRLs) contain serial
numbers of certs that a CA revoked along with when
they were revoked
o Online Certificate Status Protocol (OCSP) eliminates
latency with CRLs by providing a real-time check
Applied Cryptography
● Portable devices
o Windows includes BitLocker and Encrypting File System (EFS)
o Mac has FileVault
o Linux has VeraCrypt
o All for disk encryption of mobile devices like laptops
● Trusted Platform Module - TPM. A chip on the motherboard that
stores and manages keys used for full disk encryption.
● Email
o For confidentiality, encrypt the message
o For integrity, hash the message
o For authentication, integrity, and/or nonrepudiation, digitally
sign the message
o For confidentiality, integrity, authentication, and
nonrepudiation, encrypt and sign the message
o Always the responsibility of the sender
o Pretty Good Privacy - PGP
o “web of trust”
o Secure email system
o Secure/Multipurpose Internet Mail Extensions - S/MIME
o Uses X.509 certificates for exchanging crypto keys
● Web Applications
o SSL and TLS (Secure Sockets Layer, and Transport Layer
Security)
o HTTPS (Hypertext Transfer Protocol Secure) uses port 443 to
negotiate encrypted communications between web servers
and clients
o Depends on the exchange of server digital certificates
o When a user accesses a website, the browser gets the
web server’s cert and extracts the public key from it
o The browser creates a random symmetric key, uses the
server’s public key to encrypt it, and sends the
encrypted symmetric key to the server
o The server decrypts the symmetric key using it’s private
key, and the two systems exchange future messages
using symmetric encryption/key
o Padding Oracle On Downgraded Legacy Encryption (POODLE)
is a downgrade attack - forcing a system to use an
older/vulnerable version of TLS or SSL instead of an up to
date version
● Steganography and Watermarking
o Steganography - Using crypto techniques to embed secret
messages within another message
o Ex: Adding digital watermarks to documents to protect
intellectual property
● Digital Rights Management - DRM
o Using encryption to enforce copyright restrictions on digital
media
o High-Bandwidth Digital Content Protection - HDCP.
Provides protection over digital connections like HDMI
o Advanced Access Content System - AACS. Protects Blu-
Ray
o Video games increasingly depend on having an internet
connection
o Document DRM may want to control permissions like who can
read, modify, remove watermarks, download/save, print, take
a screenshot
Networking
Cryptographic Attacks
● Analytic Attack - Using math to reduce complexity of algo
● Implementation Attack - Exploits weaknesses in the
implementation of a crypto system
● Statistical Attack - Using math to find patterns, floating-point
errors, inability to find truly random numbers
● Brute Force - Trying every possible combination for key and
password
o Key length is critical for defending brute force
o Rainbow tables - precomputed values for crypto hashes,
commonly for cracking passwords
● Salt - A random value added to the end of the password before it is
hashed
● Frequency analysis - Counting the number of times each letter
appears in the ciphertext
● Known Plaintext - Attacker has a copy of the encrypted message,
along with plaintext, can be used to determine the key
● Chosen Ciphertext - Attacker has ability to decrypt portions of the
ciphertext
● Chosen Plaintext - Attacker has ability to encrypt plaintext
messages of their choosing
● Meet in the Middle - Known plaintext message
● Man in the Middle - A malicious individual sits between two
communicating parties and intercepts communications
● Birthday - AKA collision attack, finding flaws in hashing functions
where two inputs generate the same output
● Replay - A system lacks temporal protections, a message can be
sent more than once at different times
Site Selection
● Visibility - Where are the closest emergency services located? Are
there unique hazards? Locations of security cameras.
● Natural disasters
● Facilities design - Crime Prevention through Environmental Design
(CPTED)
Equipment failure
Wiring Closets
Server Room
● The more human incompatible a server room is, the more protection
it offers against casual and determined attacks
● Walls should have one-hour minimum fire rating
● Datacenter could be a single tenant or multitenant
● Smartcards - Credit-card-sized, IDs, badges, security passes with
an embedded magnetic strip, bar code, or integrated circuit chip
● Memory cards - Machine-readable ID cards with a magnetic strip
● Proximity reader - Passive device, a field-powered device, or a
transponder
● Passive device - Like antitheft devices found in DVDs
● Intrusion detection system - Systems designed to detect a
breach or attack
● Masquerading - Using someone else’s security ID to gain entry into
facilities
● Piggybacking - Following someone through a secured gate or
doorway without being identified or authorized personally
● Emanation - Electromagnetic signals or radiation that can be
intercepted by unauthorized individuals
● Faraday cage - An area designed with an external metal skin that
surrounds the area on all sides and blocks electromagnetic
interference (EMI)
● White noise - Random sounds, signal, or process that can drown
out meaningful information
● Control zone - is an implementation of a Faraday cage or white
noise generator or both to protect a specific area
Elliptic curve cryptography ECC leverages a one-way function that uses discrete
logarithms as applied to elliptic curves. Solving this problem is harder than solving discrete
logarithms, so algorithms based on elliptic curve cryptography (ECC) are much stronger per
bit than systems using discrete logarithms (and also stronger than factoring prime
numbers). ECC requires less computational resources because it uses shorter keys
comparison to other asymmetric methods. Lower-power devices often use ECC for this
reason
PUBLIC KEY INFRASTRUCTURE Public Key Infrastructure (PKI) leverages all three forms of encryption
to provide and manage digital certificates. A digital certificate is a public key signed with a digital
signature. Digital certificates may be server-based or client-based. If client and server certificates are
used together, they provide mutual authentication and encryption. The standard digital certificate
format is X.509. Certificate authorities and organizational registration authorities Digital certificates
are issued by certificate authorities (CAs). Organizational registration authorities (ORAs) authenticate
the identity of a certificate holder before issuing a certificate to them. An organization may operate
as a CA or ORA (or both). Certificate revocation lists The CAs maintain certificate revocation lists
(CRL), which, as the name implies, is a list of revoked certificates. A certificate may be revoked if the
private key has been stolen, an employee is terminated, etc. A CRL is a flat file and does not scale
well.
The Online Certificate Status Protocol (OCSP) is a replacement for CRLs and uses client-server design
that scales better. Key management issues CAs issue digital certificates and distribute them to
certificate holders. The confidentiality and integrity of the holder’s private key must be assured
during the distribution process. Public/private key pairs used in PKI should be stored centrally and
securely. Users may lose their private key as easily as they may forget their password. A lost private
key means that anything encrypted with the matching public key will be lost, short of cryptanalysis,
as described previously.
Note that key storage is different than key escrow. Key storage means the organization that issued
the public/private key pairs retains a copy. Key escrow means a copy is retained by a third-party
organization (and sometimes multiple organizations), often for law enforcement purposes. A retired
key may not be used for new transactions, but one may be used to decrypt previously encrypted
plaintexts. A destroyed key no longer exists and therefore cannot be used for any purpose.
IPsec Internet Protocol Security (IPsec) is a suite of protocols that provide a cryptographic layer to
both IPv4 and IPv6. It is one of the methods used to provide virtual private networks (VPN), which
allow you to send private data over an insecure network, such as the Internet; the data crosses a
public network, but is “virtually private.” IPsec includes two primary protocols: Authentication
Header (AH) and Encapsulating Security Payload (ESP). AH and ESP provide different and sometimes
overlapping functionality. Supporting IPsec protocols include Internet Security Association and Key
Management Protocol (ISAKMP) and Internet Key Exchange (IKE). AH and ESP Authentication header
(AH) provides authentication and integrity for each packet of network data. AH provides no
confidentiality; it acts as a digital signature for the data. AH also protects against replay attacks,
where data is sniffed off a network and resent, often in an attempt to fraudulently reuse encrypted
authentication credentials. ESP primarily provides confidentiality by encrypting packet data. It may
also optionally provide authentication and integrity. Security association and ISAKMP AH and ESP
may be used separately or in combination. An IPsec Security Association (SA) is a simplex (one-way)
connection that may be used to negotiate ESP or AH parameters. If two systems communicate via
ESP, they use two SAs, one for each direction. If the systems leverage AH in addition to ESP, they use
two more SAs for a total of four. A unique 32-bit number called the security parameter index (SPI)
identifies each simplex SA connection. The internet security association and key management
protocol (ISAKMP) manages the SA creation process. Tunnel and transport mode IPsec is used in
tunnel mode or transport mode. Security gateways use tunnel mode because they can provide
point-to-point IPsec tunnels. ESP tunnel mode encrypts the entire packet, including the original
packet headers. ESP transport mode only encrypts the data, not the original headers; this is
commonly used when the sending and receiving system can “speak” IPsec natively