Cryptographic Methods
This is a guide on cryptographic methods.
Using a One-time Pad
One-time pads are referred to as OTP. And when they're used properly, they can't be cracked. It's one of the few things in crypto that really can't be broken when implemented correctly. In practice, one-time pads can have some significant drawbacks. One is that the key has to be as long as the message that's being sent. The key must also be truly random. Reusing a key significantly compromises the message and that's why it's called a one-time pad in the first place. We should never be reusing a key. So because the key must be as big as the message, the exchange of the keys or pads can be difficult. So for example, our one-time pad might consist of a uniquely random series of numbers such as 192837292623 and so on. The message to encrypt might be the text "hello world."
Well, we might apply our one-time pad against the text that needs to be encrypted. Bear in mind that the key needs to be as long as the message to be encrypted, then we would end up with our encrypted ciphertext. Now in this case, each random digit, let's say, would offset the message letter by the amount in the pad. So for the letter "h" in "hello," that corresponds to the number 1 in our keypad. So therefore, the offset to the right of "h" is the letter "j." So that could be repeated to result in the ciphertext. This is just a simplistic example. Since every character is offset by a random amount based on our key, there is no pattern to use to decrypt – except for that keypad itself. Now notice that in the encryption, we had two l's in the word "hello," yet they resulted in different values because there was a different key applied to both of the letter l's. But yet, the letter "e" and "o" in the word "hello" both resulted in a "w." So there's no real pattern. Decrypting in this case is just the reverse. As long as we know the key, we can shift the letters in the opposite direction based on the pad. So given that we know that information, we can shift things back to reveal the original text.
But the distribution of these One-Time Keypads is very difficult. Interception completely compromises the cipher. Interception attacks are sometimes called man-in-the-middle attacks. But, if we're going to be using a truly random key only once, that needs to be known on the other end of a connection. So how do we securely get that to the other side of the connection in the first place? One-time pad cryptography is also referred to as the Vernam cipher. Acquiring a truly random data value for the pad can be difficult. So using any nonrandom source that seems random will not work. The pad part of the name in the one-time pad comes from the original use of pads of paper, where each page of the pad was used for a message and then ripped off and destroyed. In this video, we discussed one-time pads.
Describing Substitution Ciphers
A substitution cipher alters elements of plaintext with substitutions and that result is ciphertext. Each plaintext that we're going to encrypt is compared against a look-up table and then substituted by the value in the look-up table. So let's say we wanted to encrypt the text abc. So let's say we have a look-up table whereby a=T and b=L and c=P. This means our abc plaintext, when encrypted, results in TLP as ciphertext. Now given the ciphertext or TLP, if we want to decrypt it, we have to have access to the same look-up table that was used to encrypt it. So we would know then that L=b, P=c, and T=a. That way, we could decrypt TLP to its originating plaintext of abc.
The Caesar cipher is named after Julius Caesar who actually used it in some of his correspondence. It's a monoalphabetic substitution cipher, meaning it only uses substitutions from a single alphabet and replaces given letters with another letter that is offset from the original. Let's take a look at an example in Windows. Here, in Windows, I've got an application. Now that will do a Caesar shift. It's asking for the Plaintext where I will type hello world. Then I'm going to specify the Key as being 2, which means shift by two letters. Bear in mind, the Caesar Shift Cipher is monoalphabetic. When I choose to Encrypt, if we look at the Ciphertext, we notice that it shifted all of the original plaintext letters of hello world by two and the result is our ciphertext. The Vigenère cipher is a polyalphabetic substitution cipher. This means that it uses more than one alphabet to perform the encryption that results in ciphertext. There are multiple ways to mitigate frequency analysis attacks. Frequency analysis attacks look for patterns that are known within certain languages and alphabets. In English, for example, often the letter e will appear followed by the letter t.
The Caesar Shift Cipher V.1.0 beta window is open. The window includes two sections, Plaintext and Ciphertext. The Plaintext section contains a textbox that is blank. The Ciphertext section also contains a text box that is also blank. The window also includes a Key text box and two buttons. The Key text box is blank. The two buttons are Encrypt and Decrypt. The presenter types "hello world" in the text box in the Plaintext section. The presenter types "2" in the Key text box. The presenter clicks the Encrypt button. The text box in the Ciphertext section auto populates with "ignnq yqtnf."
So, with polyalphabetic ciphers, multiple key spaces are used. Thus, the same element appearing later in a message could and would be substituted with a different ciphertext. Polyalphabetic ciphers can be difficult to attack as long as the text is kept short and the key doesn't get reused. Polygraphic ciphers use larger groups of elements that are used to flatten the frequency distribution. So, for example, we use groupings of items like two or three letter patterns. Polygraphic ciphers have a much larger key space. However, some combinations are still more common. For example, the letters "ch" are much more common than "zz." Some advantages of substitution ciphers are such that they're very easy to create and use. They generally have small keys. So it's easy to remember. And they're still in use today as parts of more complex encryption algorithms like AES. But they do have their drawbacks. Substitution ciphers are vulnerable to frequency analysis. Substitution ciphers usually have a small key space. In this video, we discussed substitution ciphers.
Using Symmetric Algorithms
In the English language, symmetry means the same. So therefore, a symmetric algorithm is one that uses the same key for encrypting and decrypting. In concept, it's kind of like using a key to lock a door and then later using that same key to unlock the same door. So it's the same or symmetric key. A symmetric key is a shared secret between entities that need to encrypt and decrypt. But key generation and distribution are a major source of weakness. One of the advantages of a symmetric algorithm is that we have a single key to generate and manage. We also have faster encryption and decryption than with the equivalent strength asymmetric algorithms. Asymmetric algorithms use different, yet mathematically related keys. Another advantage of a symmetric algorithm is that a relatively small key space such as 128 bit can still offer effective security. But there are drawbacks to symmetric algorithms. One being that everyone shares the exact same key. Everybody knows the key. Another disadvantage is how do we securely transport the shared key to everybody in a secure manner in the first place.
We also have to think about the fact that keys that are generated from weak entropy sources can affect the key space. Now a weak entropy source means we've got a weak source of randomness. Incorrectly implemented algorithms can leave the cipher severely weakened. This has been shown in the past, for example, with Wi-Fi network encryption using WEP. Most block and stream ciphers are symmetric, such as AES, DES and 3DES, RC4, as well as the Blowfish algorithm. Wi-Fi routers that are configured to use WPA-PSK – that's Wi-Fi Protected Access-Pre-shared key – can use AES symmetric keys to secure the connection. In this video, we discussed symmetric algorithms.
Working with Asymmetric Algorithms
Asymmetric cryptography is also called public key cryptography, and it requires the use of two separate yet mathematically related keys – the first of which is the public key. This one can be made public to everybody. So what we might do, for example, is we might export our public key on our computer to a file. We then might give that file to another party where they could import the public key. But on a larger scale, it might make more sense to publish public keys on a centralized directory service or address book. The verification of digital signatures requires that we have access to the sender's public key whereas encrypting messages would require us to have access to the recipients' public key. The private key needs to be kept private because it uniquely identifies either a device or a user. The private key creates digital signatures and it also decrypts messages. Asymmetric algorithms are built on hard-to-solve mathematical problems, such as integer factorization, elliptic curves, and discrete logarithms.
As a result, the mathematical properties make it very difficult to calculate the private key given just the public key. Now remember, the private key and the public key are paired together but they are not the same – hence asymmetric – but they are mathematically linked. Typical asymmetric algorithms include RSA and ElGamal. Common asymmetric use comes in the form of SSL – Secure Sockets Layer – and its successor TLS – Transport Layer Security. These are often used to secure transactions in a web browser but that's not the only place they can be used. GPG as well as PGP also uses asymmetric cryptography. Asymmetric algorithms are also used for key transport and distribution. For example, in HTTPS transactions or to establish a VPN tunnel. Digital signatures are also considered asymmetric.
An advantage of asymmetric algorithms is that there is no secret or shared key that we need to exchange with the parties that we want to communicate with securely. We use a user's public key to send a message to that person so that...what happens if we're encrypting a message? The person or the recipient, in this example, would use their related private key to decrypt the message. Messages can be digitally signed by the sender to authenticate the sender to the receiver. This is part of public key infrastructure or PKI. Remember, that digital signatures are created by the sender with their private key. Some disadvantages to asymmetric algorithms include the fact that they are slower than symmetric algorithms partially because the key space is larger than it is with symmetric algorithms. In this video, we discussed asymmetric algorithms.
Hiding Data Using Steganography
Steganography is the hiding of data inside of other data. Steganalysis then is the study of steganography. With steganography a third-party would know, for example, that a data exchange is taking place between communicating parties, or the third-party wouldn't know if there are secret messages embedded within that communication. Encryption is different because with encryption we know that there is a secret message there. We just can't decrypt it if we don't have the correct decryption key. On a computer, specialized software is required to hide and then to reveal secret messages embedded in other data. There are also tools that can be used to detect abnormalities in files due to steganography. And these tools would be used by forensic technical experts. Steganography has been around for a long time and it has many different implementations. For example, we could hide the encrypted file in the color bits of a JPEG file or we could hide an encrypted file in the noisy bits of an audio or video file.
We could even send fake or damaged packets between two network devices, where to an external observer it would simply look like data corruption. In practice, steganography can be used with printers. Printers can add dots to a printed image that contains a unique identifier for a specific printer. Watermarking images or digital content can also be used for Digital Rights Management. This is often done mostly for anti-piracy. Of course, we can also embed secret documents or messages within an image or an audio file among other types of files. An advantage of steganography is that encrypted data is hidden, so it won't even gain attention like a regular encrypted file would. Disadvantages of steganography include the fact that it can be hard to hide the data in such a way that it's statistically undetectable because we are modifying the carrier file in which we're embedding our secret message.
Also, a large source of data in which to embed the hidden data itself might be required. So in other words, files might be much larger than they otherwise would be. Let's examine steganography in Windows. In my steganography program, I'll begin by opening a JPEG file. After I've opened the JPEG file, the next thing I would do is set a passphrase on the file. So I'll click the Passphrase menu option. I'll enter a passphrase and I'll enter it a second time to confirm it. Then I'll click OK. Now what I need to do is embed a secret message or document within my JPEG image. To do that I'll go to the Hide menu, where I'll select a text document that I've created called secretmessage.txt. I want to embed that within the JPEG image. Then what I'll do is I'll Save jpeg. Now a message pops up that says that it made a big change to the file and it might be detected. Nonetheless, I'll click OK. It has been done.
The JPHS for Windows - Freeware version window is open. Running along the top of the window is a menu bar. The menu bar consists of multiple menus, some of which include Exit, Open jpeg, Hide, Seek, Save jpeg, Pass phrase, and Options. The presenter clicks the Open jpeg menu. The "Select the input jpeg file" dialog box is displayed. The dialog box includes the img0.jpg file. The dialog box also includes the Open and Cancel buttons. The presenter selects the img0.jpg file and clicks the Open button. As a result, the "Select the input jpeg file" dialog box closes and the JPHS for Windows - Freeware version window is displayed. The presenter clicks the Passphrase menu. The "Enter the passphrase and confirmation" dialog box is displayed. The dialog box includes two text boxes and two buttons. The two buttons are OK and Cancel. The presenter enters a passphrase in the first text box. The presenter enters the same passphrase in the second text box. The presenter clicks the OK button. As a result, the "Enter the passphrase and confirmation" dialog box closes and the JPHS for Windows - Freeware version window is displayed. The presenter clicks the Hide menu. The "Select the file you want to hide" dialog box is displayed. The dialog box includes two files, img0.jpg and secretmessage.txt. The presenter double-clicks the secretmessage.txt file. As a result, the "Select the file you want to hide" dialog box closes and the JPHS for Windows - Freeware version window is displayed. The presenter clicks the Save jpeg menu. The "JPeg_FileHider" dialog box is displayed. The dialog box includes the following note:
"Sorry I had to wait until now to tell you but...
The file you hid in this jpeg has caused statistically significant change and may be detectable." The dialog box also includes the OK button. The presenter clicks the OK button. As a result, the "JPeg_FileHider" dialog box closes and the JPHS for Windows - Freeware version window is displayed.
Now to the casual user, if they were to open up that img0.jpg, it would look just like a picture when in fact it contains an embedded file. On the other end of our connection, the other party would have the same software and they would choose to Open jpeg, then they would enter the passphrase and then what they would do is Seek the data within the picture. For example, I'll choose Open jpeg and I'll choose Seek. At this point, it asks for the pass phrase. So this would happen on the other end of the communication. So I'll enter the correct pass phrase and click OK, at which point it says "Save the hidden file as." And then I could extract the file and read the contents of the message. In this video, we learned about steganography.
The presenter clicks the Open jpeg menu. The "Select the input jpeg file" dialog box is displayed. The dialog box includes the img0.jpg file. The presenter double-clicks the img0.jpg file. As a result, the "Select the input jpeg file" dialog box closes and the JPHS for Windows - Freeware version window is displayed. The presenter clicks the Seek menu. The "Enter the passphrase and confirmation" dialog box is displayed. The dialog box includes two text boxes and two buttons. The two buttons are OK and Cancel. The presenter enters a passphrase in the first text box. The presenter enters the same passphrase in the second text box. The presenter clicks the OK button. As a result, the "Enter the passphrase and confirmation" dialog box closes and the "Save the hidden file as" dialog box is displayed. The dialog box includes two files, img0.jpg and secretmessage.txt. The dialog box also includes two buttons, Save and Cancel.
Using One-way Hashes
One-way hashes – otherwise called cryptographic hash functions – are used to compute a fixed size representation of variable length input data. The hash value is virtually impossible to return back to its original source data. The value gets computed from a single input called the message. A one-way hashing algorithm then computes a fixed length binary digest, which is sometimes called a message digest or hash. One-way hashes are critical to many cryptographic systems and implementations used today, including HMACs and digital signatures. One-way hashes generate a digest that is normally unique for any message. However, when two or more messages can generate the same digest, this is referred to as a collision and it's rare. Even a small change that gets made to a message would resolve in a new message digest, so that's why one-way hashing is often used to detect changes to data. Some common hashing algorithms include: SHA2 – the SHA stands for Secure Hashing Algorithm – another one is MD5 – MD stands for message digest – then there is RIPEMD, Tiger, Whirlpool, and so on.
If we were to focus, for example, on the MD5 common hashing algorithm, we could see that it uses 64 bits to result in a 128 bit unique digest. One-way hashes though should not be used for encryption because brute force and dictionary attacks can potentially recover data, where the user might guess the original message, such as a password or a credit card number, but using a salt – which is randomized data – can reduce the effectiveness of these types of attacks. But the salt would need to be safely protected. If we were to use the word "password" and then hash it with different hashing algorithms we would get differing results. For example, we can see a result using MD5 to hash the word "password." We can also see a different result using SHA1 and SHA2. Looking at these results, you can realize that it's very difficult to reverse engineer it to end back up with the original word of "password. In this video, we discussed one-way hashes.
Describing Digital Signatures
A digital signature is used by the receiver of a message to confirm that the message came from a particular sender. The signature gets generated by the sender using their private key. On the other end of the connection, the signature gets verified by the recipient using a mathematically related public key. Digital signatures might be used to secure e-mail messages or to secure sensitive documents stored in the document management system. Digital signatures can be used to provide both authentication as well as non-repudiation. They use asymmetric and one-way hashing functions. Digital signatures usually consist of three components, including an asymmetric key pair, where one key is kept private and used to sign the message, and the second key is public and is used by the receiver to verify the message. The second component of a digital signature is having an algorithm that can generate a digest of the message. This is a hashing function that takes the original message and the unique private key of the sender to generate a signature for the message. The third component of a digital signature is an algorithm to verify a message and the digest.
This is the same hashing function used by the sender. It's the same message, but it's a different key. We verify signatures with a public key. An advantage to digital signatures is that the recipient has a reasonable assurance of message authenticity. That's because only the sender would possess their unique private key. The recipient must have access to the public key to verify the signature. Digital signatures provide better security than with physical documents, which can be intercepted, forged, or altered. But there are disadvantages – one is key management. In the case of lost or stolen keys, it can take time to replace those keys that are used for digital signatures. And so this could offer an opportunity for an attacker. On the legal side, not every country has laws or protections for digitally signed messages. Some examples of digital signature algorithms include RSA, DSA, and ECDSA. These three digital signature algorithms are described in the NIST FIPS 186-4 documentation. In this video, we discussed digital signatures.
Identify the Cryptographic Algorithm used
The first question had us describe three major functions of cryptography. The first is confidentiality, which keeps data private. This can be accomplished with encryption. The second major function of cryptography is integrity where we can be assured that data has not been tampered with. This can be done by using hashing. Finally, we have authentication and availability. Authentication allows us to ensure that data is authentic and came from, who it says it came from. The accessibility portion makes sure that we have access to data when we need it. The next question asked us to explain how the one-time pad can provide perfect secrecy. This is possible because the pad and key are used only once and then destroyed. So therefore, there is no pattern. The next question asked, what is one feature of steganography that regular encryption does not provide? The answer is concealment of the fact that sensitive data exists. With regular encryption, we know that something is being kept private. But with steganography, we just see regular communications. We don't even know there's anything sensitive being passed.
The next thing that was asked was to describe the differences between symmetric and asymmetric cryptographic algorithms. Symmetric algorithms use a single shared or secret key. And that single key is known by all communicating parties. The problem lies in the fact that we need a secured way in the first place to get that key to all the appropriate parties. Asymmetric algorithms use two mathematically related keys – the public and the private key. In the case of digital signatures, for example, the private key creates the signature and the related public key verifies the signature. The last question was, what are the basic features of a one-way hash algorithm? One-way hash algorithms take variable-length data as input that gets fed into an algorithm with a key resulting in a fixed-length hash or digest. One-way hashes can't be reversed, and they are often used to detect changes to data.