Sunday, November 2, 2014

Introduction to Cryptography - Definitions

Encryption is used in many places. We can use encryption for data at rest or even data in transit. However, the encryption technology used can vary. In these tasks we will perform some basic cryptography via a couple of tasks. The idea behind these tasks is just to get our feet wet with some simple cryptographic methods.
 
Before we move forward, let's get some terminology out of the way.


Block & Stream Ciphers
Both stream and block ciphers are used for encrypting data. They are also both used in Symmetric cryptography. They however differ in the fact that stream ciphers encrypt one byte of data at a time as is done in RC4, while block cipher encrypts a block of data at a time. Examples of block size includes DES which is 56 bits, Triple DES, 168 bits and AES which is 128 bits (pic.dhe.ibm.com).



Substitution Ciphers
This is a method of encryption through which units of plaintext are replaced with ciphertext through the use of a regular system. These units may be single letter, pair of letters, etc. In addition, the “plaintext are retained in the same sequence in the ciphertext, but the units themselves are altered.  plaintext (princeton.edu).



Some type of substitution ciphers are simple substitution, polygraphic, monoalphabetic cipher. The most popular substitution cipher is the Caesar cipher.


Transposition Ciphers
The data in a transposition cipher is rearranged in a different order but the data itself is not changed (princeton.edu).



Symmetric encryption is also called secret key encryption. In this method of encryption, a single key is used for encrypting and decrypting the traffic.



While symmetric encryption uses one key for encryption and decryption, asymmetric encryption uses to related keys—a key pair (support.microsoft.com, 2007). The two keys involved in asymmetric encryption are known as private and public keys. The private key is only known by its owner while the public key can and is usually shared.



Advantages of symmetric encryption

Easy to use

Relatively inexpensive to produce strong keys (pic.dhe.ibm.com)
Keys are smaller (pic.dhe.ibm.com)

Algorithms are relatively inexpensive to process  (pic.dhe.ibm.com)
Can be highly effective when implemented in hardware





Disadvantages of symmetric encryption

A Major drawback is exchanging the private keys  (pic.dhe.ibm.com)

Managing large number of keys can become problematic



Advantages of asymmetric encryption
Key Distribution is easier to manage

Key management is easier to implement




Disadvantages of asymmetric encryption
Much slower than symmetric algorithms (Garloff, 2000)
Two keys are needed instead of one




It is important to distribute keys out of band in Symmetric Encryption because of the fact that one key is used for encryption and decryption. If this key is compromised or is obtained by an unauthorized person, the encrypted data can be easily read.



Hash Functions:
A hash function is an algorithm that takes a chunk of data and converts into a fixed size result. The result of applying the algorithm to a chunk of data is called the hash value .  (Hoffman, 2005) . This hash value provides a fingerprint for the message’s contents, which ensures that the message has not been altered by an intruder, virus or other means  (Northcutt).

Sample Hash Algorithms
MD2 – Message Digest 2
MD4 – Message Digest 4
MD5 – Message Digest 5
SHA-1 – Secure Hash Algorithm
SHA-2 – Secure Hash Algorithm
SHA-3 – Secure Hash Algorithm
HMAC – Hashed Message Authentication Code

Now that we have the terminology out of the way, let's get cracking.

See you in the next posts in this series:Introduction to Cryptography - Decrypting Caesar's Cipher
Beginning Cryptography - Decrypting XOR Encryption


Bibliography

(n.d.). Retrieved from pic.dhe.ibm.com: http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtps7%2Fs7symm.html
(n.d.). Retrieved from pic.dhe.ibm.com: http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtps7%2Fbulkcip.html

(n.d.). Retrieved from princeton.edu: https://www.princeton.edu/~achaney/tmve/wiki100k/docs/Substitution_cipher.html

(2007, 10 26). Retrieved from support.microsoft.com: http://support.microsoft.com/kb/246071

Garloff, K. (2000, 08 28). Retrieved from users.suse.com: http://users.suse.com/~garloff/Writings/mutt_gpg/node3.html


Hoffman, P. (2005, 11). Retrieved from faqs.org: http://www.faqs.org/rfcs/rfc4270.html

Northcutt, S. (n.d.). Retrieved from sans.edu: http://www.sans.edu/research/security-laboratory/article/hash-functions

No comments:

Post a Comment