«
»

Cryptography – In little detail

Having understood some basics on encryption terminologies, open standards available and the kind of attacks possible, this blog describes the cryptographic methods in some detail. Cryptographic methods can be classified as symmetric or asymmetric. The various algorithms defined in these methodologies are governed by the cryptographic protocols that describe how these algorithms should be used. Examples of cryptographic protocols are SSL/TLS (based on X.509 system), Kerberos etc. Below are the details cryptographic techniques:

  1. Symmetric-key cryptography:  This refers to encryption methods, in which both sender and receiver of the message have the same key. The Kerberos protocol provides mutual authentication for symmetric cryptography. To draw an analogy, this is like having two keys for the same lock of a box containing a secret message. Both the sender and the receiver of the box with secret message may have personally met with each other before and shared a common key with each other. The sender of the box will lock it using his key and send using ordinary post. When the receiver receives the box he can open using his duplicate key, read the message, keep back his reply in the box, lock the box with the same key and send it back using regular post. One-time pad is symmetric algorithm that cannot be broken but it is possible only in theory and not practically.Symmetric cryptography can further be classified as Stream, Block, Hash, Polyalphabetic substitution machine and hybrid ciphers. I will be talking about block, stream and hash ciphers only.
      Block Ciphers: Block ciphers take as input a block of plaintext and a key, and output a block of ciphertext of the same size. Since messages are almost always longer than a single block, some method of knitting together successive blocks securely, is required. The DES, Triple DES, AES are block cipher designs and there are many others.
      Stream Ciphers: Stream ciphers, in contrast to the ‘block’ type, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character. In a stream cipher, the output stream is created based on a hidden internal state which changes as the cipher operates. That internal state is initially set up using the secret key material. RC4 is a widely used stream cipher, but due to its vulnerability to an attack known as bit-flipping attack, its use is deprecated by some software companies in their solutions.

      Cryptographic Hash Functions:       This takes as input a block of data called message, applies a cryptographic hash function onto it and outputs a cryptographic hash value called message digest or simply digest. The hash function applied should be such that any accidental or intentional change to the data will change the hash value. For good hash functions, an attacker should not be able to find two messages that produce the same digest. Cryptographic Hash Functions are used in digital signatures and for authentication purposes. MD4 is a long-used hash function that has now been broken. MD5, which was a strengthened version of MD4 is widely used but broken in practice. The secure Hash Algorithm series was then devised with hash functions like SHA-0 which was flawed so gave rise to SHA-1. When this was also attacked, SHA-2 was created but it is not yet used very widely. SHA-3 is being created in competition with SHA-2 and will be called SHA-3, which will become a Federal Information Processing Standard (FIPS) around 2012. Concatenation of multiple hash functions provides good collision resistance for e.g. SSL uses concatenated MD5 and SHA-1 sums.
  2. Asymmetric-key cryptography: Symmetric-key cryptosystems use the same key for encryption/decryption. The main disadvantage of this is the key management necessary to use them securely especially when the channel between the nodes is insecure. Also the number of keys used increases as the number of nodes in the network increase because each pair must have a different key. This requires more management schemes. Hence the notion of public-key or asymmetric key was devised. In this scheme, a public-key (used for encryption) and a private-key (used for decryption) are used such that the computation of one from another is infeasible although the two are related. The public-key can be distributed but not the private-key. The approach to validate the authenticity of the public key is by using a public key infrastructure (PKI).  In this, one or more third parties also known as certificate authorities, certify the ownership of key pairs. X.509 is a standard for PKI.
    Public key cryptography is used in implementing digital signatures so that these cannot be forged. RSA and DSA are two common digital signature schemes. Many network security schemes like SSL/TLS, VPN etc. also use public-key cryptography. Below are some applications of public-key cryptography:

      Public-key encryption: In this scheme anyone can encrypt the message using public key, but only the holder of paired private key can decrypt. Security depends on the security of private key. As an analogy suppose person A has a locked mailbox that is exposed and accessible to the public. Its location i.e. the street address is the public key. Anyone knowing the street address can go to the door and drop in a letter in the mailbox. However, only the person who possesses the key can open the mailbox and read the message.
      Digital Signatures: In this scheme, the private key is used to sign a message but anyone can check the signature using the public key. Validity depends on private-key security. As an analogy, suppose an envelope is sealed with a personal wax seal. The message can be opened by anyone, but the presence of the seal authenticates the sender. In this scheme, it is also possible that the sender could first sign the message using his private key and then encrypt the message using the recipient’s public key.

    The above two are not the only possible algorithms. There are many other for e.g., a three-pass protocol etc.

    The asymmetric approach is not without drawbacks some of which are:
    (i) The key size is typically more than that in case of symmetric.
    (ii) The man-in-the-middle attack is a network attack that can happen over insecure networks e.g. wireless etc in which the communication of public keys can be intercepted by a third party (man in the middle) and modified. To avoid this trusted third party certificate authorities can be used for providing a non-spoofable digital certificate for participants. Web browsers for e.g., are supplied with self-signed identity certificates from PKI providers. SSL/TLS widely use this to securely send credit card details on internet etc.

Advertisement

This entry was posted on May 26, 2010 at 11:29 am and is filed under Cryptography. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Cryptography – In little detail”

  1. Encryption – A basic understanding « Tech_Pa's Blog Says:
    May 26, 2010 at 12:26 pm | Reply

    [...] “Cryptography – In little detail” will give a brief detail on what are the major studies done in this area. [...]

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.