These blogs should all be read in order so as to get a clear picture of what really is encryption and cryptography. Of course we all know what it means but what most of us may not be aware of are the various encryption techniques behind internet security, what kind of risks are we subject to on the internet while using our credit cards for example and what are the meanings of the numerous terminologies that have been devised by cryptanalysts for keeping the confidential information safe on an insecure media such as internet. For all those interested, these blogs will help as a starting point in getting an understanding of the concept in a nutshell.

So to start with, I shall talk about something that we already know – Encryption. It means converting human understandable information into gobbledygook or technically speaking ciphertext. Suppose we have a text like this, “Hello World” and in order to make it safe from an attacker, we code it as “Ifmmp Xpsme”. It would not be as simple as this in real world, but as one can guess every letter in the original text has been encoded by its immediately succeeding letter. In cryptographic terms here are the terminologies for the simple example above:

• Plaintext: Hello World
• Ciphertext: “Ifmmp Xpsme”
• Key is “replace each letter by the next in the alphabet”. Should be kept safe (secret) like the keys for locks that we use in our homes. In computer technologies this is just a string of bits. The larger the number of bits, the harder it is to decipher the key. For example, the following represents a hypothetical 40-bit key: 00001010 01101001 10011110 00011100 01010101
• Cipher is the pair of computer algorithm that will do the encryption and decryption. Unlike before, modern ciphers use authentication and integration checks as well for encrypting and decrypting.
• Cryptosystem: Consists of three algorithms – one for key generation, one for encryption and one for decryption. Hence this term is mostly used when key generation algorithm is important e.g. RSA.
• Cryptology or cryptography is the science or study of hiding information. It includes some mathematics, engineering and computer science principles.
• Cryptanalysis is the science or study of interpreting cipher text for which the key is unknown.
• Cryptographic Protocol or Encryption Protocol or Security Protocol is the protocol that describes how the algorithms should be used. Some examples are Kerberos, IPSec, SSL/TLS etc. In my other blogs I will be talking about the important protocols essentially those that are involved in giving a single-sign on experience to end users over web applications e.g. SAML.

Having a basic idea on what encryption is all about; my next blog Cryptanalysis – Common Techniques covers some common types of attacks against ciphers. Other blogs in this series are as below:

• “Open Standards in Cryptography and Cryptographic Protocols” gives an understanding of some of the modern open standards that are available and what led to their development.

• “Cryptography – In little detail” will give a brief detail on what are the major studies done in this area.

• “Basic SSO Terminologies” defines a few terms that are important in understanding the SSO goal.

• “Understanding SSO”: Finally the series is concluded by describing what a single-sign on solution means.

1. Symmetric algorithms
   • Brute force attack
   • Meet-in-the-middle attack
   • Others
2. Hash functions
   • Birthday attack
   • Others
3. Network attacks
   • Man-in-the-middle attack
   • Others
4. Others

• Brute force attack: Password crackers are automated tools that are dedicated to finding passwords. They may employ techniques like guessing the name of the person, pet, date of birth, names combined with birth year number, dictionary attack i.e. trying all the dictionary words or the brute force attack. In brute force technique, every possible combination is tried e.g.”a”, “b”, “c”, .., “aa”, “ab”, “ac”, .. , “a1″, “a$”, “a{“, etc. Because of this reason short passwords (less than 5 characters) are weak because the number of possible combinations is limited. These short passwords can be cracked within seconds. Hence it is usable for passwords up to 7 characters length. In optimized brute force attack, the speed of brute force is tremendously increased by skipping password checks of nonsense combinations of characters. There are other attacks like differential cryptanalysis (DC), linear cryptanalysis (LC), and Davies’ attack that are faster than brute force but are feasible only in theory and not in practice.
• Meet-in-the-middle attack: This attack can exponentially reduce the number of brute force permutations required to decrypt text that has been encrypted by more than one key. Suppose 2 independent keys, K1 and K2, each 64 bit (so overall providing 128 bit security) are used to encrypt the plaintext. Naively one might think that the security would be squared (for an n-bit key it would take 2n attempts. So for 2 keys it should take 22n). However, meet-in-the-middle can exponentially reduce the number of brute force permutations required to decrypt the text. Here is how:Suppose K1, K2 are the keys used for encryption and D1, D2 are the inverse functions to decrypt. Suppose C denotes ciphertext and P denotes plaintext. Therefore the crypto text can be calculated as C = K2(K1(P)), and the plain text can be calculated as P = D1(D2(C)). The attacker will store all the possible values of C (using formula above) and store the results in memory to speed-up. Afterwards the decrypted text D(C) for each key, K is computed. Any matches between the two resulting sets are likely to reveal the correct keys. If the keysize is n, this attack uses only 2n + 1 encryptions, in contrast to the naive attack, which needs 22n encryptions. The attack is not practical for the average hacker and is more likely to be used in corporate espionage or some other venue that can accommodate the storage required to carry it out.
• Birthday attack: This attack is used to break a cipher that has been created using a hash algorithm. I will be talking about cryptographic hash functions in my blog on Cryptography. Ideally two different messages should not have the same cipher text. The purpose of this attack is to find out two different messages that have the same cipher text. If such a pair is found it is known as collision. Once this is known it is possible to mathematically derive the formula that had been used to encode the text block i.e. the key and hence the original messages can be deciphered.

• DES (Data Encryption Standard): This was officially declared as a standard for United States by the National Bureau of Standards in 1976. The size of the key is 56 bits so that it can fit on a single chip. As I mentioned in my first blog, that greater the size of the key, greater will be the security. A 56-bit size was considered small because cryptanalysts were able to crack the key in 22 hours and 15 minutes in the year 1999 using brute force technique, after which the DES standard was considered to be unsafe.
• Triple DES: After the failure of DES, a robust form known as Triple DES was devised. It is so named because it applies the DES algorithm thrice on the same block. The key size in each of the rounds is 56-bit. The algorithm is strongest when the keys are all independent and unequal resulting in 3 x 56 = 168 independent key bits. National Institute of Standards and Technology (NIST) considers it to be safe until at least 2030. When all the keys are identical, this algorithm is as weak as DES and is, therefore, not recommended by NIST. This particular option is backward compatible with DES.
• Advanced Encryption Standard: In 2003, the US Government announced that the AES encryption algorithm may be used for classified information. This standard comprises 3 ciphers – AES-128 (for SECRET level), AES-192 and AES-256 (for TOP SECRET level). Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. Suppose, using the 256-bit AES and a password length of 6 characters eg., “passwd” with 5 distinct characters, there will be 5^6=15626 options to choose from. If another letter is added to the password, the result would be 5^7=78125 which is a tremendous increase in output. Graphically it would look as below:
  Since the brute force attack only looks for passwords of the specified length and  attackers do not know the length of the password, they gradually keep increasing it after every unsuccessful attempt.  If they assume that only small letters were used and password length is 6 letters, there will be 26^6= 308915776 attempts. Adding one more character would make it 8031810176 i.e. 7722894400 more operations. If the number of characters in the password is increased from 6 to 8, one can imagine the tremendous increase in attempts that the hacker has to make. Add to it the complexity if both small and capital letters, numerals and special characters are used. The complexity would become in astronomical numbers which is very difficult for a hacker to crack since it would take years to get the right combination of characters that make up the password even on a highly specialized machine with sufficient hardware.
• Diffie–Hellman key exchange (D-H): This is a cryptographic protocol in which each party generates a public-private key pair distributing the public key. After obtaining an authentic copy of each other’s public keys, both parties can compute a shared secret offline. The shared secret can then be used as a cipher. The D-H scheme has been widely adopted. It is used for securing Internet Protocol communications. 
• SSL/TLS: TLS and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide transport level security between two points. The certificates necessary for TLS are handled in the form of X.509 certificates. When used with HTTP is known as HTTPS Session. It also supports other applications like Simple Mail Transfer protocol (SMTP). How it works is that the client and server first begin a handshake in order to identify each other. This is done by using digital certificates and public key cryptography. After they know each other, i.e. when the handshake is concluded, a secure connection is established, which is encrypted and decrypted with the key material until the connection closes.
• XML Encryption: It is a W3C Standard. This specification defines how to encrypt the contents of an XML element (containing cipher text, keying information, and algorithms). Unlike SSL, a point-to-point protocol that is decrypted at each point, XML encryption can be used in solutions where there are multiple network nodes between the front end application and the end data source. Also, SSL and TLS do not have the capacity to encrypt only specific parts of the document or to encrypt different portions of the document using different keys—which are critical to XML encryption. Apache’s XML Security package, Verisign’s open-source TSIK (Trust Services Integration Kit) package, as well as many others provide XML Encryption functionality.
• XML Signature: It is a W3C Standard. It relies on public key cryptography. Any part of an XML document can be digitally signed, by using DSA algorithm for example—becoming self-validating when the document recipient has the signer’s public key. It is used in SOAP (i.e. to communicate with Web Services), SAML etc. Apache’s XML Security package, Verisign’s open-source TSIK (Trust Services Integration Kit) package, as well as many others, provide XML signature capability.
• Security Assertion Markup Language (SAML): is an XML based standard by OASIS, for exchanging authentication and authorization information between an identity provider (for., a web application like portal) and a service provider (for e.g., a web service) commonly onto  standard protocols like SOAP (called SAML SOAP binding, that specifies how a SAML message is encapsulated in SOAP envelope). It is one of the building blocks for SSO that I’ll talk about in a later blog. How it works is that a principal (often the user), enrolls with the identity provider using its authentication services. When the principal requests for a service, the identity provider produces a SAML assertion (stating that the principal did indeed authenticate with the identity provider and is permitted to perform a certain action, A, on a certain resource, R, given evidence, E) and passes it to the service provider. This assertion could be digitally signed using XML Signature. On the basis of this assertion, the service provider will make an access control decision i.e. decide whether or not to give access to the principal. The SAML protocol defines how certain SAML assertions are packaged in a SAML request and response. SAML specifications recommend SSL/TLS for transport-level security and XML Signature and XML Encryption for message-level security.
• Kerberos: is an authentication protocol where both the client and server verify each other’s identity securely over an insecure network. For this it requires a trusted third party.
• Web Services Security (WSS): is an OASIS standard and plays a key role in the security of Web Services. The development of WSS continues, including work involving SAML. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as SAML, Kerberos, and X.509. 
• Diffie–Hellman key exchange (D-H): This is a cryptographic protocol in which each party generates a public-private key pair distributing the public key. After obtaining an authentic copy of each other’s public keys, both parties can compute a shared secret offline. The shared secret can then be used as a cipher. The D-H scheme has been widely adopted. It is used for securing Internet Protocol communications.
• SSL/TLS: TLS and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide transport level security between two points. The certificates necessary for TLS are handled in the form of X.509 certificates. When used with HTTP is known as HTTPS Session. It also supports other applications like Simple Mail Transfer protocol (SMTP). How it works is that the client and server first begin a handshake in order to identify each other. This is done by using digital certificates and public key cryptography. After they know each other, i.e. when the handshake is concluded, a secure connection is established, which is encrypted and decrypted with the key material until the connection closes.
• XML Encryption: It is a W3C Standard. This specification defines how to encrypt the contents of an XML element (containing cipher text, keying information, and algorithms). Unlike SSL, a point-to-point protocol that is decrypted at each point, XML encryption can be used in solutions where there are multiple network nodes between the front end application and the end data source. Also, SSL and TLS do not have the capacity to encrypt only specific parts of the document or to encrypt different portions of the document using different keys—which are critical to XML encryption. Apache’s XML Security package, Verisign’s open-source TSIK (Trust Services Integration Kit) package, as well as many others provide XML Encryption functionality.
• XML Signature: It is a W3C Standard. It relies on public key cryptography. Any part of an XML document can be digitally signed, by using DSA algorithm for example—becoming self-validating when the document recipient has the signer’s public key. It is used in SOAP (i.e. to communicate with Web Services), SAML etc. Apache’s XML Security package, Verisign’s open-source TSIK (Trust Services Integration Kit) package, as well as many others, provide XML signature capability.
• Security Assertion Markup Language (SAML): is an XML based standard by OASIS, for exchanging authentication and authorization information between an identity provider for., a web application like portal) and a service provider (for e.g., a web service) commonly onto  standard protocols like SOAP (called SAML SOAP binding, that specifies how a SAML message is encapsulated in SOAP envelope). It is one of the building blocks for SSO that I’ll talk about in a later blog. How it works is that a principal (often the user), enrolls with the identity provider using its authentication services. When the principal requests for a service, the identity provider produces a SAML assertion (stating that the principal did indeed authenticate with the identity provider and is permitted to perform a certain action, A, on a certain resource, R, given evidence, E) and passes it to the service provider. This assertion could be digitally signed using XML Signature. On the basis of this assertion, the service provider will make an access control decision i.e. decide whether or not to give access to the principal. The SAML protocol defines how certain SAML assertions are packaged in a SAML request and response. SAML specifications recommend SSL/TLS for transport-level security and XML Signature and XML Encryption for message-level security.
• Kerberos: is an authentication protocol where both the client and server verify each other’s identity securely over an insecure network. For this it requires a trusted third party.
• Web Services Security (WSS): is an OASIS standard and plays a key role in the security of Web Services. The development of WSS continues, including work involving SAML. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as SAML, Kerberos, and X.509.

1. Symmetric-key cryptography:  This refers to encryption methods, in which both sender and receiver of the message have the same key. The Kerberos protocol provides mutual authentication for symmetric cryptography. To draw an analogy, this is like having two keys for the same lock of a box containing a secret message. Both the sender and the receiver of the box with secret message may have personally met with each other before and shared a common key with each other. The sender of the box will lock it using his key and send using ordinary post. When the receiver receives the box he can open using his duplicate key, read the message, keep back his reply in the box, lock the box with the same key and send it back using regular post. One-time pad is symmetric algorithm that cannot be broken but it is possible only in theory and not practically.Symmetric cryptography can further be classified as Stream, Block, Hash, Polyalphabetic substitution machine and hybrid ciphers. I will be talking about block, stream and hash ciphers only.
   Block Ciphers: Block ciphers take as input a block of plaintext and a key, and output a block of ciphertext of the same size. Since messages are almost always longer than a single block, some method of knitting together successive blocks securely, is required. The DES, Triple DES, AES are block cipher designs and there are many others.
   Stream Ciphers: Stream ciphers, in contrast to the ‘block’ type, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character. In a stream cipher, the output stream is created based on a hidden internal state which changes as the cipher operates. That internal state is initially set up using the secret key material. RC4 is a widely used stream cipher, but due to its vulnerability to an attack known as bit-flipping attack, its use is deprecated by some software companies in their solutions.
   
   Cryptographic Hash Functions: This takes as input a block of data called message, applies a cryptographic hash function onto it and outputs a cryptographic hash value called message digest or simply digest. The hash function applied should be such that any accidental or intentional change to the data will change the hash value. For good hash functions, an attacker should not be able to find two messages that produce the same digest. Cryptographic Hash Functions are used in digital signatures and for authentication purposes. MD4 is a long-used hash function that has now been broken. MD5, which was a strengthened version of MD4 is widely used but broken in practice. The secure Hash Algorithm series was then devised with hash functions like SHA-0 which was flawed so gave rise to SHA-1. When this was also attacked, SHA-2 was created but it is not yet used very widely. SHA-3 is being created in competition with SHA-2 and will be called SHA-3, which will become a Federal Information Processing Standard (FIPS) around 2012. Concatenation of multiple hash functions provides good collision resistance for e.g. SSL uses concatenated MD5 and SHA-1 sums.
2. Asymmetric-key cryptography: Symmetric-key cryptosystems use the same key for encryption/decryption. The main disadvantage of this is the key management necessary to use them securely especially when the channel between the nodes is insecure. Also the number of keys used increases as the number of nodes in the network increase because each pair must have a different key. This requires more management schemes. Hence the notion of public-key or asymmetric key was devised. In this scheme, a public-key (used for encryption) and a private-key (used for decryption) are used such that the computation of one from another is infeasible although the two are related. The public-key can be distributed but not the private-key. The approach to validate the authenticity of the public key is by using a public key infrastructure (PKI).  In this, one or more third parties also known as certificate authorities, certify the ownership of key pairs. X.509 is a standard for PKI.
   Public key cryptography is used in implementing digital signatures so that these cannot be forged. RSA and DSA are two common digital signature schemes. Many network security schemes like SSL/TLS, VPN etc. also use public-key cryptography. Below are some applications of public-key cryptography:
   Public-key encryption: In this scheme anyone can encrypt the message using public key, but only the holder of paired private key can decrypt. Security depends on the security of private key. As an analogy suppose person A has a locked mailbox that is exposed and accessible to the public. Its location i.e. the street address is the public key. Anyone knowing the street address can go to the door and drop in a letter in the mailbox. However, only the person who possesses the key can open the mailbox and read the message.
   Digital Signatures: In this scheme, the private key is used to sign a message but anyone can check the signature using the public key. Validity depends on private-key security. As an analogy, suppose an envelope is sealed with a personal wax seal. The message can be opened by anyone, but the presence of the seal authenticates the sender. In this scheme, it is also possible that the sender could first sign the message using his private key and then encrypt the message using the recipient’s public key.

   The above two are not the only possible algorithms. There are many other for e.g., a three-pass protocol etc.

   The asymmetric approach is not without drawbacks some of which are:
   (i) The key size is typically more than that in case of symmetric.
   (ii) The man-in-the-middle attack is a network attack that can happen over insecure networks e.g. wireless etc in which the communication of public keys can be intercepted by a third party (man in the middle) and modified. To avoid this trusted third party certificate authorities can be used for providing a non-spoofable digital certificate for participants. Web browsers for e.g., are supplied with self-signed identity certificates from PKI providers. SSL/TLS widely use this to securely send credit card details on internet etc.

Below are some important terms that will be used very often:

1. Authentication: Authentication is the first step in providing access control, and it involves validating the identity of a user. In a portal environment, authentication may be achieved via user name/password login, validation of a user’s client certificate, or identity validation with a smart card or biometric device. Developing a solution for authentication usually means providing a repository for validating these identities and integrating it with the system. Mutual authentication means proving the identity of both parties involved in communication, and this is done using special security protocols, such as SSL/TLS. Message origin authentication is used to ensure that the message was sent by the expected sender, and that it was not replayed.
2. Authorization: Once a user’s identity is validated, it is important to know what the user has permission to do. Role-Based Access Control (RBAC) is an important access control strategy. A key component of RBAC is to map roles to permissions, and to map users to roles.
3. Non-repudiation: It is a security service employed in digital signatures to legally prove that a user has performed a transaction or sent a message. In many business-to-business (B2B) systems whereby thousands of expensive transactions take place, non-repudiation is often an essential requirement. Because digital signatures are based on public key cryptography, the sender of the signed message cannot successfully repudiate the fact that he signed the message—it can be mathematically proven by a third party that the sender indeed signed the message with his or her private key. In a portal scenario, portal may sign a portion of its message to a Web service, and a Web service may sign a portion of its messages. A side effect of digitally signing a document is also integrity. Because the signed message is actually the signature of the hash of the message used for proving integrity, non-repudiation is considered a very strong integrity. XML Signature is a W3C standard used for providing non-repudiation.

As shown in the figure, the portal contains portlets that communicate with Web services which in turn communicate with back-end databases and enterprise applications. At each step the end user is required to validate his/her credentials which is a very tedious job. SSO enables to pass these credentials throughout the life cycle of the message, regardless of how many points and nodes are involved between the portal and the eventual data source. This concept is usually referred to as deep authentication. The technology enablers for SSO are Kerberos, SSL, SAML and other cryptographic protocols. 

As an example for SSO, suppose the users’ have 10 sets of credentials in their encrypted store, for 10 different applications. The users need not care to remember all these passwords. An initial sign on password is provided to the user that should grant him access to all these applications. This is called single factor authentication and is more prone to brute force than two factor authentication systems. In a two factor authentication system, the applications 1 through 6 might simply require that the user has shown to have successfully logged in to the primary domain (i.e. LDAP) but for user to log on to applications 7-10 it might check for the insertion/presence of a smart card with valid user keys on it. This is an effective technique where user does not have to deal with the challenges of back-end infrastructure additions/application modifications, etc. Also the hackers are unable to effectively brute force the applications. 

Common implementations of single sign-on are Central Authentication Service (CAS), JOSSO (Open Source Single Sign-On Server), JBoss SSO, Kerberos, myOneLogin (Secure single sign-on for the cloud), OpenAM (previously OpenSSO), SAML, Shibboleth, Smart card (most modern smart cards use RSA, Triple DES and DSA algorithms)