Exam Essentials: Chapter 6

Chapter 6: Cryptography & Symmetric Key Algorithms

Understand the role that confidentiality, integrity & non-repudiation play in cryptosystems

• Symmetric & asymmetric crypto can provide confidentiality & integrity.
• Only asymmetric crypto can provide non-repudiation; symmetric cannot.

Know how cryptosystems can be used to achieve authentication goals

• One possible scheme is the challenge-response protocol: the remote user is asked to encrypt a message using a key known only to the communicating parties.
• Authentication can be achieved with both symmetric & asymmetric crypto.

Be familiar with the basic terminology of cryptography

• Cryptovariable: another name for a key.
• Initialisation vector (IV) or nonce: Random number that acts as a placeholder in mathematical function and is used to create unique ciphertext every time the same message is encrypted using the same key.
• Cryptography: the art of creating & implementing secret codes & ciphers.
• Cryptoanalysis: the study of methods to defeat codes & ciphers.
• Together, cryptography & cryptoanalysis are referred to as cryptology.

Understand the difference between a code and a cipher, and explain the basic types of cipher

• Codes are cryptographic systems of symbols than operate on words or phrases, and are sometimes secret but do not always provide confidentiality.
• Ciphers are always meant to hide the true meaning of a message.
• Substitution ciphers use the encryption algorithm to replace each character/bit with a different one
  • Caesar shift cipher (ROT3) shifts letters three places to the right to encrypt – a monoalphabetic cipher that is vulnerable to frequency analysis
    • Encryption: C = (P + 3) mod 26
    • Decryption: P = (C – 3) mod 26
    • The “mod 26” accounts for the wrap-around the end of the alphabet (Z becomes B etc)
  • Vigenère cipher is a polyalphabetic substitution cipher that is protected from frequency analysis but vulnerable to a second-order form called period analysis (examination of frequency based on repeated use of the key)
    • Using a fixed encryption/decryption chart (header row of A-Z, followed by A-Z again and 25 more instances with the alphabet shifted left each time, e.g. BCD…YZA, CDE..ZAB down to YZA…VWX, ZAB…WXY)
    • Write out the plain text, then write the encryption key underneath, repeating the key as many times as needed to establish a line of text the same length as the plaintext
    • Locate the column headed by the first plaintext character, and the row headed by the first character of the key – write down the letter that appears where these intersect. Repeat for each character.
  • One time pads (Vernam ciphers)
    • Extremely powerful type of substitution cipher.
    • Uses a different substitution alphabet for each letter of the plaintext message
    • One time pads are written as a very long series of number to be plugged into the function C = (P + K) mod 26.
    • Unbreakable if used correctly (see section below)
  • Caesar, Vigenère & one-time pads are very similar; in fact, the only difference is key length. Caesar ciphers use a key of length 1, Vigenère uses a longer key (usually a word or sentence) and the one-time pad uses a key that is as long as the message itself.
  • Running key cipher (also known as a book cipher) uses a chapter or passage from a book as a key
    • Convert each letter of the plaintext and key to a numeric value (A = 0, B = 1, Z = 25 etc), add them together and perform a modulo 26 operation.
• Transposition ciphers…
• Stream ciphers operate on one character/bit of a message/datastream at a time
  • Can also function as a type of block cipher, by using a buffer than fills up with real-time data that is then encrypted as a block.
  • The Caesar cipher is an example of a stream cipher.
• Block ciphers operate on “chunks”, or blocks, of a message and apply the encryption algorithm at the same time.
  • Transposition ciphers are examples of block ciphers.
  • Most modern encryption algorithms implement some type of block cipher.
• Confusion occurs when the relationship between the plaintext and the ciphertext is so complicated that an attacker can’t merely continue altering the plaintext and analysing the result to determine the key.
• Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Know the requirements for successful use of a one-time pad

• Key must be generated randomly, without any known pattern.
• Key must be at least as long as the message to be encrypted.
• Pad must be protected against physical disclosure.
• Each pad must be used only once, then discarded.

Understand the concept of zero-knowledge proof

• The communication concept of zero-knowledge proof is where a specific type of information is exchanged, but no real data is transferred, as with digital signatures and digital certificates.
• Proving you know a piece of information (e.g. a password) without revealing that information.

Understand split knowledge

• Split knowledge means that the info or privilege required to perform an operation is divided amongst multiple users. This ensures that no single person has sufficient privileges to compromise the security of the environment. M of N control is an example of split knowledge.
• Useful for key escrow applications.

Understand work function (work factor)

• Work function, or work factor, is a away to measure the strength of a cryptosystem but measuring the effort in terms of cost and/or time to decrypt messages.
• Usually represents the time & effort required to perform a comprehensive brute-force attack against the cryptosystem.
• The security & protection offered by a cryptosystem is directly proportional to the WF.
• The WF need only be slightly greater than the time value of the data. Spend no more effort to protect an asset than it warrants, but be sure to provide sufficient protection.
• For long-term data storage, may be a good idea to decrypt and re-encrypt using a stronger key and/or cryptosystem on a periodic basis.

Understand the importance of key security

• Cryptographic keys provide the necessary element of secrecy to a cryptosystem.
• Modern keys utilise keys that are at least 128 bits long to provide adequate security (AES-256 or equivalent is recommended for symmetric, and keys of at least 1,024 bits for standard asymmetric, or the equivalent 160 bits for ECC)
• Generally agreed that the 56-bit key of DES no longer provides sufficient security.

Know the differences between symmetric & asymmetric cryptosystems

• Symmetric key (or secret key) cryptosystems:
  • rely on the use of a shared secret key
  • are much faster than asymmetric algorithms (typically 1,000-10,000 times faster), and lend themselves well to hardware implementations
  • lack support for scalability, non-repudiation & easy key distribution (requires out-of-band exchange)
  • keys must be regenerated often (e.g. whenever a participant leaves a group)
  • a system with n participants requires ( n * (n – 1) ) / 2 keys; with 10 participants; 45 keys are required (10,000 participants require almost 50m keys!)
  • only support confidentiality
  • sometimes called private key cryptosystems, not to be confused with public key cryptosystems below
• Asymmetric (or public key) cryptosystems:
  • use public-private key pairs for communication between parties
  • operate much more slowly than symmetric algorithms
  • are scalable, offer non-repudiation & easy key distribution
  • key generation is only required when a user’s private key is compromised (and only for that user)
  • no pre-existing communication link needs to exist
  • support confidentiality, integrity, authenticity & non-repudiation
  • require two keys per participant; with 10 participants, 20 keys are required (10,000 participants require 20,000 keys)
  • asymmetric keys must be longer than symmetric keys to provide equivalent strength

Be able the explain the basic operational modes of DES and 3DES

• DES (and therefore 3DES) operates in one of five modes:
  • Electronic Code Book (ECB)
    • each time the algorithm processes a 64-bit block, encrypts the block using the chosen secret key
    • large messages are vulnerable to cryptanalytic techniques which make it impractical to use for all but the shortest transmissions
  • Cipher Block Chaining (CBC)
    • each block of unencrypted text is XORed with the block of ciphertext immediately preceding it, before encrypting with the DES algorithm
    • uses an IV for the first block, producing a unique output each time the operation is performed
    • IV must be sent to the recipient, e.g. by pre-pending the IV to the completed ciphertext in plain form, or by protecting with with ECB mode encryption using the same key used for the message
    • errors propagate – if one block is corrupted during transmission, it becomes impossible to decrypt that and any subsequent blocks
  • Cipher Feedback (CFB)
    • streaming cipher version of CBC
    • instead of breaking a message into blocks, it uses memory buffers of the same block size; as the buffer fills, it is encrypted and sent to the recipients (and the process repeats)
    • other than this, it operates in the same fashion as CBC; it uses an IV and chaining, so errors propagate
  • Output Feedback (OFB)
    • operates in almost the same fashion as in CFB mode
    • instead of XORing an encrypted version of the previous block of ciphertext, DES XORs the plaintext with a seed value
    • for the first encrypted block, an IV is used to create the seed value; future seed values are derived by running the DES algorithm on the previous seed value
    • major advantage is that there is no chaining function so errors do not propagate
  • Counter (CTR)
    • uses a stream cipher similar to that used in CFB & OFB modes
    • instead of creating the seed value for each encryption/decryption operation from the results of the previous seed values, it uses a simple counter that increments for each operation
    • as with OFB mode, errors do not propagate
    • CTR mode allows you to break an encryption or decryption operation into multiple independent steps, making it well suited for use in parallel computing
• 3DES uses three iterations of DES with two or three different keys, to increase the effective key strength to 112 or 168 bits respectively
  • DES-EEE3 encrypts the plaintext three times using three different keys, giving an effective key length of 168 bits (3*56)
  • DES-EDE3 also uses three keys but replaces the second encryption operation with a decryption operation; effective key length is again 168 bits
  • DES-EEE2 uses only two keys, K₁ and K₂. It encrypts with K₁, then with K₂, then with K₁ again; 112-bit effective key length (2*56)
  • DES-EDE2 replaces the K₂ encryption step with a K₂ decryption step; again 112-bit effective key length
• Current belief is that all modes are equally secure

Know the Advanced Encryption Standard (AES)

• The US standard for secure exchange of SBU (sensitive but unclassified) data
• Uses the Rijndael algorithm
• Uses key lengths of 128, 192 & 256 bits and a fixed block size of 128 bits
  • Rijndael also supports 192- and 256-bit block sizes but this is not part of the standard
• Achieves a much higher level of security than the older DES algorithm

Symmetric cipher memorisation chart

Name	Block size	Key size
AES 128-bit keys require 10 rounds of encryption, 192-bit 12 rounds, and 256-bit 14 rounds.	128	128, 192, 256
Rijndael	128, 192, 256	128, 192, 256
Blowfish Often used in SSH, also bcrypt. Licence-free, much faster than IDEA & DES.	64	32 – 448
DES	64	56
IDEA Originally developed as a solution to DES weakness. Operates in the same 5 modes: ECB, CBC, CFB, OFB & CTR. Used in commercial PGP.	64	128
Rivest Cipher 2 (RC2) No longer considered secure.	64	128
Rivest Cipher 5 (RC5) RSA-patented replacement for RC2. (Successor is RC6, but not widely adopted)	32, 64, 128	0 – 2,040
Skipjack Developed for EES (Escrowed Encryption Standard) and Clipper/Capstone chips. NIST and Dept of Treasury can reconstruct keys (each hold a portion of the knowledge required). Supports same 5 modes as DES/IDEA.	64	80
Triple DES (3DES)	64	112 or 128
Twofish AES finalist which uses pre- and post-whitening techniques.	128	1 – 256

Creation & distribution of symmetric keys

• Offline distribution: Exchanging symmetric keys, e.g. by physical exchange of key material on paper/removable storage media. Each method has its own inherent flaws: mail can be intercepted, telephones can be wiretapped, papers containing keys could be lost or accidentally thrown away.
• Public key encryption: To obtain the speed benefits of secret key encryption without the hassle of key distrbution, many people use public key encryption to set up an initial comms link. A secret key is then exchanged over this secure link, then communication is switched to the much faster secret key algorithm.
• Diffie-Hellman: In some cases, neither public key encryption nor offline distribution is sufficient. Two parties might need to communicate with each other, but they have no physical means to exchange key material, and there is no public key infrastructure in place to facilitate the exchange of secret keys. In situations like this, key exchange algorithms like Diffie-Hellman can be extremely useful.
  • Involves two communicating parties agreeing on two large integers, one of which is a prime number.
  • Both parties choose a different random large integer and perform a calculation using their own integer and the two numbers from before..
  • They send their random integers to each other, and they both perform a calculation to derive the same value. This is the secret key that can be used for communication between the two parties.

Key escrow approaches

• Fair Cryptosystems: Secret keys used in communication are divided into two or more pieces, and each given to an independent third party. When the government obtains legal authority, it provides evidence of the court order to each party, and then reassembles the secret key.
• Escrowed Encryption Standard: Provides the government with the technological means to decrypt ciphertext; the basis behind the Skipjack algorithm discussed earlier.
• While the technology exists, it’s highly unlikely that the general public with ever accept the potential governnment intrusiveness it facilitates.