16

Cyber Security and Cryptography

Hashing1.1 Cyber Security1.2 Intrusion Detection and Prevention Systems1.3 Firewalls2.1 Encoding Formats2.1 Ciphers and Fundamentals2.1 Public key, private key and key exchange2.2 Authentication and Hashing2.3 Digital Certificates3.1 Network Forensics3.2 Penetration Testing3.3 Malware Analysis3.3 Attack Analysis4.1 Tunneling4.2 Authentication, Identity and TrustBotnet Coursework

2.1 Ciphers and Fundamentals

Week 2 Day 1 - Ciphers and Public/Private Key

Last Update Unknown

Encryption: The process of converting plaintext into ciphertext which can’t be understood without the key to decrypt it.

Plaintext: Data in human-readable form

Ciphertext: Data that has been encrypted

SKC (Secret Key Cryptography) → Symmetric Key

RSA (An asymmetric cryptography algorithm) → Cert

HMAC (Hash-based message authentication code) → Salt

CBC (Cipher Block Chaining) → Initialisation Vector (Salt)

PKC (Public Key Cryptography) → Asymmetric Key

PKI (Public Key Infrastructure) → Trent (Trusted Third Party)

Key-based Encryption

Secret Key Cryptography (SKC)

Secret Key Cryptography is also called Symmetric Cryptography because the same key is used to both encrypt and decrypt the data.


e.g. RC2, RC4, DES, AES, Blowfish

Public Key Cryptography (PKC)

Public Key Cryptography is also called Asymmetric Cryptography as it is a method of encrypting or signing data with two different keys and making one of the keys, the public key, available for anyone to use.


e.g. RSA, DSA (factoring prime numbers), ElGamal (Eliptic curve)

Hashing

Hashing is a mathematical algorithm that converts plaintext to a unique text string or a ciphertext.


e.g. MD5, SHA-1, etc.

Encrypted Protocols

The old existing protocols were typically text-based and insecure but the new protocols involve encryption (and typically authentication).

Application Old insecure protocols New one
Web HTTP HTTPS
Remote access TELNET SSH
File transfer FTP SFTP
Email POP-3 / SMTP Tunnel
Domain name DNS None?

Private-key Encryption

A major problem in encryption is playback where an intruder can copy an encrypted message and play it back, as the same plain text will always give the same cipher text.


The solution is to add salt, introducing some variation in the input, even if the actual message is always the same. In the context of ciphers, the salt is called Initialisation Vector while for hash functions is called salt.

A salt can be as simple as a message sequence number. The right salting mechanisms provide Freshness and Semantic Security.

Freshness: To ensure that the received ciphertext is not a malicious replay of previously transmitted communication. 

i.e. to ensure that the received message is ‘fresh’

Semantic Security: To disallow an attacker from being able to answer any yes/no question about the ciphertext. For example, “Is this message the same as the previous?” or “Is this message an “OK” or an “ERROR” message?”

Cipher Cracking

Known plaintext attack

Where the attacker knows part of the ciphertext and the corresponding plaintext. The known ciphertext and plaintext can then be used to decrypt the rest of the ciphertext.

The replay system

A replay attack occurs when an attacker eavesdrops on a secure network communication, intercepts it, and then delays or resends it to misdirect the receiver into doing what the hacker wants.

Active attack

Active attacks are attacks in which the hacker attempts to change or transform the content of messages or information.

Cut and paste

Where the intruder mixes parts of two different encrypted messages and, sometimes, is able to create a new message. This message is likely to make no

sense, but may trick the receiver into doing something that helps the intruder.

Chosen-ciphertext

Where the intruder sends a message to the target, this is then encrypted with the target’s private-key and the intruder then analyses the encrypted message. For example, an intruder may send an e-mail to the encryption file server and the intruder spies on the delivered message.

Exhaustive search

Where the intruder uses brute force to decrypt the ciphertext and tries every possible key.

Man-in-the-middle

A man-in-the-middle attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.

Cipher Modes of Operation

Cipher Block Chaining (CBC): Each cipher text block is decrypted in a process that requires observing the blocks that have already been processed. (Suitable for encrypting large messages)

Electronic Code Block (ECB): A simple mode of operation with a block cipher that's mostly used with symmetric key encryption. (Suitable for encrypting small messages)

Stream Cipher: A method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.

Cipher Numbers

Pseudo-Random Number Generators (PRNGs): Repeat after a given time. Fast. Deterministic. Periodic.

True Random Number Generators (TRNGs): True random e.g. keystroke analysis. Slow. Nondeterministic. Aperiodic.

Prime numbers are used extensively in encryption, such as in Diffie-Hellman

Greatest Common Divisor (GCD), or Greatest Common Factor (gcf) is used in many encryption algorithms and is the largest positive integer that divides into two numbers without a remainder. 

For example, the GCD of 9 and 15 is 3.