Digital Certificates
Public key certificate also known as a digital certificate
- Common Certificate Applications
- Server Authentication
- Client Authentication
- Code Signing
- Email Signing
- Time Stamping
- IP Security
- Windows Hardware Driver Verification
- Smart Card Logon
- Document Signing
- Public Key Transport
- Typical digital certificate types
- IKE
- PKCS #7 – Block Padding
- PKCS #10 – Standard format for requesting X.509 certificates from the certification authorities.
- RSA Signatures
- X.509v3
Two major encoding schemes for X.509 certificates
PEM (Base64 ASCII text)
DER (Binary) format
The standard output for X.509 certificates is in a binary format, but a Base-64 conversion can be used as an easy way to export/import on a wide range of systems.
- Common X.509 certificate file types
- .cer (used with both PEM and DER formats)
- .crt
- .pem
- .key (common with PEM formats)
- .der (common with DER formats)
Passing PKI public keys in a verifiable way
When a digital signature is created (whether self-generated/signed or by a trusted well-known [[Certificate Authority (CA)]]), the certificate will contain the public key of the certificate owner. Generating and securely sharing a certificate that can be validated by a trusted source is a viable option for public key transport in PKI.
- Main stages of key/certificate management are:
- Initialization – This includes registration, key pair generation, certificate creation and certificate/key distribution, certificate dissemination, and key backup.
- Issued – This includes certificate retrieval, certificate validation, key recovery and key update.
- Cancellation – This includes certificate expiration, certificate revocation, key history and key archiving.
4 Basic steps for obtaining a digital certificate signed by a trusted CA
- Requester generates a key-pair (one public, one private).
- Requester creates a Certificate Signing Request (CSR)
- Trusted CA generates the digital certificate for the requester
- Trusted CA signs the requester’s digital certificate with CA’s own private key
- The basic process of creating a certificate signed by a CA entails the following steps:
- Initially the organization creates a key-pair and then creates a CSR (Certificate Signing Request) which contains the details of the organization (such as the organization name, the domain-name, the contact email address, the locality, and the unit name).
- The CA then takes its private key from a key pair and its digital certificate, and signs a new digital certificate for the organization.
End-to-End authentication – The user authenticates themselves to the end service
Intermediate Authentication – only part of the conversation between the entities is authenticated.
[[Online Certificate Status Protocol (OCSP)]]
Certificate Revocation List (CRL)
[[Certificate Authority (CA)]]
Historic Cryptosystems
Pigpen
Mono- alphabetic substitution cipher that makes use of mapping plaintext characters to graphical characters rather than to alphabetic ones. i.e. A=(pick a symbol), vs A=(pick a letter). Disadvantage: once the mapping is known, it is difficult to keep the message secret.
Rail Code
Employs a method to scramble text by writing it in a sequence across a number of rails.
BIFID
Makes use of a grid and which maps the letters into numeric values.
Playfair
5 × 5 matrix containing the alphabet less the letter J. Cipher/decipher process consists of a set of rules outlining use of column and row combinations.
The Playfair is significantly harder to break since the frequency analysis used for simple substitution ciphers does not work with it. A typical 5×5 key square is below: (Any sequence of 25 letters can be used as a key, so long as all letters are in it and there are no repeats. Note that there is no ‘j’, it is combined with ‘i’.)
k e y w o
r d a b c
f g h i l
m n p q s
t u v w x
Morse Code
Encoding method, rather than a cipher, that works by translating characters into sequences of dots (.) and dashes (-)
Caesar Cipher
Mono-alphabetic substitution cipher known as “shift” cipher. Involves plaintext being replaced by a letter some fixed number of positions down the alphabet. i.e., a Caesar Cipher using a shift of +3 would mean a plaintext letter A would result in a ciphertext letter D (a shift of three positions to the right in the alphabet)
Vigenere Cipher
Polyalphabetic cipher that involves using a different mapping, based on a keyword, for each character of the cipher. An advantage of this type of cipher is that the same plaintext character is likely to be coded to different mappings, depending on the position of the keyword, making guessing more difficult.
One Time Pad
Cipher code mapping that is used only once. Advantage is it is essentially unbreakable, disadvantage is it takes lots of work as you’d have to generate the pad to be used, each time.
Four-Square Cipher
Uses four 5 × 5 matrices arranged in a square, are where each matrix contains 25 letters for encoding and decoding operations.
Enigma Machine
Used a polyalphabetic substitution cipher, which did not repeat within a reasonable time period, along with a secret key. For the cracking of the Enigma cipher, the challenge was thus to determine both the algorithm used and the key. Enigma’s main weakness, though, was that none of the plain text letters could be ciphered as itself.
Mono-Alphabet Substitution Ciphers
Single Alphabet
Atbash
Reverses the alphabet ( A becomes Z, B becomes Y … )
ROT-13
Rotate all characters 13 letters through the alphabet ( A becomes N, B becomes O … )
Scytale
Use of a rod of a certain length to create/encrypt a message, and same rod must be used to read/decrypt the message by the recipient
Affine cipher
The Affine cipher is a type of monoalphabetic substitution cipher, wherein each letter in an alphabet is mapped to its numeric equivalent, encrypted using a simple mathematical function, and converted back to a letter.
Symmetric Cipher
| Operates On | Name | Authors | Key Size(s) in bits | Block Size(s) in bits | Rounds | Algorithm | Notes |
|---|---|---|---|---|---|---|---|
| Block | AES | 128,192, & 256 | 128 | 10 (128), 12 (192), 14 (256) ROUNDS | SUBSTITUTION- PERMUTATION, Rijyndael cipher | ||
| Block | SERPENT | Ross Anderson, Eli Biham, Lars Knudesen | 128,192, & 256 | 128 | 32 ROUNDS | SUBSTITUTION- PERMUTATION | |
| Block | TWO FISH | Bruce Schneider, Neil Ferguson, design to replace DES | Up TO 256 | 128 | 16 ROUNDS | FEISTEL | Process flow: 1- Subbytes, 2- Shift rows, 3- Mix-columns, 4- Add round Key. In the final (10th) round, there is no Mix-column |
| Block | RC5 & RC6 | Up to 2048 | 32, 64, 128 | up to 255 | Faster version of RC5 | ||
| Block | IDEA | James Massey & Xuejia Lai | 128 | 64 | 8 Rounds | Lai-Massey Scheme | |
| Block | TEA | David Wheeler and Roger Needham | 128 | 64 | 64 ROUNDS | FEISTEL | |
| Block | SHARK | Vincent Rijmen, Joan Daemen, Erick De Win | 128 | 64 | 6 ROUNDS | ||
| Block | CAST | 128 or 256 | 64 | 12 < 80 – 16>80 | PGP, 8 bit rounds | ||
| Block | BLOWFISH | 1993 by Bruce Schneider, Key expansion and encryption data | 32 to 448 | 64 | 16 ROUNDS | FEISTEL, in BCrypt, CrashPlan, Cryptodisk, DriveCrypt | |
| Block | DES | 56 | 64 | 16 ROUNDS | FEISTEL | ||
| Block | 3DES | 56 | 64 | 16 ROUNDS | FEISTEL | Runs DES 3 times | |
| Block | SKIPJACK | 80 | 64 | 32 ROUNDS | UNBALANCE FEISTEL | Design by NSA for the Clipper Chip | |
| Stream | RCA | 1-256 | up to 255 rounds | ||||
| Stream | RC4 | 2064 bit state size, 1-2048 bit key size | 1 | Weak stream cipher/ used in SSL & Web / WIFI security/ RFC 7465 prohibits use in TLS 40 bit minimum key size recommended | |||
| Stream | FISH | Uses Lagged Fibonacci pseudorandom number generator. data stream XORed with the key | FISH IMPROVEMENT | ||||
| Stream | PIKE | Revised version of FISH to address known plaintext attack vulnerabilities | most widely used stream cipher |
Recap
Two types of symmetric encryption: Block and Stream
Symmetric block encryption involves grouping data into blocks and encrypting the individual blocks, and symmetric stream encryption involves encrypting one bit at a time, i.e., a synchronous stream.
Symmetric stream encryption is often much faster than block and can typically be applied in real-time applications.
With symmetric block encryption, padding is used to fill blocks to operating size when the data does not fit perfectly.
Symmetric block ciphers manage how blocks of data are processed through [[Block Cipher Modes]] implementations. For instance, one may choose to use the DES block cipher configured with ECB as the mode of operation.
Asymmetric encryption
| Name | Description | Notes |
|---|---|---|
| RSA | Leverages prime number characteristics, 1024-4096 bit variable key size, 1 round | Most Popular / provides authentication and encryption / authentication through digital signatures |
| ECC | Leverages discrete logarithm characteristics | provides authentication and encryption/ faster than RSA / Uses less resources than RSA (Used in smaller devices like smartphones) / authentication through digital signatures |
| El Gamal | Used in recent versions of PGP | Extension of Diffie Hellman (DH)/ Similar level of protection as RSA and ECC/ usually the slowest |
| DSA | A Federal Information Processing Standard for digital signatures (FIPS 186) | |
| Diffie Hellman (DH) | No Authentication /vulnerable to Man in the middle attacks |
Hashing
| HASH FUNCTION | |
|---|---|
| MD5 & MD4 | 128 BIT HASH, RFC 1321 |
| MD6 | SUBMITED TO THE NIST SHA-3 COMPETITION |
| SHA | 160 bit hash, SHA-1, SHA-2(SHA-224, SHA-256, SHA-384, SHA-512), SHA3. |
| FORK 256 | USES A 512 BITS BLOCKS/ 256 bit Hash Value |
| RIPEMD-160 | 160 BIT HASH, EXIST 128, 256 AND 320 VERSIONS |
| GOST | DEFINED BY RUSSIAN NATIONAL STANDARD, 256 BITS OUTPUT |
| TIGER | 192 BITS HASH FUNCTION |
| MAC & HMAC | A MAC USESES A BLOCK CIPHER IN CBC MODE TO IMPROVE INTEGRITY |
Hashing Recap
Hashing describes one-way or irreversible encryption used for protecting the integrity of data and in authentication applications. Hashing is normally used to either hide the original contents of a message (such as hiding a password), or to check the integrity of data.
Hashing involves taking a variable length input and producing a fixed length output (message digest).
A weakness of one-way hashing is that the same piece of plaintext will result in the same ciphertext (unless salt is applied).
- Important factors with hash signatures are:
- Collision – This is where another match is found, no matter the similarity of the original message. Collision attacks exploit this.
- Similar context – This is where part of the message has some significance to the original and generates the same hash signature. This is defined as a Pre-image attack.
- Full context – This is where an alternative message is created with the same hash signature and has a direct relation to the original message. This is an extension to a Pre-image attack.
A collision occurs when two different input values that produce the same hash signature.
The Apache-defined APR1 format addresses the problems of brute forcing an MD5 hash, and basically iterates the hash value 1,000 times.
While APR1 has a salted value, the SHA method has for storing passwords does not have a salted value. SHA produces a 160-bit signature, thus can contain a larger set of hashed value than MD5, but because there is no salt it can be open to rainbow table attacks, and also brute force. (A rainbow table is a collection of precomputed hash values of actual plaintext passwords used for password cracking.)
HMAC is a message authentication code (MAC) that can be used to verify the integrity and authentication of the message. It involves hashing the message with a secret key, and thus differs from standard hashing, which is purely a one-way function.
- Common Hashing methods include:
- General hashes – This includes the main standardized hashing techniques, such as MD5, SHA1, SHA256 and SHA512.
- UNIX hashes (with salt) – This includes ARP1, PBKDF2, PHPASS, DES, MD5, Bcrypt, Sun MD5, SHA1, SHA256 and SHA512.
- Microsoft Windows hashes – This includes LM, NTLM, DCC and DCC2.
- LDAP hashes – This includes MD5, MD5 (Salted), SHA, SHA (Salted), MD5 (Crypt).
- Database hashes – This includes MS SQL 2000, MS SQL 2005, My SQL 323, My SQL 41, Postgres, Oracle 10, and Oracle 11.
- Others – This includes Cisco PIX and Cisco Type 7.
Wireless Encryption
Encryption schemes commonly used with Wi-Fi include: 40-bit RC4 (WEP), 128-bit RC4 (WPA – Wi-Fi Protected Access), or 128-bit/ 256-bit AES (WPA-2).
Because of export restrictions, the size of the original key in RC4 was limited to 40 bits (WEP) and was then increased to 128 bits (TKIP).
- Overall WEP is weak from a number of viewpoints:
- Small value of IV (24 bits). This meant that it repeated within a reasonable time, and the key could then be attacked.
- Construction of keys made it susceptible to the weak key attacks (FMS attack).
- Lack of protection against message replay. There was no protection against cipher streams being played back over the network.
- Lack of message tampering identification. The method did not support the detection of message tampering.
- Directly used a master key. The method had no way of updating the keys.
After WEP, there was a strong need to fix the problems, but to keep compatibility, thus WPA supported TKIP, and which increased the IV value to 48 bits (rather than 24 bits)
WPA addressed the weaknesses of WEP, and without requiring significant hardware changes, and focused on two main methods: WPA-PSK and WPA Enterprise.
WPA-2 (IEEE 802.11i-2004) advanced the WPA standard, by keeping compatibility with WPA, but adding AES-CCMP (AES-Counter Mode CBCMAC Protocol), which is a block encryption method. Again, it supported two modes: Personal (with a pre-shared key) and Enterprise.
With WPA Enterprise, as with WPA, no pre-shared key is used, and it also includes a MIC (Message Integrity Check). The MIC mainly guards against the bit flipping attacks identified within WEP.
Mobile phone networks/GSM typically uses the A5/1 or A5/2 stream encryption method, but almost on its first day of operation it has been a target for crackers, and the source code to crack A5/2 was released within one month of being made public.
The A5/3 encryption system – known as KASUMI – the Japanese word for “mist” – is the upgrade to A5/1 and uses a block cipher. A5/1 is designed to be used for the GSM network, whereas A5/3 is for 3GPP, and is based on the MISTY1 cipher. 128-bit key
While WEP contains many weaknesses, a properly defined stream cipher can be much faster than block ciphers, as they just have to create a key stream from an IV (also known as a nonce value) and a key. Google proposed ChaCha20 – named as it has 20 rounds – as an alternative to AES to be used with TLS connections.
SSL/TLS Handshaking
- Client Hello
- This is sent from the client to the server and defines the cipher suites that the client supports.
- Server Hello
- This sends back the digital certificate from the server and the selected cipher suite from the list that the client sent.
- Client Key Exchange
- This is sent from the client and contains the information required to generate the session key.
Block Cipher Modes
Common block cipher modes include: ECB, CBC, CFB, OFB, and CTR.
CFB, OFB, and CTR implementations essentially allow the block cipher to operate like a stream cipher.
All current cipher codes are crackable and a measure of the security of a code is the amount of time it would take to break the code based on the computational power available. This is often referred to as the work factor. As processing power magnifies, security of current ciphers decreases.
Salting is the process of adding an initialization vector to the ciphering process to change its operation and ensure that the ciphertext does not give the original plaintext when played back.
What is the difference between OFB and CFB with regards to the output from a previous block fed into the cipher stage of the current block?
The OFB current block takes output from the cipher stage of the previous block while the CFB current block takes the output of the XOR process of the previous block.
ECB (Electric Codebook):
– Simplest mode of encryption. Each plaintext block is encrypted separately. Each ciphertext block is decrypted separately.
– No Salt or IV is used.
– The same ciphertext will be output EVERY TIME the same plaintext is encrypted.
CBC (Cipher-Block Chaining) Mode:
– Minor Step up from the ECB with the incorporation of an initialization vector (IV) for the first block.
– Results of encryption from previous block is input into to encryption process of the current block.
CFB (Cipher Feedback) Mode:
– Converts the block cipher into a self-synchronizing stream cipher
– Current block takes output of the XOR process vs from the cipher stage of the previous block (difference between CFB and OFB)
OFB (Output Feedback) Mode:
– Converts the Block cipher to a synchronous stream output.
– Current block takes output from the cipher stage vs from the output of the XOR process of the previous block (difference between CFB and OFB)
– The first stage takes the data blocks and X-ORs it with the encrypted version of the IV value. The output of the first stage encryption is then feed into the next stage, and encrypted, with the output being X-OR’ed with the second block.
CTR (Counter) Mode:
– Converts the block cipher into a stream cipher.
– Generates a counter value and a nonce, and encrypts this, in order to EX-OR with the plain text block.
– The advantage of CTR is that each block is processed independent of the others, facilitating the ability to conduct parallel processing of blocks. i.e. feedback from other stages to feed into the current one is not required.
Blockchain and Crypto-currency
One the most popular crypto-currencies is Bitcoin (BTC). A key focus for the crypto-currency to protect against someone spending money that they do not have, so Bitcoin uses Blockchain.
Blockchain is a publicly available ledger of transactions that allows the Bitcoin network to know the number of bitcoins that a given user has in their account. Can be public or private.
Conventional currencies usually have a central bank that creates money and then controls its supply. The Bitcoin currency is instead created when users mine for it, using their computers to perform complex calculations through special software.
Bitcoin transactions will be captured by miners who will compile a list of the latest transactions. If valid, the transaction is then recorded within a mining process, where mining nodes gather new transactions and compute a hash of the new block, and which should also contain the hash of the previous block, and then build a transaction log. Once complete, this becomes part of the official Blockchain in the network, and the miners reach a consensus on the current Blockchain. Miners receive rewards for successful mining efforts.
Transactions are confirmed on the blockchain by miners, which normally process all the transactions within a 10 minute time period.
The crypto currency Ethereum was built on the Bitcoin/Blockchain concept but included the concept of smart contracts.
Within Ethereum applications we define the concept of gas. This is basically the unit that is used to measure the amount of work that is required to perform a single Keccak-256 hash.
Smart contracts are programs stored on a blockchain that run when predetermined conditions are met; they typically are used to automate the execution of an agreement so that all participants can be immediately certain of the outcome, without an intermediary’s involvement or time loss.
Along with creating a new currency (Ether), the main contribution of Ethereum is to create the concept of peer-to-peer smart contracts which enables users to create their own contracts, and which will be strictly abided to.
Although Bitcoin, Ethereum, and Hyperledger all use blockchain, Ethereum, and Hyperledger are considered “common” options for implementing blockchain for this course. Hyperledger and Ethereum offer the smart contracts feature.
All About Keys
Secret Key Encryption
Secret Key encryption (symmetric Cryptography) makes use of a single secret key for both encryption and decryption.
Since the same key is used for both encryption and decryption in symmetric cryptography, a challenge that exists is finding a secure way to share or transport the key between the entity encrypting and the one decrypting.
The major problem of secret-key encryption is how to pass the key between the entity encrypting and the entity decrypting.
Secret key ciphers make use of substitution boxes (S-boxes) to perform substitution as part of the encryption process. S-boxes take a given input and leverage look-up tables to produce a given output.
Symmetric Key Exchange
The two main methods for key exchange in symmetric cryptography is to:
- Use a key exchange algorithm (such as Diffie-Hellman) or to encrypt the key with the recipient’s public key,
- Pass it to the other side and then allow the recipient use their private key to decrypt it i.e., via public key encryption.
An important concept within key exchange is the usage of forward secrecy, which means that a comprise of the long-term keys will not compromise any previous session keys.
With ephemeral key methods, a different key is used for each connection, and, again, the leakage of any long-term key would not cause all the associated session keys to be breached.
Diffie-Hellman is a widely used key exchange algorithm used to exchange the secret key in symmetric cryptography.
A weakness discovered in Diffie Hellman is that it is fairly easy to precompute on values for two popular Diffie-Hellman parameters (and which use the DHE_EXPORT cipher set).
The DHE_EXPORT Downgrade attack involves forcing the key negotiation process to default to 512-bit prime numbers. For this the client only offers DHE_EXPORT for the key negotiation, and the server, if it is setup for this, will accept it. The precomputation of 512-bit keys with g values of 2 and 5 (which are common) are within a reasonable time limits.
Methods to combat DHE_EXPORT Downgrade attacks on Diffie Hellman include:
- Disabling Export Cipher Suites,
- Using (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE),
- Use a strong group.
Diffie Hellman has three groups (bases): Group 1, Group 3 or Group 5, which vary in the size of the prime number used.
Diffie-Hellman methods have been used extensively to create a shared secret key but suffers from man-in-the-middle attacks, where an attacker sits in-between and passes the values back and forward and negotiates two keys: one between a sender and the attacker, and the other between the receiver and the attacker. An improved method is to use public key encryption.
The strength of the Diffie-Hellman relates to the size of the prime number bases which are used in the key exchange.
Public Key
Public Key encryption (asymmetric cryptography) makes use of a key pair (one public, one private) to perform encryption and decryption. If a given key in a key pair is used for encryption, only the opposite key in that key pair can perform the reverse decryption.
Only the public key should be distributed or shared (exchanged via digital signature, posted on a site etc.).
Public-key encryption is an excellent method of keeping data secure, but it is often too slow for real-time communications.
Two main applications of public key encryption are identity checking and key protection.
RSA leverages the fact that products of large prime numbers are difficult to factorize as basis of its encryption.
With homomorphic encryption, we can perform mathematical operations on ciphered values i.e., before decryption.
RSA has a heavy overhead on processor loading and is not well suited to embedded systems (as the power drain can be high, along with heavy requirements for processing and memory).
An improved solution over RSA is Elliptic Curve which is often used in key exchange methods (such as with Elliptic Curve Diffie Hellman – ECDH) and for the creation of digital signatures (Elliptic Curve Digital Signature Algorithm – ECDSA).
- The main advantages of Elliptic Curve methods are:
- Much smaller keys. The prime number P is normally only 160 bits, and much smaller than in RSA. This considerably speeds up the
- encryption process.
- Creation of the curves are more difficult than generating prime numbers, which makes it more difficult to crack than RSA.
- They can be used to factorize values, such as finding the prime number factors within RSA.
Bitcoins use Elliptic Curve cryptography with 32-byte private keys (which is a random number) and 64-byte public keys, on a secp256k1 curve.
El Gamal is a public key method that is used in both encryption and digital signing. It is used in many applications and uses discrete logarithms.
Cramer-Shoup is a public key encryption method that is an extension of El Gamal but adds a one-way hashing method which protects against an adaptive chosen ciphertext attack.
The Paillier cryptosystem supports homomorphic encryption
Number Theory’s
Binary Math:
Basic premise is knowing what combination of binary digits will produce a binary “1”. AND requires two 1’s to output a 1; OR requires at least one 1 to output a 1, and with XOR, there must be a mismatch (i.e., one 1 and one 0) to output a 1.
With AND, both the first and second numbers you are ANDing must be 1 for the answer to be 1. Anything else = 0 | Me and a friend can be 1
With OR, if one or both of the numbers you are ORing is are 1, your answer will be 1. Anything else = 0 | You are either with me or against me
With XOR ⊕, one but not both of the numbers you are XORing must be 1 for your answer to be 1. Anything else = 0 | Thor is lonely and all by himself
- Modulus Operator Math:
- Simply divide the first number by the second and return the remainder. Annotated using the (mod) or (%). Example: 5 mod 2 = 1 (2 goes into 5 a max of twice (4), 5-4 = the remainder which is 1)
- Combination vs Permutation:
- Combinations = not concerned with the order//permutations = all options considered including sequence.
- In probability theory we determine the likelihood of an event happening, typically by understanding the chances of how each of the elements involved in an event interact, and the likelihood of them happening. >> Dependent, Independent, and mutually exclusive.
- A prime number is a value which only has factors of 1 and itself and used in areas such as key exchange and in public key encryption. Factorizing the result of the multiplication of two large prime numbers takes huge amounts of computational power and time.
Encryption Standards
| Standard | Description |
|---|---|
| FIPS 180-2: Secure Hash Algorithm (SHA-1) | |
| FIPS 140: Define 4 security levels | |
| FIPS 186: Digital Signatures | |
| FIPS 197: AES | |
| FIPS 201: Identity Verification | |
| FIPS 198: Hash-based Message Authentication Code (HMAC) | |
| PKCS #1 | RSA Cryptography Standard |
| PKCS #3 | Diffie–Hellman Key Agreement Standard |
| PKCS #5 /RFC 2898 | Password-based Encryption Standard |
| PKCS #8 | Private-Key Information Syntax Standard |
| PKCS #12 | Binary format for storing a certificate chain, private key in a single encryptable file. Commonly used to import and export certificates and private keys |
| PKCS #13 | Elliptic Curve Cryptography Standard |
| PKCS #14 | Pseudo-random Number Generation |
| PKCS #15 | Cryptographic Token Information Format Standard |
| RFC 1510 | Kerberos Network Authentication Service (V5) |
| RFC 1321 | Message Digest 5 (MD5) hash |
| RFC 2104 | Hash-based Message Authentication Code (HMAC) |
| RFC 3174 | Secure Hash Algorithm (SHA-1) |
| RFC 2040/PKCS#7 | Block padding |
| NIST 800-38A | CBC (Cipher Block Chaining) cipher mode |
| NSA Suite B Algorithms | |
|---|---|
| 1 | AES |
| 2 | AES with Galois/Counter Mode (Symmetric Encryption) |
| 3 | Elliptic-Curve DSA (ECDSA) (Digital Signatures) |
| 4 | Elliptic-Curve Diffie-Hellman (ECDH) (Key Agreement) |
| 5 | SHA-2 (SHA256-SHA384) (Message Digest) |
Mnemonics
- 23BRAIDS – Symmetric Algorithms
- 2 = Twofish
- 3 = 3DES
- B = Blowfish
- R = RC5
- A = AES
- I = IDEA
- D = DES
- S = Skipjack
DEREK – Asymmetric Algorithms
Diffie-Hellman
Elliptic Curve (ECC)
RSA
El Gamal
Knapsack
M@SHH!T – Hashing Algorithms
MD5
SHA-1-2-3
HMAC
HAVAL
TIGER
Cryptography Attacks & Cracks
In terms of a backdoor in cryptography, the two main methods which could be used are:
- Key escrow: This is where a copy of the encryption key is kept in escrow so that it can be used by a government agent.
- A NOBUS (‘nobody but us’) backdoor: This is where it is mathematically possible for government agents to crack the encryption, but no-one else can.
There are several methods that an intruder can use to crack a cipher, including:
- Exhaustive search: Where the intruder uses brute force to decrypt the ciphertext and tries every possible key.
- Known plaintext attack: Where the intruder knows part of the ciphertext and the corresponding plaintext. The known ciphertext and plaintext can then be used to decrypt the rest of the ciphertext.
- Man-in-the-middle: Where the intruder is hidden between two parties and impersonates each of them to the other.
- Chosen-ciphertext: Where the intruder sends a message to the target, this is then encrypted with the target’s private-key and the intruder then analyses the encrypted message. For example, an intruder may send an e-mail to the encryption file server and the intruder spies on the delivered message.
- Active attack: Where the intruder inserts or modifies messages.
- The replay system: Where the intruder takes a legitimate message and sends it into the network at some future time.
- Cut-and-paste: Where the intruder mixes parts of two different encrypted messages and is able to create a new message. This message is likely to make no sense but may trick the receiver into doing something that helps the intruder.
- Time resetting: Some encryption schemes use the time of the computer to create the key. Resetting this time or determining the time that the message was created can give some useful information to the intruder.
- Time attack: This involves determining the amount of time that a user takes to decrypt the message; from this the key could be found.
AES has proven to be free from major vulnerabilities, but poor implementation of the encryption method leaves it susceptible to attacks such as: Brute force, use of Non-Random Numbers, and copy-and-paste.
RSA suffers from several weaknesses and is susceptible to numerous attacks and cracking methods.
Definitions
| Term/Variable | Definition |
|---|---|
| OCSP | Online Certificate Status Protocol |
| Message Digest | fixed length block of data, result of hash function |
| IV | Initialization Vector |
| Nonce | Generated IV/Counter IV/Fixed IV/Random IV (↓) |
| PRIME NUMBERS | any number whose factors are 1 and itself only. |
| CO-PRIMES | A number that has no factors in common with another number. |
| EULER’S TOTIENT | Part of RSA. |
| MODULUS OPERATOR | Reminder of divide A by N |
| FIBONACCI NUMBERS | adding the last 2 numbers create next |
| BIRTHDAY PARADOX | Related to hashes and collision. |
| BIRTHDAY ATTACK | Brute force attack against hashes. |
| Ke | secret key |
| E | encryption |
| D | Decryption |
| m | Message |
| a | message authentication code |
| h | MAC function |
| P | public key |
| S | secret key |
| s | signature |
| v | verification key |
| P | plain text |
| C | cipher text |
| l (P) | length of Plaintext in bytes |
| b | block size |
| K | number of blocks |
| K0 | Key Stream |
| ⊕ | XOR |
| M | blocks in total |
| n | block size of the block cipher |
| h | iterative hash function |
| T | tag |
Ref::
Cryptography
