Cryptography

=Introduction to Cryptography =

Cryptography is the art of writing in secret code allowing the direct receiver to decode it while making it more difficult for third-party observers/receivers to understand the message.

media type="youtube" key="Kf9KjCKmDcU" height="315" width="420"

Encryption is the action of converting plaintext using a cipher to make it incomprehensible with exception to those who have the key.

=The Purpose of Cryptography = 1) Authentication: the process of proving one’s identity 2) Privacy and Confidentiality: This allows the sender to ensure the encrypted text is successfully been given to the receiver to receive the message 3) Integrity: assures that the receiver of the sent message has not been altered in any form 4) Non-repudiation: a technique that proves that the sender really sent it by verification methods

*[2]

=Types of cryptography: =

Secret Key Cryptography:


Description: utilizes a single key for both decryption and encryption. It is the more traditional form of cryptography. [2]

How it works: both the encrypting and decrypting are the same but to access the information you need both parties to do so. [6]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Analogy: We will use Pig Latin as an example, it’s not secure, but it fits the analogy. To encrypt, you take the first letter of the word, move it to the back, and add the key to the end of the word. <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">To decrypt, we remove the key from the word, and we move the last letter to the first letter. <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">For example, our plaintext is “hello”, the key is “lol”, so when we encrypt, it becomes “ellohlol”, and if we follow the decryption procedure, it will become “hello” again.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Advantages: Not only the data is encrypted, but it requires authentication to decrypt. [2]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Weaknesses: The main problem is that they need both parties to access the information therefore making it hard to access it in times of crisis. Another problem is for the sender and receiver to both know the secret key without anyone else finding out. It is also the most vulnerable to brute-force attacks. [2]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Public Key Cryptography:
<span style="font-family: Arial,Helvetica,sans-serif;">

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Description: Uses different keys for encryption and decryption. the message encrypted by the public key can not be decrypted unless its the match private key. this is used confidently. [3]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">How it works: There are 2 keys, one is public and the other is private. The public key will be known to everyone while only you will have the private key. If the private key is for encryption then the public key will be for decryption. If private key is for decryption then the public key is for encryption.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Analogy: You have a mail you want to deliver, but you want it secret, so you package it up and decide to put a lock on it, but at the same time, you want to make it even more difficult to read so you made it Pig Latin. Assuming no one else knows Pig Latin, and you and the receiver owns the key, you send the package, the receiver unlocks it, inside it contains the message in Pig Latin, as well as the procedure to translating Pig Latin to English.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Advantages: It is safer and more convenient than secret key cryptography. The private key never need to be revealed or transmitted to anyone. In a secret key system, the keys must be transmitted between the users which might allow enemies to find out the secret key during the process. [2]

<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: transparent; color: #000000; font-size: 15px; text-decoration: none; vertical-align: baseline;">Weaknesses: <span style="background-color: #ffffff; color: #000000; font-size: 15px; text-decoration: none; vertical-align: baseline;">When 2 users try to communicate to each other, it is easy for attackers to steal data. It also takes more time to encrypt and decrypt. It is also inconvenient in many cases. [2] [6]

<span style="background-color: transparent; color: #1155cc; font-family: Arial,Helvetica,sans-serif; font-size: 15px; vertical-align: baseline;">[]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Hash Functions:
<span style="font-family: Arial,Helvetica,sans-serif;"> <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Description: utilizes mathematical transformations for the encrypted information to be irreversible.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Analogy: Think of it like DNA as the plaintext. The aging process and the world they are born in (assuming that each person is born in the exact same condition) is the hash function. In 18 years (or even at birth), everyone is going to be different somehow, some will be taller, some smarter. Unless the hash function is modified somehow (for example, different food, different homes), or the DNA is modified due to radiation, the person is bound to be the exact same if two different people had the same DNA. If mutation were to occur in one's life, the DNA would have to be changed. Same with hash function: if the digest was modified somehow, the plaintext would show a change.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">How it works: Plaintext is processed through the hash function, and is encrypted into a single value of a hash table. The encrypted value returned from the process is called a hash value. [3]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Advantages: There are no keys involved, easy to compute the hash value, nearly impossible to change the message without changing the hash or find the same two or more messages with the same hash. [3]

<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: transparent; color: #000000; font-size: 15px; text-decoration: none; vertical-align: baseline;">Limitations: <span style="background-color: #ffffff; color: #000000; font-size: 15px; text-decoration: none; vertical-align: baseline;">an attacker can build up a huge dictionary of hashed passwords and when he breaks into your web site, check the hashes against a pre-built dictionary.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Hash Function: http://www.sha1-online.com/

<span style="font-family: Arial,Helvetica,sans-serif;">

Error detections
Encrypted data cannot be corrupted, or the entire message could be useless. A few ways to check this:

Checksum
Checks to see the bit size, then compares to see if the encrypted data has erroneous numbers or such. The advantage of this also allows to confirm if the data was compromised somehow.

Example:
"Let's say the checksum of a packet is 1 byte long. A byte is made up of 8 bits, and each bit can be in one of two states, leading to a total of 256 (28 ) possible combinations. Since the first combination equals zero, a byte can have a maximum value of 255. If the sum of the other bytes in the packet is 255 or less, then the checksum contains that exact value. If the sum of the other bytes is more than 255, then the checksum is the remainder of the total value after it has been divided by 256." [6]

Cyclic Redundancy Check (CRC)
Similar to Checksum, but uses polynomial division to determine the value of the CRC. The advantage of the CRC is that it is very accurate, so if the CRC value is off by 1 byte, it will not match. [6]

Limitations
Although it is very useful for preventing random transmission errors, CRC and Checksum offers little to no protect from interference by a third-party. [3]

===<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 110%; text-decoration: none; vertical-align: baseline;">Why is Cryptography used in the industry used today? ===

===<span style="background-color: transparent; color: #000000; font-family: arial,helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Cryptography on the Internet [1] ===

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- used for instantaneous communication and transfer of information <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- the World Wide Web is used for online business, distribution <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- adds security into websites and electronic safe transmissions <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- secure data must be encrypted such as credit cards and other account online information <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- used for e-commerce for commercial transactions which needs cryptographic security <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- email also need cryptography and exists electronically and encryption does protect it

===<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Cryptography used for Access Control [1] ===

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- cryptography can be used to regulate satellite and cable television transmissions <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- renting movies by pay-per-view is decoded by the cable box until the movie has been rented <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">- people who use satellites dishes can receive signals from other houses but can be blocked by using cryptography

TLS and SSL [6] [7]
Transport Layer Security and the older Secure Sockets Layer is a protocol that encrypts information over the Internet from one to another, using public-key cryptography for key exchange, a hash function (known as a message authentication code) for integrity, and symmetric encryption for privacy. These protocols are the fundamental security foundations that allow applications such as Internet browsing, instant messaging and e-mailing to be safer from tampers and eavesdropping.

Examples
<span style="background-color: transparent; color: #000000; font-family: arial,helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">A good way to understand cryptography and an example of one is the PigPen Cipher. This example allows shapes to to correspond to the words in the following diagram. [5] <span style="font-family: Arial,Helvetica,sans-serif;"> Link for PigPen: <span style="background-color: transparent; color: #1155cc; font-family: Arial,Helvetica,sans-serif; font-size: 15px; vertical-align: baseline;">[]

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">The Alpha Crypt Text Message Encryptor utilizes a symmetric cipher key as well as a hash function. The advantage of this allows for the ciphertext to be processed back into a plaintext, as well as remain much more resilient to brute-force attacks.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">http://www.myersdaily.org/joseph/javascript/alphac.html

=<span style="font-family: Arial,Helvetica,sans-serif;">Cryptanalysis =

<span style="font-family: Arial,Helvetica,sans-serif;"> <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Cryptanalysis is the art of retrieving the original data from the encrypted data through various strategies without the use of a key. Cryptanalysis looks for weaknesses that would allow for retrieval of the plaintext from the ciphertext without knowledge of what the key or the cipher is. Cryptanalysts today look for different ways to break into encrypted data. Most notably and universally, the brute-force attack checks through all the possible keys until the code is found. The problem with brute-force attack is that the larger the key, the longer it can take to process through all potential keys with the current technology. Cryptanalysts then use complex mathematical equations to find more efficient ways to crack into an encrypted message. [4]

==<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Examples of cryptanalysis strategies ==

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Brute-force - assuming the password only accepts numbers and letters, and has a size between 4 to 10 characters, the program will start with something like “aaaa”, and end with “0000000000” hoping that the password is found in between. This is also known as the guessing approach.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Known-plaintext analysis - by knowing some of the information stored in the plaintext, deducing the code is much easier

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Chosen-plaintext analysis - the cryptanalyst holds the key of the encrypted plaintext and is able to obtain the ciphertext with it but the key itself is virtually unbreakable. The user is able to deduce the text that has been ciphered and compare it to the plaintext.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Ciphertext-only analysis - this is just basically an analyst that attempts to guess their way through the ciphertext and uses their knowledge of the sender’s writing style to deuce the possibilities of the plaintext.

<span style="background-color: #ffffff; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Man-in-the-middle-attack - the attacker tricks two parties into thinking that they are talking to each other and tries to take their secret keys. The two parties end up using keys that are revealed to the attacker. Hash functions can counter this type of attack.

<span style="background-color: #ffffff; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Timing/differential power analysis - this technique measures the differences in electrical usage every time the microchip performs the function to secure its information. This is a new technique that was made public in June 1998 and is especially effective against smart cards.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Related-key attack - a more efficient brute-force technique, with added exceptions to reducing the amount of keys they would need to process (ex. if the key does not include a few letters, exclude those letters while brute-forcing)

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Dictionary attack - using dictionary words and possibly adding a few numbers to the end, and go through all the words of the dictionary to crack the password. This is easily defeated by making a password stronger by adding numbers, or converting the password to mixed case, or “1337” speak, though some dictionary attacks focus on these approaches too.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Countermeasures
<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">To counter brute-force and many others, increasing the key size will extend the amount of time required to break the key. With current technology and most efficient cryptanalysis strategies (biclique), it would take 2^250+ years to exhaust the entire AES 256-bit key library. If the key size was lower, for example at 64-bits, it would take a few minutes, if not mere seconds to break the cipher.

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">One-time pad is a type of encryption that uses a secret random key of the same or larger size for each bit or character of the plaintext. Due to its nature, it is technically mathematically impossible to break the cipher without knowing each key. [4]

=<span style="background-color: #ffffff; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; text-decoration: none; vertical-align: baseline;">Terminology = <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Asymmetric Algorithm - an algorithm in which the key used to encrypt is different from the key used to decrypt, another term for Public Key Cryptography <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Attack - a strategy to counter cryptography <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Block Cipher - an algorithm that encrypts in blocks <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Breaking - acquiring the ciphertext without knowledge of what the cipher or key is <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Cipher - an algorithm used for performing encryption and/or decryption <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Ciphertext - the end result of the encryption process <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Digest - encoded information (the ciphertext) of a hash function <span style="background-color: #ffffff; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Digital Signature - an encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender <span style="background-color: transparent; color: #000000; font-family: arial,helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Hash - see Digest <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Plaintext - the original unencrypted message <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Key - a piece of information that determines the functional output of the algorithm <span style="background-color: transparent; color: #000000; font-family: arial,helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Key size - measurement/size of the key in bits <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Plaintext - the original unencrypted message <span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Symmetric Algorithm - another term for Secret Key Cryptography

<span style="background-color: transparent; color: #1155cc; font-family: Arial,Helvetica,sans-serif; font-size: 15px; vertical-align: baseline;"><span style="background-color: #ffffff; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; vertical-align: baseline;">For more: []

<span style="background-color: transparent; color: #000000; font-family: Arial,Helvetica,sans-serif; font-size: 15px; text-decoration: none; vertical-align: baseline;">Reference Sources
[1] "1.7 Why is cryptography important?." RSA Laboratories. n. page. Web. 26 Apr. 2012. <http://www.rsa.com/rsalabs/node.asp?id=2162>.

[2] Kessler, Gary. "An Overview of Cryptography." Overview of Cryptography. n. page. Web. 26 Apr. 2012. <http://www.garykessler.net/library/crypto.html>.

[3] Heish, Paul. "Hash Functions." Principia Computoria. Web. 27 Apr. 2012. <http://www.azillionmonkeys.com/qed/hash.html>.

[4] Pawliw, Borys. "cryptanalysis." SearchSecurity. n. page. Web. 26 Apr. 2012. <http://searchsecurity.techtarget.com/definition/cryptanalysis>.

[5] "PigPen Cipher." Secret Code Breaker. n. page. Web. 26 Apr. 2012. <http://www.secretcodebreaker.com/pigpen.html>.

[6] Tyson, Jeff. "How Encryption Works." HowStuffWorks "How Encryption Works" HowStuffWorks. Web. 27 Apr. 2012. <http://computer.howstuffworks.com/encryption.htm>.

[7] "What Is TLS/SSL?" What Is TLS/SSL? Logon and Authentication. Microsoft, 28 Mar. 2003. Web. 27 Apr. 2012. <http://technet.microsoft.com/en-us/library/cc784450%28v=ws.10%29.aspx>.


 * [x] indicates the reference sources