. Cryptography is a framework of methodologies used to ensure the CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity. . The need for cryptographic techs was as old as the need to keep the critical info secure , safe and authentic . the techs were invented in different forms that can be compatible with their current age , while the concept is the same . . Cryptography was known anciently as Encryption which means : Hiding the information from unauthorized entities . Various methods were used to adopt this purpose , it could be implemented manually , mechanically or even electronically . <ul><ul><li>Cryptography ?? </li></ul></ul>
. SCYTALE , is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it . . “ HELP ME I AM UNDER ATTACK “ will be "HENTEIDTLAEAPMRCMUAK“ , and it totally depends on the diameter of the rode , which is the key to decipher the message .
. Nowadays are a bit different , as we are not talking about only encryption when dealing with cryptography , hashing shares the place with encryption to form the whole framework (cryptographic framework) ; hashing role is to ensure the integrity of the message . So , back to the CIA triad , encryption is used to insure the confidentiality, hashing is for ensuring the integrity and a combination of encryption & hashing for ensuring the authenticity of the message sender . . Encryption and Hashing can be considered now as systems that need an input to deliver an output , this system is controlled by a set of mathematical equations which is known as an algorithm.
<ul><ul><li>Encryption </li></ul></ul>. As we stated before , Encryption is considered as a component of the cryptographic framework . It’s role is to offer the confidentiality axis of the CIA triad . . Recalling the systematic view of any cryptographic component , Encryption needs an input (Clear message & key) to deliver the cipher form (output) , this cipher form to be decrypted (converted to the clear form ) we shall need a key and the same algorithm .
. Encryption can be implemented symmetrically or asymmetrically . . If we are using symmetric encryption , then we will encrypt the clear message with one key and decrypt it with the same key ; encryptor and decryptor should have the same key .
. On the other hand , for Asymmetric encryption , the sender will use a key to encrypt the message and the receiver will use a different key to decrypt the message , in case we have a bidirectional communication , each pair will use two keys one of them is public for others and a private key for himself.
Symmetric Encryption . To wrap the concept let us discuss a case for three entities that need to communicate securely using symmetric encryption . . From the figure , we can conclude that we will use 9 different private keys for achieving bidirectional communication between xyz and abc . . We can conclude also that we need to define a way by which we can exchange these private keys in a secure manner between distant entities . . We will recall these two conclusions a bit later .
. DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms .
Asymmetric Encryption . Back to the same case that was assumed when using symmetric encryption. . ABC and XYZ have their public keys distributed over each other , anyone needs to talk to the other will use the other’s public key to encrypt the traffic and the other will use his own private key to decrypt the traffic , X will use A’s public key to encrypt clear traffic A will receive the cipher to decrypt it using his own private key . . Less number of keys and simple key distribution .
. RSA is a famous asymmetric key encryption algorithm . Ron R ivest ## left Adi S hamir ## Middle Leonard A dleman ## Right
. Let us now compare them (symmetric and asymmetric) : 1- Symmetric key encryption suffers from scalability issues ; to achieve a secure communication between N points , we will need to generate (N(N-1))/2 different keys . 3- Symmetric key encryption requires “ out of band “ secure exchange of keys , because , both the communicating parties needs to know about the keys before proceeding into the communication . 4- Asymmetric key encryption systems are incredibly complex , and that complexity will surely impact the performance . Asymmetric key encryption is up to 1000 times slower than symmetric key encryption . . Now how can we deal with that problem ?!!! , Diffie and Hellman will answer this question for us .
Diffie-hellman <ul><li>Diffie-Hellman algorithm will use public key encryption to only distribute symmetric keys for communicating parties , symmetric key encryption will be used to deal with clear data to create the cipher , so we will have no odds :: high performance using symmetric key encryption and simple key distribution process using Diffie-Hellman algorithm , as we will sure see here and the demos section . </li></ul>
<ul><li>Khaled will generate two (public and private ) keys using his own Diffie-Hellman algorithm , Ali will do the same thing ; both of them will exchange his own public key , khaled will have his own private key and Ali’s public key , he will use his Diffie-Hellman algorithm to generate a new private key ; Ali will have the same private key if he executed the same operation. </li></ul>
Hashing <ul><li>Hashing is the second component of the cryptographic framework , its role is to ensure the integrity of a message . The most important aspect of integrity violation is that the target of the attack is not aware about the violation occurrence , simply , if he knew he will request for a retransmission . </li></ul><ul><li>The problem is that I am communicating with my co-workers basing on a false information . </li></ul><ul><li>Hashing is an irreversible process with no keys , the clear message is the only input for the hashing process . </li></ul>
<ul><li>The message will be delivered as an input to the hashing system , hashing system will create message digest (hash) from the clear message , it will then append the digest to the message and then send them over the media ; The recipient will have the message to create a new digest and then compare the two digests . </li></ul>
<ul><li>A simple newbie can execute an MITM attack , he will be able to receive the message with the digest from the sender so as to create a new fake message with a new generated hash from the fake message (using the same hashing algorithm) to be sent to the poor receiver . </li></ul><ul><li>HMAC , the solution for this problem . </li></ul>
<ul><li>MD5 and SHA are the most used hashing algorithms , SHA is more secure than MD5 . </li></ul>
Digital signature <ul><li>This is our last step for completing the CIA triad , how can we ensure authenticity using cryptography !!! </li></ul><ul><li>Digital signature is a mechanism by which we can authenticate the message sender on a message basis , each message needs to be authenticated , this needs to be clarified , digital signature is not a connection based authentication mechanism like pap , chap , kerborse , TACACS ............... </li></ul><ul><li>Digital signature uses a combination of encryption and hashing . </li></ul>
<ul><li>The message will be hashed , the digest will be encrypted by the sender private key and then sent with message to the recipient . </li></ul><ul><li>We have a demo for Digital signature . </li></ul>
Authentication Protocols <ul><li>As we are taking about connection based authentication mechanism , we will deal with protocols rather than algorithms . This is to briefly list famous authentication protocols : </li></ul><ul><li>1- PAP </li></ul><ul><li>2- CHAP </li></ul><ul><li>3- MS-CHAP </li></ul><ul><li>4- NTLM </li></ul><ul><li>5- EAP </li></ul><ul><li>6- PEAP </li></ul><ul><li>7- Kerberos </li></ul><ul><li>8- TACACS+ </li></ul><ul><li>9- Radius </li></ul><ul><li>10- Diameter </li></ul>
PKI <ul><li>Public Key Infrastructure is a Trust Connectivity media , I need to trust the sender before beginning a new session with him , how can I know that this public key is the one owned by the real sender; I need someone between us , someone that I can trust and that can trust this remote sender . </li></ul><ul><li>How can I trust you? </li></ul><ul><li>Answer: The CA trusts me. </li></ul><ul><li>How can I know the CA trusts you? </li></ul><ul><li>Answer: You can see my certificate issued by the CA. </li></ul><ul><li>.So , PKI is not for authentication, but it can be considered as a pre-authentication phase . </li></ul><ul><li>.We will have a full PKI course . </li></ul>
Cryptosystems <ul><li>Cryptosystem is an implemented form of the cryptographic framework , it consists of three components : </li></ul><ul><li>1- algorithms : cryptographic engines for doing encryption and hashing . </li></ul><ul><li>2- protocols : for establishing connections and negotiating parameters between the communicating parties . </li></ul><ul><li>3- keys : for encryption algorithms . </li></ul><ul><li>IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems , some of them provide the full CIA tirade . The only factor that differentiate between these cryptosystems is the protocol used to establish the connection and negotiate the parameters . </li></ul>
Cryptanalysis <ul><li>“ Breaking a cipher doesn't necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext. In academic cryptography, the rules are relaxed considerably. Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute-force ” Bruce Schneier . </li></ul>