One of the earliest ways to encrypt a message was with a substitution cipher developed by Julius Caesar, known as the Caesar cipher. Today, in the information age, cryptology involves the use of computers to create complex algorithms. In this unit, we examine various symmetric and asymmetric key algorithms, as well as hashing algorithms. Encryption is a tool that can be used to support all three tenets of the CIA triad, the goal of information security.
Completing this unit should take you approximately 8 hours.
As you begin this section on cryptography, it is important to review a brief history of the origins of cryptography to understand why cryptography was developed. The timeline of cryptography dates to the times of Julius Caesar and continues through some important times in our history during the first and second world wars. Cryptography is as important, or possibly more important today than it was in previous years due to advancements in technology. This unit describes the mechanism of the Caesar cipher and shows how to encipher your own message. This section also describes the one-time pad (OTP) and why it is secure.
Read this article to learn about the evolution of cryptography; the methods used to secure communication. One of the earliest methods of encryption you will read about is substitution ciphers. The beginning of WWI brought advancements in computational power; advancements that encouraged the development of electromechanical cipher machines used in WWII. One such infamous machine was the German Enigma machine, and the cracking of the enigma code was pivotal for the war. Today's modern cryptography uses computers to devise complex ciphers. As you read, take note of some important names and abbreviations in cryptographic history. Who was Shannon, Diffie, and Hellman? What do the abbreviations DES and AES represent and in what years were they developed? When was symmetric key cryptography used, and when was asymmetric cryptography developed?
Read this section on classical cryptosystems. Pay attention to the substitution cipher, the Vigenere cipher, and the Enigma cipher. As you read, consider these study questions: Who was the Vigenere cipher named after, and who first cracked the Vigenere cipher? Who cracked the Enigma cipher, and what repeated phrase at the end of every message helped to break the cipher? What is perfect secrecy?
After reading, you should be able to explain why this cipher is called the Caesar cipher, and you will be able to encipher a simple message using the Caesar substitution cipher.
Read this source to understand why a one-time pad (OTP) is considered to be secure. Take note of the conditions that must be met to ensure the OTP cannot be broken.
Now that you understand why and how cryptography was developed, you will learn about the primary goals of cryptography. Cryptography is used today to protect the confidentiality and integrity of data. You saw that confidentiality and integrity were part of the CIA triad and are protected by cryptography, but additionally cryptography is used to provide for nonrepudiation and authenticity. Nonrepudiation means the sender cannot deny sending the data or message. An example of nonrepudiation is when an email is sent using a digital signature. Authentication is the acceptance of credentials to prove identity. When a user enters the correct username and password, the user is authenticated and is allowed access to the system. These are important concepts to understand as an organization may require the information systems professional to evaluate or to provide cryptographic methods of nonrepudiation and authenticity.
There are four main goals in cryptography: confidentiality, integrity, authentication, and non-repudiation Read the section on the goals of cryptography to understand each concept. Notice how the cryptographic goals segue with the CIA triad discussed in the previous unit with one addition: non-repudiation. Non-repudiation will be discussed in more detail in the next section of this unit.
Cryptology provides for confidentiality and non-repudiation. Confidentiality is protecting from unauthorized view, while non-repudiation is that the sender cannot deny sending the message. What method of encryption ensures confidentiality? What ensures non-repudiation? You should be able to explain how confidentiality and non-repudiation work together.
Cryptographic methods protect for confidentiality, authenticity, and integrity. Authenticity is proving who you are, and integrity is protecting the data from unauthorized changes. By reading this article you should be able to explain the concepts of confidentiality, authenticity, and integrity. What cryptographic methods can be used to provide for all three concepts?
Authentication was discussed in the previous section. This section will discuss different cryptographic methods to provide for authentication to include symmetric and asymmetric authentication. After watching, you should be able to explain authentication, the risks of impersonation, and be able to define certificates and certificate authorities.
This section describes the three different methods of encryption: symmetric, asymmetric, and hashing. As you saw in the history of cryptography, symmetric key cryptography was the primary encryption method until asymmetric encryption was developed in the 1970s. Both encryption methods need a method of encryption and decryption, but hashing is one-way function as it cannot be reversed. The following sections will describe the attributes and the purposes of these three encryption methods, and it will describe how hashing is used in conjunction with asymmetric encryption.
This article describes symmetric key ciphers. As you read the article, take note of the major issue associated with key distribution of symmetric key ciphers and the advantage of symmetric key ciphers over asymmetric key ciphers.
Watch this video where Alice sends a message to Bob that has been encrypted with a symmetric key. If Bob wants to read the message, what key does he use to decrypt the message?
Asymmetric ciphers have two keys: public and private. While reading, take note of which key encrypts the message and which key decrypts the message. What is a known weakness to this type of encryption?
Watch this video where this time Alice sends a message to Bob that has been encrypted with an asymmetric key. If Bob wants to read the message, what key does he use to decrypt the message?
A cryptographic hash algorithm can provide for integrity. When reading this article, pay attention to the section on applications of hash functions. The scenario with Alice and Bob is a good example of how a cryptographic hash can provide for message integrity. Be sure to understand the concept of a digest and try to comprehend the issue of a collision and the birthday paradox. You will learn more about the birthday paradox in a subsequent section.
This video will provide a more in-depth view of hashing. From this video, you should learn more about hash collisions, the avalanche affect, and make note of the names of hashing algorithms. You will learn more about the hashing algorithms mentioned in the video later in this unit.
To secure communication, a set of defined mathematical rules called algorithms are used for encryption. In this section, you will learn some of the different types of encryption algorithms used in symmetric and asymmetric encryption. You will start with symmetric encryption and learn about DES, 3DES, AES, RC4, RC5, RC6, Blowfish, and Twofish algorithms. For asymmetric encryption, you will learn about the RSA, DSA, PGP, GPG, Diffie-Hellman, and Elliptic-curve algorithms.
You already learned about symmetric key ciphers and the major issue with symmetric keys. Read the section in this article on symmetric key encryptions to learn more about the advantages and disadvantages of symmetric keys. There is more information about symmetric key ciphers in this article that will be covered in more detail later in this unit, but this article will give you a preview of 3DES, IDEA, and AES ciphers. View the flashcard tool as well to better understand and to learn the terms used in cryptography such as plaintext, ciphertext, key, encryption, decryption, countermeasure, symmetric key encryption, and block cipher.
This article explains data encryption standard (DES), an algorithm used in symmetric encryption. To understand the timeline of encryption algorithms in history, pay attention to the year this algorithm was created, the name of company that created it, and the name of the technique that made DES a vulnerable algorithm. Note that DES could also be cracked via brute force. What makes DES vulnerable to a brute force attack?
DES is no longer used but was a very popular algorithm at one time. The principal of DES is important to understand because it is used in other ciphers. If DES encrypts 64 message bits, why is the effective key size only 56 bits? Why is DES no longer used?
The next step up from DES is triple DES, or 3DES. Watch this video to learn why triple DES was used instead of double DES. Explain what 3DES is in relation to DES.
In this video the three key versions of 3DES, the length of each effective key, and the strength of each version is explained. If all three keys were the same, do you understand why 3DES would just be DES?
In this video, you will learn the process of encryption using AES. Notice what year AES was developed and why there was a need for a new encryption algorithm. How much faster is AES than 3DES?
RC4, RC5, and RC6 were series of algorithms developed in succession by RSA Security. The name RSA is an abbreviation taken from the names of the three owners: Rivest, Shamir, and Adleman. These three names will appear again in a subsequent section. In the article on the Rivest ciphers there are three sections you should read, one about each type of encryption. Notice the differences in block size, key size, and the number of rounds used in each algorithm. Then read and view the information on two more ciphers: blowfish and twofish. These ciphers also have the same creator and were created in succession. As you review this material, you will see that RC6 and twofish were created for the AES competition. Unfortunately, neither twofish nor RC6 were selected in the competition.
While you watch, consider these questions: What type of cipher is RC4? Who designed RC4 and in what year? In what applications is RC4 used? What are the limitations and the benefits of using RC4?
Read the section on RC4 in this article. Try to mentally follow the steps for encryption with the algorithm. What are some of the strengths and weaknesses of RC4 as noted in this article?
The RC5 algorithm was derived from the RC4 algorithm. While you read take note of the year RC5 was published. How much time was there between the development of RC4 and RC5? What type of symmetric cipher is RC5? Compare the three components of RC5 with the components of AES, do you see any similarities?
RC6 was developed for an advanced encryption standard (AES) competition but was not selected by the National Institute of Standards and Technology (NIST). In what year was it published, and who developed it? How is RC6 different from RC5?
The Blowfish cipher has been studied in information security for more than 20 years. As you learn about this cipher, pay attention to the creator and the year it was created. Is Blowfish still in use? Why is it in use, or why is it not in use? What type of cipher is Blowfish? What is the key length of Blowfish? Why would the Twofish cipher be chosen over Blowfish? Why would Blowfish be chosen over DES or IDEA?
Twofish succeeded blowfish and was also designed by Schneier. Read the section on the twofish cipher to learn about the length of the algorithm, and the types of environments where twofish can be used.
We discussed symmetric key algorithms first since they are easier to understand. Asymmetric key algorithms have an advantage in that no key distribution is required, but asymmetric keys are more complex in that they require more management oversight. This section will explain asymmetric key distribution, public-key cryptography, RSA, digital signature algorithm (DSA), pretty good privacy (PGP), GNU privacy guard, Diffie-Hellman cryptography, and elliptic-curve cryptography (ECC).
Previously you learned about asymmetric key algorithms and you should understand that asymmetric encryption requires two keys: public and private. As a review, using the flashcards define asymmetric key encryption, public key, private key, and digital certificate. Then read the section on asymmetric encryption.
Do you find asymmetric encryption and the use of a public and private key difficult to comprehend or explain? This video will explain asymmetric encryption, or non-secret encryption, and leads into RSA the first symmetric algorithm. Watch this video for a visual explanation of asymmetric encryption and RSA. On what principle is RSA based? Make note of the year RSA was developed and why it is called RSA.
RSA is an asymmetric algorithm and is attributed to three people but reading this article will explain who developed the algorithm years earlier. When reading this article, try to understand the section on key generation, encrypting messages, decrypting messages, and signing messages. Most importantly, note the speed of RSA in comparison to DES that was discussed in the section on symmetric key encryption. Also note how attacks such as man-in-the-middle and RSA blinding attacks can be avoided.
Digital signature algorithm (DSA) is used for authentication and is considered a signature algorithm. When reading section three of this article, pay the most attention to the steps in the scenario with Alice and Bob on how to obtain a digital signature using a private and public key, and how a digital signature verification is produced. To keep a basic idea on a timeline, also pay attention to the year that DSA was proposed. Attempt to follow through the reading on DSA key generation, signature generation, and signature verification although you are not expected to be able to explain these steps.
Pretty good privacy, known as PGP, is an open-source program that provides data encryption and is often used for email. This program uses a public and a private key for encryption and decryption, as you might expect. Read this article to understand how you can use PGP to encrypt email sent from your personal computer.
Now that you understand how PGP can be used, read this article to learn who developed PGP while taking note of the year it was developed. Be sure to read the sections on how PGP works as well as the encryption-decryption process using the public and private keys. As you will notice, the public keys versions are RSA that was previously discussed, and Diffie-Hellman that will be discussed in a later section.
To learn more in-depth information about PGP such as downloading and installing and learning how to create a key using, you may choose to watch this video.