CS406 Study Guide

Unit 3: Cryptographic Models

3a. Describe the history of cryptography and the role of cryptography in information security systems

  • How did WWI and WWII influence the history of cryptography?
  • What is the significance of the data encryption standard (DES)?
  • What was the important cryptographic development made by Diffie and Hellman?

One of the earliest methods of cryptography was substitution ciphers as was seen in the Caesar cipher. When WWI began, there were advancements in computational power such as the breaking of the German Enigma code by Rejewski in Poland. When the Germans changed the way the Enigma was used, more resources were required, and Turing stepped in to build an electronic machine to break code in much less time than what was done previously by hand.

Modern cryptography began in the late 1940s, and twenty years later a significant development was designed by IBM. The National Bureau of Standards, now known as the National Institute of Technology (NIST), submitted the data encryption standard (DES). The cipher was developed to support secure communication for financial organizations. The DES was the first publicly accessible cipher algorithm that was acknowledged by a crypto agency, the National Security Administration (NSA).

Diffie and Hellman published a paper on a new method of key distribution. Prior to their publication, symmetric keys were used that had the logistical problem of secret keys being disbursed to both the sender and the receiver. Diffie and Hellman's method of asymmetric keys used a private and public key, and only the private key is kept secret. This method is still in use today.

To review, read History of Cryptography, Classical Cryptosystems, Caesar Cipher, and One-time Pads.

 

3b. Discuss the goals of cryptography

  • What are the four main goals of cryptography?
  • How does cryptography support non-repudiation?
  • How do certificate authorities support authentication?

The four main goals of cryptography segue with the CIA triad, but are not identical to the three tenets of the CIA triad. Cryptography cannot directly protect for availability but can protect for integrity and confidentiality. Thus, the four goals of cryptography are confidentiality, integrity, authentication, and non-repudiation. Confidentiality and integrity can be reviewed from the discussion in a previous unit. Authentication is proving who you are, and non-repudiation means the sender cannot deny sending the message.

Non-repudiation can be confirmed using digital signatures. A message is hashed, and then the hashed method is encrypted using asymmetric encryption. The digital signature is the encrypted-hashed data and the sender's public key. The sender encrypts the message using their private key, and the receiver decrypts the message using the sender's public key.

Certificate authorities (CA) are vital to asymmetric encryption and authentication. The CA is a trusted third party that generates certificates and certifies the ownership of public keys. Without the third-party CA, asymmetric encryption would not be available.

To review, read Cryptographic Goals and Confidentiality, Integrity, and Authenticity, and watch Confidentiality and Non-Repudiation and Cryptographic Authentication.

 

3c. Compare symmetric key and asymmetric key algorithms

  • What is the main difference between symmetric and asymmetric key encryption?
  • Is symmetric or asymmetric key encryption faster?
  • What are the advantages of each type of encryption?

Symmetric key encryption uses one secret key. The same key is used by both the sender and the receiver to encrypt and decrypt. In asymmetric key encryption, encryption and decryption are accomplished using two keys: a public and a private key. The public key is used for encryption and the private key is used for decryption.

Symmetric key encryption is faster than asymmetric key encryption. The key lengths used for symmetric key encryption are shorter than those used for asymmetric key encryption. Asymmetric key encryption uses longer key lengths for a more complex algorithm to make it more difficult for attackers to crack the keys.

As stated in the previous paragraph, an advantage of symmetric key encryption is that encryption is faster due to the shorter key length. Symmetric keys also provide for confidentiality and authenticity. An advantage of asymmetric keys is that they are easier to distribute than symmetric keys. Asymmetric keys also provide for non-repudiation.

To review, read Symmetric Key Ciphers, Asymmetric Key Ciphers, and Cryptographic Hash, and watch What is Symmetric Key Encryption?, What is Asymmetric Encryption? and Hashing.

 

3d. Discuss the different types of symmetric and asymmetric key algorithms

  • What are the eight types of symmetric encryption and the six types of asymmetric key algorithms that were discussed in the curriculum?
  • What method was used to crack the data encryption standard (DES), and what replaced the DES algorithm?
  • What method was used to exchange cryptographic keys over a non-secure channel?

In this course, eight types of symmetric and six types of asymmetric key algorithms were discussed. The symmetric algorithms were DES, 3DES, AES, RC4, RC5, RC6, Blowfish, and Twofish. The asymmetric algorithms were RSA, DSA, PGP, GPG, Diffie-Hellman, and Elliptic-curve.

Data encryption standard was readily cracked by brute force due to the short key length of 56 bits. To make this algorithm cryptographically stronger, the algorithm was used to encrypt each block of data three times with different keys. Due to the number of times the data was encrypted, the algorithm was named 3DES.

 The Diffie-Hellman key exchange was designed by Diffie and Hellman in 1976. The key exchange used public and private keys that were securely exchanged over non-secure communications lines. Diffie-Hellman was the first to introduce the idea of public and private keys.

To review, see Symmetric Key Algorithms and Asymmetric Key Algorithms.

 

3e. Identify hashing algorithms and their role in creating digital certificates

  • What is the purpose of hashing?
  • How does hashing differ from symmetric and asymmetric encryption?
  • What are two ways that a hash is used?

Hashing is an algorithm that produces a message digest or hash value. This value represents the contents of a message. If the message is altered the hash will not be the same as no two messages will have the same hash value. A receiver will know if a message has been altered because the hash value will be different. Hashing protects data integrity.

Hashing differs from symmetric and asymmetric encryption in that it is a one-way encryption tool. A hash computes quickly and will always produce the same result on the exact same message. If a message is slightly altered the hash or message digest will change greatly. A hash does not use a public or private key.

A hash is used in a digital certificate. The message is first hashed, and then the message digest and the public key is encrypted and sent to the receiver. A hash can also be used for patching downloads. The hash for the patch is published, and before downloading the hash of the patch is compared to the patch to be downloaded. This protects from accidentally downloading malware to a system.

To review, see Cryptographic Hash, Message Digest History, Digital Certificates, Message Digest 5 (MD5), Secure Hash Algorithm (SHA-0, SHA-1, and SHA-2), FIPS PUB 202: SHA-3, and Hashed Message Authentication Code (HMAC).

 

Unit 3 Vocabulary

This vocabulary list includes the terms you will need to know to successfully complete the final exam.

  • algorithm
  • asymmetric encryption
  • authentication
  • certificate authority (CA)
  • cipher
  • decrypt
  • digital certificate
  • encrypt
  • enigma
  • hash
  • malware
  • message digest
  • National Institute of Technology (NIST)
  • National Security Administration (NSA)
  • non-repudiation
  • private key
  • public key
  • substitution
  • symmetric encryption