What Is

Cryptography
By David.K

Cryptographic services are the foundation for many security implementations, and provide
confidentiality and integrity of data, when data might be exposed to untrusted parties.
Understanding the basic functions of cryptography and how encryption and hashing
provide confidentiality and integrity is important to creating a successful security policy.
It is also important to understand the issues that are involved in key management

Cryptology is the science of the making and breaking of secret codes. Cryptology is broken
into two separate disciplines as shown below

Cryptology:

1. Cryptography: Development and Use of Codes

2. Cryptoanalysis: Breaking Codes

All algorithms are vulnerable to brute force. If every possible key is tried, one of the keys
has to work. Therefore, no algorithm is unbreakable. The best you can hope for are algorithms
that are vulnerable only to brute-force attacks.

Two separate techniques can be used to try to achieve secure communication and they are cryptography,
which is the science of encrypting a message and the second technique is called steganography, which
pertains to the method used to hide a message. The message is being hidden either within another
message or by other means.

Ciphers
A cipher is an algorithm for performing encryption and decryption; they are a series of
well-defined steps that you can follow as a procedure. Substitution ciphers simply substitute
one letter for another. In their simplest form, substitution ciphers retain the letter frequency
of the original message.
They are vulnerable to frequency analysis because it retains the frequency patterns found in the
language.
Because of this weakness, polyalphabetic ciphers were invented.

Vigenère Cipher
The Vigenère cipher is a polyalphabetic cipher that encrypts text by using a series of different Caesar
ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution and therefore
invulnerable to frequency analysis.
Transposition Cipher and a brute force attack
In transposition ciphers, no letters are replaced, they are simply rearranged, because the letters are just
rearranged a brute force attack on it will break it.

Transposition rule:
1st Letter Goes in 3rd Position
2nd Letter Goes in 1st Position
3rd Letter Goes in 2nd Position

Clear Text: CHAMPLAIN

Grouping of 3 Letters: CHA MPL AIN
Applying Substitution: CHA MPL AIN
First set(repeat position for all three sets)
2 to 1 position

1 to 3 position

3 to 2 position

Archived Cipher Text: ACHLMPNAI

The Process of Encryption

Encryption is the process of disguising a message in such a way as to hide its original contents,
With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable,
“disguised” message. Decryption reverses Old encryption algorithms, such as the Caesar cipher or the
Enigma machine, were based on the secrecy of the algorithm to achieve confidentiality.

With modern technology, where reverse engineering is often simple, public-domain algorithms are often
used. With most modern algorithms, successful decryption requires knowledge of the appropriate
cryptographic keys; that is, the security of encryption lies in the secrecy of the keys, not
the algorithm.

Modern encryption algorithms

Modern encryption algorithms such as the Triple Data Encryption Standard (3DES) and
the Advanced Encryption Standard (AES) are readily distributed and because we all share
the same algorithms there is no need for protection but rather the protection of the cryptographic keys
used with the algorithms.

Encryption Application Examples

IP Security (IPsec)
The IP Security (IPsec) protocols can provide this encryption functionality for all the
packets routed over an untrusted network. The encrypting IPsec peer takes a packet with
the plaintext payload, encrypts the payload into ciphertext, and forwards the packet to
the untrusted network. Its IPsec partner receives the ciphertext payload packet and decrypts
the payload into the original plaintext. The two IPsec peers share the same encryption
and decryption algorithm and proper keys.
SSL protocol
The SSL protocol provides an encrypted channel on top of an existing TCP session. For
example, HTTPS provides, among other services, confidentiality of the session between a
web browser and a web server, using symmetric cryptography.

Both IPsec and SSL are used to set up a VPN.

An IPsec VPN is application independent, and requires a specialized IP stack on the end system or in the
packet path that includes IPsec.

An SSL-based VPN supports only web-based applications, but the SSL software is
included with all Internet browsers.

Layer 2 encryption or data-link encryption.

In contrast to IPsec and SSL, Layer 2 encryption, also known as data-link encryption, encrypts
the whole frame, including the physical address fields located in the header of the
frame, and therefore can be used only on point-to-point links where no network switching
or routing equipment is required for path decision.

Cryptanalysis
Cryptanalysis is the practice of breaking codes to obtain the meaning of encrypted data.
An attacker who tries to break an algorithm or encrypted ciphertext might use one of the
following attacks:

1. Brute-force attack
2. Ciphertext-only attack
3. Known-plaintext (the usual brute-force) attack
4. Chosen-plaintext attack
5. Chosen-ciphertext attack
6. Birthday attack
7. Meet-in-the-middle attack

Brute-Force Attack
In a brute-force attack, an attacker tries every possible key with the decryption algorithm,
knowing that eventually one of them will work. All encryption algorithms are vulnerable
to this attack. On average, a brute-force attack will succeed about 50 percent of the way
through the keyspace. The objective of modern cryptographers is to have a sufficiently
large keyspace so that it takes too much money and too much time to accomplish a bruteforce
attack.

Ciphertext-Only Attack
In a ciphertext-only attack, the attacker has the ciphertext of several messages, all of
which have been encrypted using the same encryption algorithm, but the attacker has no
knowledge of the underlying plaintext. The job of the attacker is to recover the ciphertext
of as many messages as possible, or better yet, to deduce the key or keys used to encrypt
the messages so as to decrypt other messages encrypted with the same keys. The attacker
could use statistical analysis to achieve the result. Those attacks are no longer practical today
because modern algorithms produce pseudorandom output that is resistant to statistical
analysis.

Known-Plaintext Attack
In a known-plaintext attack, the attacker has access to the ciphertext of several messages,
but also knows something about the plaintext underlying that ciphertext. With knowledge
of the underlying protocol, file type, and some characteristic strings that might appear
in the plaintext, the attacker uses a brute-force attack to try keys until decryption
with the correct key produces a meaningful result. This attack may be the most practical
attack, because attackers can usually assume the type and some features of the underlying
plaintext, if they can only capture ciphertext. However, modern algorithms with enormous
keyspaces make it unlikely for this attack to succeed, because on average an attacker
would have to search through at least half of the keyspace to be successful.

Chosen-Plaintext Attack
In a chosen-plaintext attack, the attacker chooses what data the encryption device encrypts
and observes the ciphertext output. A chosen-plaintext attack is more powerful
than a known-plaintext attack because the attacker gets to choose the plaintext blocks to
encrypt, allowing the attacker to choose plaintext that might yield more information
about the key. This attack might not be very practical, because it is often difficult or impossible
to capture both the ciphertext and plaintext, unless the trusted network has been
broken into, and the attacker already has access to confidential information.

Chosen-Ciphertext Attack
In a chosen-ciphertext attack, the attacker can choose different ciphertexts to be decrypted
and has access to the decrypted plaintext. With the pair, the attacker can search
through the keyspace and determine which key decrypts the chosen ciphertext in the captured
plaintext. For example, the attacker has access to a tamperproof encryption device
with an embedded key. His job is to deduce the embedded key by sending data through
the box. This attack is analogous to the chosen-plaintext attack. This attack might not be
very practical, because it is often difficult or impossible to capture both the ciphertext
and plaintext, unless the trusted network has been broken into, and the attacker already
has access to confidential information.

Birthday Attack
The birthday attack gets its name from the amazing statistical probability involved in two
individuals having the same birthday. According to statisticians, the probability that 2
people in a group of 23 people share the same birthday is greater than 50 percent.
This particular attack is a form of brute-force attack against hash functions. If some function,
when supplied with a random input, returns one of k equally likely values, then by
repeating the function with different inputs, the same output is expected after 1.2k1/2 number
of times.

Note: To test the birthday theory, input 365 in the place of k.

Meet-in-the-Middle
The meet-in-the-middle attack is a known-plaintext attack. Do not confuse this with the
man-in-the-middle attack, which is discussed later. In a meet-in-the-middle attack, the attacker
knows a portion of the plaintext and the corresponding ciphertext. The plaintext is encrypted with
every possible key, and the results are stored. The ciphertext is then decrypted
using every key until one of the results matches one of the stored values.

Encryption Algorithm Features

The following are features that a good encryption algorithm provides:
Resists cryptographic attacks
Supports variable and long key lengths and scalability
Creates an avalanche effect
Does not have export or import restrictions

A good cryptographic algorithm is designed in such a way that it resists common cryptographic
attacks. The best way to break data protected by the algorithm is to try to decrypt
the data using all the possible keys. The amount of time that such an attack needs depends
on the number of possible keys, but is generally very, very long. With appropriately long
keys, such attacks are usually considered unfeasible.

Variable-key lengths and scalability are also desirable attributes of a good encryption algorithm.
The longer the encryption key, the longer it takes an attacker to break it. For example,
a 16-bit key would mean that there are 65,536 possible keys, but a 56-bit key
would mean there are 7.2 x 1016 possible keys. Scalability provides flexible key length and
allows you to select the strength and speed of encryption that you need.
When changing only a few bits of the plaintext message causes its ciphertext to change
completely, this is known as an avalanche effect. The avalanche effect is a desired feature
of an encryption algorithm because it allows very similar messages to be sent over an untrusted
medium, with the encrypted (ciphertext) messages being completely different.