diff options
Diffstat (limited to 'blog/2020-02-09-cryptography-basics.org')
| -rw-r--r-- | blog/2020-02-09-cryptography-basics.org | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/blog/2020-02-09-cryptography-basics.org b/blog/2020-02-09-cryptography-basics.org deleted file mode 100644 index fc809ca..0000000 --- a/blog/2020-02-09-cryptography-basics.org +++ /dev/null @@ -1,163 +0,0 @@ -#+date: 2020-02-09 -#+title: Cryptography Basics - -* Similar Article Available - -If you haven't already, feel free to read my post on [[./2018-12-08-aes-encryption.html][AES Encryption]]. - -* What is Cryptography? - -In layman's terms, cryptography is a process that can change data from a -readable format into an unreadable format (and vice-versa) through a series of -processes and secrets. More technically, this is the Internet Security -Glossary's definition: - -#+BEGIN_QUOTE -[Cryptography is] the mathematical science that deals with transforming data -to render its meaning unintelligible (i.e., to hide its semantic content), -prevent its undetected alteration, or prevent its unauthorized use. If the -transformation is reversible, cryptography also deals with restoring encrypted -data to an intelligible form. - -- [[https://tools.ietf.org/html/rfc2828][Internet Security Glossary (2000)]] -#+END_QUOTE - -Cryptography cannot offer protection against the loss of data; it simply offers -encryption methods to protect data at-rest and data in-traffic. At a high-level, -encrypted is when plaintext data is encrypted to ciphertext (a secure form of -text that cannot be understood unless decrypted back to plaintext). The -encryption process is completed through the use of a mathematical function that -utilizes one or more values called keys to encrypt or decrypt the data. - -* Key Elements of Cryptographic Systems - -To create or evaluate a cryptographic system, you need to know the essential -pieces to the system: - -- *Encryption Algorithm (Primitive):* A mathematical process that encrypts and - decrypts data. -- *Encryption Key:* A string of bits used within the encryption algorithm as - the secret that allows successful encryption or decryption of data. -- *Key Length (Size):* The maximum number of bits within the encryption key. - It's important to remember that key size is regulated in many countries. -- *Message Digest:* A smaller, fixed-size bit string version of the original - message. This is practically infeasible to reverse, which is why it's commonly - used to verify integrity. - -* Symmetric Systems (Secret Key Cryptography) - -Symmetric cryptography utilizes a secret, bidirectional key to perform both -encryption and decryption of the data. The most common implementation of -symmetric cryptography is the Advanced Encryption Standard, which uses keys that -are 128 bits to 256 bits in size. This standard came after the National -Institute of Standards and Technology (NIST) decided to retire the Data -Encryption Standard (DES) in 2001. - -Since brute force attacks strongly correlate with key length, the 56-bit key -length of DES was considered insecure after it was publicly broken in under 24 -hours. However, there is a modern implementation of DES called Triple DES where -the DES method is applied three times to each data block. - -The main advantages to symmetric systems are the ease of use, since only one key -is required for both encryption and decryption, and the simplicity of the -algorithms. This helps with bulk data encryption that may unnecessarily waste -time and power using asymmetric systems. - -However, symmetric systems have disadvantages to keep in mind. Since the key is -private, it can be difficult to safely distribute keys to communication -partners. Additionally, the key cannot be used to sign messages since it's -necessary to keep the key private. - -* Asymmetric Systems (Public Key Cryptography) - -Asymmetric cryptography utilizes two keys within the system: a secret key that -is privately-held and a public key that can be distributed freely. The -interesting aspect of asymmetric cryptography is that either key can be used to -encrypt the data, there's no rule that dictates which key must be used for -encryption. Once one key is used to encrypt the data, only the other key can be -used to decrypt the data. This means that if the private key encrypts the data, -only the public key can decrypt the data. - -An advantage of this system is that if you successfully decrypt data using one -of the keys, you can be sure of the sender since only the other key could have -encrypted the data. - -One of the major implementations of an asymmetric system is a digital signature. -A digital signature can be generated using the sender's private key, or a -one-way hash function and is used to provide assurance for the integrity and -authenticity of the message. A couple common message digest algorithms are -SHA-256 and SHA-512, which securely compress data and produce a 128-bit message -digest. - -It should be noted that man-in-the-middle attacks are one of the risks with -digital signatures and public keys. To combat this, applications often use a -public key infrastructure (PKI) to independently authenticate the validity of -signatures and keys. - -Due to the large key size and [[https://crypto.stackexchange.com/a/591][inefficient mathematical functions]] of asymmetric -encryption, elliptical curve cryptography (ECC) is often used to increase -security while using fewer resources. - -* Applications of Cryptographic Systems - -There are quite a few implementations of cryptographic systems around the world. -Here are a few popular examples: - -*Transport Layer Security (TLS):* One of the most famous cryptographic -solutions created is TLS, a session-layered or connection-layered internet -protocol that allows for secure communications between browsers and servers. -Using handshakes, peer negotiation, and authentication allows TLS to prevent -eavesdropping and malicious transformation of data. The major reason for TLS -popularity is that a major vulnerability was found in the SSL protocol in 2014. -Instead of SSL, TLS can be used with HTTP to form HTTPS and is the preferred -method for modern web development due to its increased security. - -*Secure Hypertext Transfer Protocol (HTTPS):* An application layer protocol -that allows for secure transport of data between servers and web clients. One of -the unique parts of HTTPS is that it uses a secured port number instead of the -default web port address. - -*Virtual Private Network (VPN):* VPNs are made to securely extend a private -network across public networks by utilizing an encrypted layered tunneling -protocol paired with an authentication method, such as usernames and passwords. -This technology originally allowed remote employees to access their company's -data but have evolved into one of the top choices for anyone who wishes to mask -their sensitive personal data. - -*Internet Protocol Security (IPSec):* This protocol suite facilitates -communication between two or more hosts or subnets by authenticating and -encrypting the data packets. IPSec is used in a lot of VPNs to establish the VPN -connection through the transport and tunnel mode encryption methods. IPSec -encrypts just the data portion of packets in the transport methods, but it -encrypts both the data and headers in the tunnel method (introducing an -additional header for authentication). - -*Secure Shell (SSH):* SSH is another network protocol used to protect network -services by authenticating users through a secure channel. This protocol is -often used for command-line (shell) functions such as remote shell commands, -logins, and file transfers. - -*Kerberos:* Developed by MIT, Kerberos is a computer-network authentication -protocol that works on the basis of tickets to allow nodes communicating over a -non-secure network to prove their identity to one another securely. This is most -commonly used in business environments when used as the authentication and -encryption method for Windows Active Directory (AD). - -* Cybersecurity Controls - -If you're someone who needs solutions on how to control risks associated with -utilizing a crytograhpic system, start with a few basic controls: - -- *Policies:* A policy on the use of cryptographic controls for protection - of information is implemented and is in accordance with organizational - objectives. -- *Key management:* A policy on the use, protection and lifetime of - cryptographic keys is implemented through the entire application lifecycle. -- *Key size:* The organization has researched the optimal key size for their - purposes, considering national laws, required processing power, and - longevity of the solution. -- *Algorithm selection:* Implemented algorithms are sufficiently appropriate - for the business of the organization, robust, and align with recommended - guidelines. -- *Protocol configuration:* Protocols have been reviewed and configured - suitable to the purpose of the business. |