
What is steganography?
 Hides the existence of data
 What appears to be a harmless image can contain hidden data embedded within the image
 Can use image files, audio files, or even video files to contain hidden information

What is encryption?
 It is the process of converting an original message into a form that cannot be understood by unauthorized individuals.
 Encrypt/encipher: to encrypt or convert plaintext to cipher text.

What is decryption?
 Change the secret message back to its original form
 Decipher/decrypt: to decrypt or convert cipher text to plaintext

Encryption Definitions:
Plaintext?
the original unencrypted message that is encrypted and results from successful decryption. Readable data (by person or computer).

Encryption definitions:
Cipher?
The transformation of the individual components (characters, bytes, or bits) of an encrypted message into encrypted components.

Encryption definitions
Ciphertext or cryptogram
the unintelligible encrypted or encoded message resulting from an encryption. Neither human or machine can properly process it until it is decrypted.

Encryption definitions:
Algorithm
the mathematical formula or method used to convert an unencrypted message into an encrypted message. Set of rules that determines how enciphering and deciphering take place

Encryption definitions:
Key
the information used in conjunction with the algorithm to create the ciphertext from the plaintext; it can be a series of bits used in a mathematical algorithm, or the knowledge of how to manipulate the plaintext.

Encryption definitions:
Keyspace
A range or values that can be used to construct a key. Larger keyspace means more possible keys (and therefore harder to break).

Common Ciphers:
substition cipher
 you substitute one value for another:
 a monoalphabetic substitution used only one alphabet
 a polyalphabetic substitution uses two or more alphabets

Common Ciphers: Transposition
 or permutation cipher simply rearranges as the values within a block to create the cipher
 Caesar cipher
 Simple substitution and transposition ciphers are vulnerable to frequency analysis

Vernam Cipher
Also known as the onetime pad, the Vernam cipher was developed at AT&T and uses a set of characters that are used for encryption operations only one time and then discarded
the values from this onetime pad are added to the block of text, and the resulting sum is converted to text

One Time Pad
 Unbreakable if
 pad must be used only one time (otherwise patterns are introduced)
 pad must be at least as long as the message (again patterns)
 pad much be securely distributed and protected at its destination
 Pad must be securely distributed & protected at its destination & must be made up of truly random values/OTP is impractical in most situations

Book or Running Key Cipher
Another method used in the occasional spy movie, its the use of text in a book as the algorithm to decrypt a message.
 The key relies on 2 components:
 knowing which book to use
 a list of codes representing the page #, line #, and word # of the plaintext word.

Stream cipher
 Takes one character and replaces it with one character.
 Subtraction cipher is the simplest type of stream cipher
 Advantages and Disadvantages:
 fast when the plaintext is short
 more prone to attach because the engine that generates the stream does not vary

What are the 3 categories of Cryptographic Algorithms?
 1. Hashing algorithms
 2. Symmetric encryption algorithms
 3. Asymmetric encryption algorithms

Explain Hashing
 also called oneway hash (you can hash, but you can't unhash)
 a process for creating a unique "signature" for a set of data (this signature called a hash or digest represents the contents)
 hashing is used only for integrity to ensure that:
 information is in its orginal form
 no unauthorized person or malicious software has altered the data
 hash created from a set of data cannot be reversed
 use of hashes: at ATM's

A hashing algorithm is considered secure if it has these characteristics:
 the ciphertext hash is a fixed size (regardless of plaintext size)
 two different sets of data cannot produce the same hash, which is known as a collision
 it should be impossible to produce a data set that has a desired or predefined hash
 the resulting hash ciphertext cannot be reversedthe hash serves as a check to verify the message contents.
 hash values are often posted on Internet sites (in order to verify the file integrity of files that can be downloaded)

Hashing Algorithms and CIA+2
 Confidentiality: no
 Integrity: yes
 Availability: no
 Authenticity: no
 Nonrepudiation: no

Secure Hash Algorithm (SHA)
 A more secure hash than Message Digest, as a longer hash is harder to attack
 A family of hashes (SHA0, SHA1, SHA2)
 SHA3 is currently under development

Message Digest Algorithm
 one common hash algorithm
 three versions:
 1. Message Digest 2 (MD2)developed in 1989, now considered too slow
 2. Message Digest 4 (MD4)flawed, too easy to generate collisions
 3. Message Digest 5 (MD5)created in 1991. Successfully attacked in 2004.

Password Hashes
 Another use for hashes is in storing passwords
 when a password for an account is created, the password is hashed and stored
 not really a true hash, but really a oneway function
 in LM hashes, the password itself is the key

Symmetric Encryption
 Each of the methods of encryption and decryption described requires that the same algorithm and key are used to both encipher and decipher the message.
 this is known as private key encryption, secret key, or symmetric encryption
 in this approach to encryption, the same keya secret keyis used to encrypt and decrypt the message

Symmetric Encryption
 Symmetric encryption methods are usually extremely efficient, requiring easily accomplished processing to encrypt or decrypt the message.
 need separate key for each person you want to communicate with.
 biggest challenge in symmetric key encryption:
 1. getting a copy of the key to the receiver, process that must be conducted outofband to avoid interception

Symmetric encryption flow:
1. Plaintext to encryption (key) to ciphertext transmitted to remote user as ciphertext to decryption algorithm (key) to plaintext again.

Symmetric Cryptograhic Algorithums and CIA+2
 Confidentiality: yes
 Integrity: yes (by incorporating a hash)
 Availability: yes
 Authenticity: no (a true digital signature would give authenticity and nonrepudiation)
 Nonrepudiation: no (you can't tie it to a specific individualdo you know that it's John on the other end?)

Symmetric Cryptographic Algorithms, continued
Data Encryption Standard:
 one of the first widely used popular symmetric cryptography algorithms
 DES is a block cipher and encrypts data in 64bit blocks
 DES is a federally approved standard for nonclassified data, it was cracked in 1997 when the developers of a new algorithm, RivestShamirAldeman offered a $10,000 reward for the first person or team to crack the algorithm, 14,000 users collaborated over the Internet to finally break the encryption, it took 3 days & 1536 microprocessors.

Symmetric Crypto Algorithm, cont.
Triple Data Encryption Standard (3DES)
 designed to replace DES
 uses 3 rounds of encryption instead of just one, 16 iterations within each round
 2^56 times stronger than DES (Data Encryption Standard)

Symmetric Crypto Algorithms, cont.
Advanced Encryption Standard
 approved by the NIST in late 2000 as a replacement for DES (data encryption standard)
 AES (Advanced Encryption Standard) performs 3 steps on every block (128 bits) of plaintext
 in 1998 it took a special computer designed by the Electronic Freedom Frontier more than 56 hours to crack DES
 it would take the same computer approximately 4,698,864 quintillion years to crack AES.

What does it mean to say the algorithm is broken?
 someone was unable to uncover a key that was used during the encryption process (one key used for one instance of encryption)
 is the algorithm worthless if it has been broken?
 depends on who your enemies are and how valuable your info is

Asymmetric Cryptographic Algorithms
 Asymmetric cryptographic algorithms
 AKA: public key cryptography
 uses two keys instead of one
 the public key is known to everyone and can be freely distributed
 the private key is known only to the recipient of the message
 either key can be used to encrypt or decrypt the message
 however, if Key A is used to encrypt the message, then only Key B can decrypt it; conversely, if Key B is used to encrypt a message, then only Key A can decrypt it
 if the private key locks, the public key unlocks
 if the public key locks, the private unlocks

Characteristics of Asymmetric Cryptographic Algorithms
 slower than symmetric
 better key distribution than symmetric
 better scalability
 can also provide authentication and nonrepudiation

Flow of Asymmetric Crypto Algorithms:
 Plaintext
 Encryption Algorithm (public key of receiver)
 cipher text
 transmitted to remote user
 in cipher text
 Decryption Algorithm (Private key of receiver)
 Plaintext message

Asymmetric Crypto can also be used to create a _____________signature.
 DIGITAL
 A digital signature can:
 verify the sender (authentication)
 prove the integrity of the message
 prevent the sender from disowning the message (nonrepudiation)

Asymmetric Cryptographic Algorithms and CIA+2
 Confidentialityyes
 Integrityyes
 Availabilityyes
 Authenticationyes
 NonRepudiationyes

Digital Signatures
 When the asymmetric process is reversed, the private key encrypts a message, and the public key decrypts it.  The fact that the message was sent by the organization that owns the private key cannot be refuted
 this nonrepudiation is the foundation of digital signatures
 often a digital signature is a hash value that has been encrypted by a sender's private key
 digital signatures are independently verified by a central facility (registry) as authentic
 using a digital signature doesn't encrypt the message itself. To ensure privacy of the message, it must also be encrypted using the receivers public key.
 with a digital signature, I'm not releasing/revealing my private key, I'm just using it to encrypt something.

Digital Signature Flow
 Bob sending Confidential email in plaintext
 Hash algorithm (key)
 Hash
 Encryption Algorithm ( Bob's private key)
 Digital Signature
 Transmitted to Alice
 Encryption algorithm (Bob's public key)
 Hash
 Hash Algorithm (key)
 Hash (they match)
 Alice receives

Action
B wants to send A encrypted msg.
A wants to read encrypted msg from B
B wants to send a copy to himself of e. msg he sent A
B receives an encrypted reply msg from A
B wants C to read A's reply that he received
B wants to send A a msg with a digital signature
A wants to see B's digital signature
 Whose key to use? Which key? Why?
 A's key public an encrypted msg is to be sent the recipients key is always used & never the senders'
 A's key private an encrypted msg can only be read by using the recipients' key
 B key public to encrypt, private to decrypt an encrypted msg can only be read by rec. private key.
 B's key Private the recipients private key is used to decrypt received msgs.
 S's key public the msg should be encrypted w/ S's key for her to decrypt & read w/ her private key
 B's key private Bob's private key is used to encrypt the hash
 B's key public key because B's public & private keys are mathematically related Alice can use his public key to decrypt the hash.

RSA
 the most common asymmetric cryptography algorithm
 1st public key encryption algorithm developed for commercial use

Hybrid Crypto Systems
 Pure asymmetric key encryption is not widely used except in the area of certificates, instead, it is typically employed in the area of conjunction with symmetric key encryption, creating a hybrid system.
 the hybrid process in current use is based on the DiffieHellman key exchange method, which provides a way to exchange private keys using public key encryption without exposure to any third parties.
 In this method, asymmetric encryption is used to exchange secret key securely over a public network.
 Once the key has been shared, then both parties can use it to encrypt and decrypt messages using symmetric cryptography
 DiffieHellman provided the foundation for subsequent developments in public key encryption.

Uses of Cryptology
 file encryption
 disk encryption
 email security
 web browsing
 remote network access

Cryptology Summary
 Cryptology is the science of transforming information into a secure form while it is being transmitted or stored so that unauthorized users cannot access it.
 hashing creates a unique signature, called a hash or digest, which represents the contents of the original text
 symmetric cryptography, also called private key cryptography, uses a single key to encrypt and decrypt a message
 asymmetric cryptography, also known as public key cryptology, uses two keys instead of one.
 cryptology can also be used to protect large numbers of files on a system or an entire disk

Digital Certificates
 Digital Certificate is an electronic document, similar to a digital signature, attached to a file certifying that the file is from the organization it claims to be from and has not been modified from the original format.
 a Certificate Authority (CA) is an agency that manages the issuance of certificates and serves as the electronic notary public to verify their origin and integrity

A digital signature typically contains the following information:
 owner's name or alias
 owner's public key
 name of the issuer
 digital signature of the issuer
 serial number of the digital certificate
 expiration date of the public key

Certificate Authority
 Certificate Authority
 an entity that issues digital certificates for others
 a user provides info to a CA that verifies her identity
 the CA inserts this public key into the certificate

Registration Authority
 Registration Authority
 handles some Certificate Authority tasks such as processing certificate requests and authenticating user
 a subentity of the CA (Certificate Authority)

Certificate Revocation List (CRL)
 Certificate Revocation List
 lists revoked certificates
 can be assessed to check the certificate status of other users
 most CRLs can either be viewed or downloaded directly into the user's Web browser

Certificate Repository
 Certificate repository
 a publicly accessible directory that contains the certificates and CRLs published by a CA
 CRs are often available to all users through a Web browser interface

3 types of Digital Certificates
 1. Persona digital certificates (mostly used for email)
 2. Server digital certificates
 3. Software publisher digital certificates

Public Key Infrastructure
 Public key infrastructure involves publickey cryptology standards, trust models, and key management.
 a framework for all of the entities involved in digital certificates to create, store, distribute, and revoke digital certificates (includes hardware, software, people, policies, and procedures)
 PKI is digital certificate management
 Certificate Life Cycle
 1. Creation: certificate created & issued, user positively id'd
 2. suspension
 3. Revocation
 4. Expirationevery certificate issued by a CA must have an expiration date.

Key Management
Proper Key Management includes key storage, key usage, and key handling procedures

Key Storage
 public keys can be stored by embedding them within digital signatures
 private keys can be stored on the user's local system
 private keys can be stored on smart cards or in tokens

Key Handling Procedures
 Procedures include:
 Escrow: keys are managed by a third party
 Expiration
 Renewal
 Revocation
 Recovery
 Suspension
 Destruction

Trust Models
 Trust may be defined as confidence in or reliance on another person or entity.
 Trust model
 refers to the type of trusting relationship that can exist between individuals or entities
 Direct Trust
 a relationship exists between 2 individuals because one person knows the other person
 Third Party Trust
 refers to a situation in which two individuals trust each other because each trusts a third party

Trust Models
 Direct trust is not feasible when dealing with multiple users who each have digital certificates
 Three PKI trust models that use CA
 Hierarchical Trust Model (I trust the certificates the CA issues)
 Distributed trust model (CA issues certificates for other CA's, creating a trust chain)
 Bridge Trust Model (creates a peer to peer relationship between root CA'/a CA exists that does not sign certificates, they just serve as a facilitator to interconnect other CA's)

Managing Cryptographic Controls
 Don't lose your keys
 Know who you are communicating with (verify keys)
 It may be illegal to use a specific encryption technique when communicating to some nations
 Every cryptosystem has weaknesses
 Give access only to those with a business need
 When placing trust into a certificate authority, ask "who watches the watchers?"

