Cryptography ?? . Encryption .

Agenda

Symmetric Encryption . Asymmetric Encryption. Diffie-hellman.

Hashing . Digital signature . Authentication Protocols . PKI . Cryptosystems . Cryptanalysis . Quantum Cryptography.

Cryptography ??
. Cryptography is a framework of methodologies used to ensure the CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity. . The need for cryptographic techs was as old as the need to keep the critical info secure , safe and authentic . the techs were invented in different forms that can be compatible with their current age , while the concept was the same . . Cryptography was known anciently as Encryption which means : Hiding the information from unauthorized entities . Various methods were used to adopt this purpose , it could be implemented manually , mechanically or even electronically .

. SCYTALE , is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it .

. HELP ME I AM UNDER ATTACK will be "HENTEIDTLAEAPMRCMUAK , and it totally depends on the diameter of the rode , which is the key to decipher the message .

. Nowadays are a bit different , as we are not talking about only encryption when dealing with cryptography , hashing shares the place with encryption to form the whole framework (cryptographic framework) ; hashing role is to ensure the integrity of the message . So , back to the CIA triad , encryption is used to insure the confidentiality, hashing is for ensuring the integrity and a combination of encryption & hashing for ensuring the authenticity of the message sender . . Encryption and Hashing can be considered now as systems that need an input to deliver an output , this system is controlled by a set of mathematical equations which is known as an algorithm.

Encryption
. As we stated before , Encryption is considered as a component of the cryptographic framework . Its role is to offer the confidentiality axis of the CIA triad . . Recalling the systematic view of any cryptographic component , Encryption needs an input (Clear message & key) to deliver the cipher form (output) , this cipher form to be decrypted (converted to the clear form ) we shall need a key and the same algorithm .

. Encryption can be implemented symmetrically or asymmetrically . . If we are using symmetric encryption , then we will encrypt the clear message with one key and decrypt it with the same key ; encryptor and decryptor should have the same key .

. On the other hand , for Asymmetric encryption , the sender will use a key to encrypt the message and the receiver will use a different key to decrypt the message , in case we have a bidirectional communication , each pair will use two keys one of them is public for others and a private key for himself.

Symmetric Encryption
. To wrap the concept let us discuss a case for three entities that need to communicate securely using symmetric encryption . . From the figure , we can conclude that we will use 9 different private keys for achieving bidirectional communication between xyz and abc . . We can conclude also that we need to define a way by which we can exchange these private keys in a secure manner between distant entities . . We will recall these two conclusions a bit later .

. DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms . . We will go deeply for DES and AES in the Demos section .

Asymmetric Encryption
. Back to the same case that was assumed when using symmetric encryption. . ABC and XYZ have their public keys distributed over each other , anyone needs to talk to the other will use the others public key to encrypt the traffic and the other will use his own private key to decrypt the traffic , X will use As public key to encrypt clear traffic A will receive the cipher to decrypt it using his own private key . . Less number of keys and simple key distribution .

. RSA is the famous asymmetric key encryption algorithm .

Ron Rivest ## left Adi Shamir ## Middle Leonard Adleman ## Right . RSA operation will be discussed in the Demos section .

. Let us now compare them (symmetric and asymmetric) : 1- Symmetric key encryption suffers from scalability issues ; to achieve a secure communication between N points , we will need to generate (N(N-1))/2 different keys . 3- Symmetric key encryption requires out of band secure exchange of keys , because , both the communicating parties needs to know about the keys before proceeding into the communication . 4- Asymmetric key encryption systems are incredibly complex , and that complexity will surely impact the performance . Asymmetric key encryption is up to 1000 times slower than symmetric key encryption . . Now how can we deal with that problem ?!!! , Diffie and Hellman will answer this question for us .

Diffie-hellman
Diffie-Hellman algorithm will use public key encryption to only distribute symmetric keys for communicating parties , symmetric key encryption will be used to deal with clear data to create the cipher , so we will have no odds :: high performance using symmetric key encryption and simple key distribution process using Diffie-Hellman algorithm , as we will sure see here and the demos section .

 Khaled will generate two (public and private ) keys using his own DiffieHellman algorithm , Ali will do the same thing ; both of them will exchange his own public key , khaled will have his own private key and Alis public key , he will use his Diffie-Hellman algorithm to generate a new private key ; Ali will have the same private key if he executed the same operation.

Hashing
Hashing is the second component of the cryptographic framework , its role is to ensure the integrity of a message . The most important aspect of integrity violation is that the target of the attack is not aware about the violation occurrence , simply , if he knew he will request for a retransmission . The problem is that I am communicating with my coworkers basing on a false information . Hashing is an irreversible process with no keys , the clear message is the only input for the hashing process .

The message will be delivered as an input to the hashing system , hashing system will create message digest (hash) from the clear message , it will then append the digest to the message and then send them over the media ; The recipient will have the message to create a new digest and then compare the two digests .

A simple newbie can execute an MITM attack , he will be able to receive the message with the digest from the sender so as to create a new fake message with a new generated hash from the fake message (using the same hashing algorithm) to be sent to the poor receiver . HMAC , the solution for this problem .

MD5 and SHA are the most used hashing algorithms , SHA is more secure than MD5 . We will have a demo for HMAC in the demos section .

Digital signature
This is our last step for completing the CIA triad , how can we ensure authenticity using cryptography !!! Digital signature is a mechanism by which we can authenticate the message sender on a message basis , each message needs to be authenticated , this needs to be clarified , digital signature is not a connection based authentication mechanism like pap , chap , kerborse , TACACS ............... Digital signature uses a combination of encryption and hashing .

The message will be hashed , the digest will be encrypted by the sender private key and then sent with message to the recipient .

We have a demo for Digital signature .

Authentication Protocols
As we are taking about connection based authentication mechanism , we will deal with protocols rather than algorithms . This is to briefly list famous authentication protocols : 1- PAP 2- CHAP 3- MS-CHAP 4- NTLM 5- EAP 6- PEAP 7- Kerberos 8- TACACS+ 9- Radius 10- Diameter

PKI
Public Key Infrastructure is a Trust Connectivity media , I need to trust the sender before beginning a new session with him , how can I know that this public key is the one owned by the real sender; I need someone between us , someone that I can trust and that can trust this remote sender . How can I trust you? Answer: The CA trusts me. How can I know the CA trusts you? Answer: You can see my certificate issued by the CA. .So , PKI is not for authentication, but it can be considered as a preauthentication phase . .We will have a full PKI course .

Cryptosystems
Cryptosystem is an implemented form of the cryptographic framework , it consists of three components : 1- algorithms : cryptographic engines for doing encryption and hashing . 2- protocols : for establishing connections and negotiating parameters between the communicating parties . 3- keys : for encryption algorithms . IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems , some of them provide the full CIA tirade . The only factor that differentiate between these cryptosystems is the protocol used to establish the connection and negotiate the parameters . These cryptosystems will be discussed deeply in the VPN course .

Cryptanalysis
Breaking a cipher doesn't necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext. In academic cryptography, the rules are relaxed considerably. Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute-force Bruce Schneier .

Quantum Cryptography
While I like the science of quantum cryptography -- my undergraduate degree was in physics -- I don't see any commercial value in it. I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it. Systems that use it don't magically become unbreakable, because the quantum part doesn't address the weak points of the system. Bruce Schneier .