## CompTIA Security+ SYO-401

Certification Training
9954 Learners
33 Chapters +

# Utilizing Cryptography Tutorial

## 1 Utilizing Cryptography In A Given Scenario

It is not always possible to keep letters, mails, and printed documents as secure as you would like them to be. In the electronic world, there is a way to ensure that the delivered e-mail or document can be opened and read only by the recipient. This is where encryption comes into picture. It protects your e-mails and documents by transmitting them in an unreadable form. In simple terms, encryption delivers the message in a form that is difficult to read by any unintended entity. Conceptually, encryption is the most common type of cryptography in use. The continual increase of transmitting information electronically has resulted in an increased dependence on cryptography. Let’s begin this course by exploring the general cryptography concepts and their use in real-life scenarios. The following screen explains the objectives covered in this lesson. After completing this lesson, you will be able to: • Identify and use historic cryptography ciphers, • Identify and apply modern cryptography systems and mechanisms, • Distinguish between symmetric and asymmetric encryption methods, • Describe how cryptography ensures non-repudiation, confidentiality, integrity, authentication, and authorization., • Distinguish between symmetric block and stream ciphers, and • Identify new and upcoming cryptography concepts.

## 2 Historical Methods of Cryptography

In this topic, you will learn about the historical methods of cryptography. Cryptography comes from two words—krypto, which means hidden, and grapho, which means writing. Therefore, it literally means hidden writing. Cryptography refers to the science of altering data so that nobody can interpret it without a key. It also refers to the study of cryptographic algorithms. Cryptography is the practice of safeguarding information with the help of a transformation technique. The simplest example of this practice is the transformation of data in a way so that others cannot infer its meaning. Did you know that the practice of cryptography is as old as humankind? Well, the first recorded cryptography techniques originated nearly 4000 years ago. These efforts included substituting characters, concealing characters, and translating messages into another language. Since then, the field of cryptography has evolved to encompass an array of possibilities. The historical cryptographic methods predate the computer age. Unlike many cryptographic methods of today, these methods did not rely on mathematics but on some method of jumbling the text. This is done with the help of a cipher, a method for encoding characters to conceal their value. Encryption is nothing but generating this ciphertext from plain text. There are two main types of non-mathematical ciphering methods, namely substitution and transposition. A substitution cipher is a ciphering system designed to transform a character or symbol into another. Through an algorithm, substitution cipher encodes the plain text to form a ciphertext. The algorithm usually uses a fixed system, in which the units can be single letters, pairs or triplets of letters, or a mixture of both. It is perhaps a relatively easy way of encrypting information. One of the most ancient known substitution algorithms is the Caesar cipher, believed to have been used by Julius Caesar. In this algorithm, all letters are shifted by a certain number of spaces in the set of alphabets. It is said that Julius Caesar utilized a shift of three to the right. For example, plain text that has a character A would be now D in the ciphertext. Similarly, H would become K, E would become H, L would be O, and O would become R. Here, the span of shift is known as the key, which is 3, and it acts as a variable piece of information to encrypt or decrypt data. When this ciphertext is decoded, the shift of 3 happens to the left, which means the cipher letter K becomes H, H becomes E, O becomes L, and R becomes O. This decoding obviously happens at the receiver’s end, and the process is known as decryption. Another substitution algorithm is ROT13. Here, the shift is 13 places to the right. This means A in plain text becomes N in ciphertext, B becomes O, C become P, and so forth. Many newsgroups offer this algorithm for encrypting or decrypting postings. A few other substitution ciphers used in the ancient days include Atbash, where A becomes Z, and PlayFair, where a 5 by 5 matrix of letters is used to encode with some pattern rules. In today’s time, Substitution ciphers are not considered secure, as a computer can crack it almost instantly. This is because of the letter and word frequency. Each language has few words and letter combinations appearing more often than the others do. For example in English, a three-letter word is more likely to be ‘you’, ‘the’, or ‘and’. Similarly, a single-letter word is generally ‘I’ or ‘a’. This general knowledge makes it easy to guess that the first letter L is I and ‘wkh’ is ‘the’, which helps in decrypting the remaining message easily. Generally, the more ciphertext is there, the easier it is to decrypt. However, there is a solution to this issue. Let’s check it out! The issue with substitution ciphers is static underlying letter as well as static word frequency. You can resolve this issue by having multiple substitutions. For instance, you may consider shifting the first letter by three spaces to the right, the second by two spaces to the right, and the third one by just one space, but to the left. You can then repeat this pattern with the next three letters. The most famous multi-alphabet substitution example used in historical days is the Vigenère cipher. This algorithm utilized a keyword for looking up the ciphertext in a table. You take the first letter in the text, go to the Vigenère table, and match it with the letter from the keyword for spotting the ciphertext letter. The table contains the alphabet, each written 26 times in the diverse rows. Each row is shifted to the left cyclically by one letter. The columns are used to locate the letters in plain text, while the rows are used to spot the letters in the given keyword. For example, let’s say that the plain text is Maria and the keyword is cat. Now, you start by finding the first letter m among the columns and the first letter in the rows as c. The spot where these two letters intersect in the table is the cipher letter, here, being the letter O. You will now repeat this for each letter in the plain text. When you reach I in the plain text word, you would start with c in the keyword. The resultant ciphertext here will be OKKAA. In this way, each letter in the plain text and keyword will generate a different substitution alphabet. For decrypting, the intersection of the diagonal having the cipher letter and the row having the key letter gives the corresponding plain text letter. We have now completed exploring substitution ciphers. Now, let’s explore the transposition ciphers. A transposition cipher includes scrambling or transposing the letters in some way. Usually, a message is split into blocks of equal size after which each block is scrambled. The characters are transposed by changing the order. For example, the plain text “you are welcome” is split into three blocks and is moved right to two positions to form the ciphertext as “ouy,” “rea,” and “mewelco.” Here, you can even change the way the first block is transposed from the second one to increase the level of difficulty for decrypting. A classic example of transposition is the Rail Fence Cipher. In this type, you write down the letters in a message or plain text diagonally across rows, and then read it row by row to form a ciphertext. For example, if the message or plain text is “Call tom at 5,” it is arranged diagonally in three rows to form cipher as CTT ALOA5 LM. Here, the depth is three as there are three rows. For decrypting, you need to write the ciphertext in three rows from left to right and we read it in a zigzag way to obtain the plain text or message. It is vital to note that while a substitution cipher replaces a character with another, a transposition cipher shifts the places of the characters. Let’s now explore one more historical method of cryptography. No conversation of historical methods of cryptography will be considered complete without the Enigma machine. Used specially for military and commercial use, the Enigma machine was much like a typewriter implementing a multi-alphabet substitution cipher. It used 26 diverse substitution alphabets. On pressing a key, it generated a different substitution alphabet. Before the computer age, the cipher generated by this machine was considered extremely tough to break. With this brief overview about the history of cryptography, we’ll now dedicate the rest of the lesson to modern cryptography concepts and mechanisms.

## 6 New And Future Cryptography

In this topic, you will learn about the new and future concepts of cryptography. Elliptic Curve Cryptography, or E-C-C, is perhaps the proposed asymmetric cryptography for ensuring security while communicating via cellular devices, although it is currently in use for Web servers. It is simply mathematical magic for gaining stronger encryption from shorter keys through message signing and asymmetric encryption. For instance, an ECC version of a standard asymmetric algorithm that has a 160-bit key gives the same level of protection as the algorithm’s 1,024-bit key. Moreover, the printed signatures are more compact than other asymmetric options. ECC encryption is based on the logic of using points on a curve together with an infinity point and the complexity of solving discrete logarithm problems, wherein the private key has to be found when the public key is provided. Because of shorter keys, speed, and ability to work with less computing power, several vendors have already implemented, and many more continue to implement, the elliptical curve cryptography for security. Another upcoming type of cryptography is quantum cryptography. Let’s explore it in the next screen. Quantum cryptography is a recently introduced method of encryption. It is based on transferring the encrypted message as particles of light or photons. These particles are subsequently converted into binary data. The benefit of this cryptography is that if someone intrudes the communication channel for listening or observing the data being transmitted, the state of the photons changes while passing through that individual or entity acting as an eavesdropper. This change in the state is easily detected by the two communicating parties after which they change their cryptography key to avoid security breach. Previously restricted to only secret government communications and laboratory jobs, quantum cryptography is now used in fibre optic networks. Although several theoretical uses exist for quantum cryptography, the only practical method existing right now is quantum key exchange, or Q-K-E. However, QKE is out of the scope of this course. We shall now explore two more new concepts, namely the ephemeral key and perfect forward secrecy. An ephemeral key refers to a temporary key useful for encrypting a single message in a communication session, instead of a single key for encrypting all messages in the same. It is generated when needed, and with temporary timeframe. Such a key might be used only once or for across a session before being discarded. This makes us conclude that most session keys are ephemeral. Ephemeral keys are in contrast to never-changing fixed keys and also to shared keys used by several entities. Ephemeral keys are uniquely and exclusively used by the end points of a session or transaction. Do you recall that asymmetric ciphers are thousands times slower than symmetric ciphers? Well, the solution to this issue is using the asymmetric cipher to convey an ephemeral symmetric key, and then using a symmetric cipher along with the ephemeral key for encryption. Here, the symmetric key is ephemeral as it is used only once, for that exchange. The sender shall first create an ephemeral key to encrypt with a symmetric cipher. Then, another message is created to encrypt the ephemeral key with the recipient’s public key. Both these messages are then sent to the receiver. The recipients would first decrypt the ephemeral key through their private key and then the secured document or message with the ephemeral symmetric key. Moreover, ephemeral keys are a primary part of perfect forward secrecy. Let’s learn about more them. Forward secrecy is a part of a key exchange system, ensuring that compromising one key will never result in compromising the subsequent keys. When this process is indestructible, it is called perfect forward secrecy. Here, a system generates random public keys, also known as ephemeral keys, for each session to exchange the secret key during communication. In a session, each succeeding rekeying operation takes place independently of any of the former keys, making each key nondependent and nondeterminant of any other used key or previous or future sessions. This technique ensures that the compromise of a session key will only disclose the subsection of the whole dialogue encrypted by that key. The other subsections will remain confidential. Perfect forward secrecy also makes sure that if the original asymmetric keys get disclosed, they cannot unlock any preceding sessions that an eavesdropper or man-in-the-middle attack captures. Although these cryptography concepts are new, these are proven concepts and technologies with a good record of accomplishments, and they ensure reliable security. This is regardless of whether you are using asymmetric or symmetric cryptography. In cryptology, Auguste Kerckhoffs’s principle is quite important to implement. According to this principle, the security of an algorithm needs to depend only on the key’s secrecy and not on the secrecy of the algorithm. This means that the algorithm can be known to anyone for examination, but the process still should be secure until the specific key remains secret. While major algorithms are public for the researchers to examine for flaws, the new and secret algorithms still need to be examined. Therefore, in short, you should use only proven cryptography algorithms and technologies. Before ending this lesson, let’s look at the common uses of cryptography. Cryptography is used for securing moving data across databases and servers, network traffic, on mobiles, and on drives and removable media. It is used to stop noncompliance and enforce a safe separation of duties. Let us summarize the topics covered in this lesson. • Cryptography refers to the science of altering data so that nobody can interpret it without a key. • A substitution cipher transforms a character or symbol into another, while a transposition cipher scrambles or transposes the letters in some way. • The Caesar substitution algorithm shifts all letters by three spaces to right to create a cipher, while ROT13 shifts all letters by 13 places to the right. • Multiple substitutions resolve the security issue triggered by the static underlying letter and static word frequency involved in substitution ciphers.

## 8 Summary

Let us summarize the topics covered in this lesson. • Symmetric encryption uses a single secret shared key to encrypt and decrypt, while asymmetric encryption uses a pair of public and private keys, one for encrypting and the other for decrypting. • Symmetric cryptography ensures confidentiality and integrity, while asymmetric cryptography ensures confidentiality, integrity, authentication, and nonrepudiation. Let us summarize the topics covered in this lesson. • Non-repudiation ensures that the sender cannot deny his or her own actions. • A block cipher involves chunks of data being encrypted one by one and is more relatively more secure, while a stream cipher involves encrypting data one bit or byte, at a time, and is more resistant to errors. • Session keys are randomly generated encryption keys valid for communication in a single session. • Hashing ensures data integrity by generating hash values or message digest from which it is impossible to obtain the original message or data. • A digital signature refers to an electronic mechanism, ensuring authentication, integrity of the message and sender, and non-repudiation. Let us summarize the topics covered in this lesson. • Transport encryption encrypts only the data or payload while it is being sent from one point to another. • A key escrow storage system allows the storing of the copies of shared secret keys and private keys. • Steganography allows hiding a data file or text within a graphic file. • Elliptic Curve Cryptography ensures stronger encryption from shorter keys through message signing and asymmetric encryption. • Quantum cryptography transfers the encrypted message as particles of light or photons changing their state upon eavesdropping. With this we conclude this lesson, “Utilizing General Cryptography Concepts in a Given Scenario.” In the next lesson, we will look at “Using Appropriate Cryptographic Methods in a Given Scenario.”

• Disclaimer
• PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Name*
Email*
Phone Number*