CompTIA Security+ SYO-401

Certification Training
9954 Learners
View Course Now!
33 Chapters +

Utilizing Cryptography Tutorial

1 Utilizing Cryptography In A Given Scenario

It is not always possible to keep letters, mails, and printed documents as secure as you would like them to be. In the electronic world, there is a way to ensure that the delivered e-mail or document can be opened and read only by the recipient. This is where encryption comes into picture. It protects your e-mails and documents by transmitting them in an unreadable form. In simple terms, encryption delivers the message in a form that is difficult to read by any unintended entity. Conceptually, encryption is the most common type of cryptography in use. The continual increase of transmitting information electronically has resulted in an increased dependence on cryptography. Let’s begin this course by exploring the general cryptography concepts and their use in real-life scenarios. The following screen explains the objectives covered in this lesson. After completing this lesson, you will be able to: • Identify and use historic cryptography ciphers, • Identify and apply modern cryptography systems and mechanisms, • Distinguish between symmetric and asymmetric encryption methods, • Describe how cryptography ensures non-repudiation, confidentiality, integrity, authentication, and authorization., • Distinguish between symmetric block and stream ciphers, and • Identify new and upcoming cryptography concepts.

2 Historical Methods of Cryptography

In this topic, you will learn about the historical methods of cryptography. Cryptography comes from two words—krypto, which means hidden, and grapho, which means writing. Therefore, it literally means hidden writing. Cryptography refers to the science of altering data so that nobody can interpret it without a key. It also refers to the study of cryptographic algorithms. Cryptography is the practice of safeguarding information with the help of a transformation technique. The simplest example of this practice is the transformation of data in a way so that others cannot infer its meaning. Did you know that the practice of cryptography is as old as humankind? Well, the first recorded cryptography techniques originated nearly 4000 years ago. These efforts included substituting characters, concealing characters, and translating messages into another language. Since then, the field of cryptography has evolved to encompass an array of possibilities. The historical cryptographic methods predate the computer age. Unlike many cryptographic methods of today, these methods did not rely on mathematics but on some method of jumbling the text. This is done with the help of a cipher, a method for encoding characters to conceal their value. Encryption is nothing but generating this ciphertext from plain text. There are two main types of non-mathematical ciphering methods, namely substitution and transposition. A substitution cipher is a ciphering system designed to transform a character or symbol into another. Through an algorithm, substitution cipher encodes the plain text to form a ciphertext. The algorithm usually uses a fixed system, in which the units can be single letters, pairs or triplets of letters, or a mixture of both. It is perhaps a relatively easy way of encrypting information. One of the most ancient known substitution algorithms is the Caesar cipher, believed to have been used by Julius Caesar. In this algorithm, all letters are shifted by a certain number of spaces in the set of alphabets. It is said that Julius Caesar utilized a shift of three to the right. For example, plain text that has a character A would be now D in the ciphertext. Similarly, H would become K, E would become H, L would be O, and O would become R. Here, the span of shift is known as the key, which is 3, and it acts as a variable piece of information to encrypt or decrypt data. When this ciphertext is decoded, the shift of 3 happens to the left, which means the cipher letter K becomes H, H becomes E, O becomes L, and R becomes O. This decoding obviously happens at the receiver’s end, and the process is known as decryption. Another substitution algorithm is ROT13. Here, the shift is 13 places to the right. This means A in plain text becomes N in ciphertext, B becomes O, C become P, and so forth. Many newsgroups offer this algorithm for encrypting or decrypting postings. A few other substitution ciphers used in the ancient days include Atbash, where A becomes Z, and PlayFair, where a 5 by 5 matrix of letters is used to encode with some pattern rules. In today’s time, Substitution ciphers are not considered secure, as a computer can crack it almost instantly. This is because of the letter and word frequency. Each language has few words and letter combinations appearing more often than the others do. For example in English, a three-letter word is more likely to be ‘you’, ‘the’, or ‘and’. Similarly, a single-letter word is generally ‘I’ or ‘a’. This general knowledge makes it easy to guess that the first letter L is I and ‘wkh’ is ‘the’, which helps in decrypting the remaining message easily. Generally, the more ciphertext is there, the easier it is to decrypt. However, there is a solution to this issue. Let’s check it out! The issue with substitution ciphers is static underlying letter as well as static word frequency. You can resolve this issue by having multiple substitutions. For instance, you may consider shifting the first letter by three spaces to the right, the second by two spaces to the right, and the third one by just one space, but to the left. You can then repeat this pattern with the next three letters. The most famous multi-alphabet substitution example used in historical days is the Vigenère cipher. This algorithm utilized a keyword for looking up the ciphertext in a table. You take the first letter in the text, go to the Vigenère table, and match it with the letter from the keyword for spotting the ciphertext letter. The table contains the alphabet, each written 26 times in the diverse rows. Each row is shifted to the left cyclically by one letter. The columns are used to locate the letters in plain text, while the rows are used to spot the letters in the given keyword. For example, let’s say that the plain text is Maria and the keyword is cat. Now, you start by finding the first letter m among the columns and the first letter in the rows as c. The spot where these two letters intersect in the table is the cipher letter, here, being the letter O. You will now repeat this for each letter in the plain text. When you reach I in the plain text word, you would start with c in the keyword. The resultant ciphertext here will be OKKAA. In this way, each letter in the plain text and keyword will generate a different substitution alphabet. For decrypting, the intersection of the diagonal having the cipher letter and the row having the key letter gives the corresponding plain text letter. We have now completed exploring substitution ciphers. Now, let’s explore the transposition ciphers. A transposition cipher includes scrambling or transposing the letters in some way. Usually, a message is split into blocks of equal size after which each block is scrambled. The characters are transposed by changing the order. For example, the plain text “you are welcome” is split into three blocks and is moved right to two positions to form the ciphertext as “ouy,” “rea,” and “mewelco.” Here, you can even change the way the first block is transposed from the second one to increase the level of difficulty for decrypting. A classic example of transposition is the Rail Fence Cipher. In this type, you write down the letters in a message or plain text diagonally across rows, and then read it row by row to form a ciphertext. For example, if the message or plain text is “Call tom at 5,” it is arranged diagonally in three rows to form cipher as CTT ALOA5 LM. Here, the depth is three as there are three rows. For decrypting, you need to write the ciphertext in three rows from left to right and we read it in a zigzag way to obtain the plain text or message. It is vital to note that while a substitution cipher replaces a character with another, a transposition cipher shifts the places of the characters. Let’s now explore one more historical method of cryptography. No conversation of historical methods of cryptography will be considered complete without the Enigma machine. Used specially for military and commercial use, the Enigma machine was much like a typewriter implementing a multi-alphabet substitution cipher. It used 26 diverse substitution alphabets. On pressing a key, it generated a different substitution alphabet. Before the computer age, the cipher generated by this machine was considered extremely tough to break. With this brief overview about the history of cryptography, we’ll now dedicate the rest of the lesson to modern cryptography concepts and mechanisms.

3 Modern Concepts Of Symmetric And Asymmetric Cryptography

In this topic, you will learn about the modern concepts of symmetric and asymmetric cryptography. With advent of computers, the use of the older cryptography methods became obsolete. This is because a computer has the power to crack substitution and transposition ciphers quickly and with ease. The two powerful historical methods, namely Vigenère and Enigma machine are also not resistant to modern cryptographic attacks. Modern cryptography is split into three key zones—symmetric cryptography, asymmetric cryptography, and hashing algorithms. However, we will restrict ourselves only to concepts in this lesson. Symmetric encryption uses a single shared key for encrypting and decrypting the message. It is also known as private key or secret key cryptography or encryption. Both the key and processing algorithm need to be the same for encrypting and decrypting the message. The secret key is something that needs to be protected. However, this key is never disclosed to those who are authorized to access the encryption system. In case the key is lost or stolen, the encryption process is breached. Therefore, what is of utmost significance here is the special protection of keys. The example for Vigenère cipher we looked at before with the key of “cat” repeating for the length of the message is a form of symmetric encryption, as the same key is used to encrypt and decrypt the message. Another scenario in which you use symmetric encryption is a wireless network, where you configure a wireless router for security by stating a passphrase or key. The user must submit the same key to connect to the wireless network. Symmetric cryptography is also usually used for encrypting files on a drive, wherein the user is the only entity to possess a single secret key. In other scenarios, there might be two partners communicating with each other and using a copy of the shared secret key. For instance, the secure session protocol Secure Sockets Layer, or S-S-L, uses symmetric cryptography. In both cases, symmetric encryption protects confidentiality. Asymmetric encryption algorithms utilize two separate keys for encrypting and decrypting data. These asymmetric keys are the public key and private key. Each communicating partner needs its own unique set of public and private keys. While the private key of the pair remains private and secure, the public key is open and freely distributed. In reality, the senders use their own private key to generate an interim message, which is then encrypted with the recipient's public key. Similarly, the recipients decrypt using their private key to fetch the interim message, which is decrypted using the sender's public key. This means that what one key does, the other one undoes. The real magic of this encryption type is that the public key cannot decrypt a message. This means if you send a message encrypted with the recipient’s public key, it does not matter if everyone else on the network knows the recipient’s public key. This is because this public key cannot decrypt the message. Only the recipient’s private key can do so. Although the public and private keys are mathematically related, having the public key does not facilitate generating the corresponding private key. This protects the integrity of the private key ensuring that the message is intact. Such protection is ensured through a one-way function, which is an easy-to-compute but hard-to-reverse mathematical algorithm. This function is a mathematical operation generating output values easily for each probable combination of inputs. However, the function makes it impossible to get those input values. Asymmetric cryptography, also known as public-key cryptography, or PKC, is used in scenarios where the other party is untrustworthy, or is located remotely. In a file transfer environment where hundreds of users are spread over a vast geographical area, asymmetric encryption is ideal because distributing a symmetric key securely to each of these users is practically almost impossible. Let’s now compare symmetric and asymmetric cryptography. Symmetric cryptography involves only one key shared between two or more entities. However, asymmetric cryptography involves a pair of public and private keys. Symmetric cryptography is faster and less complex than asymmetric cryptography. This is due to its simple algorithm design and because it uses a single key. Moreover, symmetric solutions are not resource intensive and are ideal for even big messages as they are faster, while asymmetric solutions are resource intensive and are meant only for small messages. For symmetric cryptography, when it comes to key exchange or distribution, it is tough to exchange the single shared key securely over the Internet or an untrusted network. Therefore, it needs an out-of-band solution for communication to exchange keys securely, such as over the phone, shipping a floppy, or using another network. However, deploying a Public Key Infrastructure, or P-K-I, with asymmetric cryptography to transmit symmetric cryptographic keys is mostly preferred. The exchanged keys encrypt the traffic only for a single session, and then they are discarded. In case of asymmetric cryptography, the distribution of keys happens without relying on an external mechanism, which makes distribution safer. The symmetric public key is kept encrypted within the message due to which the distribution is in-bound. We shall learn about in-bound and out-of-band key distribution later in this lesson. The number of keys increases exponentially as users grow in case of symmetric solutions. This makes it complicated to manage so many keys. On the other hand, the same growth is linear in asymmetric, which makes key management easier. Considering the fact that each network user in symmetric cryptography solution must have a shared secret key for secure communication, the number of keys needed is n into (n – 1) the whole divided by 2, where n refers to the number of people. This makes symmetric cryptography non-scalable and complex when used alone. On the other hand, each interacting partner in an asymmetric cryptography needs its own unique key pair, which makes asymmetric solutions more scalable. Symmetric solutions are ideal for bulk encryption, including files and connection paths. Asymmetric solutions are ideal for key encryption and distribution. As a result, you will find hybrid systems using both symmetric and asymmetric algorithms. Asymmetric solutions are often used as an exchange mechanism for symmetric keys. The best example is of SSL over the Internet. In terms of security, symmetric cryptography ensures confidentiality and integrity. It also guarantees strong encryption protection if you use larger keys but only as long as the keys are private. On the other hand, asymmetric cryptography ensures not only confidentiality and integrity, but also authentication and non-repudiation. In a cryptographic system, non-repudiation ensures that senders cannot deny their own actions, and cannot say that they haven’t send a message or made a change, which adds to the system’s integrity. This concept of non-repudiation is implemented either through auditing or digital signatures. In case of symmetric cryptography, the issue is that anyone can assert to be a genuine sender, provided such claimers have access to such a system for sending you a public key. Thus, although you get the message, there is no way of verifying that the sender is genuinely the one who he or she claims to be. However, this issue is solved by asymmetric cryptography due to the presence of two keys. In an asymmetric cryptography scenario, non-repudiation is ensured when the public key of the recipient and private key of the sender helps in encrypting a message successfully, and the corresponding mathematically related public key of the sender and private key of the recipient helps in decrypting the message. Because the recipient could decrypt the message with the sender’s public key, it is proved that the sender's private key encrypted the data. Moreover, only the sender is in possession of its own private key. In this way, non-repudiation is ensured in asymmetric cryptography and relies on authentication and authorization. In symmetric cryptography, single secret key is shared between the two communicating partners. Therefore, when an encrypted message is successfully decrypted by the receiver’s copy of the key, authentication takes place. The recipient is authenticated due to the possession of the correct shared key. Similarly, even the sender is authenticated due to the successful decryption, proving that only the other user with the encrypted key has sent the message. Further, the possession of the shared secret key acts as an evidence of authorization. The holder is authorized to access any data encrypted with that key. Moreover, this type of cryptography maintains confidentiality and integrity until the shared key is not exposed to any third entity. In asymmetric cryptography, the sender utilizes the receiver’s public key for encryption. This enforces the recipient’s authentication as the recipient is the only entity with the corresponding private key. Similarly, when the sender's private key encrypts the message, any recipient can confirm the sender's identity through decryption via the sender's public key. Further, only one entity is in genuine possession of the private key, and this acts as the proof of authorization. The private key’s holder is authorized to access any data encrypted with the corresponding public key. Confidentiality of data and integrity of data and keys are ensured because keys are securely exchanged. Let’s now explore the concept of In-band and out-of-band key exchange mechanisms. The In-band key exchange occurs in an established or existing path of communication. It is believed to be less secure because the threat of attacks by “man-in-the-middle” and “eavesdropper intercepting the exchange,” continuously looms over its head. On the other hand, out-of-band key exchange happens outside of the established path of communication, such as via another path or channel or through a secured exchange technique in the path or channel. It is relatively secure as any intruder monitoring the initial path or channel is less likely to do the same on the separate path chosen for exchanging keys. A few examples of out-of-band exchange are discrete session with alternate ports, an asymmetric solution such as electronic envelopes, and physical exchange methods such as QR code scanning and Bluetooth exchange. Let’s now look at the one more fundamental difference, although that is applicable only to the symmetric methods of cryptography. Symmetric methods use either a stream or a block cipher. As the name indicates, in case of a block cipher, the encryption algorithm deals with blocks or chunks of data by encrypting each chunk one by one. However, in case of a stream cipher, the algorithm encrypts the data one bit or byte at a time. This means that the block size here is only 1 bit or 1 byte. The transposition ciphers are block ciphers, as the entire word is considered for reversing its letters. The more complicated transposition cipher handles the full message, and encrypts it through a transposition algorithm as well as a secret key. On the other hand, the Caesar substitution cipher with a shift of three is an example of a stream cipher. Block ciphers are more secure than stream ciphers, as they deal with encryption at a higher level, although they have relatively more overhead. This overhead depends upon the modifiable block size, the most common being 64 or 128 bits, and the way of implementation. However, in terms of speed, the stream ciphers execute faster than the block ciphers. When it comes to vulnerability to errors, stream ciphers win because the ciphertext and plain text are of the same size always. Even if an error occurs while encrypting the plain text, it typically affects only a single bit rather than the full string. On the contrary, if block ciphers have errors, the full block becomes incomprehensible. Most modern encryption algorithms work with some kind of a block cipher. However, for combining the best of both the worlds, stream ciphers can act as a type of block cipher wherein a buffer loads with real-time data to be encrypted as a block. Unless symmetric cryptography involves the mechanism of using every key only once, the same encryption key encrypts each block or buffer block in a session. Let’s now learn about the concept of session keys. Session keys, also known as conversation keys, refer to the encryption keys required for communication over the session. Usually, they are selected or generated randomly and are valid only for a single session. In most cases, session keys are symmetric but even asymmetric session keys can be in use. Session keys are usually in use by Secure Socket Layer, or SS,L over Transport Layer Security, or T-L-S. You can secure session keys by using the out-of-band key exchange mechanism and by using them restrictively. Remember that the more often you use an encryption key, the less secure it becomes because it offers additional details to a potential attacker for cracking the key quickly and with less difficulty. You can overcome this problem with the help of rekeying, which means using keys on a limited basis, C. This process is triggered by several different events such as the amount of transmitted data, duration for which a conversation lasts, or idle time in the session. Let’s now learn about some more key concepts. The table below lists some more concepts that you need to know about keys and encryption. First is the key space, which refers to the number of bits present in the encryption key. The bigger the key space, the stronger or better is the encryption and higher is the cryptographic strength. This is because a larger key space triggers the possibility of more possible values to be calculated for hacking the key. For instance, a 2-bit key space shall permit only four values, namely 00, 01, 10, and 11, which can be computed easily. However, if the key space is of three bits, there can be eight possible values, namely 000, 001, 010, 011, 100, 101, 110, and 111. Therefore, the sizes of the modern key spaces are 64, 128, 256, and 512 bits. Second is work factor, which refers to a value showing the time required for breaking the encryption. It is typically higher when the key space is larger. For instance, it would require less time to hack a 64-bit key, which means the work factor is lower for this specific key. Third is one-time pads or O-T-P, which refers to a highly secure method of encryption involving the usage of a key only once. This key is generated randomly and is destroyed after use, much like a session key. Fourth is padding. During encryption, plain text messages may not consume an even number of blocks. Therefore, at times, padding is added to the last block for completing the stream. This is done by adding zeros, ones, or a mix of ones and zeros. The selection of such padding is made by the encryption algorithm in use. Depending on the algorithm, several padding techniques are available. Let’s now explore some more commonly used cryptographic mechanisms. In this topic, you will learn about hashing, transport encryption, digital signatures, key escrow, and steganography cryptography mechanisms. Consider a scenario where for a forensic investigation, you need to perform hard drive imaging. As a system administrator, you need to ensure that no data on the original drive is modified after the duplication process. If it is modified, there should be a solution to detect it quickly. Further, the duplication process must produce the exact replica of the original drive. In short, you are asked not only to protect data integrity, but even track its violation. So, how will you do this? This is something that will not involve encryption methods of asymmetric and symmetric cryptography. Rather, we recommend implementing hashing. Hashing is perhaps the most reliable cryptography method in such a scenario. Now let’s learn more about it. Hashing is a cryptography mechanism that differs from an encryption algorithm. In our scenario, when a hard drive is scanned to obtain its exact duplicate, you can implement one of the several hashing algorithms to generate a hash value of the drive before duplication. After duplication, you need to generate and compare hash values of the original and duplicate drives. If both values are the same, the data is said to be intact with no modifications made to the original drive. Further, it proves that the duplicate drive is an exact replica of the original. You can re-compute the hash values even after a week. If the hash values are still the same, data on both drives is said to be intact, which means integrity is well protected. Hashing generates the data’s unique identifier, known as hash or hash value. This value is also referred as message digest, checksum, fingerprint, or Message Authentication Code, abbreviated as M-A-C. A hash value acts as an ID code to sense whether the original data source was modified as no two sources generate the same hash. The data source can be a network packet, a drive, a file, or an e-mail message. This is how hashing detects violations of data integrity. In case you are looking after the original drive only, the hash value is stored with the data, and it is re-created through the hashing algorithm after some days. If this new value is equal to the stored value, then the data has not been altered. In case of e-mails, the computed hash value is either stored or sent with the message. Then, the receiver runs the message through the same hashing algorithm to calculate the hash value. If this value matches the hash value sent with the message, it indicates that the message has not been altered. Hash values are one-way values as it is impossible to reverse them to obtain the actual message or data. This is why most vendors apply hashing to passwords while storing them on a system. While encryption is like locking a box, hashing is like taking a person’s sign or fingerprint. Moreover, hashing has no keys because it is not possible to retrieve the original data by using a hash value. While working with hashes, there are a few critical points for you to remember. The hash value is usually of a fixed length and depends on the algorithm. This is regardless of the input size being hashed, which can be two characters or 1000 words. The hashing algorithm needs to have few or no collisions, which means that that hashing two diverse pieces of data should not give the same hash value. Remember that hashing is not based on file header but only on data. For instance, calculating the hash value of a file, changing its name, and then re-computing the hash value does not give two different hash values. This means no one can misrepresent or hide the actual file by renaming it. We shall now talk about digital signatures, which is another way to ensure integrity along with non-repudiation. You can think of a digital signature as an electronic form of a standard signature on a paper. It is an electronic mechanism proving that the message was sent from a particular user, and that the message remained intact while in transit. This means that a digital signature validates the identity of the sender and integrity of the message to ensure non-repudiation. Digital signatures operate with the help of a hashing algorithm and a symmetric or an asymmetric encryption algorithm. The message is encrypted using an encryption algorithm and then a digital signature is added to it. Let’s look at how digital signature work using asymmetric encryption. First, senders compute a hash of the message, and then encrypt the hash with their own private key. Next, senders attach the message to the encrypted hash, which is nothing but a digital signature. This message along with the encrypted hash is sent to the receiver. The receiver extracts the encrypted hash and utilizes the sender's public key to decrypt the corresponding private key of the sender. This fetches the hash from the digital signature. Then, the recipient computes a hash of the message. Finally, the recipient compares both the hash values. If found to be equal, the receiver gets verification that data integrity was maintained, and the intended sender has sent the message. In case of symmetric cryptography, only a single key is used to encrypt and decrypt the hash value. Now, let’s explore transport encryption. Using encryption for transport data or network traffic is perhaps one of the most common usages of cryptography. In such a scenario, encryption is done in either the transport or tunneling mode. While the payload and message headers are encrypted in the tunneling mode, only the data, also known as payload, is encrypted in the transport mode. Transport encryption ensures security of information while it is being sent from one point to another. There are many algorithms or protocols used for transport encryption, which we shall cover in next lesson. You already know that in a symmetric cryptographic environment, all entities that possess the shared secret key have to protect its privacy. Similarly, each entity in an asymmetric system must safeguard its private key. For storing copies of these shared secret keys and private keys, there is a key escrow storage system. It is usually a centralized management system which stores the encryption keys securely as a means of recovery via a key-escrow agent in case a key is lost or damaged. If you are assigned a secret or private key, the issuing cryptographic server or CA perhaps retains its copy in escrow. Another use of key escrow is to allow a third party to access keys. For example, the government or the FBI can ask for access to the keys for investigation. At times, it could be the employer in case the private messages of an employee are questioned. While these facts make key escrow suitable for private corporate environments, it is quite unsuitable for the Internet. This is because the concept is controversial due to the apparent risks of storing keys elsewhere instead of on an organizational resource. Let’s now check out the last, but highly evolved, concept of cryptography before we move on to the recently introduced and upcoming concepts. Did you know that steganography is quite an ancient form of cryptography? Well, it refers to hiding a text file within a graphic file. By hiding a message in any digital or multimedia file, the analyst is prevented from detecting the real message. Steganography also facilitates electronic watermarking for protecting the copyrights. Several steganography applications are available for modifying a graphic file in such a way that it can hide text. The real advantage of steganography over cryptography is that the resulting data does not attract anyone’s attention when in motion. The encrypted data is easily detected while moving over a network, making steganography more appealing, because it aims to conceal rather than to render fully illegible. While cryptography is used to disguise, steganography is used to conceal. There are several rumors that steganography is being used by terrorists to transmit information across the Internet. The text is inserted into a graphic file and then uploaded on a site, after which the intended recipients download the graphic file. Finally, the recipients retrieve the text from the graphic file with the help of the same program used to embed the text. The most common type of steganography is the Least Significant Bit, or L-S-B. In this method, the last bit in each byte is changed, which does not make a noticeable difference in the image. In simple words, nobody can make out that something has been changed. Taking full advantage of this fact, the text or data is stored by putting it in the place of the least significant bits of a file. Let’s now proceed to the last topic of this lesson, which deals with the recently introduced and upcoming concepts in cryptography.

6 New And Future Cryptography

In this topic, you will learn about the new and future concepts of cryptography. Elliptic Curve Cryptography, or E-C-C, is perhaps the proposed asymmetric cryptography for ensuring security while communicating via cellular devices, although it is currently in use for Web servers. It is simply mathematical magic for gaining stronger encryption from shorter keys through message signing and asymmetric encryption. For instance, an ECC version of a standard asymmetric algorithm that has a 160-bit key gives the same level of protection as the algorithm’s 1,024-bit key. Moreover, the printed signatures are more compact than other asymmetric options. ECC encryption is based on the logic of using points on a curve together with an infinity point and the complexity of solving discrete logarithm problems, wherein the private key has to be found when the public key is provided. Because of shorter keys, speed, and ability to work with less computing power, several vendors have already implemented, and many more continue to implement, the elliptical curve cryptography for security. Another upcoming type of cryptography is quantum cryptography. Let’s explore it in the next screen. Quantum cryptography is a recently introduced method of encryption. It is based on transferring the encrypted message as particles of light or photons. These particles are subsequently converted into binary data. The benefit of this cryptography is that if someone intrudes the communication channel for listening or observing the data being transmitted, the state of the photons changes while passing through that individual or entity acting as an eavesdropper. This change in the state is easily detected by the two communicating parties after which they change their cryptography key to avoid security breach. Previously restricted to only secret government communications and laboratory jobs, quantum cryptography is now used in fibre optic networks. Although several theoretical uses exist for quantum cryptography, the only practical method existing right now is quantum key exchange, or Q-K-E. However, QKE is out of the scope of this course. We shall now explore two more new concepts, namely the ephemeral key and perfect forward secrecy. An ephemeral key refers to a temporary key useful for encrypting a single message in a communication session, instead of a single key for encrypting all messages in the same. It is generated when needed, and with temporary timeframe. Such a key might be used only once or for across a session before being discarded. This makes us conclude that most session keys are ephemeral. Ephemeral keys are in contrast to never-changing fixed keys and also to shared keys used by several entities. Ephemeral keys are uniquely and exclusively used by the end points of a session or transaction. Do you recall that asymmetric ciphers are thousands times slower than symmetric ciphers? Well, the solution to this issue is using the asymmetric cipher to convey an ephemeral symmetric key, and then using a symmetric cipher along with the ephemeral key for encryption. Here, the symmetric key is ephemeral as it is used only once, for that exchange. The sender shall first create an ephemeral key to encrypt with a symmetric cipher. Then, another message is created to encrypt the ephemeral key with the recipient’s public key. Both these messages are then sent to the receiver. The recipients would first decrypt the ephemeral key through their private key and then the secured document or message with the ephemeral symmetric key. Moreover, ephemeral keys are a primary part of perfect forward secrecy. Let’s learn about more them. Forward secrecy is a part of a key exchange system, ensuring that compromising one key will never result in compromising the subsequent keys. When this process is indestructible, it is called perfect forward secrecy. Here, a system generates random public keys, also known as ephemeral keys, for each session to exchange the secret key during communication. In a session, each succeeding rekeying operation takes place independently of any of the former keys, making each key nondependent and nondeterminant of any other used key or previous or future sessions. This technique ensures that the compromise of a session key will only disclose the subsection of the whole dialogue encrypted by that key. The other subsections will remain confidential. Perfect forward secrecy also makes sure that if the original asymmetric keys get disclosed, they cannot unlock any preceding sessions that an eavesdropper or man-in-the-middle attack captures. Although these cryptography concepts are new, these are proven concepts and technologies with a good record of accomplishments, and they ensure reliable security. This is regardless of whether you are using asymmetric or symmetric cryptography. In cryptology, Auguste Kerckhoffs’s principle is quite important to implement. According to this principle, the security of an algorithm needs to depend only on the key’s secrecy and not on the secrecy of the algorithm. This means that the algorithm can be known to anyone for examination, but the process still should be secure until the specific key remains secret. While major algorithms are public for the researchers to examine for flaws, the new and secret algorithms still need to be examined. Therefore, in short, you should use only proven cryptography algorithms and technologies. Before ending this lesson, let’s look at the common uses of cryptography. Cryptography is used for securing moving data across databases and servers, network traffic, on mobiles, and on drives and removable media. It is used to stop noncompliance and enforce a safe separation of duties. Let us summarize the topics covered in this lesson. • Cryptography refers to the science of altering data so that nobody can interpret it without a key. • A substitution cipher transforms a character or symbol into another, while a transposition cipher scrambles or transposes the letters in some way. • The Caesar substitution algorithm shifts all letters by three spaces to right to create a cipher, while ROT13 shifts all letters by 13 places to the right. • Multiple substitutions resolve the security issue triggered by the static underlying letter and static word frequency involved in substitution ciphers.

8 Summary

Let us summarize the topics covered in this lesson. • Symmetric encryption uses a single secret shared key to encrypt and decrypt, while asymmetric encryption uses a pair of public and private keys, one for encrypting and the other for decrypting. • Symmetric cryptography ensures confidentiality and integrity, while asymmetric cryptography ensures confidentiality, integrity, authentication, and nonrepudiation. Let us summarize the topics covered in this lesson. • Non-repudiation ensures that the sender cannot deny his or her own actions. • A block cipher involves chunks of data being encrypted one by one and is more relatively more secure, while a stream cipher involves encrypting data one bit or byte, at a time, and is more resistant to errors. • Session keys are randomly generated encryption keys valid for communication in a single session. • Hashing ensures data integrity by generating hash values or message digest from which it is impossible to obtain the original message or data. • A digital signature refers to an electronic mechanism, ensuring authentication, integrity of the message and sender, and non-repudiation. Let us summarize the topics covered in this lesson. • Transport encryption encrypts only the data or payload while it is being sent from one point to another. • A key escrow storage system allows the storing of the copies of shared secret keys and private keys. • Steganography allows hiding a data file or text within a graphic file. • Elliptic Curve Cryptography ensures stronger encryption from shorter keys through message signing and asymmetric encryption. • Quantum cryptography transfers the encrypted message as particles of light or photons changing their state upon eavesdropping. With this we conclude this lesson, “Utilizing General Cryptography Concepts in a Given Scenario.” In the next lesson, we will look at “Using Appropriate Cryptographic Methods in a Given Scenario.”

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*