2.8 Cryptographic Concept

Cryptography Concepts

Confidentiality - it's a secret Non-repudiation - you can't deny it Integrity - tamper proof Authentication and access control - it is you

Homomorphic encryption (HE) = allows computation on ciphertext without needing to decrypt the data first. Conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form - perform the work directly on the encrypted data - perform research on data without viewing the data

Symmetric and Asymmetric Cryptography

Symmetric encryption = uses same key for both encryption and decryption - secret key algorithm - a shared key - very fast, less overhead

Asymmetric encryption = public key cryptography - only you have access to the private key - you give public key to everybody online - you can't derive the private key from the public key

Symmetric key from asymmetric keys = use public and private key cryptography to create a symmetric key

Hashing and Digital Signatures

Hashing = represents data as a short string of text, message digest, fingerprint - provides integrity

Salt = adding random data to a password when hashing, when people use the same password, the hash value will be different with salt

Digital signature = cryptographic technique that is used to validate the authenticity and integrity of a message, software, or digital document - It is the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security How it works: - Digital signatures are based on public key cryptography, also known as asymmetric cryptography. When a person encrypts a document with their private key, a digital signature is created. - To verify that signature, the receiver uses the signer’s public key to decrypt the document. If it decrypts successfully, this proves the authenticity of the document and that it has not been tampered with.

Cryptographic Keys

Key strength = larger keys tend to be more secure - prevents brute-force attacks - attackers can try every possible key combination

Key exchange? how do we transfer an encryption key across an insecure medium Out-of-band key exchange = telephone, couirer, in-person In-band key exchange = protect the key with additional encryption, use asymmetric encryption to deliver a symmetric key

Perfect Forward Secrecy (PFS) = keys used to encrypt a session are not derived from the server's private key. This means that even if the server's private key is compromised, past communications (that were securely recorded) remain secure and cannot be decrypted by an attacker - every session use a different private key for exchange - Elliptic curve or Diffie-Hellman ephemeral

Steganography

"concealed writing" - security through obscurity practice of hiding messages or information within other non-secret, ordinary files or messages to avoid detection. - hiding information in digital images, audio files, video files, or even in network traffic.

Quantum Computing

classical mechanism use the smallest form of information which is bit, 1 and 0

quantum mechanism use the smallest form of information which is qubit, which can exist in multiple states simultaneously - searches quickly through large databases | index everything at the same time key features? - superposition = a qubit can represent both 0 and 1 at the same time, unlike a classical bit. - entanglement = state of one qubit can depend on the state of another, no matter the distance between them. This allows for very fast processing speeds and parallelism. quantum key distribution (QKD) = method of secure communication that uses quantum mechanics to secure a communication channel. It is theoretically secure against any decryption attempt.

Stream and Block Ciphers

Stream cipher = encrypting one byte at a time | high speed | low hardware complexity - used with symmetric encryption - key is combined with IV

Block cipher = encrypting fixed-length groups at a time | often 64-bit or 128-bit blocks - pad adding to short blocks different block cipher modes? - ECB (electronic codebook) = use same key to encrypt every block - CBC (cipher block chaining) = adds randomization, each plaintext block is XORed with the previous ciphertext block, uses IV for the first block - CTR (counter) = uses incremental counter to add randomization to the encryption process - GCM (galois/counter mode) = encryption with authentication, authentication is part of the block mode, commonly used in wireless, IPsec, SSH, TLS

Blockchain Technology

distributed ledger, keep track of transactions, everyone on the blockchain network maintains the ledger

Cryptography Use Cases

Low power devices - mobile, devices portable systems - use elliptic curve cryptography for asymmetric encryption

Low latency - fast computation time - symmetric encryption, smaller key size

High resiliency - larger key sizes, encryption algorithm quality, hashing provides data integrity

Confidentiality - secrecy and privacy, file-level/drive-level encryption

Integrity - prevent modification data, validates the content with hash

Obfuscation - modern malware, encrypted data hides the active malware code

Authentication - password hashing, protect original password

Non-repudiation - confirm the authenticity of data, digital signature provides both integrity and non-repudiation

Cryptography Limitations

Speed - system needs CPU power, more involved encryption increases the load

Size - if the plaintext data is not the same as the block cipher size, we need to add more data to the plaintext for them to match

Weak keys - larger keys are more difficult to brute force, don't use weak keys

Time - encryption takes time, larger files take longer