Cryptography

The two main types of algorithms used in encryption are symmetric and asymmetric. These types of algorithms provide substantially different benefits and have different uses as part of a cryptographic implementation. This module will examine each of these types of algorithms and describe their uses and benefits. 

In contrast to symmetric encryption, asymmetric encryption is relatively new, having been invented, published and thereby made publicly available only in the late 1970s.  Asymmetric algorithms became commonly known when Drs. Whitfield Diffie and Martin Hellman released a paper in 1976 called “New Directions in Cryptography.” The Diffie-Hellman paper described the concept of using two different keys (a key pair) to perform the cryptographic operations — the essence of asymmetric cryptography. The pair of keys used in asymmetric cryptography are mathematically related and must always be used as a pair. One key will not work without the other key also being used. The key pair consists of a private key, which the owner of the key pair MUST keep private; and a public key, which is computed from the private key and can be shared with anyone the owner wishes to share it with.  Asymmetric cryptography uses what is known as a trapdoor function, meaning that while it may be easy to compute a value in one direction, reversing the process is extremely difficult if not mathematically impossible to do. The mathematics used in creating the key pair makes it simple to calculate the value of the public key if a person knows the value of the private key, but the reverse (i.e., to determine the value of the private key based on the value of the public key) is something we call computationally infeasible — it would take more processing time, on more CPUs and GPUs (graphics processor units) running in parallel, to be confident of making that “lucky guess” at going backward through the trapdoor, so to speak, and cracking the private key based only on the public key.  Even Kerckhoffs’s Principle (covered in module 5) doesn’t make these cryptographic attacks any easier! Modern attacks have been done using botnet systems in which CPUs and GPUs become part of a massively parallel attack on such cryptosystems. Trapdoor functions were one of the “new directions” in the Diffie-Hellman paper; the other was using these functions to compute a symmetric session key on demand, without requiring the sender and recipient to first exchange a secret value such as a symmetric encryption key. Suddenly, the key distribution and management problem became much, much simpler. Let’s take a closer look at these ideas and see how they gave rise to public key cryptography as an infrastructure (which we call PKI for short), the widespread use of digital signatures, and a host of other ideas vital to the safe and reliable use of e-business of all forms. 

A PKI is a set of system, software and communication protocols required to use, manage and control public key cryptography. As an infrastructure, it provides foundational services to users by: Publishing the public keys and certificates related to an identity Certifying that a public key is tied to an individual or an identity Verifying that a public key is valid and correct Note that the PKI is working at the level of an identity, and not at the entity level. As a private individual, the human being Kazuko is an entity; each web service or institution they deal with will know them by a different identity, quite possibly with different subsets of the total collection of identifying attributes associated with Kazuko. Each endpoint device, such as their laptops, smartphones, or smart watches, will further encapsulate some of that identity information along with the device’s own identity information, which becomes the identity that will be known by the PKI and its services.  Kazuko, like the other billions of internet users (human, device, organizational or robotic) thus has multiple identities; the PKI must serve them all. Keep this fundamental idea in mind as we work through using the PKI to keep things safe, reliable and secure. 

The compromise of most cryptographic systems does not happen because of weaknesses in the algorithms; instead, it is most frequently due to problems with key management. This is often a human problem when people share keys, distribute keys improperly, choose weak keys, do not destroy old keys or store keys insecurely. History is littered with the defeats of nations and the failures of business ventures because of this. A major part of breaking the code for Nazi Germany’s Enigma machine during the Second World War was the work of the Polish mathematician Marian Rejewski. Working in the Polish General Staff’s Cipher Bureau with allied French military intelligence, he was able to determine the order of the letters on the cipher disks used in the Enigma by gaining access to two months’ worth of old encryption (setting) keys the Germans had discarded. As security professionals, we ought to be able to reach up to our bookshelves and pull down a handbook for cryptographic key and certificate management for business and private organizational use; that handbook doesn’t seem to exist yet.  NIST SP 1800-16, issued in June 2020, is a great start on this effort, but it does not address the small- and medium-sized enterprise needs, nor does the NIST Cybersecurity Framework do this either. Let’s see what we can put together, drawing from the lessons in modules 1 through 4, and a few other lessons from history. 

The previous modules explained the characteristics, strengths, and uses of cryptographic algorithms. As a security professional, we will use these algorithms in many ways including secure email, virtual private networks (VPNs), e-commerce and wireless security. Most cryptographic systems use a combination of symmetric and asymmetric algorithms, hashing, and digital signatures. Chapter 5 will provide you with a more solid foundation in the architectural models of internetworking, as it works through the layers of the OSI 7-Layer model and TCP/IP as protocol stacks. For now, it’s good to know that from the physical interconnection level on up through services used by applications, cryptography provides support to all aspects of security.

Cryptanalysis

This last part of the section on cryptography will examine some of the ways the protection of files and communications has been compromised through the science and art of cryptanalysis. There are many avenues of attack (attack vectors) that can be used against cryptosystems: to attack the key, the algorithm, the ciphertext, the implementation, or the people, but the weakest link in cryptography has to be the people. The easiest attack is through social engineering and convincing someone to disclose a password or other sensitive information. It’s important to realize that cryptanalysis and even cryptographic attacks are methods, not motives. The attackers might be the ethical penetration testers hired by your organization or be part of a law enforcement or national security organization conducting lawful intelligence (and counterintelligence) operations.  Cryptanalysis, the observation of a cryptosystem’s design or operational characteristics, can be used to find vulnerabilities or identify areas for possible improvements in a cryptosystem. Both can be and are done for benign and hostile intents. 

We’ve seen that cryptographic systems, when properly used and kept secure, can support all of the CIANA+PS security needs of confidentiality, integrity, availability, non-repudiation, authenticity, safety, and privacy. This is best done by using hybrid systems that use both symmetric and asymmetric cryptographic algorithms to provide for strong, efficient operation while simplifying the key distribution and management requirements.  Encryption is not the answer to everything, of course. As with any risk management and mitigation control, it has to be applied at the right points in the organization’s information architecture and used correctly to be effective. It also must be managed to continue to deliver the required protection.