-9th of September 2009
Cryptography is the science of providing integrity, confidentiality and authentication to messages sent over insecure channels. This text will provide basic information about cryptographic functions, signatures, distribution of keys and the purpose of certificates.
Symmetric Key Encryption:
Also called the secret key cryptography. It is based on that the involved parties for communication agree on a shared secret for encrypting and decrypting the messages used in the communication.
In the process of encryption and combining ciphertext(encrypted text), plaintext, the secret key, and making up a message of arbitrary length from this - there are commonly used four methods that each create a output of message blocks with fixed length.
These are named;
These methods are described as Block cipher modes of operation.
It is argued that these methods provide only confidentiality or message integrity, not both. For other methods with more options, see the last link.
Additionally, for encrypting data when using symmetric key encryption, the following definitions are used by the previous four methods to do theyr work:
- ECB(Electronic CodeBook).
- CBC(Cipher Block Chaining).
- CFB(Cifer FeedBack).
- OFB(Output FeedBack).
Asymmetric Key Encryption:
- DES(Data Encryption Standard).
- 3DES(Triple DES).
- RC-4(Rivest Cipher 4).
- IDEA(International Data Encryption Algorithm).
- AES(Advanced Encryption Standard).
Also called Public Key Encryption, uses a system of a private and a public keys to decrypt and encrypt messages in communication between two parts. The private key should always be kept private, and thus never sent or distributed anywhere. The keys are used for either decrypting or encrypting messages in a communication between two parts, where one key in the pair is the only one that can decrypt messages encrypted by the other.
The public and private key pair is generated at each end of the communication, then the public keys are exchanged. If I then want to send a message, I will encrypt it with my private key. Anyone that has gotten a hold of my public key, can then decrypt it. But since only I have my private key that encrypted the message in the beginning, the receiver can be sure that the message originated from me. With this method, the receiver can be sure of who is the sender, but anyone can read the message with my public key. To remedy this problem I could in addition to encrypting the message with my private key, also encrypt it with the receivers public key. This way, my private key encryption assures the receiver where the message is coming from, and assures that only the receiver can decrypt the message with his private key.
When the message is originating at the other end of the communication, the receiver of my public key can encrypt the message with my public key and be assured that only I can read the message. Since I am the only one that has my private key, that is the only key that can decrypt an encryption done by my public key.
Hash Functions take data of a given length and outputs a code of fixed length(the message digest), as a kind of a fingerprint for identifiying the sender of the message. For this to work, four aspects of the hash function must be true:
The receiver of the message can there by verify the sender by inputing the message into the same hash function as the sender. Assuming that only the receiver and the sender of the message have the hash function, the receiver will know that the message is from the correct sender if the message digest matches with the message digest attached with the message from the sender.
- The function must always create the same output given the same input.
- The function must only be able to work one way.
- The result of the function must appear to be random, to prevent guessing.
- The output should be unique, two different inputs should not create the same result or message digest.
This technique can be a victim for a man-in-the-middle-attack, where the attacker tampers with the message digest attached to the message. A solution to this problem is to provide keyed hash functions, or Digital Signatures.
When encrypting the message digest of a hash function, we create a digital signature. When this is done we give proof of who the sender of the message is via the message digest, and we manage to encrypt it and thus protect it from tampering thanks to a asymmetric public key encryption.
Distribution of Keys:
When distributing secret keys to multiple clients over a network infrastructure, we often refer to a Key Distribution Center(KDC) as the source distributer and central manager of keys. KDC's are mostly used with symmetric encryptions. A common method of distributing secret keys in a secure manner over a open network is the Diffie-Hellman algorithm.
A digital certificate contains a public key for asymmetric encryption, often distributed from a Public Key Infrastructure(PKI). The digital certificates are distributed to users that are intended for the certificate, and thus verifying that the public key in the certificate belongs to the receiver. A part of such a infrastructure can for instance be a Certificate Authority(CA), to distribute, enroll and revoke certificates.
Source: Designing Network Security, 2nd Edition. ISBN: 1-58705-117-6
Tagged as: Cryptography, Linux