Domain

16. Symmetric and Asymmetric Encryption

Information security has grown to be a colossal factor, especially with modern communication networks leaving loopholes that could be leveraged to devastating effects. To mitigate this vulnerability, cryptography is used and in this lesson we will specifically discuss symmetric and asymmetric cryptography. Before we continue, let's make sure we are clear on a few key terms and concepts. First, let's discuss algorithms. An algorithm is basically a procedure or formula for solving a data snooping problem. An encryption algorithm is a set of mathematical procedures for performing encryption on data. Through the use of such an algorithm, information is made in the ciphertext and requires the use of a key to transform the data into its original form. This brings us to the concept of cryptography that has been long used in information security and communication systems. Cryptography is a method of using advanced mathematical principles to store and transmit data in a specific format so that only those who are intended to read and process it can do so. Encryption is a key concept in cryptography. It is a process whereby a message is encoded in a format that cannot be read or understood by an eavesdropper. The technique is old and was first used by Caesar to encrypt his messages. Using the Caesar cipher, plain text from auer can be encrypted to cypher text, then sent through a communication channel, and no eavesdropper can interfere with the plain text.

When it reaches the receiver end, the ciphertext is decrypted to the original plain text. Let's familiarise ourselves with a few more key terms. Encryption is the process of locking up information using cryptography. Information that has been encrypted this way is encrypted decryption.The process of unlocking encrypted informationusing cryptographic techniques is called decryption. A secret like a password is used to encrypt and decrypt information. There are a few different types of keys using cryptography. at a rudimentary level. Symmetry is the quality of being made up of exactly similar parts facing each other or around an axis. When we discuss symmetry in cryptography, we are referring to keys rather than shapes. There are two categories of encryption algorithms. symmetric algorithms, which are encryption and decryption operations using the same key, and asymmetricalgorithms, which are encryption and decryption operations using different keys. We will first discuss symmetric encryption. This is the simplest kind of encryption that involves only one secret key to cypher and decipher information.

Symmetrical encryption is an old and well-known technique. It uses a secret key that can either be an integer, a word, or a string of random letters. It is blended with plain text in a message to change the content in a particular way. The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages. Blowfish AES, RC Four, RC Five, and RC Six are all examples of symmetric encryption. The most widely used symmetric encryption algorithms are AES128, AES 192, and AES 256 The main disadvantage of symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it. Symmetric encryption does provide some unique challenges, however. Let's say that Alice and Bob want to communicate with each other. If they both know the same shared secret, they can use it to exchange encrypted messages with each other. This works great when we only have two people involved. They can simply agree on an encryption key and then use it to communicate with each other. If we have three people involved now, we need to change things up a little bit. Alice and Bob can still use the shared secret key to communicate with each other privately. But now Charlie enters the picture and wants to be able to communicate with Alice and Bob. Each person in the group wants the ability to communicate privately with the other members of the group. Alice already has a way to privately communicate with Bob, but then we need to add a second key that allows her to communicate privately with Charlie. And we still have a missing link here.

Bob and Charlie don't have a way to privately communicate privately.We have to add a third key that allows those two to communicate with each other. So for these three people to communicate privately using symmetric cryptography, we need three keys. As groups get larger, we need more ways to facilitate this communication. Therefore, the challenge of symmetric cryptography is that the larger the group gets, the more symmetric keys you'll need. And that can be expressed in terms of this formula here: n open bracket and minusone closed bracket divided by two. This challenge is thereby allayed with asymmetric encryption. With asymmetric encryption, there are essentially two keys: a private key, which is held secret by the user and not disclosed by anyone else, and a public key. A public key is freely distributed to everyone with whom the user would like to communicate.

Asymmetrical encryption is also known as public-key cryptography, which is a relatively new method compared to symmetric encryption. Asymmetrical encryption is also known as public-key cryptography, which is a relatively new method compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious people do not misuse the keys. It is important to note that anyone with a secret key can decrypt the message. And this is why asymmetrical encryption uses two related keys to boost security. A public key is made freely available to anyone who might want to send you a message. The second private key is kept secret so that you can only know a message that is encrypted. A message encrypted with a public key can only be decrypted with a private key, whereas a message encrypted with a private key can also be decrypted with a public key. Security of the public Because it is publicly available and can be passed over the Internet, an asymmetric key is not required; however, an asymmetric key has far greater power in ensuring the security of information transmitted during communication. Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet. Popular asymmetric key encryption algorithms include RSA, DSA, and elliptic curve techniques.

17. Cryptography Goals

In the information and cybersecurity world, Professionals use cryptography for various reasons. Specifically, there are four goals of cryptography that we are after. These four goals are confidentiality,integrity, authentication, and non repudiation.Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people while making sure that the right people can in fact get it. Access must be restricted to those authorised to view the data in question. It is common as well for data to be categorised according to the amount and type of damage that could have fallen into unintended hands, more or less. Stringent measures can be implemented according to those categories. Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorised people. For example, in a breach of confidentiality, these measures include file permissions and user access controls. Version control may be used to prevent erroneous changes or accidental deletions by authorised users from becoming a problem. In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events,such as an electromagnetic pulse or server crash.

Some data may include checksums, even cryptographic checksums, for integrity verification; backups or redundancies must be available to restore the effective data to its correct states. Another cryptographic goal is authentication. Authentication simply implies that you must prove your identity. For example, Hotmail may authenticate you through your username and password. The final goal of cryptography is nonrepudiation. Nonrepudiation is the verifiable origin of a message more accurately described. Nonreputation refers to a state of affairs where the author of a statement will not be able to successfully challenge the authorship of that statement or the validity of an associated contract. For instance, I send you a PDF contract, you sign it and send it back to me at a later date. You refute that this was in fact your signature. With non-repudiation, that argument is thrown out the door.

18. Codes and Ciphers

To people other than cryptographers, The words "code" and "cipher" are interchangeable. There is, however, a very significant difference. The difference is very simple. A code replaces whole words with symbols, while cyphers replace individual letters with other letters or symbols. A cypher will manipulate the letters of a plaintext, while a code will manipulate the whole word. Of course, cyphers tend to be much more effective. If you had to replace whole words with a symbol, you would need a lot of symbols, whereas if you needed to replace individual letters, you would need approximately 26 symbols. So, to simplify this, we note that an acode is not the same as a cipher. A code is a system that substitutes one word or phrase for another. Codes are designed to provide security and/or efficiency. A cipher, on the other hand, is a system that uses mathematical algorithms to encrypt and decrypt messages. There are two ways cyphers process messages. The first way is stream ciphers. Stream cyphers operate on one character orbit of a message at a time.

Stream cyphers convert one symbol of plaintext directly into a symbol of ciphertext. The other method is block ciphers. Block cyphers operate on large segments of the message. At the same time, block cyphers encrypt a group of plaintext samples as one block. Let's consider the advantages and disadvantages of stream ciphers. One of the advantages is the speed of transformation. Algorithms are linear in time and constant in space. Another advantage is the fact that it has low error propagation. And an error in encrypting one symbol likely will not affect subsequent symbols. Low diffusion is one possible disadvantage. All information for a plaintext symbol is contained in a single cypher text symbol. Another disadvantage is susceptibility to insertions or modifications. An active interceptor who breaks the algorithm might insert spurious text that looks authentic. Now let's consider the pros and cons of block ciphers. An advantage is high diffusion.

Information from one plaintext symbol is diffused into several ciphertext symbols. Another advantage is immunity to tampering. It's difficult to insert symbols without detection. One of the disadvantages of blockcipher is the slowness of encryption. An entire block must be accumulated before encryption or decryption can begin. Another disadvantage is error propagation; an error in one symbol can spread throughout the block. Substitution and transposition cyphers are two categories of cyphers used in classical cryptography. Substitution and transposition differ in how chunks of the message are handled by the encryption process. Substitution cyphers encrypt plaintext by changing the plaintext one piece at a time. Ciphers encrypt plain text by moving small pieces of the message around. Anagrams, for example, are primitive transposition cyphers.

19. Key Lifecycle Management

In this lesson we will discuss key lifecycle management. There are many factors to consider in the life cycle of a key, keeping in mind the types of keys, for example, public and private keys, and their corresponding uses such as authentication, authorization, signing, verification, and so on. There are many potential issues relating to how a key is properly generated, distributed, stored, replaced, deleted, and recovered during its lifetime and provided with adequate protection against threats. Other questions come up as to how long the lifecycle of the key should be, which could range from just a few minutes to one or more years, and the key strength needed to withstand a message. There are also questions about who will be responsible for the generation, usage, replacement, and other phases of the life cycle. The most important aspect to consider is what the key is used for. One should always be careful not to use any key for different purposes. Here, an important distinction is made between data encryption keys, which are used to encrypt data, and key encryption keys, which are used to entirely protect other keys. Keys are fundamentally used for encryption, but encryption often acts as a very cunning proxy for other uses, such as authentication and signing. For instance, you can prove who you are based on the ownership of a key.

Once the key is generated, the key management system will control the sequence of states that a keyprogresses over its life cycle and allow an authorizedadministrator to handle them when necessary. The National Institute of Standards and Technology (NIST) provides strict guidelines for most aspects of the lifecycle of cryptographic keys and has also defined some standards on how a crypto period is determined for each key. A crypto period is the operational life of a key and is determined by a number of factors based on the sensitivity of data or keys to be protected and how much data or how many keys are being protected. From this information, the operational life of the key can be determined along with the key strength, which is proportional to the cryptographic strength of the system. The algorithm, and therefore the key type, is determined by the purpose of the key. For example, DSA is applicable for asigning purposes only, whereas RSA is appropriate for both signing and encryption. NIST specifies cryptographic algorithms that have withstood the test of time.

There are instances when it is necessary for an authorised administrator to make changes to the key's parameters which cause a change in its state during a life cycle. Here's a list of some of those circumstances where the key or associated data or encrypted key is suspected of compromise change in vendor support of products and the need to replace products technological advances that make it possible to attack where it was previously infeasible. change of ownership where a change of keys is associated with a change in assignment of liability. Regulatory requirements contractual requirements or policy crypto period that mandates a maximum operational life. Let's look at the basic phases of a key lifecycle. Do note, however, that every key management solution is different, so not all of them will use the same phases. Some are not used at all, and other phases can be added, such as preactivation activation and postactivation generation. Keys can be generated through a key management system, hardware security module, or by a trusted third party, which should use a cryptographically secure method. seats. The keys, along with their attributes, will then be stored in a key storage database, which must be encrypted by a master key. Attributes include items like name,activation, date, size, and instance. A key can be activated upon its creation or set to be activated automatically or manually at a later time. Each key should have a key strength, generallymeasured in the number of bits associated with it,that can provide adequate protection for the entire useful time of the protected data, along with the ability to withstand attacks during this lifetime. The different key lengths will depend on the algorithm that it uses. A standard cryptographic algorithm is recommended that has been thoroughly evaluated and tested. The next phase is backup and storage. For example, in order to receive a key that has been lost during its use, for example, due to equipment failure or forgotten passwords, a backup copy should be made available.

Backup keys can be stored in a secure manner on external media such as CDs or USB drives, or by utilising an existing traditional backup solution such as a local network. When a symmetric key or an asymmetric private key is being backed up, it must be encrypted before being stored. The next phase is distribution and loading. The objective of the deployment and loading phase is to install the new key into a secure cryptographic device, either manually or electronically. This is the most critical phase for keysecurity and should only be performed by authorised personnel in the case of manual installation. For manual distribution, which is by far the most common method of shared key distribution in the payment space, key encryption keys must be distributed and loaded in key shares to avoid the full key being viewed and clear. Once the Kek is installed, data keys can then be shared securely since they can be encrypted, also known as wrapped in this context. Best practise key management standards such as PCI DSS now mandate that as well as encrypting the key material, the key usage needs to be equally secured, for instance by using a pinblock encryption decryption. While this is a very secure, well-established method of key distribution, it is labor-intensive and it does not scale well. You would actually need a new KK forever point that you share a key with. For larger scale key deployments, for example, managing keys for an entire secure web server farm, asymmetric keydistribution techniques are really the only feasible way.

In this case, the initial step of sharing a Kekusing key share is displaced by the simple technique of deploying a public key. Keys can then be transmitted securely as long as the public key or its fingerprint gets adequately authenticated. The next phase is normal use and replacement. The key management system should allow an activated key to be retrieved by authorised systems and users, for example, for encryption or decryption processes. For the creation and verification of Macs. It should also seamlessly manage current and past instances of the encryption key. The key manager will replace a key automatically according to a previously established schedule according to the key's expiration date or crypto period, or if it is suspected of compromise, which might be received manually by an authorised administrator. When replacing keys, the intent is to bring a replacement key into active use by the system and typically also reencrypt all stored data under the new key. But if the new key has to be used for new sessions such as TLS, then old data does need to be secured by the new key. Replacing keys can be difficult because it necessitates additional procedures and protocols,which may include correspondence with third parties and public key systems. The timing for expiration depends on the strength of the key, the key length, and how long the protected data or key will be valid. In common practice, keys expire and are replaced in a timeframe shorter than the calculated lifespan of the key. As the key is replaced, the old key is not totally removed but remains archived, so it is retrievable under special circumstances,for example, settling disputes involving repudiation. The next step is archival. Archival refers to offline long-term storage forkeys that are no longer in operation. These keys usually have data associated with them that may be needed for future reference, such as long-term storage of emails.

There may also be associated data in other external systems. When archiving a key, it must be encrypted to add security, as recommended in the creation and deployment phases. It may be useful to encrypt a symmetric key with the public key of an asymmetric key pair so that the person or entity holding the corresponding private key can only decrypt it, sometimes depending on the key's deployment scenario. Archival is the last phase in the life process and never moves on to deletion or destruction. An archived key cannot be used for cryptographic requests. Before a key is archived, it should be proven that no data is still being secured with that old key. The last phase is the end of the key lifecycle, where all of its instances or just certain instances are completely removed and recovery of that key may be possible depending on the method used. The end of life for a key should only occur after an adequately long archival phase and after adequate analysis to ensure that loss of the key will not correspond to loss of data or other keys.

There are three methods of removing a key from operation. The first one is key. Destruction. This method removes an instance of a key in one of the permissible key forms at a specific location. Information may still exist at the location from which the key may be feasibly reconstructed for subsequent use. The other method of removing the key from operation is Key Deletion.This method removes an instance of a key and also any information from which the key may be reconstructed from its operational storage use. For example, instances of this key may continue to exist at other locations for archival purposes. The third method of removing a key from operation is Key Termination.All instances and information of the key are completely removed from all locations, making it impossible to regenerate or reconstruct the key other than through a restore from a backup image.

The key management system should be able to handle all the transitions between phases of the life cycle and should be capable of monitoring and keeping track of these workflows. There are certain aspects of monitoring that should be considered. First, it is important to monitor for unauthorised administrative access to the system to ensure that unapproved key management operations are not performed. Next, the computer processor may be under significant load. When combined with an overloaded cryptographic service, the results could be serious,including data corruption or unavailability. Third, monitoring the key lifecycle is also important to ensure that the key has been created and deployed properly.

20. Data Encryption Standard (DES)

Modern symmetric algorithms are extremely complex. The data encryption standard, or desis, is a well-known symmetric algorithm. Des is one of the most widely accepted and publicly available cryptographic systems today. It was developed by IBM in the 1970s but was later adopted by the US. In 1976, the United States established official federal information processing standards. It uses a 56-bit key to encrypt the 64-bit block size data. It processes 64-bit inputs into 64-bit ciphertext, and the algorithm performs 16 iterations. So how does Des work exactly? Encryption of a block of the message takes place in 16 stages or rounds. From the input key, 1648 bit keys are generated, one for each round. In each round, eight so-called S boxes are used. These S boxes are fixed in the specification of the standard. Using the S boxes, groups of six bits are mapped to groups of four bits. The contents of these S boxes have been determined by the US. The National Security Agency The NSA The S boxes appear to be randomly filled, but this is not the case. Recently, it has been discovered that these Sboxes, determined in the 1970s, are resistant to an attack called Differential Crypt Analysis, which was first known in the 1990s. The body of the message is divided into two halves.

The right half is expanded from 32 to 48 bits using another fixed table. The result is combined with the sub key for the round using the XOR operation using the S boxes. The 48 resulting bits are then transformed again to 32 bits, which are subsequently permutated, again using yet another fixed table. The now thoroughly shuffled right half is now combined with the left half using the XOR operation. In the next round, this combination is used as the new left half. The figure you see before you should hopefully make this process a bit more clear. In the figure, the left and right halves are denoted by L zero and R zero, and in subsequent rounds as L one, R one, L two, R two, and so on. The function is responsible for all the mappings described.

This secret key encryption algorithm uses a key that is 56 bits long, or seven characters long. At the time, it was believed that trying out all possible keys would be impossible because computers could not possibly ever become fast enough. In 1998, the Electronic Frontier Foundation, or EFF, built a special-purpose machine that could decrypt messages by trying out all possible keys in less than three days. The machine cost less than $250,000 and searched over 88 billion keys per second. So, to summarise our learning about the Data Encryption Standard, here's what we know. The Data Encryption Standard is a secret key encryption scheme adopted as a standard in the US. In 1977, It uses a 56-bit key, which is considered by many to be insufficient, as it can,with moderate effort, be cracked by brute force. A variant called Tripleze uses a longer key and is more secure, but has never become popular. The Advanced Encryption Standard (AES) is expected to supersedeDES as the standard encryption algorithm. Do note that Des is no longer considered secure.

Study with ExamSnap to prepare for ISC CISSP Practice Test Questions and Answers, Study Guide, and a comprehensive Video Training Course. Powered by the popular VCE format, ISC CISSP Certification Exam Dumps compiled by the industry experts to make sure that you get verified answers. Our Product team ensures that our exams provide ISC CISSP Practice Test Questions & Exam Dumps that are up-to-date.