Introduction To Cryptology
In computing terms, cryptography is one of the primary technical methods by which individuals and organizations protect against the disclosure of their sensitive information. This is accomplished through the development and implementation of complex mathematical calculations, or ciphers. A key is used to turn human-readable content into ciphertext and, depending on the use case, the same or a different key is used by the intended recipient to convert the information back into something meaningful. Cryptoanalysis, on the other hand, is the practice of studying algorithms and observing their mechanics as a way of defeating them. If we put the two into one profession together we get cryptology.
Cryptography has been used as a way of ensuring confidentiality as far back as ancient Greece. The Spartans were known to have used a scytale, a tool which entailed a piece of parchment and a wooden handle. The ciphertext was written vertically on a long, narrow piece of paper and, when wrapped around the handle, the message would be revealed.
Another example of primitive cryptography was the Vigenere cipher. This utilized a table, known as a Vigenere square, where the alphabet was written out on both an X and Y axis. The alphabet commenced at the letter noted at the beginning of the respective column or row and naturally filled out each grid on the table.
The cipher works by choosing a plaintext message and an accompanying word to serve as the key. The key must be as long as the plaintext message and so the key repeats until it is of equal length. When encrypting or decrypting the message, our plaintext uses the Y axis and the key uses the X axis. Our ciphertext reveals itself at the point of intersection. Using crusec as the key, observe the following as an example:
Key: c | r | u | s | e | c | c | r | u | s
Plaintext: c | r | y | p | t | o | l | o | g | y
Ciphertext: e | i | s | h | x | q | n | f | a | q
One last historical example is that of the one-time pad. Used primarily during military operations, a sender and recipient would have an identical book where each page served as a long, randomly generated key. Upon use, the key was burned and never reused. The one-time pad is considered to be the only cipher offering perfect secrecy because the key was randomly generated and exactly as long as the plaintext message. This is to say that there are as many possible keys as there are plaintexts, and no key is more promising statistically than any other. Due to the burden of use and physical protection required for the one-time pad, it is often too complex and expensive to use.
Modern cryptography is much more sophisticated than the examples listed above. By utilizing secret, obscure pseudorandom algorithms we can be reasonably certain that only the intended recipient of our message will be capable of deciphering it. Today’s ciphers are broken up largely into three categories: symmetric, asymmetric and hashing algorithms. Hashing algorithms are unique in that they are considered a one-way function, meaning it is easy to compute the input but very difficult to reverse it. Symmetric and asymmetric algorithms are often either block ciphers or stream ciphers. In a stream cipher each individual bit of the message is encrypted at a time. The one-time pad is an example of such. Block ciphers, on the other hand, encrypt chunks of a message at a time. In either case, the confidentiality derived from a cipher is largely contingent on the key size it supports.
Cryptography serves as the point of intersection between computer science and mathematics. We will discuss attacks on cryptography near the end of this article, but they all largely rely on dissecting the anatomy of a cipher. By testing input and observing output, patterns within the technology may be discovered thereby compromising it. As we discussed earlier, the only method of providing true perfect secrecy is the one-time pad; the reason being that the key is 1.) randomly generated and 2.) as long as the message itself. The computational power required to accomplish this for everything cryptography is used for today is simply unrealistic in the overwhelming majority of scenarios. Modern cryptography has created a way around this through the use of pseudorandomness. That is to say that, upon observation, a cipher accepted by the industry appears to be no different in its functions than a truly random one. This truly random computation is known as the Random Oracle Model, and cryptographers attempt to create ciphers as close to a random oracle as possible. A random oracle can be imagined as an elf sitting in a box with a source of physical randomness (say a set of dice) and a means of storage (perhaps a scroll and quill). When receiving input, the elf will look through its scroll and determine if the query was ever made before. If it was, it will provide the same output displayed by the scroll in association with the correlated input. If, however, the query had never been made before, it will roll the dice and therefore generate a new output at random. This new output will be stored in the scroll in the event the query is ever made again. In reality, any cipher is going to be an array of mathematical functions and therefore not truly random, but they should look random. The Random Oracle Model helps explain why key generation is one of the most important features of cryptography. Many algorithms rely on the creation of random numbers, and the quality of this creation very well may render a cipher useless.
Symmetric ciphers are those that use a single key for both encryption and decryption. The biggest benefit to symmetric cryptography lies in its speed. It is very often thousands of times faster than asymmetric encryption because it only distributes a single key to each communication link. Because of this it is not very resource intensive, and is therefore better suited for technology with limited computing power such as mobile devices. Fewer resource requirements also means it is cheaper to implement. Symmetric encryption is also used frequently for data at rest through file or whole-disk encryption. Its functionality is simple: In order to protect User A and User B from User C snooping on their conversation, they will share a unique key that each of them hold for the purpose of encrypting and decrypting their messages. Likewise, if User A wants to send User C a message, they too must share a key. As one could imagine, the scalability of such a system is very encumbering to implement in large environments. This is demonstrated by the following equation for determining symmetric key requirements, where N represents the number of users:
Aside from this, if a single user leaves the company, each key shared with that individual will have to be regenerated. Distribution of keys is often times an issue as well considering interception of a key means the potential compromise of all communication encrypted by it.
Two examples of modern symmetric ciphers include 3DES (“triple” DES) and Rijndael. Many other algorithms exist, though they have either been broken or are largely inferior to Rijndael. 3DES itself can often be very slow and resource intensive comparatively, which largely defeats the purpose of using symmetric cryptography in the first place. In 2000 it was announced by NIST that Rijndael was officially replacing DES, the predecessor to 3DES, and was dubbed the Advanced Encryption Standard (AES). While technically a standard, AES also refers to a variant of Rijndael that resulted from the NIST competition and remains one of the most widely used symmetric ciphers today. The most significant difference is that the AES block size is restricted to 128 bits, whereas the Rijndael block size is variable.
Asymmetric cryptography gets its name from the fact that it relies on one public key and one private key for every transmission. As such, it is often called public key cryptography as well. Through the utilization of public keys, asymmetric ciphers alleviate many of the issues caused by symmetric key distribution and implementation. Everyone within the communication chain has a single private key and a single public key, meaning key requirements can be calculated with the formula 2n, again where ‘N’ indicates the number of people needing to communicate. The public key is, as indicated by its name, openly available for anyone to see. It is used to encrypt messages to the keys owner, which in turn can only be decrypted by the recipient’s private key. The RSA cipher remains largely used today.
One particularly appealing characteristic of asymmetric cryptography is that it provides nonrepudiation, a feature where an individual is unable to deny certain actions because their private key is unique to them. This is the case when using digital signatures.
As discussed earlier, though hashing functions work in a fashion similar to symmetric and asymmetric cryptography, they are unique in the fact that they focus largely on the integrity of information rather than its confidentiality. It does so by receiving input, generally as a message or file, and outputs a checksum unique to that specific item. The biggest criterion here is that the hash function is collision free. This indicates that, even if two files with identical content exist, they will both be given unique hashes. Integrity comes into play given the fact that if a file is even remotely modified its hash value will completely change. SHA-3 was adopted by NIST as the standard for hashing functions in 2015.
Like any aspect of security engineering, there is no silver bullet solution that works universally well for every environment and use case. Consider these factors before moving forward with any cryptosystem:
Requirements are largely going to be influenced by performance impact, compatibility with existing systems, and regulatory requirements. Be aware of these while project scoping.
Asymmetric cryptography will be more costly to implement, in monetary terms as well as in resource requirements. However, symmetric encryption may be less suited for data in transit where the quality of the cipher suite could be the difference between confidentiality and disclosure.
Certain countries and regulations restrict cipher suites to a select few candidates. Ensure you will be maintaining compliance in your decisions.
A cryptosystem being Federal Information Processing Standards (FIPS) validated provides assurance that one or more security functions are utilized by the mechanics of a given cipher or technology. See the full list here.
This is largely to say that you do not want to implement anything developed internally without appropriate credentials and external professional review.
An organization will have to determine how they will go about certifying specific keys for specific environments.
Key length and hash size determine a system’s resilience to cryptographic attacks. Bigger is better, but more costly. Each entity will have to determine their unique position where security and performance impact intersect.
Key rotation is needed for many of the same reasons that password policies exist. Excessive rotation, however, can strain personnel.
Key length and key rotation go hand in hand. Key lengths need to be long enough to withstand brute-force attacks for periods greater than key rotation duration.
Key revocation lists will need to be maintained for all keys that are retired.
NSA-approved algorithms, said to be “vetted”, provide assurance that no publicly available vulnerabilities exist.
Cryptography attacks rely on discovering patterns. The Vigenere cipher shown earlier was revolutionary for its time because it utilized multiple alphabets when encrypting a message. A more primitive cipher, the Caesar Cipher, worked simply by moving the entire plaintext X number of spaces down the alphabet. An example of this is ROT13, where each letter in a message is replaced with the 13th letter following it. Here’s an example:
Plaintext: c | r | y | p | t | o | l | o | g | y
Ciphertext: p | e | l | c | g | b | y | b | t | l
The recurrence of the letters ‘o’ and ‘y’ reflect in the ciphertext. It would not take a crytoanalyst very long to crack the cipher through the use of frequency analysis. The Vigenere cipher would have prevented this kind of attack, but is itself susceptible to a known plaintext attack. If an analyst was able to obtain both the plaintext and ciphertext versions of a message, they would be able to reconstruct the Vigenere table. This was ultimately the fate of the Vigenere cipher.
Many other attack variations exist, each relying on different resources and spanning several levels of sophistication. Some of these include the following:
Brute Force – Every possible key combination is attempted in order to decrypt a message. If given enough time, brute force attacks will always prevail. This is why key length is so important in cryptography. Every extra bit added to a key will double the amount of time required to crack it. The use of rainbow tables and exceptionally powerful hardware may reduce this time requirement.
Replay Attack – Encrypted messages are intercepted and then resent at a later time to create a new session. This can be deterred through the use of time stamps and expiration periods for messages
Chosen Plaintext – Given the ability to encrypt plaintext messages of their choosing, an attacker can analyze the output and look for patterns.
Chosen Ciphertext – Given the ability to decrypt ciphertext messages, an attacker can use the decrypted messages to discover the key
Known Plaintext – Given access to both the plaintext and ciphertext messages, an attacker can attempt to figure out how the cipher works.
Birthday Attack – This is based off of the birthday paradox that states, given a room of just 23 people, there is a 50% probability two of them will share the same birthday. This attack against hashes occur when an attacker substitutes a digitally signed message with a different one that creates the same message digest. This type of attack reaffirms the need for pseudorandomness in cryptographical functions.
While many attacks exist, the most common one occurs when the infrastructure environment performing the encryption, and subsequently its keys, is compromised.
This article attempts to provide a very, very brief overview of cryptology. There are entire textbooks written on each individual piece covered here, and we didn’t even dive into Public Key Infrastructure, key management, certificates, digital signatures, the specifics of each cipher, or the actual mathematical workings of ciphers in use today. Cryptology is a field of study unto itself, and is one I simply don’t belong to. As a security engineer, it’s important to understand the theory of cryptography, why and how to use it, and how to protect keys and certificates. In the next article we will conduct a hands-on lab performing whole disk encryption with VeraCrypt.