Cryptography, Hash functions, Symmetric ciphers, Block ciphers and more!

Hello!

I’ve been taking the SEC401: Security Essentials course by SANS and learned a few useful things about cryptography that I would like to share here!

[Image credits: News.mit.edu]

Cryptography 101

Cryptography is the study of methods to securely transmit information in the presence of eavesdroppers. The main goal of cryptography is to devise algorithms which can be used to store and transmit sensitive information over a medium that is inherently insecure. Most cryptographic algorithms have two stages:

1. Encryption: the process of coding a message in such a way that its true contents are hidden.

   • Conversion from plaintext to ciphertext

2. Decryption: the process of transforming an encoded message back in to its original form.

   • Conversion from ciphertext to plaintext

Plaintext: a message in its original, human-readable form.

Ciphertext: a message in its encrypted, unintelligible form.

[Image credits: securitysearch.techtarget.com]

The Security versus Obscurity dilemma!

While using many popular cryptographic techniques such as XOR cipher or Base64 cipher, it is common to fall into a false sense of security. It is imperative to remember that hiding something does not necessarily mean securing it. One might think using a long, secure key for encrytion makes the ciphertext unbreakable, but this is not true. Keeping the key secure, is in itself a big challenge! It is common for encryption keys to get stolen via keyloggers and Remote Access Trojans (RATs). While using long, alphanumeric + special characters keys is a good practise, it is important to remember that it it not 100% secure!

Types of ciphers

A. Symmetric key cipher

Symmetric key ciphers involve both, a sender and a receiver using the same key to encrypt and decrypt messages, hence the name symmetric.

Some common symmetric ciphers include:

1. Arbitrary substitution: each character in the alphabet is substituted with another character in a one-to-one mapping.

   For example for a language with 6 alphabets: A, B, C, D, E, F we could come up with the following subsititution:

    A --> E
   
    B --> F
   
    C --> D
   
    D --> C
   
    E --> A
   
    F --> B
   

   Now, to encode the plaintext word BAD, we would replace each character in the plaintext with the letter it maps to, to get the ciphertext. So, BAD becomes FEC.

2. Caesar cipher: also known as rotation substitution, is similar to arbitrary substitution but instead of having a random, arbitrary mapping each character is substituted with the character some constant number of jumps away.

   For example, for a rotation cipher with a right shift of 2, the following mapping is obtained:

    A --> C
   
    B --> D
   
    C --> E
   
    D --> F
   
    E --> G
   
    F --> A
   

   Now, the plaintext word BAD would become DCF in ciphertext.

[Image credits: Britannica.com]

1. ROT13: is a special version of the Caesar cipher in which each character is substituted with the character 13 spaces ahead.

   Now, the plaintext word BAD would become ONQ in ciphertext.

[Image credits: Wikipedia.com]

B. Transposition cipher

Transposition cipher, also know as a permutation cipher, involves shuffling the characters in a word to generate a ciphertext. The key is then generated by replacing each letter in the original word with its index in the ciphertext.

For example the word BAD would be encoded as follows:

1. Shuffle the characters: DBA
2. Replace BAD with each letter’s index in the shuffled word. So B is replaced by 2, A with 3 and D with 1.
3. Resulting key: 231.
4. To decode, replace each number in the key with the alphabet at that numeric index in the cipher word. So for ciphertext DBA with key 231, replace 2 with B, 3 with A, and 1 with D.

C. Block cipher

The most commonly used type of cipher today, in block cipher, a single fixed-length block of data is encrypted at a time, but using the same key. Block-ciphers have well-defined modes of operation that control how a block operation is repeatedly applied to ensure robustness while also remaining determinitic for the receiver to be able to decode.

The most common modes of operation are:

1. Electronic Codebook (ECB): the same key is used to encrypt each block. If two blocks are identical, the generated ciphertext will be identical too. This is the weakest type of block ciper and is vulnerable to brute-force attacks.

2. Cipher Block Chaining (CBC): is similar to ECB but with one additional step: the current block’s plaintext is XOR’d with the previous block’s ciphertext, and then encoded. Using CBC, two identical plaintext blocks will never result in the same ciphertext, hence being a little more secure.

3. Cipher Feedback (CFB): is a type of a self-synchronizing stream version of CBC. In CBC, if the previous previous block was missed or dropped, all forthcoming blocks would fail to decode. However, this is not true for CFB. CFB makes use of shift registers for this purpose. Instead of encoding the complete block in a single attempt, the number of bytes equal to the shift register’s size are encoded and XOR’d with the plaintext to give a ciphertext that is smaller than the block size. The entire block’s size is then filled up with padding. Hence, if some part of the block is lost, if number of bytes equal to the shift register size are received, the stream can be decoded despite a previous data loss.

4. Output Feedback (OFB): is similar to CFB, however it aims to provide the ability to handle bit flip errors and to prevent the same plaintext block from resulting in the same ciphertext block by using a feedback mechanism that is independent of the plaintext and previous ciphertext.

This is how a block cipher is generally encoded:

1. Breakdown the plaintext into fixed-size blocks of text.
2. Pad the last block to get a fixed length block, if necessary.
3. Generate a sub-key from the main key.
4. Encode the block using one of the modes of operation described above.

D. Asymmetric key cipher

Asymmetic key cipher is also commonly called a Public key cipher. It includes two pairs of keys:

1. Public key: a key that can be used for encryption/decryption and is distributed publically. It is commonly used as part of digital certificates for identity verificaton.

2. Private key: a key that can be used for encryption/decryption but unlike the public key, this key is kept hidden and well-guarded.

Assymetric key ciphers rely on mathematical functions that are related such that when a plaintext message in encrpyted with one key of the pair, it can only be decrypted with the other key of the same pair. Hence their use for identity verification.

Assymetric key ciphers are commonly used in Secure Socket Layer (SSL) and Transport Layer Security (TLS) to exchange a session key in a secure manner.

E. Hash function

Hash functions are vastly different from the ciphers we have discussed so far, mainly because of two reasons:

1. They do not use keys.
2. They are one-way functions and hence the it is impossible to regenerate the plaintext from the ciphertext.

Hash functions are mainly used in crytography to test message integrity. The hash value is considered a signature of sorts, even if a single bit in the message is altered, recomputing the hash will result in a vastly different value, thereby invalidating the digital signature.

[Image credits: Medium.com]