# Principles of Cryptography ## What is Cryptography Security professionals must have an adequate understanding of cryptography and how to properly use it. The following definitions will aid you in understanding key concepts for this lesson: | Term | Definition | | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Cryptography** | is the practice and study of techniques for secure communication in the presence of third parties called adversaries. \[Wikipedia] | | **Cryptanalysis** | is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. \[Wikipedia] | | **Cipher** | an established technique to hide or disguise a message; a code | | **Key** | a predetermined secret used to secure a message | | **Plaintext** | a message in its original readable format | | **Ciphertext** | a message in a coded form | | **Encrypt** | the process of using a key and cipher to convert plaintext into ciphertext | | **Decrypt** | the process of using a key and cipher to convert ciphertext into plaintext | ### Cryptography for Confidentiality ![](https://1537012814-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA-cJ-5ZVq2w4vJSL1B%2F-LA-cNW8I_aJ-gt-4gO7%2F-LA-cPYSjFn6ci56SBNd%2FSSL.png?generation=1523650279317803\&alt=media) We typically use encryption to ensure our files and communication channels are secure from eavesdroppers. An excellent example of using crypto in everyday life is navigating to a website using SSL/TLS encryption. For example, if we navigate to `https://www.cyberdefensetrainingacademy.org` in the Firefox web browser, we will notice the green lock showing that the website uses encryption between your computer and the webserver. You may also notice the use of **https\://** instead of **http\://** on the beginning of the URL. This denotes a secured HTTP connection. If we do a little more investigation by clicking on the green lock, we can check out the certificate information, expiration, etc. But this is for a later lesson. ### Cryptography for Integrity Cryptographic hashing has been used for years by law enforcement. Hashing ensures digital evidence does not change as it moves through the chain of custody from the point of seizure to forensics labs for analysis. Without the verifcation of integrity provided by cryptographic hashing, digital evidence could be challenged and found inadmissible in a court of law. Coaches and participants in the CyberPatriot competition also use the MD5 or SHA1 hashing algorithm to verify downloaded competition images. File hashes are commonly referred to as file "fingerprints" due to their unique nature. For example, we downloaded a file called *CP\_image.zip* from a website on the Internet. On their website, they post the MD5 for this file as `d577273ff885c3f84dadb8578bb41399`. Using a Linux system, we can use the *openssl* application to generate the MD5 hash for this file. Take a look at the following command line output: ``` jds@affinityhq$: openssl md5 CP_image.zip MD5(CP_image.zip)= d577273ff885c3f84dadb8578bb41399 ``` As you can see, our compiled MD5 hash matches what was posted on the website. This is how we can verify the integrity of our files. ## Origins of Cryptography ### Transposition Ciphers Since ancient times, military commanders and heads of nations have used some sort of cryptography to secure their messages from their adversaries. The earliest accounts of cryptography used a method called a **transposition cipher** where letters were moved to different positions in the message. For example, our message is *A SIMPLE MESSAGE* ![Transposition](https://1537012814-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA-cJ-5ZVq2w4vJSL1B%2F-LA-cNW8I_aJ-gt-4gO7%2F-LA-cPZOQRQVNleWTdWj%2Ftransposition.png?generation=1523650283441953\&alt=media) Take a look at [Crypto Corner's](http://crypto.interactive-maths.com/simple-transposition-ciphers.html) example of transposition ciphers. Toward the bottom of the page are examples of how to encipher plaintext of your choosing. ### Substitution Ciphers Using a transposition cipher, we would swap each letters position to scramble the message. The issue with this type of cipher is that single letter pieces of the message are left unchanged making this message easy to decrypt. Later, the **substitution cipher** was developed to ensure that all aspects of the message becomes enciphered. Earliest accounts of the substitution cipher were used during the times of Julius Caesar where he would *shift* the letters based on a key. For instance, looking at the English alphabet ``` A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ``` If we used a shift key of **2**, we would take a letter of our message, shift down two letters, then replace that letter with the new value. If the letter was *A*, after the shift the new enciphered letter would be *C*. Let's take our message from the last example and use a shift key of **2** to encipher the message. After the enciphering, we get the following result: ``` Plaintext: A SIMPLE MESSAGE Ciphertext: C UKORNG OGUUCIG ``` Take a look at [*Crypto Corner's*](http://crypto.interactive-maths.com/caesar-shift-cipher.html) example of substitution ciphers and encipher your own plaintext messages. ### Steganography Steganography is the art of hiding messages in plain sight. It is not considered an implementation of cryptography; however, it can be a clever way to hide messages. As an example, in ancient times, some would tattoo messages on a person's head and have them regrow their hair before sending them to the message's recipient. Later, invisible ink, microdots, etc. were used to hide messages in plain sight. ### The Enigma ![](https://1537012814-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA-cJ-5ZVq2w4vJSL1B%2F-LA-cNW8I_aJ-gt-4gO7%2F-LA-cPaImp5i9y826cSU%2Fenigma.jpeg?generation=1523650283046174\&alt=media) During World War II, Germany realized the importance of encrypting messages before transmission. German engineer Arthur Scherbius developed a way to encipher these messages using a complex machine called *the Enigma.* What the Germans quickly realized was that making the cipher \[the Enigma] a secret and hoping it would never end up in enemy hands was a grave mistake. During the late 1930's, Allied Forces were able to acquire an Enigma device. The British scientist Alan Turing, known as the "father of modern computing," along with other scientists, were able to cryptanalyze the device and attack Enigma-encrypted messages. > Image courtesy of Wikipedia ## Modern Cryptography Most modern cryptography relies on a *key* remaining the secret and the *cipher* a known algorithm. Standards like the **Advanced Encryption Standard (AES)**, the replacement to the Digital Encryption Standard (DES), have been developed and published to the community for review. The two main classes of modern cryptography are *symmetric* and *asymmetric* cryptography. #### Symmetric key cryptography ![](https://1537012814-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA-cJ-5ZVq2w4vJSL1B%2F-LA-cNW8I_aJ-gt-4gO7%2F-LA-cPbrDk3UnDpM-69T%2Fsymexample.png?generation=1523650283466949\&alt=media) Symmetric cryptography, also known as *secret key* cryptography, uses a pre-shared key for its operation. A user will generate their secret key and use a cipher to encrypt their message. It is important to remember that a new key must be generated for each communication channel. For example, the picture above shows *Alice* communicating with *Bob* using channel keyed with *Key 1*. She also attempts to communicate with Charlie, but instead of using the key she used with Bob, she generates a new one (*Key 2*). This is to ensure that her communication with Bob cannot be decrypted by Charlie or anyone else other than Bob. As a common practice, the ciphertext will be transmitted to the recipient and the secret key shared outside of the original communications channel. For example, we would send the message over the Internet, then call the recipient on the telephone and tell them the key. Otherwise, if an eavesdropper were able to capture both, they could decrypt the message. The following image is an example of symmetric key cryptography. Here we use the secret key for both the encryption and decryption operations. ![Symmetric Crypto](https://1537012814-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA-cJ-5ZVq2w4vJSL1B%2F-LA-cNW8I_aJ-gt-4gO7%2F-LA-cPc17QHVnXrzlAXH%2Fsym_encryptdecrypt.png?generation=1523650283266971\&alt=media) Symmetric cryptography is designed for fast encryption and decryption operations on large sets of data. Typical uses for symmetric crypto include: * Full disk encryption (data at rest) * File encryption * Securing communication channels Examples of symmetric cryptographic algorithms include: * DES (never use this!!!) * AES * RC4 #### Asymmetric key cryptography Asymmetric cryptography, also known as *public key* cryptography, uses two keys for its encryption and decryption operations. A *private* key is generated and typically secured by the user. A *public* key is generated along with the *private*, but typically distributed to an individual or group of individuals. Let's use Alice and Bob for another example. Both Alice and Bob generate their key pairs, secure their private keys, and publish their public key to a server on the Internet. Alice is looking to send an encrypted message to Bob and will do the following: 1. Retrieve **Bob's public key** from the Internet 2. Encrypt her message with Bob's public key 3. Send the encrypted message to Bob From here Bob will do the following: 1. Find his **private key** 2. Decrypt Alice's message with his private key 3. Read the decrypted message If Bob wanted to reply to Alice, he would: retrieve Alice's public key, encrypt the message with her key, and send his encrypted message. Alice would use her private key to decrypt and read the message. The following is an example of asymmetric key cryptography using *public* and *private* key pairs. ![Asymmetric Crypto](https://1537012814-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA-cJ-5ZVq2w4vJSL1B%2F-LA-cNW8I_aJ-gt-4gO7%2F-LA-cPhK0nkK86pGYNJO%2Fasym_encryptdecrypt.png?generation=1523650278604675\&alt=media) Asymmetric cryptography is typically used for smaller datasets like email or to secure symmetric cryptography keys for transmission across the Internet. You will learn more about this in later lessons. Examples of asymmetric cryptographic algorithms include: * RSA * DSA #### Digital Signatures There comes a time when we might not want the overhead of encrypting and decrypting a message, but want to ensure its *integrity* during transmission. In some cases we may also need a way to validate the data's author. For this we can use asymmetric cryptography to digitally sign the data. As mentioned in a previous section, we typically use cryptographic hashes to ensure the integrity of the file. The same applies to our messages. Using Alice as an example, she creates a program called `alicerocks.exe`. She generates the following MD5 hash: ``` alice@nhq$: openssl md5 alicerocks.exe MD5(alicerocks.exe)= 00112233445566778899AABBCCDDEEFF ``` We can download Alice's program and generate our own hash for verification. But how do we know that Alice was the one that wrote the program? To show ownership, Alice will use her **private key** to encrypt the cryptographic hash of her program. She then posts her program along with its digital signature Bob downloads both the program and digital signature from the Internet. To verify that Alice was the original author, he: 1. Retrieves **Alice's public key** from the Internet 2. Decrypts the digital signature to retrieve the file hash 3. Generates a hash of `alicerocks.exe` 4. Compares the generated hash to the digital signatures hash If the hashes match, Bob can verify that Alice was the author and continue to use the program...if he trusts her. ## [Take the Quiz](https://elearn.txwgcap.org/mod/quiz/view.php?id=137) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cap-cdta.gitbook.io/cyberspace-principles-course/table-of-contents/principles-of-cryptography.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.