Here are some basic cryptographic terms that will help when examining a vendor's security solution, discussing security controls with colleagues, and implementing a security solution.
Clear text that is readable.
Encrypted text that is unreadable.
Transforming data into an unreadable format. For example, using Caesar's cipher to encrypt the word cat would result in fdw. Encryption here has moved each character forward by three letters.
The act of obtaining plain text from cipher text without a cryptographic key. It is used by governments, the military, enterprises, ethical hackers, and malicious hackers to find weaknesses and crack cryptographic systems.
A hash value that has been encrypted with the private key of the sender. It is used for authentication and integrity.
Chain of Trust
The relationship between subordinate certificate authorities. The concept of chain of trust is critical in the world of public key infrastructure as it provides a means to pass trust from one entity to another. It allows the delegation of certificate duties to a subordinate certificate authority.
Root of Trust
Root of trust can be described as the concept of trust in a system, software, or data. It is the most common form of attestation and provides a basic set of functions that are always trusted by the operating system. Attestation means that you are validating something as true. A root of trust can be designed as hardware based, software based, or hybrid. The Trusted Platform Module (TPM) is one of the most common.
Think of root of trust as something that has been deemed trustworthy. As an example, if you are asked to serve on the jury of a court case, the lawyers should be seen as trustworthy. That's because the court trusts that the lawyers are licensed to practice law in the state and that a client-to-lawyer relationship has been established by the legal system, and because the court uses a well-defined procedural process for evidence to be admitted. Although computer systems don't need lawyers, let's hope, they do need trust, and that is the role that TPM plays. TPM has a root of trust that is defined by the endorsement key (EK) pair. It is a unique RSA key found within all TPM devices.
Classification of Cryptographic Systems
Cryptographic systems can be broadly classified into symmetric, asymmetric, and hashing:
This type uses a single private key.
This type uses two keys: a public key known to everyone and a private key that only the recipient of messages uses.
Both symmetric and asymmetric cryptography make use of a key. The key is input into the encryption algorithm as data on which to perform mathematical operations such as permutation, substitution, or binary math.
A hash is a defined mathematical procedure or function that converts a large amount of data into a fixed small string of data or integer. The output of a hash is known as a hash value, hash code, hash sum, checksum, fingerprint, or message digest.
An algorithm is a set of rules or ordered steps used to encrypt and decrypt data. The algorithm is a set of instructions used with the cryptographic key to encrypt plain text data. Plain text data encrypted with different keys or dissimilar algorithms will produce different cipher text.
Cipher text is data that is scrambled and unreadable. When plain text is converted into cipher text, the transformation can be accomplished in basically two ways:
- Block Ciphers Function by dividing the message into blocks for processing.
- Stream Ciphers Function by dividing the message into bits for processing.
How strong the encryption process is relies in part on the cryptographic key. The cryptographic key, or simply key, is a piece of information that controls how the cryptographic algorithm functions. It can be used to control the transformation of plain text to cipher text or cipher text to plain text.
For attackers to brute-force the cryptographic system, they would need to guess the key. That is why the more values or combinations for the key, the longer it will take for an attacker to gain access to your encrypted data. The security of the system rests in the key. If the key generation process is weak, the entire system that is designed around it will also be weak. A good example of this can be seen with Wired Equivalency Privacy (WEP), whose use of RC4 and weak key generation led to many of the attacks against this wireless protection system.
Weak key generation might be caused by repeating values. On wireless networks with high volumes of traffic, keys may be reused in just a few hours. This weakness allows an attacker to collect traffic and capture the weak keys in an attempt to derive the shared key and then gain access to the WEP-protected wireless network.
Although key size is important, the randomness of the key is also critical. You may have been asked to create a random key before and not have realized what you were actually doing. For example, many security products begin the process of generating a pseudorandom key by having the user tap random keys on a keyboard, randomly move the mouse, or create random network Ethernet traffic. Such activity is known as entropy. Entropy is a measure of the randomness of data collected by an application or an operating system and used to create a cryptography key.
Having a random key is a good start, but the key must also remain secret. This is no different than thinking of your password as a key. If everyone knows the password to your computer, anyone can access it at any time they please. High-value data requires strong protection, which typically means longer keys that are exchanged more frequently, to protect against attacks.
Cryptographic systems may also make use of a nonce. A nonce is a number used once— that is, as random a number as a cryptosystem can generate. The programs that create these are known as pseudorandom number generators. Such systems use algorithms to generate a sequence of numbers that approximates the properties of random numbers. Pseudorandom numbers are unique and different each time one is generated.
Published on Tue 22 February 2011 by Macy Leftwing in Security with tag(s): cryptography