Knight Talks Tech

Introduction to cyber security – Week 5, Cryptography

Specialised area of mathematics concerned with protecting information.
Anything that can be represented as 0s and 1s can be encrypted.
Applications for cryptography include:

Terminology

Encryption keys

Key

Ciphers widely available in press and documentation – allows for checking of security and for weaknesses.
Short keys are vulnerable to brute force attacks just as passwords are.

The key distribution problem

Symmetric encryption requires either sender or recipient to create key and send to other party. Key could be intercept and copied during transit.
For each pair of parties wanting to communicate with each other a pair of keys would be required. n(n-1)/2 where n is number of parties.
So, for 10 parties to communicate 45 key pairs would be required.
10(10-1)/2 = (10*9)/2 = 45
Method developed in 1970 of distributing keys without actually sending them.

Asymmetric, or, public key cryptography

Key pair – one public key shared with anyone, one private key kept safe & never distributed.
Cannot determine value of one key from the other.
Private key required to decrypt ciphertext encrypted with public key.
Public key required to decrypt ciphertext encrypted with private key.
Public key can be distributed via email of key chain server.
No initial exchange of secret keys required.
Slower than symmetric encryption.

Why isn’t the internet encrypted?

Encryption and decryption requires certain amount of processing power which comes at a cost.
Some websites do not need encryption such as news sites.

Putting cryptography to use

Collection of cryptographic tools commonly known as Pretty Good Privacy (PGP).
PGP includes algorithms for symmetric and asymmetric cryptography.
OpenPGP – standard to be used by vendors.
Email encryption tools include:

Comparing different cryptographic techniques

DES (Data Encryption Standard)

AES (Advanced Encryption Standard)

Blowfish

Using cryptography to prove identity

Hashing

Digital signatures and certificates

Digital signature uses public key to encrypt the hash.
As the encrypted hash decrypted by public key would only be verifiable if it were encrypted using private key this provides authentication.
Malicious individual could pretend to be sender and make their own key pair and digitally sign document.
Digital certificate – binds public keys to their owners.
Issued by Certificate Authorities (CAs) who validate owners of keys.
Once validate, CAs bind the public key to a digital certificate and digitally sign it with their private key.

Encrypted network connections

Secure Socket Layer (SSL) protocol.
SSL now replaced by Transport Layer Security (TLS) – allows web browsers to securely exchange data.
TLS/SSL

Use of TLS/SSL means user can benefit from confidentiality and integrity.

Exit mobile version