Cryptography Terminology
1 Cryptography Terminology
1.1 Asymmetric algorithm
It is an algorithm in which different keys are used for encryption and decryption, such as RSA.
- Solves many long standing problems like how to exchange the secret keys for confidentiality in the first place. It’s also used for authentication.
- It has long key lengths of 512 to 2048.
- To create the key pair, you will first create a private key and then generate the public key from the private key. Please note a private key cannot be generated from a public key.
- Something encrypted with the private key can only be decrypted with the public key and something encrypted with the public key can only be decrypted with the private key.
- If you want to send something I can read, you will sent the message encrypted with my public key.
1.2 Symmetric algorithm
It is an algorithm in which the same key is used for encryption and decryption such as AES, DES, 3DES and Blowfish.
Advantages:
- Easy
- Secure
- Quickly encrypt bulk data.
1.2.1 DES
- Key Length: 56bit
- The algorithm is very good, the key length isn’t and so DES is recommended.
1.2.2 3DES
- Encrypt with key1
- Decrypt with key2
- Encrypt with key3
1.2.3 AES
AES - Advanced Encryption Standard is recommended. It has AES 128/192/256 variants.
1.3 Key Space/Key Length
An algorithm’s key space is the set of all possible values.
N-bit keys produce 2n key space size.
1.4 Diffie–Hellman key exchange
Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
DH has following variants:
- DH1 - 768 bits
- DH2 - 1024 bits
- DH3 - 1536 bits
Reference:
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
1.4.1 Theory Concept
Diffie–Hellman key exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network. The conceptual diagram to the right illustrates the general idea of the key exchange by using colors instead of very large numbers.
The process begins by having the two parties, Alice and Bob, agree on an arbitrary starting color that does not need to be kept secret (but should be different every time[3]); in this example, the color is yellow. Each of them also selects a secret color that they keep to themselves – in this case, red and blue-green. The crucial part of the process is that Alice and Bob each mix their own secret color together with their mutually shared color, resulting in orange-tan and light-blue mixtures respectively, and then publicly exchange the two mixed colors. Finally, each of the two mixes the color they received from the partner with their own private color. The result is a final color mixture (yellow-brown in this case) that is identical to the partner's final color mixture.
If a third party listened to the exchange, it would only know the common color (yellow) and the first mixed colors (orange-tan and light-blue), but it would be computationally difficult for this party to determine the final secret color (yellow-brown). In fact, when using large numbers rather than colors, this action is computationally expensive: It is impossible to do in a reasonable amount of time even for modern supercomputers.
1.5 Integrity
- Ensure that data has not been tampered
- Use Hash algorithm, also known as trap-door or message digest. It is one way, not reversible algorithm, which convert arbitrary text in a fixed length hash. If the text change a bit, the hash will change totally.
- MD5 or SHA (more secure)
Integration options:
- MD5: 128 bits
- SHA-1: 160 bits
- SHA-2: 256/512bits (Recommanded)
- SHA-3: Scheduled for 2012
Reference:
1.5.1 Procedure
The sender (Bob)encrypt the clear text with AES and hash the encrypted data with SHA and HMAC, which prevents the hacker from intercepting the message.
The receiver receives the encrypted data and compares own hash (generated with the shared key) with the received hash, if valid, she can go on with decryption.
1.5.2 Hash Message Authentication Code (HMAC)
1.6 Authentication
Knowing that data received is the same data that was sent (Integrity, which has been talked about in the previous section).
Knowing that the claimed sender is in fact the actual sender. This includes:
- Initial authentication
- You should also validate that the source has not been replaced by an attacking host in the course of the conversation (session hijacking).
- Pre shared Key (PSK)
A secret key value is entered into each peer manually and is used to authenticate the peer.
- RSA Signatures
Encrypt the hash with a private key.
1.6.1 PSK
The sender (Peter)’s step:
The receiver (Sarah)’s step:
1.6.2 Digital Signature (RSA Signature)
The sender (Peter)’s step:
The receiver (Sarah)’s step:
1.6.2.1 CA (Certificate of Authority)
Peter send his public key together with his information to CA.
CA verify and hash the information Peter sent. CA encrypts the hash with its private key and as a result, a signature is generated. CA puts the public key, Peter’s information and signature into the certificate and sends it back to Peter.
