Cornerstone Cryptographic Concepts
- Cryptology – Science of secure communications. Encompasses both cryptography and cryptoanalysis
- Cryptography – Creates messages whose meaning is hidden
- Cryptoanalysis – Science of breaking encrypted messages
- Cipher – A cryptographic algorithm
- Plaintext – unencrypted message
- Encryption – converts plaintext to cyphertext
- Decryption – turns ciphertext back into plaintext
Confidentiality, Integrity, Authentication and Non-repudiation
Cryptography can provide confidentiality, integrity but no Availability. It can provide authentication and non-repudiation.
Confusion, Diffusion, Substitution and Permutation
- Diffusion – means the order of the plaintext should be diffused (or dispersed) in the ciphertext
- Confusion – means that the relationship between the plaintext and cipher text should be as confused (or random) as possible
- Substitution – replaces one character for another; this provides confusion
- Permutation – (transposition) provides diffusion by rearranging the characters of the plaintext, anagram-style.
These methods though historical care still used in combination in modern ciphers such as the advanced Encryption Standard AES.
Good encryption is strong, it should be very difficult to convert ciphertext back to plaintext without the key. The “workfactor” describes how long it will take to break a cryptosystem (decrypt ciphertext without a key). Strong crypto relies on math and not secrecy. Ciphers that have stood the test of time are public algorithms such as 3DES and AES.
Monoalphabetic and Polyalphabetic Ciphers
- Monoalphabetic cipher – uses one alphabet: a specific letter is substituted for another. Susceptible to frequency analysis.
- Polyalphabetic cipher – uses multiple alphabets, a specific letter maybe used in one round and another the next round – addresses frequency analysis
Modular math lies behind much of cryptography: simply put, modular math shows you what remains (the remainder) after division. It is sometimes called clock math because we use it to tell time: assuming 12 hour clock, 6 hours past 9:00pm is 3:00am. In other words, 9:6 is 15, divided 12 leaves remainder 3.
Exclusive Or (XOR)
Combining a key with plaintext via XOR creates a ciphertext. XOR-ing the same key to the ciphertext restores the original plaintext.
Data at rest and Data in motion
Cryptography is able to protect data at rest and data in motion. Full disk encryption can protect data at rest and SSL or IPSEC VPN can protect data in motion.
Describes the process of selecting the right method (cipher) and implementation for the right job, typically at an organization-wide scale. Organizations must understand the requirements of a specific control, select the proper cryptographic solution and ensure factors such as speed, strength, cost, complexity (and others) are properly weighed.