CSOL 510: Applied Cryptography, Spring 2019
Introduction
​
Cryptography and cryptographic systems are essential security tools used to enforce authentication, confidentiality, integrity, and other policies. During this course, we covered fundamental aspects of cryptography and cryptographic systems, but the focus was on how cryptography can be applied to solve practical security problems.
Topics included stream ciphers, block ciphers, and one-way hashing; message integrity; symmetric and asymmetric encryption; key exchange techniques; public key protocols; key and certificate generation and management; assessing the strength of cryptographic implementations; various types of attacks on cryptographic systems and effectiveness.
I took this "CSOL 510: Applied Cryptography" class during Spring of 2019. My professor was Josh Gopen, and the book we used was Ferguson, N., Schneier, B. & Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Hoboken, NJ: John Wiley & Sons. 2010.
​
In the following, I have commented on some of the topics we studied: Introduction to Cryptography (Block Ciphers); Hash Functions, Message Authentication Codes, and Secure Channels; Key Distribution Protocols [Diffie-Hellman, Rivest, Shamir, Adelman (RSA)]; Key Management (Kerberos); and Public Key Infrastructure
​
Introduction to Cryptography (Block Ciphers)
​
Introduction
According to Ferguson, N., Schneier, B. & Kohno, T., cryptography is the art and science of encryption, but this definition has evolved and expanded to include authentication, digital signatures, and other security functions (2010). Encryption is a function in which content is transformed from its true value called plain-text to a different value called cipher-text that can only be retrieved using an operation called decryption via a secret key.
As an example, I'm Victor, and I decide to send an email to a friend. Now I can decide to send the email without using encryption, which is what we have been doing for quite a long time now. If someone captures that message somehow, he will be able to read it with no problem. That is not good unless you do not care about confidentiality that you are okay for anyone to read what was intended to be a private communication.
But you can also decide to encrypt it so that the content looks like garbage, unreadable to anyone who captures it. To do so, you need to use your friend's public key. And this is where things become interesting. The friend upon receiving the email will now use his secret key to decrypt the content. Even though the story does not all stop here, in summary, this is what encryption is all about.
​
Block Ciphers
To encrypt a plain-text, we need a key, and depending on the method chosen, the person sending may need two keys, a private key, and a public key. The sender and receivers should make their public keys available to anyone. The following is an example of a webserver where PGP public keys can be published and retrieved: http://pgp.key-server.io/. They may even decide to share it via email as plain-text, but each must keep their respective private key secret. The sender will use the recipient public key to encrypt the content he is planning to send, and upon receiving, the recipient will use his secret key to decrypt.
To make all this possible, encryption in its elementary form uses block ciphers, which are blocks of some size in bits. Blocks in actual evolution of cryptography, are of 128 bits in size or more. Regardless of the chosen size, the block of x size plain-text will generate a block of x size cipher-text. For example, the block ciphers encrypt a 128-bit plain-text and generate a 128-bit cipher-text as a result.
​
So, a long message is divided into a series of sequential messages depending on the mode chosen, and the cipher operates on these blocks one at the time. I can site the following modes: Electronic Code Book (ECB) Mode which is deterministic, meaning if a given plaintext is encrypted twice with the same key, the cipher-text (output) blocks will be the same; the next is the Cipher Block Chaining (CBC) Mode. This is mode is not deterministic; the Cipher Feedback (CFB) Mode; the Output Feedback (OFB) Mode, and Counter (CTR) Mode.
​
Reference Library
​
-
Book: Ferguson, N., Schneier, B. & Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Hoboken, NJ: John Wiley & Sons. 2010.
​
​
Hash Functions
​
Definition
A hash function is a mathematical operation to convert a numerical input value of a varied length to produce a numerical value of a fixed length.
Applications:
​
Password storage
Hash functions are appropriate when storing passwords. One may wonder how passwords are stored in a computer system to ensure security if the computer is ever stolen? The use of hash is the response. Passwords are not saved in the system as entered. Instead, hash value or message digest of that password is saved. When a user is entering a system using his password, the system produces on the fly the corresponding hash value of the password and compares it to the hash value already stored in the system. If it is a match, access to the system is given, if not it is blocked
​
Data Integrity
Hashing of data provides data integrity; this process ensures data was not tempered by anyone during any cycle of the data, be it in transit or storage. The integrity will help users to detect if data has been modified or not.
Type of hashing functions:
​
Message Digest (MD)
​
The MD has evolved with MD2, MD4, MD5, and MD6 and it were adopted as internet standard RFC 1321 with a size of 128-bit hash function. But in the wake of collision detected in 2004 where an analytical attack was successful after only an hour using computer cluster, this hashing method has ceased to be used, pretty much.
Secure Hash Function (SHA)
SHA is widely used and has evolved with SHA-0, SHA-1, SHA-2, and SHA-3. SHA-0 was 160-bit, which was supplanted with SHA-1 in 1995 due to some weakness reported. It is widely used, but more applications now use a strong version, the SHA-2, which flavors with SHA-224, SHA-256, SHA-384, and SHA-412 depending on the size of the bit of the hash value.
​
RIPEMD
The RIPEMD for RACE Integrity Primitives Evaluation Message Digest is generally known as European hash function. It includes RIPEMD, RIPEMD-128, and RIPEMD-160.
​
Whirpool
It is a 512-bit hash function and drove from Advanced Encryption Standard (AES). It includes WHIRLPOOL-0, WHIRLPOOL-T, and WHIRLPOOL.
​
​
Message Authentication Codes and Secure Channels
​
Data integrity can be addressed with the use of hashing function, but this does not resolve the issue of knowing the originator of data. This threat needs to be dealt with to avoid falling into the hacker's trap. This is where Message Authentication Code (MAC) comes into play. It relies on encryption with the use of a symmetric key. In its application, the sender and receiver share a symmetric key. MAC is an encrypted checksum derived on the underlying message that is sent along with a message to ensure message authentication.
In the process, a sender combines a message M with a Key, K using some public known MAC algorithm to produce a MAC value. The process, as in hash compresses an input of varying lengths to produce a fixed length. So, here MAC uses secret key during compression while hash does not. The message and the MAC value are then forwarded to the receiver, who, in his turn will recompute the MAC value using the shared key and then compare. The receiver will know if the message is genuine if the MAC is the same as the original for that Message M. Because, Message Authentication Code (MAC) provides data integrity and authentication, hashing may not be needed if an application support MAC already.
We referred to the secure conduit of exchanging information between two parties, the initiator and the responder, to be called "secure channel." SSL/TLS, IPsec, and SSH are all examples of secure channels. Any time we move data from point A to point B, the conduit is a secure channel. And there is always someone who can read all communications between those two points. The individual can insert, delete, or modify data being transmitted. To implement a secure channel, we need a shared secret, a key that is known only to both parties involved in the communication.
Reference Library
-
Book: Ferguson, N., Schneier, B. & Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Hoboken, NJ: John Wiley & Sons. 2010.
​
Key Distribution Protocols [Diffie-Hellman, Rivest, Shamir, Adelman (RSA)]
​
In a secure channel, as discussed above, we talked about sharing a secret key between parties involved in the communication. While this may sound easy, the reality is all something else. Sharing a secret key for example, with one person can be fast done; to two other persons still manageable, but how about 10, 20, or 30 people? You will realize, quickly, how impractical it becomes. Exchanging keys between 10 friends, for example, will take 45 keys, 50 people communicating securely to each other will need, 1225 keys, and with N friends, it will take N(N-1)/2 keys. As w can see, the situation becomes difficult or impossible to come around, and this is where Key Distribution Protocols were introduced to come to the rescue, with this, Public-key cryptographic was born. Some of them we will note include:
(a).Diffie-Hellman (DH)
Whitfield Diffie and Martin Hellman, commonly called Diffie-Hellman, DH with their article published in 1973 about "New Directions Cryptography" As Ferguson, Schneier, Kohno (2010) put it nicely" It turns out that two people communicating over an insecure line can agree on a secret key in such a way that both of them end up with the same key, without divulging it to someone who is listening in on their conversation" (page 182).
The mechanic of DH involves some mathematical operations with primes numbers, exponent, and modulo. I will not go into details over this as a lot of books talk about it will more explanation. Unfortunately, DH is not that good in the protection against man-in-middle attack as the initiator does not know for sure to communicate with the right responder and vice versa. In other words, Alice thinks she is communicating with Bob, but a rude person, Eve, can hijack this conversation by inserting herself in the middle. Eve will sit there and forwarding the communication to both Alice and Bob, and these two individuals have no knowledge that someone in the middle is doing all work, this is the man-in-the-middle attack.
I a nutshell, the Diffie-Hellman algorithm is a method of generating shared secret keys between two people in a way that cannot be seen by observing the communication exchange and based on one-way function.
(b). Rivest, Shamir, Adelman (RSA)
RSA is another cryptosystem widely used and well known, best than DH. It can be used both for digital signatures and public-key encryption. RSA cryptosystem takes advantage of the difficulty of factoring large numbers. RSA is a one-way trapdoor function that was invented by Ronald Rivest, Adi Shamir, and Leonard Adleman, and was first published in 1978. RSA is also about how to send an encyrpted message to someone without sharing a key previously with that individual. Since RSA is based on public-key encryption mechanism, it is also known as asymmetric encryption since two keys are involved, a public key that is shared public so people can send you encrypted messages and a private key which to use to decrypt messages and kept secret.
RSA, in general, is used in combination with other encryption mechanisms. One of the reasons is because it is less efficient and resource-intensive compared to symmetric-key encryption such as Blowfish, AES, RC4, DES, RC5, and RC6. RSA can be implemented in OpenSSL, in TLS, and VPN. Most of the time, it is not used to encrypt a file or entire messages in which a symmetric-key is used; instead RSA will be used to encrypt the symmetric key.
Reference Library
-
Book: Ferguson, N., Schneier, B. & Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Hoboken, NJ: John Wiley & Sons. 2010.
Key Management (Kerberos)
​
Kerberos is a key management system meant to provide security and authentication and to enable single sign-on across all resources or services instead of having to use different passwords for each resource.
In practice, Kerberos is an authentication protocol for client/server applications. Its uses enable us to reach Security and Authentication goals. It works based on symmetric key encryption. The Kerberos involves three entities: The client who is looking access to service, service, or resource, which is the service the user tries to access, and a 3rd party entity that is trusted by both the client and the service, called KDC for Key Distribution Center. The KDC, at least, has two main services running in there: The Authentication server, or AS, and the Ticket Granting Server or TGS. According to hack2secure, “KDC maintains a database that includes account information of entire security principals in its empire (2018). Here how it works”:
I suppose a client is looking to access a file server to retrieve some documents. With Kerberos in place, the client must first verify with a 3rd party entity called key distribution Center, KDC, before he is allowed access to resources. Here are the steps:
(a). The client sends a request to the AS, like a user ID, with some extra info such as "I need a ticket to access the file server." This request is partially encrypted with a secret key: the client password. But the password is not sent across the network; instead an encrypted secret key generated when initiating the request is sent.
(b). When the AS receives the request, it attempts to retrieve the password in the database based on the user ID received. After the AS retrieve the password, it uses it to decrypt the request sent over by the client. Note that the AS and the client both use a shared secret key (The first Key1, also known as a long-term key). This key is an encrypted password that was initially entered by the client during account creation. After this step, the user is fully verified. But still, the user has not been allowed access to the file server yet, his ultimate goal.
(c). After user verification by the AS is complete, the AS issues a ticket called Ticket Granting Ticket (TGT) and sends it to the client. This Ticket is also encrypted with another secret key (the second shared key2).
(d). After the client receives the encrypted ticket (the TGT), he sends it to the TGS along with his request of access permission to access the file server or something like that.
(e). When the TGS received the TGT, it decrypts it with the shared secret; this key is shared between the AS and the TGT only (the second shared key2). After successful decryption, the TGS issues a Token (also known as Session Ticket) to the client. This token is encrypted using a secret key (the 3rd key, key3) that is shared with the file server.
(f). After the client receives the encrypted token from the TGS, he sends it to the file server.
(g). After the file server receives the token, its decrypts it is using the shared secret key, key3 (the same key used by the TGS to encrypt the token sent to the user)
(h). After the file server successfully decrypts the token, it allows the client to access and or use resources based on the limitations provided in the token. .
​
​
Reference Library
​
​
​
Public Key Infrastructure
Root CA
PKI for Public Key Infrastructure is a mechanism used to distribute keys. In simple terms and this is according to Ferguson, N & al, PKI is an infrastructure that allows users to recognize which public key belongs to whom (2010, p.275). It can be thought as containing two critical parts: a public and a private key. This duality means PKI keys to use asymmetric encryption algorithm to ensure that the encryption only works one way. Some implementation deploys Enterprise PKI architecture based on Hierarchical PKI Architecture.
In such implementation, all CAs share a trust relationship among them, which are connected in a superior-subordinate relationship. In this hierarchy (Choudhury & al) “the CA is an inverted tree-like structure having root at the top, referred to as root CA. In turn, the root CA contains branches or nodes. These nodes are referred to as subordinate to the root CA. The mechanism, in this case, is that the root CA will only issue certificates to the subordinate CAs, not to the users. However, a subordinate can issue certificate both to users and other subordinate CAs at lower level” (Choudhury & al. p.44).
Certificates Management
In some cases, the PKI is based on a Windows server machine in an active directory setup. Therefore, it uses Enterprise CA, with the main server being the Root CA. A second server will be installed to serve as the subordinate CA with the role of issuing certificates to end devices or users. This main server runs a service to deal with certificate revocation list. One can choose to use the Online Certificate Status Protocol (OCSP), which is an Internet protocol used to obtain the revocation status of an X.509 digital certificate. This is a better alternative to certificate revocation list (CRL) to address certain issues when using CRLs in public key infrastructure.
Risks
Implementing an Enterprise CA using a hierarchy model can carry some risk. The major one in this hierarchical CA architecture is the danger of a single point of trust, the root CA (Choudhury & al. p.46). This latter controls the complete hierarchical PKI architecture. The second danger is that If a key got compromised at the root CA level; all certificates need to be revoked, this is the reason to chose to use subordinate CA to issue certificates to all end devices and the Root CA will only issue a certificate to subordinate CA with specific roles to accomplish. These roles can include:
Ensures the identity of a remote computer
Proves identity to a remote computer
Protects e-mail messages
Ensures software came from the software publisher
Protects software from alteration after publication
Allows data to be signed with the current time
All issuance policies
The above roles can be retrieved from a browser by clicking on the key padlock
Reference Library
-
Book: Ferguson, N., Schneier, B. & Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Hoboken, NJ: John Wiley & Sons. 2010.
-
Choudhury, S., Bhatnagar, K., Haque, W., NIIT (n.d). Public Key Infrastructure, Implementation and Design, p.44, p.46
Reflection
​
Going through the CSOL-510 Applied Cryptography class has proved to be the most consequential learning experience in cybersecurity. The reason is due to the way its application plays a big role in providing security to our everyday communication.
There is no way we can enforce confidentiality; a cornerstone in information security without the use of encryption; hashing, or MAC authentication will play another vital role in authentication and data integrity.
These are important requirement steps in handling information in an insecure channel such as Internet. With no cryptography, no one will be buying stuff online as information will be exchanged with no security, and no one would want that. With no cryptography, establishing a secure tunnel by remote users to their corporate network, and work remotely using Virtual Private Network, VPN will be impossible.
I remember four or five years ago, people were building websites with most of them being used with no need of security, and the use of http was enough while https was reserved to pages that were handling personal or sensitive data. Today, this whole concept has reversed. Increasingly now, websites across the board use https. This is important as it is easy to locate the true identity of the site and reduce the chance of malware and all other harmful content. With the use of https, credibility is increased.
I predict, in the short term, an increase in the use of cryptography in areas we thought less. People, for example, connect to an insecure wireless network at airports, coffee shops or hotels. This definitely presents a big risk that people are just getting to be aware of now.
I bet people will now start establishing a VPN session to their homes or third party VPN service soon after joining a wifi connection. And with the selection of a full tunnel instead of a split tunnel, all internet traffic emanating from the device will be through the VPN device to ensure confidentiality and integrity.