Overview of Cryptography

Cryptography is a field as old as humankind. The first recorded cryptographic efforts occurred 4,000 years ago. These early cryptographic efforts included translating messages from one language into another or substituting characters. Examples of cryptography date back to the earliest writings of man. You will not be tested on this in the Security+ exam; it is included primarily for background information purposes.

The following sections briefly discuss three categories of cryptography: physical, mathematical, and quantum.

Physical Cryptography

Physical cryptography includes several different types of approaches. The more common methods involve transposition or substitution of characters or words. Physical methods also include a method of encryption called steganography, which is the science of hiding information within other information, such as a picture.

In general, physical cryptography refers to any method that does not alter the value using a mathematical process.

Three primary types of cryptography or ciphering methods are discussed in this section. A cipher is a method used to encode characters to hide their value. Ciphering is the process of using a cipher to encode a message. The hybrid model uses one or more methods to accomplish encryption. This section discusses these methods.

Substitution Ciphers

A substitution cipher is a type of coding or ciphering system that changes one character or symbol into another. The process of doing this conversion is referred to as ciphering. Character substitution can be a relatively easy method of encrypting information. Substitution codes substitute one character for another in the message. You may see this method used in a childhood toy such as a decoder ring. For example, let's say you had the following message:

"You can do this easily if you put your mind to it."

And the encrypted message read:

"You can do qhis zasily if you puq your mind to iq."

Notice in the example that every instance of z is substituted for e, and that every instance of q is substituted for t. This code, while simple, may prevent someone from understanding the message for a short period of time.

This type of coding creates two potential problems. First, the system is not highly secure, and second, how do you know if the q is not really a q? Nevertheless, simple codes have used this method since time immemorial.

Transposition Ciphers

A transposition code involves transposing or scrambling the letters in a certain manner. Typically, the message is broken into blocks of equal size, and each block is then scrambled. In the example shown in Figure 7.1, the characters are transposed by changing the order of the group. In this case, the letters are rotated three places in the message. This example is very simple, and it would not be hard to break. You could change the way Block 1 is transposed from Block 2 and make it a little more difficult, but it would still be relatively easy to decrypt.

Figure 7.1: A simple transposition code in action

Steganography

Steganography is the process of hiding one message in another. This hopefully prevents the real message from being detected by analysts. You could encode your message in another file or message and use that file to hide your message. This type of encryption can be somewhat harder to detect, but it is still very breakable. Notice the following message:

"Meet the mini me that ate later."
The real message is every third word:
"Meet me later."

Hybrid Systems

By combining two or more of these methods of physical cryptography, you can make a pretty good cipher system. These types of systems are widely used, and they are difficult to break using manual methods.

Many systems, such as the Enigma machine used during WWII to encode messages between the German command and their U-boats, used a combination of substitution and transposition to make a very sophisticated system.

Mathematical Cryptography

Mathematical cryptography deals with the issues associated with using mathematical processes on the characters or message. The most common is a function called hashing. Hashing refers to process of performing a calculation on a message and converting it into a numeric hash value. The hash value of the example in Figure 7.2 is computed by multiplying each character by 2, adding those calculations together, and then dividing the sum by 10.

Figure 7.2: A very simple hashing process

As you can see, this hash value is just a single number. The hash value cannot be used to derive the meaning of the message. This number can be transmitted with the message to the receiver. The receiving end can use the same hash function to determine that the message is authentic. If the hash value is different, the message has been altered in some way. This process is also known as performing a checksum.

As you can probably imagine, calculating all of the numbers in a larger, more complicated message by hand would be a very cumbersome and time- consuming process. Computers make hashing a very fast process.

This type of hashing process is called a one-way process. There is no way to reverse the hash and turn the number back into the original message. This method of hashing is used to verify message authenticity, and it may be used in conjunction with one of the other encryption methods previously defined. It is important to note that a one-way hash cannot be used to decrypt a message that is used primarily for authenticity verification. Nevertheless, it is considered an encryption process. It is used primarily to verify the integrity of the message.

Many password-generation systems are based on a hashing approach. These hashes are one-way in nature. You cannot take the hash value and reverse it to guess the password. In theory, this makes it harder to guess or decrypt a password. This is a good place to introduce you to the mathematics of strong passwords.

Passwords should be as long and as complicated as possible. Most security experts believe a password of 10 characters is the minimum that should be used if security is a real concern. If you use only the lowercase letters of the alphabet, you will have 26 characters with which to work. If you add the numeric values of zero through nine, you will get another 10 characters. If you go one step further and add the uppercase letters, you will then have an additional 26 characters to use, giving you the total number of letters and numbers of 62 characters with which to construct a password.

If you used a four-character password, this would be 62 ´ 62 ´ 62 ´ 62, or approximately 14 million password possibilities. If you used five characters in your password, this would give you 62 to the 5th power, or approximately 92 million password possibilities. If you used a 10-character password, this would give you 64 to the 10th power, or 8.3 ´ 10⁶ (a very big number). The four-digit password could probably be broken in a day, while the 10-digit password would take a millennium to break. As you can see, these numbers increase exponentially with each position added to the password.

If your password only used the 26 characters for password creation, the four-digit password above would be 26 to the 4th power, or 456,000 password combinations. A five-character password would be 26 to the 5th power or 11 million, a 10-character password would be 26 to the 5th power, or 1.4 ´ 10¹⁵. While still a big number, it would take only half a millennium to break it.

It should be pointed out that mathematical methods of encryption are primarily used in conjunction with other encryption methods as part of authenticity verification. The message and the hashed value of the message can be encrypted using other processes. In this way, you would know that the message is secure and has not been altered.

Quantum Cryptography

Quantum cryptography is a relatively new method of encryption. Prior to 2002, its application was limited to laboratory work and possibly to some secret governmental applications. This method is based upon the characteristics of the very smallest particles known. It may now be possible to create unbreakable ciphers using quantum methods.

The process depends on a scientific model called the Heisenberg Uncertainty Principle for security. Part of the Heisenberg Uncertainty Principle basically states that in the process of measuring the results, the results are changed. The early works of Heisenberg were published in 1926, and they have been greatly debated by physicists ever since.

Imagine you have a bowl of water and you want to measure the temperature of the water. When you put a thermometer into the water, you change the temperature of the water because of the thermometer. The thermometer makes the temperature rise or drop slightly. This alters the temperature of the water. In short, the act of measuring the water temperature changes the water temperature, making it impossible to know the true temperature of the water before you measured it.

In quantum cryptography, the message is sent using a series of photons. If the receiver knows the sequence and polarity of the photons, they can decode the message. Otherwise, the photons look like random noise. If someone intercepts the photons, some of the photon positions will change polarity, and the message will be altered. This will inform the receiver that someone is listening in on the message. The sender, when informed of this, can change the pattern and resend the message with a new photon position key. Intercepting the data alters the data and ruins the message. Figure 7.3 demonstrates this concept. In this example, each photon is polarized in one of several directions. The process of intercepting these photons will alter the polarity of some of the photons and will make the message unreadable. This will alert the receiver that an interception activity is occurring.

Figure 7.3: Quantum cryptography being used to encrypt a message

As you can see in this example, the message has been altered as a result of the interception. Each bar in the message is a part of the message. The interception changes the polarity of some of the photons (represented by the bars) making the message unreadable.

Quantum cryptography has become a solution available for private users, although it is very expensive and has a limited range. It will be interesting to see what the future hold for this technology.

The Myth of Unbreakable Codes

If time has taught us anything, it has taught us that people frequently do things that other people thought were impossible. Every time a new code or process is invented, someone else comes up with a method of breaking it.

Common methods of code breaking include frequency analysis, algorithm errors, brute force attacks, human error, and social engineering:

Frequency Analysis Frequency analysis involves looking at blocks of an encrypted message to determine if any common patterns exist. Initially, the analyst does not try to break the code, but looks at the patterns in the message. In the English language, the letters E and T are very common. Words like the, and, that, it, and is are very common. A determined cryptanalyst looks for these types of patterns and, over time, might be able to deduce the method used to encrypt the data. This process can sometimes be very simple, or it might take a lot of effort.

Algorithm Errors An algorithm is a method or set of instructions used to perform a task or instruction. In computers, algorithms are implemented in programs to perform repetitive operations. Sometimes complex algorithms produce unpredictable results; when discovered, these results can cause the entire encryption algorithm to be compromised. Cryptographic systems may have fundamental flaws in the way they are designed. An error or flaw in either the design or the implementation of the steps can create a weakness in the entire coding system. This weakness may leave a coding system open to decryption regardless of the complexity of the algorithm or steps used to process the codes.

Cipher systems have also been known to have trapdoors installed for government investigation purposes.

Brute Force Attacks Brute force attacks can be accomplished by applying every possible combination of characters that could be the key. If for example, you know that the key is three characters long, you know that there are a finite number of possibilities that the key could be. Although it may take a long time to find the key, the key can be found.

Human Error Human error is one of the major causes of encryption vulnerabilities. If an e-mail is sent using an encryption scheme, someone else may send it in the clear (unencrypted). If a cryptanalyst gets hold of both messages, the process of decoding future messages may get considerably easier. A code key might wind up in the wrong hands, giving insights into what the key consists of. Many systems have been broken as a result of these types of accidents.

A classic example of this involved the transmission of a sensitive military-related message using an encryption system. Most messages have a preamble that informs the receiver who the message is for, who sent it, how many characters are in the message, the date and time it was sent, and other pertinent information. This information was also encrypted and put into the message. As a result, the cryptanalysts gained a key insight into the message contents. They were given approximately 50 characters that were repeated in the message in code. This error caused a relatively secure system to be compromised.

Real World Scenario: We're All Human, or Mr. Key's Wild Ride

A courier, who was responsible for carrying weekly encryption keys, took commercial flights that caused him to arrive at his destination early on Friday evenings. The courier was responsible for hand-carrying these encryption key units and getting a signature from an authorized signatory at the remote facility. Unfortunately, his flight frequently arrived late at its destination. When this happened, the courier was forced to spend the night in the remote location. On Saturday morning, the courier would go to the facility and hand the key units to the appropriate person. This process had been going on for several years. The courier often kept the key units in the trunk of his rental car overnight. Unfortunately, one night his car was stolen from the hotel parking lot, and the key units were in the trunk. Luckily, the car was recovered later in the morning, and the trunk had not been opened. This security breach caused the courier to lose his job, and the entire cryptographic system had to have new keys issued worldwide as a result.

As you can see, even if you are extra cautious, sometimes even the safest code is not safe. Murphy's Law says human error will also creep into the most secure security systems.

Social Engineering This situation could be the result of an error, or it could be caused by personal motivations such as greed. Money and political beliefs are two powerful motives. People can be bribed to give information away. If someone gives the keys away, you would not necessarily know that this has occurred. An attacker could then use the keys to decrypt the messages.

Breached security is worse than having no security. If you have no security, you might be inclined to use discretion in what you say and send. If you assume you are in a secure environment, you will do whatever you normally do and potentially disclose a great deal of secret information that you would otherwise not share.

Social engineering can have a huge damaging effect on a security system, as the above note illustrates.