Cryptography

module = Module(
    code="ELEE1171",
    name="Securing Technologies",
    credits=15,
    module_leader="Seb Blair BEng(H) PGCAP MIET MIHEEM FHEA"
)
Cryptography

Main Goals of Security: CIA


CIA Triad (Information Security)


Confidentiality (C): Ensures that sensitive information is only accessible to authorized individuals, preventing unauthorized access or disclosure.


Integrity (I): Maintains the accuracy and trustworthiness of data by preventing unauthorized modifications.


Availability (A): Guarantees that information and systems are accessible to users when needed, ensuring reliable access.

Cryptography

Quick Definitions

  • Cryptography: the art of secret writing!

  • Encryption: converting information to a format unreadable by unintended recipients. Only intended recipients with the correct key and algorithm can read it and get its true meaning.

  • Hashing: converts data or message into an irreversible string of fixed length.

  • Confidentiality can be achieved using Encryption

  • Data Integrity can be verified using Hashing
Cryptography

Why Do We Need Cryptography?

Cryptography

Steganography

Cryptography > Steganography

Definition:
Steganography is the practice of hiding a message within another medium, so that the very existence of the message is concealed.


Factors Steganography Cryptography
Explanation It's a method to conceal the fact that communication is taking place It's a method for making information unintelligible
Aim Maintain communication security Enable data protection
Key Optional, but increases security when utilized Necessary prerequisite
Data Visibility No Yes
Failure Once hidden information is decoded, the data can be used by anyone You can recover the original message from the ciphertext if you can access the decryption key
Data Structure Does not modify the data's general structure Modifies the overall data structure

Using LSB steganography, encode with lossless PNG or BMP

Cryptography > Steganography

Techniques

  • Secure Cover Selection

    • Involves finding the correct block image to carry malware. Then, hackers compare their chosen image medium with the malware blocks. If an image block matches the malware, the hackers fit it into the carrier image, creating an identical image infected with the malware. This image subsequently passes quickly through threat detection methods.

  • Least Significant Bit

    • Grayscale image pixels are broken into eight bits, and the last bit, the eighth one, is called the Least Significant Bit. Hackers use this bit to embed malicious code because the overall pixel value will be reduced by only one, and the human eye can’t detect the difference in the image. So, no one is even aware that anything is amiss, and that the image is carrying something dangerous within.

  • Palette-Based Technique

    • Hackers embed their message in palette-based images such as GIF files, making it difficult for cybersecurity threat hunters or ethical hackers to detect the attack.
Cryptography > Steganography

Tools [to name a couple]

  • Steghide: is a free tool that uses steganography to conceal information in other files, such as media or text.

  • silenteye: a cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds.

alt="Steghide"



Cryptography > Steganography

Theory



Least signifcant bit, means the least signifcant impact on the original image

Cryptography

Encryption - Substitution Cipher

*Also known as Ceaser Cipher

Cryptography

Ceaser Cipher

Example: Backward shift of 6

Assumption: ?

  • ROTAD
Cryptography

Hashing

Windows

certutil–hashfile <filename>    <md5, sha1, sha256, sha512>    [ENTER]

Linux/macOS

sha256sum   <filename>    [ENTER]

center

The major difference between Hashing and Encryption is that:

  • No keys are used in hashing but only algorithms e.g., MD5
Cryptography

Types of Encryption

Cryptography

Symmetric

  • Same key for encryption
  • Key sharing is a problem
  • Low overhead
  • Fast
  • Sutiable for transmitting bluk data
Cryptography

Asymmetric

  • Uses Public Key Infrastructure (PKI)
  • Both parties have their key pair
  • One key for encryption, another for decryption
  • Solves the problem of key sharing
  • High overhead
  • No need to/and never share your private key
Cryptography

Example Asymetric

Generate Key

$ ssh-keygen -t ed25519 -C "ELEE1171"

Public key

cat ~/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqFxk/iuYfO2GeOx4BTK4Gy0Mhe1g7SQYmQRYnqu3zP ELEE1171

Private Key

cat ~/.ssh/id_ed25519
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCahcZP4rmHzthnjseAUyuBstDIXtYO0kGJkEWJ6rt8zwAAAJDGb9KYxm/S
mAAAAAtzc2gtZWQyNTUxOQAAACCahcZP4rmHzthnjseAUyuBstDIXtYO0kGJkEWJ6rt8zw
AAAED0Oks/Py0THM2cX0k+QqhjzGx4CZ6xXU3UL3vejLTHRJqFxk/iuYfO2GeOx4BTK4Gy
0Mhe1g7SQYmQRYnqu3zPAAAACEVMRUUxMTcxAQIDBAU=
-----END OPENSSH PRIVATE KEY-----
Cryptography

Encryption Algorithms

Algorithm Key Type Key Length (bits) Strengths Common Uses
AES Symmetric 128, 192, 256 Fast, secure, widely used File encryption, TLS, VPNs
DES Symmetric 56 Weak, outdated Legacy encryption
3DES Symmetric 112, 168 More secure than DES but slower Banking, legacy systems
ChaCha20 Symmetric 256 Fast, efficient for mobile/IoT Secure messaging, mobile encryption
Blowfish Symmetric 32-448 Flexible key sizes, strong security File encryption, password hashing
RSA Asymmetric 1024, 2048, 4096 Strong security, widely used SSL/TLS, email encryption
ECDSA Asymmetric 256, 384, 521 Efficient for digital signatures Digital signatures, SSL/TLS
Ed25519 Asymmetric 256 Highly efficient, secure, resistant to quantum attacks SSH, Git, digital signatures
DSA Asymmetric 1024, 2048, 3072 Secure, used in government applications Government applications, digital signatures
Diffie-Hellman Asymmetric Varies Used for secure key exchange Key exchange, secure communication
Cryptography

Digital Signature

  • Digital Signature:
    • Encrypt message hash with private key, and recipient decrypts hash using sender’s public key.
    • This verifies authenticity
Cryptography

Combining Digital Signature With PKI

  • Digital Signature: Encrypt message hash with private key, and recipient decrypts hash using sender’s public key. This verifies authenticity
Cryptography

Digital Certifcates

  • Digital Certificate: A file that contains your public key and other necessary information to verify the validity and authenticity of your public key.

  • Issued by the Certificate Authority (CA)

  • A digital certificate is issued after verification of the website or Organisation.

  • This is the mechanism your browser uses to detect secure websites

Cryptography

Asymmetric vs Symmetric: Which Should I Use?

Cryptography

Asymmetric vs Symmetric: Which Should I Use?

CIA Triad (Information Security)
Confidentiality (C): Ensures that sensitive information is only accessible to authorized individuals, preventing unauthorized access or disclosure.

Integrity (I): Maintains the accuracy and trustworthiness of data by preventing unauthorized modifications.

Availability (A): Guarantees that information and systems are accessible to users when needed, ensuring reliable access.

FSP Triangle (Design Trade-offs)
Functionality (F): Refers to the features and capabilities a system provides to meet user and business requirements.

Security (S): Involves protecting systems and data from threats, often requiring compromises with functionality or performance.

Performance (P): Measures how efficiently a system runs, including speed and responsiveness, which can sometimes conflict with security measures.