Logical Network Security.

Cryptography
By David.K
Cryptographic services are the foundation for many security implementations, and provide confidentiality and integrity of data, when data might be exposed to untrusted parties.
Understanding the basic functions of cryptography and how encryption and hashing
provide confidentiality and integrity is important to creating a successful security policy.
It is also important to understand the issues that are involved in key management

Cryptology is the science of the making and breaking of secret codes. Cryptology is broken
into two separate disciplines as shown below

Cryptology:


1. Cryptography: Development and Use of Codes
2. Cryptoanalysis: Breaking Codes



All algorithms are vulnerable to brute force. If every possible key is tried, one of the keys has to work. Therefore, no algorithm is unbreakable. The best you can hope for are algorithms that are vulnerable only to brute-force attacks.

Two separate techniques can be used to try to achieve secure communication and they are cryptography, which is the science of encrypting a message and the second technique is called steganography, which pertains to the method used to hide a message. The message is being hidden either within another message or by other means.

Ciphers
A cipher is an algorithm for performing encryption and decryption; they are a series of well-defined steps that you can follow as a procedure. Substitution ciphers simply substitute one letter for another. In their simplest form, substitution ciphers retain the letter frequency of the original message.
They are vulnerable to frequency analysis because it retains the frequency patterns found in the language.
Because of this weakness, polyalphabetic ciphers were invented.

Vigenère Cipher
The Vigenère cipher is a polyalphabetic cipher that encrypts text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution and therefore invulnerable to frequency analysis.

Transposition Cipher and a brute force attack
In transposition ciphers, no letters are replaced, they are simply rearranged, because the letters are just rearranged a brute force attack on it will break it.

Transposition rule:
1st Letter Goes in 3rd Position
2nd Letter Goes in 1st Position
3rd Letter Goes in 2nd Position

Clear Text: CHAMPLAIN
Grouping of 3 Letters: CHA MPL AIN
Applying Substitution: CHA MPL AIN
First set(repeat position for all three sets)
2 to 1 position

1 to 3 position

3 to 2 position


Final Cipher Text: ACHLMPNAI

The Process of Encryption
Encryption is the process of disguising a message in such a way as to hide its original contents, With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message. Decryption reverses Old encryption algorithms, such as the Caesar cipher or the Enigma machine, were based on the secrecy of the algorithm to achieve confidentiality.

With modern technology, where reverse engineering is often simple, public-domain algorithms are often used. With most modern algorithms, successful decryption requires knowledge of the appropriate
cryptographic keys; that is, the security of encryption lies in the secrecy of the keys, not the algorithm.

Modern encryption algorithms
Modern encryption algorithms such as the Triple Data Encryption Standard (3DES) and
the Advanced Encryption Standard (AES) are readily distributed and because we all share the same algorithms so there is no need for protection but rather the protection of the cryptographic keys used with the algorithms.

Encryption Application Examples
IP Security (IPsec)
The IP Security (IPsec) protocols can provide this encryption functionality for all the packets routed over an untrusted network. The encrypting IPsec peer takes a packet with the plaintext payload, encrypts the payload into ciphertext, and forwards the packet to the untrusted network. Its IPsec partner receives the ciphertext payload packet and decrypts the payload into the original plaintext. The two IPsec peers share the same encryption and decryption algorithm and proper keys.

SSL protocol
The SSL protocol provides an encrypted channel on top of an existing TCP session. For example, HTTPS provides, among other services, confidentiality of the session between a web browser and a web server, using symmetric cryptography.

Both IPsec and SSL are used to set up a VPN.
An IPsec VPN is application independent, and requires a specialized IP stack on the end system or in the packet path that includes IPsec.

An SSL-based VPN supports only web-based applications, but the SSL software is
included with all Internet browsers.

Layer 2 encryption or data-link encryption.
In contrast to IPsec and SSL, Layer 2 encryption, also known as data-link encryption, encrypts
the whole frame, including the physical address fields located in the header of the
frame, and therefore can be used only on point-to-point links where no network switching
or routing equipment is required for path decision.


Cryptanalysis
Cryptanalysis is the practice of breaking codes to obtain the meaning of encrypted data.
An attacker who tries to break an algorithm or encrypted ciphertext might use one of the following attacks:

1. Brute-force attack
2. Ciphertext-only attack
3. Known-plaintext (the usual brute-force) attack
4. Chosen-plaintext attack
5. Chosen-ciphertext attack
6. Birthday attack
7. Meet-in-the-middle attack

Brute-Force Attack
In a brute-force attack, an attacker tries every possible key with the decryption algorithm, knowing that eventually one of them will work. All encryption algorithms are vulnerable to this attack. On average, a brute-force attack will succeed about 50 percent of the way through the keyspace. The objective of modern cryptographers is to have a sufficiently large keyspace so that it takes too much money and too much time to accomplish a bruteforce attack.


Ciphertext-Only Attack
In a ciphertext-only attack, the attacker has the ciphertext of several messages, all of which have been encrypted using the same encryption algorithm, but the attacker has no knowledge of the underlying plaintext. The job of the attacker is to recover the ciphertext of as many messages as possible, or better yet, to deduce the key or keys used to encrypt the messages so as to decrypt other messages encrypted with the same keys. The attacker could use statistical analysis to achieve the result. Those attacks are no longer practical today because modern algorithms produce pseudorandom output that is resistant to statistical
analysis.

Known-Plaintext Attack
In a known-plaintext attack, the attacker has access to the ciphertext of several messages, but also knows something about the plaintext underlying that ciphertext. With knowledge of the underlying protocol, file type, and some characteristic strings that might appear in the plaintext, the attacker uses a brute-force attack to try keys until decryption with the correct key produces a meaningful result. This attack may be the most practical attack, because attackers can usually assume the type and some features of the underlying plaintext, if they can only capture ciphertext. However, modern algorithms with enormous keyspaces make it unlikely for this attack to succeed, because on average an attacker would have to search through at least half of the keyspace to be successful.


Chosen-Plaintext Attack
In a chosen-plaintext attack, the attacker chooses what data the encryption device encrypts and observes the ciphertext output. A chosen-plaintext attack is more powerful than a known-plaintext attack because the attacker gets to choose the plaintext blocks to encrypt, allowing the attacker to choose plaintext that might yield more information about the key. This attack might not be very practical, because it is often difficult or impossible to capture both the ciphertext and plaintext, unless the trusted network has been broken into, and the attacker already has access to confidential information.

Chosen-Ciphertext Attack
In a chosen-ciphertext attack, the attacker can choose different ciphertexts to be decrypted and has access to the decrypted plaintext. With the pair, the attacker can search through the keyspace and determine which key decrypts the chosen ciphertext in the captured plaintext. For example, the attacker has access to a tamperproof encryption device with an embedded key. His job is to deduce the embedded key by sending data through the box. This attack is analogous to the chosen-plaintext attack. This attack might not be very practical, because it is often difficult or impossible to capture both the ciphertext and plaintext, unless the trusted network has been broken into, and the attacker already has access to confidential information.

Birthday Attack
The birthday attack gets its name from the amazing statistical probability involved in two individuals having the same birthday. According to statisticians, the probability that 2 people in a group of 23 people share the same birthday is greater than 50 percent.
This particular attack is a form of brute-force attack against hash functions. If some function, when supplied with a random input, returns one of k equally likely values, then by repeating the function with different inputs, the same output is expected after 1.2k1/2 number
of times.

Note: To test the birthday theory, input 365 in the place of k.

Meet-in-the-Middle
The meet-in-the-middle attack is a known-plaintext attack. Do not confuse this with the man-in-the-middle attack, which is discussed later. In a meet-in-the-middle attack, the attacker knows a portion of the plaintext and the corresponding ciphertext. The plaintext is encrypted with every possible key, and the results are stored. The ciphertext is then decrypted using every key until one of the results matches one of the stored values.

Encryption Algorithm Features
The following are features that a good encryption algorithm provides:
Resists cryptographic attacks
Supports variable and long key lengths and scalability
Creates an avalanche effect
Does not have export or import restrictions

A good cryptographic algorithm is designed in such a way that it resists common cryptographic attacks. The best way to break data protected by the algorithm is to try to decrypt the data using all the possible keys. The amount of time that such an attack needs depends on the number of possible keys, but is generally very, very long. With appropriately long keys, such attacks are usually considered unfeasible.

Variable-key lengths and scalability are also desirable attributes of a good encryption algorithm.
The longer the encryption key, the longer it takes an attacker to break it. For example, a 16-bit key would mean that there are 65,536 possible keys, but a 56-bit key would mean there are 7.2 x 1016 possible keys. Scalability provides flexible key length and allows you to select the strength and speed of encryption that you need.
When changing only a few bits of the plaintext message causes its ciphertext to change completely, this is known as an avalanche effect. The avalanche effect is a desired feature of an encryption algorithm because it allows very similar messages to be sent over an untrusted medium, with the encrypted (ciphertext) messages being completely different.