Monday, 21 September 2015

A brief guide to cryptosystems

Cryptosystem Functions


  • Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
  • Authentication: The process of proving one's identity.
  • Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
  • Non-repudiation: A mechanism to prove that the sender really sent this message.
  • Key exchange: The method by which crypto keys are shared between sender and receiver.


Cryptosystem Algorithms


Each cryptosystem defines three algorithms:
  • key(s) generation
    • key size (length)
    • expiration date
  • encryption
  • decryption

Cryptosystem types


  • Symmetric Encryption (Secret Key Cryptography)
    • Uses a single key for both encryption and decryption
    • Sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext.
    • Key must be known to both the sender and the receiver; that, in fact, is the secret
    • The biggest difficulty with this approach, of course, is the distribution of the key
    • Used for:
      • privacy/confidentiality
    • Types:
      • stream ciphers
      • block ciphers
    • Algorithms:
      • AES (Rijndael)
    • ...
  • Asymmetric Encryption (Public Key Cryptography)
    • Uses one key for encryption and another for decryption
    • Used for:
      • authentication
      • non-repudiation
      • key exchange
    • Algorithms:
      • RSA (Rivest, Shamir and Adleman) (PKCS#1) 
      • Diffie–Hellman key exchange protocol
      • PGP
      • GPG (GnuPG)
      • SSL/TLS
      • SSH
    • ...
  • Hash Functions (Message Digests, One-way Encryption)
    • Use a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint
    • Use no key 
    • Fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered
    • Used for:
      • message integrity. Examples:
        • ensure the integrity of a file; provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus
        • encrypt passwords
    • Algorithms:
      • Message Digest (MD) algorithms
        • byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message
        • Algorithms:
          • MD2
          • MD4
          • MD5
            • weaknesses in the algorithm were demonstrated
      • Secure Hash Algorithm (SHA)
        • SHA-1
          • produces a 160-bit hash value
          • deprecated by NIST
        • SHA-2
          • SHA-1 plus
          • SHA-224
          • SHA-256
            • produces a 256-bit (32-byte) hash value, typically rendered as a hexadecimal number, 64 digits long
          • SHA-384
          • SHA-512
        • SHA-3
          •  Keccak 

Resources:

http://www.keylength.com/