Cryptography Basics: Understanding Encryption, Attacks, and Security

Posted on Nov 7, 2024 in Computers

Cryptography Basics

Introduction to Cryptography

Cryptography (from the Greek “krypto”, meaning “hidden”, and “graph”, meaning “writing”) is the practice of securing communication by converting plaintext into ciphertext. This process allows for the exchange of messages that can only be read by intended recipients who possess the means to decipher them.

Key Terminology

  • Plaintext: The original, unencrypted information.
  • Ciphertext: The encrypted information, unintelligible without decryption.
  • Encryption: The process of converting plaintext into ciphertext.
  • Decryption: The reverse process of converting ciphertext back into plaintext.
  • Key: The secret information used to encrypt and decrypt messages.

Encryption Techniques

  • Substitution: Replacing letters, digits, or symbols with different ones.
  • Transposition: Rearranging the order of letters, digits, or symbols.

Most ciphers combine both substitution and transposition techniques.

Symmetric Cryptography

Symmetric cryptography uses the same key for both encryption and decryption. These algorithms are known for their speed and efficiency. Examples include:

  • DES (Data Encryption Standard): Uses a 56-bit key, now considered relatively weak.
  • 3DES (Triple DES): Uses a 128-bit key, more secure than DES.
  • AES (Advanced Encryption Standard): A widely used modern standard.

Feistel Networks

Many symmetric algorithms are based on Feistel networks, a structure invented by Horst Feistel. While not all modern ciphers use this structure (e.g., AES uses substitution-permutation networks), the principle remains influential.

Cryptographic Attacks

Brute-Force Attack

A brute-force attack involves trying every possible key combination until the correct one is found. The effort required increases exponentially with key length.

Dictionary Attack

A dictionary attack tries common words and phrases as passwords. This is often more effective than brute-force against weak passwords.

Password Tips

Creating strong passwords involves avoiding dictionary words and using a combination of uppercase and lowercase letters, numbers, and symbols. A good technique is to create a passphrase and use the first letter of each word, combined with numbers and symbols.

Protection Against Attacks

Limiting the number of login attempts can help protect against brute-force and dictionary attacks. Systems can automatically lock after a certain number of failed attempts.

Asymmetric Cryptography

Asymmetric cryptography uses two keys: a public key for encryption and a private key for decryption. This solves the key distribution problem of symmetric cryptography. Asymmetric algorithms are based on mathematical functions and are generally slower than symmetric algorithms.

Communication Steps

  • Recipient generates a key pair (public and private).
  • Sender encrypts the message using the recipient’s public key.
  • Recipient decrypts the message using their private key.

Security

The security of asymmetric cryptography relies on the key size and the difficulty of the underlying mathematical problem. Larger key sizes provide greater security.

Advantages of Asymmetric Encryption

Asymmetric encryption solves the key distribution problem. However, it is slower and requires larger keys than symmetric encryption.

*
*
*
*

Hybrid Cryptography

Hybrid cryptography combines the advantages of both symmetric and asymmetric encryption. Asymmetric encryption is used to exchange a symmetric key, which is then used for secure communication.

Asymmetric Algorithms

* Diffie-Hellman
* RSA
* DSA
* ElGamal
* Elliptic Curve Cryptography

Unsafe Algorithms

* Merkle-Hellman (“Knapsack”)

Protocols

* DSS (Digital Signature Standard)
* PGP
* GPG
* SSH
* SSL
* TLS

Cryptographic Processes and Services

  • Privacy: Ensuring information is accessible only to authorized individuals.
  • Integrity: Guaranteeing that information has not been altered.
  • Authentication: Verifying the identity of users.
  • Digital Signatures: Providing non-repudiation and proof of origin.
  • Non-Repudiation: Preventing senders and receivers from denying their involvement.
  • Access Control: Regulating access to information.
  • Availability: Ensuring information is accessible to authorized users when needed.

Digital Certificates

Digital certificates link a public key to an individual or entity, verified by a trusted third party (Certification Authority). They typically contain the certified entity’s name, serial number, expiry date, and public key.
*
*
*
*

Electronic Signatures

Electronic signatures are digital signatures stored on hardware, providing the same legal validity as handwritten signatures. They are typically stored on ROM chips, ensuring they are unchangeable.

Electronic ID

Electronic ID cards, like Spain’s DNIe, are designed for use in the digital world. They require specific hardware (card reader) and software (drivers, cryptographic modules) to access the certificates stored on the chip.

Hardware Requirements

  • Personal computer
  • Smart card reader (ISO-7816 compliant)

Software Requirements

  • Operating System (e.g., Windows)
  • Browser (e.g., Internet Explorer)
  • Cryptographic modules (CSP for Windows, PKCS#11 for Unix/Linux/Mac)

For more information on DNIe requirements, visit www.dnielectronico.es/descargas.