Pretty Good Privacy (PGP)

PGP is another security mechanism, which is an abbreviation for Pretty Good Privacy. PGP is an application of Cryptographic technology that uses public-key encryption. PGP has been used to protect the privacy in any communication forms such as, email, data, data storage and more.

PGP was designed to provide the security and privacy measures that are not currently presented in many forms of online communication. The email, for example, travels from one destination to another in an encrypted form. The recipient will decrypt the message back to the plaintext using PGP.

 

PGP works with two keys (public-key and private-key); where the public-key encrypts the message and the private-key decrypts the message. In addition, PGP provides authentication, since the users can use the private-key to digitally sign the message. This will make sure that the recipient knows where the message (mail) came from.

Note: The sensitive data files stored on the hard drive or USB can also be protected by PGP, by using the public-key to encrypt the files; and private-key to decrypt them.

Secure Sockets Layer (SSL)

SSL is another important mechanism for securing information. SSL is an abbreviation for Secure Sockets Layer. SSL is a protocol that was developed by Netscape in 1990. Rapidly SSL became a standard mechanism for exchanging data securely over insecure channels (e.g. Internet). SSL, in fact, is supported by all modern browsers and emails. SSL operates in the Transport layer (OSI Model).

ssl

Basically, it is a handshake between the client and the server. The following scenario shows how the handshake works, where the client is Alice and the server is Bob, for example:

  • When the Alice, client, connects to any location that requires SSL connection, the Bob, Server, will present Alice with a digital certificate that allows her to identify the server.
  • Alice will ensure that that the domain name matches the name on the certificate; and the certificate has been generated by a trusted authority.

Once this handshake is finished, Alice will automatically encrypt all the data that is sent to Bob. Once the data arrives to the server side, Bob will decrypt it using the private-key. Note: Bob can send any message back to Alice, which will be encrypted during the transferring process.

 

Remember: Encrypting the data will make it unreadable to unauthorised people.

Internet Protocol Security (IPSec)

IPSec is an abbreviation for Internet Protocol Security, which is a set of protocols designed to protect the confidentiality and integrity of data as it flows over the network. These protocols are designed to operate at the Network layer (OSI Model) and process the packets according the predefined settings.

ipsec

Comparing to the other methods of security, IPSec has proven to be more successful technology than the other nowadays. In fact, it has the ability to provide tremendous security as well as the ability to be implemented without major changes to individual computer systems.

In order to protect the information, IPSec provides two mechanisms Authentication Header (AH) and Encapsulating Security Payload (ESP).

  • Authentication Header (AH) – it provides authentication services and provides a way to authenticate the sender.
  • Encapsulating Security Payload (ESP) – it provides authentication to the information; along with data encryption.

 

In conclusion, the information associated with each of these services is inserted into the packet, where the Authentication Header provides authentication services to the data; and the Encapsulating Security Payload provides data security.

 

Introduction to Cryptanalysis

Cryptanalysis is the study of ciphers or ciphertexts to find weaknesses in them, which will let/permit the attacker to retrieve the plaintext from the ciphertext (without necessarily knowing the key). Cryptanalysis, in fact, is part of the cryptology science. There are several techniques used in cryptanalysis that can decrypt a message such as, substitution cipher, brute force, frequency analysis and more.

 

Substitution cipher encrypts letters rather than bits. The idea is to replace/substitute each occurrence of a plaintext letter with the same ciphertext letter randomly. The table below shows the substitution table.

Plaintext letters

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Ciphertext letters

D K V Q F I B J W E P S C X H T M Y A U O L R G Z N

For example, CARDIFF is encrypted to VDYQWII; also, HELLO is encrypted to JFSSH.

The advantage of this substitution cipher would ensure that this message can be read only by Alice and Bob, since it means nothing to Oscar without knowing the key (substitution table).

Note: When replacing the letters, you cannot replace one plaintext with two ciphertext or vice versa. Every plaintext should be substituted with only one ciphertext.

 

In order to break this cipher, the attacker could implement some techniques to decrypt the encrypted message (original message) such as, the brute force attack or the frequency analysis. Brute force is a cryptanalysis attack, which is trying all the possible combinations until the message is decrypted. If the attacker is lucky he/she would be able to find the key quickly, otherwise it might take a very long time. Some software, nowadays, go through all the possible combinations until they find the key.

The question is: How many possible substitution tables are there? and the simple answer would be about 288. Since we have 26 letters and we would like to try all the possible combinations, the result would be:

26 x 25 x 24 x 23 x 22 x ……………. x 4 x 3 x 2 x 1 = 26! ≈ 288

However, if you have modern computers with a high process and memory space, you would be able to break the key faster than old computers (with old hardware). This attack is also known as an exhaustive key search.

 

The second technique is the frequency analysis. This is the process of replacing plaintext letter by the same ciphertext letter. (Note: Plaintext letter frequencies are not identical). In addition to that, hackers can use frequencies of letter pairs or triples such as, ‘th’ , ‘the’ , ‘as’ , ‘he’ , ‘she’, ‘I’m’, ‘is’, ‘are’ and many more. The table below shows the most common 5 letters use in English frequently.

frequency-analysis-table

Note: Even though the substitution cipher has a sufficiently large key space of 288, but it can easily be defeated with analytical methods.

 

Secure Transmission via Encryption – Part 1/2

The figure below shows the OSI model for the transmission data from one side to another. Previously, I have explained the data flow between the two parties, where it starts from the application layer all the way down to the physical layer; while it works upside down on the receiver side (See the PowerPoint file for more information about the transmission-data).

osi-layer

This blog discusses the possible ways to provide security in these protocols. The Network layer protocol used on the Internet, in fact, is known as the Internet Protocol (IP); while, the two Transport layer protocols used are Transport Control Protocol (TCP) and User Datagram Protocol (UDP). These protocols provide no security guarantees, since the packets are transmitted in plaintext (clear text). Transmission Control Protocol/Internet Protocol (TCP/IP) has some vulnerabilities because it is difficult to verify the following:

  1. Confidentiality – Data has not been viewed by a third party while in transit.
  2. Integrity – Data has not been modified in transit.
  3. Authentication – The claimed client or server is the true client or server.

 

The solution is to provide security in various layers such as, IPSec at the Network layer, SSL/TLS at the Transport layer and S/MIME at the Application layer (for emails).

screen-shot-2017-03-01-at-9-40-59-am

Message Authentication Codes

Message Authentication Codes also known as (MACs) are similar techniques to the Digital Signatures. MACs use Symmetric keys between all parties; and they provide data integrity and message authentication, but not non-repudiation. In fact, MACs are much faster than Public-key signatures.

Basically, MAC takes an input of any size and produce a short and fixed-size output. The Message Authentication Codes’ security entirely relies on the infeasibility of computing the result by Oscar. In this scenario, it will be very difficult for Oscar to achieve the following:

  1. Existential forgery.
  2. Selective forgery.
  3. Key recovery.

 

This scenario is an example of the MAC and how it works:

  • Any party can start this communication, Bob will start for this example.
  • Bob will use the private-key to MAC the original message; then he will send it to Alice.
  • Alice will use the same private-key to verify that the message has been received from Bob.

screen-shot-2017-02-28-at-12-14-49-pm

In conclusion, there are some important thangs about MAC that you need to remember, for example:

  1. MAC provides data integrity and message authentication Meanwhile, Digital signature provides data integrity, message authentication and non-repudiation.
  2. MACs are much faster than Digital signatures.
  3. MACs use a key, but Hash functions do not use key.

 

Note: MACs are based on hash functions (e.g. HMAC) or on Block Ciphers (e.g. CBC-MAC).

Introduction to Hash Functions – Part 2/2

Hash function is a process of taking any input (long or short message) and return a fixed-size alphanumeric string. The output string is known as the “hash value”, “message digest”, “digital fingerprint” or sometime is called as “checksum”. The figure below shows how the Hash functions work.

how-hashing-works

The figure above shows the following:

  1. Message (x) is the long message, which is divided into number n of blocks.
  2. (z) is typically much smaller than (x), which is the result of hashing the original message h(x). Note: h(x) is public.
  3. The result of (z), will be signed with the private-key
  4. (s) will be sent to the other party, where it can be verified via the sender’s public-key.

 

There are many advantages can be found in the Hash functions such as:

  1. Arbitrary size of input message (x), gives a fixed-size output.
  2. Difficult to know the original message (x) after hashing it.
  3. The hash computation should be fast.

 

Note: any small change in the input in the hash function will make a big change in the output. The following figure shows the fixed-size result of hashing any message.

hash-functions