Introduction & Concepts

Understanding the core principles of cryptography is crucial in the journey towards CISSP certification. These principles underpin the mechanisms of secure data handling, confidentiality, and non-repudiation. Additionally, concepts like work function, zero-knowledge proof, and split knowledge play a key role in fortifying the security of information systems.

Introductory Concepts

Cryptography is the science of secret writing, with its core objectives lying in providing confidentiality, integrity, and non-repudiation. It uses mathematical algorithms to scramble data into unreadable text which can only be deciphered with the correct key. I have listed a few basic concepts we need to learn below with a description, technical example, and real life example (although not always realistically applicable) for easy memorization:

Nonrepudiation

Nonrepudiation provides undeniable proof that a specific party sent a message, preventing them from denying that they sent it.

Technical Example: Digital signatures. A sender signs the data with their private key, and the recipient verifies it with the sender's public key. If the verification is successful, it's undeniable proof that the sender sent the message.

Real Life Example: Sending a registered letter via a postal service. The sender gets a receipt proving they sent the letter, and the recipient must sign upon receipt, creating a record that prevents either party from denying the sending or receiving of the letter.

Confidentiality

Confidentiality aims to keep data secure and private both while at rest and in transit. It ensures that only authorized parties can access the information.

Technical Example: Encrypting a hard drive or a network transmission with a secure algorithm like AES. Only those with the correct key can decrypt and access the original data.

Real Life Example: Sending a letter in a sealed envelope. Only the intended recipient should open the envelope and read the contents, maintaining the confidentiality of the information.

Integrity

Integrity refers to the assurance that the data has not been altered, intentionally or unintentionally, during transit. It ensures that the received data is exactly as it was sent.

Technical Example: Using hash functions and checksums. If the computed hash or checksum of the received data matches the one sent with it, the integrity of the data is confirmed.

Real Life Example: A museum exhibit behind a glass case. The case ensures the artifact remains untouched and in its original state, signifying integrity.

Zero-Knowledge Proof

Zero-knowledge proof is a cryptographic principle where one party can prove to another that they possess a certain piece of information, without revealing the information itself.

Technical Example: Password authentication protocols often use zero-knowledge proof. When you log into a website, you prove that you know your password, but you don't actually reveal your password to the website. This is because the password hash is compared with the stored hash. This proves you know your password without revealing it to the website.

Real Life Example: Alice and Bob, playing a game with a color-blind friend, Charlie. Alice picks a red ball and a green ball. Charlie, not being able to distinguish between the colors, shuffles the balls behind his back and shows one to Alice. If Alice correctly tells whether the ball shown is the same as before or switched, she proves to Charlie that the balls are indeed different colors without revealing which is red and which is green.

Split Knowledge

Split knowledge is a security concept in which the information or privileges necessary to perform a task are divided among multiple individuals. This way, no single person has enough privileges to compromise the security of the system.

Technical Example: In a secure database system, access to sensitive information may be split between two administrators. Both administrators must use their individual keys to decrypt the data, ensuring no single person can access it alone.

Real Life Example: The unfortunate bombings of Hiroshima serve as a great but extreme example. Most members of the 509th knew they were training for a special bombing mission with a new type of bomb, but many did not know that they were dealing with a nuclear weapon until just before the mission. Others knew what the type of bomb was, but not where or when the bomb would be sent to on it's mission.

The work was so compartmentalized that you might have one group of scientists working on one bit, another group working on another bit, and they didn’t know what each other was doing.

—Joseph Rotblat

Work Function

Work function (or work factor) is a measure of the strength of a cryptographic system, indicating the effort in terms of cost or time required to decrypt encrypted messages.

Technical Example: Suppose a cryptosystem uses a 128-bit encryption key. The work function in this scenario would be the time and cost it takes to operate a computer power required to perform a brute force attack by trying all possible 2^128 combinations.

Real Life Example: Think of a high-security safe. The work function to break into the safe could include the time needed to figure out the combination, the cost of specialized drilling equipment, or the effort to learn and execute lock-picking skills. The more complicated the safe, the higher its work function.

Importance of Key Security

Cryptographic keys inject the vital element of secrecy into any cryptosystem, effectively underpinning its robustness.

In today's digital landscape, cryptosystems typically employ keys that are at least 128 bits in length to ensure satisfactory security. Think of this as our current baseline for gauging the strength of a cryptosystem.

As technologies continue to evolve and quantum computing comes into play, this benchmark is likely to change!

Key Clustering

Key Clustering is a weakness in cryptographic systems wherein distinct keys generate identical ciphertext from the same plaintext message using the same algorithm. This phenomenon is kind of like collisions in hashing, where different inputs produce the same output.

Example: Let's consider an oversimplified cryptographic system. Suppose we have two different keys, "Key A" and "Key B". Now, if we use a simple Caesar cipher (which is a type of substitution cipher) as our algorithm and the plaintext message is "HELLO", then we get:

Using "Key A", the cipher might shift each letter by 2 places, resulting in the ciphertext "JGNNQ".
Using "Key B", the cipher could shift each letter by -24 places. This also gives "JGNNQ".

In this case, "Key A" and "Key B" form a key cluster, since they generated identical ciphertext ("JGNNQ") from the same plaintext message ("HELLO") using the same algorithm (Caesar cipher), even though they are different keys. This weakness could potentially undermine the security provided by the cryptographic system.

Types of Attacks

In the realm of cybersecurity, we often encounter various types of attacks. We'll dig deeper into each of these attacks, providing a detailed breakdown of their mechanisms. But for now, let's look at the most comprehensive attacks, and explore other complex attacks, such as rainbow tables, and side-channel attacks, later on.

Brute-force attacks

These are attempts to randomly find the correct cryptographic key through trial-and-error. They are laborious and time-consuming but are virtually guaranteed to eventually succeed given enough computational power and time. However, the effectiveness of a brute force attack can be dramatically reduced by using complex, longer keys.

Man-in-the-Middle Attack

A man-in-the-middle attack (MitM) is a type of cyber attack where an attacker intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other. Think of it like a postal worker intercepting your mail, reading or modifying the letters, and then sending them on to the recipient. Neither the sender nor the recipient is aware that their communication has been tampered with. Take this example sourced from ~~Wikipedia~~:

~~Alice~~ ~~sends a message to~~ ~~Bob, which is intercepted by~~ ~~Mallory: "Hi Bob, it's Alice. Give me your key."~~

~~Mallory~~ ~~relays this message to~~ ~~Bob; Bob cannot tell it is not really from Alice: "Hi Bob, it's Alice. Give me your key."~~

~~Bob~~ ~~responds with his encryption key, which is intercepted by~~ ~~Mallory~~.

~~Mallory~~ ~~replaces Bob's key with her own, and relays this to~~ ~~Alice, claiming that it is Bob's key.~~

~~Alice~~ ~~encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it: "Meet me at the bus stop!" (This is actually encrypted with Mallory's key and intercepted by Mallory).~~

~~Because it was actually encrypted with~~ ~~Mallory's~~ ~~key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to~~ ~~Bob: "Meet me at the van down by the river!"~~

~~Bob thinks that the message is secure and the communication came from Alice, not Eve.~~

Meet-in-the-middle attack

Meet-in-the-middle attacks are a potential problem with multiple encryption methods, such as Double DES. This attack aims to crack the encryption by matching the intermediate ciphertext (the result after one round of encryption) with the partially decrypted plaintext (the result before the final round of decryption). This approach bypasses the need to crack the entire multiply encrypted ciphertext at once.

~~Alice and Bob are friends who like to share secret messages. They use a special system where they put the message in a box and lock it twice, each using a different key.~~

~~Alice~~ ~~writes a~~ ~~secret message, puts it in a box, and locks it with her own lock (Lock A~~).

~~She~~ ~~sends the box to~~ ~~Bob~~.

~~Bob~~ ~~can't open~~ ~~Lock A, but he adds his own lock (Lock B) on the box too and sends it back to~~ ~~Alice~~.

~~Alice~~ ~~can't open~~ ~~Bob's lock (Lock B), but she can open her own lock (Lock A~~).

~~She~~ ~~takes off~~ ~~Lock A~~ ~~and sends the box back to~~ ~~Bob~~.

~~Bob can then open his own lock (Lock B) and read the~~ ~~secret message~~ ~~inside.~~

~~Now, let's introduce Eve. Eve is nosy and wants to know what the secret message is.~~

~~Eve~~ ~~has a huge collection of keys, all numbered.~~

~~When~~ ~~Alice~~ ~~sends the box with~~ ~~Lock A~~ to ~~Bob~~, ~~Eve~~ ~~intercepts the box.~~

~~She~~ ~~can't open the lock, but she tries all her keys until she finds one that fits (Key A~~).

~~She~~ ~~notes down~~ ~~the number~~ ~~but doesn't open it.~~

~~When~~ ~~Alice~~ ~~sends the box back to Bob with only~~ ~~Lock B~~, ~~Eve~~ ~~intercepts it again.~~

~~She~~ ~~does the same thing, finds the key that fits (Key B), and notes down~~ ~~the number~~.

~~Now,~~ ~~Eve~~ ~~knows which keys can open~~ ~~Alice's and~~ ~~Bob's locks.~~

~~Using~~ ~~her~~ ~~key collection, she can open both locks and read the~~ ~~secret message~~.

This is a simple example of a "meet-in-the-middle" attack. In the real world, these "locks" and "keys" are codes used in computers, and trying every key until one works is a method called "brute force". But in reality, there are so many possible keys that this type of attack is very hard and takes a long time.

This scenario simplifies the concept of a meet-in-the-middle attack in a non-digital context. In a real cryptographic attack, the "keys" are cryptographic keys, and the "locks" are the encryption algorithms (like DES). The process of trying every key until she finds a match is the "brute force" element of the attack. The main difference is that in a real cryptographic system, the number of possible keys is astronomically large, making such an attack computationally infeasible against strong encryption.

Birthday Attack

The 'birthday problem' or 'birthday paradox' refers to the probability that, in a set of randomly chosen people, some pair of them will have the same birthday. Surprisingly, even with just 23 people, there's a 50% chance of a shared birthday.

The 'birthday attack' is an analogy of this problem. In the world of cryptography, it's about finding 'collisions' - different inputs that result in the same hash output. Similar to the birthday problem, it's surprisingly easy to find such collisions due to the birthday paradox. For a hash function with a 128-bit output, you'd expect to start finding collisions after hashing about 2^64 different inputs, not 2^128.

Birthday attacks are more relevant for things like digital signatures, where a collision could allow an attacker to forge a signature, although SHA-256, the standard for digital signatures protects well against this.

Replay Attack

This is when an attacker retransmits a valid data transmission that has been previously made. In the context of Club Penguin, an attacker could use a tool like WPE Pro to intercept the packets sent from your computer to the game's server when you earn coins. They could then replay those packets to trick the server into thinking you're repeatedly earning coins. This attack can be prevented using timestamps or sequence numbers to ensure freshness of each communication.

~~If you'd like to check a basic, real life example, check out my~~ ~~blog post~~ ~~where I performed a basic replay attack to gain an advantage on an online video game.~~

Digital Rights Management

~~You might remember trying to copy a PS3 game as a kid and finding out it wouldn't play. That was Console DRM at work, ensuring only legitimate games could run on the console.~~

~~DRM isn't only for video games; it protects a wide range of digital media, such as music, movies, and e-books, and it secures sensitive enterprise documents.~~

However, DRM sometimes faces criticism due to its poor implementation. For example, Grand Theft Auto V's always-online requirement was inconvenient for players who wished to play offline. Unsurprisingly, pirated versions offered more flexibility in this aspect.

On the flip side, when implemented well, DRM can balance copyright protection with user experience. Steam is a prime example. By tying games to user accounts, it allows flexibility and convenience for the user while protecting the developers' interests.

~~The easiest way to stop piracy is not by putting antipiracy technology to work. It’s by giving those people a service that’s better than what they’re receiving from the pirates.~~

~~—Gabe Newell, Co-founder and president, Valve~~

Algorithm Types

Now, with those introductory concepts out of the way let's quickly quickly take a high level look at the three algorithm types we'll need to know for the exam and their fundamental differences. Don't worry, we'll go this into much more detail

Algorithm	Hash	Symmetric	Asymmetric
Number of Keys	0	1	2+
Best NIST Key Length	256 bits	128 bits	2048 bits
Common example	SHA	AES, Blowfish, 3DES	RSA, DEA, ECC
Complexity	Medium	Medium	High
Effect of Key Compromise	-	Loss for sender and receiver	Loss for owner of key
Key Management & Sharing	-	Challenging	Easy & Secure

Key Clustering Issue

Key Clustering is a weakness in cryptographic systems wherein distinct keys generate identical ciphertext from the same plaintext message using the same algorithm. This phenomenon is akin to collisions in hashing, where different inputs produce the same output.

Using "Key A", the cipher might shift each letter by 2 places, resulting in the ciphertext "JGNNQ".
Using "Key B", the cipher could shift each letter by -24 places. Interestingly, this too gives the ciphertext "JGNNQ", since a Caesar cipher is circular in nature (i.e., after Z, it goes back to A).