Introduction & Concepts

Understanding the core principles of cryptography is crucial in the journey towards CISSP certification. These principles underpin the mechanisms of secure data handling, confidentiality, and non-repudiation. Additionally, concepts like work function, zero-knowledge proof, and split knowledge play a key role in fortifying the security of information systems.

Introductory Concepts

Cryptography is the science of secret writing, with its core objectives lying in providing confidentiality, integrity, and non-repudiation. It uses mathematical algorithms to scramble data into unreadable text which can only be deciphered with the correct key. I have listed a few basic concepts we need to learn below with a description, technical example, and real life example (although not always realistically applicable) for easy memorization:

Nonrepudiation

Nonrepudiation provides undeniable proof that a specific party sent a message, preventing them from denying that they sent it.

Technical Example: Digital signatures. A sender signs the data with their private key, and the recipient verifies it with the sender's public key. If the verification is successful, it's undeniable proof that the sender sent the message.

Real Life Example: Sending a registered letter via a postal service. The sender gets a receipt proving they sent the letter, and the recipient must sign upon receipt, creating a record that prevents either party from denying the sending or receiving of the letter.

CIA Triad

Confidentiality

Confidentiality aims to keep data secure and private both while at rest and in transit. It ensures that only authorized parties can access the information.

Technical Example: Encrypting a hard drive or a network transmission with a secure algorithm like AES. Only those with the correct key can decrypt and access the original data.

Real Life Example: Sending a letter in a sealed envelope. Only the intended recipient should open the envelope and read the contents, maintaining the confidentiality of the information.

Integrity

Integrity refers to the assurance that the data has not been altered, intentionally or unintentionally, during transit. It ensures that the received data is exactly as it was sent.

Technical Example: Using hash functions and checksums. If the computed hash or checksum of the received data matches the one sent with it, the integrity of the data is confirmed.

Real Life Example: A museum exhibit behind a glass case. The case ensures the artifact remains untouched and in its original state, signifying integrity.

Availability

Availability ensures that data and resources are accessible and usable when needed by authorized parties. Its goal is to minimize downtime and provide consistent, timely access to resources.

Technical Example: Implementing redundant servers or systems. If one server fails, another one takes over, ensuring uninterrupted service. Regular backups and failover mechanisms also support availability.

Real Life Example: A public library having multiple copies of a popular book. Even if one copy is checked out, another one is available for readers, ensuring the book's availability to the community.

Zero-Knowledge Proof

Zero-knowledge proof is a cryptographic principle where one party can prove to another that they possess a certain piece of information, without revealing the information itself.

Technical Example: Password authentication protocols often use zero-knowledge proof. When you log into a website, you prove that you know your password, but you don't actually reveal your password to the website. This is because the password hash is compared with the stored hash. This proves you know your password without revealing it to the website.

Real Life Example: Alice and Bob, playing a game with a color-blind friend, Charlie. Alice picks a red ball and a green ball. Charlie, not being able to distinguish between the colors, shuffles the balls behind his back and shows one to Alice. If Alice correctly tells whether the ball shown is the same as before or switched, she proves to Charlie that the balls are indeed different colors without revealing which is red and which is green.

Split Knowledge

Split knowledge is a security concept in which the information or privileges necessary to perform a task are divided among multiple individuals. This way, no single person has enough privileges to compromise the security of the system.

Technical Example: In a secure database system, access to sensitive information may be split between two administrators. Both administrators must use their individual keys to decrypt the data, ensuring no single person can access it alone.

Real Life Example: The unfortunate bombings of Hiroshima serve as a great but extreme example. Most members of the 509th knew they were training for a special bombing mission with a new type of bomb, but many did not know that they were dealing with a nuclear weapon until just before the mission. Others knew what the type of bomb was, but not where or when the bomb would be sent to on it's mission.

The work was so compartmentalized that you might have one group of scientists working on one bit, another group working on another bit, and they didn’t know what each other was doing.

—Joseph Rotblat

Work Function

Work function (or work factor) is a measure of the strength of a cryptographic system, indicating the effort in terms of cost or time required to decrypt encrypted messages.

Technical Example: Suppose a cryptosystem uses a 128-bit encryption key. The work function in this scenario would be the time and cost it takes to operate a computer power required to perform a brute force attack by trying all possible 2^128 combinations.

Real Life Example: Think of a high-security safe. The work function to break into the safe could include the time needed to figure out the combination, the cost of specialized drilling equipment, or the effort to learn and execute lock-picking skills. The more complicated the safe, the higher its work function.

Importance of Key Security

Cryptographic keys inject the vital element of secrecy into any cryptosystem, effectively underpinning its robustness.

In today's digital landscape, cryptosystems typically employ keys that are at least 128 bits in length to ensure satisfactory security. Think of this as our current baseline for gauging the strength of a cryptosystem.

As technologies continue to evolve and quantum computing comes into play, this benchmark is likely to change!

Key Clustering

Key Clustering is a weakness in cryptographic systems wherein distinct keys generate identical ciphertext from the same plaintext message using the same algorithm. This phenomenon is kind of like collisions in hashing, where different inputs produce the same output.

Example: Let's consider an oversimplified cryptographic system. Suppose we have two different keys, "Key A" and "Key B". Now, if we use a simple Caesar cipher (which is a type of substitution cipher) as our algorithm and the plaintext message is "HELLO", then we get:

Using "Key A", the cipher might shift each letter by 2 places, resulting in the ciphertext "JGNNQ".
Using "Key B", the cipher could shift each letter by -24 places. This also gives "JGNNQ".

In this case, "Key A" and "Key B" form a key cluster, since they generated identical ciphertext ("JGNNQ") from the same plaintext message ("HELLO") using the same algorithm (Caesar cipher), even though they are different keys. This weakness could potentially undermine the security provided by the cryptographic system.

Algorithm Types

Now, with those introductory concepts out of the way let's quickly quickly take a high level look at the three algorithm types we'll need to know for the exam and their fundamental differences. Don't worry, we'll go this into much more detail

Algorithm	Hash	Symmetric	Asymmetric
Number of Keys	0	1	2+
Best NIST Key Length	256 bits	128 bits	2048 bits
Common example	SHA	AES, Blowfish, 3DES	RSA, DEA, ECC
Complexity	Medium	Medium	High
Effect of Key Compromise	-	Loss for sender and receiver	Loss for owner of key
Key Management & Sharing	-	Challenging	Easy & Secure

Key Clustering Issue

Key Clustering is a weakness in cryptographic systems wherein distinct keys generate identical ciphertext from the same plaintext message using the same algorithm. This phenomenon is akin to collisions in hashing, where different inputs produce the same output.

Using "Key A", the cipher might shift each letter by 2 places, resulting in the ciphertext "JGNNQ".
Using "Key B", the cipher could shift each letter by -24 places. Interestingly, this too gives the ciphertext "JGNNQ", since a Caesar cipher is circular in nature (i.e., after Z, it goes back to A).