CompTIA CASP+ CAS-004 Certification: The Basics of Implementing Cryptographic Techniques

Cryptography is one of the most complicated fields of security expertise. Both at rest and in transit, cryptography is a vital component of data security. It’s a science that comprises hiding data or altering it to make it unreadable.

Message authorship, source verification, and delivery proof are all ensured via cryptography. Cryptography is concerned with confidentiality, integrity, and authentication, but not with availability. The CIA triumvirate is a basic security paradigm that includes secrecy, integrity, and availability, with cryptography addressing two of the triad’s main pillars. It aids in the identification and prevention of data manipulation, deletion, and modification. Cryptography also provides non-repudiation by demonstrating a message’s origin. Each of these ideas is examined in further depth in this guide.

Key topics:
- SSL/TLS
- Cryptographic applications
- Hashing
- SMIME/Message authentication
- Code signing
- DRM watermarks
- PKI

In this guide, cryptographic techniques are covered which include Key stretching, hashing, digital signatures, message authentication, code signing, pseudo-random number generation, perfect forward secrecy, data-in-transit encryption, data-in-memory/processing, data-at-rest encryption, and steganography among others.

This guide also includes Cryptographic modules, crypto processors, cryptographic service providers, DRM, watermarking, GPG, SSL/TLS, SSH, S/MIME, cryptographic applications and proper/improper implementations, stream versus block, PKI, cryptocurrency/blockchain, mobile device encryption considerations, and elliptic curve cryptography.

Objectives
You’ll learn about cryptography methods, principles, and implementations that are used to safeguard data in the organization in this guide.
To secure private data, most firms use a variety of physical devices. External dangers are kept out of the network by these devices, which secure data. Data encryption guarantees that secret or private data is not read if one of an attacker’s approaches succeeds and an organization’s first line of defense is breached.

The following are some of the most important advantages of encryption:
- Strength: Encryption is based on international standards. Because the solutions are so comprehensive, they guarantee that an organization’s security rules are followed to the letter. Data encryption technologies are cost-effective and may give a degree of protection that rivals that of the military.
- Transparency: Efficient encryption enables the regular business to continue while critical data is safeguarded in the background, all without the user being aware of what is going on.
- Flexibility: Encryption preserves and secures vital data on a computer, a removable disk, an email server, or a storage network. It also enables you to securely access your files from any location.

Techniques
Various cryptographic algorithms are used depending on the demands of the company. Examining the context of the data and identifying which cryptographic approach to employ is the first step in selecting the proper cryptographic technique. Security experts should examine the data kind, sensitivity, value, and dangers to the data before deciding which approach to apply.

Key stretching, hashing, digital signatures, message authentication, code signing, and pseudo-random number generation are some of the methods you’ll need to know.

Data-in-Transit Encryption, Data-at-Rest Encryption, and Data-in-Memory/Processing are all examples of perfect forward secrecy.

Stretching techniques
Key stretching, also known as key strengthening, is a cryptographic approach that includes lengthening the time it takes to test each potential key to make a weak key stronger. The original key is passed into an algorithm to generate an upgraded key, which should be at least 128 bits in length to be effective. If key stretching is employed, an attacker must either attempt every conceivable combination of the improved key or a large number of plausible combinations of the original key.

Because the attacker must calculate the stretching function for each guess in the attack, key stretching slows down the attacker. Pretty Good Privacy (PGP), GNU Privacy Guard (GPG), Wi-Fi Protected Access (WPA), and WPA2 are all systems that employ key stretching. Password-Based Key Derivation Function 2 (PBKDF2), bcrypt, and scrypt are some of the most widely used password key stretching algorithms.

Hashing
To generate a one-way message digest, the data is passed through a cryptographic procedure. The method utilized determines the size of the message digest. The data is represented by the message digest, which cannot be reversed to identify the original contents. The message digest may be used to verify data integrity since it is unique. A message is reduced to a hash value using a one-way hash algorithm. Message integrity is determined by comparing the sender’s hash value to the receiver’s hash value. The message has been tampered with if both the sender and recipient employed the same hash function but the resulting hash values are different.

Hash functions do not prevent data change, but they do give a way to see whether the data has been altered, as shown below:


Figure: Hashing

There are certain restrictions to hash functions: If an attacker intercepts a message containing a hash value, the attacker may change the original message to construct a new incorrect message with a different hash value. If the attacker then sends the intended receiver a second faulty message, the intended recipient will have no means of recognizing that he has received an inaccurate message. When the recipient calculates the hash value, the incorrect message will seem to be legal since it was appended with the attacker’s new hash value rather than the original message’s hash value.

To avoid this, the sender should provide a message authentication code (MAC) in the message. A keyed MAC is created by encrypting the hash function using a symmetric key method. The original message is not encrypted by the symmetric key. It’s solely used to keep the hash value safe.

The essential processes of a hash function are shown below:


Figure: Process of a Hash Function

Collisions and rainbow table attacks are the two main hash function weaknesses. When a hash function gives the same hash value on several messages, it is known as a collision. When rainbow tables are used to reverse a hash by computing all possible hashes and finding the matching value, it is known as a rainbow table attack. Message digests may be used to compare multiple files to check whether they are similar down to the bit level since they are defined by the original contents. Data integrity has been compromised if a calculated message digest does not match the original message digest value. To guarantee that real passwords are not stolen, password hash values are often saved instead of actual passwords. It is always preferable to select the hashing function that utilizes a greater hash value when deciding which hashing algorithm to employ.

The hash function should be used to determine a file’s hash value. Let’s say you have a document called contract.doc that you need to make sure isn’t changed in any manner. Use md5sum contract.doc. This command will give you a hash value, which you should write down. Users should always use the md5sum command to recalculate the hash value when they require access to the file afterward.

The file remains untouched if the value is the same as it was when it was first recorded. If it’s not the same, the file has been altered. MD2/MD4/MD5/MD6, SHA/SHA-2/SHA-3, HAVAL, RIPEMD-160, and Tiger are some of the hash algorithms you should be aware of.

MD2/MD4/MD5/MD6
A 128-bit hash value is generated using the MD2 message-digest algorithm. It goes through 18 rounds of calculations. MD2 is still in use today, however, it is much slower than MD4, MD5, and MD6.
A 128-bit hash value is also generated using the MD4 algorithm. However, it only does three compute rounds. Despite the fact that MD4 is quicker than MD2, it has seen a considerable drop in usage due to the success of attacks against it.
The MD5 algorithm, like the previous MD algorithms, generates a 128-bit hash result. It goes through four rounds of calculations. It was established in response to problems with MD4, and it is more complicated than MD4. MD5 is not, however, collision-free. As a result, SSL certificates and digital signatures should not be utilized with it. Instead of MD5, the US government mandates the usage of SHA-2. However, when releasing software updates for commercial usage, many software providers disclose the MD5 hash value so that the consumers may check the product’s integrity after downloading.

After conducting a variable number of calculations, the MD6 algorithm generates a variable hash value. Although it was initially proposed as a replacement for SHA-3, it was dropped due to early problems with differential attacks. Since then, MD6 has been re-released with this flaw patched. That release, however, was too late to be recognized as the SHA-3 standard by the National Institute of Standards and Technology (NIST).

SHA/SHA-2/SHA-3
The Secure Hash Algorithm (SHA) is a set of four algorithms developed by the National Institute of Standards and Technology (NIST) in the United States. After 80 rounds of calculations on 512-bit blocks, SHA-0 yields a 160-bit hash result. It was initially known as just SHA since there were no additional “family members”. Because collisions were detected, SHA-0 was never particularly popular. After 80 rounds of calculations on 512-bit blocks, SHA-1 generates a 160-bit hash result, similar to SHA-0. The vulnerability in SHA-0 that left it vulnerable to assaults was fixed in SHA-1.

SHA-2 is a collection of hash functions, each with its own set of functional constraints. The SHA-2 family consists of the following members:
- SHA-224: After 64 rounds of calculations on 512-bit blocks, it generates a 224-bit hash value.
- SHA-256: After 64 rounds of calculations on 512-bit blocks, it generates a 256-bit hash value.
- SHA-384: After 80 rounds of calculations on 1,024-bit blocks, it generates a 384-bit hash value.
- SHA-512: After 80 rounds of calculations on 1,024-bit blocks, it generates a 512-bit hash result.
- SHA-512/224: After 80 rounds of calculations on 1,024-bit blocks, it generates a 224-bit hash value. The number 512 denotes the size of the internal state.
- SHA-512/256: After 80 rounds of calculations on 1,024-bit blocks, it generates a 256-bit hash value. The 512 identifier denotes the internal state size once again.

SHA-3, like SHA-2, is a hash function family. In May 2014, this standard was officially adopted. The size of the hash value ranges from 224 to 512 bits. By default, SHA-3 does 120 rounds of calculations. Keep in mind that today’s SHA-1 and SHA-2 algorithms are still frequently utilized. SHA-3 was presented as an alternate hash function to the others, rather than being created because of a security issue in the two prior standards. For added security, hashing algorithms are often used with other cryptographic techniques. However, business managers should make sure that the algorithms used in tandem can deliver optimum security and performance. Implementing 3DES with SHA, for example, would give high security but worse performance than RC4 with MD5. Let’s have a look at an example of hashing using SHA. Even though a package like 5.9.4-8-x86 64.rpm was obtained from an official repository, an administrator must check that the package has not been changed before installing it on a server. Before installing a package on a Linux computer, the administrator should run sha1sum and validate the hash of the package.

Signatures in digital format
A hash value encrypted with the sender’s private key constitutes a digital signature. Authentication, non-repudiation, and integrity are all provided by a digital signature.

A blind signature is a kind of digital signature in which the message’s contents are hidden until it is signed, as shown below:



Figure: The process of creating a digital signature

The following is the procedure for establishing a digital signature:
- Step 1: For the data to be signed, the signer receives a hash value.
- Step 2: Using their private key, the signer encrypts the hash value.
- Step 3: The signer encrypts the material and encrypts a copy of their public key in a certificate before sending it to the recipient.

The following is the procedure for confirming the digital signature:
- Step 1: The data, encrypted hash, and certificate are separated by the receiver.
- Step 2: The receiver acquires the data’s hash value.
- Step 3: Using the PKI, the receiver confirms that the public key is still valid.
- Step 4: Using the public key, the recipient decrypts the encrypted hash value.
- Step 5: The receiver compares the hash values of the two messages. The message has not been modified if the values are the same.

Digital signatures are created using public key cryptography. Users register their public keys with a certification authority (CA), which then issues a certificate including the user’s public key as well as the digital signature of the CA. The user’s public key and validity period are coupled with the certificate issuer and digital signature algorithm identifier to create the digital signature. The Digital Signature Standard (DSS) is a federally mandated digital security standard that regulates the Digital Security Algorithm (DSA). DSA creates a 160-bit message digest. For digital signatures, the US federal government mandates the use of DSA, RSA, or Elliptic Curve DSA (ECDSA), as well as SHA. DSA is a slower version of RSA that only allows for digital signatures. Digital signatures, encryption, and secure symmetric key distribution are all provided by RSA.

Keep the following things in mind while thinking about cryptography:
- Confidentiality is provided through encryption.
- Integrity is provided through hashing.
- Authentication, non-repudiation, and integrity are all provided via digital signatures.
- Authentication of messages.

In the same way that code signing provides message integrity and authenticity, a message authentication code (MAC) may do the same. HMAC, CBC-MAC, and CMAC are the three kinds of MACs you should be aware of. A hash MAC (HMAC) is a keyed-hash MAC that uses a symmetric key and a hash function. Data integrity and authentication are provided via HMAC. HMAC can be used with any of the previously listed hash functions, with HMAC prepended to the hash function name (for example, HMACSHA-1). The strength of HMAC is determined by the hash function’s strength, as well as the size of the hash value and key. The output size of HMAC’s hash value is the same as that of the underlying hash algorithm. HMAC may aid in lowering the hash function’s collision rate. A block-cipher MAC that runs in CBC mode is known as a Cipher Block Chaining MAC (CBC-MAC). Data integrity and authentication are provided via CBC-MAC. Cipher-based MAC (CMAC) is similar to CBC-MAC but has many superior mathematical functions. CMAC is authorized to work with AES and 3DES and overcomes several security concerns with CBC-MAC.

Signing of code
When code developers digitally sign executables and scripts, the user installing the code may be certain that it was written by the verified author. A cryptographic hash is used to sign the code, ensuring that it has not been tampered with or damaged. Code signing is often used for security in Java applets, ActiveX controls, and other active web and browser scripts.

The signature is usually confirmed by a third party, such as VeriSign, as shown below:



Figure: Code Signing

Generation of pseudo-random numbers
A pseudo-random number generator (PRNG) employs an algorithm to create a series of integers that approximates the qualities of random numbers. Because it is formed from a very narrow number of beginning values, the sequence is not random. Security experts should be able to see problems that might be remedied with a PRNG. A pseudo-random number should be created by Java at invocation if a business wants a system that generates a sequence of numbers with no clear mathematical progression for a Java-based, customer-facing website.

Perfect upfront secrecy
PFS guarantees that a session key obtained from a collection of long-term keys cannot be compromised in the future if one of the long-term keys is compromised. The key cannot be used to generate any further keys. If the key was created with the help of another keying material, that keying material must not be utilized to create any further keys. Only the data protected by that single key may be accessed if a single key is compromised. PFS needs two requirements to function properly, which are as follows:
- Keys are never used again.
- No previously used keys are utilized to generate new keys.

Understanding when to use PFS is critical for any business. If a security audit reveals that certain encryption keys used to safeguard financial transactions with an organization’s partners are too weak, the security administrator should use PFS across all VPN tunnels to guarantee that financial transactions are not jeopardized. PFS is most often associated with VPNs; however, it may also be found in web browsers, services, and apps.

Encryption of data in transit
When data is transported through a network or the Internet, it is safeguarded by transport encryption. Sniffing attacks on networks may be protected via transport encryption. In addition to securing data at rest, security experts should guarantee that data is safeguarded in transit. Consider a company that uses token and biometric authentication for all users, as well as secure administrator accounts, transaction logging, full-disk encryption, server virtualization, port security, and firewalls with ACLs, an NIPS, and secured access points. There is no security for data in transit with any of these options. To secure data in this context, transport encryption would be required. Secure communication protocols such as SSL/TLS, HTTP/HTTPS/SHTTP, SET, SSH, and IPsec should be utilized to enable this encryption.

SSL/TLS
Secure Sockets Layer (SSL) is an encryption, server, and client authentication, and message integrity protocol. It communicates with the application and transport layers, but it does not act inside them. Netscape created SSL in order to send confidential documents over the Internet. SSL uses 40-bit encryption (SSL 2.0) or 128-bit encryption (SSL 3.0), although the 40-bit version is vulnerable to attacks due to its small key size. SSL enables a program to communicate across a network in an encrypted and authorized manner.
SSL 3.0 is the foundation for Transport Layer Security (TLS) 1.0, however, it is more adaptable. TLS’s fundamental objective is to provide data integrity and privacy between two interacting apps.

When the data has to be encrypted while being transferred (in transit) through the media from one system to another, SSL and TLS are the most widely utilized protocols, as shown below:



Figure: Secure Socket Layer/Transport Layer Security (SSL/TLS)

HTTP/HTTPS/SHTTP
The Hypertext Transfer Protocol (HTTP) is a web protocol for sending website data from a web server to a web client. Because HTTP is a stateless protocol, a new connection is made with each new URL typed into the web browser, whether from the original user entry or by clicking a link on the page shown. HTTP Secure (HTTPS) is an HTTP implementation that uses the SSL/TLS protocol to create a secure connection using the server’s digital certificate. SSL/TLS uses a secure channel to keep the session open. The https:// prefix is always included at the beginning of HTTPS webpages. Secure HTTP (SHTTP), despite its similarity in name, safeguards HTTP transmission in a different way. Only a single communication message is encrypted using SHTTP, not the whole session (or conversation). SHTTP is less popular than HTTPS.

3-D secure and SET
Visa and MasterCard suggested Safeguard Electronic Transaction (SET) to secure credit card transaction information over the Internet. It used asymmetric keys and X.509 certificates. It sent encrypted credit card information through a user’s computer’s electronic wallet. SET, on the other hand, would have needed complete cooperation from financial institutions, credit card users, wholesale and retail enterprises, and payment gateways in order to be completely implemented. It was never completely accepted. Instead of SET, Visa now pushes the 3-D secure standard. 3-D Secure is an XML-based technology that adds an extra layer of protection to credit and debit card transactions made online. Customers may get it under the label Verified by Visa. MasterCard’s implementation of 3-D Secure is known as Secure Code.

IPsec
Internet Protocol Security (IPsec) is a set of protocols that creates a secure connection between two devices. VPNs often use IPsec as a security protocol. IPsec protects against traffic analysis by deciding on the methods to employ and implementing any cryptographic keys needed for IPsec. Authentication Header (AH), Encapsulating Security Payload (ESP), and Security Associations (SAs) are all part of IPsec. Authentication and integrity are provided by AH, while authentication, integrity, and encryption are provided by ESP (confidentiality). An SA is a configuration record for a device that needs to participate in IPsec communication. A Security Parameter Index (SPI) is a form of database that keeps track of the multiple SAs in use and guarantees that a device communicates with another device using the correct SA.

The figure below shows that each device has its own SPI:


Figure: IPSec for Remote Console Management

IPsec may operate in one of the two modes – transport or tunnel.

Only the message content is protected in the transport mode, but the payload, route, and header information are all protected in the tunnel mode. Both of these modes may be utilized for IPsec communication between gateways and hosts. Which hashing or encryption algorithm is employed is not determined by IPsec.

The key exchange technique most widely used by IPsec is Internet Key Exchange (IKE), which is a mix of OAKLEY and Internet Security Association and Key Management Protocol (ISAKMP). OAKLEY is a Diffie-Hellman-based key establishment mechanism that was replaced by IKE. The ISAKMP was created to create and manage SAs. Authentication and key exchange are provided via IKE with IPsec. Pre-shared keys, certificates, and public-key authentication are among the authentication methods used by IKE with IPsec.

A PKI is required for the most secure implementations of pre-shared keys. However, if a pre-shared key is based on basic passwords, a PKI is not required.

Data-in-memory/processing
In-memory processing is a method of processing data sets in which all data is handled in memory rather than on the hard disk. It expects that all data will be accessible in memory, rather than simply the most recently utilized data, as is typical with RAM or cache memory. As a consequence, company reporting and decision-making are expedited. Encrypting the data in RAM is required to secure this.

The Data-Protection API (DPAPI) is a Windows feature that allows you to encrypt data using the user’s login credentials. One of the most important considerations is where to keep the key since it is usually not a good idea to keep it in the same place as the data.

Software Guard Extensions (SGX), which comes as standard with Skylake and subsequent Intel processors, enables you to load a program into your processor, validate its status (remotely), and safeguard its execution. Everything that leaves the processor (that is, everything that is offloaded to RAM) is immediately encrypted by the CPU, ensuring security.

Encryption of data at rest
Data at rest refers to information that is physically stored in any digital format but is not in use. Databases, data warehouses, files, archives, tapes, offsite backups, mobile devices, and any other storage media may be used to store this information. Data encryption techniques are often used to secure data at rest.

When converting plaintext to cipher text, computer algorithms apply sophisticated mathematical formulas to convert plaintext to cipher text. The key and the algorithm are the two most important parts of any encryption system. The two communicating parties utilize the same key in various encryption methods. Other encryption schemes include the use of distinct keys by the two communication parties, but the keys are connected. Symmetric algorithms, asymmetric algorithms, and hybrid ciphers are some of the encryption methods you’ll need to know about.

Symmetric algorithms
Symmetric algorithms rely on a private, or secret key that must be kept confidential between the two parties. A private key is required for each party pair. As a result, each user with whom they talk would need a separate secret key.

Consider a scenario in which there are ten distinct users. To calculate the number of keys that would be needed in this example, you would use the following formula: # of users’ × (# of users – 1) / 2
In this example, you would calculate 10 × (10 – 1) / 2, or 45 needed keys.

In this case, you’d need to compute 10 (10 – 1) / 2, or 45 keys. The encryption key must be kept safe when using symmetric algorithms. The users must discover a safe out-of-band way for conveying the secret key, such as courier or direct physical contact, in order to get it. A session key is a sort of symmetric key that encrypts communications sent between two users during a communication session. Single-key, secret-key, private-key, and shared-key cryptography are all terms used to describe symmetric algorithms. Confidentiality is provided by symmetric systems, but not authentication or nonrepudiation. It’s hard to tell where a message came from if both users utilize the same key. DES, AES, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6, and CAST are symmetric algorithms. Digital Encryption Standard (DES) and Triple DES (3DES) are two types of encryption.

The Digital Encryption Standard (DES) employs a 64-bit key, with 8 bits dedicated to parity. As a result, DES’s effective key length is 56 bits. A message is divided into 64-bit chunks using DES. Each block goes through sixteen rounds of transposition and substitution, resulting in a 64-bit cipher text block. 3DES and AES have largely replaced DES. In addition to the 56-bit DES key, DES-X is a version of DES that employs multiple 64-bit keys. The plaintext is XORed with the first 64-bit key, which is then encrypted using DES. The cipher is XORed with the second 64-bit key. Double-DES, a DES variant with a key length of 112 bits, is no longer in use. A security attack happened after it was published, reducing Double-DES security to the same level as DES. 3DES, a variation of DES that uses three 56-bit keys to boost security, was created in response to the requirement to swiftly replace DES. Although 3DES is more resistant to assaults than DES, it is three times slower. 3DES was used as a stand-in for DES for a short time. Despite the fact that 3DES is still in use today, the NIST has chosen AES as the successor for DES.

Advanced encryption standard (AES)
Advanced Encryption Standard (AES) is the successor to the DES algorithm. The Rijndael algorithm is employed in the AES standard, despite the fact that AES is regarded as the standard. AES and Rijndael are frequently used interchangeably. The Rijndael algorithm uses three different block sizes – 128, 192, and 256 bits. Ten transformation rounds are performed on a 128-bit key with 128-bit block size.

Twelve transformation rounds are performed on a 192-bit key with a 192-bit block size. Finally, 14 transformation rounds are performed on a 256-bit key with 256-bit block size. Rijndael uses three levels of transformations – the nonlinear 737 layer, the key addition layer, and the linear-maxing layer. Rijndael architecture is basic, and its code is small, allowing it to run on a number of systems. It’s the U.S. government’s mandated algorithm for sensitive but unclassified material.

IDEA
The International Data Encryption Algorithm (IDEA) is a 64-bit block cipher. Each 64-bit block is broken down into 16 smaller ones. IDEA executes eight rounds of transformations on each of the 16 smaller blocks using a 128-bit key. IDEA is both quicker and more difficult to crack than DES. IDEA has been trademarked and licensed by Ascom, a Swiss corporation, although this algorithm is not as commonly utilized as DES or AES as the patent expired in 2012. However, PGP makes use of IDEA.

Twofish
Twofish is a Blowfish variant that employs 128-bit data blocks and keys of 128-, 192-, and 256-bit lengths. It has a total of 16 transformation rounds. Twofish, like Blowfish, is not a patented product.

RC4/RC5/RC6
Ron Rivest has designed a total of six RC algorithms. RC1 was never released, RC2 was a 64-bit block cipher, and RC3 was cracked prior to its release. RC4, RC5, and RC6 are the primary RC implementations that a security expert should be familiar with. One of the most widely used stream ciphers is RC4, sometimes known as ARC4. SSL and WEP both utilize it. RC4 has a configurable key size of 40 to 2,048 bits and can perform up to 256 transformation rounds.
RC5 is a block cipher with a key size of up to 2,048 bits and 255 transformation rounds. The following block sizes are supported – 32, 64, and 128 bits. Because of the many variables in RC5, the industry frequently refers to it as RC5-w/r/b, where w stands for block size, r for rounds, and b for the number of 8-bit bytes in the key. RC5-64/16/16, for example, implies a 64-bit word (or 128-bit data blocks), 16 transformation rounds, and a 16-byte (128-bit) key.
RC6 is a block cipher that employs the same key size, rounds, and block size as RC5. RC6 was initially intended to be an AES solution, but it was defeated by Rijndael in a competition. Asymmetric algorithms RC6 is quicker than RC5.
Asymmetric algorithms, often known as dual-key or public-key cryptography, use both a public and a private, or secret, key. Everyone has access to the public key, whereas only the owner has access to the private key. The message is encrypted using one of these keys and decrypted with the other. Even if the public key is known, finding a user’s private key in asymmetric cryptography is almost hard, despite the fact that both keys are mathematically connected. The system, on the other hand, maybe hacked if a user’s private key is found. Confidentiality, integrity, authentication, and non-repudiation are all provided by asymmetric systems. It is feasible to determine where the communication originated since both users have one unique key that is part of the procedure. If an organization’s main priority is secrecy, a message should be encrypted using the receiver’s public key, which is known as a secure message format. If an organization’s main concern is authentication, a message should be encrypted using the sender’s private key, which is known as the open message format. When utilizing the open message format, anybody with the public key may decode the message. Diffie-Hellman, RSA, El Gamal, ECC, Knapsack, and Zero Knowledge Proof are examples of asymmetric algorithms.

Diffie-Hellman
The key agreement procedure is overseen by Diffie-Hellman, and it operates as follows:
- John and Sally decide to use Diffie-Hellman to converse via an encrypted channel.
- John creates a private and public key, while Sally creates a private and public key.
- John and Sally give each other their public keys.
- A program on John’s computer uses the Diffie-Hellman algorithm to combine John’s private key and Sally’s public key, and a program on Sally’s computer uses the Diffie-Hellman method to combine Sally’s private key and John’s public key.
- Using the asymmetric key agreement procedure, the same shared value is established for John and Sally, which in turn produces the identical symmetric key on each machine.

Diffie-Hellman enables safe key distribution but not secrecy, authentication, or non-repudiation with this method. Discrete logarithms are the subject of this algorithm. Unless an organization uses digital signatures or digital certificates for authentication at the start of the Diffie-Hellman process, Diffie-Hellman is vulnerable to man-in-the-middle attacks.

RSA
Ron Rivest, Adi Shamir, and Leonard Adleman created the most common asymmetric algorithm, RSA. Key exchange, encryption, and digital signatures are all possible with RSA. The difficulty of identifying prime factors of extremely big integers is the strength of the RSA method. RSA conducts one cycle of transformation with a key ranging from 1,024 to 4,096 bits. The algorithms for RSA-768 and RSA-704 have been factored in. If the prime numbers utilized by an RSA implementation factorize, the implementation is deemed breakable and should be avoided. The biggest RSA number is RSA-2048, which has a monetary reward of US$200,000 for successful factorization.
RSA encodes a DES or AES symmetric key for safe distribution as a key exchange mechanism. To offer encryption/decryption and digital signature verification/generation, RSA employs a one-way function. Encryption and digital signature verification are performed using the public key and the one-way function. Decryption and signature creation are performed using the private key and the one-way function. The one-way function is a trapdoor in RSA. The one-way function is known by the private key. The initial prime numbers may be determined using the private key. Finally, the private key understands how to decode the encrypted message using the one-way function. Number Field Sieve (NFS), a factoring technique, may be used to attack RSA.

El Gamal
El Gamal is a Diffie-Hellman algorithm-based asymmetric key algorithm. El Gamal, like Diffie-Hellman, works with discrete logarithms. El Gamal, on the other hand, can offer a key exchange, encryption, and digital signatures, while Diffie-Hellman can only be used for key agreement. Any key size may be utilized with El Gamal. A bigger key size, on the other hand, has a detrimental impact on performance. Because El Gamal is the slowest asymmetric method, it’s best to utilize a key size of at least 1,024 bits.

ECC
Secure key distribution, encryption, and digital signatures are all possible using elliptic curve cryptography (ECC). The size of the elliptic curve determines the problem’s complexity. Despite the fact that ECC may utilize any key size, it can employ a lot smaller key than RSA or any other asymmetric method while still providing equal security. As a result, ECC’s principal advantage is a lower-key size, which means less storage and transmission is required. ECC keys are more efficient and secure than RSA keys of the same size.

Encryption at the disk level
Disk-level encryption encrypts a whole volume or disk, with the same key used for the entire disk or, in certain situations, a distinct key used for each partition or volume. A Trusted Platform Module (TPM) chip may also be used. Password protection, digital rights management (DRM), and complete disk encryption are all provided by this chip, which is installed on the system’s motherboard. It safeguards the keys used to encrypt the hard drives of the computer and offers integrity authentication for a secure boot route. This may help avoid data loss if the computer or hard drive is stolen. Because the TPM chip’s key is necessary to access the hard drive, removing it makes decryption of the data on it difficult. Full disk encryption is an excellent way to prevent sensitive data from being stolen from laptops or other mobile devices.

When considering disk encryption, keep the following qualities in mind:
- It encrypts a whole volume or disk.
- It employs a single encryption key per drive.
- It delays the boot and login process.
- It offers no encryption for data in transit.

Encryption at the block level
Block-level encryption is often used interchangeably with disk-level encryption, although it may also refer to the encryption of a disk partition or a file functioning as a virtual partition. When discussing different forms of encryption techniques, this phrase is also employed. In contrast to a stream cipher, which encrypts one bit at a time, a block cipher encrypts blocks of data at a time. File-level encryption is exactly what it sounds like – it encrypts files at the file level. Each file is encrypted and decrypted separately, and each file owner has a key.

Encryption at the record level
At the record level, storage encryption is also possible. In this situation, the option of which data to encrypt may be made, which has a substantial impact on both performance and security. Because a single key does not decode the whole disk or volume, this sort of encryption provides for greater granularity in who has the keys. Records should be encrypted in high-security contexts, such as those that store credit card information.

The following entry in a database, for example, should trigger a red alert:

UserID
Address
Credit Card
Password
BillGates01
4, Microsoft Road, Seattle
51XX-XXX-XXXX-9007
Pass007
BillGates02
12 Microsoft Road, Seattle
12XX-XXX-XXXX-2547
13APR1960

Are you able to identify the issue? That’s correct! The passwords are saved in plain text format. When contemplating the use of file and record encryption, keep the following criteria in mind:
- It does not encrypt data while it is in transit.
- It only encrypts one file.
- It only utilizes one key per file, which slows down file opening.
- Encryption at the port level.

A network protocol analyzer may encrypt network data on selected ports to avoid network eavesdropping. Network encryption takes place at the protocol’s network layer. Only while in transit is the network data encrypted. Network encryption is no longer in effect after the data has been received. When employing this encryption, you must consider the influence on performance.

Steganography
When a message is buried within another item, such as a photograph or document, it is known as steganography. It is critical in steganography that only those who are anticipating the message are aware that it exists. One approach to steganography is to use a concealing cipher. Digital watermarking is another kind of steganography. Digital watermarking is the process of embedding a logo or brand in papers, images, or other things. The watermarks serve as a deterrent to unlawful use of the content. Changing the least significant bit for each pixel in an image is the most popular method. Pixels are modified in this example in such a modest amount that the human eye cannot notice them.

Implementations
Cryptography is used by businesses in a variety of ways, depending on the demands of the company. Crypto modules, crypto processors, cryptographic service providers, DRM, watermarking, GPG, SSL/TLS, SSH, and S/MIME are just a few of the implementations that security professionals should be aware of.

Modules for cryptography
The phrase “crypto module” refers to the hardware, software, and/or firmware that implements cryptographic logic or operations. These courses may be evaluated and rated by a variety of organizations. The National Institute of Standards and Technology (NIST) uses the Federal Information Processing Standard (FIPS) Publication 140-2. The FIPS 140-2 standard specifies four degrees of security for such a module. The following is what FIPS 140-2 states regarding crypto modules:
- Levels 1 and 2 of security: The physical port(s) and logical interface(s) used for the input and output of plaintext cryptographic keys, cryptographic key components, authentication data, and CSPs in security levels 1 and 2 may be physically and logically shared with other cryptographic module ports and interfaces.
- Security levels 3 and 4: In security levels 3 and 4, the physical port(s) used for the input and output of plaintext cryptographic key components, authentication data, and CSPs must be physically separated from all other ports of the cryptographic module, or the logical interfaces used for the input and output of plaintext cryptographic key components, authentication data, and CSPs must be logically separated from all other interfaces using a trusted path, and plaintext cryptographic key components, authentication data, and C (for example, via a trusted path or directly attached cable).

Processors for cryptography
Encryption is the only purpose of crypto processors. To avoid tampering, they usually feature a number of physical safeguards. This principle has been implemented in a variety of ways. A processor on a smart card is an example of this. The processor receives encrypted program instructions and decrypts them to plain instructions, which are subsequently performed on the same chip where the decrypted instructions are kept inaccessibly.
The Trusted Platform Module (TPM) on an endpoint device, which contains the RSA encryption keys unique to the host system for hardware authentication, is another example. The processors included in hardware security modules (HSMs) are the final example.

Providers of cryptographic services
A cryptographic service provider (CSP) is a software library that runs on Windows and implements the Microsoft CryptoAPI (CAPI). CSPs are cryptographic service modules that may be utilized by a variety of applications. CSPs are implemented as a sort of DLL with specific loading, and they use constraints. Microsoft must digitally sign all CSPs, and Windows must verify the signature when the CSP is loaded. After the CSP is loaded, Windows will check it on a regular basis for tampering, which might be caused by malicious software such as computer viruses or by the user attempting to get beyond limits (such as cryptographic key length) included into the CSP’s code.

DRM
Hardware manufacturers, publishers, copyright holders, and individuals utilize digital rights management (DRM) to govern the usage of digital material. This often includes gadget controls. Copying is controlled by first-generation DRM software. Executing, viewing, copying, printing, and changing works or devices are all controlled by second-generation DRM. The Digital Millennium Copyright Act (DMCA) of 1998 in the United States imposes criminal penalties on anyone who makes technology accessible with the main goal of circumventing content protection systems. DRM comprises encryption and restrictive licensing agreements.

Computer games and other software, documents, eBooks, films, music, and television are all protected by DRM. The DRM control of documents utilizing open, edit, print, or copy access limitations that are given on a permanent or temporary basis is the key focus in most corporate installations. Solutions that store protected data in a centralized or decentralized format may be employed. In the DRM implementation, encryption is utilized to safeguard data both at rest and in transit.

Watermarking
In steganography, digital watermarking is a technique. The process of embedding a logo or trademark in papers, images, or other things is known as digital watermarking. The watermark serves as a deterrent to unlawful use of the contents. GNU Privacy Guard is a free software program that protects your privacy. Pretty Good Privacy is closely connected to GNU Privacy Guard. Both of these systems were created to safeguard electronic communications.

PGP encrypts email over the Internet and employs various encryption methods depending on the organization’s requirements. Based on the encryption techniques employed, PGP may guarantee secrecy, integrity, and authenticity. RSA key management is provided by PGP. The keys are managed by PGP via a web of trust. Instead of depending on a CA, people construct this network of trust by exchanging public keys. The public keys of all users are saved in a key ring file on each user’s computer. Each user is given a degree of trust inside that file. Users on the Internet vouch for one another. User 1 may refer the other two users to each other if user 1 and user 2 have a trust connection and user 1 and user 3 have a trust relationship. Users may determine the amount of trust they want to attach to a user at the start, but they can adjust it later if circumstances change. However, if a user’s private key is compromised in the PGP system, the user must contact everyone with whom they have shared their key to have it deleted from the key ring file.
Using IDEA, PGP delivers data encryption for secrecy. Other encryption techniques, on the other hand, maybe utilized. Data integrity is ensured by combining PGP and MD5. Authentication is provided using public certificates with PGP. GPG is a rewrite or update of PGP that employs AES encryption. Because the intention was to make it fully free, it does not employ the IDEA encryption algorithm. The OpenPGP Alliance keeps track of all algorithm data and makes it available to the public.

Because AES is less expensive than IDEA and is regarded as more secure, GPG is a better alternative than PGP. GPG is also royalty-free since it isn’t patented.
Although the core GPG software has a command-line interface, several vendors, such as KDE and Gnome for Linux and Aqua for macOS, have built front ends that give GPG a graphical user interface. GPG for Windows, Gnu Privacy Assistant, and GPG plug-ins for Windows Explorer and Outlook are all included in the Gpg4win software bundle.

Shell Security (SSH)
Secure Shell (SSH) is a program and protocol for remotely connecting to another computer over a secure tunnel. All communication between the two computers is encrypted across the secure channel when a session key is exchanged and the secure channel is created. SSH is a method of gaining remote access to equipment such as switches, routers, and servers. SSH is preferable over Telnet because Telnet’s communication is not secure.

S/MIME
Multipurpose Internet Mail Extensions (MIME) is an Internet standard that enables non-text attachments, non-ASCII character sets, multiple-part message bodies, and non-ASCII header information to be sent over email. In today’s world, a bulk of email is sent over SMTP in the MIME format. An email client may send an attachment with a header that describes the file type using MIME. This header, together with the file extension given in it, is used by the receiving system to identify the attachment type and open the associated program. When the user double-clicks the attachment, the computer will immediately run the necessary program. If no program is linked with that file type, the user may utilize the Open With option to choose an application, or a website may provide the required application.

MIME can encrypt and digitally sign email messages and attachments using Secure MIME (S/MIME). It follows the Public Key Cryptography Standards (PKCS), which are a set of public key cryptography standards created by the RSA algorithm’s creators.

S/MIME provides secrecy via encryption, integrity through hashing, authentication through public key certificates, and non-repudiation through message digests.

Implementations of cryptographic applications
For a business, cryptographic applications serve a variety of purposes. It is typically preferable to use encryption that is built into an operating system or program. This enables cryptography to be deployed invisibly, with little or no user involvement. When using the cryptographic features of any operating system or program, be sure you read and understand all vendor documentation. It’s also crucial to maintain your operating system or application up to date with the most recent service packs, security patches, and hot fixes. Any cryptographic application that is implemented incorrectly might cause security difficulties for your company. This is particularly true in apps that deal with money or e-commerce. Designing your own cryptography algorithms, employing obsolete cryptographic approaches, or just partly applying standards are all things to avoid.

Strength vs. performance vs. implementability vs. interoperability
While applying cryptographic methods may help your business become more secure, it is not a panacea for all challenges. Security specialists must be familiar with the data’s confidentiality and integrity challenges. From key exchange through implementation to retirement, each algorithm used on a business must be correctly carried out. When implementing any algorithm, four factors must be considered – strength, performance, implementation practicality, and interoperability.

Strength
The size of the key used in an algorithm is frequently used to assess its strength. The algorithm’s encryption is stronger when the key is longer. However, although utilizing longer keys might improve the algorithm’s strength, it generally leads to poorer performance.

Performance
The key length and algorithm employed determine the method’s performance. Symmetric algorithms are quicker than asymmetric algorithms, as previously stated.

Implementation possibilities
Proper planning and design of algorithm implementation guarantee that an algorithm can be executed for security professionals and the businesses they defend.

Interoperability
An algorithm’s interoperability refers to its ability to work inside a company. Before trying to incorporate algorithms into their company, security professionals should investigate any known limits.

Block vs. stream
If you want to adopt cryptography in your company, you need to think about the consequences. The parts that follow go over stream ciphers and block ciphers in more depth.

Ciphers in the stream
Stream-based ciphers employ keystream generators to execute encryption on a bit-by-bit basis. The plaintext bits are XORed with a bit stream generated by a keystream generator. The Ciphertext is the outcome of this XOR operation. Stream ciphers are used to encrypt video and audio streams. Synchronous stream-based encryption is based only on the key, while an asynchronous stream cipher is based on both the key and the plaintext. The key guarantees that the plaintext is XORed with a random bit stream.
Stream-based ciphers provide the following advantages:
- They are more often employed in hardware implementations since encryption happens on each bit.
- They utilize the same key for encryption and decryption.
- They are typically less expensive to build than block ciphers because they just require confusion rather than diffusion.

Cipher blocks
Block ciphers encrypt messages by dividing them into fixed-length chunks called blocks. A 1,024-bit message might be broken down into 16 blocks of 64 bits each. The algorithm formulae process each of the 16 blocks, resulting in a single block of encrypted text. The data will be padded if it is less than a full block. IDEA, Blowfish, RC5, and RC6 are examples of block ciphers.
 

The following are some of the benefits of block ciphers:
- Block cipher implementation is simpler than stream-based cipher implementation.
- Block ciphers are less vulnerable to security flaws in general.
- They’re more commonly used in software implementations.
- Block ciphers utilize both confusion and diffusion, as well as a variety of modes such as ECB, CBC, CFB, and CTR.

Modes are used in the implementations of DES and 3DES.
- DES Modes: DES is available in the following five different modes:
- Electronic Code Book (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB)
- Counter mode (CTR)
- 3DES Modes: 3DES is available in the following four different modes:
- 3DES-EEE3: Each block of data is encrypted three times with distinct keys each time.
- 3DES-EDE3: The first key encrypts the data, the second key decrypts it, and the third key encrypts it again.
- 3DES-EEE2: Each block of data is encrypted with the first key, then with the second key, and then with the first key again.
- 3DES-EDE2: Each data block is encrypted with the first key, decrypted with the second key, and then encrypted with the first key again.

Flaws/weaknesses that have been identified
When it comes to cryptographic algorithms, security experts must be aware of their shortcomings or weaknesses. The pros and limitations of symmetric and asymmetric algorithms are initially discussed in this section. Then we go through some of the attacks that may be made against cryptographic algorithms, as well as which algorithms are vulnerable to them. Keep in mind, however, that cryptanalysis evolves on a daily basis. Even the most advanced encryption algorithms have been cracked in the past. As a result, security experts should guarantee that their company’s algorithms are maintained up to date and retired after a breach has happened.

PKI
While the fundamentals of a PKI have been covered, an organization should also consider advanced PKI concepts such as wildcard, OCSP vs CRL, entity issuance, and key escrow.

Wildcard
A wildcard certificate is a public key certificate that can be used with a domain’s multiple subdomains. The following are some of the benefits of using a wildcard certificate:
- A wildcard certificate can secure an unlimited number of subdomains.
- While wildcard certificates are more expensive than single certificates, they are often less expensive than purchasing individual certificates for each subdomain. In certain circumstances, an unlimited server license is available, allowing you to acquire only one wildcard certificate and use it on as many web servers as you need.
- Managing, deploying, and renewing a wildcard certificate is substantially simpler than managing, deploying, and renewing individual certificates for each subdomain.

However, there are several significant drawbacks to utilizing wildcard certificates, which are as follows:
- Some common mobile device operating systems do not understand the wildcard character (*) and, hence, cannot utilize a wildcard certificate.
- If one server in one subdomain is hacked, all servers in all subdomains that used the same wildcard certificate are affected.

Enterprises may have problems with wildcard certificates.

If an administrator revokes an SSL certificate for a web server after a security breach, and the certificate is a wildcard certificate, all other servers using that certificate will begin to generate certificate problems.

Let’s look at a wildcard certificate deployment situation: A security auditor detects that the SSL certificate was granted to *.fatskills.com, indicating that a wildcard certificate was utilized, after connecting to a secure payment server at https://payment.fatskills.com. The auditor also finds that a large number of internal development servers use the same certificate. If the USB flash drive containing the SSL certificate is subsequently found to be missing, all of the servers on which this wildcard certificate was installed will need new certificates. In this case, security specialists should install a fresh certificate on the most vulnerable server, which is most likely the payment.fatskills.com server.

Applications
When a digital certificate is required by an application, suppliers employ the PKI standard to exchange keys through certificates. Before letting the certificate be used by the application, the browser utilizes the relevant keys and validates the trust pathways and revocation status.
Key escrow is the procedure of keeping keys with a third party in order to assure that they can be decrypted. During investigations, this is most often employed to gather evidence. The process by which the administrator archives a key in a secure location is known as key recovery.

Certificate
The X.509 standard is met by an X.509 certificate. The following fields are included in an X.509 certificate:
- Subject
- Subject Public Key Info
- Public Key Algorithm
- Subject Public Key
- Issuer Unique Identifier
- Subject Unique Identifier
- Extensions
- Version
- Serial Number
- Algorithm ID
- Issuer
- Validity

The following digital certificate classes were initially offered by VeriSign:
- Class 1: Intended for people and sent through email. Web browsers keep track of these certificates. There is no need to provide any true confirmation of identification.
- Class 2: For businesses that are required to produce confirmation of identification.
- Class 3: For servers and software signing, the issuing CA performs independent verification, identification, and authority checks.
- Class 4: For company-to-company Internet commercial transactions.
- Class 5: For the protection of commercial companies or government agencies.

Tokens
Tokens are small pieces of hardware that contain digital certificates and private keys. USB devices and smart cards are examples of implementations.

The figure below shows an example of a USB token.


Figure: USB Token

pinning USB tokens
HTTPS websites can be impersonated by attackers using miss-issued or otherwise fraudulent certificates, thanks to public key pinning, which is delivered via an HTTP header. It sends the client (browser) a set of public keys, which should be the only ones trusted for connections to this domain.

Cryptocurrency/blockchain
Cryptography is also used in the implementation of cryptocurrencies, such as bitcoin. A mechanism known as blockchain is used by cryptocurrencies. A blockchain is a growing collection of documents, known as blocks that are connected and safeguarded using encryption. The majority of blockchain is administered via a peer-to-peer network that follows a protocol for verifying new blocks.
Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. Blockchain is essentially a digital ledger of transactions that is duplicated and distributed across the entire network of computer systems on the blockchain.

Each block in the chain contains a number of transactions, and every time a new transaction occurs on the blockchain, a record of that transaction is added to every participant’s ledger. The decentralized database managed by multiple participants is known as Distributed Ledger Technology (DLT).

The figure below shows the blockchain process:


Figure: Blockchain methodology

Conclusion
In this guide, we discussed techniques for key stretching, hashing, digital signatures, message authentication, including code signing and pseudo-random number generation. Related topics such as perfect forward secrecy, data-in-transit encryption, data-in-memory/processing, data-at-rest encryption, and steganography were also covered in this guide. Cryptographic modules, processors, service providers, DRM, watermarking, GPG, SSL/TLS, SSH, S/MIME, cryptographic applications and proper/improper implementations, stream versus block, PKI, cryptocurrency/blockchain, mobile device encryption considerations, and elliptic curve cryptography were also discussed briefly.