Cryptographic algorithms can be categorized into three classes:
* Hash functions,
* Symmetric and
* Asymmetric algorithms
. Security Services
A lot of security services such as
confidentiality, integrity, authentication, and non-repudiation can be provided by
using cryptographic algorithms.
1.1 Confidentiality
* Confidentiality serves the purpose that information is not revealed to
unauthorized entities
* Confidentiality is accomplished by transforming the understandable
information toa state that is unintelligible except by authorized entities. This
transformation mechanism is called encryption.
* Decryption of unintelligible data is performed to restore it to its original state.
Both symmetric and asymmetric algorithms can provide encryption.
* Confidentiality is not only important for data at rest but also for the network
communication data.
1.2 Data Integrity
«Integrity is a mechanism that assures that the data has not been altered in an
unapproved way.
+ The integrity of data is maintained at the creation, transmission and storage
phases. Alteration of data includes insertion, deletion and substitution breaches.
* Digital signatures and message authentication codes (MAC) are the
cryptographic mechanisms which can be used to notice both intentional &
accidental alterations.
1.3 Authentication
There are 2 types of authentication services which can be achieved using
cryptography i.e. Source and Integrity authentication.
1. Source authentication assures identity of the entity that originally
generated/crafted the information.
2. Integrity authentication validates that data has not been modified and the
integrity of data is protected.1.4 Non-Repudiation
Non-repudiation is the guarantee that no one can deny a transaction.
The terminology of non-repuciation is frequently used for digital signatures and
email messages.
When a data hashing algorithm is combined with public/private keys, data
origination authentication can be achieved.
The well-known technique of data origin authentication is using digital
certificates.
2. Importance of Guidance on Cryptographic Algorithms
The proper approach to incorporate security services for applications and
protocols dealing with data security is the use of cryptographic methods.
A lot of public/open source and proprietary algorithms are available. Users and
developers are presented with many new choices in their use of cryptographic
mechanisms.
Adoptions of obsolete or less known/indigenous algorithms may result in a
security breach of data and information. Public and NIST approved algorithms
have undergone rigorous security testing and cryptanalysis prior to their
approval, to assure that the algorithms provide satisfactory security.
The document “NIST Special Publication 800-57 Part 1 Revision 4” provides
background information and establishes frameworks to support appropriate
decisions when selecting and using cryptographic mechanisms.
3. Importance of Keys in an Algorithm
Keys in the field of eryptography are analogous to the pattern/PIN/password or
physical key applied to a security locker.
Appropriate management of cryptographic keys is essential for the operative
use of cryptography. If an attacker is able to find out the combination of
security locker, whatever state-of-the-art and however strong technology, the
locker will fail.
A security locker is analogous to an encryption algorithm. If the keys are not
managed properly, encryption algorithms will be compromised.
The Ist and last phases in the life of a key are generation and destruction
respectively.
The other phases in the life of a key are securing storage, distribution,
modification, renewal, backup/archival, revocation/suspension etc.
Keys require protection in all phases of life. The protection may include
compromise, modification and unauthorized disclosure.
NIST publishes Federal Information Processing Standards (FIPS) and NIST
Recommendations that stipulate cryptographic procedures for protecting
unclassified and sensitive information4. Classes of Cryptographic Algorithms
Cryptographic algorithms can be categorized into three classes. This categorization is
defined on basis of the number of eryptographic keys that are required for the
algorithm.
1. Hash Functions
2. Symmetric-Key Algorithms
3. Asymmetric-Key Algorithms
4.1 Hash Functions
Hash functions are the building blocks for modern cryptography. A hash function is a
cryptographic algorithm which is uscd to transform large random size data to small
fixed size data. The data output of the hash algorithm is called hash value or digest.
The basic operation of hash functions does not need any key and operate in a one-way
manner. The one-way operation means that it is impossible to compute the input from
a particular output. The basic uses of hash functions are:
Generation and verification of digital signatures
Checksum/Message integrity checks
Source integrity services via MAC
Derivation of sub-keys in key-establishment protocols & algorithms
Generation of pseudorandom numbers
vaeNo
4.2 Symmetric-key algorithms
Symmetric-key algorithms also referred as secret-key algorithms use a single
cryptographic key for encryption and decryption purposes. They convert data in a way
that is problematic for an opponent to decrypt the data without the key. Symmetric
keys are securely generated and distributed to the sender and receiver and are
unknown to any other entity. Butifa symmetric-key algorithm is being used by more
than one receiver then the key has to be shared with all entities. If the key is
compromised from one entity, communication ofall the entities will be compromised.
Symmetric Algorithms are further divided into Block & Stream algorithms. A block
algorithm breaks the input into fixed-size blocks and then progresses the crypto
operations. Stream algorithms perform “bit-by-bit” crypto operations. Primary
purposes of symmetric key algorithms are:
1. Confidentiality is achieved as encryption and decryption is performed using single
key.
2. Integrity and source authentication is achieved by using Message Authentication
Codes because the MAC is generated and validated by the same key.
3. Generation of pseudorandom random numbers4.3 Asymmetric-key algorithms
Asymmetric-key algorithms are commonly referred to as “public-key algorithms”.
They use two mathematically associated keys knows as public and private keys. One
key is used for data encryption, and the other is used for decryption of data. The
combination ofa public and private key is called a key pair. The private key is always
kept secret by the owner. The public key is distributed to the public and everyone can
access it. The private key cannot be deduced from the public key. The public key is
mostly bound to an identity by a Certificate Authority. Asymmetric-key algorithms
are mostly based on mathematical problems like integer factorization and discrete
logarithm problem. Main uses of asymmetric algorithms are:
. Creation of digital signatures
2. To establish/distribute session keys such as in case of TLS protocol
5. Differences between Hash functions, Symmetric, and
Asymmetric algorithms
A tabular chart is listed based on some characteristics of the algorithms.
Feature / Algorithm
Pare 0 1 2
Ponce sci 123 is 2o4s iu
pee SHA AES. RSA.
meee N/A Bigissue Easy& Secure
earth a aa Ee
compromise receiver, Asymmetric key.
ae fas fas Feltvey sow
et iad Medium. Medium High
Pad ‘SHA-224, SHA-256, AES, Blowfish, Serpent, RSA, DSA, ECC,
SHA-384 or SHA-S12_| Twofish, 3DES, and RC4 Diffie-Hellman
6. Combination of Symmetric and Asymmetric algorithms
Due to the above characteristics, symmetric and asymmetric algorithms are sometimes
used in a hybrid approach. Asymmetric ciphers are characteristically used for identity
authentication performed via digital signatures & certificates, for the distribution of
symmetric bulk encryption key, non-repudiation services and for key agreement.
Symmetric ciphers are used for bulk encryption of data due to their fast speed.