Cryptography

learn with kp -Krishnaprasad SV

13-07-2023 CISA, CDPSE, ISMS LA, CSA STAR Auditor
 AGENDA

• Cryptography vs Encryption
• Cryptography and History of Cryptography • States of Digital Data and Cryptography
• Let us do some encoding and decoding • Cryptography Protocols

• Journey Towards modern cryptography • Practical applicability / Integration of Cryptography

• Cryptography Offers… • Encryption in different layers

• Symmetric and Asymmetric Encryption • Bypass Encryption

• Use Cases
TLS & HTTPS, Digital Signature
RSA, VPN, WhatsApp
• New Version – Importance – Referring TLS
• Thank You

learn with kp
 Cryptography vs Encryption

Encryption Key Decryption Key

“Hello” “jknnq” “Hello”

Ciphertext

Encryption Decryption

CRYPTOGRAPHY
Cryptography refers to the technique or practice of securing data and communications.
Encryption is the process through which cryptographers transform secure data into code
learn with kp
 Cryptography and History of Cryptography
Encryption is the method by which information is
converted into secret code
that hides the information's true meaning. The
science of encrypting and decrypting information
is called cryptography. Encryption is a subset of
cryptography.

The word encryption comes from the Greek

word kryptos, meaning hidden or secret. The
use of encryption is nearly as old as the art of
communication itself. As early as 1900 B.C.,
an ancient scribe used nonstandard
hieroglyphs to hide the meaning of an

learn with kp inscription.

 Cryptography and History of Cryptography
The "Caesar Box," or "Caesar Cipher," is one of the earliest known ciphers. Developed around 100 BC, it
was used by Julius Caesar to send secret messages to his generals in the field. In the event that one of his
messages got intercepted, his opponent could not read them. This obviously gave him a great strategic
advantage. So, what was the code?
Caesar shifted each letter of his message three letters to the right to produce what could be called the
ciphertext. The ciphertext is what the enemy would see instead of the true message.

learn with kp
 Lets Encrypt using Enigma Machine

• A complex German engineered device used in world war one and

world war two that created strong encrypted messages, the role of

enigma machine was very crucial in the world war

Encryption Lab: https://cryptii.com.

Challenge:
•Decode the following :
qxmdi qmame fin

Model: Enigma M3
Reflector: UKW B
Rotor values : VI,I,III (Default)
Position: S, A, A
Ring: 1,1,1 (Default)

learn with kp
 Let’s Decrypt

learn with kp
You are awesome
 Journey towards modern cryptography

1960s 1970s 1973 1974 1976 1977

Computers Feistel Cipher Asymmetric

Computers Horst Feistel, IBM Asymmetric or public

Into Developed the Feistel key encryption.
Offices and industries cipher.

Encryption Lucifer DES

Add Text

Encryption started to NIST issued a NIST approved Lucifer

IBM submitted with some modification
be used in public request for
an encryption
Lucifer, and adopted as Data
Government sector.
standard (Highly developed by Encryption
(lack of recognized
secured, Easy, Horst Feistel and Standard (DES).
standards)
adaptable, team
economical,
efficient and
exportable)
Based on
Substitution and
permutation
learn with kp
 Cryptography encryption offers…

• Confidentiality (secured information only to authorized to receiver ?)

Protect data against unauthorized disclosure (Encryption)

• Integrity (Is this the real data)

Ensures data has not been changed, destroyed, or lost in an unauthorized
(hashing algorithms and message digests)

• Accountability (Who Sent )

Accepting responsibility for one's action
(Digital Signature)

• Authentication (How this has been sent?)

Confirms the identity of a system, device or process using a message
authentication code (Special Key exchange (username pw, tocken, biometric etc))

learn with kp
 Symmetric and asymmetric Encryption simplified

It is Simple!
learn with kp
 Symmetric Cryptography

Symmetric encryption uses a Single Shared Key to encrypt data and provides fast and
efficient encryption between sender and receiver.

Symmetric Encryption

Symmetric Algorithms
•Data Encryption Standard (DES), Advanced Encryption Standard (AES)
•Blowfish, RC4
•International Data Encryption Algorithm (IDEA)
learn with kp
 Advantages and Disadvantages - Symmetric Cryptography
Advantages Symmetric Cryptography

•Symmetric cryptography is faster

•Encrypted data can be transferred on the link even if there is a possibility that the data

will be intercepted.

•Since there is no key transmitted with the data, the chances of data being decrypted are

very less.

•Uses password authentication to prove the receiver’s identity

•The system only which possesses the secret key can decrypt a message

Disadvantages of Symmetric Cryptography

•Need to change the key often

learn with kp
•Securely generating, managing and distributing the secret key is a challenge
 Asymmetric Cryptography

Symmetric cryptography uses two keys that are mathematically related. Asymmetric
cryptography also called as public key cryptography

Asymmetric Cryptography

Asymmetric Algorithms
•RSA, DSA, Ellipic Curve
•Diffie-Hellman key exchange, Ed225519 signing, X448 key exchange
learn with kp
 Asymmetric Cryptography - PKI for Digital Certificate in details

learn with kp
 States of Digital Data and Cryptography

Encryption mainly ensures:

• Confidentiality (secured information only to authorized to receiver ?)

• Integrity (Is this the real data)
• Accountability (Who Sent )
• Authentication (How this has been sent?)

Of the Data:

• In Motion (Transit)
• In Use (currently accessed)
• At Rest (stored)

learn with kp
 Cryptography - Protocols
In Motion (Transit) :
Where the data moving from one location to another.
In Use (currently accessed) :
Source & Destination Example Can be Encrypted Using
Where the data is in use.
Computer Devices Emails SSL/TLS
services Files Uploads HTTPS Source
virtual machines File Downloads IPSec
applications Instant Messages WEP, WPA, Computer Devices
Networks TKIP, CCMP Database Servers
Wireless Points PGM/MIME virtual machines
Example

Files that are currently open

Databases in use
At Rest (Stored Data) : Where the data Stored RAM data

To use, the data have to be decrypted

Authentication Mechanism
Source Example Can be Encrypted Using • Single Sign-On
Computer Devices • Kerberos
Cloud Storage Assets Data in a Disk AES • MFA (eg : R S A)
Files and File Archives Data in Virtual Drives • Secure Virtualization (SEV)
USB or any other device Data any Devices • Encrypt RAM in Use
learn with kp
 Practical Application / Integration of Cryptography

Security Protocol or Cryptographic Protocol

•An abstract or concrete protocol that performs a security-related function and applies cryptographic
methods, often as sequences of cryptographic primitives.
•A protocol describes how the algorithms should be used.
•A sufficiently detailed protocol includes details about data structures and representations, at which
point it can be used to implement multiple, interoperable versions of a program

A cryptographic protocol usually incorporates at least some of these aspects:

➢Key agreement or establishment, Entity authentication
➢Symmetric encryption and message authentication material construction
➢Secured application-level data transport, Non-repudiation methods, Secret sharing methods
➢Secure multi-party computation

learn with kp
 Encryption in different layers

learn with kp
 Can a hacker bypass encryption ?

WHY NOT ? Few Threats are listed here

➢ Key Theft :

➢ The easiest way for a hacker to bypass encryption schemes is simply to steal the key. If a

hacker manages to plant a keylogger on your system, he can record your activities,

including the generation or use of cryptographic keys. In addition, some forms of

malware enable the controller to browse the contents of your hard drive, so if you store

cryptographic keys and passwords in plain text, they could be vulnerable. Keeping your

operating system, firewall and anti-malware programs up to date can help prevent this

type of attack.

learn with kp
 Can a hacker bypass encryption ?

➢ Password Security:

➢ Hackers can find ways around hashed password databases, however. Since the

algorithms that convert these passwords are easy to discover, a hacker can hash

common words and look for matches in the database. If he hashes “password” and

matches that to an account, he knows that account’s password is “password." To

prevent these kinds of attacks, use complex passwords that don't appear in the

dictionary, and sites can add “salts," or randomly chosen numeric values, to the

cryptographic hash function to alter its output.

learn with kp
 Can a hacker bypass encryption ?

➢ Weak Encryption protocol and ciphers:

➢ Using broken or weak cryptographic algorithms can leave data vulnerable to being

decrypted or forged by an attacker. Many cryptographic algorithms provided by

cryptography libraries are known to be weak, or flawed. Using such an algorithm

means that

➢ encrypted or hashed data is less secure than it appears to beA weak cipher is

defined as an encryption/decryption algorithm that uses a key of insufficient

length. Using an insufficient length for a key in an encryption/decryption algorithm

opens up the possibility (or probability) that the encryption scheme could be

broken (i.e. cracked).

learn with kp
 Practical Use cases in daily usage

➢ SSL & HTTPS

➢ Digital Signature

➢ Hashing

➢ VPN

➢ RSA Token

➢ WhatsApp end to end encryption

learn with kp
 SSL and HTTPS

learn with kp
 Digital Signature

learn with kp
 Hashing

The main purpose of hashing is to verify

the integrity of a piece of data. Since the

hash generated is UNIQUE to the input

data, it acts as a unique “fingerprint” of

the input data. This makes a hash useful

for verifying the integrity of data sent

through insecure communication

channels like the internet.

learn with kp
 VPN

learn with kp
 RSA Token

learn with kp
 WhatsApp

Whatsapp end-to-end encryption is

implemented using asymmetric
cryptography or public key systems. Recall,
that in asymmetric encryption, when one
key is used to encrypt (here, the public
key), the other key is used to decrypt (here,
the private key) the message.)

“Once a session has been established,

clients exchange messages that are
protected with a Message Key using
AES256 in CBC mode for encryption and
HMAC-SHA256 for authentication”

learn with kp (WhatsApp Encryption Overview 2016)

 New Versions – Importance – Reference TLS

learn with kp
 Why TLS 1.3 is recommended over TLS 1.2

➢ Eliminates support for outmoded algorithms and ciphers

➢ Eliminates RSA key exchange, mandates Perfect Forward Secrecy
➢ Reduces the number of negotiations in the handshake
➢ Reduces the number of algorithms in a cipher suite to 2
➢ Eliminates block mode ciphers and mandates AEAD bulk encryption
➢ Uses HKDF cryptographic extraction and key derivation
➢ Offers 1-RTT mode and Zero Round Trip Resumption
➢ Signs the entire handshake, an improvement of TLS 1.2 (All handshake messages after the Server
Hello are now encrypted)

learn with kp
 Thank You
This document has been prepared by
referring many resources that includes
standards, frameworks, tutorials, product
websites, knowledge sharing portals. To
Many graphics adapted from various
websites with an aim to explain it simple
and clear.

Thanks to all contributors who published

great contents to help others to
understand this topic.

Thank & Regards,

Kr!shnaprasad SV
learn with kp https://www.linkedin.com/in/krishnaprasadsv/