Chapter 11 begins with some stories about encrypting laptops, and the dangers of not doing so, but the text does not return to this particular topic for many pages. The author backs up a few steps to discuss cryptography in general. Cryptography (hidden writing) is defined on page 367 as the scrambling of a message. This does not explain the idea.
The example on page 368 of the cipher used by Julius Caesar is clearer. It will be helpful first to define a cipher as a substitution of characters. In the example in the text, each letter in the original message (called cleartext or plaintext) is changed to another character by a specific algorithm (method), resulting in an encrypted message that displays in ciphertext. The Caesar cipher is easy to break, since the same cipher letter is substituted each time the same plaintext letter occurs in the message. The cipher is even more vulnerable due to its simple algorithm: add three to each plaintext letter, wrap to front of alphabet as needed (for x, y, and z). It would be harder to break if a random substitution of letters had been used. Ciphers have evolved a good bit, as we will see.
Messages can also be scrambled by steganography. (covered writing?) The text briefly reviews a few methods of doing this: hiding a message in unused parts of a file, hiding it in metadata, hiding it where the uninformed would not look, and hiding it in images.
On pages 369 and 370, the text lists five kinds of security that cryptography might provide, and notes that not all kinds of cryptography provide all five features. (The next kind discussed in the text provides only one.)
The text continues with a general discussion of hashing, which then branches into specific types. Hashing is defined on page 371 as creating a unique encrypted result from a data set. The encrypted result is called a hash, a signature, or a digest, all of which mean the same thing. The hash should not resemble the plaintext in appearance or in length. Note that the text also refers to this method as a one-way hash, which means that the hash resulting from the algorithm is not meant to be unencrypted. The reason for this becomes clear in the example of its use with an ATM card.
Assume you have an ATM card that is assigned a Personal ID Number (PIN). The card provider used a hash algorithm to create a hash from your PIN which is stored on the card on a magnetic stripe. Sounds less than secure, right? When the card is used, it is inserted into a slot on a machine, and the machine asks for the PIN. The user is expected to enter the PIN, which the machine uses to create a hash, which is then compared to the hash stored on the card. The user is not allowed to use the card if the two hashes do not match.
This makes the use of the ATM card an example of two level security. The card alone is not enough. The user must provide the PIN (something you know) which is used by the machine to create a hash, which is compared to the hash on the card (something you have). Of course, the system breaks down if the hash algorithm becomes known to hackers. Feel like changing your PIN now?
The text lists four characteristics of a secure hashing algorithm on page 372:
Hash algorithms are typically used to encrypt passwords when users log in to networks. Like the ATM example, the password is never stored in plaintext, only in hash form. The system creates a hash from the password the user enters, and this is compared to the hash for that user ID in the password file. This brings us to the table on page 373 that indicates the only security feature provided by hashing: integrity. The other features are defeated by the fact that the hash cannot be decrypted, and the fact that another user may use a stolen password (or PIN).
Message Digest (MD) Hashing
The text discusses three versions of this hashing algorithm. The short story is that none of them are recommended as being secure any longer.
Secure Hash Algorithm (SHA)
SHA has two major types, but the second one has four subtypes. It was created by the National Security Agency and the National Institute of Standards and Technology.
The text mentions the Whirlpool hash function, but does not elaborate on it. See the linked article on Wikipedia for more details. Note that it produces a 512 bit hash (digest), and that it has been endorsed by ISO as well as NESSIE.
As previously discussed, local or domain passwords entered on a computer running Windows are converted by a hash program and compared to a stored hashed version of the user's current password. The text discusses the two versions used in common versions of Windows: LM hash and NTLM hash. We learn that LM hash is not considered a "real" hash because its result is cryptographic (character substitution) instead of numeric (hexadecimal digits). It was used in versions of Windows before Windows NT. NTLM is used in later versions, but we have already been informed that passwords shorter than 14 characters are stored both ways.
Linux systems may use an MD5 hash. The text says that Apple OS X systems use SHA-1, but use NTLM as well if Windows sharing is implemented. This post indicates that OS X is using SHA-512 instead.Symmetric Cryptographic Algorithms
Unlike hashes, cryptographic algorithms are typically meant to be used for encryption and decryption. The methods in this group use the same key to encrypt and to decrypt, which is why they are called symmetric. They are also called private key algorithms because the key must remain private to the users of the system or there is no security. (This seems like an obvious point, but we will consider another system where it is not true.)
The text divides symmetric algorithms into two groups. Stream ciphers encrypt one character at a time (from the flowing stream of data). Block ciphers divide the message into blocks of a specific size, then encrypt each block as a unit. The text discusses some methods used by stream ciphers:
These are just examples, of course. Many variations exist on the methods discussed. The text lists three symmetric algorithms to be aware of:
It should be obvious that asymmetric (not symmetric) algorithms will use different keys. These algorithms are also called public key cryptography. This name does not describe the method well. A person must have two keys in this system, a public key and a private key. They are created so that whatever is encrypted with one must be decrypted with the other. The owner of the keys gives the public key to anyone who wants it, but keeps the private key safe from anyone else.
This is how SSL encryption on a web site works. I connect to a vendor's web site. I obtain the vendor's public key by making the secure connection. My browser encrypts my credit card data with the public key and sends the ciphertext to the vendor. If the vendor's private key is secure, the vendor is the only one who can decrypt the data sent through the public key. In this way, a key is made available to anyone who wants it, but using it makes the data unintelligible to everyone who does not have the private key.
On page 383, the author describes a process to use a private key to make a digital signature. Note that the user's private key stays in his possession during this transaction, which makes use of the fact that data encrypted with the private key can be decrypted with the public key. This does not make that data secure, but it does prove that the data stream was encrypted with the matching key.
The text lists three asymmetric algorithms to be aware of:
Cryptography on Files and Disks
The text discusses two systems that can be used to encrypt files.
Pretty Good Privacy (PGP)
Although the heading is about PGP, a commercial product, the discussion is also about GPG (Gnu Privacy Guard), which is an Open Source product. The two products are typically compatible.
Everyone who uses PGP will have a public key that is freely available, a private key that remains secure, and everyone can generate new keys as needed.
In this way, PGP (and GPG) can use both symmetric and asymmetric keys.
Microsoft Windows Encrypting File System (EFS)
This file encryption system is transparent to the user who turns it on for a folder or file on his/her system. Note the bullets on page 387 that list features and concerns for this system.
This is a total disk encryption system that is available on some (not all) versions of Windows Vista and Windows 7. It encrypts an entire hard drive, which makes the system more secure against theft. The drive becomes accessible when a user authorized for the device logs in. The drive remains encrypted, but a decryption key is loaded into RAM, making the system transparent to an authorized user.
Note the potential vulnerability in BitLocker mentioned on page 387. First, a laptop encrypted in this way is vulnerable if the attacker gains access while a user is logged in. Second, the device may be accessible if an attacker can harvest the decryption key while the device is in sleep or hibernation (not locked) mode. Advice? Don't walk away from that laptop without locking it or turning it off. Hibernation and sleep modes rarely work well to begin with, so don't use them.
Trusted Platform Module (TPM)
This is a hardware technology that supports hard drive encryption. It features a real random number generator in a chip that is also used for encryption and decryption.
Chapter 12 continues the discussion of cryptography. On page 401, it returns to the topic of digital certificates. As discussed above, it can be based on the public key system, but it has a problem. Consider the discussion in the text of the way it should work: If you and I both have public and private keys, I can encrypt something with my private key that you can decrypt with my public key. Anyone else could decrypt it as well, but this step proves that the encrypted form came from me, or at least from the person whose public key you have.
In the example in the text, I can send a message to you encrypted with your public key (which only you can decrypt) along with a hash made from the message and encrypted with my private key. The encryption of the hash proves that it came from me: you can decrypt it with my public key. The hash itself will match a hash you can make from the decrypted message, proving that it has not changed. This is a secure system as long as our private keys remain private, and our public keys are not available except by a secure method. As the book explains, the system fails if you think you have my public key, but you really have the key of an impostor who sent the message in the first place. In other words, you know that the message is unchanged since it left the person who sent it, but how can you be sure that it came from the person you think it came from? How do you know my public key is really mine?
You need to get my public key from a trusted source, like Verisign, which is now affiliated with Symantec/Norton. If I register my public key with a trusted source (typically a certificate authority), or have them create it in the first place, they provide me with a copy of the key that is endorsed by them, which makes it a digital certificate. When I send this certificate to someone, they can verify that it is from an authority that can be trusted. Note the properties of a digital certificate listed on page 402:
This leads us to an industry that supports verified identities by the use of digital certificates. Some terms associated with it:
The text moves on to discuss different types of digital certificates.
The certificates described so far have been single-sided, which means they only confirm identity. Dual-sided certificates are actually two certificates: one to confirm identity (signing certificate), and the other to confirm encryption (encryption certificate).
It wouldn't be a security function if someone didn't feel the need to specify a format. Certificates are meant to comply with the X.509 format created by the International Telecommunications Union (ITU). This format is discussed on pages 408 and 409.
Public Key Infrastructure
The Public Key Infrastructure is the system (or a specific system) that includes all the concepts listed so far in this chapter. The text discusses three aspects of it: standards, trust models, and key management.
The text lists fifteen standards that apply to pubic key cryptography. The same standards are available on the Internet, such as this version at Wikipedia. Note that numbers 2 and 4 are no longer in force, having been merged into number 1. As the text explains, these standards actually belong to the RSA Data Security company, but they are "widely accepted".
The text lists four trust models, but discusses three of them. The one that is only mentioned is the web of trust, which is the model that would exist without any Certificate Authorities. The text describes this situation as one in which all entities know and trust each other directly (direct trust). The other three models involve third party trust, in which Certificate Authorities are used.
The text describes three concepts to manage the PKI entities better. More acronyms to recognize.
The text continues with a discussion of the care of keys used in PKI. Three concepts and more subconcepts once again:
Cryptographic Transport Protocols
The last major concept for the chapter discusses nine types of protocols associated with encrypted data flowing across a network: