Cryptography (II): delving deeper into this world

As we have seen in the previous article on Cryptography, this is a very important branch nowadays in order to carry out tasks in a secure way. In this second part we will delve a little deeper into how the two most commonly used algorithms work. In addition, we will discuss some common types of attacks in this area. 

As we discussed in the previous article, cryptography uses two methods of encryption in its procedures, which are mainly differentiated by the type of key used in each of them. On the one hand, we have the symmetric encryption method, which uses the same key to carry out the encryption and decryption process. As we saw, this method is divided into block cipher and stream cipher, of which we are going to focus on the block cipher.

Block cipher, as the name suggests, encrypts the original message by separating it into blocks of a given size. This method has several encryption algorithms:

• DES (Data Encryption Standard): This is a block cipher algorithm, created by IBM and accepted by NIST (National Institute of Standards and Technology) in 1976. This algorithm has a 64-bit key, 56 bits are used by the algorithm itself for the key and the rest can be used to check parity and correct possible errors or be discarded, so the effective length of the key is 56 bits. Today it is no longer a cryptographic standard as it was broken in 1999.
• 3DES (Triple - Data Encryption Standard): Since it is now relatively easy to break the DES algorithm, IBM developed its successor in 1998. This algorithm is simply based on using the DES algorithm 3 times in an orderly fashion. First, we encrypt the clear text with a key, the result obtained is encrypted again, but with a new key, and the result of this is encrypted again with a different key, resulting in a 192-bit key, although only 168 would be effective. Even so, it is an algorithm that is gradually disappearing and being replaced in more and more places by AES, although it is still used to make some online payments.
• AES (Advanced Encryption Algorithm): This is actually a "competition" launched by NIST to select the successor to DES and 3DES. The algorithm that won the AES is Rijndael, an algorithm created by two Belgian cryptographers, Daemen and RijmenDaemen and Rijmen. The characteristics that the algorithm that was to become the algorithm used by the US Government to encrypt sensitive information, by the private sector in the US and thus in the rest of the world, had to have were as follows: 

                 ▪ That it should be in the public domain
                 ▪ It should be symmetric and support a minimum of 128-bit blocks.
                 ▪ that the keys could be 128, 192 and 256 bits
                 ▪ That it could be implemented in hardware and software.

This algorithm is based on a combination of several substitutions, variations and transformations, which are repeated several times, each called a "round". In each round, a key is calculated from the encryption key and incorporated into the calculations. This is an algorithm in which the change of a single bit in either the key or a block of plaintext gives a completely different block of ciphertext, so that even the most powerful supercomputer could not break an AES key.

On the opposite side we have the asymmetric encryption method, in which a public and a private key are used for the encryption and decryption processes, which are complementary. This method uses different encryption algorithms:

❖ RSA (Rivest, Shamir and Adleman): is a cryptographic algorithm that was developed in 1977 by 3 cryptographers, whose surnames give the algorithm its name. This algorithm is currently considered to be one of the most secure, as it consists of displaying messages using numbers, which is the result of the multiplication of two large primes that have previously been chosen at random and kept secret. By working with two different keys, which are complementary, the message that is encrypted with the receiver's public key can only be decrypted with the receiver's private key. 

A strength of this algorithm is that it has to deal with factoring large numbers. To minimise the chances of breaking the algorithm, the number of paired private keys is kept to a minimum. 

❖ Diffie-Hellman: this is the beginning of public key systems, and consists of being able to share secret information through insecure channels, without it being computationally impossible for someone to find out the private key, even if they intercept it. The following illustration shows the procedure followed to obtain the secret key, which will usually be used for future encryption.

Illustration 1. Operation of the Diffie-Helman algorithm.  Author: Javier Campos

As we have seen, there are algorithms to keep information confidential and secure, but there are also some techniques or methods that try to break the security of these algorithms to access the information. 

We can call this action cryptanalysis, which is the set of techniques that attempts to decrypt encrypted messages without knowing the necessary keys. Some objectives would be to discover the original message, to alter the original message so that the receiver accepts it believing it to be authentic, or to initiate a communication with the victim and have the victim catalogue the attacker as an authorised sender. 

We will now discuss some of the most common attacks that are carried out.

• Brute-force attacks: this consists of trying all possible keys one by one until the correct one is found. Normally these attacks are not effective and sometimes they are not even feasible when there are too many keys to try.
• Ciphertext attacks: the person trying to decrypt the message does not know anything about its original content, and will work on the cryptogram, trying to find out something that is commonly repeated when encrypting certain types of documents or information.
• Man-in-the-middle attack: consists of placing oneself between the sender and the receiver of the information and intercepting it. It occurs in communications using, for example, Diffie-Helman, in which the adversary encrypts each part of the communication with a different key. 
• Dictionary attack: with this attack, the aim is to obtain the clear text from the beginning. According to the CCN-CERT, it consists of "breaking the security of password-based systems in which the attacker tries to find the right key by trying all (or almost all) possible words or words contained in an idiomatic dictionary. Special programmes are usually used to do this".

Janira Pérez Sánchez, Sec2Crime