Cybersecurity

Chapter 6

Cryptography
 Cybersecurity

Learning outcome:
• Definition of Cryptography
• Symmetric and asymmetric encryptions
• Hash functions
• Cryptography protocols: in-transit, SSL/TLS, HTTPS, VPNs
Introduction
Cryptography is the practice and study of techniques for secure
communication in the presence of adversaries. It involves converting
plaintext into cipher text to ensure confidentiality, integrity,
authentication, and non-repudiation.

It ensures that information is only accessible to those for whom it is

intended.

Cryptography is crucial in various domains, including cybersecurity,

finance, and communication.
Importance of Cryptography
Confidentiality: Encrypting data ensures that only authorized parties
can access it, protecting sensitive information from unauthorized
access.

Integrity: Cryptographic techniques verify that data remains

unchanged during transmission, ensuring its integrity and
trustworthiness.

Authentication: Cryptography enables users to verify the identity of

communication partners, preventing impersonation and unauthorized
access.
Basic Concepts of Cryptography

Encryption and Decryption

• Encryption: Process of converting plaintext into ciphertext.
• Decryption: Process of converting ciphertext back into plaintext.

Cryptographic Keys
• Secret values used to control the encryption and decryption
processes.
• Symmetric vs. Asymmetric keys.
Types of Cryptography
Symmetric Encryption: Involves the use of a single key for both
encryption and decryption. Examples include AES (Advanced
Encryption Standard) and DES (Data Encryption Standard).

Asymmetric Encryption: Uses a pair of keys (public and private) for

encryption and decryption. Examples include RSA and ECC (Elliptic
Curve Cryptography).

Hybrid Encryption: Combines symmetric and asymmetric encryption

for enhanced security and efficiency.
 Encryption Process
The encryption process involves the following steps:
• Key Generation: Generating encryption and decryption keys.
• Encryption: Converting plaintext into ciphertext using the
encryption key.
• Decryption: Converting ciphertext back into plaintext using the
decryption key.
Symmetric Encryption
• Symmetric encryption is a cryptographic technique where the same
secret key is used for both encryption and decryption of data. It is
also known as secret-key encryption or shared-key encryption.

• Symmetric encryption operates as a reversible process. The

plaintext data is encrypted into ciphertext using the secret key. The
same key is then used to decrypt the ciphertext back into plaintext.
 Symmetric Encryption

Key Management
• Key management is a critical aspect of symmetric encryption. The
security of the encrypted data relies on the secrecy of the shared
key. Secure key distribution methods are essential to prevent
unauthorized access to the key.
• Key management involves securely generating, distributing, storing,
and revoking encryption keys. Techniques such as key exchange
protocols, key rotation, and key escrow are used to manage
symmetric keys securely.
Symmetric Encryption
• Symmetric encryption provides confidentiality but lacks features
like key exchange and digital signatures. It is vulnerable to key
compromise, as anyone who gains access to the key can decrypt the
encrypted data.

• Strengths of symmetric encryption include speed, efficiency, and

simplicity. However, weaknesses include the need for secure key
distribution and the lack of built-in authentication.

• Common applications of symmetric encryption include secure data

transmission over networks, such as HTTPS for secure web
browsing, and file encryption for protecting sensitive files stored on
disk or transmitted over the internet
Examples of Symmetric Encryption
AES Encryption: Widely used in various applications such as secure
file transfer, email encryption, and VPN connections due to its strong
security and efficiency. AES supports key sizes of 128, 192, or 256
bits.

DES Encryption: Although less commonly used due to its

vulnerability to brute-force attacks, DES laid the foundation for
modern encryption standards and protocols. DES uses a 56-bit key and
operates on 64-bit blocks.
Asymmetric Encryption
• Key pairs are generated using mathematical algorithms. The public
key is widely distributed, while the private key is kept secret by the
owner. Key lengths and algorithms determine the strength of
encryption.
Asymmetric Encryption

• Asymmetric encryption involves generating a key pair consisting of

a public key and a corresponding private key. The public key can be
freely distributed, while the private key is kept secret by the owner.

• In asymmetric encryption, the sender encrypts the plaintext data

using the recipient's public key. The recipient then decrypts the
ciphertext using their private key. This process ensures
confidentiality, as only the recipient's private key can decrypt the
ciphertext.
 Asymmetric Encryption

• Asymmetric encryption offers additional security properties

compared to symmetric encryption. It eliminates the need for secure
key distribution and provides features like key exchange, digital
signatures, and authentication.

• Asymmetric encryption is widely used for secure key exchange in

protocols like SSL/TLS and SSH. It also enables digital signatures
for verifying the authenticity and integrity of digital messages, as
well as secure communication channels in applications like email
encryption and secure messaging platforms. It provides a secure
method for establishing trust between parties without prior
communication.
Examples of Asymmetric Encryption
RSA Encryption: Used in digital signatures, SSL/TLS certificates,
and secure communication protocols due to its security and widespread
adoption.

ECC Encryption: Known for its efficiency and suitability for

constrained environments, ECC is increasingly used in mobile devices,
IoT devices, and cryptographic protocols.
 Hash Functions
• Hash functions are cryptographic algorithms that generate fixed-size
hash values, or digests, from input data of arbitrary size. These hash
values are typically represented as a sequence of characters and are of
a fixed length, regardless of the size of the input data.

• The primary purpose of hash functions is to provide data integrity

verification. By generating a hash value for a piece of data, any
subsequent change to the data will result in a different hash value. This
property allows for easy and efficient verification of data integrity.
 Hash Functions
• Hash functions operate as one-way functions, meaning they are
irreversible. Given a hash value, it is computationally infeasible to
determine the original input data that produced the hash. This property
makes hash functions suitable for password hashing and digital
signatures.

• Applications
• Password hashing: Hash functions are used to securely store passwords in
databases. Instead of storing plaintext passwords, only their hash values are
stored. This protects passwords in case of a data breach.
• Data integrity verification: Hash functions are used to generate checksums or
digital signatures for verifying the integrity of transmitted or stored data. Any
change to the data will result in a different hash value, alerting the recipient to
potential tampering.
 Hash vs Symmetric vs Asymmetric
Hash Functions Symmetric Asymmetric
Purpose Data integrity Confidentiality Confidentiality,
verification authentication, digital
signatures
Operation One-way function, Reversible process with Reversible process with public
irreversible decryption and private keys
Keys No keys required Single secret key Public-private key pair
Output Fixed-length hash Variable-length Variable-length cipher-text
value cipher-text
Security Properties Pre-image Requires secure key Public key can be freely
resistance, collision distribution, vulnerable distributed, private key must
resistance to key compromise be kept secret
Applications Password storage, Secure data Secure key exchange, digital
data integrity transmission, file signatures
verification encryption
In-Transit Encryption
In-Transit Encryption
In-transit encryption protects data while it is being transmitted over a
network.

It prevents unauthorized access and interception of sensitive

information.

Common technologies for in-transit encryption include SSL/TLS,

SSH, and VPNs.
Technologies for In-Transit Encryption
HTTPS Encryption: Hypertext Transfer Protocol Secure (HTTPS)
encrypts web traffic using SSL/TLS protocols, ensuring secure
communication between web servers and clients. HTTPS is commonly
used for online banking, e-commerce, and sensitive data transmission.
Technologies for In-Transit Encryption
SSL/TLS Encryption: Secure Sockets Layer/Transport Layer Security
(SSL/TLS) protocols are used to secure web traffic, such as HTTPS
connections, protecting sensitive data exchanged between web servers
and clients.
Virtual Private Networks (VPNs)
SSL Handshake Process
The SSL/TLS handshake process involves several steps:
1. Client Hello: The client initiates the connection by sending a hello
message containing supported cryptographic algorithms and other
parameters.
2. Server Hello: The server responds with a hello message, selecting the
strongest mutually supported cipher suite and sending its digital
certificate.
3. Key Exchange: The client and server perform a key exchange to
securely establish session keys for encryption and decryption.
4. Authentication: The client verifies the server's digital certificate to
ensure it is authentic, while optionally, the server may also authenticate
the client.
5. Session Establishment: Once authentication is successful, a secure
connection is established, and encrypted data transmission begins.
SSL Handshake Process
Technologies for In-Transit Encryption
VPN Encryption: VPNs encrypt internet traffic between the user's
device and the VPN server, protecting data from interception and cyber
threats.
Virtual Private Networks
(VPNs)
Virtual Private Networks (VPNs)
A VPN extends a private network across a public network, such as the
internet.

It encrypts data transmitted between the user's device and the VPN
server, ensuring privacy and security.

VPNs are commonly used for remote work, accessing geo-blocked

content, and protecting sensitive information.
Benefits of VPNs
Privacy Protection: VPNs encrypt internet traffic, preventing ISPs
and third parties from monitoring users' online activities.

Access Control: VPNs enable users to bypass geo-restrictions and

access region-locked content by connecting to servers in different
locations.

Security Enhancement: VPNs provide an additional layer of security

for public Wi-Fi networks, protecting users' data from interception and
cyberattacks.
Real-World Example
ExpressVPN: A popular commercial VPN service offering strong
encryption, global server coverage, and user-friendly applications.
ExpressVPN enables users to protect their online privacy and security
while accessing content from anywhere in the world.
End-to-End Encryption
(E2EE)
End-to-End Encryption (E2EE)
End-to-end encryption ensures that only the sender and the intended
recipient can access the encrypted data.

It encrypts data at the source and decrypts it only at the destination,

minimizing the risk of interception.

E2EE is crucial for protecting user privacy and confidentiality in

messaging and communication platforms.
Principles of End-to-End Encryption
Key Generation: End-to-end encryption relies on the generation of
public and private keys, ensuring that only authorized parties can
decrypt the encrypted data.

Secure Communication Channels: E2EE protocols establish secure

communication channels between users, preventing third-party
interception and eavesdropping.

Data Confidentiality and Integrity: E2EE ensures the confidentiality

and integrity of data during transmission, protecting sensitive
information from unauthorized access and tampering.
Real-World Example
Signal Messenger: Signal is a privacy-focused messaging app that
uses end-to-end encryption to secure user communications, including
text messages, voice calls, and video calls. Signal's E2EE protocol
ensures that only the sender and recipient can access the encrypted
messages, providing maximum privacy and security for users.
Summary
Cryptography is essential for securing communication and protecting
sensitive information.

Encryption protocols, VPNs, in-transit encryption, and end-to-end

encryption are crucial components of cybersecurity.

Real-world examples illustrate the practical applications and

importance of cryptographic techniques in ensuring data privacy and
security.