Topic 8: Cryptography

Mr. Jonelle Angelo S. Cenita, MSIT, LPT

BAINFSMX Information Security and Management
1. Advanced Cryptographic
Techniques and Secure
Key Management
Cryptographic
• Cryptographic refers to anything related to
cryptography, which is the science of using codes and
ciphers to protect information. It ensures that data is
kept confidential, authentic, and secure from
unauthorized access.
• Encrypting a message so only the intended person can
read it is a cryptographic process.
Cryptographic Techniques
• Cryptographic techniques are the methods or tools used
to secure data through encryption, authentication, and
integrity checks. These techniques protect data during
storage or transmission by making it unreadable to
unauthorized users.
• Common Examples:
• Encryption algorithms (e.g., AES, RSA)
• Hashing (e.g., SHA-256)
• Digital signatures
Symmetric Encryption
• Symmetric encryption uses one single key to both encrypt
(lock) and decrypt (unlock) the data.
• Both the sender and the receiver must share the same key,
and it must be kept secret.
• Example:
• Algorithms:
• AES(Advanced Encryption Standard) - A fast and secure symmetric
encryption algorithm widely used for encrypting data
• DES(Data Encryption Standard) - An older symmetric encryption
algorithm, now mostly replaced by AES due to security weaknesses.
• Use Case: Encrypting files, secure database storage
Asymmetric Encryption
• Asymmetric encryption uses two keys:
• A public key to encrypt the data
• A private key to decrypt it
• The public key is shared with anyone, but the private key is kept secret by the owner.
• Like a mailbox: anyone can drop a letter using the public key (mail slot), but only the
owner with the private key can open it.
• Example:
• Algorithms:
• RSA(Rivest–Shamir–Adleman) - An asymmetric encryption algorithm named after its
inventors. Commonly used for secure data transmission and digital signatures.
• ECC(Elliptic Curve Cryptography) - A type of asymmetric encryption that uses elliptic
curves for strong security with smaller key sizes (more efficient than RSA).
• Use Case: Sending secure emails, digital signatures, SSL certificates
Block Ciphers
• A block cipher encrypts data in fixed-size blocks (like
128-bit or 64-bit chunks) at a time. If the data isn’t long
enough, it’s padded to fit the block size.
• Like sealing multiple pages into envelopes—each
envelope (block) is locked before being sent.
• Example:
• AES (Advanced Encryption Standard) is a common block
cipher.
Stream Ciphers
• A stream cipher encrypts data one bit or one byte at a
time, often by combining the data with a stream of
random-looking key bits (called a keystream).
• Like using a key to lock each word or letter as you type it,
rather than waiting to seal the whole message.
• Example:
• RC4 is a classic example of a stream cipher.
Elliptic Curve Cryptography (ECC)
• Elliptic Curve Cryptography (ECC) is a type of asymmetric encryption
that uses the mathematics of elliptic curves to create secure and
efficient cryptographic keys.
• ECC provides strong security with much smaller key sizes compared
to older methods like RSA. This makes it faster and more efficient,
especially for mobile devices and systems with limited resources.
• ECC is like using a smaller but more complex lock that is just as strong as a
big one, but easier to carry and faster to use.
• Example:
• ECC with a 256-bit key provides security similar to RSA with a 3072-bit key
Secure Key Management
• Secure key management is the process of generating, storing,
protecting, and handling cryptographic keys in a way that
prevents unauthorized access or loss. Keys are critical for
encrypting and decrypting data, so managing them safely is
essential for maintaining security.
• Key Elements Include:
• Key generation
• Key distribution
• Key storage
Key Generation
• Key generation is the process of creating cryptographic
keys that are used to encrypt and decrypt data. These
keys must be random, unique, and secure to protect
information.
• Types of Keys:
• Symmetric Key – one key for both encryption and decryption
• Asymmetric Keys – a public key and a private key
Key Distribution
• Key distribution is the process of safely sharing the
cryptographic key between the sender and receiver. If the key
is intercepted or leaked during distribution, security is
compromised.
• Common Methods:
• Manual sharing (not secure)
• Key exchange algorithms (like Diffie-Hellman)
• Public Key Infrastructure (PKI) for asymmetric keys
Key Storage
• Key storage refers to safely keeping cryptographic keys so they
are protected from unauthorized access, loss, or corruption.
2. Public Key Infrastructure
(PKI) and Digital
Signatures
Public Key Infrastructure (PKI)
• Public Key Infrastructure (PKI) is a framework of policies,
technologies, and practices that manages the creation,
distribution, and revocation of public and private keys
used in asymmetric cryptography.
• PKI ensures the security and trust of digital
communications by verifying the identity of users and
systems.
Key Components of PKI:
• Public Key – Used to encrypt data or verify a signature.
• Private Key – Used to decrypt data or create a signature (kept
secret).
• Certificate Authority (CA) – An entity that issues digital certificates
(confirms the identity of the key owner).
• Registration Authority (RA) – Acts as an intermediary between the
user and CA, verifying user identities.
• Digital Certificates – Digital documents that link a public key to an
identity (e.g., name, email address).
• Revocation Lists – A list of keys or certificates that are no longer
Digital Signatures
• A digital signature is a cryptographic technique used to
authenticate the origin and integrity of digital messages
or documents. It uses a private key to "sign" the data
and a public key to verify the signature.
Fundamentals of PKI
• 1. Certificates
• A digital certificate is a public key certificate issued by a
Certificate Authority (CA). It links a public key to a
specific identity (like a person, organization, or device)
and serves as proof that the public key belongs to the
claimed identity.
• Links a public key to an identity, verified by a CA
Fundamentals of PKI
• 1. Certificates
• Contents of a Digital Certificate:
• Public Key: The key that can be shared.
• Subject: The identity (name, email, etc.) to which the
certificate is issued.
• Issuer: The CA that issued the certificate.
• Validity Period: The start and end dates during which the
certificate is valid.
• Signature: The CA’s digital signature that confirms the
authenticity of the certificate.
Fundamentals of PKI
• 2. Certificate Authority (CA)
• A Certificate Authority (CA) is a trusted organization that
issues digital certificates. The CA verifies the identity of the
certificate requestor before issuing a certificate, and
ensures that public keys are properly authenticated.
• A trusted entity that issues, renews, and revokes certificates
• Example:
• Let’s say you're visiting a website with "https://". The CA that
issued the website's certificate is responsible for verifying the
website’s identity.
Fundamentals of PKI
• 3. Registration Authority (RA)
• The Registration Authority (RA) is a middleman
between the user and the Certificate Authority (CA). It is
responsible for verifying the identity of the certificate
requestor before the CA issues a certificate.
• Verifies the identity of users or systems requesting a
certificate
Fundamentals of PKI
• 4. Certificate Revocation List (CRL)
• A Certificate Revocation List (CRL) is a list maintained by the CA
that contains certificates that are no longer valid before their
expiration date. This can happen if the private key is
compromised, or the certificate is no longer needed.
• A list of revoked certificates, ensuring they are no longer trusted
How Digital Certificates Work
• A digital certificate is an electronic document that uses public
key cryptography to establish a secure connection and verify
the identity of an entity (such as a website, person, or
organization). It is issued by a Certificate Authority (CA) to
confirm that the public key belongs to the entity it claims to
represent.
How Digital Certificates Work
Digital Signatures: Algorithms (RSA,
DSA, ECDSA)
• A digital signature is a cryptographic mechanism used to
authenticate the identity of the sender and ensure the
integrity of the message. It involves creating a signature for a
document or message using a private key and allowing others
to verify it with the corresponding public key.
How Digital Signatures Work:
• 1. Hashing: A hash of the message is created. A hash is a fixed-
size string derived from the content of the message.
• 2. Signing: The hash is then encrypted with the private key of
the sender to create the digital signature.
• 3. Verification: The recipient decrypts the signature using the
sender's public key. If the decrypted hash matches the hash of
the received message, the signature is valid, ensuring the
message has not been altered and confirming the sender's
identity.
Key Differences between RSA, DSA,
and ECDSA: