Cryptographic Solutions (OBJ 1.4, 2.3, & 2.4)

Cryptography

• Practice and study of writing and solving codes
• Encryption to hide information's true meaning

Encryption

• Converts plaintext to ciphertext
• Provides data protection at rest, in transit, and in use

Data States

• Data at Rest
  • Inactive data on storage devices
• Data in Transit
  • Moving across networks
• Data in Use
  • Currently undergoing change

Algorithm and Key

• Algorithm (Cipher)
  • Performs encryption or decryption
  • ROT13 Cipher (Rotate 13 spots)
    • Example: C = P and so on
    • Pelcgbtencul vf sha = Cryptography is fun
  • A Cipher is an algorithm that performs the encryption or decryption
  • Can be seen as a mathematical function that tells you how you are going to encrypt or decrypt something.
• Key
  • Essential piece of information that determines the cipher output
  • Encryption strength comes from the key, not the algorithm

Key Strength and Rotation

• Key Length
  • Proportional to the level of security it provides
  • A 256-bit key will give you a much higher degree of protection and it renders it exponentially more challenging for an attacker to break it.
  • Moving from a 128-bit to a 256-bit key is not actually double as strong, it is exponentially as strong, you are squaring the value!
• Key Rotation
  • Regularly changing cryptographic keys
  • Best practice for security longevity
  • There are policies to rotate TLS keys regularly
  • Note: Most encryption algorithms are open-source and publicly accessible
    • The key is really the only thing that provides us security
  • Secrecy and confidentiality of those encryption keys gives us security
    • Store in secure hardware modules
    • Encrypt keys when at rest
    • Transmit keys securely when used
    • Limit key access to regular audits and monitoring for unauthorized access

Symmetric and Asymmetric Encryption

• Symmetric Algorithms
  • Uses same key for encryption and decryption
• Asymmetric Algorithms
  • Uses a pair of keys for encryption and decryption

Symmetric Algorithms

• DES
• Triple DES
• IDEA
• AES
• Blowfish
• Twofish
• Rivest Cipher

Asymmetric Algorithms

• Diffie-Hellman
• RSA
• Elliptic Curve Cryptography

Hashing

• Converts data into fixed-size string (digest) using hash functions
• Algorithms
  • MD5
  • SHA Family
  • RIPEMD
  • HMAC

Public Key Infrastructure (PKI)

• Framework managing digital keys and certificates for secure data transfer

Digital Certificates

• Electronic credentials verifying entity identity for secure communications

Blockchain

• Decentralized, immutable ledger ensuring data integrity and transparency

Encryption Tools

• TPM
• HSM
• Key Management Systems
• Secure Enclave

Obfuscation

• Steganography
  • The practice of hiding secret data within ordinary non-secret files or messages to avoid detection
• Tokenization
  • Substitutes sensitive data elements with non-sensitive equivalents called tokens
• Data Masking/Data Obfuscation
  • Process of disguising original data to protect sensitive information while maintaining its authenticity and usability

Cryptographic Attacks

• Downgrade Attacks
• Collision Attacks
• Quantum Computing Threats