{"id":1101,"date":"2010-10-28T12:19:27","date_gmt":"2010-10-28T16:19:27","guid":{"rendered":"http:\/\/www.acarlstein.com\/?p=1101"},"modified":"2010-10-28T16:27:37","modified_gmt":"2010-10-28T20:27:37","slug":"introduction-to-network-security-part-4","status":"publish","type":"post","link":"http:\/\/blog.acarlstein.com\/?p=1101","title":{"rendered":"Introduction to Network Security &#8211; Part 4"},"content":{"rendered":"<p><span style=\"text-decoration: underline;\"><strong>NOTIFICATION:<\/strong><\/span><strong> <\/strong>These examples are provided for  educational purposes.     The use of this code and\/or information is  under your own responsibility and risk. The information and\/or code is      given \u2018as is\u2019. I do not take responsibilities of how they are used.<\/p>\n<p>Before we begin talking about encryption, decryption, and ciphers related topic, let go over some terminologies to have in account:<\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\">Cipher:<\/span> An algorithm used for encryption.<br \/>\nLink reference: &lt;http:\/\/www.merriam-webster.com\/dictionary\/cipher&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Ciphertext:<\/span> The encrypted(coded) message.<br \/>\nLink reference: &lt;http:\/\/cryptnet.net\/fdp\/crypto\/crypto-dict\/en\/crypto-dict.html&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Cryptanalysis:<\/span> Study of the principles and methods of deciphering a ciphertext without having the required key.<br \/>\nLink reference: &lt;http:\/\/en.wikipedia.org\/wiki\/Cryptanalysis&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Cryptography:<\/span> Study of the principles and methods of encryption.<br \/>\nLink reference: &lt;http:\/\/en.wikipedia.org\/wiki\/Cryptography&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Cryptology:<\/span> The study of cryptanalysis and cryptography.<br \/>\nLink reference: &lt;http:\/\/www.britannica.com\/EBchecked\/topic\/145058\/cryptology&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Deciphering:<\/span> Also known as decryption. The act of transforming a ciphertext to the original plaintext.<br \/>\nLink reference: &lt;http:\/\/www.merriam-webster.com\/dictionary\/deciphering&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Decryption:<\/span> Also known as deciphering. The act of transforming a ciphertext to the original plaintext.<\/li>\n<li><span style=\"text-decoration: underline;\">Enciphering:<\/span> Also known as encryption. The act of transforming a plaintext to a ciphertext.<br \/>\nLink reference: &lt;http:\/\/www.merriam-webster.com\/dictionary\/enciphering&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Encryption:<\/span> Also know as enciphering. The act of transforming a plaintext to a ciphertext.<\/li>\n<li><span style=\"text-decoration: underline;\">Plaintext:<\/span> the original message to be encrypted.<br \/>\nLink reference: &lt;http:\/\/en.wikipedia.org\/wiki\/Plaintext&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Product:<\/span> stages of transposition and substitutions performed.<br \/>\nLink reference: &lt;http:\/\/www.britannica.com\/EBchecked\/topic\/477942\/product-cipher&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Secret key:<\/span> An input required for the encryption and\/or decryption algorithms.<\/li>\n<li><span style=\"text-decoration: underline;\">Substitution:<\/span> Map each element in a plain text to another element.<br \/>\nLink reference: &lt;http:\/\/substitution.webmasters.sk\/&gt;<\/li>\n<li><span style=\"text-decoration: underline;\">Transposition:<\/span> Rearrange the elements in the plaintext<br \/>\nLink reference: &lt;http:\/\/mw1.meriam-webster.com\/dictionary\/transposition%20cipher&gt;<\/li>\n<\/ul>\n<p><strong>Cryptography<\/strong><\/p>\n<p>A cryptographic system is characterized by the use of encryption operations, number of keys used for encryption and decryption, and the way in which the plain text is processed.<\/p>\n<p><span style=\"text-decoration: underline;\">Encryption Operations:<\/span> In order to encrypt a plaintext to a chipertext is required to perform multiple stages of transposition and substitution, also known as product.<\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\">Substitution:<\/span> We take each element from the plaintext and mapped them to another element<\/li>\n<li><span style=\"text-decoration: underline;\">Transposition:<\/span> We\u00a0 take each element in the plaintext and rearrange its order in such a way that it differ from the original plaintext.<\/li>\n<\/ul>\n<p>To perform encryption and decryption, we use a key reference. We can categorize the encryption techniques as\u00a0 symmetric, single, asymmetric, double, and\/or public.<\/p>\n<p>The plaintext can be processed by using a method of streams or blocks:<\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\">Stream:<\/span> The plaintext is processed as a continuous set of elements in which each element is encrypted one at a time.<\/li>\n<li><span style=\"text-decoration: underline;\">Blocks:<\/span> The plaintext is divided in a set of blocks in which each block is encrypted one at a time.<\/li>\n<\/ul>\n<p><strong>Cryptanalysis<\/strong><\/p>\n<p>As explained in the terminology list, Cryptanalysis is purpose of decrypt an encrypted ciphertext without the knowledge of the key used for the encryption. One way is to attack the encryption system and recover the key used for the encryption instead of recovering the plaintext from a single ciphertext.<br \/>\nCryptanalysis attacks are divided in two categories:<\/p>\n<ol>\n<li><span style=\"text-decoration: underline;\">Brute-force Attack:<\/span> Every combination of a possible key is tested on the chipertext until the plaintext is obtained.<\/li>\n<li><span style=\"text-decoration: underline;\">Cryptanalytic Attack:<\/span> The use of knowing some characteristic of the original plaintext such as some used keywords, language, format, plaintext to ciphertext pairs examples, and\u00a0 knowledge of the possible algorithm used to decrypt the ciphertext.<\/li>\n<\/ol>\n<p><strong>Unconditional Security<\/strong><\/p>\n<p>We call unconditional security when a cipher cannot be broken by using a ciphertext and the plaintext that produced the ciphertext regardless of the computational power and time available. Up to day, there are no encryption algorithm that can be unconditional secure with the exception of the one-time pad encryption algorithm &lt;<a href=\"http:\/\/www.ibm.com\/developerworks\/library\/s-pads.html\">http:\/\/www.ibm.com\/developerworks\/library\/s-pads.html<\/a>&gt; which will be explained in the following postings.<\/p>\n<p><strong>Computational Security<\/strong><\/p>\n<p>Base on the cost-benefit of braking a cipher, a cipher may not be broker due:<\/p>\n<ol>\n<li>The cost of braking the cipher is greater than the value of the plaintext encrypted<\/li>\n<li>The time required to breaking the cipher exceed the usefulness lifetime of the plaintext encrypted<\/li>\n<li>Depending of the complexity of the cipher, there would be a limitation of computing resources and time.<\/li>\n<\/ol>\n<p><strong>Brute Force Search<\/strong><\/p>\n<p>As explained before, we call brute force to try every key combination possible to decrypt the ciphertext into plaintext. Before obtaining success, the attacker must try at least 50 percent of the possible keys; therefore, the probability of success may be proportional to the size of the key.<\/p>\n<p>Lets assume we wish to have to option of using:<\/p>\n<ol>\n<li> DES encoding (56-bit) &lt;<a href=\"http:\/\/groups.csail.mit.edu\/cag\/raw\/benchmark\/suites\/des\/README.html\">http:\/\/groups.csail.mit.edu\/cag\/raw\/benchmark\/suites\/des\/README.html<\/a>&gt;.<\/li>\n<li>Triple DES (168-bit) &lt;<a href=\"http:\/\/en.wikipedia.org\/wiki\/Triple_DES\">http:\/\/en.wikipedia.org\/wiki\/Triple_DES<\/a>&gt;<\/li>\n<li>AES (Greater than 128 bits) &lt;<a href=\"http:\/\/www.aescrypt.com\/\">http:\/\/www.aescrypt.com\/<\/a>&gt;<\/li>\n<\/ol>\n<p>Depending of which encryption we use, the time required to find the right key by brute force could be:<\/p>\n<p><a href=\"http:\/\/www.elblender.com\/wordpress\/wp-content\/uploads\/2010\/10\/table-number-of-keys-2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1135\" title=\"table number of keys 2\" src=\"http:\/\/www.elblender.com\/wordpress\/wp-content\/uploads\/2010\/10\/table-number-of-keys-2.jpg\" alt=\"\" width=\"779\" height=\"192\" srcset=\"http:\/\/blog.acarlstein.com\/wp-content\/uploads\/2010\/10\/table-number-of-keys-2.jpg 779w, http:\/\/blog.acarlstein.com\/wp-content\/uploads\/2010\/10\/table-number-of-keys-2-300x73.jpg 300w\" sizes=\"auto, (max-width: 779px) 100vw, 779px\" \/><\/a><\/p>\n\n<script>\nvar zbPregResult = '0';\n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>NOTIFICATION: These examples are provided for educational purposes. The use of this code and\/or information is under your own responsibility and risk. The information and\/or code is given \u2018as is\u2019. I do not take responsibilities of how they are used. Before we begin talking about encryption, decryption, and ciphers related topic, let go over some [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,264],"tags":[345,42,333,330,337,217,316,342,317,318,319,332,320,321,343,322,323,336,338,341,324,339,335,266,329,327,334,328,344,340],"class_list":["post-1101","post","type-post","status-publish","format-standard","hentry","category-programming","category-network-security","tag-aes","tag-algorithm","tag-attack","tag-blocks","tag-brute","tag-cipher","tag-ciphertext","tag-computational","tag-cryptanalysis","tag-cryptography","tag-cryptology","tag-cyptanalytic","tag-deciphering","tag-decryption","tag-des","tag-enciphering","tag-encryption","tag-force","tag-key","tag-one-time-pad","tag-plaintext","tag-product","tag-secret","tag-security","tag-stream","tag-subsitution","tag-symmetric","tag-transposition","tag-triple-des","tag-unconditional"],"_links":{"self":[{"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=\/wp\/v2\/posts\/1101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1101"}],"version-history":[{"count":27,"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=\/wp\/v2\/posts\/1101\/revisions"}],"predecessor-version":[{"id":1112,"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=\/wp\/v2\/posts\/1101\/revisions\/1112"}],"wp:attachment":[{"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1101"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.acarlstein.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}