Lesson 2: Using Cryptography
Cryptography can help secure your company's C-I-A triad by providing confidentiality, integrity, identification and authentication, and nonrepudiation. Now that you understand the basics of cryptography, you must understand how it can be applied to information security to create a solution. By combining the abilities of secure hash functions, symmetric key encryption, and asymmetric key encryption, you can create a solution that provides confidentiality, integrity, authentication, and nonrepudiation.
Understand how cryptography provides confidentiality
Understand how cryptography provides integrity
Understand how cryptography provides authentication
Understand how cryptography provides nonrepudiation
Confidentiality
You provide information confidentiality by using symmetric algorithms. Because symmetric key encryption relies on a shared secret, everyone that needs access to a particular file need only have a copy of the encryption key that was used for encryption. Symmetric encryption is also a relatively fast encryption method, so it is suited for encrypting large amounts of data, such as files on a computer.
Asymmetric key pairs can be used to provide confidentiality by encrypting data, but this is not a viable solution. Asymmetric encryption is relatively slow, and therefore not practical for encrypting large amounts of data, such as data files.
How It Works
You are the network administrator for your company, responsible for providing secure access to files. You must also secure the files so that if an unauthorized person gains access to them, he or she cannot access the data in the files.
The solution is to identify all of the files that require encryption and all of the people that should have access to those files. You then choose a symmetric algorithm to encrypt and decrypt a file. After you have generated the symmetric key that will be used, you provide the symmetric encryption key to everyone who requires access. Finally, you encrypt all the files requiring encryption using the key.
Additional Considerations
The solution just given will work, but there are several issues that need to be addressed to make the solution workable. Issues with this solution include the following:
Distributing the symmetric key to the users who need access
Securing the symmetric key against loss, theft, or distribution to unauthorized people
Maintaining a list of people authorized to use the symmetric key and retrieving the key from people and computers no longer authorized to access the data
Replacing the symmetric key in the event that it is compromised
To obtain the Security+ certification, you are expected to have a functional understanding of how cryptography works, the terminology, and the standards. To fully understand how to implement a symmetric key encryption solution however, you must gain a deeper knowledge of symmetric key encryption and the available solutions.
Integrity
Integrity means something is unimpaired and complete. Symmetric key encryption, secure hash functions, and asymmetric cryptography all provide different types of information integrity. Using cryptography does not protect the information from intentional or unintentional damage, but does assure that the information being delivered has not been tampered with or modified. The primary type of information integrity that can be provided by each solution is as follows:
When secure hash functions are used to create a message digest, the message digest can be saved and later compared to another message digest from the same data to ensure the data has not been tampered with. For instance, if you run a hash function on a file and then a few weeks later rerun the hash function and the two message digests do not match, the file has been modified.
Keyed hash functions provide data integrity. When data is hashed, a key is used in the hashing algorithm. The recipient must use this key to validate the message. The hash value produced with the keyed hashing algorithm is called a message authentication code (MAC). The key operates much like a symmetric key in that it becomes a shared secret. This key is sometimes referred to as a magic number. When using this type of algorithm, the receiving application must also possess the session key to recompute the hash value so it can verify that the base data has not changed. This provides a mechanism to ensure that the encrypted data has not been tampered with.
Asymmetric algorithms can provide integrity by being combined with hash functions to produce digital signatures. You create a digital signature by creating a message digest of a plaintext message using a hash algorithm. You then encrypt the hash value with your private key. The receiver decrypts the encrypted hash value using your public key and then generates a hash of the message. If the decrypted hash value from you matches the hash value the receiver generates, the message could only have originated from you and could not have been tampered with in transit.
Identification and Authentication
You can use symmetric and asymmetric keys for identification and authentication. The primary type of identification and authentication that can be provided by each solution is as follows:
Asymmetric algorithms can provide authentication using a challenge-response protocol. When you want to access a system, the system sends a random number (called a nonce) that you encrypt with your private key. The system then verifies your credentials by decrypting the encrypted nonce using your public key. This type of authentication is ideally suited for use with remote access and physical access to restricted areas, such as the room where your servers are located.
Symmetric algorithms can authenticate users. When you want to access a system, the system sends a nonce that you use as the key to use a symmetric algorithm to encrypt your password. The system then uses the nonce to decrypt your password. You are successfully validated if the decrypted password matches the password the system has for you.
How It Works
As the network administrator for your company, you are responsible for providing a way to identify and authenticate users from other companies who are accessing your business-to-business (B2B) server remotely.
You deploy an asymmetric public key algorithm for each of the users requiring remote access. Configure your server so that a challenge-response protocol is used to access the B2B information. When users attempt to access the system, the server issues a challenge and decrypts the challenge the user returns (using that user's public key). If the challenges match, the user is granted access.
Providing Nonrepudiation
You can provide a means of nonrepudiation using public key asymmetric algorithms. There are two keys (a public key and a private key), and only you possess your private key. The private key can be used to create a digital signature, and anyone with a copy of your public key can verify that the message is from you and has not been altered. This also provides proof that you sent the message.
For nonrepudiation you must use a trusted third party (TTP) to bind your public key to a user or system. More information about TTPs is provided in Lesson 3.
How It Works
You are the security specialist of a company that conducts business over the Internet and requires a method that proves that the party placing the order sent the order message. This proof is used in the event of a billing dispute, so the mechanism must provide nonrepudiation.
You should require people wishing to do business with you to acquire a digital identification and configure their e-mail service to use that digital signature. Configure your server so that a digital signature is required when submitting all orders.
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in Appendix A, "Questions and Answers."
Which is the best mechanism for providing confidentiality?
Secure hash function
Symmetric key
Asymmetric key
Algorithm
You need to send an e-mail message to someone and ensure that the integrity is verifiable when it arrives. Which would best provide that capability?
Using a secure hash function to create a message digest
Using an asymmetric public key to create a digital signature
Using a symmetric key to create a digital signature
Using an algorithm to create a message digest
You need to provide a method to allow the receiver of an e-mail to be able to authenticate that a message came from a specific person. Which would best provide that capability?
Using a secure hash function to create a message digest
Using an asymmetric key pair to create and validate a message digest
Using a symmetric key to create and validate a message digest
Using an algorithm to create a message digest
You need to provide a mechanism that can establish nonrepudiation when sending e-mail to a business partner. Which would best provide that capability?
Using a secure hash function to create and validate a digital signature
Using an asymmetric key pair to create and validate a digital signature
Using a symmetric key to create and validate a digital signature
Using an algorithm to create and validate a digital signature
Lesson Summary
By combining the abilities of secure hash functions, symmetric key encryption, and asymmetric key encryption, you can create a solution that provides confidentiality, integrity, authentication, and nonrepudiation.
Using a symmetric key or shared secret to encrypt and decrypt large amounts of data is the best way to provide confidentiality.
You can provide message integrity using a secure hash function to create a message digest, although symmetric keys and asymmetric key pairs provide data integrity in other ways.
Asymmetric encryption can be used to create a digital signature, which can be attached to an e-mail. This authenticates who sent the message.
You can establish nonrepudiation by using an asymmetric key to create a digital signature and attaching it to an e-mail. This can verify the sender's identity.