One of the most important and unique properties of quantum key distribution is that a third party tries to eavesdrop on the password o conveniences. These two conveniences are based on quantum mechanics’ basic principle: any measurement quantum system measurement will interfere with the system. When a third party tries to eavesdrop on the password, it must be measured somehow, and these measurements will bring detectable anomalies. The communication system can detect eavesdropping through the communication system to detect eavesdropping through the quantum superposition state. When the eavesdropping is lower than a certain standard, a secure key can be generated.
The security of quantum key distribution is based on quantum mechanics’ basic principles, while traditional cryptography is based on the computational complexity of certain mathematical algorithms. Traditional cryptography cannot detect eavesdropping and cannot guarantee the security of the key. Quantum key distribution is only used to generate and distribute keys and does not transmit any substantial messages. The key can be used for certain encryption algorithms to encrypt messages, and the encrypted messages can be transmitted in standard channels. The most common algorithm related to quantum key distribution is the one-time pad. If a secret and random key is used, this algorithm has provable security.
According to the book, cryptography is the use of mathematical operations to protect messages traveling between parties or stores on a computer. One key point that stood out to me in this reading is the human issues in cryptography. One might think long keys and a well-tested cipher symmetric key encryption for confidentiality would be impossible to crack. However, if the sender or receives fails to keep the key secret, the eavesdropper may learn the key and read every message. What this means is that poor communication can defeat the long keys and well-tested cipher and companies need to enforce organizational processes without compromising the technical strengths of cryptography. There are various symmetric key encryption ciphers to communicate securely and some of the common ones are RC4, DES, 3DES, and AES. AES is stronger and faster as compared to the others and efficient in terms of processing power and RAM requirements. It is offered in three alternative key lengths: 128 bits, 192 bits, and 256 bits. The longer key lengths are strong and would take forever to crack but even in this case AES security is only assured if it is correctly implemented.
Hi Priyanka, I agree with your point of view. There are various symmetric key encryption ciphers to communicate securely. The example shown in the paragraph is very widely used. The longer key length is stronger, and less pattern is better because it will make it harder to be a hack or crack by brutal force.
This chapter introduce the cryptography and how it works. Cryptography is the way to use mathematical operation to protect messages traveling between parties or stored on a computer. One key point I noticed is about the public key encryption. Usually, a symmetric key is one that is used both to encrypt and decrypt information and it’s fast and inexpensive. Public key encryption is the opposite, Public key encryption is complex, slow and expensive to use. Typically, public key encryption takes 100 to 1,000 times longer than symmetric key encryption to encrypt a message of a given length. And in public key encryption there are two keys, one is used to encrypt, another is used to decrypt. For RSA public key encryption, it usually need minimum key length for a strong key is 1,024 bits. For the more efficient ECC cipher, 512-bit keys will have same strength. Longer key length requires more processing time during encipherment, and long key length is one of the reasons why public key encryption is so slow and expensive to implement. Based one that, cryptography only uses public key encryption to encrypt very short messages for confidentiality.
Hi, Xinyi, thank you for sharing your point, I very like you points about public key encryption. Every public key matches to only one private key. Together, they are used to encrypt and decrypt messages. If you encode a message using a person’s public key, they can only decode it using their matching private key.
One of the key things I learned from this chapter is the encrypted public key. There are two main distinct encryption targets, public key encryption for confidentiality and public key encryption for authentication. These two methods send the key differently.
To ensure confidentiality – the sender will use the receiver’s public key for encryption, and the receiver will use the receiver’s private key for decryption. To ensure authentication – the sender will use the sender’s private key for encryption and the receiver will use the real party’s public key for decryption.
It is important to understand the two common types of encryption because they use different ways to achieve different purposes. Incorrect usage may affect data confidentiality or data integrity.
Hi Wenyao, I agree as well, public-key encryption is one good and easy way to protect your communications. Public keys are both used for confidentiality and authentication. Used for confidentiality, the sender is able to encrypt the information with the receiver’s public key. The receiver is then able to authenticate using their private key. To use it to authenticate, the sender can encrypt with her private key, and the receiver can only decrypt with the public key of the true sender.
This chapter is about cryptography. It evolves confidentiality, plaintext, ciphertext and key. There are substitution ciphers and transposition. In substitution ciphers, one character is substituted for another, but the order of characters is not changed. I In transposition ciphers, in turn, the letters are moved around within a message, based on their initial positions in the message. The letters themselves are not changed, as they are in substitu- tion ciphers, but their position in the message does. Cryptography has been used for a ling time, back to world war II, and also company’s private massage in recent days. In the world of internet technology is heavily involved, cryptography now is extremely complicated, but some of it still using the same logic mentioned in the first few sentences. Session key is widely used in the company and organization.
Hi Ting-yan,
I agree with your words. This chapter is a review of some familiar concepts of cryptography in past courses and readings. Nevertheless, figure 3-9 shows a good classification of the SSL/TLS cryptographic suite, which helps organizations to decide what packages to implement based on their needs and budgets. For example, RSA\u WITH \u AES\u 256\u CBC\u SHA256 is the most robust cryptographic suite, but it may cost too much to implement. Therefore, the organization may choose to go with DH U DSS U 3DES U U EDE U U CBC CBC SHA U, because it can not only meet their needs, but also be financially feasible.
This chapter focuses on cryptography and its format and methods. The area I am most interested in is encryption using the National Standard Institute of Technology (NIST) protocols and standards. To my surprise, NIST has developed several well-known and respected encryption standards.
NIST developed the data encryption standard (DES). When this standard is introduced, it is the pioneer of symmetric key encryption. It used to be and is still widely used and accepted by the cryptographic industry. It uses 56-bit keys and blocks encryption. After DES is fading due to its low key size and vulnerability to violent attack, triples (3DES) is introduced. 3DES increases the size of the key and is very difficult to break, but it is a very slow ram pig. To solve the shortcomings of DES and 3DES, NIST has launched the advanced encryption standard (AES) that we all know. AES allows variable key length and has been widely accepted by the industry. AES is known for its survivability under violent attack, that is to say, cracking 128 bit AES keys takes 100 years.
Hi Haozhe….I like how you focused on different encryption standards and the impact key length can have on a particular encryption being broken through brute-force methods. I think one of the things I learned about DES is that the block size is 64 bits meaning that only 56 of the 64 bits represent the key. The remaining bits in the block are redundant. The redundancy allows communication partners to detect incorrect keys when the redundant bits are not the same on the received message as the redundant bits are on the sent message. Thanks for the summary.
This chapter discusses the various features and use cases for in which cryptography is used to protect an organization’s data and how it can meet confidentiality and integrity security objectives. Confidentiality is accomplished through encryption tools such as a symmetric key and public key infrastructure (PKI). Additionally, PKI can meet another goal called non-repudiation, where a user cannot deny something. Integrity is accomplished through hashing which converts data into a fix-length value or key that represents the original data. However an organization must be careful which encryption and hashing standards are used because certain methods have been depreciated due to known vulnerabilities to collision attacks. A collision attack is when two separate inputs executed through the same hash algorithm generates the same output.
From this chapter, one of the key points I took away was the need for a virtual private network (VPN). With so many people working remotely, the VPN can be used to create a secure tunnel for the end user to access the confidential information within their organizations local network. The VPN allows people to continue to operate their business activities without the worry of someone decrypting and viewing the data you are transmitting in plain text.
One of the benefits of VPN is that it protects from security breaches in many forms, including rogue wi-fi networks, man in the middle attacks, etc. With everyone being remote these days, employees can connect securely to the internet as if they were physically present in the office. Using a VPN protects the privacy of the company.
The main objective for encryption is to protect the confidentiality of information. There are two forms of encryption Symmetric and Asymmetric. Symmetric Encryption are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The sender and the receiver, use the same key in both directions. There are many forms of symmetric encryption: Blowfish, AES, RC4, DES, RC5, and RC6. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256 Symmetric Encryption. The main advantage of symmetric encryption over asymmetric encryption is that it is fast and efficient for large amounts of dataAsymmetric Encryption encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key. Some examples of Asymmetric Encryption are RSA, ECC and Diffie-Hellman. There is an Advantage to using Asymmetric Encryption. Asymmetric cryptography offers better security because it uses two different keys — a public key which only gets used to encrypt messages, making it safe for anyone to have, and a private key to decrypt messages that never needs to be shared.
One key point I took from this chapter was the importance of ciphers in encrypting and decrypting codes. Two types of ciphers are substitution ciphers and transposition ciphers. In a substitution cipher, the order of the characters are not changed, but one character is substituted for another. In this scenario, you would need a key to decipher the substitution cipher to get the intended message. In a transposition cipher, the letters are not changed, but the position of the letters are moved around. Much like a puzzle, the letters have to be arranged in a format that completes the message intended.
Hi Krish,
I quite agree with you that encryption is one of the oldest forms of information security to ensure confidentiality. However, I think the important thing to remember about key lengths is that they should be long enough to keep information secret, but not so long that they slow down decryption and bring the system to a standstill.
Encryption is a cryptographic process that turns the plaintext into a seemingly random stream of bits called the ciphertext. One section I found interesting was IPsec. As many of us are working from home during Covid, chances are that you are connecting to your company’s internal network by way of an IPsec tunnel. IPsec is the gold standard in VPN security. IP is the Internet Protocol, and “sec” is short for security. It protects the IP packet and everything in an IP packet’s data field. This includes ICMP (Internet Control Message Protocol), TCP (Transmission Control Protocol), and UDP (User Datagram Protocol) messages as well as all applications. IPsec can be configured in transport mode or tunnel mode. Tunnel mode appears to be the more useful of the two as it is lower in cost and a bit more friendlier towards firewalls as each packet is decrypted by the IPsec gateway. A border firewall located after the gateway can then filter the decrypted packet.
Anthony, I think what you said is very interesting. Working from home has definitely made VPNs more and more common. When I work from home calls are routed through a software and to my phone, but to the clients calling in it looks like they are speaking with our 800 number. Is this some type of VPN for phones rather than internet/network use?
Ciphertext can be transmitted across the network. The ciphertext performs the plaintext, and the people need to use an appropriate cipher to decrypt the encrypted information. Since the ciphertext is unreadable, this can be used to protect the sensitive information effectively. When people try to translate the ciphertext to plaintext, which it is readable, the sender uses encryption to send it to the receiver, and the receiver decrypts it into the plaintext. Moreover, the attacker is not easy to attack modern encryption because it has two complicated methods, including the private key and public key, to secure the system. The sender publishes the public key to perform encryption, and the private key uses two different ciphers, including block ciphers and stream ciphers, to keep secure and makes the decryption more difficult. Thus, modern encryption can help users protect their systems well.
Interesting point that I took from the reading is how symmetric and asymmetric key usage are not competing concepts but principles that can be used together to create a secure exchange of information. Symmetric keys are ones where both the sender or supplicant and receiver or verifier hold the same key for message exchange. To encrypt the message the sender uses a cipher and the key to encrypt the message, the receiver uses the same cipher and key to decrypt the message. The issue is that the communication of the key between the parties cannot be supported by a symmetric key. Instead the sender would communicate the symmetric key by encrypting using an asymmetric key. Asymmetric keys use the public key infrastructure (PKI) where the recipient’s public key is available to anyone while the recipient hold a private key. The public key is used to encrypt and the private key is used to decrypt. To send a symmetric key, the sender would encrypt the message with the symmetric key using the receiver’s public key, send the message and the receiver decrypts using their own private key. This method allows the key exchange while still validating that the receiver is who they say they are. The sender gains confidentiality and authorization of the receiver in following this method.
Hi, Heather. I like you point out that symmetric and asymmetric key usages are not competing for concepts but principles that can be used together to create a secure exchange of information. These keys can make your information more secure. For example, the military which has much different military intelligence only uses a symmetric key to protect the information, it must make many advantages for the attacker. Besides, having both of the keys protects the information, which can improve security.
The biggest takeaway from chapter 3 was the initial handshaking stages. This is where two parties begin to communicate through a cryptographic system standard. It starts with negotiation which is where the two parties determine what method of cryptography will be used. Once the parties determine the cipher suite to be used the interaction moves to the initial authentication. The point of this step is so that each party can verify that they are interacting with who they think it is and not an imposter. Once the authentication is complete there is now mutual authentication and communication can begin. There are also situations (server) where only one party has to authorize who they are. Next comes keying, where keys are sent securely and only after authentication because multiple keying methods are vulnerable to key stealing by third parties.
Once these steps are completed, the handshaking stages are completed and the relationship moves to ongoing communication. Electronic signatures and message-by-message authentication are put in place to fight off any imposter efforts to make sure the conversation stays secure. These steps are integral to simple communication but also when dealing with sensitive information and processes (bank info and transactions, passwords, account management, etc.).
The chapter focuses on cryptography, the methods of cryptography is used to securely communicate over untrusted networks. Systems are able to use virtual private networks(VPN) to secure communication over untrusted networks such as the internet and wireless LANs. The chapter introduces three forms of VPNs, there’s host-to-host VPN, remote access VPNs, and site-to-site VPNs.
Host-to-host VPNs are used to connect a single client over an untrusted network to a single server, this is creating a one-to-one relationship. One example is when you are logging into your e-commerce account. Your server will load onto the host-to-host server to ensure your highly sensitive information is protected. Remote access VPN connects a single PC over an untrusted network to a site’s network. The gateway is what’s being used to authenticate users and allows these authorized users to have access to resources inside the site. Site-to-site VPNs is used to protect all traffic flowing over the untrusted network, it can be used between a pair of sites. VPN messages are encrypted when they are sent and only the receiving gateway can decrypt the messages and pass them along to the correct hosts in the receiving network.
The logistics behind VPNs seem so complicated but it is used so broadly, mainly web browsers such as Google Chrome create easily accessible plugins for VPNs. These front-facing tools make it easier for consumers to access and use VPNs as a way to securely connect in untrusted networks.
SSL VPN is the simplest and most secure solution for remote users to access sensitive corporate data. Compared with the complex IPSec VPN, SSL provides a simple and easy way to connect information remotely. SSL VPN can be used on any machine with a browser installed. This is because SSL is embedded in the browser, and it does not require the installation of client software for every client as with traditional IPSec VPN. SSL Version 3.0 was also adopted by the standards body as TLS 1.0, so SSL VPN is also called TLS VPN. SSL: Simple implementation of protection for some TCP applications, such as HTTPS and SFTP; SSL VPN: Using the transmission function of TCP and the protection of SSL to TCP session, realize the VPN service, the protected VPN service can be TCP, or UDP, pure IP application; TLS: Extensions over SSL to provide direct protection for UDP applications, which is the best annotation for transport layer security.
The interesting point that I took from the this chapter is the Cryptographic system, Cryptographic systems combine all of the cryptographic protections, including confidentiality, authentication, and integrity into a single system and protect user dialogues from attackers and eliminate the need for users to understand the specific cryptographic details. And the first task of this system is selecting a cryptographic system. After this, this system has 3 remaining handshaking stages need to complete. There are Negotiation of security methods and options, Authentication (usually mutual), Keying Secure delivery of keys and other secrets and Ongoing communication stage. A cryptosystem, also known as a cipher system, is a series of algorithms needed to implement a security service, such as confidentiality.
Hi Zhen,
Cryptographic systems do blend well into the CIA triad with Confidentiality and Integrity being their main strengths. It is vital to have end to end security when transmitting data/information to ensure it reaches the correct destination without being exposed to unauthorized individuals.
One of the topics that I found interesting in this reading assignment was virtual private networks. These are basically private networks created by using a cryptographic system to secure communications over an untreated network like the internet. Although I always used VPN for work reading this chapter provided me with a greater understanding of how VPNs work. I learned that there are three types of VPNs:
1. Host-Host: this is the simplest type of VPN. a host-to-host VPN connects a single client over an untrusted network to a single server.
2. Remote access VPN: A remote access VPN connects a single remote PC over an untrusted network to a site network
3. Site-Site: Site-to-site VPNs protect all traffic flowing over an untrusted network between a pair of sites. These may be two corporate sites or a corporate site and either a customer site or a supplier site.
One of the things I thought was interesting related to VPN’s is the interaction between transport mode and firewalls. It makes the border firewall less effective because it cannot read the network packets in plaintext in order to filter it since the traffic is encrypted with IPsec SSL/TLS.
I feel like I’m all about the human aspect of each one of our topics. I took away the importance of having enforceable organizational processes that don’t compromise the “technical strengths of cryptography.” The example provided on page 116 about the Secretary of State for the Home Department suggesting to install a “back door” to allow law enforcement greater accessibility seems logical but defeats the purpose of encryption.
You are correct in your analysis. The idea of a “back door” for law enforcement to gain entry to devices for their cases seems good in theory to cut time for them to search for data, but just having that back door means that someone else could find it and gain entry to the system at hand. Apple has made a huge deal about not making special exceptions to gain access to the iOS system without the proper credentials that the initial user set.
Hi Vanessa & Krish,
You guys bring up a great discussion topic. This topic escalated into controversy couple years ago when law enforcement needed access to one of the criminals cell phone. I am in the support of apple and not making any exceptions for any entity to grant them backdoor access. This will totally defeat the purpose of encryption as Vanessa mentioned and basically make every encrypted data and device vulnerable.
The most outstanding topic in this chapter reading is Virtual Private Networks. This section relates more to how organizations have adopted to recent/current events, with Remote Access VPNs being the most utilized as workers are having to telecommute. Whether the remote connection has a very secure and strong encryption or not, there is significant risk especially where users can use their personal devices. This defeats the purpose of encryption since personal devices can be compromised hence exposing the host network in some way.
One of the most important and unique properties of quantum key distribution is that a third party tries to eavesdrop on the password o conveniences. These two conveniences are based on quantum mechanics’ basic principle: any measurement quantum system measurement will interfere with the system. When a third party tries to eavesdrop on the password, it must be measured somehow, and these measurements will bring detectable anomalies. The communication system can detect eavesdropping through the communication system to detect eavesdropping through the quantum superposition state. When the eavesdropping is lower than a certain standard, a secure key can be generated.
The security of quantum key distribution is based on quantum mechanics’ basic principles, while traditional cryptography is based on the computational complexity of certain mathematical algorithms. Traditional cryptography cannot detect eavesdropping and cannot guarantee the security of the key. Quantum key distribution is only used to generate and distribute keys and does not transmit any substantial messages. The key can be used for certain encryption algorithms to encrypt messages, and the encrypted messages can be transmitted in standard channels. The most common algorithm related to quantum key distribution is the one-time pad. If a secret and random key is used, this algorithm has provable security.
According to the book, cryptography is the use of mathematical operations to protect messages traveling between parties or stores on a computer. One key point that stood out to me in this reading is the human issues in cryptography. One might think long keys and a well-tested cipher symmetric key encryption for confidentiality would be impossible to crack. However, if the sender or receives fails to keep the key secret, the eavesdropper may learn the key and read every message. What this means is that poor communication can defeat the long keys and well-tested cipher and companies need to enforce organizational processes without compromising the technical strengths of cryptography. There are various symmetric key encryption ciphers to communicate securely and some of the common ones are RC4, DES, 3DES, and AES. AES is stronger and faster as compared to the others and efficient in terms of processing power and RAM requirements. It is offered in three alternative key lengths: 128 bits, 192 bits, and 256 bits. The longer key lengths are strong and would take forever to crack but even in this case AES security is only assured if it is correctly implemented.
Hi Priyanka, I agree with your point of view. There are various symmetric key encryption ciphers to communicate securely. The example shown in the paragraph is very widely used. The longer key length is stronger, and less pattern is better because it will make it harder to be a hack or crack by brutal force.
This chapter introduce the cryptography and how it works. Cryptography is the way to use mathematical operation to protect messages traveling between parties or stored on a computer. One key point I noticed is about the public key encryption. Usually, a symmetric key is one that is used both to encrypt and decrypt information and it’s fast and inexpensive. Public key encryption is the opposite, Public key encryption is complex, slow and expensive to use. Typically, public key encryption takes 100 to 1,000 times longer than symmetric key encryption to encrypt a message of a given length. And in public key encryption there are two keys, one is used to encrypt, another is used to decrypt. For RSA public key encryption, it usually need minimum key length for a strong key is 1,024 bits. For the more efficient ECC cipher, 512-bit keys will have same strength. Longer key length requires more processing time during encipherment, and long key length is one of the reasons why public key encryption is so slow and expensive to implement. Based one that, cryptography only uses public key encryption to encrypt very short messages for confidentiality.
Hi, Xinyi, thank you for sharing your point, I very like you points about public key encryption. Every public key matches to only one private key. Together, they are used to encrypt and decrypt messages. If you encode a message using a person’s public key, they can only decode it using their matching private key.
One of the key things I learned from this chapter is the encrypted public key. There are two main distinct encryption targets, public key encryption for confidentiality and public key encryption for authentication. These two methods send the key differently.
To ensure confidentiality – the sender will use the receiver’s public key for encryption, and the receiver will use the receiver’s private key for decryption. To ensure authentication – the sender will use the sender’s private key for encryption and the receiver will use the real party’s public key for decryption.
It is important to understand the two common types of encryption because they use different ways to achieve different purposes. Incorrect usage may affect data confidentiality or data integrity.
Hi Wenyao, I agree as well, public-key encryption is one good and easy way to protect your communications. Public keys are both used for confidentiality and authentication. Used for confidentiality, the sender is able to encrypt the information with the receiver’s public key. The receiver is then able to authenticate using their private key. To use it to authenticate, the sender can encrypt with her private key, and the receiver can only decrypt with the public key of the true sender.
This chapter is about cryptography. It evolves confidentiality, plaintext, ciphertext and key. There are substitution ciphers and transposition. In substitution ciphers, one character is substituted for another, but the order of characters is not changed. I In transposition ciphers, in turn, the letters are moved around within a message, based on their initial positions in the message. The letters themselves are not changed, as they are in substitu- tion ciphers, but their position in the message does. Cryptography has been used for a ling time, back to world war II, and also company’s private massage in recent days. In the world of internet technology is heavily involved, cryptography now is extremely complicated, but some of it still using the same logic mentioned in the first few sentences. Session key is widely used in the company and organization.
Hi Ting-yan,
I agree with your words. This chapter is a review of some familiar concepts of cryptography in past courses and readings. Nevertheless, figure 3-9 shows a good classification of the SSL/TLS cryptographic suite, which helps organizations to decide what packages to implement based on their needs and budgets. For example, RSA\u WITH \u AES\u 256\u CBC\u SHA256 is the most robust cryptographic suite, but it may cost too much to implement. Therefore, the organization may choose to go with DH U DSS U 3DES U U EDE U U CBC CBC SHA U, because it can not only meet their needs, but also be financially feasible.
This chapter focuses on cryptography and its format and methods. The area I am most interested in is encryption using the National Standard Institute of Technology (NIST) protocols and standards. To my surprise, NIST has developed several well-known and respected encryption standards.
NIST developed the data encryption standard (DES). When this standard is introduced, it is the pioneer of symmetric key encryption. It used to be and is still widely used and accepted by the cryptographic industry. It uses 56-bit keys and blocks encryption. After DES is fading due to its low key size and vulnerability to violent attack, triples (3DES) is introduced. 3DES increases the size of the key and is very difficult to break, but it is a very slow ram pig. To solve the shortcomings of DES and 3DES, NIST has launched the advanced encryption standard (AES) that we all know. AES allows variable key length and has been widely accepted by the industry. AES is known for its survivability under violent attack, that is to say, cracking 128 bit AES keys takes 100 years.
Hi Haozhe….I like how you focused on different encryption standards and the impact key length can have on a particular encryption being broken through brute-force methods. I think one of the things I learned about DES is that the block size is 64 bits meaning that only 56 of the 64 bits represent the key. The remaining bits in the block are redundant. The redundancy allows communication partners to detect incorrect keys when the redundant bits are not the same on the received message as the redundant bits are on the sent message. Thanks for the summary.
This chapter discusses the various features and use cases for in which cryptography is used to protect an organization’s data and how it can meet confidentiality and integrity security objectives. Confidentiality is accomplished through encryption tools such as a symmetric key and public key infrastructure (PKI). Additionally, PKI can meet another goal called non-repudiation, where a user cannot deny something. Integrity is accomplished through hashing which converts data into a fix-length value or key that represents the original data. However an organization must be careful which encryption and hashing standards are used because certain methods have been depreciated due to known vulnerabilities to collision attacks. A collision attack is when two separate inputs executed through the same hash algorithm generates the same output.
From this chapter, one of the key points I took away was the need for a virtual private network (VPN). With so many people working remotely, the VPN can be used to create a secure tunnel for the end user to access the confidential information within their organizations local network. The VPN allows people to continue to operate their business activities without the worry of someone decrypting and viewing the data you are transmitting in plain text.
One of the benefits of VPN is that it protects from security breaches in many forms, including rogue wi-fi networks, man in the middle attacks, etc. With everyone being remote these days, employees can connect securely to the internet as if they were physically present in the office. Using a VPN protects the privacy of the company.
The main objective for encryption is to protect the confidentiality of information. There are two forms of encryption Symmetric and Asymmetric. Symmetric Encryption are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The sender and the receiver, use the same key in both directions. There are many forms of symmetric encryption: Blowfish, AES, RC4, DES, RC5, and RC6. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256 Symmetric Encryption. The main advantage of symmetric encryption over asymmetric encryption is that it is fast and efficient for large amounts of dataAsymmetric Encryption encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key. Some examples of Asymmetric Encryption are RSA, ECC and Diffie-Hellman. There is an Advantage to using Asymmetric Encryption. Asymmetric cryptography offers better security because it uses two different keys — a public key which only gets used to encrypt messages, making it safe for anyone to have, and a private key to decrypt messages that never needs to be shared.
One key point I took from this chapter was the importance of ciphers in encrypting and decrypting codes. Two types of ciphers are substitution ciphers and transposition ciphers. In a substitution cipher, the order of the characters are not changed, but one character is substituted for another. In this scenario, you would need a key to decipher the substitution cipher to get the intended message. In a transposition cipher, the letters are not changed, but the position of the letters are moved around. Much like a puzzle, the letters have to be arranged in a format that completes the message intended.
Hi Krish,
I quite agree with you that encryption is one of the oldest forms of information security to ensure confidentiality. However, I think the important thing to remember about key lengths is that they should be long enough to keep information secret, but not so long that they slow down decryption and bring the system to a standstill.
Encryption is a cryptographic process that turns the plaintext into a seemingly random stream of bits called the ciphertext. One section I found interesting was IPsec. As many of us are working from home during Covid, chances are that you are connecting to your company’s internal network by way of an IPsec tunnel. IPsec is the gold standard in VPN security. IP is the Internet Protocol, and “sec” is short for security. It protects the IP packet and everything in an IP packet’s data field. This includes ICMP (Internet Control Message Protocol), TCP (Transmission Control Protocol), and UDP (User Datagram Protocol) messages as well as all applications. IPsec can be configured in transport mode or tunnel mode. Tunnel mode appears to be the more useful of the two as it is lower in cost and a bit more friendlier towards firewalls as each packet is decrypted by the IPsec gateway. A border firewall located after the gateway can then filter the decrypted packet.
Anthony, I think what you said is very interesting. Working from home has definitely made VPNs more and more common. When I work from home calls are routed through a software and to my phone, but to the clients calling in it looks like they are speaking with our 800 number. Is this some type of VPN for phones rather than internet/network use?
Ciphertext can be transmitted across the network. The ciphertext performs the plaintext, and the people need to use an appropriate cipher to decrypt the encrypted information. Since the ciphertext is unreadable, this can be used to protect the sensitive information effectively. When people try to translate the ciphertext to plaintext, which it is readable, the sender uses encryption to send it to the receiver, and the receiver decrypts it into the plaintext. Moreover, the attacker is not easy to attack modern encryption because it has two complicated methods, including the private key and public key, to secure the system. The sender publishes the public key to perform encryption, and the private key uses two different ciphers, including block ciphers and stream ciphers, to keep secure and makes the decryption more difficult. Thus, modern encryption can help users protect their systems well.
Interesting point that I took from the reading is how symmetric and asymmetric key usage are not competing concepts but principles that can be used together to create a secure exchange of information. Symmetric keys are ones where both the sender or supplicant and receiver or verifier hold the same key for message exchange. To encrypt the message the sender uses a cipher and the key to encrypt the message, the receiver uses the same cipher and key to decrypt the message. The issue is that the communication of the key between the parties cannot be supported by a symmetric key. Instead the sender would communicate the symmetric key by encrypting using an asymmetric key. Asymmetric keys use the public key infrastructure (PKI) where the recipient’s public key is available to anyone while the recipient hold a private key. The public key is used to encrypt and the private key is used to decrypt. To send a symmetric key, the sender would encrypt the message with the symmetric key using the receiver’s public key, send the message and the receiver decrypts using their own private key. This method allows the key exchange while still validating that the receiver is who they say they are. The sender gains confidentiality and authorization of the receiver in following this method.
Hi, Heather. I like you point out that symmetric and asymmetric key usages are not competing for concepts but principles that can be used together to create a secure exchange of information. These keys can make your information more secure. For example, the military which has much different military intelligence only uses a symmetric key to protect the information, it must make many advantages for the attacker. Besides, having both of the keys protects the information, which can improve security.
The biggest takeaway from chapter 3 was the initial handshaking stages. This is where two parties begin to communicate through a cryptographic system standard. It starts with negotiation which is where the two parties determine what method of cryptography will be used. Once the parties determine the cipher suite to be used the interaction moves to the initial authentication. The point of this step is so that each party can verify that they are interacting with who they think it is and not an imposter. Once the authentication is complete there is now mutual authentication and communication can begin. There are also situations (server) where only one party has to authorize who they are. Next comes keying, where keys are sent securely and only after authentication because multiple keying methods are vulnerable to key stealing by third parties.
Once these steps are completed, the handshaking stages are completed and the relationship moves to ongoing communication. Electronic signatures and message-by-message authentication are put in place to fight off any imposter efforts to make sure the conversation stays secure. These steps are integral to simple communication but also when dealing with sensitive information and processes (bank info and transactions, passwords, account management, etc.).
The chapter focuses on cryptography, the methods of cryptography is used to securely communicate over untrusted networks. Systems are able to use virtual private networks(VPN) to secure communication over untrusted networks such as the internet and wireless LANs. The chapter introduces three forms of VPNs, there’s host-to-host VPN, remote access VPNs, and site-to-site VPNs.
Host-to-host VPNs are used to connect a single client over an untrusted network to a single server, this is creating a one-to-one relationship. One example is when you are logging into your e-commerce account. Your server will load onto the host-to-host server to ensure your highly sensitive information is protected. Remote access VPN connects a single PC over an untrusted network to a site’s network. The gateway is what’s being used to authenticate users and allows these authorized users to have access to resources inside the site. Site-to-site VPNs is used to protect all traffic flowing over the untrusted network, it can be used between a pair of sites. VPN messages are encrypted when they are sent and only the receiving gateway can decrypt the messages and pass them along to the correct hosts in the receiving network.
The logistics behind VPNs seem so complicated but it is used so broadly, mainly web browsers such as Google Chrome create easily accessible plugins for VPNs. These front-facing tools make it easier for consumers to access and use VPNs as a way to securely connect in untrusted networks.
SSL VPN is the simplest and most secure solution for remote users to access sensitive corporate data. Compared with the complex IPSec VPN, SSL provides a simple and easy way to connect information remotely. SSL VPN can be used on any machine with a browser installed. This is because SSL is embedded in the browser, and it does not require the installation of client software for every client as with traditional IPSec VPN. SSL Version 3.0 was also adopted by the standards body as TLS 1.0, so SSL VPN is also called TLS VPN. SSL: Simple implementation of protection for some TCP applications, such as HTTPS and SFTP; SSL VPN: Using the transmission function of TCP and the protection of SSL to TCP session, realize the VPN service, the protected VPN service can be TCP, or UDP, pure IP application; TLS: Extensions over SSL to provide direct protection for UDP applications, which is the best annotation for transport layer security.
The interesting point that I took from the this chapter is the Cryptographic system, Cryptographic systems combine all of the cryptographic protections, including confidentiality, authentication, and integrity into a single system and protect user dialogues from attackers and eliminate the need for users to understand the specific cryptographic details. And the first task of this system is selecting a cryptographic system. After this, this system has 3 remaining handshaking stages need to complete. There are Negotiation of security methods and options, Authentication (usually mutual), Keying Secure delivery of keys and other secrets and Ongoing communication stage. A cryptosystem, also known as a cipher system, is a series of algorithms needed to implement a security service, such as confidentiality.
Hi Zhen,
Cryptographic systems do blend well into the CIA triad with Confidentiality and Integrity being their main strengths. It is vital to have end to end security when transmitting data/information to ensure it reaches the correct destination without being exposed to unauthorized individuals.
One of the topics that I found interesting in this reading assignment was virtual private networks. These are basically private networks created by using a cryptographic system to secure communications over an untreated network like the internet. Although I always used VPN for work reading this chapter provided me with a greater understanding of how VPNs work. I learned that there are three types of VPNs:
1. Host-Host: this is the simplest type of VPN. a host-to-host VPN connects a single client over an untrusted network to a single server.
2. Remote access VPN: A remote access VPN connects a single remote PC over an untrusted network to a site network
3. Site-Site: Site-to-site VPNs protect all traffic flowing over an untrusted network between a pair of sites. These may be two corporate sites or a corporate site and either a customer site or a supplier site.
Hi Prince,
One of the things I thought was interesting related to VPN’s is the interaction between transport mode and firewalls. It makes the border firewall less effective because it cannot read the network packets in plaintext in order to filter it since the traffic is encrypted with IPsec SSL/TLS.
I feel like I’m all about the human aspect of each one of our topics. I took away the importance of having enforceable organizational processes that don’t compromise the “technical strengths of cryptography.” The example provided on page 116 about the Secretary of State for the Home Department suggesting to install a “back door” to allow law enforcement greater accessibility seems logical but defeats the purpose of encryption.
Hi Vanessa,
You are correct in your analysis. The idea of a “back door” for law enforcement to gain entry to devices for their cases seems good in theory to cut time for them to search for data, but just having that back door means that someone else could find it and gain entry to the system at hand. Apple has made a huge deal about not making special exceptions to gain access to the iOS system without the proper credentials that the initial user set.
Hi Vanessa & Krish,
You guys bring up a great discussion topic. This topic escalated into controversy couple years ago when law enforcement needed access to one of the criminals cell phone. I am in the support of apple and not making any exceptions for any entity to grant them backdoor access. This will totally defeat the purpose of encryption as Vanessa mentioned and basically make every encrypted data and device vulnerable.
Hi Vanessa,
I could not agree more on this. This feels like intentionally compromising a device on behalf of attackers and making it easier for them.
The most outstanding topic in this chapter reading is Virtual Private Networks. This section relates more to how organizations have adopted to recent/current events, with Remote Access VPNs being the most utilized as workers are having to telecommute. Whether the remote connection has a very secure and strong encryption or not, there is significant risk especially where users can use their personal devices. This defeats the purpose of encryption since personal devices can be compromised hence exposing the host network in some way.