Shancang Li, in
Securing the Internet of Things, 2017 The symmetric key algorithms are quite efficient, but the key distribution is difficult to IoT end devices. The key
distribution requires a secure connection between the key distribution sever and the IoT nodes. PKC and asymmetric cryptography are two effective ways of providing confidentiality and authentication. In contrast to the symmetric cryptography, the PKC is based on mathematically hard problem to solve, whereas hard in this context refers to the complexity of calculation. The public-key encryption is based on “trapdoor” functions, which are easy to compute, but hard to reverse without additional
information. The RSA is a widely used public-key algorithm, in which the hard problem is finding the prime factors of a composite number. In PKC cryptosystem, generally in a key pair, the public key and the private key, the public key is made accessible to the public and the private key is kept at a safe place. The public key is generally used in two ways. Public-key encryption, in which one is capable to encrypt a message with the
public key of an entity, where only the entity with the corresponding private key is capable of decrypting the cipher text. Digital signatures, in which a cipher text generated with the private key can be decrypted by anyone who has the public key. This verification proves that the sender had access to the private key and therefore is likely to be the person associated with the public key. In PKC system, public/private key pairs can be easily generated for encryption and decryption. The security strength in a PKC system lies in how difficult to determine a properly generated private key from its public key. In this case, the length of private key is important for avoiding brute-force attacks. The RSA is one of the first practical public-key cryptosystems, which is based on the practical difficulty of factoring
the product of two large prime numbers. If the public key is large enough, only the one knowing the prime numbers can feasibly decode the message. The RSA is a relative slow algorithm for encryption however it is commonly used to pass encrypted shared keys for symmetric key cryptography. Since RSA encryption is an expensive operation, in IoT it is rather used in combination with symmetric cryptography. The shared symmetric key is encrypted with RSA; the security of encryption in general is
dependent on the length of the key. For RSA, a key length of 1024 bits (128 bytes) is required, to have an equivalent security level of symmetric key cryptography with a key length of 128 bit (16 bytes). The large key size of RSA will cause expensive computation costs. The ECC is an alternative to common PKC because of the resistance against powerful index-calculus attacks. The ECC allows efficient implementation due to a significant smaller bit size of
the operands over resource-constrained environment. ECC is another public-key cryptography approach that works based on elliptic curves over finite fields. ECC’s smaller key size is 256 as shown in Table 4.2. It is more efficient than RSA and it is more suitable for resource-limited devices in IoT. The basic idea of ECC is the general assumption that the elliptic curve discrete logarithm problem is infeasible or at least not solvable in a reasonable time. Table 4.2. Key Size for Symmetric Key, RSA, and ECC
IoT Node Authentication
4.2.2 Public-Key Cryptography
Symmetric KeyRSA KeyElliptic Curve Key 80
1024
160
112
2048
224
128
3072
256
192
7680
384
256
15,360
521
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9780128044582000044
Cryptography
Derrick Rountree, in Security for Microsoft Windows System Administrators, 2011
Cryptographic Algorithms
In cryptography, the strength of a transaction is based on the key. In general, the longer the key, the stronger it is. Many different systems use the same cryptographic algorithm, but they all use different keys. It's important that you keep the key safe and confidential. If the key gets lost, you will no longer be able to decrypt data that was encrypted with it. If someone else comes in possession of the key, then he or she will be able to decrypt your encrypted data.
There is a specific type of cryptographic vulnerability related to cryptographic keys. It is called weak keys. All cryptographic algorithms are based on some sort of mathematical function. Many times, mathematical functions can have numbers or series of numbers that cause the function to behave improperly. In cryptography, this number or series of numbers is called a weak key. When cryptographic algorithms are designed, the creators try to reduce or eliminate the possible number of weak keys. But, they are not always successful.
There are two general types of cryptographic ciphers: block ciphers and stream ciphers. Block ciphers encrypt data one fixed block of data at a time. The length of this block of data is called the block size. With block ciphers, the encrypted block of data will generally be the same length as the unencrypted block of data. Stream ciphers generally encrypt data one bit at a time. Stream ciphers generate and use a key stream for encryption, not just a single key. Stream ciphers are generally much faster than block ciphers. This is due to the simple mathematical formulas generally used with stream ciphers.
Symmetric Encryption
Symmetric key algorithms are sometimes referred to as secret key algorithms. This is because these types of algorithms generally use one key that is kept secret by the systems engaged in the encryption and decryption processes. This single key is used for both encryption and decryption.
Symmetric key algorithms tend to be very secure. In general, they are considered more secure than asymmetric key algorithms. There are some symmetric key algorithms that are considered virtually unbreakable. Symmetric key algorithms are also very fast. This is why they are often used in situations where there is a lot of data that needs to be encrypted.
In symmetric key algorithms, the key is shared between the two systems. This can present a problem. You have to figure out a way to get the key to all systems that will have to encrypt or decrypt data using a symmetric key algorithm. Having to manually distribute a key to all systems can be a quite cumbersome task. Sometimes, this can only be done by copying the key from a central location. You can imagine how troublesome that can be. On Windows systems, you do have the option of possibly using a group policy or a script of some kind to copy the key to the necessary systems. This helps, but the administrator is still responsible for making sure the group policy or the script functions properly.
There are hundreds of different symmetric key algorithms available. Each has its own strengths and weaknesses. Some of the more common examples are DES, 3DES, AES, IDEA, RC4, and RC5.
DES: It is the Data Encryption Standard. DES was originally Developed in 1976. It has been one of the most widely used encryption algorithms. This is partially due to the fact that it was adopted as the government standard for encryption. The DES algorithm itself is very strong. The weakness comes in the fact that the original DES standard uses a 56-bit encryption key. Basically, you can use a computer to run through all bit combinations of the key (1s and 0s) until you hit the right key. Back when DES was originally developed, this would have taken hundreds of years. Nowadays, computers are much, much faster. In fact, nowadays, it might only take a day or so to run through all the combinations. This is the main reason why DES is no longer widely used.
3DES: It is most commonly known as Triple DES. 3DES gets its name because it applies the DES algorithm three times to each block of data. 3DES has overtaken its predecessor, DES, and is currently considered to be the most widely used standard for secure encryption. The algorithm itself is just as strong as DES, but you also have the advantage of being able to use longer key lengths. A key must be specified for each of the 3DES encryption iterations. You have the option of using the same key for each, the same for two of the iterations, or a different key for each of the iterations. The most secure implementation is to use a different key for each iteration. If you use the same key for all three iterations, the key strength is considered to be 56 bits. That's basically the same as DES. If you use the same key for two of the iterations and a different key for the third, then the key strength is considered to be 112 bits. If you use a different key for all three iterations, then the encryption strength is considered to be 168 bits. For a long time, the 3DES algorithm was the main algorithm used in FIPS 140 complaint Windows implementations. When you configured the Windows Group Policy or the registry that forced the use of FIPS 140 compliant algorithms, you were basically forcing the use of 3DES for encryption. Now, Windows systems offer the use of AES, which is also a FIPS 140 compliant algorithm.
AES: It is the Advanced Encryption Standard. It is also sometimes referred to as the Rijndael algorithm. This is due to the fact that AES actually comes from the Rijndael algorithm. The government had an evaluation process to determine which algorithm would be used as the AES standard, and the Rijndael algorithm was chosen as the winner. The AES standard actually includes three different ciphers: AES-128, AES-192, and AES-256. The numbers represent the length of the encryption key. AES is very fast and very secure. Because of this, its global uptake has been very quick.
IDEA: It is the International Data Encryption Algorithm. IDEA was originally meant to be a replacement for the DES standard. IDEA uses a 128-bit encryption key. There are two main reasons IDEA is not as widely used as planned. The first is the fact that IDEA is subject to a range of weak keys. The second reason is that there are currently faster algorithms that produce the same level of security.
RC4: It is the fourth version of the Rivest Cipher. RC4 uses a variable length encryption key. This key can vary from 40 to 256 bits. It's most commonly used with a 128-bit key. The RC4 algorithm is very simple and easy to implement. The problem is that if implemented improperly, it can lead to weak cryptographic systems. This is one of the main reasons why RC4 is slowly being phased out. RC4 has been one of the mostly widely used encryption algorithms. It is used in WEP and WPA on wireless networks. It has also been used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) with the Hypertext Transfer Protocol over SSL (HTTPS) protocol. RC4 has also been used with secure shell, Kerberos, and the Remote Desktop Protocol.
RC5: It is the fifth version of the Rivest Cipher. RC5 uses variable length encryption keys. They can range up to 2040 bits. The suggested key size is 128 bits. At one point, RSA, which owns the patent for RC5, was so sure of its security that it had a bounty system to reward anyone who could break items encrypted with the algorithm. Table 2.1 lists out the key length and block size for these algorithms.
Table 2.1. Symmetric Encryption Algorithms
| DES | 56 bits | 64 bits |
| 3DES | 56, 112, or 168 bits | 64 bits |
| AES | 128, 192, or 256 bits | 128 bits |
| IDEA | 128 bits | 64 bits |
| RC4 | 40 to 256 bits | Stream cipher |
| RC5 | 0 to 2040 bits (128 recommended) | 32, 64, or 128 bits (64 recommended) |
Asymmetric Encryption
Asymmetric encryption is also referred to as public key encryption. In asymmetric encryption, both the encrypting and decrypting systems have a set of keys. One is called the public key, and another is called the private key. If the message is encrypted with one key in the pair, the message can be decrypted only with the other key in the pair.
Asymmetric key algorithms are not quite as fast as symmetric key algorithms. This is partially due to the fact that asymmetric key algorithms are generally more complex, using a more sophisticated set of functions.
Asymmetric key algorithms aren't as widely used as their symmetric counterparts. So we'll just go over two of the big ones: Diffie-Hellman and RSA.
Diffie-Hellman: The Diffie-Hellman algorithm was one of the earliest known asymmetric key implementations. The Diffie-Hellman algorithm is mostly used for key exchange. Although symmetric key algorithms are fast and secure, key exchange is always a problem. You have to figure out a way to get the private key to all systems. The Diffie-Hellman algorithm helps with this. The Diffie-Hellman algorithm will be used to establish a secure communication channel. This channel is used by the systems to exchange a private key. This private key is then used to do symmetric encryption between the two systems.
RSA: It is the Rivest Shamir Adelman algorithm. RSA was developed in 1978. RSA was the first widely used asymmetric algorithms used for signing and encryption. It supports key lengths of 768 and 1,024 bits. The RSA algorithm uses a three-part process. The first part is key generation. The keys used in the RSA algorithm are generated using mathematical operations based on prime numbers. The second part of the process is encryption. This encryption is done using one of the keys in the key pair. The third part of the process is decryption. The decryption is done using the other key in the key pair.
Hashing
Cryptographic hashing algorithms, also known as hash functions, basically scramble data. A hash function will generally take an arbitrary amount of data, apply a mathematical formula, and produce a fixed length product, called the hash value. Sometimes, you will also hear the original data referred to as the message, and the product is referred to as the message digest. Hashing is mostly used as a secure way of storing data.
Hashing relies on a couple of key principles. The first is the fact that hashes are one-way; that is, you can use the hash and the data to create the hash value, but you cannot figure out the data given the hash value. Hash functions should also avoid collisions. A collision is where two different sets of data produce the same hash value. Third, you should not be able to change data without having the hash value also change.
Hybrid Encryption Systems
There are many systems that make use of both symmetric and asymmetric keys. These are called hybrid encryption systems. These systems often make use of a key exchange protocol like the Diffie-Hellman algorithm. In these systems, an asymmetric algorithm is used to establish a connection. Then, a key is transferred between the two systems. This key is then used for establishing symmetric encryption between the two systems.
Hashing algorithms are just as abundant as encryption algorithms, but there are a few that are used more often than others. Some common hashing algorithms include MD5, SHA-1, SHA-2, NTLM, and LANMAN.
MD5: This is the fifth version of the Message Digest algorithm. MD5 creates 128-bit outputs. MD5 was a very commonly used hashing algorithm. That was until weaknesses in the algorithm started to surface. Most of these weaknesses manifested themselves as collisions. Because of this, MD5 began to be phased out.
SHA-1: This is the second version of the Secure Hash Algorithm standard, SHA-0 being the first. SHA-1 creates 160-bit outputs. SHA-1 is one of the main algorithms that began to replace MD5, after vulnerabilities were found. SHA-1 gained widespread use and acceptance. SHA-1 was actually designated as a FIPS 140 compliant hashing algorithm.
SHA-2: This is actually a suite of hashing algorithms. The suite contains SHA-224, SHA-256, SHA-384, and SHA-512. Each algorithm is represented by the length of its output. SHA-2 algorithms are more secure than SHA-1 algorithms, but SHA-2 has not gained widespread use.
LANMAN: Microsoft LANMAN is the Microsoft LAN Manager hashing algorithm. LANMAN was used by legacy Windows systems to store passwords. LANMAN used DES algorithms to create the hash. The problem is that LANMAN's implementation of the DES algorithm isn't very secure, and therefore, LANMAN is susceptible to brute force attacks. LANMAN password hashes can actually be cracked in just a few hours. Microsoft no longer uses LANMAN as the default storage mechanism. It is available, but is no longer turned on by default.
NTLM: This is the NT LAN Manager algorithm. The NTLM algorithm is used for password hashing during authentication. It is the successor of the LANMAN algorithm. NTLM was followed with NTLMv2. NTLMv2 uses an HMAC-MD5 algorithm for hashing.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597495943000028
Large Integer Arithmetic
Tom St Denis, Simon Johnson, in Cryptography for Developers, 2007
Introduction
So far, we have been examining symmetric key algorithms that rely solely on secret keys for security. Now we are going to explore the realm of public key cryptography, but before we can do this, we have a significant piece of mathematics to cover.
Most standard public key algorithms are based on problems that are hard to solve in general. For example, the RSA algorithm is (loosely speaking) as secure as factoring is hard. That is, if factoring is hard, breaking RSA is, too (in practice). Similarly, elliptic curve algorithms are as hard to break as inverting point multiplication on the given curve.
In both cases, the “problem” becomes harder as you increase the size of the problem. In the case of RSA, as you increase the composite (public key), factoring becomes harder. Similarly, as you increase the order of the elliptic curve (do not worry if you do not know what that means at this point), the difficulty of inverting point multiplication increases.
To accommodate these larger parameters, we must deploy algorithms known collectively as BigNum algorithms.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B978159749104450011X
Public Key Algorithms
Tom St Denis, Simon Johnson, in Cryptography for Developers, 2007
Introduction
So far, we have been discussing symmetric key algorithms such as AES, HMAC, CMAC, GCM, and CCM. These algorithms are known as symmetric (or shared secret) algorithms, since all parties share the same key values. Revealing this key would compromise the security of the system. This means we have been assuming that we somehow shared a key, and now we are going to answer the how part.
Public key algorithms, also known as asymmetric key algorithms, are used (primarily) to solve two problems that symmetric key algorithms cannot: key distribution and nonrepudiation. The first helps solve privacy problems, and the latter helps solve authenticity problems.
Public key algorithms accomplish these goals by operating asymmetrically; that is, a key is split into two corresponding parts, a public key and a private key. The public key is so named as it is secure to give out publicly to all those who ask for it. The public key enables people to encrypt messages and verify signatures. The private key is so named as it must remain private and cannot be given out. The private key is typically owned by a single person or device in most circumstances, but could technically be shared among a trusted set of parties. The private key allows for decrypting messages and the generation of signatures.
The first publicly disclosed public key algorithm was the Diffie-Hellman key exchange, which allowed, at least initially, only for key distribution between known parties. It was extended by ElGamal to a full encrypt and signature public key scheme, and is used for ECC encryption, as we will see shortly. Shortly after Diffie-Hellman was published, another algorithm known as RSA (Rivest Shamir Adleman) was publicly presented. RSA allowed for both encryption and signatures while using half of the bandwidth as ElGamal. Subsequently, RSA became standardized in various forms.
Later, in the 1980s, elliptic curves were proposed as an abelian group over which ElGamal encryption and DSA (variant of ElGamal) could be performed, and throughout the 1990s and 2000s, various algorithms were proposed that make elliptic curve cryptography an attractive alternative to RSA and ElGamal.
For the purposes of this text, we will discuss PKCS #1 standard RSA and ANSI standard ECC cryptography. They represent two of the three standard algorithms specified by NIST for public key cryptography, and in general are representative of the commercial sector demands.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597491044500121
Security Protocols and Algorithms
Timothy Stapko, in Practical Embedded Security, 2008
RSA
The three algorithms we have looked at so far are all symmetric-key algorithms that are very useful if you have a good way to exchange keys with the person or machine with which you want to communicate. In some cases, a physical transfer of the key may be possible and appropriate, but more often, an electronic means of key delivery is more applicable. Today, in most cases, this method is RSA. Developed and patented by Ronald Rivest, Adi Shamir, and Leonard Adleman in 1978, RSA is the most well-known and probably most useful public-key algorithm. One of the most useful properties of RSA is that it can be used both for the basic public-key operation (I send you my public-key so you can encrypt a message to send back to me), and for authentication (I encrypt a message with my private key which you can verify came from me using my known public-key). This property makes RSA especially useful for protocols that utilize both a public-key operation and authentication, like SSL.
RSA is an elegantly simple algorithm with some extremely complex math behind it. Essentially, RSA consists of a function that utilizes some unique properties of large prime numbers and modular mathematics. The key generation for RSA involves selecting two very large prime numbers and multiplying them together. The trick is that if you know the prime factors used to generate the key then the RSA encryption function is simple to reverse (thereby decrypting an encrypted message). If you don't know those factors, then you have to find them by factoring a REALLY large number into its component prime factors, a process that takes an extremely long time using today's math and technology. It is possible that we may discover a fast way to factor large numbers in the future, and this would be a very big problem, since it would render RSA completely useless. This prime factoring can be considered similar to the brute-force search required for the naïve attack on symmetric algorithms. However, factoring a number is inherently easier than searching through all possible symmetric keys represented by a number of the same size. It is for this reason that symmetric keys are often 128 bits long, but a similarly-secure RSA key will be 1024 or 2048 bits long. Unfortunately, these large numbers are hard to deal with, even on a computer, so RSA is significantly slower than any of the symmetric algorithms we have looked at.
RSA is too slow to be generally useful, but since it does have specific useful properties, it is usually used along with a faster symmetric algorithm, usually to exchange symmetric keys. For embedded systems, the performance of RSA is especially problematic, since an RSA operation on even a moderate-sized key (1024-bits is considered moderate as of right now) can take many seconds on slower processors. For some applications, this might be OK, since the system may not need super speedy response times. For other applications, such as web servers, this is definitely a problem, as the typical user will not wait 30–40 seconds for a webpage to even start loading. For this reason RSA should be used with some type of hardware acceleration if at all possible. Fortunately, like AES, there are a number of products available that either implement RSA entirely in hardware or provide some type of acceleration for software implementations. The primary part of RSA that benefits from acceleration is the modular math—literally millions of operations are done in a typical RSA operation and any improvement in their speed will result in a significant improvement in performance.
RSA is an extremely useful algorithm that is employed in thousands of applications. We will look more at how RSA is implemented, and what we can do to alleviate the performance bottleneck, when we look at SSL, and again when we look at the case studies later on.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9780750682152500045
Security
James McGovern, ... Sunil Mathew, in Java Web Services Architecture, 2003
Encryption Algorithm Selection
Algorithms can be generically categorized as either symmetric or asymmetric. A symmetric-key algorithm, better known as a shared secret, uses a single key for encryption and decryption. This is suitable when two parties have established a relationship in advance. Table 15.2 shows some of the algorithms that can be used in a symmetric scenario.
Table 15.2. Symmetric Algorithms
| AES | 256 | 128 |
| Blowfish | 576 | 64 |
| CAST-256 | 256 | 128 |
| GOST | 256 | 64 |
| IDEA | 128 | 64 |
| RC-6 | 2040 | 128 |
| Serpent | 256 | 128 |
| Twofish | 256 | 128 |
Asymmetric algorithms are better known as public/private-key. This encryption is best used between two parties who have no prior knowledge of each other but want to exchange data securely. Unlike symmetric algorithms, asymmetric algorithms use two different cryptographic keys to encrypt and decrypt plain text. The two keys have a mathematical relationship. A message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other key. Some asymmetric algorithms have the property that one key is deducible from the other. These algorithms are typically incorporated into public/private-key algorithms commonly used by certificate providers.
Encryption mechanisms typically use various algorithms for their routines. Listed below are some of the algorithms that can be used to develop your own encryption mechanism, along with their relative strengths and weaknesses. Many other encryption algorithms can be part of your toolkit but are not in widespread usage. If you want to go down this path, we recommend Applied Cryptography, by Bruce Schneier (Wiley, 1996).
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781558609006500208
Cryptography
Jason Andress, in The Basics of Information Security (Second Edition), 2014
Symmetric key algorithms
Some of the cryptographic algorithms that are more recognizable to the general public are symmetric key algorithms. Several of these, such as DES, 3DES, and AES, are or have been in regular use by the US government and others as standard algorithms for protecting highly sensitive data.
DES first came into use in 1976 in the United States and has since been used by a variety of parties globally. DES is a block cipher based on symmetric key cryptography and uses a 56-bit key. Although DES was considered to be very secure for some period of time, it is no longer considered to be so. In 1999, a distributed computing project was launched to break a DES key by testing every possible key in the entire keyspace, and the project succeeded in doing so in a little more than 22 h. This weakness brought about by the short key length was compensated for a period of time through the use of 3DES (pronounced triple DES), which is simply DES used to encrypt each block three times, each time with a different key. DES can operate in several different block modes, including Cipher Block Chaining (CBC), Electronic CodeBook (ECB), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR). Each mode changes the way encryption functions and the way errors are handled.
AES is a set of symmetric block ciphers endorsed by the US government through NIST, and now used by a variety of other organizations, and is the replacement for DES as the standard encryption algorithm for the US federal government. AES uses three different ciphers: one with a 128-bit key, one with a 192-bit key, and one with a 256-bit key, all having a block length of 128 bits. A variety of attacks have been attempted against AES, most of them against encryption using the 128-bit key, and most of them unsuccessful, partially successful, or questionable altogether. At the time of this writing, the US government still considers AES to be secure. AES shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode.
There are a large number of other well-known symmetric block ciphers, including Twofish, Serpent, Blowfish, CAST5, RC6, and IDEA, as well as stream ciphers, such as RC4, ORYX, and SEAL.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9780128007440000051
Wireless Sensor Network Security
Harsh Kupwade Patil, Thomas M. Chen, in Computer and Information Security Handbook (Second Edition), 2013
Public Key Algorithms
Although these algorithms are based on asymmetric key cryptography and are more resource intensive than symmetric key algorithms, they offer better security services, which are much needed and highly advantageous in WSN. As a result, there is motivation to pursue research in developing secure and efficient key-distribution mechanisms suitable in a resource-constraint environment such as WSN. Most of the implementations use Rivest, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) [12,20].
For example, TinyPK uses the Diffie-Hellman key-exchange technique for key agreement between nodes and is based on the legacy RSA cryptosystem. The main motive of this protocol is to facilitate secure communication between external users and the sensor networks. The external user’s identity is established by a CA, where his or her public key is signed by the CA’s private key.
Considering the state of the art in large-number factorization, key-size values are usually set to 1024 bits in RSA as lower values are considerably vulnerable to security attacks. In addition, the public key exponent e is set to 3, and all the resource-intensive operations are carried out on external servers. In this model, resource-abundant devices bear the burden of RSA private key operations, and, hence, the sensor nodes maintain higher energy levels during operations.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9780123943972000167
Encryption and Data Security Primer
Lewin A.R.W. Edwards, in Open-Source Robotics and Process Control Cookbook, 2005
5.4 Protecting One-Way Telemetry
A one-way telemetry link is an interesting reversal of the scenario described in the previous section. The difference between telemetry information and control information is that telemetry frequently remains valuable long after it's collected, which control information (generally) does not. In this case, we may be relying on the cryptosystem to provide both authentication (verifying that the telemetry we're receiving is actually coming from the source it's supposed to be coming from) and encryption (making sure that other people can't use our collected data). An example of this sort of application might be stock control using handheld wireless transmitters. You want to be sure that only authorized personnel can check stock out of inventory; you also want to avoid broadcasting the exact contents of your warehouse to everyone in the neighborhood.
Again, let's look at our requirements. Once more, we have a relatively low-powered handheld transmitter, but it's feasible that it could be a reasonably speedy 32-bit part, perhaps an ARM7 microcontroller with an LCD controller on-chip. Let's assume, however, that it is too slow to implement an asymmetric algorithm. It is probably safe to assume also that we can collect the transmitters at the end of every day and perform some physical link to them. Our aim, for the sake of argument, is to prevent the competitor across the road from intercepting our shipment orders and deducing which products we're selling briskly. (We're in a cut-throat business. If our competitor finds out that our left-handed widgets are selling quickly, he might choose to undercut our price, even if it means a net loss to him, and drive us out of the market. Or if he sees that we're using a huge quantity of some particular part, maybe he'll try to buy up stocks of that part and raise the market price to damage our operations). A small amount of data leakage is acceptable.
We can satisfy all our requirements with a system that comprises the following features:
▪The transmitters use a symmetric-key algorithm with a key width that's reasonably hard to crack with commercial-grade computational power.
▪Each transmitter has a serial number that can be read out using a physical connection to the unit.
▪Employees are instructed to put the transmitters onto charge/reprogramming stations after every shift.
▪Each unit is loaded with a new random key when it is put on the charge station. The station interrogates the unit to find out its serial number, and informs the central computer (over a secure, wired link) of the serial number and the assigned key. No mechanism is provided for the current key to be read out of the unit.
▪Every transmission from the unit is encrypted with the key assigned for this specific unit for this shift. Since this is constantly changing, if our attacker happens to break a particular key, he can only recover one shift's worth of messages from one handheld unit.
▪The stock-control computer is off-site. All stock add/remove requests are forwarded to the stock-control computer verbatim; that is, the local receiver hardware does not remember assigned keys, and there is no on-site information to decrypt those on-air messages.
Note that I haven't explicitly discussed the cryptosystem that protects the link between this warehouse and the central computer; I've assumed that it's strong and reliable. One good choice would be to use an asymmetric algorithm, where the random-key-generator box in the warehouse uses the central computer's public key to encrypt its reports on which keys have been assigned to which units.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9780750677783500065
Related Topics of Interest
Sudhanshu Chauhan, Nutan Kumar Panda, in Hacking Web Intelligence, 2015
Cryptography
There has always been a need to transfer messages from one location to another. Earlier people used to send messages through messengers who used to travel long distances to deliver them. Slowly a need to make this transmission secure came up. In situations like war, the message being intercepted by the enemy could have changed the whole situation. To tackle such scenarios people started to invent techniques to conceal the original message, so that even if the message is intercepted it cannot be understood by anyone except the desired receiver. One of the simplest examples is Caesar cipher, in which each letter is replaced by another with a fixed alphabet position difference, so if the position difference is 4 (right), then A would become D, B would become E, and so on. In modern era, technology has advanced a lot and so has the techniques to encrypt as well as break it.
Basic types
In this type of cryptography both the parties (sender and receiver) use same key to encrypt and decrypt the message. A popular symmetric key algorithm is Data Encryption Standard (DES), there are also its modern variants such as Triple DES.
In this type, there are two keys, public and private. As the name suggests the public key is openly distributed but the private key remains secret. The public key is used to encrypt the message whereas only private key can decrypt it. This solved a major issue with symmetric key which was the need of multiple keys for communication with different parties. RSA is a good example of asymmetric key algorithm.
Some other associated terms:
In simpler terms hashing is converting a character string into a fixed size value. Usually the hash is of small length. Some commonly used hashing algorithms are MD5, SHA1 etc.
It is simply about converting a character into another form for the purpose of data transmission, storage etc. It is simply like translating a language into another so that the other party can understand it. Commonly used encodings are UTF-8, US-ASCII etc.
The basic difference between these is that encrypted text requires a key to be converted back to plain text and it is mainly used for the confidentiality of message. In hashing, the hashed text cannot be reversed back to the original text and it is mainly used for integrity check and validation. The encoded text can be decoded back with any key.
We came across different examples, cases, scenarios where we learned how data or information plays a vital role in this digital world. Similarly any digital data stored in devices such as computer, laptop, mobile device etc., are equally important. As these are the personal devices, it consists of more personal data so should be taken care of carefully. Any hardware issue, software malfunction, device crash or theft lead to either loosing of those important data or can be in wrong hands and the consequences are much worst. So storing any important data in digital form requires a meaningful effort to make that secure. There are many solutions available both open source as well as commercial to store the data securely in these devices. Choose any of those based on the level of confidentiality of data. Apart from storing the data securely and locally in any device there are other cloud solutions available to store our data in one place so that we can retrieve and use those as per our desire. Along with the data storage and data transmission it is also recommended to use secured backup from time to time to avoid any accidental loss of data. The solutions are tightly based on what we learned above and that is cryptography or encryption. Today we frequently use cryptography on daily basis through technologies such as SSL/TLS, PGP, digital signature, disk encryption etc. So here we can conclude that encryption plays a vital role in our day to day life to secure our digital or virtual life.
With increase in computation power the ability to crack encrypted messages have also evolved. Attacks such as Brute-force, dictionary attack are easy to perform at a high speed. Also there are weaknesses in the algorithms, which make it easy to perform cryptanalysis on them. Given enough time and computation power any encrypted text can be decrypted, so today the algorithms used attempt to make it so time consuming to that the decrypted text becomes worthless in the time used to crack it.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B978012801867500015X