Over the past three decades, there has been substantial growth in the amount of digital data, both at rest and in transit. The digital wave has become an ocean of all types of data, such as email, movies, images, and tweets. With this growth comes the threat of attacks on our data, which we face on a daily basis.

In this section, we'll take a look at how our world has transformed with the adoption of digital technology, along with an overview of the current threat landscape.

Let's start with a look at the growth in digital information over the years.

Digitally transforming our world

In 1946, the world got a glimpse of the future. That was the year that the Moore School of Electrical Engineering of the University of Pennsylvania introduced the Electronic Numerical Integrator and Computer (ENIAC) system. The ENIAC was enormous, as it filled a room and was capable of performing calculations faster than any other computer at the time.

When computers first appeared, the cost to own and operate a system was extremely high. Ordinary citizens knew very little about computers. Due to their prohibitively large costs, computer systems were owned mainly by governments, industry, and universities. In 1980, the cost of a gigabyte (GB) hard drive was approximately $1.2 million. By 1990, the price was down to $8,000, and costs continued to decrease. As shown in the following graphic, from 1995 to 2000, the price of drives per GB went down substantially:

Figure 1.1 – The cost of hard drives per gigabyte

By 2010, the cost of drives per GB was approximately $0.10. Along with the cost of hard drives, the price of computers in general went down as well. With more affordable pricing, more and more businesses and consumers were embracing technology, as we'll see next.

Rapidly advancing technology

The industry continued to develop desktops, laptops, games, mobile devices, and IoT devices that began to collect and exchange more and more data. Concurrently, businesses, universities, governments, and consumers began to invest heavily in information technology, spending billions on hardware and software designed to improve the quality of life.

Today, a large percentage of the world is using digital technology and the internet, for a wide variety of purposes. Applications include e-commerce, social media, mobile banking, and email, all generating data.

Data includes anything you can see or hear and can be digitized in a multitude of different types and formats, including the following:

• Voice over Internet Protocol (VoIP), also known as IP telephony, is a group of technologies primarily used to transmit phone calls over the internet
• Documents such as spreadsheets, word processor documents, presentation files, and Portable Document Format (PDF) files
• Images that include Joint Photographic Group (JPG), Tagged Image File Format (TIPP), and Bitmap Image File (BMP)
• Video that includes a wide range of formats, such as Moving Picture Experts Group (MPEG) and Advanced Video Coding (AVC), originating from a variety of sources

Some may argue that not all data needs to be protected. However, much of the data that is in storage on a server or in motion while traveling across the network should be encrypted, mainly because this flood of data represents an opportunity for cybercriminals to obtain and exploit the data.

Every minute of every day, companies face a variety of threats to the security of their data. Let's explore this concept next.

Threatening the security of our data

Early systems, such as the ENIAC, were standalone systems and not networked. The biggest threat to these systems was a physical attack, such as someone destroying the components. As time passed, and businesses began to adopt computer technology, there still remained little threat to the security of data.

From the 1960s through to the 1990s, scientists developed protocols for the Advanced Research Projects Agency Network (ARPANET), which was the precursor to what we know now as the internet. Some significant events during this time period include the following:

• 1972 – Ray Tomlinson creates electronic mail (email).
• 1973 – Scientists began to use the term internet.
• 1974 – The first Internet Service Provider (ISP) begins offering its service.
• 1982 – Formalization of Transmission Control Protocol (TCP) and Internet Protocol (IP), or TCP/IP, the standard protocol suite for the internet.
• 1983 – Scientists created top-level domains for the Domain Name System (DNS), such as .edu, .com, and .gov.

While there were a few reports of viruses making their way through computer systems, most anyone who worked with or knew about the internet never thought anything malicious could happen. That was until 1988, when Robert Morris, a Cornell University student, wrote and released a worm.

Important note

A worm is a self-propagating virus that can spread on its own.

The worm, later dubbed the Morris worm, created a crippling effect on the fledgling internet. As a result, Robert Morris was tried and convicted under the 1986 Computer Fraud and Abuse Act. Soon afterward, the idea of cybersecurity began to take hold. And more specifically, it became more apparent that our data could be at risk.

Over the next three decades, many more threats emerged, such as social engineering, malware, and denial of service attacks:

• Social engineering: This is a combination of methods designed to fraudulently obtain information about an organization or computer system. Effective social engineering techniques rely on the malicious actor's ability to con someone into providing information, by using social skills and powers of influence.
• Malware: This is malicious software that includes viruses, rootkits, spyware, and trojans. Most malware is designed to infiltrate a computer system or network to gain unauthorized access to critical information. Other forms of malware, such as ransomware, are designed to lock a system and its resources until someone pays a ransom.
• Denial of Service (DoS): These attacks will send numerous requests to a system in an effort to interrupt or suspend services to legitimate users. In most cases, the malicious actor(s) will use a Distributed Denial of Service (DDoS) attack, which is more effective as it uses armies or botnets to launch an attack.

As outlined, there are many different types of data, such as images, documents, and video. Data can be a part of an organization, such as a business or government entity, or belong to an individual. Let's compare the two next.

Categorizing data

Data can represent either an individual's information or details that relate to a business or organization.

An individual's private data is generally referred to as Personally Identifiable Information (PII), which is information that can be used to identify someone. PII can include bank account records, social security numbers, or credit card information.

Proprietary business data includes information that if exposed can result in harm to the organization. Protected business data includes financial data, earnings reports, employee records, and trade secrets.

On any network, there are several goals or services we strive to provide, such as confidentiality, integrity, and availability. Let's explore this concept in the next section.

Today, there are many threats to the security of our data. Therefore, it's imperative that we remain vigilant in protecting our networks and data from attack or unauthorized access. In this section, we'll take a look at some of the security services designed to assure our data is protected. We'll also see how cryptographic techniques can help ensure data is not modified, lost, or accessed in an unauthorized manner.

There are many guidelines that outline how to provide data security. One document that helps list security concepts is the International Telecommunications Union (ITU) Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. Let's take a look.

Investigating X.800

The Consultative Committee for International Telephony and Telegraphy (CCITT), now known as the International Telecommunications Union - Telecommunication Standardization Sector (ITU-T), recognized the need to provide a secure architecture when dealing with data transmission. More specifically, they wanted to outline the general framework of security services that should be implemented within the Open Systems Interconnection (OSI) model.

Important note

The OSI model is a seven-layer representation of how systems communicate with one another. The OSI model is well recognized among network professionals, as it breaks down the function of each layer.

X.800 outlines recommended security services, along with best-practice logical and physical controls that help protect each service. In addition to logical and physical controls, the document outlines various cryptographic techniques that should be used, such as the following:

• Encryption: Transforms plaintext into ciphertext by using a cryptographic algorithm and key.
• Hashing: Functions that take a given input (of any size) and produce a fixed-length output. The output size will depend on the algorithm. This is also called a one-way function, in that you cannot derive the original input from the hash value.
• Digital signature: A cryptographic technique using asymmetric encryption to ensure message authenticity and non-repudiation.

The document lists the main security services designed to protect data, which include confidentiality, integrity, authentication, and non-repudiation.

Let's take a look at each of these and how they can be achieved, starting with confidentiality.

Ensuring confidentiality

While we may not feel that all data should be rigorously protected, in today's world, it's best to keep most, if not all, data protected from prying eyes. Confidentiality means keeping private data private by protecting against unauthorized disclosure.

An example of a violation of confidentiality would be if a malicious actor were to gain access to a company's proprietary trade secrets or customer database.

A data breach of client information can cause business harm and result in a tarnished reputation and loss of trust. To ensure confidentiality, businesses and individuals should restrict access by using access control methods that allow only authorized people, devices, or processes to have access to the data.

In addition, we can protect data confidentiality by using encryption. That way, if someone were to gain access to the information, it would be meaningless, unless they have a key to decrypt the data.

Another service is to ensure data integrity, as we'll see next.

Safeguarding integrity

Providing integrity ensures that data is not modified, lost, or destroyed in either an accidental or unauthorized manner.

An example of a violation of integrity would be someone gaining access to their payroll file and changing their salary from $30,000 to $40,000.

To protect integrity, use access control methods and employ strong audit policies. In addition, monitor the network for unusual or suspicious activity and use software designed to compare cryptographic hash values for unauthorized changes to the data.

One example of software that monitors for unauthorized changes in the filesystem is called Tripwire, which acts as a software intrusion detection system.

Tripwire works in the following manner:

1. Prior to activating the monitoring feature, you must first flag the files that need to be checked on all filesystems and devices.
2. Once the appropriate files are identified, the software will baseline the existing filesystem and generate a hash value for all files.
3. After baselining, the software will scan the filesystem and generate another hash value for all flagged files.
4. The software then compares each file's hash value against the baseline.
5. If the hash value does not match the baseline, the system will send an alert, which will indicate that the file has been modified in an unauthorized manner.

In the following figure, the hash value of the baseline file is not the same as the hash value of the checked file:

Figure 1.2 – A hash value that does not match the baseline

If the hash value does not match, this will send an alert that there is a violation of the integrity of the file.

Another service that is paramount on a network is authentication, as we'll see next.

Providing authentication

When something or someone is authentic, we are assured that it is true or genuine. For example, when you go to a bank to cash a check, the bank will require you to produce identification to prove who you are.

A violation of authentication occurs when spoofing techniques are used. For example, malicious actors often use an email address that spoofs the name to look like someone you know. This is a social engineering technique that is used to get you to open a file or complete some action.

When dealing with an entity on a network, it's especially important to guarantee authenticity, as this assures both parties that the message has originated from an authorized source. One way to prove authentication is by using a message authentication code, which is a small block of code used to authenticate the origin of the message.

Another security service is non-repudiation, which prevents an entity from denying that they either sent or received a communication.

Certifying non-repudiation

Non-repudiation is preventing a party from denying participation in a communication and can be used in both sides of a conversation to prevent either party from denying their involvement. By using a digital signature, non-repudiation can be achieved in the following manner:

• Proof of origin: Assurance that the message was sent by a specific entity
• Proof of receipt: Assurance that the message was received by a specific entity

To understand the importance of providing non-repudiation, let's outline the concept using a scenario in the following section.

Denying involvement

Every day, busy professionals send and receive emails. So that you can better understand how this works, I'll outline the concept in a story where using a digital signature when sending an email could help provide non-repudiation.

Bob is an office manager for a large payroll department. The supervisor is Jessica, who oversees the day-to-day operations of the department. Jessica is generally busy, with many tasks and meetings throughout the day.

Jessica's administrative assistant, Paul, notices that Jessica's birthday is in 2 days. Paul emails Bob to purchase a birthday cake and plan a surprise party and invite the whole office. Bob completes all the necessary arrangements and lets Paul and the department know that everything is ready for Friday.

On Friday, Jessica returns from her morning meeting, where she is greeted by the entire department wishing her a happy birthday. Jessica looks around the room and is visibly upset, and states, "you shouldn't have done this." She then retreats to her office and closes the door.

Later that morning, Jessica calls Bob and Paul into her office and tells them that she knows they meant well, but she didn't appreciate the attention. Paul states that he has no idea how this happened. Bob replies to Paul, "you sent me an email telling me to plan the event!" Paul answers, "no I didn't."

At that point, Bob has no recourse but to take the blame, as Paul has repudiated the fact that he had requested the party.

While Bob could have printed the email from Paul to attempt to prove that Paul requested the party, this may not be sufficient, as it is possible to spoof (or recreate) an email. However, if Paul had sent the email using a digital signature, this would prove that he had sent the email. At that point, Bob could have defended himself and let Jessica know what really happened.

Using a digital signature to prevent non-repudiation is not always required; however, in a high-stakes situation, such as a financial transaction, this can be especially important.

On any network, it's also important to ensure availability, as we'll see next.

Assuring availability

Availability is the assurance that resources are available to authorized devices, users, and/or processes on the network.

A violation of availability would be a DoS attack designed to interrupt or suspend services to legitimate users.

Although ensuring availability is an important concept, we cannot use a cryptographic method to ensure this service. However, there are other ways to protect availability, such as using intrusion detection and prevention. In addition, the network administrator should also keep systems up to date with all security patches, and upgrade systems and devices when necessary.

As outlined, encryption and cryptographic techniques are some of the ways through which we can protect against the constant threats to the security of our data. In the next section, let's take a look at a few of the cryptographic concepts that you might encounter.

In order to securely exchange data, we use more than just encryption algorithms. We also use several cryptographic tools and techniques. When discussing these concepts, you will hear terms such as symmetric and asymmetric encryption, along with cryptographic hash.

Important note

You will get a better understanding of these terms as we progress through the chapters. If you need a quick review, visit https://www.makeuseof.com/tag/encryption-terms/ for an explanation of 11 of the most common encryption terms.

In this section, we'll provide the broad strokes of the concepts of a TTP and the PKI to help your understanding. In addition, since you'll often see an explanation of a complex topic using the names of fictional characters, we'll talk about the story of Bob and Alice.

We'll go into the details of the aforementioned terms and others as the book progresses. For now, let's start with the importance of a TTP.

Trusting a TTP

Think about doing a transaction on the internet. When you go to an online shopping site, you will want to encrypt your transactions to provide confidentiality as you exchange data with the website. Let's consider the following scenario.

Alice wants to purchase some pet supplies for her two cats. She heads out to the pet supply store, Kiddikatz. If the communication is not encrypted, the transaction could be intercepted and read by Mallory, a malicious active attacker, as part of a Man-in-The-Middle (MiTM) attack, as shown in the following graphic:

Figure 1.3 – A MiTM attack

To prevent a MiTM attack, Alice will use Transport Layer Security (TLS) to encrypt and secure the transaction. Prior to the transaction, both parties will need to exchange keys. That is where the TTP becomes important.

A TTP is necessary in a hybrid cryptosystem. In a faceless, nameless environment such as the internet, TTPs helps us to communicate securely on the web.

The idea of a TTP works by using transitive trust. As shown in the following graphic, we see that if Alice trusts the TTP, and Kiddikatz trusts the TTP, then Alice automatically trusts Kiddikatz:


Figure 1.4 – A transaction using a TTP

We know that TTPs are important in a digital transaction. Next, let's see how you can determine whether or not a site can be trusted.

Ensuring trust on the network

When you go to your browser and you see a lock next to the web address, that means you can trust the site. As shown in the following screenshot, we can see that the site for Packt Publishing is a secure connection:

Figure 1.5 – Secure website for Packt Publishing

Some companies that provide this trust include Verisign, Cloudflare, Google Trust Services, and Thawte. All of this is made possible because of the PKI, as outlined next.

Managing keys using the PKI

As we have seen, a TTP provides the trust required when completing transactions on the internet. During a transaction, all entities are able to securely communicate with one another by using the PKI.

Although the term Public Key Infrastructure implies that the PKI generates keys, that is not the case. Instead, the PKI generates a digital certificate to securely distribute keys between a server (such as a web server) and a client. PKI uses a TTP to generate a certificate, which provides the authentication for each entity.

Let's step through the process of distributing public keys by using a certificate.

Obtaining the certificates

Encryption algorithms use keys. There are two main types of encryption. The type of encryption will determine whether one or two keys are used. The difference is as follows:

• Symmetric encryption: Uses a single shared key (or secret) key
• Asymmetric encryption: Uses a pair of keys – a public key and a private key

When using asymmetric encryption, an entity's private key is kept private. However, the public key is shared for everyone to see, as it is public.

When obtaining someone's public key for a transaction, we need to be able to trust that the key is from the entity from whom we received it. As a result, when completing transactions on the internet, we use a TTP.

As shown in the following diagram, the TTP provides a certificate to each entity, which ensures proof of identity and holds the other party's verified public key:

Figure 1.6 – Certificate exchange in the PKI

The PKI provides the structure necessary to ensure trust and securely share the public keys between those involved in a digital transaction.

Once Alice and Kiddikatz are assured trust in one another, they can securely exchange the session key and begin the transaction.

When discussing cryptography, it is common to use themes, much like the ones used in programming, such as Foo Bar and Hello World. In the next section, let's get to know the story of Bob, Alice, and other characters, which will help us when explaining cryptographic concepts.

Getting to know Bob and Alice

When outlining technical concepts, it's important to provide an easy-to-understand explanation. Using a story with characters helps explain technical topics.

Using the characters Alice and Bob is the most common way we use to explain cryptographic concepts. For example, you might see the following when describing a scenario:

Alice needs to send Bob a secure message. They must first obtain the same shared key.

If you need more characters, there are others you can use. The characters are listed in Bruce Schneier's book Applied Cryptography, where he presents a list of characters that include the following:

• Alice: Primary participant in the transaction
• Bob: Secondary participant in the transaction
• Mallory: A malicious (MiTM) attacker
• Eve: An eavesdropper, usually a passive attacker
• Victor or Vanna: A verifier
• Trent: A TTP

Using the names of individuals makes complex concepts more relatable. As a result, we will see more of Bob and Alice throughout our discussion on cryptography.

When discussing encryption, one of the simplest ways to conceal the true meaning of data is by using substitution and transposition, as we'll see next.

We can define cryptography as hidden or secret writing. The concept of concealing information using secret codes began thousands of years ago. Some of the early methods to encrypt data used pen, paper, or even rings, such as the pigpen, or Freemason, cipher.

In this section, we'll take a look at early encryption techniques, called classic cryptography, which mainly used transposition and substitution. The two work in the following manner:

• Transposition ciphers transpose letters according to a pattern.
• Substitution ciphers substitute each letter with a different letter according to the key.

In addition, we'll also take a look at methods to break the encryption. Let's start with seeing how substitution works, along with an example using the pigpen cipher.

Substituting characters

Substitution techniques to encode text work by substituting one character for another. The characters can be letters, numbers, or special characters. There are several substitution ciphers. One example is the pigpen or Freemason cipher. This cipher uses a grid formation with symbols that represent the different letters, as shown in the following figure:

Figure 1.7 – Pigpen cipher code

To generate a code, you would substitute each letter with the corresponding symbol. For example, the phrase Secret message converted using a pigpen cipher would appear as the following code:

Figure 1.8 – The phrase "Secret message" converted to code using a pigpen cipher

Try this yourself by going to https://www.boxentriq.com/code-breaking/pigpen-cipher.

Another technique to scramble data is by using transposition, as we'll see next.

Transposing the text

There are several techniques to transpose text. Unlike substitution, which substitutes one character for another, transposition transposes or rearranges the characters according to a pattern.

One method to transpose characters is reversing the order of letters in a phrase. The phrase confidentiality is keeping private data private will become etavirp atad etavirp gnipeek si ytilaitnedifnoc.

Even though this is a simple transposition of characters, you might have difficulty determining what the phrase means, unless you know that the letters have been reversed.

The rail fence, or zig-zag, cipher is another transposition cipher that conceals data by using rails or separate lines of text.

For example, if we were to transpose the word TRANSPOSE by using three rails and filling in the blank spaces using other letters, we would have the following output:

Figure 1.9 – The rail fence cipher concealing text

If someone were to look at the three lines of text, they may not be able to determine the meaning, unless they know the pattern, as shown:

Figure 1.10 – The rail fence cipher with the text exposed

Both the substitution and transposition ciphers are simple ciphers where it is fairly easy to break the code to determine the plaintext. When working with methods to conceal text such as substitution and transposition, we can use various methods to break the code, as outlined next.

Breaking the code

Concurrent to creating ways to conceal data using basic cryptographic techniques came the need to break codes and ciphers by using various methods.

With classic cryptography, code-breaking is a lot like a word puzzle, where the key is found by substituting letters until you determine a match. Because some methods use transposition, you might need to evaluate the text for alternate patterns that rearrange the text in some way.

Ciphers that use one alphabet are called mono-alphabetic ciphers. If only one alphabet is used, we can employ letter frequency analysis, as described next.

Analyzing the frequency of the letters

Letter frequency analysis is a cryptographic tool. The analysis begins by determining the frequency of the letters so that the actual message can be found.

When using letter frequency analysis, English characters can be divided into groups that include the following:

• The high-frequency group includes letters such as A, E, and T.
• The low-frequency or rare group includes letters such as K, Q, X, and Z.
• Digrams are pairs of letters that include th, he, of, and it. You'll also want to consider pairs using repeating letters such as ll, oo, or ee.
• Trigrams are collections of three letters that include the, est, and, for, and his.

To adequately produce a frequency profile, you need a generous amount of characters. You can manually count the characters or use one of the applications available online, such as the one found at http://www.richkni.co.uk/php/crypta/freq.php.

If the cipher uses more than one alphabet, this will make the code more difficult to decrypt. You might even find text that doesn't use an alphabet. For example, try to decode the following message:

Figure 1.11 – Secret code

You can find the answer at the end of this chapter under the Assessments section.

As we can see, even simple cryptographic methods can conceal information from someone. The downside is the simpler the method, the easier it is to obtain the plaintext message.

Every day, more and more services are being added to our infrastructures, homes, and businesses, making network security a constant challenge. However, a secure network is important as it protects the organization. In this chapter, we took a look at the threats to our data that exist, which makes securely managing a large volume of data in various locations a challenge. We saw the importance of providing security services such as confidentiality, integrity, and availability, and how using cryptographic techniques can help protect those services.

We then took a look at some common cryptographic concepts, such as TTPs and key management using the PKI. We also got to know characters such as Bob, Alice, Trent, and Mallory, which help us to personalize and better understand complex cryptographic concepts. Finally, we took a look at two basic cryptographic concepts, substitution, and transposition. We saw how substitution substitutes plaintext characters with other characters to convert it into ciphertext. We also learned how transposition rearranges the characters of plaintext to conceal information. We then saw how we can use letter frequency analysis to crack a simple code, that uses a monoalphabetic cipher.

So that you can better understand the evolution of encryption, the next chapter will start with a review of some classical ciphers such as the Vigenère and Caesar ciphers. Then we'll examine how war efforts prompted the encoding of transmissions, and how the Enigma was used to securely send messages. We'll then learn the beginnings of the Data Encryption Standard (DES), with the development of Lucifer and Feistel ciphers, as scientists recognized the need to secure digital data.

Now it's time to check your knowledge. Select the best response, then check your answers with those found in the Assessment section at the end of the book.

1. In _____, Ray Tomlinson created electronic mail (email).

   a. 1968

   b. 1972

   c. 1992

   d. 1998

2. When protecting data, _____ ensures that data is not modified, lost, or destroyed in either an accidental or unauthorized manner.

   a. integrity

   b. confidentiality

   c. availability

   d. authentication

3. A digital _____ is a cryptographic technique using asymmetric encryption that ensures a message is authentic and has not been modified or altered while in transit.

   a. breadcrumb

   b. cookie

   c. rail fence

   d. signature

4. When malicious actors often use an email address that spoofs the name to look like someone you know, this is a violation of _____.

   a. integrity

   b. confidentiality

   c. availability

   d. authentication

5. _____ encryption uses a pair of keys: a public key and a private key.

   a. Verified

   b. Asymmetric

   c. Symmetric

   d. SHA-1

6. _____ ciphers substitute each letter with a different letter according to the key.

   a. Allocation

   b. Substitution

   c. Transposition

   d. Pigpen

7. The rail fence, or zig-zag, cipher is a _________ cipher that conceals data by using "rails" or separate lines of text.

   a. allocation

   b. substitution

   c. transposition

   d. pigpen

Please refer to the following links for more information:

• Take a stroll down memory lane and visit some of the most significant events in computer history by going to https://www.computerhistory.org.
• For a comparison on prices of hard drives per GB, visit https://mkomo.com/cost-per-gigabyte.
• To help you understand how much data is in a petabyte, exabyte, zettabyte, or yottabyte, go to http://highscalability.com/blog/2012/9/11/how-big-is-a-petabyte-exabyte-zettabyte-or-a-yottabyte.html.
• To review some of the topics related to internet security, take a look at the internet glossary found at https://tools.ietf.org/html/rfc2828.
• To learn more about Bob and Alice and related topics, go to http://cryptocouple.com/.
• The X.800 document is found at https://www.itu.int/rec/T-REC-X.800-199103-I/en. Go to the middle of the page and select the PDF format. Once in the document, you will see that it was drafted in 1991. However, it still remains applicable.
• To get a better understanding of transposition ciphers along with some examples, visit https://crypto.interactive-maths.com/simple-transposition-ciphers.html.
• You can read more on Tripwire at https://www.tripwire.com/.