We live in an exciting yet challenging time. Every second of the day there are zettabytes of data traveling over networks and the internet. Data is constantly being sent and received from our homes, cars, businesses, and billions of Internet of Things (IoT) devices. In this chapter, you'll gain an appreciation for the need to secure our data in a dynamic digital world. We'll begin with a brief look at how, over the past few decades, we have seen advances in technology that have resulted in more of our data being exchanged. Concurrent to the advances in technology, we have seen an increase in the type and amount of threats to our data.
So that you understand the many resources available on guidelines for ensuring our data is not compromised, we'll take a look at the Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. You'll learn how encryption provides many security services, which include ensuring confidentiality, integrity, authentication, forward secrecy, non-repudiation, and enhanced privacy guarantees. In addition, we'll outline some common cryptographic concepts, such as Trusted Third Party (TTP) and the Public Key Infrastructure (PKI). We'll also cover how we use the story of Bob, Alice, and other personalities to help us understand complex technical concepts.
We'll then cover some basic encryption techniques. You'll see how using substitution or transposition can scramble data into an unreadable form that won't make sense unless you have the key to decrypt the message. In order to better understand substitution and transposition, we will discuss some illustrative examples that employ two basic ciphers, namely pigpen and rail fence. Finally, we'll outline some basic techniques, such as letter frequency analysis, which can be used to break some codes.
This chapter covers the following main topics:
- Outlining the current threat landscape
- Understanding security services
- Introducing common cryptographic concepts
- Outlining substitution and transposition
Outlining the current threat landscape
Over the past three decades, there has been substantial growth in the amount of digital data, both at rest and in transit. The digital wave has become an ocean of all types of data, such as email, movies, images, and tweets. With this growth comes the threat of attacks on our data, which we face on a daily basis.
In this section, we'll take a look at how our world has transformed with the adoption of digital technology, along with an overview of the current threat landscape.
Let's start with a look at the growth in digital information over the years.
Digitally transforming our world
In 1946, the world got a glimpse of the future. That was the year that the Moore School of Electrical Engineering of the University of Pennsylvania introduced the Electronic Numerical Integrator and Computer (ENIAC) system. The ENIAC was enormous, as it filled a room and was capable of performing calculations faster than any other computer at the time.
When computers first appeared, the cost to own and operate a system was extremely high. Ordinary citizens knew very little about computers. Due to their prohibitively large costs, computer systems were owned mainly by governments, industry, and universities. In 1980, the cost of a gigabyte (GB) hard drive was approximately $1.2 million. By 1990, the price was down to $8,000, and costs continued to decrease. As shown in the following graphic, from 1995 to 2000, the price of drives per GB went down substantially:
By 2010, the cost of drives per GB was approximately $0.10. Along with the cost of hard drives, the price of computers in general went down as well. With more affordable pricing, more and more businesses and consumers were embracing technology, as we'll see next.
Rapidly advancing technology
The industry continued to develop desktops, laptops, games, mobile devices, and IoT devices that began to collect and exchange more and more data. Concurrently, businesses, universities, governments, and consumers began to invest heavily in information technology, spending billions on hardware and software designed to improve the quality of life.
Today, a large percentage of the world is using digital technology and the internet, for a wide variety of purposes. Applications include e-commerce, social media, mobile banking, and email, all generating data.
Data includes anything you can see or hear and can be digitized in a multitude of different types and formats, including the following:
- Voice over Internet Protocol (VoIP), also known as IP telephony, is a group of technologies primarily used to transmit phone calls over the internet
- Documents such as spreadsheets, word processor documents, presentation files, and Portable Document Format (PDF) files
- Images that include Joint Photographic Group (JPG), Tagged Image File Format (TIPP), and Bitmap Image File (BMP)
- Video that includes a wide range of formats, such as Moving Picture Experts Group (MPEG) and Advanced Video Coding (AVC), originating from a variety of sources
Some may argue that not all data needs to be protected. However, much of the data that is in storage on a server or in motion while traveling across the network should be encrypted, mainly because this flood of data represents an opportunity for cybercriminals to obtain and exploit the data.
Threatening the security of our data
Early systems, such as the ENIAC, were standalone systems and not networked. The biggest threat to these systems was a physical attack, such as someone destroying the components. As time passed, and businesses began to adopt computer technology, there still remained little threat to the security of data.
From the 1960s through to the 1990s, scientists developed protocols for the Advanced Research Projects Agency Network (ARPANET), which was the precursor to what we know now as the internet. Some significant events during this time period include the following:
- 1972 – Ray Tomlinson creates electronic mail (email).
- 1973 – Scientists began to use the term internet.
- 1974 – The first Internet Service Provider (ISP) begins offering its service.
- 1982 – Formalization of Transmission Control Protocol (TCP) and Internet Protocol (IP), or TCP/IP, the standard protocol suite for the internet.
- 1983 – Scientists created top-level domains for the Domain Name System (DNS), such as
While there were a few reports of viruses making their way through computer systems, most anyone who worked with or knew about the internet never thought anything malicious could happen. That was until 1988, when Robert Morris, a Cornell University student, wrote and released a worm.
A worm is a self-propagating virus that can spread on its own.
The worm, later dubbed the Morris worm, created a crippling effect on the fledgling internet. As a result, Robert Morris was tried and convicted under the 1986 Computer Fraud and Abuse Act. Soon afterward, the idea of cybersecurity began to take hold. And more specifically, it became more apparent that our data could be at risk.
Over the next three decades, many more threats emerged, such as social engineering, malware, and denial of service attacks:
- Social engineering: This is a combination of methods designed to fraudulently obtain information about an organization or computer system. Effective social engineering techniques rely on the malicious actor's ability to con someone into providing information, by using social skills and powers of influence.
- Malware: This is malicious software that includes viruses, rootkits, spyware, and trojans. Most malware is designed to infiltrate a computer system or network to gain unauthorized access to critical information. Other forms of malware, such as ransomware, are designed to lock a system and its resources until someone pays a ransom.
- Denial of Service (DoS): These attacks will send numerous requests to a system in an effort to interrupt or suspend services to legitimate users. In most cases, the malicious actor(s) will use a Distributed Denial of Service (DDoS) attack, which is more effective as it uses armies or botnets to launch an attack.
As outlined, there are many different types of data, such as images, documents, and video. Data can be a part of an organization, such as a business or government entity, or belong to an individual. Let's compare the two next.
An individual's private data is generally referred to as Personally Identifiable Information (PII), which is information that can be used to identify someone. PII can include bank account records, social security numbers, or credit card information.
Proprietary business data includes information that if exposed can result in harm to the organization. Protected business data includes financial data, earnings reports, employee records, and trade secrets.
Understanding security services
Today, there are many threats to the security of our data. Therefore, it's imperative that we remain vigilant in protecting our networks and data from attack or unauthorized access. In this section, we'll take a look at some of the security services designed to assure our data is protected. We'll also see how cryptographic techniques can help ensure data is not modified, lost, or accessed in an unauthorized manner.
There are many guidelines that outline how to provide data security. One document that helps list security concepts is the International Telecommunications Union (ITU) Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. Let's take a look.
The Consultative Committee for International Telephony and Telegraphy (CCITT), now known as the International Telecommunications Union - Telecommunication Standardization Sector (ITU-T), recognized the need to provide a secure architecture when dealing with data transmission. More specifically, they wanted to outline the general framework of security services that should be implemented within the Open Systems Interconnection (OSI) model.
The OSI model is a seven-layer representation of how systems communicate with one another. The OSI model is well recognized among network professionals, as it breaks down the function of each layer.
X.800 outlines recommended security services, along with best-practice logical and physical controls that help protect each service. In addition to logical and physical controls, the document outlines various cryptographic techniques that should be used, such as the following:
- Encryption: Transforms plaintext into ciphertext by using a cryptographic algorithm and key.
- Hashing: Functions that take a given input (of any size) and produce a fixed-length output. The output size will depend on the algorithm. This is also called a one-way function, in that you cannot derive the original input from the hash value.
- Digital signature: A cryptographic technique using asymmetric encryption to ensure message authenticity and non-repudiation.
Let's take a look at each of these and how they can be achieved, starting with confidentiality.
While we may not feel that all data should be rigorously protected, in today's world, it's best to keep most, if not all, data protected from prying eyes. Confidentiality means keeping private data private by protecting against unauthorized disclosure.
An example of a violation of confidentiality would be if a malicious actor were to gain access to a company's proprietary trade secrets or customer database.
A data breach of client information can cause business harm and result in a tarnished reputation and loss of trust. To ensure confidentiality, businesses and individuals should restrict access by using access control methods that allow only authorized people, devices, or processes to have access to the data.
In addition, we can protect data confidentiality by using encryption. That way, if someone were to gain access to the information, it would be meaningless, unless they have a key to decrypt the data.
Another service is to ensure data integrity, as we'll see next.
An example of a violation of integrity would be someone gaining access to their payroll file and changing their salary from $30,000 to $40,000.
To protect integrity, use access control methods and employ strong audit policies. In addition, monitor the network for unusual or suspicious activity and use software designed to compare cryptographic hash values for unauthorized changes to the data.
One example of software that monitors for unauthorized changes in the filesystem is called Tripwire, which acts as a software intrusion detection system.
Tripwire works in the following manner:
- Prior to activating the monitoring feature, you must first flag the files that need to be checked on all filesystems and devices.
- Once the appropriate files are identified, the software will baseline the existing filesystem and generate a hash value for all files.
- After baselining, the software will scan the filesystem and generate another hash value for all flagged files.
- The software then compares each file's hash value against the baseline.
- If the hash value does not match the baseline, the system will send an alert, which will indicate that the file has been modified in an unauthorized manner.
If the hash value does not match, this will send an alert that there is a violation of the integrity of the file.
Another service that is paramount on a network is authentication, as we'll see next.
When something or someone is authentic, we are assured that it is true or genuine. For example, when you go to a bank to cash a check, the bank will require you to produce identification to prove who you are.
A violation of authentication occurs when spoofing techniques are used. For example, malicious actors often use an email address that spoofs the name to look like someone you know. This is a social engineering technique that is used to get you to open a file or complete some action.
When dealing with an entity on a network, it's especially important to guarantee authenticity, as this assures both parties that the message has originated from an authorized source. One way to prove authentication is by using a message authentication code, which is a small block of code used to authenticate the origin of the message.
Non-repudiation is preventing a party from denying participation in a communication and can be used in both sides of a conversation to prevent either party from denying their involvement. By using a digital signature, non-repudiation can be achieved in the following manner:
- Proof of origin: Assurance that the message was sent by a specific entity
- Proof of receipt: Assurance that the message was received by a specific entity
To understand the importance of providing non-repudiation, let's outline the concept using a scenario in the following section.
Every day, busy professionals send and receive emails. So that you can better understand how this works, I'll outline the concept in a story where using a digital signature when sending an email could help provide non-repudiation.
Bob is an office manager for a large payroll department. The supervisor is Jessica, who oversees the day-to-day operations of the department. Jessica is generally busy, with many tasks and meetings throughout the day.
Jessica's administrative assistant, Paul, notices that Jessica's birthday is in 2 days. Paul emails Bob to purchase a birthday cake and plan a surprise party and invite the whole office. Bob completes all the necessary arrangements and lets Paul and the department know that everything is ready for Friday.
On Friday, Jessica returns from her morning meeting, where she is greeted by the entire department wishing her a happy birthday. Jessica looks around the room and is visibly upset, and states, "you shouldn't have done this." She then retreats to her office and closes the door.
Later that morning, Jessica calls Bob and Paul into her office and tells them that she knows they meant well, but she didn't appreciate the attention. Paul states that he has no idea how this happened. Bob replies to Paul, "you sent me an email telling me to plan the event!" Paul answers, "no I didn't."
At that point, Bob has no recourse but to take the blame, as Paul has repudiated the fact that he had requested the party.
While Bob could have printed the email from Paul to attempt to prove that Paul requested the party, this may not be sufficient, as it is possible to spoof (or recreate) an email. However, if Paul had sent the email using a digital signature, this would prove that he had sent the email. At that point, Bob could have defended himself and let Jessica know what really happened.
On any network, it's also important to ensure availability, as we'll see next.
A violation of availability would be a DoS attack designed to interrupt or suspend services to legitimate users.
Although ensuring availability is an important concept, we cannot use a cryptographic method to ensure this service. However, there are other ways to protect availability, such as using intrusion detection and prevention. In addition, the network administrator should also keep systems up to date with all security patches, and upgrade systems and devices when necessary.
As outlined, encryption and cryptographic techniques are some of the ways through which we can protect against the constant threats to the security of our data. In the next section, let's take a look at a few of the cryptographic concepts that you might encounter.
Introducing common cryptographic concepts
In order to securely exchange data, we use more than just encryption algorithms. We also use several cryptographic tools and techniques. When discussing these concepts, you will hear terms such as symmetric and asymmetric encryption, along with cryptographic hash.
You will get a better understanding of these terms as we progress through the chapters. If you need a quick review, visit https://www.makeuseof.com/tag/encryption-terms/ for an explanation of 11 of the most common encryption terms.
In this section, we'll provide the broad strokes of the concepts of a TTP and the PKI to help your understanding. In addition, since you'll often see an explanation of a complex topic using the names of fictional characters, we'll talk about the story of Bob and Alice.
We'll go into the details of the aforementioned terms and others as the book progresses. For now, let's start with the importance of a TTP.
Trusting a TTP
Think about doing a transaction on the internet. When you go to an online shopping site, you will want to encrypt your transactions to provide confidentiality as you exchange data with the website. Let's consider the following scenario.
Alice wants to purchase some pet supplies for her two cats. She heads out to the pet supply store, Kiddikatz. If the communication is not encrypted, the transaction could be intercepted and read by Mallory, a malicious active attacker, as part of a Man-in-The-Middle (MiTM) attack, as shown in the following graphic:
To prevent a MiTM attack, Alice will use Transport Layer Security (TLS) to encrypt and secure the transaction. Prior to the transaction, both parties will need to exchange keys. That is where the TTP becomes important.
A TTP is necessary in a hybrid cryptosystem. In a faceless, nameless environment such as the internet, TTPs helps us to communicate securely on the web.
The idea of a TTP works by using transitive trust. As shown in the following graphic, we see that if Alice trusts the TTP, and Kiddikatz trusts the TTP, then Alice automatically trusts Kiddikatz:
Ensuring trust on the network
When you go to your browser and you see a lock next to the web address, that means you can trust the site. As shown in the following screenshot, we can see that the site for Packt Publishing is a secure connection:
Some companies that provide this trust include Verisign, Cloudflare, Google Trust Services, and Thawte. All of this is made possible because of the PKI, as outlined next.
Managing keys using the PKI
Although the term Public Key Infrastructure implies that the PKI generates keys, that is not the case. Instead, the PKI generates a digital certificate to securely distribute keys between a server (such as a web server) and a client. PKI uses a TTP to generate a certificate, which provides the authentication for each entity.
Let's step through the process of distributing public keys by using a certificate.
Obtaining the certificates
- Symmetric encryption: Uses a single shared key (or secret) key
- Asymmetric encryption: Uses a pair of keys – a public key and a private key
When using asymmetric encryption, an entity's private key is kept private. However, the public key is shared for everyone to see, as it is public.
When obtaining someone's public key for a transaction, we need to be able to trust that the key is from the entity from whom we received it. As a result, when completing transactions on the internet, we use a TTP.
As shown in the following diagram, the TTP provides a certificate to each entity, which ensures proof of identity and holds the other party's verified public key:
The PKI provides the structure necessary to ensure trust and securely share the public keys between those involved in a digital transaction.
When discussing cryptography, it is common to use themes, much like the ones used in programming, such as Foo Bar and Hello World. In the next section, let's get to know the story of Bob, Alice, and other characters, which will help us when explaining cryptographic concepts.
Getting to know Bob and Alice
When outlining technical concepts, it's important to provide an easy-to-understand explanation. Using a story with characters helps explain technical topics.
Alice needs to send Bob a secure message. They must first obtain the same shared key.
If you need more characters, there are others you can use. The characters are listed in Bruce Schneier's book Applied Cryptography, where he presents a list of characters that include the following:
- Alice: Primary participant in the transaction
- Bob: Secondary participant in the transaction
- Mallory: A malicious (MiTM) attacker
- Eve: An eavesdropper, usually a passive attacker
- Victor or Vanna: A verifier
- Trent: A TTP
Using the names of individuals makes complex concepts more relatable. As a result, we will see more of Bob and Alice throughout our discussion on cryptography.
Outlining substitution and transposition
We can define cryptography as hidden or secret writing. The concept of concealing information using secret codes began thousands of years ago. Some of the early methods to encrypt data used pen, paper, or even rings, such as the pigpen, or Freemason, cipher.
In this section, we'll take a look at early encryption techniques, called classic cryptography, which mainly used transposition and substitution. The two work in the following manner:
- Transposition ciphers transpose letters according to a pattern.
- Substitution ciphers substitute each letter with a different letter according to the key.
Substitution techniques to encode text work by substituting one character for another. The characters can be letters, numbers, or special characters. There are several substitution ciphers. One example is the pigpen or Freemason cipher. This cipher uses a grid formation with symbols that represent the different letters, as shown in the following figure:
To generate a code, you would substitute each letter with the corresponding symbol. For example, the phrase Secret message converted using a pigpen cipher would appear as the following code:
Try this yourself by going to https://www.boxentriq.com/code-breaking/pigpen-cipher.
Transposing the text
One method to transpose characters is reversing the order of letters in a phrase. The phrase confidentiality is keeping private data private will become etavirp atad etavirp gnipeek si ytilaitnedifnoc.
Even though this is a simple transposition of characters, you might have difficulty determining what the phrase means, unless you know that the letters have been reversed.
The rail fence, or zig-zag, cipher is another transposition cipher that conceals data by using rails or separate lines of text.
For example, if we were to transpose the word TRANSPOSE by using three rails and filling in the blank spaces using other letters, we would have the following output:
If someone were to look at the three lines of text, they may not be able to determine the meaning, unless they know the pattern, as shown:
Both the substitution and transposition ciphers are simple ciphers where it is fairly easy to break the code to determine the plaintext. When working with methods to conceal text such as substitution and transposition, we can use various methods to break the code, as outlined next.
Breaking the code
Concurrent to creating ways to conceal data using basic cryptographic techniques came the need to break codes and ciphers by using various methods.
With classic cryptography, code-breaking is a lot like a word puzzle, where the key is found by substituting letters until you determine a match. Because some methods use transposition, you might need to evaluate the text for alternate patterns that rearrange the text in some way.
Analyzing the frequency of the letters
When using letter frequency analysis, English characters can be divided into groups that include the following:
- The high-frequency group includes letters such as A, E, and T.
- The low-frequency or rare group includes letters such as K, Q, X, and Z.
- Digrams are pairs of letters that include th, he, of, and it. You'll also want to consider pairs using repeating letters such as ll, oo, or ee.
- Trigrams are collections of three letters that include the, est, and, for, and his.
To adequately produce a frequency profile, you need a generous amount of characters. You can manually count the characters or use one of the applications available online, such as the one found at http://www.richkni.co.uk/php/crypta/freq.php.
If the cipher uses more than one alphabet, this will make the code more difficult to decrypt. You might even find text that doesn't use an alphabet. For example, try to decode the following message:
You can find the answer at the end of this chapter under the Assessments section.
Every day, more and more services are being added to our infrastructures, homes, and businesses, making network security a constant challenge. However, a secure network is important as it protects the organization. In this chapter, we took a look at the threats to our data that exist, which makes securely managing a large volume of data in various locations a challenge. We saw the importance of providing security services such as confidentiality, integrity, and availability, and how using cryptographic techniques can help protect those services.
We then took a look at some common cryptographic concepts, such as TTPs and key management using the PKI. We also got to know characters such as Bob, Alice, Trent, and Mallory, which help us to personalize and better understand complex cryptographic concepts. Finally, we took a look at two basic cryptographic concepts, substitution, and transposition. We saw how substitution substitutes plaintext characters with other characters to convert it into ciphertext. We also learned how transposition rearranges the characters of plaintext to conceal information. We then saw how we can use letter frequency analysis to crack a simple code, that uses a monoalphabetic cipher.
So that you can better understand the evolution of encryption, the next chapter will start with a review of some classical ciphers such as the Vigenère and Caesar ciphers. Then we'll examine how war efforts prompted the encoding of transmissions, and how the Enigma was used to securely send messages. We'll then learn the beginnings of the Data Encryption Standard (DES), with the development of Lucifer and Feistel ciphers, as scientists recognized the need to secure digital data.
Now it's time to check your knowledge. Select the best response, then check your answers with those found in the Assessment section at the end of the book.
- In _____, Ray Tomlinson created electronic mail (email).
- When protecting data, _____ ensures that data is not modified, lost, or destroyed in either an accidental or unauthorized manner.
- A digital _____ is a cryptographic technique using asymmetric encryption that ensures a message is authentic and has not been modified or altered while in transit.
c. rail fence
- When malicious actors often use an email address that spoofs the name to look like someone you know, this is a violation of _____.
- _____ encryption uses a pair of keys: a public key and a private key.
- _____ ciphers substitute each letter with a different letter according to the key.
- The rail fence, or zig-zag, cipher is a _________ cipher that conceals data by using "rails" or separate lines of text.
Please refer to the following links for more information:
- Take a stroll down memory lane and visit some of the most significant events in computer history by going to https://www.computerhistory.org.
- For a comparison on prices of hard drives per GB, visit https://mkomo.com/cost-per-gigabyte.
- To help you understand how much data is in a petabyte, exabyte, zettabyte, or yottabyte, go to http://highscalability.com/blog/2012/9/11/how-big-is-a-petabyte-exabyte-zettabyte-or-a-yottabyte.html.
- To review some of the topics related to internet security, take a look at the internet glossary found at https://tools.ietf.org/html/rfc2828.
- To learn more about Bob and Alice and related topics, go to http://cryptocouple.com/.
- The X.800 document is found at https://www.itu.int/rec/T-REC-X.800-199103-I/en. Go to the middle of the page and select the PDF format. Once in the document, you will see that it was drafted in 1991. However, it still remains applicable.
- To get a better understanding of transposition ciphers along with some examples, visit https://crypto.interactive-maths.com/simple-transposition-ciphers.html.
- You can read more on Tripwire at https://www.tripwire.com/.