○ Encryption (Two Ways)
§ Symmetric Encryption
□ Same key both encrypts and decrypts the data.
□ Very fast, yet exchanging key is tricky
□ Very Algorithmic
® DES Data Encryption Standard (BROKEN)
◊ Uses key of 56 bit length
® Triple DES (3DES)
◊ Uses three keys (or two unique keys) of 56 bit each
® AES Advanced Encryption Standard
◊ Uses keys of 128, 192 or 256 bits long
® Brute force
◊ Usually mitigated via increasing key length, as difficulty increases exponentially as key size increases, for example time to crack given a modern super computer.
Key Size Time To Crack
56 bits 399 seconds
128 bits 1.02 * 1018 years
192 bits 1.87 * 1037 years
256 bits 3.31 * 1056 years
◊ Side-Channel Attacks
§ Asymmetric Encryption
□ Key pairs have mathematical relationship
□ Each one can decrypt messages encrypted by the other.
□ Slow, but exchanging key is trivial
□ Very Mathematical
□ Anyone can know the Public Key
® The Public key can only be used to encrypt data
□ The Private key is kept secret, and never leaves the recipient's side.
® The Private key can only be used to decrypt data
® RSA (Rivest, Shamir and Adelman)
® The de-facto standard in the industry
® Public and Private keys are based on large Prime Numbers
§ Hybrid Encryption
□ Uses both Symmetric and Asymmetric encryption at the same time.
® Use the performance of Symmetric Crypto
® Convenience of sharing keys using Asymmetric Crypto
® HMAC for authentication.
□ Steps: (Order is very important)
® Party 1 (Alice)
1. Generates a random AES Session Key (32 bytes / 256 bits)
2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits)
3. Encrypt the message to be sent using the AES Session Key & IV
4. Calculate an HMAC of the encrypted message using the AES Session key
5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient.
6. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, and HMAC) to Bob
® Party 2 (Bob)
1. Decrypts Session key using his Private Key
2. Recalculates the HMAC of the encrypted message (Validates message integrity)
} If HMAC check pass
– Decrypts the message using the decrypted AES Session Key and Initialization Vector
} Otherwise, rejects the message because of integrity check failure.
Our facebook Page
On Sound Cloud
Please Like & Subscribe