Authentication is a type of security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. Basic requirements to achieve total authentication is that messages come from apparent source or author, unaltered contents, and sent at a certain time or sequence.
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. To better protect passwords, do not let anyone know about them and do not write on anywhere you can dream of. The criteria in choosing a good password are that the password is hard to guess but easy to remember, not shorter than six characters, not patterns from the keyboard, etc.
Encryption is the process of encoding a message so that its meaning is hidden while decryption is the reverse process – transforming an encrypted message back to its original form.
A system to encrypt and decrypt messages is called cryptosystem. There are two types of cryptosystems which are asymmetric and symmetric systems. The difference between these two systems is shown below:
When Symmetric algorithms are used, both parties share the same key for en- and decryption. To provide privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe anymore. Symmetric algorithms have the advantage of not consuming too much computing power.
Asymmetric algorithms use a pair of keys. One is used for encryption and the other one for decryption. The decryption key is typically kept secret, thus called private key, while the encryption key is spread to all who might want to send encrypted messages, therefore inherits the name public key. Those who possess the public key are able to send encrypted messages to the owner of the private key. The private key can't be reconstructed from the public key.
There are two methods of cryptography algorithms namely substitution algorithms which consists of monoalphabetic and polyalphabetic substitutions, and transposition algorithms consisting of keyed and unkeyed transposition.
One of the earliest creations of substitution ciphers is the Caesar cipher, which uses shifts of alphabets to replace with another. 1-25 shifts can be done using Caesar cipher. The second substitution cipher is the random (monoalphabetic) cipher whereby alphabet is written in a chosen order underneath the alphabet written in strict alphabetical order.
The Vigenere Cipher is a method of encrypting plaintext by using a series of different Caesar Ciphers based on the letters of a keyword, which is known as the simple form of polyalphabetic substitution.
The Vigenere Tableau
One way of decoding monoalphabetic substitution ciphers is conducting the frequency analysis and attack. There are some differences of the frequency analysis results between English language and Malay language. Breaking Vigenere Cipher isn’t easy and it was secure until after 301 years that Charles Babbage had successfully attacked the cipher. The main weakness of the Vigenere cipher is the repeating nature of the key itself.
Block and stream ciphers are two categories of ciphers used in classical cryptography. Block and stream ciphers differ in how large a piece of the message is processed in each encryption operation. Generally, block ciphers are more efficient for computers while stream ciphers are easier for humans t do by hand.
A Message Authentication Codes (MAC) algorithm is a short piece of information used to authenticate a message. A MAC algorithm, a.k.a keyed hash function, accepts as input a secret key and an arbitrary-length to be authenticated, and outputs a MAC.
The overview of the hash function is shown below:
A message sometimes can contain a digital signature which contains a cryptographic value. This is to provide data integrity and non-repudiation. Digital signatures can be generated from RSA algorithm.
Certification authority is a free body organization which issues digital certificates to websites which needs security certification in terms of user identity by assigning public and private keys. However, there are certain attacks that can be done on digital certificates by impersonating identities.
To facilitate the use of public cryptography, the Public Key Infrastructure is introduced. The following processes needs to be taken upon establishment of PKI:
- Key pairs for CAs are generated
- Key pairs for users are generated
- Users requests certificates
- Users’ identities verified
- Users’ key pairs verified
- Certificate produced and checked
- Certificates removed/updated when necessary
- Certificates revoked
Methods of attack are divided into two namely untargeted and targeted attacks. What I’m interested to know about in one of the methods of attack is the brute force attack, which is the exhaustive key search to try whatever combinations possible. Other attacks such as the replay attacks take encrypted information to be replayed at a later time period.