***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/syp-architecture-and-design/blob/main/README.md) >

## CompTIA Security+ - Course Material 2022
###### Topic: ``Cryptography Concepts``
***

Course material for the ``CompTIA Security+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Cryptography Concepts](#a) <br/><br/>

- [``Kryptos``](#b) <br/><br/>
    - [``Plaintext``](#c) <br/><br/>
    - [``Ciphertext``](#c) <br/><br/>
    - [``Ciphers``](#c) <br/><br/>
    - [``Cryptanalysis``](#c) <br/><br/>
- [Keys](#d) <br/><br/>
    - [Stretching](#e) <br/><br/>
        - [Strengthening](#e) <br/><br/>
            - [Libraries](#f) <br/><br/>
                - [``bcrypt``](#f) <br/><br/>
                - [``PBKDF2``](#f) <br/><br/>
- [Lightweight Cryptography](#g) <br/><br/>
- [Homomorphic Encryption](#h) <br/><br/>
    - [``HE``](#h) 
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Cryptography Concepts
***

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### ``Kryptos``
***

The word cryptography is derived from the Greek word ``kryptos``, which means hidden or secret - certainly how we use cryptography in IT securit. 

This includes ``Confidentiality``, which means we can make information secretive - can encrypt data so that nobody else can see that data. 

Can also provide ``Authentication`` and ``Access Control``, so that we can verify a person who might be logging into a system is really that person.

Can provide ``Non-repudiation``, which means if someone sends us information, we can verify that they were really the person who provided us with that information. 

Cryptography also provides us with a way to verify ``Integrity`` - if we download a file or an email, we can verify that that email or that file was never changed from the time that it was originally sent.

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### Plaintext - Ciphertext - Ciphers - Cryptanalysis
***

``Plaintext`` this is the unencrypted message that you usually start with - often refer to this as ``in-the-clear`` message. 

When we encrypt this ``plaintext``, it’s called a ``ciphertext``  because we used a cipher to be able to encrypt and protect the information contained in that ``plaintext``.

If you’re a researcher who’s trying to find vulnerabilities in these ``Ciphers``, then you’re performing ``Cryptanalysis`` - this is the art of cracking the encryption that already exists and finding those vulnerable ciphers is an important part of cryptography - allows us to identify and stop using vulnerable cryptography and focus instead on using strong cryptography.

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### Keys
***

When you’re encrypting data, it’s very common for everyone to understand the encryption and decryption process and very commonly, those ciphers are publicly available for anyone to read. 

The part that is unknown is the ``Key``. 

The cryptographic key is information that is added to the cipher to be able to encrypt the plaintext. 

Usually, larger keys create more secure encrypted data and sometimes using multiple keys in this encryption cipher create another level of protection.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### Keys - Key Stretching - Key Strengthening
***

Because larger keys tend to be more secure, we like to use encryption methods that use the largest possible keys but we don’t always have a large encryption key that we’re able to use, so instead of using a large encryption key, we’ll take a relatively small encryption key and find ways to make it larger. 

For example, we could hash a password and then hash the hash of the password, and so on - this is sometimes referred to as key stretching, or key strengthening.

This makes it very difficult for an attacker to be able to brute force the original ``plaintext`` - they would have to brute force each one of the subsequent hashes to be able to finally get back to the original plaintext - this means the attacker has to spend much more time on the brute force process, making it that much more difficult to be able to determine what the original plaintext might have been.

< [Table of Contents](#top) | [References](#references) >
<a id="f"></a>
***
###### Keys - Key Stretching - Key Strengthening - Libraries - ``bcrypt`` - ``PBKDF2``
***

Fortunately if you’re a programmer, you don’t have to create one of these key-stretching algorithms from scratch - there are a number of libraries that already exist to do this, for example, the ``bcrypt`` library will generate hashes from passwords and it is an extension to the already existing UNIX crypt library - ``bcrypt`` uses the ``Blowfish Cipher`` to perform these multiple rounds of hashing on the plaintext.

Another common key-stretching library is the ``PBKDF2`` - this is the ``Password-based Key Derivation Function 2``. 

It’s part of the ``RSA`` public key cryptography standards, and it’s a library that you can use to make your applications much more secure.

< [Table of Contents](#top) | [References](#references) >
<a id="g"></a>
***
###### Lightweight Cryptography
***

If performing a cryptographic function, this usually requires extensive CPU and additional resources but there’s a type of cryptography that’s focused on providing these cryptographic functions without having a high-end CPU, and without using a lot of power - this is ``Lightweight Cryptography`` and the emphasis of this line of research is coming from internet of things devices, or IoT devices, which have limited CPU and limited power available. 

There’s a great deal of research being done on lightweight cryptography and it’s being led by the ``National Institute of Standards and Technology``, or ``NIST``.

They want to find ways to provide the most powerful cryptography using the least amount of power, which would be perfect for these internet of things devices. 

< [Table of Contents](#top) | [References](#references) >
<a id="h"></a>
***
###### Homomorphic Encryption - ``HE``
***

Another emerging cryptographic technology is ``Homomorphic Encryption``, or ``HE``. 

When you work with encrypted data, it’s very difficult to perform some type of action to that data - would commonly need to decrypt the data, perform the function on the decrypted data, and then re-encrypt the answer once you have it. 

With ``HE``, you perform the calculation, while the data remains encrypted - can perform calculations on data, in its encrypted form, and save the results as encrypted data, the entire time never having decrypted any of that information.

This provides a number of advantages, especially if you’re storing information in the cloud - that data can always be in an encrypted form and it also allows people to perform actions on this data, and get research information from the data, without ever having access to the original data source.

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

J. "Professor" Messer, "CompTIA Security+ (SY0-601) Course Notes," [professormesser.com](https://web.archive.org/web/20220521181010/https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/), September 2021.

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK