***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/syp-architecture-and-design/blob/main/README.md) >

## CompTIA Security+ - Course Material 2022
###### Topic: ``Stream and Block Ciphers``
***

Course material for the ``CompTIA Security+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Stream and Block Ciphers](#a) <br/><br/>

- [Stream Ciphers](#b) <br/><br/>
    - [``Symmetric Encryption``](#b) <br/><br/>
        - [Randomization](#b) <br/><br/>
            - [``IV``](#b) <br/><br/>
- [Block Ciphers](#c) <br/><br/>
    - [``Symmetric Encryption``](#c) <br/><br/>
        - [Short Blocks](#c) <br/><br/>
            - [``Padding``](#c) <br/><br/>
    - [Modes of Operation](#d) <br/><br/>
        - [Electronic Codebook](#e) <br/><br/>
            - [``ECB``](#e) <br/><br/>
                - [``Salt``](#f) <br/><br/>
        - [Cipher Block Chaining](#g) <br/><br/>
            - [``CBC``](#g) <br/><br/>
                - [``XOR`` ](#g) <br/><br/>
        - [Counter](#h) <br/><br/>
            - [``CTR``](#h) <br/><br/>
        - [Galois / Counter Mode](#i) <br/><br/>
            - [``GCM``](#i) 
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Stream and Block Ciphers
***

To encrypt some information, there are a number of different techniques you can use to take something that is plaintext and turn it into ciphertext - perform a stream cipher - use a block cipher. 

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### Stream Ciphers - ``Symmetric Encryption`` - Randomization - ``IV``
***

Encrypt one byte at a time, so we will take our plaintext, grab the first byte, we’ll encrypt that byte, and we’ll store the encrypted information - then we’ll take the second byte and we’ll encrypt that byte and store that second byte and so on.

This allows us to encrypt very quickly because we can do this one byte at a time instead of using larger groups of data to encrypt at a single time - this also means that we would not need as complex a hardware or CPU infrastructure to be able to encrypt just a single byte of information. 

Often will see stream ciphers used with ``Symmetric Encryption`` where there is a single key that’s used for encryption and that same key is used for decryption - don’t often see ~~``Asymmetric encryption``~~ used in these stream ciphers because of the overhead and additional time it takes to be able to encrypt and decrypt with asymmetric encryption.

One of the challenges you have with stream ciphers is you don’t know what’s coming later in the stream until you get to that particular byte and that means randomization of this data could be challenging, especially if multiple bytes are input into the stream that are identical - end up with identical bytes on the encrypted side, so there’s often an ``Initialization Vector`` (``IV``), that is added to the stream cipher to add some randomization to the encryption process.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### Block Ciphers - ``Symmetric Encryption`` - Short Blocks - ``Padding``
***

Encrypting a fixed length block of information at a time, so instead of taking a single byte, it will take a block of bytes and encrypt that entire block at one time - usually will see this with 64-bit or 128-bit blocks and if the input into this block cipher doesn’t match 64 or 128 bits, we’ll often add padding onto that to fill in any of those short blocks. 

Like stream ciphers, block ciphers also commonly use ``Symmetric Encryption`` so that they can encrypt as quickly as possible with a minimum of overhead.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### Block Ciphers - Modes of Operation
***

There are many different ways to encrypt a block of information, and we call these different methods ``Modes of Operation`` - for each of these modes of operation, it’s a similar type of input - need a block of data and it’s a standard sized block of data for each of these modes.

Also going to have a specialized form of encryption that differs depending on the mode of operation. 

The method used for encryption for one mode of operation is often quite different than the method used in another mode of operation. 

These block ciphers will start by taking data and splitting them into smaller fixed length blocks - if you do end up with a block at the end that does not fill in the entire length of that block, we’ll often use padding just before the encryption process.

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### Block Ciphers - Modes of Operation - Electronic Codebook - ``ECB``
***

One of the simplest modes of operation for block ciphers is ECB, or Electronic Codebook - this is going to use a single encryption key and perform exactly the same encryption for every block in the series. 

Start with some plain text, use our ``Symmetric Key`` to be able to encrypt that data, and we’ll end with some ciphertext. 

![image.png](attachment:image.png)

Then grab the second block of information, perform the same encryption using the same encryption key, and we’ll have some ciphertext as the output.

![image.png](attachment:image.png)

Then  grab another block of information, perform exactly the same encryption with the same key, and we have some ciphertext in the output and we will continue that process all the way through the file until we have encrypted all of the blocks of that file. 

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="f"></a>
***
###### Block Ciphers - Modes of Operation - Electronic Codebook - ``ECB`` - ``Salt``
***

Each block is encrypted exactly the same way, so if the input is identical, then the output will be identical for every block - taking an example of this where we have an image and we would like to perform an ``Electronic Codebook`` encryption of that image.

![image.png](attachment:image.png)

Taking one block at a time from this entire view - if there’s no randomization, or no salt added to this encryption process, we would end up with output that looks just like this:

![image.png](attachment:image.png)

Although this ciphertext is not identical to the original plaintext, it’s still close enough that we could tell what the plaintext was originally.

This is one of the reasons why ``Electronic Codebook`` may not be the best block cipher to use in all scenarios. 

< [Table of Contents](#top) | [References](#references) >
<a id="g"></a>
***
###### Block Ciphers - Modes of Operation - Cipher Block Chaining - ``CBC`` - ``XOR`` 
***

Another common mode of operation is ``Cipher Block Chaining`` (``CBC``). 

Cipher Block Chaining adds some randomization, which gets around a number of the problems we saw with ``Electronic Codebook``. 

Each block is ``XOR`` (``Exclusive Or``) with the previous ciphertext block - means that we perform a different set of input and output to that data to add some randomization.

> Input ``2-bits`` that are ``identical``, the output is ``0``.

> Input ``2-bits`` that are ``different``, the output is a ``1``.

This adds some randomization to the final result. 

This process usually starts with the first block, which is an ``IV``, or ``Initialization Vector``, that’s used instead of performing the ``XOR``. 

This encryption process is very similar to the Electronic Codebook - we do have plaintext and we have a block cipher encryption with a symmetric key and then we have the ciphertext output but just before the encryption occurs, you’ll notice that we’re adding some additional data, this is our ``Initialization Vector``, or ``IV``, and this is going to add additional randomization to the final ciphertext. 

![image.png](attachment:image.png)

On the second block of data, we’re going to use the resulting ciphertext as the ``Initialization Vector`` for the next block. 

![image.png](attachment:image.png)

Can see by adding this additional randomization to the encryption process, our ciphertext will be different every time even if the plaintext is identical.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="h"></a>
***
###### Block Ciphers - Modes of Operation - Counter - ``CTR``
***

Another common type of block cipher mode is the ``Counter`` mode (``CTR``). 

``Counter`` mode uses an incremental counter to be able to add randomization to the encryption process. 

Starts with the incremental ``Counter``:

![image.png](attachment:image.png)

Then we encrypt that ``Counter`` with the ``Block Cipher Encryption``:

![image.png](attachment:image.png)

After that encryption has been done, we will perform the exclusive or to the plaintext to finally create the ciphertext.

![image.png](attachment:image.png)

Instead of using the results of this encryption on the next block, we’ll instead simply increment the counter and then perform exactly the same encryption with the next block of plaintext to create the next set of ciphertext.

![image.png](attachment:image.png)

These modes of operation can not only provide encryption but can also provide authentication. A good example of this is GCM, or the Galois Counter Mode, which combines counter mode with Galois authentication - this provides us with a way to not only encrypt data very quickly but make sure that we can authenticate where the data came from.

This is commonly used in wireless connectivity, IPsec communication, and if you’re connecting to a server using SSH or TLS, then you’re probably using Galois Counter Mode.

< [Table of Contents](#top) | [References](#references) >
<a id="i"></a>
***
###### Block Ciphers - Modes of Operation - Galois / Counter Mode - ``GCM``
***

These modes of operation can not only provide encryption but can also provide authentication. 

A good example of this is the ``Galois/Counter Mode`` (``GCM``), which combines ``Counter`` mode with ``Galois Authentication`` - provides a way to not only encrypt data very quickly but make sure that we can authenticate where the data came from. 

Commonly used in wireless connectivity, IPsec communication, and if you’re connecting to a server using SSH or TLS, then you’re probably using Galois Counter Mode.

![image.png](attachment:image.png)

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

J. "Professor" Messer, "CompTIA Security+ (SY0-601) Course Notes," [professormesser.com](https://web.archive.org/web/20220521181010/https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/), September 2021.

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK