# Cryptography
### Objectives

* Compare and contrast cryptographic ciphers.
* Summarize cryptographic modes of operation.
* Summarize cryptographic use cases and weaknesses.
* Summarize other cryptographic technologies.

A cipher is the particular operations performed to encode or decode data. Modern cryptographic systems make use of symmetric and asymmetric cipher types to encode and decode data. 

Cryptography - Secret writing art of ecoding and decoding data
* Plain text - unencrypted data
* Ciphertext - encrypted message
* Cipher - Process/algo used in encoding and decoding
* Cryptoanalysis - art of cracking crypto systems

### Hashing - 
* Simplest
* produces fixed output kength from any plain text length
* output reffered to as checksum, message digest, hash
* designed so that it is impossible to recover the plaintext data from the digest (one-way) and so that different inputs are unlikely to produce the same output (with a reduced chance of a collision).
* Avalache - small effect on plain text > diff in output
* Collision resistance
* PreImage resistance  
* Plain text cannot be recovered

Popular algos - 
* Secure Hash Algorith(SHA) - Strongest algo, popular variant is SHA-256
* Message Digest Algorithm(MD5) - produces a 128-bit digest

### Encryption ciphers and keys
Enables encoding and decoding using a key

#### Substitution ciphers
A substitution cipher involves replacing units (a letter or blocks of letters) in the plaintext with different ciphertext.
* ROT13 (an example of a Caesar cipher) rotates each letter 13 places (so A becomes N for instance). The ciphertext "Uryyb Jbeyq" means "Hello World".

#### Transportation Ciphers
In a transposition cipher stay the same in plaintext and ciphertext, but their order is changed, according to some mechanism. Consider how the ciphertext "HLOOLELWRD" has been produced:
~~~ text
H L O O L

E L W R D
~~~
#### Keys and secret Ciphers
Encryption ciphers use a key to increase the security of the process. For example, if you consider the Caesar cipher ROT13, you should realize that the key is 13. You could use 17 to achieve a different ciphertext from the same method.
Attempting to hide details of the cipher (a secret algorithm) amounts to "security by obscurity." Modern ciphers are made stronger by being open to review (cryptanalysis) by third-party researchers.

### Symmetric Encryption
One in which encryption and decryption are both performed by the same secret key. 
Used in bulk encryption of data
* Stream Ciphers - each byte or bit of data in the plaintext is encrypted one at a time. 
* Block ciphers - he plaintext is divided into equal-size blocks (usually 128-bit).

The Advanced Encryption Standard (AES) is the default symmetric encryption cipher for most products. Basic AES has a key size of 128 bits, but the most widely used variant is AES256, with a 256-bit key. 

### Asymmetric Encryption / Public Key Cryptography Algorithms
With an asymmetric cipher, operations are performed by two different but related public and private keys in a key pair. 
* To prove identity
* Too much computational power
* Cannot be larger than key size
* mostly used for authentication and non-repudiation and for key agreement and exchange. Key agreement/exchange refers to settling on a secret symmetric key to use for bulk encryption without anyone else discovering it.

Ron Rivest, Adi Shamir, and Leonard Adleman published the RSA cipher in 1977 [text](rsa.com).
Trapdoor Function -  it is easy to perform using the public key, but difficult to reverse without knowing the private key.

Elliptic curve cryptography (ECC) is another type of trapdoor function that can be used in public key cryptography ciphers. ECC used with a key size of 256 bits is very approximately comparable to RSA with a key size of 2048 bits.

RSA key pair security depends on the difficulty of finding the prime factors of very large integers (modular exponentiation). ECC depends on the discrete logarithm problem.
Overview of the differences btwn the two [link](blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography).


### Cyrogtaphic Modes of Operation
A mode of operation is a means of using a cipher within a product to achieve a security goal, such as confidentiality or integrity. 

#### Digital signatures
Public key cryptography can only be used with very small messages, however. Hashing proves integrity by computing a unique checksum from input. These two cryptographic functions can be combined to authenticate a sender and prove the integrity of a message, with a digital signature.

#### Digital Envelopes and Key Exchange
A digital envelope allows the sender and recipient to exchange a symmetric encryption key securely by using public key
* A Obtains Public key
* A encrypts the message using secret cipher key, AES,session key
* A encrypts session key using B`s public key
* A attaches encrypted session key to ciphertext message in digital envelope and sends to B
* B uses private key to decrypt session key
* B uses session key to decrypt ciphertext message

#### Digital certificates
Only the intended recipient can decrypt a message in public/private key 
Only issue is trusting the source of public key. 
A third party, Certificate Authority(CA), validates owner of public key by issuing the subject with certificate.
If both trust CA,  they can also trust the public key wrapped in the subject's certificate. 
The process of issuing and verifying certificates is called public key infrastructure (PKI).

#### Perect Forward Secrecy
In this key exchange model, if data from a session were recorded and then later the server's private key were compromised, it could be used to decrypt the session key and recover the confidential session data.
This risk from RSA key exchange is mitigated by ** perfect forward secrecy (PFS) **. PFS uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using 
the server's private key. **

Implimented using:
*  Diffie-Hellman Ephemeral mode (DHE or EDH)
*  Elliptic Curve Diffie-Hellman Ephemeral mode (ECDHE)

Bug on private key [link] https://owasp.org/www-community/vulnerabilities/Heartbleed_Bug.

#### Cipher Suites and Modes of Operation
The combination of ciphers supported is referred to as a cipher suite. 
* Signature algorithm - Assert the identity of the server's public key and facilitate authentication.
* A key exchange/agreement algorithm, used to derive the same bulk encryption symmetric key.
* Mode of operation - determines the bulk encryption cipher

##### Cipher Block Chaining(CBC) Mode
* Applies Initialization Vector(IV) to 1st plaintext block - Ensures key produces unique ciphertext
* Output from first ciphertext block is combined with next plaintext block using XOR.
* Process is repeated through the full "chain" of blocks, which (again) ensures that no plaintext block produces the same ciphertext. 
* CBC needs to use padding to ensure that the data to encrypt is an exact multiple of the block size.

##### Counter Mode
* Makes the AES algorithm work as a stream cipher
* Applies an IV plus incrimenting counter value to the key to generate a keystream.
* Keystream is then XOR to the data in plaintext blocks.
* Each block can be processed individually and consequently in parallel, improving performance
* Counter modes do not need to use padding. Any unused space in the last block is simply discarded.

### Authenticated Modes of Operation
Symmetric algos do not provide for message integrity/authentication.
The ciphertexts are vulnerable to arbitrary data being inserted or modified to break the encryption scheme, referred to as a chosen ciphertext attack.
#### Authenticated Encryption
Message Authenticated Code(MAC) - 
* By hashing a combination of the message output and a shared secret key. The recipient can perform the same process using his or her copy of the secret key to verify the data. This type of authenticated encryption scheme is specified in a cipher suite as separate functions, such as "AES CBC with HMAC-SHA." 
* Vulnerable to a type of cryptographic attack called a padding oracle attack [link text](docs.microsoft.com/en-us/dotnet/standard/security/vulnerabilities-cbc-mode)

#### Authenticated Encryption with Additional Data(AEAD) - 
* The associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream.
* An AEAD mode is identified by a single hyphenated function name, such as AES-GCM or AES-CCM. The ChaCha20-Poly1305 stream cipher has been developed as an alternative to AES.

## Cryptographic Use Cases and Weaknesses
Cryptographic primitive - A single hash function, symmetric cipher, or asymmetric cipher

Cryptography support - 
* Confidentiality 
    - File encryption (data at rest)
    - Transport Encryption (data in motion)

* Integrity and Resiliency 
    - Integrity is proved by hashing which provides for if data has been tampered
    - A basic hash function can also be used with a shared secret to create a message authentication code (MAC), which prevents a man-in-the-middle tampering with the checksum.
    - A system is seen as resilient when a partial compromise of the system does not allow compromise of the whole system. 
    - Obfuscation is the art of making a message difficult to understand. Source code is written in a way that for a person to understand whats going on.
    - Attempts to protect an embedded key while preserving the functionality of the code—known as white box cryptography—have all been broken. 

* Performance limitations
    - Speed 
    - Time/latency 
    - Size
    - Computational overheads
    - Low Power devices
    - Low latency uses

Resource constraints may require you to make a tradeoff between security and performance, but you cannot trade too far.  
* Entropy and weak keys 
    - Entropy is the measure of disorder
    - The programming/library for implimentation may poss some weakness
        - An example of this is a bug in the pseudo-random number generator for the OpenSSL server software for Debian Linux, discovered in 2008 [link](wiki.debian.org/SSLkeys). 
    - A weak key is one that produces ciphertext that is lower entropy 
        - DES and RC4 are examples of algorithms known to have weak keys. 
        -  Consequently, the true random number generator (TRNG) or pseudo RNG (PRNG) module in the cryptographic implementation is critical to its strength.
    
* Predictability and reuse
    - The RC4 stream cipher exhibit predictability
    - Nonce (Number used once within the same scope) 
    - Initialization venctor - has to be random and not reused
    - Salt - A random int/str added on

* Longetivity and Cryptographic Attacks 
    - longevity is a measure of the confidence that people have in a given cipher
    - longevity is the consideration of how long data must be kept secure

* Man in the middle and downgrade attacks
    - A downgrade attack can be used to facilitate a man-in-the-middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.

* Salting 
    - Passwords stored as hashes are vulnerable to brute force and dictionary attacks. 
    - Both these attacks can be slowed down by adding a salt value when creating the hash, so you compute:

        > (salt + password) * SHA = hash 
    - It simply means that an attacker cannot use pre-computed tables of hashes. The hash values must be recompiled with the specific salt value for each password.

* Key stretching 
    - Takes a key that's generated from a user password and repeatedly converts it to a longer and more random key 
    - The Password-Based Key Derivation Function 2 (PBKDF2) is very widely used for this purpose, notably as part of Wi-Fi Protected Access (WPA).

* Birthday Attack 
    - A type of brute force attack aimed at exploiting collisions in hash functions.

* Collisons 
    - Where a function produces the same hash value for two different plaintexts. This type of attack can be used for the purpose of forging a digital signature. 
        - The attacker creates a malicious document and a benign document that produce the same hash value. The attacker submits the benign document for signing by the target.
        - The attacker then removes the signature from the benign document and adds it to the malicious document, forging the target's signature.
    - To exploit the birthday paradox, the attacker generally has to be able to manipulate both documents/messages, referred to as a chosen prefix attack [link](sha-mbles.github.io). 
    - The birthday paradox method has been used successfully to exploit collisions in the MD5 function to create fake digital certificates that appear to have been signed by a certificate authority in a trusted root chain [link](trailofbits.files.wordpress.com/2012/06/flame-md5.pdf).


## Other Cryptographic Technologies
It is important that you keep up to date with these trends so that you can recognize new opportunities for implementing better security controls and threats to existing controls caused by technological progress

#### Quantam and Post-quantam
Computers that use properties of quantum mechanics to significantly out-perform classical computers at certain tasks.
* Computing
    - It processes using qubits(quantam bits).
    - A qubit can be set to 0 or 1 or an indeterminate state called a superposition, where there is a probability of it being either 1 or 0. 
    -  This makes quantum very well-suited to solving certain tasks, two of which are the factoring problem that underpins RSA encryption and the discrete logarithm problem that underpins ECC.

* Communications
    - The properties of entanglement, superposition, and collapse suit the design of a tamper-evident communication system that would allow secure key agreement.

* Post-Quantam
    - Refers to the expected state of computing when quantum computers that can perform useful tasks are a reality.
    - NIST is running a project to develop cryptographic ciphers that are resistant to cracking even by quantum computers [link](csrc.nist.gov/Projects/Post-Quantum-Cryptography). 
    - Cryptographic agility refers to an organization's ability to update the specific algorithms used across a range of security products without affecting the business workflows that those products support.

* Lightweight Cryptography
    - Another problem affecting current cryptographic ciphers is use on low-power devices.
    - NIST for low power, minimal CPU, Memory resources [link](csrc.nist.gov/projects/lightweight-cryptography)

#### Homomorphic encryption
Principally used to share privacy-sensitive data sets.
It allows the receiving company to perform statistical calculations on fields within the data while keeping the data set as a whole encrypted.

#### Blockchain
- For now embrassed in cryptocurrency

#### Steganography(Hidden writing)
Information is embedded in anything(Covertext)
Steganography tool used to facilitate/detect hidden message







In [3]:
### hashing using sha256
import hashlib

# Input data
input_data = "Hello, World!"

def hashh(i):
    # Create a hashlib object using SHA-256
    hash_object = hashlib.sha256()

    # Update the object with the input data
    hash_object.update(i.encode('utf-8'))

    # Get the hash value
    hash_value = hash_object.hexdigest()
    return hash_value

print(hashh(input_data))
print(hashh(input_data) == hashh(input_data))



dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f
True


In [6]:
### symmetric encryption
from cryptography.fernet import Fernet

# Generate a random symmetric key
key = Fernet.generate_key()

# Initialize the Fernet cipher with the key
cipher_suite = Fernet(key)

# Data to be encrypted
data_to_encrypt = b"Hello, this is a secret message!"

# Encrypt the data
encrypted_data = cipher_suite.encrypt(data_to_encrypt)

# Decrypt the data
decrypted_data = cipher_suite.decrypt(encrypted_data)

print("Original Data:", data_to_encrypt)
print("Encrypted Data:", encrypted_data)
print("Decrypted Data:", decrypted_data.decode('utf-8'))


Original Data: b'Hello, this is a secret message!'
Encrypted Data: b'gAAAAABlN14DpHlX73Im92nO3RBKS0lyi3Zy7kpm9QUwwkDVdiwLatnY8AyPUk01jEFNdrdHNYS-6BEtRbupCpDfWhUAf9U-_-BiG6huCMKRMQzNbAlOQeLSIVJzfpBZyLo5aZnYKB7H'
Decrypted Data: Hello, this is a secret message!


In [1]:
# rsa encryption

from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes

# Generate a new RSA key pair
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
    backend=default_backend()
)

# Serialize the public key
public_key = private_key.public_key()
public_key_pem = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)

# Encrypt a message using the public key
message = b"Hello, World!"
ciphertext = public_key.encrypt(
    message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

# Decrypt the ciphertext using the private key
plaintext = private_key.decrypt(
    ciphertext,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)
print(f'Encrypted Message {ciphertext}')
print("Original Message:", message.decode('utf-8'))
print("Decrypted Message:", plaintext.decode('utf-8'))


Encrypted Message b'c\x91\x98p\xeeh\xf29\xac+\xc3\xa1\x1b\x95\xe9\xd4\xee\xabi\xcbG\xe5\xe7\xb0y\x8b\x9d\xffr\x9c\xca\x85\xdb\x89\xf87!\xc3\xdcO\xf6~.\xf6^\x9889mh\x81\x8ar\xe2\xeb\x05cw\xa3\x0b\xa6\xb24\x14_7>\xc7\xed\xed|\x9d\xc2\xfeVn\xc3\x92\xe1N\x15\x02\x8a\xaa\xb2C\x96_\xd4\xcby \xa1\xbf\xf3Z\x0f\xde\xa8\t\x90\xfb\x97\xfc\x04\xbbq\xf4Z\xc5p"2\xf3\xc0 \xe9\x8eTJ\x8b\xb3\x98\x9adN\x05\x82\x961\x8e\x0fm\xd6\xdf`\xa7\x10{\x85\x80\xcb\x95\xda\xeeT\x00\x18\xa1;P\xa1\x87h!J\x9ayb\x08\xb4\xddWG~\xb6\xa6,\xce^L\x868M\x0b\xaf\x8a[\xaa\x00\x9f\xa7#\xd3\x91\x14j\xd1\xe7iHBi\x8e\x10=|\xe5.#\xd6\x8c\xf8\xfeC)\xfc\xc6~\xd2\tc\x9d@\xd6\x8cLR\xf6\xcbR\xe6\xfc\xb0_\xbb\xc9\xf6\xe2\xb5i\xfa\x0f\x8a\x10\xaf\x06\x0f\xc7\xd6\xf4\xd2:\x9f\x0f\x8f\xca^\x0e\x90\x99\xb0}\xf9\xe2\xa3'
Original Message: Hello, World!
Decrypted Message: Hello, World!
