Read Aloud the Text Content

This audio was created by Woord's Text to Speech service by content creators from all around the world.

Text Content or SSML code:

Lecture Four: Confidentiality -1 1. Kerckhoffs's Principles: • Definition: These principles, developed by the cryptographer Auguste Kerckhoffs, suggest that a cryptographic system should remain secure even if everything about the system (like the algorithm) is known to an attacker, as long as the cryptographic key is kept secret. The security of the system should not depend on the secrecy of the algorithm itself. • Key Idea: The only thing that should remain secret is the key. The rest of the system—how it works, the algorithms used, and any potential vulnerabilities—can be public knowledge without compromising security. This principle is important because it allows cryptographic systems to be thoroughly tested, improved, and trusted by everyone. • Why This Is Important: If a cryptographic system relies on keeping the algorithm secret, it’s more vulnerable. Once the algorithm is discovered, the entire system is compromised. On the other hand, if only the key is secret, and the system itself is open to scrutiny, it becomes more secure because it can be tested by experts to ensure it withstands attacks. • Example: Modern cryptography, like AES, follows Kerckhoffs's Principles. The AES algorithm is publicly known and widely used, but its security relies solely on keeping the encryption key secret. Even though anyone can study how AES works, without the key, they cannot decrypt the data. 2. Key Rotation & One-Time Pad: • Static Keys: These are keys that stay the same over time. The disadvantage is that if the key is compromised, all communications using that key are vulnerable. • Rotatable Keys: These are keys that can be updated periodically to improve security. For example, if you change your password (key) every month, it’s harder for attackers to use a compromised key. • Rotating Keys: This refers to systems where keys change automatically after a certain time or after a certain number of uses. For instance, some secure messaging apps automatically rotate keys after every message, providing better security. • One-time pad is an encryption technique where a completely random key is used only once to encrypt a message. It is unbreakable if used correctly, but the key must be as long as the message and kept completely secret. Example: If Alice and Bob share a completely random one-time key, they can securely communicate. However, this system is impractical for long-term use because generating and securely sharing such long keys is difficult. 3. Stream Cipher, Block Cipher and Cipher Mode: • Stream Cipher: Encrypts data one bit or byte at a time. This is fast and ideal for streaming data (e.g., live video or voice calls). • Block Cipher: Encrypts data in fixed-size blocks, typically 64 or 128 bits at a time. It’s slower than stream ciphers but more secure for large chunks of data (e.g., encrypting files). • Cipher Mode: A cipher mode is a way to use a fixed-size block cipher with arbitrary-sized data. This is needed for the block-cipher due to small cipher width (AES 256 == 256 bit blocks). 4. KDF, HKDF, DES, 3DES, and AES: • Key Derivation Function: A KDF is a cryptographic function that derives a secure key from a password or other input data. It takes a potentially weak password and processes it to create a stronger encryption key that’s difficult to crack. KDFs often add extra security by incorporating salt (random data) and iteration, making it harder for attackers to guess the password through brute-force or dictionary attacks. Example: When creating a password for an encrypted file, a KDF like PBKDF2 or bcrypt strengthens the password into a secure key used for encryption. (Can safely turn one shared-secret into multiple shared-secrets deterministically). • HMAC-based Key Derivation Function: HKDF is a specific type of KDF that uses HMAC (Hash-based Message Authentication Code) to derive strong keys from weaker input material. It’s widely used in cryptographic protocols for securely expanding or managing keys. HKDF adds a layer of security by combining randomness with the original input, making the derived key cryptographically secure. Example: HKDF is commonly used in protocols like TLS (Transport Layer Security) and for secure communications between devices. It is favored for its simplicity, flexibility, and cryptographic strength. • Data Encryption Standard: DES is a symmetric key block cipher that was one of the earliest widely-used encryption standards, developed in the 1970s. It encrypts data in fixed-size blocks (64 bits) using a relatively short key length of 56 bits. Due to its short key size, DES is now considered vulnerable to brute-force attacks, where an attacker tries every possible key until the correct one is found. Example: DES was commonly used in older financial and security systems, but it has been replaced by stronger encryption algorithms today. (Not used). • Triple DES: 3DES is an extension of DES, which applies the encryption process three times with different keys to increase security. This method effectively increases the key length and makes it much more difficult for attackers to break the encryption using brute force. However, because it performs the encryption three times, it is slower than modern algorithms like AES. Disadvantage: While 3DES is more secure than DES, it is still slower and less efficient, and it has been phased out in favor of stronger and faster encryption standards. (is a weak cipher). • Advanced Encryption Standard: AES is a modern symmetric key block cipher that has become the encryption standard worldwide. It supports key lengths of 128, 192, or 256 bits, offering much stronger security than DES and 3DES. AES encrypts data in blocks of 128 bits and is designed to be both fast and secure, making it suitable for a wide variety of applications, from securing online communications to protecting sensitive data. Advantage: AES is highly secure, widely used (e.g., securing Wi-Fi and HTTPS connections), and efficient, making it the preferred encryption standard today.