𝛑
𝛑
Posts List
  1. 0x00 Preface
  2. 0x01 Cryptography Fundamentals
    1. 1. Common Threats and Corresponding Cryptographic Technologies
    2. 2. Basic Cryptographic Technologies and Common Sense
    3. 3. Symmetric Cryptography
      1. 3.1 DES and 3DES
      2. 3.2 AES
      3. 3.3 Comparison of Padding Modes
    4. 4. Asymmetric Cryptography
      1. 4.1 RSA
        1. 4.1.1 RSA Encryption and Decryption
        2. 4.1.2 Signing and Verification
      2. 4.2 ECC
        1. 4.2.1 DH Exchange
      3. 4.3 Applications and Attack Methods:
      4. 4.4 Hybrid Cryptosystem
    5. 5. One-Way Hash Functions
    6. 6. Message Authentication Code
      1. 6.1 Implementation Methods
      2. 6.2 Applications and Attack Methods
    7. 7. Pseudo-Random Number Generation
    8. 8. PGP
    9. 9. Information Security Common Sense About Cryptographic Systems
  3. 0x02 Crypto Infrastructure
  4. 0x03 Summary
  5. 0x04 References

Applied Cryptography and Crypto Infrastructure

0x00 Preface

Before diving into crypto infrastructure, I’ll introduce some cryptography fundamentals. But I need to clarify upfront that I can only understand and apply these concepts - I’m no expert. So if there are any mistakes in this article, please point them out. If you only care about the practical experience of building crypto infrastructure, feel free to jump directly to section 0x02.

0x01 Cryptography Fundamentals

The cryptography basics in the following sections are mainly summarized from my reading notes of “Understanding Cryptography with Illustrations”. The images in this section are from the original text. A friend told me this is a “holy book”, which I think is a bit much - but it is indeed a good book, because it helps readers with weak math backgrounds quickly understand cryptography fundamentals.

1. Common Threats and Corresponding Cryptographic Technologies

image

2. Basic Cryptographic Technologies and Common Sense

Basic cryptographic technologies are divided into six parts: Symmetric Cryptography, Asymmetric Cryptography, one-way hash functions, message authentication codes, digital signatures, and pseudo-random number generators.

image
image

Most cryptographic technologies require keys, and there’s a valuable principle here - keys are equivalent to plaintext (meaning if plaintext is worth $1M, then the key is also worth $1M).

Here are various different types of keys:

  1. Symmetric cryptography keys vs public key cryptography keys
  2. Message authentication code keys vs digital signature keys
  3. Keys for ensuring confidentiality vs keys for authentication
  4. Session keys vs master keys
  5. Keys for encrypting content vs keys for encrypting keys
  6. Password Based Encryption (PBE)

3. Symmetric Cryptography

Symmetric cryptography can be divided into two categories: stream ciphers and block ciphers. As the names suggest, stream ciphers encrypt each bit individually, while block ciphers encrypt blocks of plaintext. Block ciphers can only process a specific length of data (block) at a time. Below I’ll mainly introduce block ciphers.

Symmetric cryptography encryption and decryption mainly rely on XOR operations on bits. Suppose the plaintext is 010101 and the key is 111111, then the XOR result ciphertext is 101010. Conversely, when decrypting the ciphertext, XOR it with the key to get 010101.

0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0

3.1 DES and 3DES

DES stands for Data Encryption Standard. It was adopted by FIPS in 1977, with the basic structure being a Feistel network/structure. It should not be used for existing or new encryption purposes now.

In a Feistel network, encryption and decryption can be implemented with exactly the same structure. The encryption steps are called rounds, and the number of rounds can be increased arbitrarily.

image

DES is a 16-round Feistel network. That is, after each input-output, the left and right sides are swapped, and then a new subkey is used to perform XOR through the round function.
Here’s a three-round Feistel network. Remember that DES has 16 rounds.
image

3DES is obtained by repeating DES 3 times.
image

But you can see that the 3DES encryption process is encrypt-decrypt (this step is for backward compatibility)-encrypt. If DES keys 1, 2, and 3 are the same, then 3DES is actually the same as DES. If 1, 2, and 3 use completely different keys, it’s called DES-3DES. If 1 and 3 are the same and 2 is different, it’s called DES-EDE2.

3DES is currently temporarily allowed, but should not be used for new purposes.

3.2 AES

AES stands for Advanced Encryption Standard, selected by NIST as a FIPS standard. I initially thought AES was just one algorithm, but actually AES was selected from a series of algorithms. Recruitment started in 1997 (5 finalists from 15 algorithms), and in 2000 the block cipher Rijndael was selected (by Belgian cryptographers Joan Daemen & Vincent Rijmen).

Rijndael also consists of multiple rounds, but uses an SPN structure instead of a Feistel network. It mainly consists of SubBytes (processing 16-byte blocks to obtain a substitution table S-Box with 256 values), ShiftRows (shifting rows of 4-byte units to the left according to certain rules, with different shift amounts for each row), MixColumns (bit operations on a 4-byte value), and AddRoundKey (XOR the output of MixColumns with the round key). Completing SubBytes->AddRoundKey is one round, and Rijndael structure needs to repeat 10-14 rounds. For decryption, the order is reversed: AddRoundKey -> InvMixColumns -> InvShiftRows -> InvSubBytes.

3.3 Comparison of Padding Modes

Block ciphers mean they can process specific lengths, so to handle arbitrary lengths, we need to iterate the block cipher. The iteration method is called a mode.

image

Comparison of OFB mode and CTR mode
image

Comparison of CFB mode and OFB mode
image

4. Asymmetric Cryptography

Also known as Public-Key Cryptography, it mainly relies on the principle that humans currently cannot quickly solve discrete logarithms.

image

4.1 RSA

4.1.1 RSA Encryption and Decryption

image
image

4.1.2 Signing and Verification

image

There are generally two forms: one is to directly sign the message, and the other is to sign the hash value of the message.
image

4.2 ECC

ECC stands for Elliptic Curve Cryptography.

It mainly includes three aspects:

  • Elliptic curve-based public key cryptography
  • Elliptic curve-based digital signatures
  • Elliptic curve-based key exchange

4.2.1 DH Exchange

image

4.3 Applications and Attack Methods:

Applications:

  • Public key certificates
  • SSL/TLS

Attack methods:

  • Man-in-the-middle attacks
  • Attacks on one-way hash functions
  • Attacking public key cryptography using digital signatures
  • Potential forgery

4.4 Hybrid Cryptosystem

Simply put, it uses asymmetric cryptography to protect symmetric keys, and uses symmetric keys to encrypt and decrypt data.

Encryption
image

Decryption
image

5. One-Way Hash Functions

One-way hash functions are also called message digest functions, hash functions, or hashing functions.
The input is called a message (also called pre-image), and the output is called a hash value (also called message digest or fingerprint).

Can detect tampering, but cannot identify impersonation.

Characteristics:

  1. Calculate a fixed-length hash value from a message of any length
  2. Can quickly calculate the fixed-length hash value
  3. Different messages produce different hash values (collision resistance)
  4. One-way property

Applications:

  • Detecting software tampering
  • Password-based encryption
  • Message authentication codes
  • Digital signatures
  • Pseudo-random number generators
  • One-time passwords

Common one-way hash functions:

  • MD4, MD5
  • SHA-1, SHA-256, SHA-384, SHA-512
  • RIPEMD-160
  • SHA-3

6. Message Authentication Code

Message Authentication Code (MAC) takes any-length messages and a key shared between sender and receiver as input, and outputs fixed-length data, the MAC value.

Can detect tampering and impersonation, but cannot provide proof to third parties or prevent repudiation.

6.1 Implementation Methods

  1. Implementation using one-way hash functions
    HMAC constructed using SHA1, SHA-224, SHA-256, SHA-384, SHA-512 are called HMAC-SHA1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 respectively.
    image
  2. Implementation using block ciphers
  3. Other methods (stream ciphers, public key cryptography)

6.2 Applications and Attack Methods

Applications:

  • SWIFT (refer to some sharing materials on electronic payment basics)
  • IPsec
  • SSL/TLS

Attack methods:

  • Replay attacks
  • Key guessing attacks

7. Pseudo-Random Number Generation

Random numbers are needed in many places: generating keys, key pairs, initialization vectors, nonces, and salts. But software cannot generate truly random numbers - all software-generated numbers are pseudo-random.

image

There are several methods for generating pseudo-random numbers:

  • Random methods
  • Linear congruential method
  • One-way hash function method
  • Cryptographic method
  • ANSI X9.17

8. PGP

Skipped, refer to PGP: Pretty Good Privacy - Garfinkel Simson

9. Information Security Common Sense About Cryptographic Systems

  • Don’t use secret cryptographic algorithms
  • Using low-strength cryptography is more dangerous than not encrypting at all
  • Any cipher will eventually be broken
  • One-time pads are theoretically unbreakable, but in practice they are not used because they face key distribution problems, storage problems, reuse problems, synchronization problems, and generation problems.
  • Salt is mainly used to defend against dictionary attacks

0x02 Crypto Infrastructure

Here I’ll first introduce what features are needed for building general infrastructure, then add some details for each different type of facility. The diagram was drawn temporarily and includes different aspects involved in building a crypto infrastructure system. Below I’ll briefly introduce the blocks in the diagram.

image (drawn by author)

  • Integration (Application/System)

    • Logging Management
    • Monitoring Management
    • Identity Management
    • Access Management
    • etc…
  • Optimization (Tech/Operation/…)

    • Workflow & Pipeline
    • Support Template
    • HW/SW Performance
    • Scenario
    • etc …
  • Customer Service (Application/User/…)

    • Support Service
    • Self Service

After knowing what points to consider when building certain solutions, let’s look at what the general scope of crypto infrastructure looks like (drawn by author):

image

Taking PKI as an example (I previously summarized an article about CA/RA, and another one about HSM), after determining the PKI construction plan, design the logical and physical architecture, including integration with other systems/services (logging, monitoring, permissions, HSM, etc.). After the system is deployed and provides services, continue building integration services, such as providing support templates, customer service, and providing certain SDKs for other systems/applications to call. Different certificates generated by different functional CAs are provided to different applications or users. For example, can certificates provided to employees for accessing internal systems be pushed to employees’ laptops through MDM tools, as well as certificates on LBs for providing TLS services, and all places that need root certificates, etc. Try to optimize the repetitive work in daily operations.

Similarly, for HSM, KMS, or Secret Management, the approach is similar.

0x03 Summary

What you get on paper is superficial; you must practice to truly understand.

0x04 References