At this point, I’m sure you’ve all heard about Apple’s on-going fight with the FBI over allowing backdoors into iPhones.  In the world of cyber security, encryption, and privacy, this is the battle that will set the tone for the impending war.  I have an enormous amount of respect for Apple’s CEO, Tim Cook.  In an email to his employees, Cook says:

“This case is about much more than a single phone or a single investigation, so when we received the government’s order we knew we had to speak out. At stake is the data security of hundreds of millions of law-abiding people, and setting a dangerous precedent that threatens everyone’s civil liberties”

Respect, bro… mad respect.  Apple has held strong throughout the years and has never unlocked an iPhone for the government.  This strong statement from such a respected leader in the technology industry has made him an icon for encryption and privacy.

So what would we like to accomplish in this article?

  1. A basic understanding of encryption
  2. How encryption is used in our daily lives
  3. How this all ties in to Apple Vs. FBI
  4. Try not to go on a political rant about privacy

Let’s get started.

What Is Encryption?

Encryption, at its most basic definition, is the conversion of plaintext data into ciphertext data which cannot be easily understood by anyone except authorized parties.  There are many different encryption algorithms, but there are two different methods of encryption:

Steam Ciphers: data, read as bits, are fed into the cipher in their readable pattern and encrypted one at a time.  This is usually done by using an XOR (exclusive-or) operation.  This type of cipher can work at a very high rate of speed.

Block Ciphers: data is broken into blocks of bits and fed into the cipher.  This is usually done in blocks of 64 bits at a time. Each block is encrypted using a key, and uses methods such as substitution or transposition.  These algorithms are considered simpler and slower than steam ciphers.

On top of the methods of encryption, we also need to learn about the difference between symmetric and asymmetric encryption.  This has to do with what keys are used to encrypt/decrypt data as opposed to the way data is encrypted.

Symmetric Encryption: This can also be referred to as single key or shared key encryption.  Symmetric encryption uses one key to encrypt and decrypt data.  So long as both of the sender and receiver have/know the secret key, communication can be encrypted between the two of them.  This method has great simplicity, and makes encryption very fast and easy.  But key management/distribution, as well as scalability, becomes increasing difficult.  Some symmetric encryption algorithms are listed below:

Algorithm Key Size (bits) Notes
DES 56 Out-dated due to small key size
3DES 168 Can use up to 3 keys in a multiple encryption method
AES 128/192/256 Replaced 3DES, much faster than DES and 3DES
IDEA 128 Originally used in PGP 2.0, used mainly in Europe
Twofish 256 Block cipher, used key size up to 256 bits
Blowfish 32 – 448 Fast block cipher, replaced by AES. Considered public domain
RC (Rivest Cipher) Up To 2040 Several version from RC2 to RC6

Asymmetric Encryption: This came about due to the inherent problem in using one key to encrypt and decrypt data.  Asymmetric encryption uses 2 keys, a public key and private key.  These key pairs are generated together, with one key used to encrypt the data and the other used to decrypt the data.  For example,  let’s say Bob is trying to send a message to Alice.  Bob will encrypt the message using Alice’s public key, and Alice will decrypt the message using her private key.  A diagram is shown below:

asymmetric

One thing to note is that each key is not specifically designated to encrypt on decrypt.  Data encrypted with one key (whether is the private or public key) can be decrypted using the other.  Some examples of asymmetric algorithms are shown below:

Algorithm Notes
Diffie-Hellman Used as a key exchange protocol (SSL and IPSec)
Elliptic Curve Cyptosystem Uses points of elliptic curve/logarithmic problems for encryption and signatures. Less processing power = good for mobile devices.
El Gamal Uses solving discrete logarithm problems for encryption/digital signatures.
RSA Encryption through the use of two large prime numbers.  Factoring these numbers creates key sizes up to 4096 bits.

I guess we should also go over hashing functions since it falls under this category.

Hashing Algorithms: a one-way mathematical function that takes an input and outputs a fixed length string.  Hashing functions are primarily used to verify the integrity of a piece of data, but are also used in protection of passwords.  These functions are prone to collisions, which means that two or more given files (pieces of data) result in the same hashed output.  Some examples of hashing functions are shown below:

Algorithm Output Bits Notes
MD5 128 Originally popular for ensuring file integrity.  Serious flaws.
SHA-1 160 Developed by the NSA.  Serious flaws.
SHA-2 224/256/384/512 Holds four separate hash functions, designed to replace SHA-1

We could dive into PKI, digital certificates, and digital signatures but I’ll save you all the pain (for now). By now you should have a basic understanding of cryptography, and we can give into more fun topics.

How Is Encryption Used?

Believe it or not, cryptography is used all around you. It’s the most necessary piece of the privacy puzzle. If you have an iPhone, all of your iMessages are protected by encryption. All of your bank account/credit card information is protected by encryption. Even when you visited my blog, the traffic is protect by encryption.

With a world full of malicious hackers trying to break into anything and everything, encryption is necessary to protect your sensitive data and privacy. Lord forbid an attacker breaches your bank and your credit card number and social security number are sitting there in plain text.

So what’s up with this whole Apple Vs. the FBI thing? Well it’s not horribly complicated now that we know a bit about encryption. Basically, the FBI wants to put backdoors in Apple’s iPhones so that they can bypass the encryption protecting a user’s iMessages. What’s a backdoor, you might be asking yourself. Well it’s just what it sounds like:

Backdoor: an often secret method of bypassing normal authentication to a system. In the case of a cryptosystem, this would allow access to plain text data.

The FBI’s motivation is good in nature. They believe this will allow them to help prevent terrorist attacks like the one in San Bernardino. But we have to look at the full picture here. I’ll keep my personal opinions out of this, but I think the obvious threat is a malicious party exploiting that built in backdoor. Wouldn’t you love the fame and glory of being the first hacker to exploit the FBI’s new toy?

I’ll stop here before I launch into a massive rant. As always, thanks for reading. See you again next time.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Jean Fleury

Naval officer, privateer, cyber security professional. Traded in my five-ship squadron for a computer and Burp Suite license.

Category

Information Security Profession

Tags

, , , ,