A system's cryptographic protection against attacks and malicious penetration is determined by two factors: (1) the strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).
Strong algorithms combined with poor key management are as likely to fail as poor algorithms embedded in a strong key management context.
This article wants to shed light on the cryptographic algorithms (the mechanisms, and protocols associated with the keys) and aims to provide an executive summary of what is to be considered when choosing cryptographic algorithms to secure a system. Our structure is based on NIST’s Special Publication 800-57 Part 1, Revision 4 – “Recommendation for Key Management, Part 1”. Initially written as a guideline for the application within U.S. government agencies for protecting sensitive, unclassified information - NIST’s work provides a valuable synthesis of best practices.
Narrowing the Pool of Algorithms
According to NIST, If cryptographic services are required, cryptographic algorithms that are either FIPS-approved or NIST-recommended must be used. These algorithms have undergone extensive security analysis and are constantly tested to ensure adequate security. Cryptographic algorithms will usually use cryptographic keys and when these algorithms need to be strengthened, it can often be done by using larger keys.
Classes of Cryptographic Algorithms
There are three general classes of NIST-approved cryptographic algorithms, which are defined by the number or types of cryptographic keys that are used with each.
A cryptographic hash function does not use keys for its basic operation. This function creates a small digest or “hash value” from often large amounts of data through a one-way process. Hash functions are generally used to create the building blocks that are used in key management and provide security services such as:
- Providing source and integrity authentication services by generating message authentication codes (MACs)
- Compressing messages for generating and verifying digital signatures
- Deriving keys in key-establishment algorithms
- Generating deterministic random numbers
Also referred to as a secret-key algorithm, a symmetric-key algorithm transforms data to make it extremely difficult to view without possessing a secret key.
The key is considered symmetric because it is used for both encrypting and decrypting. These keys are usually known by one or more authorized entities. Symmetric key algorithms are used for:
- Providing data confidentiality by using the same key for encrypting and decrypting data.
- Providing Message Authentication Codes (MACs) for source and integrity authentication services. The key is used to create the MAC and then to validate it.
- Establishing keys during key-establishment processes
- Generating deterministic random numbers
Also referred to as public-key algorithms, asymmetric-key algorithms use paired keys (a public and a private key) in performing their function. The public key is known to all, but the private key is controlled solely by the owner of that key pair. The private key cannot be mathematically calculated through the use of the public key even though they are cryptographically related. Asymmetric algorithms are used for:
- Computing digital signatures
- Establishing cryptographic keying material
- Identity Management
Security Services Provided by Cryptographic Algorithms
Various cryptographic algorithms can be used to provide specific security services. A single algorithm can frequently be used for multiple services.
A hash function is often a component of many cryptographic algorithms and schemes, including digital signature algorithms, Keyed-Hash Message Authentication Codes (HMAC), key-derivation functions/methods and random number generators. A hash function operates by taking an arbitrary, but bounded length input and generating an output of fixed length. This output is often referred to as hash, hash value, message digest or digital fingerprint. FIPS180 (Secure Hash Standard) and FIPS202 (Secure Hash Algorithm-3) define the approved hash functions.
Symmetric-Key Algorithms for Encryption and Decryption
Encryption provides confidentiality of data by transforming the “plaintext” into “ciphertext.” Decryption transforms ciphertext back to plaintext. AES and 3DES are the approved symmetric-key algorithms used for encryption/decryption services. 3DES is likely to be retired in the near future.
Advanced Encryption Standard (AES)
The AES is based on the Rijndael algorithm, which was invented by Cryptomathic’s previous chief cryptographer Vincent Rijmen together with his fellow researcher Joan Daemen.
AES encrypts and decrypts data using 128/192/256-bit keys into 128-bit blocks.
3DES / Triple DEA (TDEA)
3DES is a symmetric-key block cipher which applies the DES cipher algorithm three times to each data block. The official name as used by NIST is the Triple Data Encryption Algorithm (TDEA).
TDEA encrypts and decrypts data using three 56-bit keys into 64-bit blocks. TDEA has two additional variations:
Two-key TDEA (2TDEA) using 3 keys, however key 1 and key 3 are identical. This leads to 112 effective bits.
Three-key TDEA uses 3 different keys, leading to 168 bits. 2TDEA is widely used in the payment card industry as it provided a good trade-off of security and compute time.
However, evolving technology made it inappropriate to withstand attacks. As of December 21, 2015, 2TDEA can only be used for decryption purposes.
A comparative study (Alanazi et al., 2010), pointed out that even 3DES (also referred to as 3TDEA) is vulnerable to differential cryptanalysis.
The Advanced Encryption Standard (AES) proved itself to be much safer, being strong against differential cryptanalysis, but also against truncated differential or linear cryptanalysis as well as against interpolation and square attacks.
Modes of Operation for the application of AES and TDEA
Cryptographic modes of operation are algorithms which cryptographically transform data that features symmetric key block cipher algorithms, in this case AES and TDEA. The modes of operation solve the problems that occur with block-cipher encryption: when multiple blocks are encrypted separately within a message, that could allow an adversary to substitute individual blocks, often without detection. To alleviate this, NIST prescribes the combination of the applied algorithm with
- variable initialization vectors (special data blocks used in an initial step of the encryption and in the subsequent and corresponding decryption of the message) and/or
- feedback of the information that has been derived from the cryptographic operation.
Message Authentication Codes (MACs)
MACs can be used in providing authentication for the origin/source and integrity of messages. This cryptographic mechanism resolves the problem of adversaries altering messages by creating a MAC key that is shared by both the message originator and the recipient.
MACs Using Block Cipher Algorithms
This algorithm uses an approved block cipher algorithm, for example, AES or TDEA to further secure a MAC.
MACs Using Hash Functions
An approved hash function may also be used for computing a MAC.
Digital Signature Algorithms
Digital signatures are used with hash functions to provide source authentication, integrity authentication, and support for non-repudiation. The Digital Signature Algorithm (DSA), RSA algorithm and ECDSA algorithm are approved by FIPS 186 for use in generating digital signatures.
Key Establishment Schemes
Key transport and key agreement are two types of automated key establishment schemes that are used to create keys that will be used between communicating entities. The sending entity encrypts the keying material, which is then decrypted by the receiving entity.
Discrete Logarithm based Key-Agreement Schemes
Discrete logarithm based public-key algorithms rely on schemes that use finite field math or elliptic curve math. Ephemeral, static or both keys may be used in a single key-agreement transaction.
Key Establishment Using Integer-Factorization Schemes
Integer factorization based public-key algorithms are used for key establishment schemes where one party always has and uses a static key pair, while the other party may or may not use a key pair.
Security Properties of the Key-Establishment Schemes
It is not always practical for both parties to use both static and ephemeral keys with certain applications, even though using both types of keys in key-establishment schemes provides more security than schemes that use fewer keys.
Key Encryption and Key Wrapping
Key encryption further enhances the confidentiality and protection of a key by encrypting the said key. The process of key unwrapping then decrypts the ciphertext key and provides integrity verification.
Key confirmation provides assurance between two parties in a key-establishment process that common keying materials have been established.
Key Establishment Protocols
Protocols for key establishment specify the processing that is needed to establish a key along with its message flow and format.
RNGs (Random Number Generators)
RNGs are needed to generate keying material and are classified into two categories: deterministic and non-deterministic.
Understanding the three classes cryptographic algorithms (hash functions, asymmetric algorithms, symmetric algorithms) in the context of their scopes of application will help you to properly structure your planned solution towards your specific needs.
You should not neglect suitable key management to avoid open flanks in your system.
The good news is that in most parts of the world the described algorithms are accepted (if we ignore some politically inspired deviations like the GOST algorithm in Russia). However, the set of allowed algorithms might be narrowed down or surrounding frameworks might become mandatory, e.g., if an implementation shall comply with a specific European regulation or standard.
An international design perspective becomes important, especially when a company or institution wants to conduct secure communication in a global context.
Special thanks to Asim Mehmood for his edits and suggestions.
References and Further Reading
- Selected articles on Key Management (2012-16), by Ashiq JA, Chuck Easttom, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Matt Landrock, Peter Landrock, Steve Marshall, Torben Pedersen, Maria Stokes, John Trankenschuh and more
- NIST Special Publication 800-57 Part 1 Revision 4 Recommendation for Key Management Part 1: General (2016), by Elaine Barker, Computer Security Division Information Technology Laboratory, National Institute of Standards and Technology
- Trusted Computer System Evaluation Criteria ("The Orange Book") (1985), The U.S. Defence Department
- Predictions 2017: Customer-Obsessed Enterprises Launch Cloud’s Second Decade (November 2016)
- “Cybersecurity Incidents What Happened.” (2016), the United States Office of Personnel Management.
Image: "Hash Tag", courtesy of Michael Coghlan, (CC BY-SA 2.0)