15. Ephemeral, PFS, Homomorphic
In this video, I’m going to be talking about ephemeral, perfect forward secrecy and homomorphic encryption. Let’s get started. So there’s something called perfect forward secrecy. And here’s what this is. Perfect forward secrecy means that every time you generate a new, for example, SSL session, we’re going to be generating a new key and we’re going to change the key. We’re basically at a new key every session. Now, why would you want that? Because, you see, if you keep using the same key and attackers were ever able to get the key, then they could keep decrypting your data over and over and over. Now the word Ephemeral basically means that to get a new key, every session needs to change the key.
The word perfect forward secrecy will use this to ensure that every time we start a new SSL session, for example, using SSL, I’m sorry, TLS not SSL, or you could say SSL 3. 1 using TLS 1. 2 and above, and you enable something like DeFi Hellman that supports Ephemeral keys, you’re basically going to get perfect forward secrecy. That means that every time you start up a new SSL session, you’re going to have a different key. Now this is important because even if they were to compromise the key that you’re using to do this session, the next time you start a brand new session, you’ll have a different key, they have to start again. This drastically increases the security of encryption. The other thing I want to talk about here is going to be homomorphic encryption. Now this is a very good way of passing secure data without actually passing secure data. So here’s the problem.
Imagine you get a hospital that has a lot of patient information and then you have a researcher that says, I want to do research on the number of patients that had heart disease or cancer. So the researcher says, okay, give me your data. And the hospital says, I can’t because the data is considered phi or personal health information and I can’t give you that. So not a researcher can’t actually work on the data. The researcher may say, I need to do some type of research to see if heart disease is going up or the age range of it, or how much people are getting lung cancer and whatnot. So what they do is they use a homomorphic encryption. And what this does is this encrypts the data, but it could still be used for analytical purposes. So it encrypts the data in a way that could still be analyzed. Now the researcher will take that data and analyze this quote unquote encrypted data.
Now it is fully encrypted and it generally cannot be decrypted, but the data is in a format that is still usable. So homomorphic encryption basically encrypts data to the point where it’s, where it basically is very hard to decrypt. It close to impossible just to get the other encryption schemes, but it is still analyzable. I should say. Is that a word? Analyzable. You can still analyze the data for statistical reasons. Okay, so know these terms for your exam. Let’s keep going.
16. Cipher Modes
In this video, I’m going to be talking about modes of operation when it comes to encryption. Now, you don’t need to go through all the different modes, and there’s quite a few. We’ll talk modes such as cipher blockchaining. There’s also one called counter mode. And electronic codebook are really the two that we’re going to look at. And I’ll show you what this actually does and mean. Now, what this is, is how the data is being encrypted, the process of how it’s encrypted blocks after blocks or stream of stream of data. Let’s take a look at how this works.
So I’m going to just use a Wikipedia article since it has all the image in my handwrite and it’s really bad. So we’re going to type in here, cipher modes. And here we go. So the first one up here I have and I’m going to show you guys. I’m going to scroll down on this Wikipedia article. What I want to show you guys is this thing, this is called electronic codebook. Now, electronic codebook is a mode of operation. And what this is telling me is it’s showing me how the data is being encrypted. So this is known as ECB. So what electronic codebook does is that it takes data and it breaks it down to blocks and then it encrypts every single block. This is the most simplest way to encrypt data. So take, for example, let’s say you get a file that’s 1 MB. So 1 MB is 1 million bits.
So if you’re using an encryption algorithm such as AES, that breaks it down to 128 bit blocks. Basically it takes this 1 million bits and it divides this by 128. So that’s how many blocks you’re going to have. Then it takes each block, it takes the key, and the algorithm encrypts every single block. And that’s what you’re seeing here. So each one of these represents a block. So here is a block of plain text. Then it takes a cipher text, right? It encrypts it to get the cipher text using the key. And then it does the next block. Then it does the next block. So this keeps on happening over and over. So it’s basically encrypting it every single block. Now this has a problem. Electronic codebook has a problem. And the problem is because the key is the same and it’s just encrypted blocks, and the blocks are relatively small. When large amounts of data is used, it doesn’t affect the pattern. So data patterns, it doesn’t hide any data patterns. And the patterns will be visible in the plain text. And they show you that in this image. Here’s, the original image of the ping ring. But when you encrypted with ECB, you’re basically left with a penguin that still looks like a penguin. Now the other modes that are encrypted, there’s one called CBC and CTR, which is known as counter mode or cipher blockchain. And this here will not show patterns now to illustrate this, the way cipher blockchain works. So here’s cipher blockchain. Let’s take a look here at the top here. So what this does is that it chains it together. So here’s how this works.
You take the plain text along with an IV and then you encrypt this, right? You width the algorithm, you get the ciphertext. But here’s what you’re going to do. You’re going to take this cipher text and you’re going to export it with the next block of plain text and then encrypt that to get cipher text. And take this cipher text and exort with the next block of plain text to get more ciphertext. Then you can take this cipher text and exorbit with the next block of plain text. Basically what it’s telling us is that one block of plain text is exhorted with a previous block of ciphertext. This creates a chain.
What this does is there’s no pattern. And what this does is that in order to defeat this, you’d have to guess the key and decrypt the whole thing going backwards. This really helps to help security algorithm. The other one I want to talk about is something called Counter Mode or CTR. So Counter Mode is when they take a block cipher and emulate it to create or to emulate it to create what’s known as a stream cipher. Block cipher. Counter modes are best used on devices that doesn’t have a lot of process and power because it’s basically emulator and are turning itself into what seems like a stream cipher. So remember that for your exam. Counter Mode basically turned block ciphers into stream ciphers. They emulate stream ciphers. What they do is they add an IV and a counter value. Okay, you don’t need to go into the specifics for it for your exam, and this is really all you need to know for your exam.
17. Lightweight cryptography
In this video, I’m going to be talking about lightweight cryptography. So let’s talk about IoT devices and why IoT devices has a problem in today’s world of encryption. You see, in today’s world of encryption, 128 bit, 2048 bitfires, a 128, 256 AES encryption. While those bits may not seem like a lot and you don’t really notice encryption happening on your computers because we’re so accustomed to using really powerful systems on our desktops and our laptops. But when you have a really small IoT device such as a sensor somewhere or some RFID card reader, you’re very limited to the amount of CPU and Ram you’re going to have on these devices.
So this brings up this topic of what is known as lightweight cryptography. So lightweight cryptography is basically cryptography that is done where it doesn’t require a lot of CPU power, a lot of Ram and power consumption to be done in order to offer good security. And as the world moves more towards IoT devices, as we start to use it more in our lives, which we’ve probably using it a lot already, we’re going to need this in order to move forward. Now, this is really an emerging field of cryptography, and it hasn’t really been finalized yet. The federal government hasn’t come out and published and say, here is a set of algorithms that we can use on these IoT devices, and I’ll show you what I mean. So as of this particular video here is NIST basically calling for a project where they say for lightweight cryptography. And what they’re doing is there has been submissions into NIST so they can be assessed. So cryptographers are submitting cryptographic algorithms that we could use for lightweight cryptography. Right now, in this ascent, they received 57 submissions to be considered for standardization. Again, there isn’t any as of this video. This video being produced in November of 2020. So they said they got about 57.
They selected 56 were selected for round one. And then they’re going to go into a round two where they’re going to be more analyzed, and they plan to announce the finalists before the end of December 2020 as the finalists. This is going to be something that’s going to be ongoing for a few more years until they come up with a more standardized, like how we have AES as the standards for encryption that we use today from this saying, hey, that’s the algorithm we should use. Give it some time. And in the world of lightweight cryptography, eventually we’re going to find out which algorithm, which algorithm we’re going to be using in lightweight cryptography.