Apr 28, 2021 - Category: Cybersecurity

Encrypted Data In The Cloud – The Future (1/2)

Data Breaches

We have seen numerous data breaches in recent years where sensitive data is leaked. Global data privacy and protection legislation is still poorly enforced, partially creating more confusion and misinterpretation. A new paradigm is needed so that third parties are not responsible for the 'keys of the kingdom' but rather individuals or organisations retain sole ownership of the decryption keys. Data Security and Data Privacy are two of the most commonly cited issues with Cloud Computing. There exists a genuine fear amongst many that Cloud Service Providers (CSPs) mine and exploit customer data for their own means (including the sharing of customer data with other third parties). To alleviate these fears, CSPs introduced support for data encryption. Whilst encryption is synonymous with data security, the matter in which it is utilised by CSPs fails to offer absolute security.

Encryption

As used in its traditional form, encryption guarantees the security of data-in-transit and data-at-rest; however, it must be decrypted once received or retrieved from storage in order to allow any type of computation to be performed on it. In order to retain the ability to process encrypted customer data, CSPs require access to the associated decryption keys. Such keys may be stored on the premises of the CSP or forwarded to the CSP by the customer whenever they require access to their data. Whilst this approach goes some way towards addressing the data security and privacy fears associated with the cloud, it is not considered truly secure by virtue of the fact that customers must disclose their decryption keys. This is not a workable solution when the entire world is moving their data into the cloud.

A Brief History Of Modern Cryptography

The history of modern cryptography dates back to the early 20th century, where various devices and aids were used for encryption. During World War II, several mechanical devices were invented for performing encryption, this included rotor machines, most notably the Enigma cipher. The ciphers implemented by these machines brought about a significant increase in the complexity of cryptanalysis. The art of cryptography actually reaches back as far as 1900 BC when an Egyptian scribe used a derivation of hieroglyphics to communicate. Throughout history there have been many people responsible for the growth of cryptography, many of these were quite famous and one of them was Julius Caesar. He used a substitution of characters and just moved them about. Another historical figure who used and changed cryptography was Thomas Jefferson. He developed a wheel cipher that was made back in 1790. This cipher was then to be used to create the Strip cipher, which was used by the US Navy during the Second World War. Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. Substitution ciphers preserve the order of the plaintext symbols but disguise them. Transposition ciphers, in contrast, reorder the letters but do not disguise them. Plaintext is the common term for the original text of a message before it has been encrypted

Other attempts included tattooing messages onto a person's head, waiting for the hair to grow and then sending them onwards. We wonder what the bandwidth was in that system? Kids of course learn to use the Caesar Cipher which simply is there to substitute say a 'B' for an 'A' and a 'C' for a 'B' on so on but of course that is just to teach kids how substitution ciphers work. Our favourite example of cryptography is Code Talkers. This is a term used to describe people who talk using a coded language. The most famous example is the 400 Native American Marines who served in the United States Marine Corps whose job was the transmission of secret tactical messages. Code talkers transmitted their messages over military telephone or radio communications nets using formal or informally developed codes built upon their native languages. Because Navajo has a complex grammar, it is not nearly mutually intelligible enough with even its closest relatives within the Na-Dene family to provide meaningful information, and was at this time an unwritten language. Navajo answered the military requirement for an indecipherable code. Using a substitution method similar to the Navajo, the Comanche code word for tank was "turtle", bomber was "pregnant airplane", and machine gun was "sewing machine“. You see, people have understood the need to protect information for many years.

It is actually possible to devise a code so strong that it is absolutely unbreakable. It is called a One-Time Pad. The sender and receiver each need identical copies of the one-time pad, which consists of a very long totally random string of letters from the alphabet. You could for instance choose the works of Shakesphere or any other random book. Since a key word does not end before the message is concluded - no cycle of ciphers. Also as each individual letter in the key word is random, and bears no relation to any other letter, the string that is transmitted is itself a totally random string. After the message is transmitted, the sender destroys the pad, as does the receiver after he has deciphered the message. Even the lengths of individual words can be masked, symbols like punctuation marks and spaces can themselves be given a symbol in an augmented alphabet. The only thing you have to ensure is that the “enemy” does not figure out which 'pad' (book in this case) you were using. A one-time padded message cannot be broken, because every possible plaintext message is an equally probable candidate, the message can only be decrypted by someone who knows the correct key. There are certain disadvantages to this: For example, the key must be at least as long as the bit string to be encrypted. Since the key will be a long random bit string, it would be very difficult to memorise, so both the sender and the receiver will need written copies of the key, and having written copies of keys is a security risk if there is any chance of the key falling into the wrong hands.

Another interesting area is steganography. Computer-based steganography allows changes to be made to what are known as digital carriers such as images or sounds. The changes represent the hidden message, but result, if successful, in no discernible change to the carrier. The information may have nothing to do with the carrier sound or image or it might be information about the carrier such as the author or a digital watermark or fingerprint. Cryptography and steganography are different however. Cryptographic techniques can be used to scramble a message so that if it is discovered it cannot be read. If a cryptographic message is discovered it is generally known to be a piece of hidden information (anyone intercepting it will be suspicious) but it is scrambled so that it is difficult or impossible to understand and decode. Steganography hides the very existence of a message so that if successful, it generally attracts no suspicion at all. Using steganography, information can be hidden in carriers such as images, audio files, text files, videos and data transmissions. When the message is hidden in the carrier, a stego-carrier is formed, for example a stego-image. Hopefully it will be perceived to be as close as possible to the original carrier or cover image by the human senses. Images are the most widespread carrier medium, they are used for steganography in the following way: The message may firstly be encrypted. The sender (or embedder) embeds the secret message to be sent into a graphic file (the cover image or the carrier). This results in the production of what is called a stego-image. Additional secret data may be needed in the hiding process, e.g. a stego key. The stego-image is then transmitted to the recipient, the recipient (or extractor) extracts the message from the carrier image. The message can only be extracted if there is a shared secret between the sender and the recipient.

These examples are historical and none of them solves the problem of securing data in the cloud.

The Second Wave - Symmetric Encryption

Symmetric encryption is also referred to as conventional encryption. It relies on a secret key or single key for encryption. It has five ingredients: Plaintext - encryption algorithm - secret key – ciphertext - decryption algorithm. Encryption is computationally secure if the cost of breaking the cipher exceeds the value of the information. It can usually be difficult to estimate the amount of effort required to break it but we can estimate the time/cost of a brute-force attack.

An example of a symmetric encryption algorithm is the Data Encryption Standard (DES). It is a minor variation on a Feistel Network. It was adopted in 1976 with a block size of 64 bits and a key length of 56 bits (any 56-bit string can be a DES key). The symmetric block cipher consists of a sequence of rounds with substitutions and permutations controlled by keys. It is not considered secure for quite some time.

In 1997, The National Institute for Standards in Technology (NIST) requested proposals for a new Advanced Encryption Standard (AES) to replace DES. This was a block cipher. NIST required that the algorithm be (1) a symmetric key cryptosystem, (2) a block cipher, (3) capable of supporting a block size of 128 bits. It is also capable of supporting key lengths of 192 and 256 bits and is available on a worldwide, non-exclusive and royalty-free basis.

After eight months of analysis and public comment, NIST eliminated DEAL, Frog, HPC, Loki97, and Magenta as they had major security flaws and were among the slowest algorithms submitted. Crypton, DFC, E2, and SAFER+ had minor security flaws along with CAST-256 for other unimpressive characteristics on the other evaluation criteria. Five candidates, MARS, RC6, Rijndael, Serpent, and Twofish, advanced to the second round but the Rijndael algorithm was finally the winner due to its adequate security margin, fast encryption, decryption, and key setup speeds, as well as low RAM and ROM requirements. Rijndael is a symmetric key block cipher with block sizes of 128, 192, or 256 bits (key lengths are 128, 192, or 256 bits). It performs several rounds of operations to transform each block of plaintext into a block of ciphertext, the actual number of rounds depends on the block size and the length of the key: Nine regular rounds if both the block and key are 128 bits, eleven regular rounds if either the block or key are 192 bits, thirteen regular rounds if either the block or key is 256 bits. There is one, slightly different, final round performed after the regular rounds.

There are also stream ciphers. Considerations for stream ciphers include the following:

  1. The encryption sequence should have a large period. A pseudorandom number generator uses a function that produces a deterministic stream of bits that eventually repeats. The longer the period of repeat, the more difficult it will be to do cryptanalysis.
  2. The keystream should approximate the properties of a true random number stream as close as possible. For example, there should be an approximately equal number of 1s and 0s. If the keystream is treated as a stream of bytes, then all of the 256 possible byte values should appear approximately equally often, i.e. confusion/diffusion (by Shannon).
  3. With a properly designed pseudorandom number generator, a stream cipher can be as secure as a block cipher of comparable key length. The primary advantage of a stream cipher is that stream ciphers are almost always faster and use far less code than block ciphers do.
  4. The advantage of a block cipher is that you can reuse keys. However, if two plaintexts are encrypted with the same key using a stream cipher, then cryptanalysis is often quite simple. If the two ciphertext streams are XORed together, the result is the XOR of the original plaintexts. If the plaintexts are text strings, credit card numbers, or other byte streams with known properties, then cryptanalysis may be successful.

These algorithms transform plaintext into ciphertext but alone without a proper framework, they are not sufficient for security especially when it comes to data residing on third party servers in the cloud.