Before we take a look at the available security IP out there, a few definitions are in order:
- Cipher: This is the algorithm for encrypting and decrypting data. Ciphers rely on symmetric or asymmetric key algorithms.
- Symmetric key algorithm (private key): The sender and receiver of the target data have a shared key known only to them and no one else. Both the sender and receiver use the same key, or one key is derived from the other.
- Asymmetric key algorithm (public key): Two keys are required by each party sharing data—a public key that is normally published, and a private key, which is only known to the receiver. The keys are mathematically related, but one key can not practically be derived from the other.
- Authentication: This is the process of protecting data integrity so you can determine if it was altered after it was generated. A cryptographic “tag” is typically generated and appended to the message, similar to a checksum, which can be checked on receipt to make sure it still agrees with the received data.
- Origin Authentication: This is the process of digitally verifying a sender, normally using an asymmetric cipher. A digital signature is an example application of origin authentication.
- Plaintext: Plaintext is unencrypted text. Encrypted text is called “ciphertext.”
- Block cipher: This symmetric key cipher operates on groups of plaintext bits called blocks that are typically fixed to 64 or 128 bits each. This differs from a stream cipher, in which plaintext is encrypted one digit or letter at a time.
- Cryptanalysis: This is the method and process of interpreting (decrypting or breaking) or attempting to interpret encrypted data without knowledge of the secret key. For example, brute force may be used to try every possible key combination. Or, the ciphertext may be analyzed to determine patterns.
- Side-channel attack: This kind of attack focuses on the “black box” that takes plaintext as input and produces ciphertext as output. It is a hardware-based vulnerability that attempts to exploit control signals, timing information, power-consumption statistics, electromagnetic noise, and even sound to gain knowledge of the required key. Even the most “cryptographically sound” cipher is vulnerable to this form of attack unless a truly unique and single-use key algorithm is employed, such as a one-time pad, which normally isn’t practical.
- True and pseudorandom number generator (TRNG and PRNG): Random numbers often are required for key generation and other cryptographic applications. TRNG algorithms rely on physical randomness in hardware, such as the noise generated by a diode, to generate truly random and uniformly distributed numbers. Deterministic and normally software generated, PRNGs often use an operating-system random number generator for the seed value.