Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
75 Cards in this Set
- Front
- Back
|
Authentication |
Guarantees that the message is not a forgery and does actually come from whom it states. |
|
|
Integrity |
Guarantees that no one intercepted the message and altered it; similar to a checksum function in a frame. |
|
|
Confidentiality |
Guarantees that if the message is captured, it cannot be deciphered. |
|
|
authentication with protocols, |
hash message authentication code (HMAC) |
|
|
confidentiality is ensured through symmetric encryption algorithms |
Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES). |
|
|
transposition ciphers |
no letters are replaced; they are simply rearranged. |
|
|
Substitution ciphers |
substitute one letter for another. In their simplest form, substitution ciphers retain the letter frequency of the original message. |
|
|
Caesar cipher |
referred to as a monoalphabetic substitution cipher. |
|
|
Brute-force method |
The attacker tries every possible key knowing that eventually one of them will work. |
|
|
Ciphertext method |
The attacker has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext. |
|
|
Known-Plaintext method |
The attacker has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext. |
|
|
Chosen-Plaintext method |
The attacker chooses which data the encryption device encrypts and observes the ciphertext output. |
|
|
Chosen-Ciphertext method |
The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext. |
|
|
Meet-in-the-Middle method |
The attacker knows a portion of the plaintext and the corresponding ciphertext. |
|
|
Cryptography |
the development and use of codes |
|
|
Cryptanalysis |
the breaking of those codes |
|
|
integrity |
md5 sha |
|
|
authentication |
hmac-md5 hmac-sha-1 rsa and dsa |
|
|
confidentiality |
des 3des aes |
|
|
hashing is vulnerable to |
man-in-the-middle attacks and does not provide security to transmitted data. |
|
|
Keyed MD5 (HMAC-MD5) |
it provides a marginal but acceptable security level |
|
|
Keyed SHA-1 (HMAC-SHA-1) |
Based on the SHA-1 hashing algorithm, it provides adequate security. |
|
|
key generation |
key generation is usually automated and not left to the end user. |
|
|
key verification |
weak keys can be identified and regenerated to provide a more secure encryption. |
|
|
key exchange |
Key management procedures should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party |
|
|
key storage |
On a modern multi-user operating system that uses cryptography, a key can be stored in memory. |
|
|
key lifetime |
Using short key lifetimes improves the security of legacy ciphers that are used on high-speed connections. |
|
|
key revocation and destruction |
Revocation notifies all interested parties that a certain key has been compromised and should no longer be used. Destruction erases old keys in a manner that prevents malicious attackers from recovering them. |
|
|
key length/size |
the measure in bits. |
|
|
keyspace |
This is the number of possibilities that can be generated by a specific key length. |
|
|
Symmetric keys |
Can be exchanged between two routers supporting a VPN same pre-shared key des, 3des, aes, idea, rc2/4/5/6 and blowfish |
|
|
Asymmetric keys |
Are used in secure HTTPS applications different keys to encrypt and decrypt data RSA, ElGamal. elliptic, curves and DH |
|
|
Digital signatures |
Are used when connecting to a secure website |
|
|
Hash keys |
Are used in symmetric and asymmetric key generation, digital signatures, and other types of applications |
|
|
Block Ciphers |
transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits |
|
|
stream ciphers |
encrypt plaintext one byte or one bit at a time |
|
|
Data Encryption Standard (DES) |
operates in block mode by encrypting data in 64-bit blocks
The key is 64-bits long, but only 56 bits are used for encryption |
|
|
Cipher Block Chaining Mode |
block cipher mode the encryption of each 64-bit block depends on previous blocks. |
|
|
3des |
key size 112 and 168 bits low speed symmetric 3DES-Encrypt-Decrypt-Encrypt |
|
|
AES |
high speed symmetric key sizes: 128, 192, 256 resource consumption: low |
|
|
SEAL |
Stream cipher 160 bit key size router must support ipsec to run router must support k9 (encryption) high speed resource consumption: low |
|
|
RC2 |
This is a variable key-size block cipher that was designed as a “drop-in” replacement for DES. key size in bits: 40 and 64 |
|
|
RC4 |
This algorithm is a variable key-size Vernam stream cipher that is often used in file encryption products and for secure communications,
key size in bits: 1 to 256 |
|
|
RC5 |
This is a fast block cipher that has a variable block size and key length. key size in bits: 0 to 2048 |
|
|
RC6 |
a 128-bit to 256-bit block cipher that was designed by Rivest, Sidney, and Yin key size in bits: 128, 192, or 256 |
|
|
DH |
asymmetric key sizes: 512, 1024, 2048, 3072, 4096 slow speed resource consumption: medium used for ipsec vpns, ssl, tls, ssh |
|
|
Internet Key Exchange (IKE), |
which is a fundamental component of IPsec VPNs. |
|
|
Secure Socket Layer (SSL) |
which is now implemented as IETF standard TLS. |
|
|
Secure Shell (SSH) |
which is a protocol that provides a secure remote access connection to network devices. |
|
|
Pretty Good Privacy (PGP) |
which is a computer program that provides cryptographic privacy and authentication and is often used to increase the security of email communications. |
|
|
characteristics of asymmetric keys: |
The typical key length is 512 to 4,096 bits. Key lengths greater than or equal to 1,024 bits can be trusted. Key lengths that are shorter than 1,024 bits are considered unreliable for most algorithms. |
|
|
Public Key (Encrypt) + Private Key (Decrypt) = |
Confidentiality |
|
|
Private Key (Encrypt) + Public Key (Decrypt) = |
Authentication |
|
|
Digital signature standard (DSS) and Digital Signature algorithm (DSA) |
key length in bits: 512 - 1024 |
|
|
RSA encryption algorithms |
key length in bits: 512 -2048 |
|
|
EIGamal |
key length in bits: 512 -1024 |
|
|
Elliptical curve techniques |
key length in bits: 160 |
|
|
Code signing |
Used to verify the integrity of executable files downloaded from a vendor website. |
|
|
Digital certificates |
Used to verify the identity of an organization or individual to authenticate a vendor website and establish an encrypted connection to exchange confidential data. |
|
|
Nonrepudiation |
The recipient can take the data to a third party, and the third party accepts the digital signature as a proof that this data exchange did take place. |
|
|
Digital Signature Algorithm (DSA) |
DSA is the original standard for generating public and private key pairs, and for generating and verifying digital signatures. |
|
|
Rivest-Shamir Adelman Algorithm (RSA) digital signature algorithm |
RSA is an asymmetric algorithm that is commonly used for generating and verifying digital signatures. |
|
|
Elliptic Curve Digital Signature Algorithm (ECDSA) |
ECDSA is a newer variant of DSA and provides digital signature authentication and non-repudiation with benefits of computational efficiency, small signature sizes, and minimal bandwidth. |
|
|
SPA |
S: Stands for digitally signed software. P: Stands for a production image. A: Indicates the key version used to digitally sign the image. |
|
|
PKI certificate |
Certificates contain an entity’s or individual’s public key, its purpose, the CA that validated and issued the certificate, the date range during which the certificate can be considered valid, and the algorithm used to create the signature. |
|
|
PKI Certificate authority |
The CA is a trusted third party that issues PKI certificates to entities and individuals after verifying their identity. It signs these certificates using its private key. |
|
|
Certificate Database |
The certificate database stores all certificates approved by the CA. |
|
|
PKI X.509 (PKIX) workgroup, |
dedicated to promoting and standardizing PKI on the Internet |
|
|
PKCS |
Public-Key Cryptography Standards refers to a group of Public Key Cryptography Standards devised and published by RSA Laboratories. |
|
|
commonly used PKI communication protocols used in VPN PKI enrollment. |
PKCS #7 and PKCS #10 standards |
|
|
Simple Certificate Enrollment Protocol (SCEP |
make issuing and revocation of digital certificates as scalable as possible. The goal of SCEP is to support the secure issuance of certificates to network devices in a scalable manner using existing technology whenever possible. |
|
|
Cross-certified CA topologies |
this is a peer-to-peer model in which individual CAs establish trust relationships with other CAs by cross-certifying CA certificates. |
|
|
Hierarchical CA topologies |
the highest level CA is called the root CA. It can issue certificates to end users and to a subordinate CA. |
|
|
Registration Authority (RA). |
responsible for the identification and authentication of subscribers, but does not sign or issue certificates. |
|
|
RA may handle three specific tasks: |
Authentication of users when they enroll with the PKI Key generation for users that cannot generate their own keys Distribution of certificates after enrollment |
