Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
251 Cards in this Set
- Front
- Back
|
define Cryptography
|
Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered a science of protecting information by encoding it into an unreadable format. Cryptography is an effective way of protecting sensitive information as it is stored on media or transmitted through untrusted network communication paths.
|
|
|
NOTE Cipher is another term for algorithm.
|
NOTE Plaintext is the readable version of a message. After an encryption process, the resulting text is referred to as ciphertext.
|
|
|
define Cryptanalysis
|
Cryptanalysis is the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes,
and reverse-engineering algorithms and keys. Cryptanalysis is an important piece of cryptography and cryptology. When carried out by the “good guys,” cryptanalysis is intended to identify flaws and weaknesses so developers can go back to the drawing board and improve the components. It is also performed by curious and motivated hackers, to identify the same types of flaws, but with the goal of obtaining the encryption key for unauthorized access to confidential information. |
|
|
NOTE Cryptanalysis is a very sophisticated science that encompasses a wide variety of tests and attacks. We will cover these types of attacks at the end of this chapter. Cryptology, on the other hand, is the study of cryptanalysis and cryptography.
|
note:
The algorithm, the set of rules also known as the cipher, dictates how enciphering and deciphering take place. Many of the mathematical algorithms used in computersystems today are publicly known and are not the secret part of the encryption process. |
|
|
define Cryptosystem
|
Hardware or software implementation of cryptography that transforms a
message to ciphertext and back to plaintext. |
|
|
define Key
|
Secret sequence of bits and instructions that governs the act of encryption and
decryption. |
|
|
define keyspace
|
a range of values that can be used to construct a key. When the algorithm needs to generate a new key, it uses random values from this keyspace.
|
|
|
A cryptosystem encompasses all of the necessary components for encryption and decryption to take place. Pretty Good Privacy (PGP) is just one example of a cryptosystem. A cryptosystem is made up of at least the following:
|
• Protocols
• Algorithms • Keys • Software |
|
|
what is Kerckhoffs’ Principle
|
Auguste Kerckhoffs published a paper in 1883 stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known. He asserted that if security were based on too many secrets, there would be more vulnerabilities to possibly exploit.
|
|
|
Larger keyspaces permit what
|
a greater number of possible key values.
|
|
|
The strength of an encryption method comes from
|
the algorithm, the secrecy of the key, the length of the key, the initialization vectors, and how they all work together within the cryptosystem. When strength is discussed in encryption, it refers to how hard it is to figure out the algorithm or key, whichever is not made public.
|
|
|
The goal when designing an encryption method is what
|
to make compromising it too expensive or too time-consuming. Another name for cryptography strength is work factor, which is an estimate of the effort and resources it would take an attacker to penetrate a cryptosystem.
|
|
|
Algorithm
|
Set of mathematical rules used in encryption and decryption
|
|
|
|
Restricting and controlling subject and object access attempts
|
|
|
Define • Access control
|
Restricting and controlling subject and object access attempts
|
|
|
Define Work factor
|
Estimated time, effort, and resources necessary to break a cryptosystem
|
|
|
Define Receipt
|
Acknowledgment that a message has been received
|
|
|
Define Plaintext
|
Data in readable format, also referred to as cleartext
|
|
|
Define Keyspace
|
A range of possible values used to construct keys
|
|
|
Define Key clustering
|
Instance when two different keys generate the same ciphertext from the same plaintext
|
|
|
Define Key
|
Secret sequence of bits and instructions that governs the act of encryption and decryption
|
|
|
Define Decipher
|
Act of transforming data into a readable format
|
|
|
Define Entity
|
authentication Proving the identity of the entity that sent a message
|
|
|
Define Encipher
|
Act of transforming data into an unreadable format
|
|
|
Define Data origin authentication
|
Proving the source of a message (systembased authentication)
|
|
|
Define Cryptology
|
The study of both cryptography and cryptanalysis
|
|
|
Define Cryptanalysis
|
Practice of breaking cryptic systems
|
|
|
Define Cryptosystem
|
Hardware or software implementation of cryptography that transforms a message to ciphertext and back
|
|
|
Define Cryptography
|
Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals
|
|
|
Define Cipher
|
Another name for algorithm
|
|
|
Define one-time pad
|
is a perfect encryption scheme because it is considered unbreakable if implemented properly. It was invented by Gilbert Vernam in 1917, so sometimes it is referred to as the Vernam cipher.
|
|
|
one-time pad encryption scheme is deemed unbreakable only if the following things are true about the implementation process:
|
• The pad must be used only one time. If the pad is used more than one time, this might introduce patterns in the encryption process that will aid the evildoer in his goal of breaking the encryption.
• The pad must be as long as the message. If it is not as long as the message, the pad will need to be reused to cover the whole message. This would be the same thing as using a pad more than one time, which could introduce patterns. • The pad must be securely distributed and protected at its destination. This is a very cumbersome process to accomplish, because the pads are usually just individual pieces of paper that need to be delivered by a secure courier and properly guarded at each destination. • The pad must be made up of truly random values. This may not seem like a difficult task, but even our computer systems today do not have truly random number generators; rather, they have pseudorandom number generators. |
|
|
NOTE
A number generator is used to create a stream of random values and must be seeded by an initial value. This piece of software obtains its seeding value from some component within the computer system (time, CPU cycles, and so on). Although a computer system is complex, it is a predictable environment, so if the seeding value is predictable in any way, the resulting values created are not truly random—but pseudorandom. |
NOTE
A concealment cipher, also called a null cipher, is a type of steganography method. |
|
|
Define Running key cipher:
|
Uses steps in the physical world around us, like books (page, line number and word count). Each word is described by a sequence of numbers.
|
|
|
Define concealment cipher
|
is a message within a message. If my other supersecret spy buddy and I decide our key value is every third word, then when I get a message from him, I will pick out every third word and write it down. So Every X number of words within a text, is a part of the real message.
|
|
|
Define Steganography
|
is a method of hiding data in another media type so the very existence of the data is concealed. Only the sender and receiver are supposed to be able to see the message because it is secretly hidden in a graphic, wave file, document, or other type of media. The message is not encrypted, just hidden. Encrypted messages can draw attention because it tells the bad guy, “This is something sensitive.” A message hidden in a picture of your grandmother would not attract this type of attention, even though the same secret message can be embedded into this image. Steganography is a type of security through obscurity.
|
|
|
Define least significant bit (LSB).
|
A method of embedding the message into some type of medium is to use the least significant bit (LSB). Many types of files have some bits that can be modified and not affect the file they are in, which is where secret data can be hidden without altering the file in a visible manner. In the LSB approach, graphics with a high resolution or an audio file that has many different types of sounds (high bit rate) are the most successful for hiding information within.
|
|
|
define digital watermark
|
The embedded logo or trademark is called a digital watermark. Instead of having a secret message within a graphic that is supposed to be invisible to you, digital watermarks are usually visible. These are put into place to deter people from using material that is not theirs.
|
|
|
What is Digital Rights Management (DRM).
|
The goal is to restrict the usage of material that is owned by a company or individual.
|
|
|
Symmetric encryption ciphers come in two basic types:
|
substitution and transposition(permutation).
|
|
|
What is the function of a substitution cipher
|
replaces bits, characters, or blocks of characters with different bits, characters, or blocks.
|
|
|
What is the function of a transposition cipher
|
The transposition cipher (permutation) does not replace the original text with different text, but rather moves the original values around. It re-arranges the bits, characters, or blocks of characters to hide the original meaning.
|
|
|
In the Caesar cipher, each letter is replaced with the letter three places beyond it in the alphabet.
|
The algorithm is the alphabet, and the key is the instruction “shift up three.”
|
|
|
Simple substitution and transposition ciphers are vulnerable to
|
frequency analysis attacks.
|
|
|
What is Frequency analysis:
|
Analysis of the frequent patterns of letters used in messages and conversation.
|
|
|
Note:
Today’s symmetric algorithms use substitution and transposition methods in their encryption processes, but the mathematics used are (or should be) too complex to allow for simplistic frequency-analysis attacks to be successful. |
NOTE
Remember that the algorithm stays static, and the randomness provided by cryptography is mainly by means of the keying material. |
|
|
Note:
Key Derivation FunctionsFor complex keys to be generated, commonly a master key is created, and then symmetric keys are generated from it. For example, if an application is responsible for creating a session key for each subject that requests one, it should not be giving out the same instance of that one key. Different subjects need to have different symmetric keys to ensure that the window for the bad guy to capture and uncover that key is smaller than if the same key were to be used over and over again. When two or more keys are created from a master key, they are called subkeys. |
Note:
Key Derivation Functions (KDFs) are used to generate keys that are made up of random values. Different values can be used independently or together as random key material. The algorithm is created to use specific hash, password, and/or salt values, which will go through a certain number of rounds of mathematical functions dictated by the algorithm. The more rounds that this keying material goes through, the more assurance and security for the cryptosystem overall. |
|
|
Note:
there can be several pieces to an encryption process; the two main pieces are the algorithms and the keys. As stated earlier, algorithms used in computer systems are complex mathematical formulas that dictate the rules of how the plaintext will be turned into cipher text. A key is a string of random bits that will be used by the algorithm to add to the randomness of the encryption process. For two entities to be able to communicate via encryption, they must use the same algorithm and, many times, the same key. In some encryption technologies, the receiver and the sender use the same key, and in other encryption technologies, they must use different but related keys for encryption and decryption purposes. |
Note:
Cryptography algorithms are either symmetric algorithms, which use symmetric keys (also called secret keys), or asymmetric algorithms, which use asymmetric keys (also called public and private keys). |
|
|
Define Symmetric Cryptography
|
In a cryptosystem that uses symmetric cryptography, the sender and receiver use two instances of the same key for encryption and decryption. So the key has dual functionality, in that it can carry out both encryption and decryption processes. Symmetric keys are also called secret keys, because this type of encryption relies on each user to keep the key a secret and properly protected. If an intruder were to get this key, they could decrypt any intercepted message encrypted with it.
|
|
|
The equation used to calculate the number of symmetric keys needed is
|
N(N – 1)/2 = number of keys
|
|
|
The security of the symmetric encryption method is completely dependent on
how well users protect the key. |
how well users protect the key.
|
|
|
out-of-band refers to
|
communications which occur outside of a previously established communication method or channel.
|
|
|
Outline the strengths of symmetric key systems:
|
Strengths
• Much faster (less computationally intensive) than asymmetric systems. • Hard to break if using a large key size. |
|
|
Outline the weakness of symmetric key systems:
|
Weaknesses
• Requires a secure mechanism to deliver keys properly. • Each pair of users needs a unique key, so as the number of individual’s increases, so does the number of keys, possibly making key management over whelming. • Provides confidentiality but not authenticity or nonrepudiation. |
|
|
Examples of symmetric algorithms: mnemonic symmetric keys are 3 dirt crabs
|
•Triple-DES (3DES)
•Data Encryption Standard (DES) •IDEA (International Data Encryption Algorithm) •RC4 •Twofish •CAST •RC5 •Advanced Encryption Standard (AES) •Blowfish •Shafer |
|
|
Note:
In symmetric key cryptography, a single secret key is used between entities, whereas in public key systems, each entity has different keys, or asymmetric keys. The two different asymmetric keys are mathematically related. If a message is encrypted by one key, the other key is required in order to decrypt the message. |
Note:
In a public key system, the pair of keys is made up of one public key and one private key. The public key can be known to everyone, and the private key must be known and used only by the owner. |
|
|
If confidentiality is the most important security service to a sender, she would encrypt the file with
|
the receiver’s public key. This is called a secure message format because it can only be decrypted by the person who has the corresponding private key.
|
|
|
Encrypting data with the sender’s private key is called
|
an open message format because anyone with a copy of the corresponding public key can decrypt the message. Confidentiality is not ensured.
|
|
|
An asymmetric algorithm works much more slowly than a symmetric algorithm, because
|
symmetric algorithms carry out relatively simplistic mathematical functions on the bits during the encryption and decryption processes. They substitute and scramble (transposition) bits, which is not overly difficult or processor-intensive. The reason it is hard to break this type of encryption is that the symmetric algorithms carry out this type of functionality over and over again. So a set of bits will go through a long series of being substituted and scrambled.
|
|
|
Asymmetric algorithms are slower than symmetric algorithms because
|
they use much more complex mathematics to carry out their functions, which requires more processing time. Asymmetric systems also provide for easier and more manageable key distribution than symmetric systems and do not have the scalability issues of symmetric systems. The reason for these differences is that, with asymmetric systems, you can send out your public key to all of the people you need to communicate with, instead of keeping track of a unique key for each one of them.
|
|
|
Although they are slower, asymmetric algorithms can provide
|
authentication and nonrepudiation, depending on the type of algorithm being used.
|
|
|
NOTE Public key cryptography is asymmetric cryptography. The terms can be used interchangeably.
|
NOTE Public key cryptography is asymmetric cryptography. The terms can be used interchangeably.
|
|
|
Outline the strengths of asymmetric key algorithms:
|
Strengths
• Better key distribution than symmetric systems • Better scalability than symmetric systems • Can provide authentication and nonrepudiation |
|
|
Outline the weaknesses of asymmetric key algorithms:
|
Weaknesses
• Works much more slowly than symmetric systems • Mathematically intensive tasks |
|
|
examples of asymmetric key algorithms: mnemonic asymmetric is Digital Merkle DEER
|
• Digital Signature Algorithm (DSA)
• Merkle-Hellman Knapsack • Diffie-Hellman • Elliptic curve cryptosystem (ECC) • El Gamal • RSA (Rivest-Shamir-Adleman) |
|
|
The two main types of symmetric algorithms are
|
block cipher and stream ciphers
|
|
|
Define Block ciphers
|
The message is divided into blocks of bits. Uses diffusion and confusion in their methods. Uses Substitution boxes (S-boxes) In each step. It is the key that determines what functions are applied to the plaintext and in what order. Are more suitable for software implementations, because they work with blocks of data which is usually the width of a data bus (64 bits). Block ciphers sometimes work in a mode that emulates a stream cipher.
|
|
|
Define Confusion
|
Different unknown key values are used. Carried out through substitution
|
|
|
Define Diffusion
|
Putting the bits within the plaintext through many different functions so that they are dispersed throughout the algorithm. Carried using transposition
|
|
|
Define S-box
|
Contains a lookup table that instructs how the bits should be permuted or moved around. The key that is used in the decryption process dictates what S-boxes are used and in what order.
|
|
|
Define Stream ciphers
|
Treats the message as a stream of bits or bytes and performs mathematical functions on them individually. The key is a random value input into the stream cipher, which it uses to ensure the randomness of the keystream data. Are more suitable for hardware implementations, because they encrypt and decrypt one bit at a time. Are intensive because each bit must be manipulated, which works better at the silicon level.Characteristics of a strong and effective cipher algorithm - Long periods of no repeating patterns within keystream values / statistically un predictable / the keystream is not linearly related to the key / statistically unbiased keystream (as many 0’s as 1’s) Key stream generator - Produces a stream of bits that is XORed with the plaintext bits to produce cipertext.
|
|
|
Define Initialization vectors (IVs)
|
are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination. If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext.
|
|
|
A strong and effective stream cipher contains the following characteristics:
|
• Long periods of no repeating patterns within keystream values Bits generated by the key stream must be random.
• Statistically unpredictable keystream The bits generated from the key stream generator cannot be predicted. • A keystream not linearly related to the key If someone figures out the key stream values that do not mean she now knows the key value. • Statistically unbiased keystream (as many 0’s as 1’s) There should be no dominance in the number of 0’s or 1’s in the key stream. |
|
|
Stream ciphers are better suited to be implemented
|
at the hardware level.
|
|
|
Block ciphers can be easily implemented at the software level Because
|
they do not require as much processing power.
|
|
|
Note:
Stream ciphers were developed to provide the same type of protection one-time pads do, which is why they work in such a similar manner. In reality, stream ciphers cannot provide the level of protection one-time pads do, but because stream ciphers are implemented through software and automated means, they are much more practical. |
Note:
Public Key Cryptography Uses two keys generated by an asymmetric algorithm for protecting encryption keys and key distribution and a secret key is generated by a symmetric algorithm and used for bulk encryption. |
|
|
Asymmetric algorithm performs encryption and decryption using
|
public and private keys.
|
|
|
Symmetric algorithm performs encryption and decryption using
|
a secret key.
|
|
|
A secret key is used to encrypt
|
the actual message
|
|
|
secret key is synonymous to
|
symmetric key
|
|
|
An asymmetric key refers to
|
a public or private key.
|
|
|
Define session key
|
is a single-use symmetric key that is used to encrypt messages between two users during a communication session. A session key is no different from the symmetric key described in the previous section, but it is only good for one communication session between users. A session key provides more protection than static symmetric keys because it is valid for only one session between two computers. If an attacker were able to capture the session key, she would have a very small window of time to use it to try to decrypt messages being passed back and forth.
|
|
|
The process of using symmetric and asymmetric cryptography together can be referred to as a hybrid approach, but more commonly as a .
|
digital envelope
|
|
|
Symmetric cryptography referred to as any of the following:
|
• Single key cryptography
• Secret key cryptography • Session key cryptography • Private key cryptography • Shared-key cryptography |
|
|
Note
In 1974, IBM’s 128-bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this algorithm to use a key size of 64 bits (with eight bits used for parity, resulting in an effective key length of 56 bits) instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). |
NOTE
DEA is the algorithm that fulfills DES, which is really just a standard. So DES is the standard and DEA is the algorithm, but in the industry we usually just refer to it as DES.. |
|
|
Note
DES was later replaced by the Rijndael algorithm as the Advanced Encryption Standard (AES) by NIST. This means that Rijndael is the new approved method of encrypting sensitive but unclassified information for the U.S. government; it has been accepted by, and is widely used in, the public arena today. |
Note
Data Encryption Standard (DES) Certified by NIST, based on IBM’s 128 bit algorithm Lucifer. Is a block encryption algorithm. 64 bit in -> 64 bit out. 56 bits make up the true key and 8 bits are used for parity. A block of 64 bits is divided in half and each character is encrypted one at a time. The characters are put through 16 rounds of transposition and substitution functions. |
|
|
Data Encryption Standard (DES) have four distinct modes of operation:
|
Electronic Code Book
Cipher Block Chaining Cipher Feedback Mode Output Feedback, Counter Mode |
|
|
Define ECB mode / Electronic Code Book
|
Native encryption mode. Provides the recipe of substitutions and permutations that will be performed on the block of plaintext. Data within a file does not have to be encrypted in a certain order. Used for small amounts of data, like challenge-response, key management tasks. Also used to encrypt PINs in ATM machines.
|
|
|
Define CBC mode / Cipher Block Chaining
|
Each block of text, the key, and the value based on the pervious block is processed in the algorithm and applied to the next block of text.
|
|
|
Define CFB Mode / Cipher Feedback Mode
|
The previously generated ciphertext from the last encrypted block of data is inputted into the algorithm to generate random values. These random values are processed with the current block of plaintext to create ciphertext. This mode is used when encrypting individual characters is required.
|
|
|
Define OFB Mode / Output Feedback
|
Functioning like a stream cipher by generating a stream of random binary bits to be combined with the plaintext to create ciphertext. The ciphertext is fed back to the algorithm to form a portion of the next input to encrypt the next stream of bits.
|
|
|
Define Counter Mode Counter Mode (CTR)
|
is very similar to OFB mode, but instead of using a randomly unique IV value to generate the keystream values, this mode uses an IV counter that increments for each plaintext block that needs to be encrypted. The unique counter ensures that each block is XORed with a unique keystream value. The other difference is that there is no chaining involved, which means no ciphertext is brought forward to encrypt the next block. Since there is no chaining, the encryption of the individual blocks can happen in parallel, which increases the performance. The main reason CTR would be used instead of the other modes is performance. This mode has been around for quite some time and is used in encrypting ATM cells for virtual circuits, in IPSec, and is now integrated in the new wireless security standard, 802.11i.
|
|
|
Trippel-DES (3DES)
|
Uses 48 rounds in its computation. Heavy performance hit and it can take up to three times longer than DES to perform encryption and decryption.
|
|
|
3DES can work in different modes, and the mode chosen dictates the number of keys used and what functions are carried out EDE may seem a little odd at first. How much protection could be provided by encrypting something, decrypting it, and encrypting it again? The decrypting portion here is decrypted with a different key. When data are encrypted with one symmetric key and decrypted with a different symmetric key, it is jumbled even more. So the data are not actually decrypted in the middle function, they are just run through a decryption process with a different key. Examine each:
|
• DES-EEE3 Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted.
• DES-EDE3 Uses three different keys for encryption, and the data are encrypted, decrypted, and encrypted. • DES-EEE2 The same as DES-EEE3 but uses only two keys, and the first and third encryption processes use the same key. • DES-EDE2 The same as DES-EDE3 but uses only two keys, and the first and third encryption processes use the same key. |
|
|
Rijndael was chosen to replace DES and become the algorithm for AES. The block sizes that Rijndael supports are
|
128, 192, and 256 bits. The number of rounds depends upon the size of the block and the key length:
• If both the key and block size are 128 bits, there are 10 rounds. • If both the key and block size are 192 bits, there are 12 rounds. • If both the key and block size are 256 bits, there are 14 rounds. |
|
|
Define Advanced Encryption Standard (AES)
|
NIST replacement standard for DES. The winner was Rijndael, which is a block cipher with a variable block length and key length Employs a round transformation that is comprised of three layers of distinct and invertible transformations: The non-linear layer / the linear mixing layer / the key addition layer. Is suited for high speed chips with no area restrictions / a compact co-processor on a smart card.
|
|
|
Define International Data Encryption Algoritm (IDEA):
|
Block cipher that operates on 64 bit blocks of data. The key is 128 bits long. The 64-bite data block is divided into 16 smaller blocks and each has eight rounds of mathematical functions performed on it. Is used in the PGP encryption software.
|
|
|
Define Blowfish:
|
A block cipher that works on 64-bit blocks of data. The key length can be up to 448 bits and the data blocks go through 16 rounds of cryptographic functions.
|
|
|
Define RC5
|
A block cipher that has a variety of parameters it can use for block size, key size and the number of rounds used. Block sizes: 32/64/128 and key size up to 2048 bits.
|
|
|
Define RC4
|
is one of the most commonly implemented stream ciphers. It has a variable key size, is used in the SSL protocol, and was (improperly) implemented in the 802.11 WEP protocol standard. RC4 was developed in 1987 by Ron Rivest and was considered a trade secret of RSA Data Security, Inc. until someone posted the source code on a mailing list. Since the source code was released nefariously, the stolen algorithm is sometimes implemented and referred to as ArcFour or ARC4 because the title RC4 is trademarked. The algorithm is very simple, fast, and efficient, which is why it became so popular.
|
|
|
using purely symmetric key cryptography has three drawbacks, which affect the following:
|
• Security services Purely symmetric key cryptography provides confidentiality only, not authentication or nonrepudiation.
• Scalability As the number of people who need to communicate increases, so does the number of symmetric keys required, meaning more keys must be managed. • Secure key distribution The symmetric key must be delivered to its destination through a secure courier. |
|
|
Define the Diffie-Hellman Algorithm
|
The first group to address the shortfalls of symmetric key cryptography decided to attack the issue of secure distribution of the symmetric key.
NOTE The preceding example describes key agreement, which is different from key exchange, the functionality used by the other asymmetric algorithms that will be discussed in this chapter. With key exchange functionality, the sender encrypts the symmetric key with the receiver’s public key before transmission. |
|
|
The original Diffie-Hellman algorithm is vulnerable to a man-in-the-middle attack, because
|
no authentication occurs before public keys are exchanged.
|
|
|
Give an example of how Diffie-hellman becomes vulnerable to man in the middle attacks
|
In our example, when Tanya sends her public key to Erika, how does Erika really know it is Tanya’s public key? What if Lance spoofed his identity, told Erika he was Tanya, and sent over his key? Erika would accept this key, thinking it came from Tanya. Let’s walk through the steps of how this type of attack would take place
1. Tanya sends her public key to Erika, but Lance grabs the key during transmission so it never makes it to Erika. 2. Lance spoofs Tanya’s identity and sends over his public key to Erika. Erika now thinks she has Tanya’s public key. 3. Erika sends her public key to Tanya, but Lance grabs the key during transmission so it never makes it to Tanya. 4. Lance spoofs Erika’s identity and sends over his public key to Tanya. Tanya now thinks she has Erika’s public key. 5. Tanya combines her private key and Lance’s public key and creates symmetric key S1. 6. Lance combines his private key and Tanya’s public key and creates symmetric key S1. 7. Erika combines her private key and Lance’s public key and creates symmetric key S2. 8. Lance combines his private key and Erika’s public key and creates symmetric key S2. 9. Now Tanya and Lance share a symmetric key (S1) and Erika and Lance share a different symmetric key (S2). Tanya and Erika think they are sharing a key between themselves and do not realize Lance is involved. 10. Tanya writes a message to Erika, uses her symmetric key (S1) to encrypt the message, and sends it. 11. Lance grabs the message and decrypts it with symmetric key S1, reads or modifies the message and re-encrypts it with symmetric key S2, and then 12. Erika takes symmetric key S2 and uses it to decrypt and read the message. |
|
|
What is the counter measure to man-in-the middle attacks
|
The countermeasure to this type of attack is to have authentication take place before accepting someone’s public key, which usually happens through the use of digital signatures and digital certificates.
|
|
|
NOTE A prime number is a positive whole number with no proper divisors, meaning the only numbers that can divide a prime number are 1 and the
number itself. |
Note that Diffie-Hellman can only perform key agreement and cannot generate or verify digital signatures.
|
|
|
Define RSA
|
Provides authentication (digital signature) and encryption. The security comes from the difficulty of factoring large numbers, where the keys are functions of a pair of large prime numbers. Is used in many web browsers with SSL, in PGP and government system that use public key cryptosystems.
|
|
|
Define Public key cryptography
|
is the use of an asymmetric algorithm. Thus, the terms asymmetric algorithm and public key cryptography are interchangeable and mean the same thing. Examples of asymmetric algorithms are RSA, elliptic curve cryptosystem (ECC), Diffie-Hellman, El Gamal, LUC, and Knapsack. These algorithms are used to create public/private key pairs, perform key exchange or agreement, and generate and verify digital signatures.
|
|
|
Define Public key infrastructure (PKI)
|
is a different animal. It is not an algorithm, a protocol, or an application—it is an infrastructure based on public key cryptography. Let’s look at why we even need PKIs today. When Erika needs to send Tanya a symmetric key securely, she must obtain Tanya’s public key. Erika could get the key from a public repository that holds public keys for many individuals, but if Lance has switched out Tanya’s public key and inserted his own, when Erika acquires a key she thinks is Tanya’s, she actually receives Lance’s key and Erika has no idea.
|
|
|
What is a one-way function
|
A one-way function is a mathematical function that is easier to compute in one direction than in the opposite direction. An analogy of this is when you drop a glass on the floor. Although dropping a glass on the floor is easy, putting all the pieces back together again to reconstruct the original glass is next to impossible.
|
|
|
All asymmetric algorithms are based on what type of encryption function
|
one-way function
|
|
|
Define El Gamal
|
Used for digital signatures and key exchange. Based on calculating discrete logarithms in a finite field. Although El Gamal provides the same type of functionality as some of the other asymmetric algorithms, its main drawback is performance. When compared to other algorithms, this algorithm is usually the slowest.
|
|
|
Define Elliptic Curve Cryptosystem (ECC)
|
Provides digital signatures, secure key distribution and encryption. Requires smaller percentage of the resources than other systems. Based on the properties of elliptic curves in their public key system. Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources needed by RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires.Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device.
|
|
|
What is Zero knowledge proof.
|
You tell someone just the information they need to know without “giving up the farm.” Zero knowledge proof is used in cryptography also. If I encrypt something with my private key, you can verify my private key was used by decrypting the data with my public
key. By encrypting something with my private key, I am proving to you I have my private key—but I do not give or show you my private key. I do not “give up the farm” by disclosing my private key. In a zero knowledge proof, the verifier cannot prove to another entity that this proof is real, because he does not have the private key to prove it. So, only the owner of the private key can prove he has possession of the key. |
|
|
Note:
Parity bits and cyclic redundancy check (CRC) functions have been used in protocols to detect modifications in streams of bits as they are passed from one computer to another, but they can usually detect only unintentional modifications. |
Note
Trapdoor one-way function - The basis for public key cryptography. A public key encrypts and a private key (trapdoor) decrypts |
|
|
Define One-way hash
|
Is a function that takes a variable-length string a message, and compresses and transforms it into a fixed length value referred to as a hash value.
|
|
|
Define message authentication code (MAC). Give an example of how it work
|
A MAC function is an authentication scheme derived by applying a secret key to a message in some form. This does not mean the symmetric key is used to encrypt the message, though. You should be aware of three basic types of MACs: a hash MAC (HMAC), CMAC, and a CBC-MAC .
|
|
|
Give an example of how MAC works
|
Example of MAC
The hashing one-way function takes place without the use of any keys. This means, for example, that if Cheryl writes a message, calculates a message digest, appends the digest to the message, and sends it on to Scott, Bruce can intercept this message, alter Cheryl’s message, recalculate another message digest, append it to the message, and send it on to Scott. When Scott receives it, he verifies the message digest, but never knows the message was actually altered by Bruce. Scott thinks the message came straight from Cheryl and it was never modified, because the two message digest values are the same. If Cheryl wanted more protection than this, she would need to use message authentication code (MAC). Define the steps of a hashing process: 1. The sender puts the message through a hashing function. 2. A message digest value is generated. 3. The message digest is appended to the message. 4. The sender sends the message to the receiver. 5. The receiver puts the message through a hashing function. 6. The receiver generates her own message digest value. 7. The receiver compares the two message digest values. If they are the same, the message has not been altered. Provides Integrity; not confidentiality or authentication. Can detect only unintentional modifications. |
|
|
Note
CMAC CMAC works the same way as the CBC-MAC, but is based on more complex logic and mathematical functions. |
Note: when we say that the message is concatenated with a symmetric key, we don’t mean a symmetric key is used to encrypt the message. The message is not encrypted in an HMAC function, so there is no confidentiality being provided. Think about throwing a message in a bowl and then throwing a symmetric key in the same bowl. If you dump the contents of the bowl into a hashing algorithm, the result will be a MAC value. This type of technology requires the sender and receiver to have the same symmetric key. The HMAC function does not involve getting the symmetric key to the destination securely. That would have to happen through one of the other technologies we have discussed already (Diffie-Hellman and key agreement, or RSA and key exchange).
|
|
|
Define the steps of an HMAC process:
|
1. The sender concatenates a symmetric key with the message.
2. The result is put through a hashing algorithm. 3. A MAC value is generated. 4. The MAC value is appended to the message. 5. The sender sends the message to the receiver. (Just the message with the attached MAC value. The sender does not send the symmetric key with the message.) 6. The receiver concatenates a symmetric key with the message. 7. The receiver puts the results through a hashing algorithm and generates her own MAC value 8. The receiver compares the two MAC values. If they are the same, the message has not been modified. |
|
|
What is CBC-MAC
|
If a CBC-MAC is being used, the message is encrypted with a symmetric block cipher in CBC mode, and the output of the final block of ciphertext is used as the MAC. The sender does not send the encrypted version of the message, but instead sends the plaintext version and the MAC attached to the message. The receiver receives the plaintext message and encrypts it with the same symmetric block cipher in CBC mode and calculates an independent MAC value. The receiver compares the new MAC value with the MAC value sent with the message. This method does not use a hashing algorithm as
does HMAC. |
|
|
What is Cipher-Based Message Authentication Code (CMAC).
|
Cipher-Based Message Authentication Code (CMAC). CMAC provides the same type of data origin authentication and integrity as CBC-MAC, but more secure mathematically. CMAC is a variation of CBC-MAC. It is approved to work with AES and Triple DES. CRCs are used to identify data modifications, but these are commonly used lower in the network stack. Since these functions work lower in the network stack, they are used to identify modifications (as in corruption) when the packet is transmitted from one computer to another. it is a block cipher–based message authentication code algorithm. This means that it can provide the authentication of the data origin (as in the computer it was sent from) but not the person who sent it.
Provides Integrity and data origin authentication; confidentiality is not provided. |
|
|
What is the CBC-MAC process
|
1. Sender encrypts a message with a symmetric block algorithm in CBC mode.
2. The last block is used as the MAC. 3. The plaintext message and the appended MAC are sent to the receiver. 4. The receiver encrypts the message, creates a new MAC, and compares the two values. If they are the same, the receiver knows the message was not modified and from which system it came. Provides Integrity and data origin authentication; confidentiality is not provided. |
|
|
Good cryptographic hash functions should have the following characteristics:
|
• The hash should be computed over the entire message.
• The hash should be a one-way function so messages are not disclosed by their values. • Given a message and its hash value, computing another message with the same hash value should be impossible. • The function should be resistant to birthday attacks (explained in the upcoming section “Attacks Against One-Way Hash Functions”). |
|
|
Define Message Digest 2 (MD2)
|
algorithm One-way function. Produces a 128-bit hash value. Much slower than MD4 and MD5.
|
|
|
Define Message Digest 4 (MD4)
|
algorithm One-way function. Produces a 128-bit hash value.
|
|
|
Define Message Digest 5 (MD5)
|
algorithm One-way function. Produces a 128-bit hash value. More complex than MD4.
|
|
|
Define HAVAL
|
One-way function. Variable-length hash value. Modification of MD5 algorithm that provides more protection against attacks that affect MD5. It
processes message blocks twice the size of those used in MD5; thus, it processes blocks of 1,024 bits. |
|
|
Define Secure Hash Algorithm (SHA)
|
One-way function. Produces a 160-bit hash value. Used with DSA. SHA-1, SHA-256, SHA-384 SHA-512
Updated version of SHA. SHA-1 produces a 160-bit hash value, SHA-256 creates a 256-bit value, and so on. |
|
|
Note: SHA was designed by NSA and published by NIST to be used with the Digital Signature Standard (DSS). SHA was designed to be used in digital signatures and was developed when a more secure hashing algorithm was required for U.S. government applications.
NOTE A European project called RIPE (RACE Integrity Primitives Evaluation) developed a hashing algorithm with the purpose of replacing MD4. This algorithm is called RIPEMD and is very similar to MD4, but did not gain much attention. |
NOTE A European project called RIPE (RACE Integrity Primitives Evaluation) developed a hashing algorithm with the purpose of replacing MD4. This algorithm is called RIPEMD and is very similar to MD4, but did not gain much attention.
|
|
|
What are the attacks against one-way hash functions
|
Birthday
Collision |
|
|
What are Collision
|
If the algorithm does produce the same value for two distinctly different messages.
|
|
|
What is a Birthday attack
|
Is an attack on hashing functions through brute force. The attacker tries to find two messages with the same hashing value
|
|
|
Community Property: Basic Presumption
|
1) AZ is a CP state
2) All property acquired DURING MARRIAGE is PRESUMED to be CP. 3) Assets acquired on credit is presumed to be CP credit. 4) Burden of proving that an asset is SP is on the spouse claiming that it's SP--must be shown by CLEAR AND CONVINCING EVIDENCE. 5) AZ follows the INCEPTION OF TITLE rule, meaning that character of title is determined at the time it is acquired. 6) All CP is subject to EQUITABLE DIVISION |
|
|
A message that is hashed provides
|
integrity.
|
|
|
A message that is digitally signed, provides
|
authentication, integrity., and nonrepudiation
|
|
|
A message that is encrypted and digitally signed, which provides
|
confidentiality, authentication, integrity, and nonrepudiation (CAIN)
|
|
|
What is Digital signature standard (DSS)
|
A standard for digital signatures and its functions and acceptable use. Require Digital Signature Algorithm (DSA) and the Secure Hash Algorithm (SHA).
|
|
|
Define Public key infrastructure (PKI)
|
consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. In other words, a PKI establishes a level of trust within an environment. PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard. The framework was set up to enable authentication to happen across different networks and the Internet. Particular protocols and algorithms are not specified, which is why PKI is called a framework and not a specific technology. PKI provides confidentiality, authentication, integrity, and nonrepudiation (CAIN) of the messages exchanged. PKI is a hybrid system of symmetric and asymmetric key algorithms and methods.
|
|
|
Define Certificate Authorities
|
A CA is a trusted organization (or server) that maintains and issues digital certificates.
|
|
|
Define Digital certificate
|
A credential that contains the public key of that individual along with other identifying information.
|
|
|
Define Certificate revocation list (CRL)
|
A list of every certificate that has been revoked for one reason or another. This list is maintained periodically.
|
|
|
Define Certificate
|
Is the mechanism used to associate a public key with a collection of components sufficient to uniquely authenticate the claimed owner.
|
|
|
What are some fields held in a certificate
|
serial number, version number, identity information, algorithm information, lifetime dates, and the signature of the issuing authority
|
|
|
Define Registration authority (RA)
|
The registration authority (RA) performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.
|
|
|
What is A cross certification give a example of why it is used
|
is the process undertaken by CAs to establish a trust relationship in which they rely upon each other’s digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.
Example More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or between different companies), there must be a way for the two root CAs to trusteach other. The two CAs do not have a CA above them they can both trust, so they must carry out cross certification. |
|
|
NOTE CRLs are the thorn in the side of many PKI implementations. They are challenging for a long list of reasons. It is interesting to know that, by default, web browsers do not check a CRL to ensure that a certificate is not revoked. So when you are setting up an SSL connection to do e-commerce over the Internet, you could be relying on a certificate that has actually been revoked. Not good.
|
NOTE CRLs are the thorn in the side of many PKI implementations. They are challenging for a long list of reasons. It is interesting to know that, by default, web browsers do not check a CRL to ensure that a certificate is not revoked. So when you are setting up an SSL connection to do e-commerce over the Internet, you could be relying on a certificate that has actually been revoked. Not good.
|
|
|
Define Online Certificate Status Protocol (OCSP)
|
is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.
|
|
|
Define Registration authority (RA)
|
The registration authority (RA) performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.
|
|
|
A PKI may be made up of the following entities and functions:
|
• CA
• RA • Certificate repository • Certificate revocation system • Key backup and recovery system • Automatic key update • Management of key histories • Timestamping • Client-side software |
|
|
What is A cross certification give a example of why it is used
|
is the process undertaken by CAs to establish a trust relationship in which they rely upon each other’s digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.
Example More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or between different companies), there must be a way for the two root CAs to trusteach other. The two CAs do not have a CA above them they can both trust, so they must carry out cross certification. |
|
|
Define Registration authority (RA)
|
The registration authority (RA) performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.
|
|
|
NOTE CRLs are the thorn in the side of many PKI implementations. They are challenging for a long list of reasons. It is interesting to know that, by default, web browsers do not check a CRL to ensure that a certificate is not revoked. So when you are setting up an SSL connection to do e-commerce over the Internet, you could be relying on a certificate that has actually been revoked. Not good.
|
NOTE CRLs are the thorn in the side of many PKI implementations. They are challenging for a long list of reasons. It is interesting to know that, by default, web browsers do not check a CRL to ensure that a certificate is not revoked. So when you are setting up an SSL connection to do e-commerce over the Internet, you could be relying on a certificate that has actually been revoked. Not good.
|
|
|
PKI supplies the following security services: Mnemonic PKI needs A CAIN
|
• Access control
• Confidentiality • Authentication • Integrity • Nonrepudiation |
|
|
Define Online Certificate Status Protocol (OCSP)
|
is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.
|
|
|
What is A cross certification give a example of why it is used
|
is the process undertaken by CAs to establish a trust relationship in which they rely upon each other’s digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.
Example More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or between different companies), there must be a way for the two root CAs to trusteach other. The two CAs do not have a CA above them they can both trust, so they must carry out cross certification. |
|
|
A PKI may be made up of the following entities and functions:
|
• CA
• RA • Certificate repository • Certificate revocation system • Key backup and recovery system • Automatic key update • Management of key histories • Timestamping • Client-side software |
|
|
Note: A PKI must retain a key history, which keeps track of all the old and current public keys that have been used by individual users. For example, if Kevin encrypted a symmetric key with Dave’s old public key, there should be a way for Dave to still access this data. This can only happen if the CA keeps a proper history of Dave’s old certificates and keys. Another important component that must be integrated into a PKI is a reliable time source that provides a way for secure timestamping. This comes into play when true nonrepudiation is required.
|
Note Kerberos - A key distribution center (KDC) is used to store, distribute and maintain cryptographic session keys.
Note: Diffie-Hellman - Uses a key exchange algorithm (KEA) |
|
|
NOTE CRLs are the thorn in the side of many PKI implementations. They are challenging for a long list of reasons. It is interesting to know that, by default, web browsers do not check a CRL to ensure that a certificate is not revoked. So when you are setting up an SSL connection to do e-commerce over the Internet, you could be relying on a certificate that has actually been revoked. Not good.
|
NOTE CRLs are the thorn in the side of many PKI implementations. They are challenging for a long list of reasons. It is interesting to know that, by default, web browsers do not check a CRL to ensure that a certificate is not revoked. So when you are setting up an SSL connection to do e-commerce over the Internet, you could be relying on a certificate that has actually been revoked. Not good.
|
|
|
PKI supplies the following security services: Mnemonic PKI needs A CAIN
|
• Access control
• Confidentiality • Authentication • Integrity • Nonrepudiation |
|
|
Define Online Certificate Status Protocol (OCSP)
|
is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.
|
|
|
Key management is critical for proper protection. The following are responsibilities that fall under the key management umbrella:
|
• The key length should be long enough to provide the necessary level of protection.
• Keys should be stored and transmitted by secure means. • Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace. • The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.) • The more the key is used, the shorter its lifetime should be. • Keys should be backed up or escrowed in case of emergencies. • Keys should be properly destroyed when their lifetime comes to an end. Note: Two general modes of encryption implementation are link encryption and end-to-end encryption. |
|
|
A PKI may be made up of the following entities and functions:
|
• CA
• RA • Certificate repository • Certificate revocation system • Key backup and recovery system • Automatic key update • Management of key histories • Timestamping • Client-side software |
|
|
Note: A PKI must retain a key history, which keeps track of all the old and current public keys that have been used by individual users. For example, if Kevin encrypted a symmetric key with Dave’s old public key, there should be a way for Dave to still access this data. This can only happen if the CA keeps a proper history of Dave’s old certificates and keys. Another important component that must be integrated into a PKI is a reliable time source that provides a way for secure timestamping. This comes into play when true nonrepudiation is required.
|
Note Kerberos - A key distribution center (KDC) is used to store, distribute and maintain cryptographic session keys.
Note: Diffie-Hellman - Uses a key exchange algorithm (KEA) |
|
|
Define Link encryption
|
encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. Link encryption provides protection against packet sniffers and eavesdroppers. Packets have to be decrypted at each hop and encrypted again. Is at the data link and physical layers. Hardware encryption devices interface with the physical layer and encrypt all data that passes through them. Because no part of the data is available to an attacker, the attacker cannot learn basic information about how data flows through the environment. This is referred to as traffic-flow security.
|
|
|
Key management is critical for proper protection. The following are responsibilities that fall under the key management umbrella:
|
• The key length should be long enough to provide the necessary level of protection.
• Keys should be stored and transmitted by secure means. • Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace. • The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.) • The more the key is used, the shorter its lifetime should be. • Keys should be backed up or escrowed in case of emergencies. • Keys should be properly destroyed when their lifetime comes to an end. Note: Two general modes of encryption implementation are link encryption and end-to-end encryption. |
|
|
Define end-to-end encryption
|
Only information is encrypted. The headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed. Is usually initiated at the application layer of the originating computer. Stays encrypted from one end of its journey to the other. Higher granularity of encryption is available because each application or user can use a different key.
|
|
|
PKI supplies the following security services: Mnemonic PKI needs A CAIN
|
• Access control
• Confidentiality • Authentication • Integrity • Nonrepudiation |
|
|
Define Link encryption
|
encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. Link encryption provides protection against packet sniffers and eavesdroppers. Packets have to be decrypted at each hop and encrypted again. Is at the data link and physical layers. Hardware encryption devices interface with the physical layer and encrypt all data that passes through them. Because no part of the data is available to an attacker, the attacker cannot learn basic information about how data flows through the environment. This is referred to as traffic-flow security.
|
|
|
Note: A PKI must retain a key history, which keeps track of all the old and current public keys that have been used by individual users. For example, if Kevin encrypted a symmetric key with Dave’s old public key, there should be a way for Dave to still access this data. This can only happen if the CA keeps a proper history of Dave’s old certificates and keys. Another important component that must be integrated into a PKI is a reliable time source that provides a way for secure timestamping. This comes into play when true nonrepudiation is required.
|
Note Kerberos - A key distribution center (KDC) is used to store, distribute and maintain cryptographic session keys.
Note: Diffie-Hellman - Uses a key exchange algorithm (KEA) |
|
|
Key management is critical for proper protection. The following are responsibilities that fall under the key management umbrella:
|
• The key length should be long enough to provide the necessary level of protection.
• Keys should be stored and transmitted by secure means. • Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace. • The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.) • The more the key is used, the shorter its lifetime should be. • Keys should be backed up or escrowed in case of emergencies. • Keys should be properly destroyed when their lifetime comes to an end. Note: Two general modes of encryption implementation are link encryption and end-to-end encryption. |
|
|
Define end-to-end encryption
|
Only information is encrypted. The headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed. Is usually initiated at the application layer of the originating computer. Stays encrypted from one end of its journey to the other. Higher granularity of encryption is available because each application or user can use a different key.
|
|
|
Define Link encryption
|
encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. Link encryption provides protection against packet sniffers and eavesdroppers. Packets have to be decrypted at each hop and encrypted again. Is at the data link and physical layers. Hardware encryption devices interface with the physical layer and encrypt all data that passes through them. Because no part of the data is available to an attacker, the attacker cannot learn basic information about how data flows through the environment. This is referred to as traffic-flow security.
|
|
|
Define end-to-end encryption
|
Only information is encrypted. The headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed. Is usually initiated at the application layer of the originating computer. Stays encrypted from one end of its journey to the other. Higher granularity of encryption is available because each application or user can use a different key.
|
|
|
Where does End-to-end encryption happens
|
within the applications.
|
|
|
Where does SSL encryption takes place
|
at the presentation layer.
|
|
|
Where does PPTP encryption takes place
|
at the data link layer.
|
|
|
Where does Link encryption takes place
|
at the data link and physical layers.
|
|
|
Advantages of end-to-end encryption include the following:
|
• It provides more flexibility to the user in choosing what gets encrypted and how.
• Higher granularity of functionality is available because each application or user can choose specific configurations. • Each hop computer on the network does not need to have a key to decrypt each packet. |
|
|
Disadvantages of end-to-end encryption include the following
|
• Headers, addresses, and routing information are not encrypted, and therefore
not protected. |
|
|
Advantages of link encryption include the following:
|
• All data are encrypted, including headers, addresses, and routing information.
• Users do not need to do anything to initiate it. It works at a lower layer in the OSI model. |
|
|
Disadvantages of link encryption include the following:
|
• Key distribution and management are more complex because each hop device must receive a key, and when the keys change, each must be updated.
• Packets are decrypted at each hop; thus, more points of vulnerability exist. • Link encryption defeats traffic analysis |
|
|
Define Hardware vs. Software Cryptography Systems
|
Encryption can be done through software or hardware, and there are trade-offs with each. Generally, software is less expensive and provides a slower throughput than hardware mechanisms. Software cryptography methods can be more easily modified and disabled compared to hardware systems, but it depends on the application and the hardware product. If a company needs to perform high-end encryption functions at a higher speed, the company will most likely implement a hardware solution.
|
|
|
What is Multipurpose Internet Mail Extension (MIME)
|
is a technical specification indicating how multimedia data and e-mail attachments are to be transferred. The Internet has mail standards that dictate how mail is to be formatted, encapsulated, transmitted, and opened.
For example, the header might indicate that the MIME type is Image and that the subtype is jpeg. Although this will be in the header, many times systems also use the file’s extension to identify the MIME type. So, in the preceding example, the file’s name might be stuff.jpeg. The user’s system will see the extension .jpeg, or see the data in the header field, and look in its association list to see what program it needs to initialize to open this particular file. If the system has JPEG files associated with the Explorer application, then Explorer will open and present the picture to the user. |
|
|
Define Secure MIME (S/MIME)
|
Is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions.
More explanation S/MIME extends the MIME standard by allowing for the encryption of e-mail and attachments. The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests. |
|
|
What is Privacy-Enhanced Mail (PEM)
|
is an Internet standard to provide secure e-mail over the Internet and for in-house communication infrastructures. This standard
was developed to provide compatibility with many types of key-management processes and symmetric and public key methods of encryption. It was also designed to be compatible with PKCS. Provide authentication, message integrity, encryption and key management. |
|
|
What are the Specific components that can be used with PEM:
|
- Messages encrypted with DES in CBC mode
- Authentication provided by MD2 or MD5 - Public key management provided by RSA - X.509 standard used for certification structure and format |
|
|
What is Message Security Protocol (MSP)
|
is the military’s PEM. Developed by the NSA, it is an X.400-compatible application-level protocol used to secure e-mail messages. MSP can be used to sign and encrypt messages and to perform hashing functions. Like PEM, applications that incorporate MSP enable different algorithms and parameters to be used to provide greater flexibility.
|
|
|
NOTE PGP is considered a cryptosystem because it has all the necessary components: symmetric key algorithms, asymmetric key algorithms, message digest algorithms, keys, protocols, and the necessary software components.
|
NOTE PGP is considered a cryptosystem because it has all the necessary components: symmetric key algorithms, asymmetric key algorithms, message digest algorithms, keys, protocols, and the necessary software components.
|
|
|
Define Pretty Good Privacy (PGP)
|
First widespread public key encryption program. Uses RSA public key encryption for key management and IDEA symmetric cipher for bulk
encryption of data. PGP uses passphrases, that is used to encrypt the user’s private key that is stored on her hard drive. Relies on a ”web of trust” in its key management approach. Key ring - Each user keeps a collection of signed public keys he has received from other users. |
|
|
quantum cryptography
|
photon polarization is commonly used to represent bits (1 or 0). Polarization is the orientation of electromagnetic waves, which is what photons are. Photons are the particles that make up light. The electromagnetic waves have an orientation of horizontal or vertical, or left hand or right hand.
|
|
|
HTTP
|
HTTP
TCP/IP is the protocol suite of the Internet, and HTTP is the protocol of the Web. HTTP sits on top of TCP/IP. When a user clicks a link on a web page with her mouse, her browser uses HTTP to send a request to the web server hosting that web site. |
|
|
Is HTTP Statefull or Stateless
|
HTTP is a stateless protocol, which means the client and web server make and break a connection for each operation. When a user requests to view a web page, that web server finds the requested web page, presents it to the user, and then terminates the connection. If the user requests a link within the newly received web page, a new connection must be set up, the request goes to the web server, and the web server sends the requested item and breaks the connection. The web server never “remembers” the users that ask for different web pages, because it would have to commit a lot of resources to
the effort. |
|
|
HTTP Secure
|
HTTP Secure (HTTPS) is HTTP running over SSL. (HTTP works at the application layer and SSL works at the transport layer.) Secure Sockets Layer (SSL) uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. When a client accesses a web site, that web site may have both secured and public portions. The secured portion would require the user to be authenticated in some fashion. When the client goes from a public page on the web site to a secured page, the web server will start the necessary tasks to invoke SSL and protect this type of communication.
|
|
|
Secure HTTP
|
Though their names are very similar, there is a difference between Secure HTTP (S-HTTP) and HTTP Secure (HTTPS). S-HTTP is a technology that protects each message sent between two computers, while HTTPS protects the communication channel between two computers, messages and all. HTTPS uses SSL/TLS and HTTP to provide a protected circuit between a client and server. So, S-HTTP is used if an individual message
needs to be encrypted, but if all information that passes between two computers must be encrypted, then HTTPS is used, which is SSL over HTTP. |
|
|
What is the difference between S-HTTP and HTTPS
|
HTTPS protects the communication channel between two computers, messages and all.
S-HTTP is used if an individual message needs to be encrypted, but if all information that passes between two computers must be encrypted, then HTTPS is used, which is SSL over HTTP. |
|
|
Define Secure Electronic Transaction ( SET) -
|
Developed to send encrypted credit card numbers Comprised of three main parts: the electronic wallet, the software running on the merchant’s
server at its web site and the payment server that is located at the merchant’s bank. |
|
|
Define Cookies
|
Text files that a browser maintains on a user’s hard drive.
Are used for demographic and advertising information Are used as timestamps to ensure that a session between a user and a server is restricted to a specific length of time. Cookies that contain sensitive information should be encrypted by the server on the site that distributed them. |
|
|
NOTE Some cookies are stored as text files on your hard drive. These files should not contain any sensitive information, such as account numbers and
passwords. In most cases, cookies that contain sensitive information stay resident in memory and are not stored on the hard drive. |
NOTE Some cookies are stored as text files on your hard drive. These files should not contain any sensitive information, such as account numbers and
passwords. In most cases, cookies that contain sensitive information stay resident in memory and are not stored on the hard drive. |
|
|
what is SSH - Secure Shell
|
Functions as a type o tunnelling mechanism that provides terminal like access to remote computers.
Should be used instead of telnet, ftp, rlogin, rexec or rsh. Two computers goes through a handshake and a secure channel is established. |
|
|
IPSec - Internet Protocol Security
|
A method of setting up a secure channel for protected data exchange between two devices. Widely accepted standard for secure network layer transport. Have strong encryption and authentication methods that employ public key cryptography. Is usually used to establish VPN. It is an open, modular framework that provides a lot of flexibility. uses cryptographic mechanism to provide source authentication, confidentiality and message integrity.
|
|
|
What are the 2 basic security protocols used with IPSEC:
|
- AH - Authentication Header: Is the authenticating protocol.
- ESP - Encapsulating Security Payload: Is an authenticating and encrypting protocol that |
|
|
What are the two modes of IPSEC
|
- Transport mode: The payload of the message is encrypted
- Tunnel mode: The payload, the routing and header information of the message is encrypted |
|
|
What is security association (SA)
|
The SA, which is critical to the IPSec architecture, is a record of the configurations the device needs to support an IPSec connection. When two devices complete their handshaking process, which means they have agreed upon a long list of parameters they will use to communicate, these data must be recorded and stored somewhere, which is in the SA. The SA can contain the authentication and encryption keys, the agreed-upon
algorithms, the key lifetime, and the source IP address. When a device receives a packet via the IPSec protocol, it is the SA that tells the device what to do with the packet. |
|
|
What is Security parameter index SPI
|
And index that keeps track of the different SAs and tells the device which one is appropriate to invoke.
|
|
|
What is Internet Security Association and Key Management Protocol ISAKMP
|
What is Internet Security Association and Key Management Protocol ISAKMP
is a key exchange architecture that is independent of the type of keying mechanisms used. Basically, ISAKMP provides the framework of what can be negotiated to set up an IPSec connection (algorithms, protocols, modes, keys). The OAKLEY protocol is the one that carries out the negotiation process. You can think of ISAKMP as providing the playing field (the infrastructure) and OAKLEY as the guy running up and down the playing field (carrying out the steps of the negotiation). |
|
|
The defacto standard for key management with in IPSec is
|
Internet Key Exchange (IKE) which is a combination of ISAKMP and OAKLEY protocol
|
|
|
NOTE Simple Key Management Protocol for IP (SKIP) is another key exchange protocol that provides basically the same functionality as IKE. It is important to know that all of these protocols work at the network layer.
|
Note: Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system. Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to detect and stop them. Passive attacks are usually used to gain information prior to carrying out an active attack. The following sections address some active attacks that relate to cryptography.
|
|
|
Note: Altering messages, modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data.
|
Note: Altering messages, modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data.
|
|
|
Define Cipher-Only Attacks
|
In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the key used in the encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with the same key. A ciphertext-only attack is the most common type of active attack because it is very easy to get cipher text by sniffing someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has so little information about the encryption
process. |
|
|
Define Known-Plaintext Attacks
|
In known-plaintext attacks, the attacker has the plaintext and corresponding ciphertext of one or more messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.
|
|
|
Define Chosen-plaintext attack
|
The attacker has the plaintext and ciphertext and can choose the plaintext that gets encrypted.
|
|
|
Define Chosen-ciphertext attack
|
The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext.
|
|
|
Define Differential Cryptanalysis
|
This type of attack also has the goal of uncovering the key that was used for encryption purposes. This attack looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences.
|
|
|
Linear Cryptanalysis
|
Linear cryptanalysis is another type of attack that carries out functions to identify the highest probability of a specific key employed during the encryption process using a block algorithm. The attacker carries out a known-plaintext attack on several different messages encrypted with the same key. The more messages the attacker can use and put through this type of attack, the higher the confidence level in the probability of a specific key value. The attacker evaluates the input and output values for each S-box. He evaluates the probability of input values ending up in a specific combination.
|
|
|
Replay attack
|
An attacker copies a ticket and breaks the encryption and then tries to impersonate the client and resubmit the ticket at a later time to gain unauthorized access to a resource.
|
|
|
Algebraic Attacks
|
Algebraic attacks analyze the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure.
|
|
|
Analytic Attacks
|
Analytic attacks identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm.
|
|
|
Statistical Attacks
|
Statistical attacks identify statistical weaknesses in algorithm design for exploitation— for example, if statistical patterns are identified, as in the number of 0’s compared to the number of 1’s.
|
|
|
Note DES
|
Block cipher
|
|
|
Note 3DES
|
Block cipher (used in PGP/GPG)
|
|
|
Note AES
|
Rijndael Block cipher (used in PGP/GPG)
|
|
|
Note Blowfish
|
Block cipher
|
|
|
Note Twofish
|
Block cipher (used in PGP/GPG)
|
|
|
Note CAST
|
Block cipher; used in PGP/GPG
|
|
|
Note RC4
|
Stream cipher (used in WEP)
|
|
|
Note RC5 / RC6
|
Variable Block cipher
|
|
|
Note IDEA
|
Block cipher (used in PGP/GPG)
|
|
|
Note SAFER+
|
Block cipher (bluetooth for key derivation)
|
|
|
Note SAFER++
|
Block cipher (bluetooth for key derivation)
|
|
|
Note RSA
|
Key Exchange, Encryption, Digital Signatures
|
|
|
Note Diffie-Hellman
|
Key Exchange (used in PGP/GPG)
|
|
|
Note El Gamal
|
Key Exchange, Encryption, Digital Signatures
|
|
|
Note ECC
|
Key Exchange, Encryption, Digital Signatures
(used in cell phones and wireless devices) |
|
|
Note HMAC
|
Keyed Digest
|
|
|
Note MD5
|
Rivest MD5 Block Hash
|
|
|
Note SHA-1
|
Rivest SHA Hash (used in PGP/GPG)
|
|
|
Note DES
|
Block & Key: 64 bits (56 + 8 parity)
|
|
|
Note 3DES
|
Block & Key: 192 bits (168 + 24 parity)
|
|
|
Note AES
|
Block & Key: 128, 192, 256 bits
|
|
|
Note Blowfish
|
Block: 64 bits; Key: variable 32 to 448 bits
|
|
|
Note Twofish
|
Block: 128 bits; Key: 128, 192, 256 bits
|
|
|
Note CAST
|
Block: 128, 256 bits; Key: variable 40 to 128
|
|
|
Note RC4
|
Variable key size
|
|
|
RSA
|
Large prime numbers; Key: 512-bit to arbitrarily long (1024-2048 considered safe)
|
|
|
Diffie-Hellman
|
Large prime numbers; Key: 512-bit to arbitrarily long (1024-2048 considered safe)
|
|
|
El Gamal
|
Discrete logarithms; Key: 256-bit to arbitrarily long (1024-2048 considered safe)
|
|
|
ECC
|
Based on points on an elliptic curve
|
|
|
HMAC
|
Variable
|
|
|
MD5
|
512-bit block processing / 128 bit digest
|
|
|
SHA-1
|
512-bit processing /160 bit digest
|
