Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
94 Cards in this Set
- Front
- Back
|
What is a cipher?
|
A method used to encode characters to hide their value. Ciphering is the process of using a cipher to encode a message.
|
|
|
What is a substitution cipher?
|
a type of coding or ciphering system that changes one character or symbol into another.
|
|
|
What is a transposition cipher or transposition code?
|
A cipher that involves transposing or scrambling the letters in a certain manner.
|
|
|
What is steganography?
|
Steganography is the process of hiding one message in another. Also called electronic watermarking.
|
|
|
What is hashing?
|
Hashing refers to performing a calculation on a message and converting it into a numeric hash value.
|
|
|
What is a TPM?
|
A Trusted Platform Module is a name assigned to a chip that can store cryptographic keys, passwords, and certificates.
|
|
|
What scientific principle does quantum cryptography rely on?
|
The Heisenberg Uncertainty Principle, which states that in the process of measuring the results, the results are changed.
|
|
|
What is Frequency Analysis?
|
Frequency Analysis involves looking at blocks of an encrypted message to determine if any common patterns exist.
|
|
|
What are the three primary methods of encoding messages?
|
hashing, symmetric algorithms, and using asymmetric algorithms.
|
|
|
What is a one-way hash and a two-way hash?
|
A one-way hash doesn't allow a message to be decoded back to the original value. A two-way hash allows a message to be reconstructed from the hash. Most hashing functions are one-way.
|
|
|
What is SHA?
|
Secure Hash Algorithm.
One-way Hash Designed to ensure message integrity Produces 160-bit hash value New standard is SHA-1 |
|
|
What is MD?
|
The Message Digest Algorithm
One-way hash most common are MD5, MD4, & MD2 MD5 = 128-bit hash |
|
|
Which is faster to process MD5 or SHA-1?
|
MD5 is faster
|
|
|
What is LANMAN?
|
LANMAN was used for protocol authentication in windows prior to NT. It uses LM Hash and two DES keys.
|
|
|
What is NTLM?
|
NTLM replaced the LANMAN protocol and uses MD4/MD5. Still in widespread use despite the fact that microsoft has pointed to kerberos as the preferred protocol.
|
|
|
What is a symmetric algorithm?
|
an algorithm that requires both ends of the encrypted message to have the same key and processing algorithms. They generate a key that must be protected.
|
|
|
How are keys typically sent with a symmetric algorithm?
|
Using an out-of-band method: by letter, courier, or by some other method.
|
|
|
What is the disadvantage of a symmetric algorithm?
|
Everyone must have their own key.
|
|
|
Define block cipher
|
the algorithm works on chunks of data
|
|
|
Define stream cipher
|
the data is encrypted a bit, or byte, at a time.
|
|
|
What is DES?
|
Data Encryption Standard
56-bit key Replaced by AES |
|
|
What is AES?
|
Advanced Encryption Standard
Replaced DES key sizes 128, 192, and 256 with 128 being the default AES-256 qualifies US government Top Secret |
|
|
What is CAST?
|
algorithm used in some MS and IBM products. Named after its creators. Uses 40-bit to 128-bit key and is very fast and efficient.
|
|
|
What is Rivest's Cipher?
|
RC is an encryption family produced by RSA laboratories. Current levels are RC5 and RC6. RC5 uses a key size of 2,048 bits.
|
|
|
What is Blowfish?
|
encryption system by Bruce Shneier. Performs a 64-bit block cipher at very fast speeds. Is a symmetric block cipher that can be use variable length keys.
Twofish is the same thing but with 128-bit blocks. |
|
|
What is IDEA?
|
International Data Encryption Algorithm. Uses a 128-bit key and is similar to DES in speed and capability but is more secure.
Used in PGP. |
|
|
What are Asymmetric Algorithms?
|
Public key and private key system of algorithms. The public key is used to encrypt the message and the private key is used to decrypt.
|
|
|
What is PKC?
|
Public Key Cryptography. Two-key system.
|
|
|
What is RSA?
|
public-key encryption system that uses large integer numbers as a basis of the process.
The defacto standard. works for both encryption and digital signatures Used in SSL |
|
|
What is the Diffie-Hellman key exchange?
|
Process of splitting keys into two parts. Not used to encrypt or decrypt just to transmit keys in a secure manner.
|
|
|
What is ECC?
|
Elliptic Curve Cryptography provides similar functionality to RSA but is smaller and requires less computing power. It is used in cellphones and wireless devices. It is based on the idea of using points on a curve to define public/private key pair.
|
|
|
What is El Gamal
|
An algorithm used for transmitting digital signatures and key exchanges. Similar process to Diffie-Hellman key exchange. the Digital Signature Algorithm (DSA) is based on El Gamal.
|
|
|
What is an algorithm's work factor?
|
The estimated amount of time and effort that would be needed to break it.
|
|
|
What is MAC in cryptography?
|
Message Authentication Code - a method of verifying integrity. The MAC value is a key, usually derived using a hashing algorithm.
|
|
|
What is a digital signature?
|
A digital signature validates the integrity of the message and the sender. The sender uses the receiver's public key to create a hash value that is stored in the message digest.
|
|
|
What is nonrepudiation?
|
Nonrepudiation prevents one party from denying actions they carried out. It can be achieved by a two key system.
|
|
|
Define Access Control.
|
Access control refers to the methods, processes, and mechanisms of preventing unauthorized access to the systems.
|
|
|
What are the four parts of a PKI?
|
Certificate Authority (CA)
Registration Authority(RA) RSA Digital Certificates |
|
|
What is a registration authority (RA)?
|
An RA offloads some of the work from a CA. It operates as a middleman. It can distribute keys, accept registrations for the CA, and validate identities. It doesn't issue certificates.
|
|
|
What is a LRA?
|
Local Registration Authority - Takes an RA a step further. It can be used to identify or establish the identity of an individual for certificate issuance.
|
|
|
Standard certificate format supported by the International Telecommunications Union (ITU) and many other standards organizations.
|
X.509 (version 3 is most current)
|
|
|
What defines what a certificate does?
|
Certificate Policies.
|
|
|
the process of requiring interoperability in certificates is called...
|
cross certification
|
|
|
a detailed statement the CA uses to issue certificates and implement its policies of the CA
|
Certificate Practice Statement
|
|
|
What problem occurs with a Certificate Revocation List (CRL) that using the Online Certificate Status Protocol (OSCP) resolves?
|
OCSP solves the latency problem: If the recipient or relying party uses OCSP for verification, the answer is available immediately.
|
|
|
What are the four trust models used with PKI?
|
Hierarchical, Bridge, Mesh, & Hybrid
|
|
|
Responsible for creating codes, breaking codes, and coding systems for the U.S. Government.
|
National Security Agency (NSA)
|
|
|
Independently functioning part of NSA, created to help standardize and support DoD and military.
|
NSA/Central Security Service (NSA/CSS)
|
|
|
Has been involved in developing and supporting standards for the US government for over 100 years. Has become very involved in cryptography standards, systems, and technology. Formerly known as the National Bureau of Standards (NBS)
|
National Institute of Standards and Technology (NIST)
|
|
|
the mechanism used to propose a standard
|
Request for Comments (RFC)
|
|
|
International community of computer professionals, mainly concerned with improving the internet and computer security issues.
|
Internet Engineering Task Force (IETF)
|
|
|
A professional group who oversees a number of committees and groups including IETF.
|
the Internet Society (ISOC)
|
|
|
Association concerned with interoperability, growth, and standardization of the World Wide Web.
|
World Wide Web Consortium (W3C)
|
|
|
Responsible for virtually all aspects of telecommunications and radio communications standards worldwide.
|
International Telecommunications Union (ITU)
|
|
|
Three main groups the ITU is broken into?
|
ITU-R -- Radio communication and spectrum management.
ITU-T -- telecommunications standards ITU-D -- expanding telecommunications throughout developed countries. |
|
|
International organization actively involved in the development of PKC, wireless, and networking protocol standards.
|
Institute of Electrical an Electronics Engineers (IEEE)
|
|
|
Standards and protocols that emerge from individual or corporate efforts and are released to the general public for use.
|
Public domain cryptography
PGP and RSA are two common types |
|
|
What kind of encryption does Pretty Good Privacy (PGP) use?
|
symmetrical and asymmetrical
|
|
|
Provides cryptographic systems to both private businesses and government. Has been very involved in developing Public-Key Cryptography Standards (PKCS) and maintains a list of these standards.
|
RSA
|
|
|
The working group formed by the IETF to develop standards and models for the PKI environment.
|
Public-Key Infrastructure X.509 (PKIX)
|
|
|
A set of voluntary standards created by RSA and security leaders. Currently there are 15 of these standards.
|
Public-Key Cryptography Standards (PKCS)
|
|
|
Standard that defines the certificate formats and fields for public keys. Also defines the procedures that should be used to distribute public keys.
|
X.509 (version 3 is most common)
|
|
|
Two basic types of X.509 v3 certificates.
|
The most common is end-entity certificate, which is issued by a certificate authority to an end entity. An end entity is a system that doesn't issue certificates but merely uses them.
The CA certificate is issued by one CA to another CA. |
|
|
What is X.509 v2 used for?
|
Issuing Certificate Revocation List (CRL) certificates.
|
|
|
Used to establish a secure communication connection between two TCP-based machines. Uses the handshake method of establishing a session.
|
Secure Sockets Layer (SSL)
|
|
|
What are the steps in an SSL handshake?
|
1) A connection request is made to the server.
2) The server sends a message to client indicating that a secure connection is needed. 3) The client sends the server a certificate indicating the capabilities of the client. 4) The server then evaluates the certificate and responds with a session key and an encrypted key. 5) The session is secure at the end of this process. |
|
|
Security protocol that expands upon SSL. Referred to as SSL 3.1 but despite its name it doesn't interoperate with SSL. Supported by the IETF
|
Transport Layer Security (TLS)
|
|
|
A messaging protocol used between PKI entities, not yet widely used.
|
Certificate Management Protocol (CMP)
|
|
|
Designed to allow XML-based programs access to PKI services.
|
XML Key Management Specification (XKMS)
|
|
|
A standard used for encrypting email. Contains signature data. Most widely supported standard used to secure e-mail communications.
|
Secure Multipurpose Internet Mail Extensions (S/MIME)
|
|
|
Provides encryption for credit card numbers that can be transmitted over the Internet. Most suited for transmitting small amounts of data. Works in conjunction with an electronic wallet.
|
Secure Electronic Transaction (SET)
|
|
|
A tunneling protocol with a handshake process similar to SSL. Connections are established in two phases: The first phase is a secure channel to negotiate the channel connection, and the second phase is a secure channel used to establish the connection.
|
Secure Shell (SSH)
|
|
|
The secure version of HTTP. Uses SSL to secure the channel. Uses port 443.
|
Hypertext Transport Protocol Secure (HTTPS)
|
|
|
HTTP with message security, uses port 443.
|
Secure Hypertext Transport Protocol (S-HTTP)
|
|
|
A security protocol that provides authentication and encryption across the Internet. Becoming the standard for encrypting VPN channels. Works on layer 3 of the OSI model.
|
IP Security (IPSec)
|
|
|
The two primary protocols used by IPSec at the bottom layer. What ports?
|
Authentication Header (AH) - port 51
Encapsulating Security Payloud (ESP) - port 50 |
|
|
A favorite low end protocol for VPNs. The negotiation between the two ends of a connection are done in the clear. Once the negotiation is performed the channel is encrypted. Uses port 1723
|
Point-to-Point Tunneling Protocol (PPTP)
|
|
|
A method crated by Cisco for creating tunnels primarily for dialup connections. Uses port 1701. Doesn't provide encryption.
|
Layer 2 Forwarding (L2F)
|
|
|
A hybrid of PPTP and L2F. Doesn't provide encryption by itself but can be provided by IPSec. Uses port 1701 and UDP for connection
|
Layer 2 Tunneling Protocol (L2TP)
|
|
|
A set of guidelines for the United States federal government information systems. Issued by NIST.
|
Federal Information Processing Standard (FIPS)
|
|
|
An internationally agreed-upon set of standards to evaluate IT security.
|
Common Criteria (CC)
|
|
|
Provides encrypted and authenticated connection between a wireless client and server. Similar in function to TLS, but it uses lower bandwidth and less processing power.
|
Wireless Transport Layer Security (WTLS)
|
|
|
Places a 128-bit wrapper around the Wired Equivalent Privacy (WEP) encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet.
|
Temporal Key Integrity Protocol (TKIP)
|
|
|
Designed to address the problems with WEP. These technologies implement the 802.11i standard.
|
WiFi Protected Access (WPA) & (WPA2)
|
|
|
Provides a framework for authentication that is often used with wireless networks. Adopted by the WPA standard.
|
Extensible Authentication Protocol (EAP). EAP-TLS and EAP-MD5
|
|
|
refers to the process of working with keys from the time they are created until the time they are retired or destroyed.
|
Key management
|
|
|
Allows the key-generation process to take advantage of large-scale system resources. Has the advantage of allowing additional management functions to be centralized. Has a major disadvantage of single point of failure or attack.
|
Centralized Key Generation
|
|
|
Allows key-generation process to be pushed out into the organization or environment. Spreads the risks but creates a storage and management issue.
|
Decentralized Key Generation
|
|
|
Distributing keys is usually accomplished using a ____, as in Kerberos, or by using a _____, as in the case of PKI.
|
Key Distribution Center (KDC) & Key Exchange Algorithm (KEA)
|
|
|
Negotiates a secret key between two parties; the secret key is a short0term, single-use key intended strictly for key distribution.
|
Key Exchange Algorithm (KEA)
|
|
|
A system that stores keys for the purpose of law enforcement access.
|
Key Escrow
|
|
|
Identifies when a key is no longer valid.
|
key expiration
|
|
|
What is the difference between key ravocation and key suspension?
|
Suspended keys can be used again. Revoked keys cannot, a new key must be issued.
|
|
|
What is the M of N Control method of access used in key recovery?
|
If n people have access to the archive server at least m must be present to accomplish access.
|
