Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
61 Cards in this Set
- Front
- Back
Caesar cypher |
Shift each letter 3 spaces |
|
Scytale, scyrod? |
Wrap paper around rod, then type message. Diameter is the key. |
|
Vignere cipher |
Have a table ABC A:ABC... B:BCD... C:CDE... ... First letter of the key is matched with the first letter of the message which encodes the msg. |
|
Enigma machine and purple machine |
Rot based systems to change the system. |
|
Vietnam cipher |
One time pad. Only mathematically unbreakable form of cryptography. Key must be used only once Pad must be at least as long as the msg Key pad is statistically unpredictable Keypad must be delivered and stored securely Ex: session keys and one time passwords |
|
Non-repudiation |
Combines authenticity and integrity. |
|
Confusion |
Complex substitution |
|
Avalanche |
One Change in plaintext causes multiple changes in cipher text. |
|
Open - Kerckhoffs principle |
Two pieces. Algorithm and key. Principle says that algorithm should be public but key should be secret. |
|
Name one symmetric stream algorithm |
RC-4 |
|
Name one symmetric block algorithm |
AES or 3DES |
|
The default crypto algorithm in most applications |
AES |
|
Email service pretty good privacy uses crypto algorithm |
IDEA. (Think pgp is a good idea) |
|
Drawbacks with symmetric keys |
Out of band key exchange (how to exchange keys) Not scalable N*(N-1)/2 No Authenticity, Integrity or Non-repudiation |
|
Positive sides with symmetric keys |
It is fast |
|
How to get privacy in message |
Use receivers public key |
|
How to get authenticity in msg |
Encrypt with senders private key. Prove that the sender encrypted it |
|
Non repudiation |
Integrity and authenticity |
|
How to get integrity in msg |
Sender saves the hash of the message and sends it with the msg. Receiver calculates the hash of msg and compares it with the hash that the sender sent. |
|
How to get non repudiation in msg |
Sender hashes the message. Then encrypts the hash with senders private key. The receiver calculates the hash of the received msg. The receiver decrypts the received hash with the senders public key. Then compares the hash. The encryption gives authenticity and the hash gives integrity. In total we get nonrepudiation. |
|
SSL/TLS hybrid cryptography |
Client encrypts the the data with the symmetric session key. Then encrypts the session key with the servers public key. The server decrypts the session key with its private key. Decrypts the data with the session key. |
|
Number of keys in a symmetric environment |
N*(N-1)/2 |
|
Number of keys in a asymmetric environment |
2N |
|
Symmetric keys are used for |
Bulk encryption. I.e. encrypting files and communication paths |
|
Asymmetric keys are used for |
Encrypting keys and distributing keys |
|
Symmetric keys gives |
Confidentiality |
|
Symmetric keys gives |
Confidentiality |
|
Asymmetric keys gives |
Confidentiality, authentication and non-repudiation |
|
Symmetric algorithms |
DES, 3DES, AES, RC-4, RC-5, two fish, blowfish, IDEA, CAST, MARS |
|
Asymmetric algorithms |
DSA, RSA, ECC (elliptical curve cryptography), El gamal, Diffie Hellman, Knapsack |
|
Algorithm used in Digital signatures |
RSA, uses factorization |
|
Diffie Hellman |
Secure key agreement without presented secrets, uses modulus and fields. |
|
ECC |
Elliptical curve cryptography. Very fast. Used in handheld devices (limited process capabilities). Based on plotting points on a curve |
|
Collision |
Two documents gives the same hash |
|
Birthday attack |
Based on the idea that two documents gives the same hash instead of producing a specific hash |
|
MD-5 bit lengt |
128 |
|
SHA-1 bit length |
160 |
|
SHA-256 bit lenght |
256 |
|
Digital signature |
When the sender encrypts the hash with its private key. Then the receiver can decrypt the hash the the senders public key. |
|
PKI |
Public key infrastructure. Certificate authority CA Registration Authority Certificate repository Certificate revocation list |
|
MAC |
Message authentication code. A messages that is hashed with a symmetric key. |
|
HMAC |
The algorithm to produce the MAC (msg+symmetric key+algorithm). |
|
Which standard is used in certificates? What do they provide? |
X.509 v.4 Authenticity of servers public key. To avoid MITM attacks. These are digitally signed by a Certificate Authority. |
|
Certificate revocation list CRL |
CA publish a CRL which contains certificates that has been revoked. |
|
Certificate revocation list CRL |
CA publish a CRL which contains certificates that has been revoked. |
|
OCSP |
Online certificate status protocol. Streamlined the process of verifying whether or not a certificate has been revoked. |
|
Registration authority |
Helps the certificate authority |
|
IPSEC |
Encapsulation framework. Wrapping security around the packages. |
|
Tunnel mode |
IPSsec header: (not encap.) IP header: Encapsulated IP payload: Encapsulated IP trailer: Encapsulated IPSec trailer: (not encap.) |
|
Transport mode |
IPSsec header: (not encap.) IP header: (not encap.) IP payload: Encapsulated IP trailer: (not encap.) IPSec trailer: (not encap.) |
|
IPSec sun protocols |
AH - Authentication header ESP - encapsulating security payload IKE - Internet key exchange |
|
IPSec sun protocols |
AH - Authentication header ESP - encapsulating security payload IKE - Internet key exchange |
|
AH |
Authentication header. Gives integrity, authenticity and non repudiation. Hashing headers. Does not work with NAT. |
|
ESP |
Encapsulation security payload. Gives authenticity, integrity and confidentiality. Encrypts the payload. |
|
IKE |
Internet key exchange. Management of secure connection. - Oakley uses Diffie Hellman to agree upon a key - ISAKMP manages keys |
|
SPI |
Each connection (both in and out) in IPSEC has a - destination address - SPI (security parameter index) which together gives the security association. This is a socket. |
|
Chosen plaintext |
Attacker has captured the encrypted text |
|
Known plain text attack |
Attacker has captured the encrypted text and some portion of plaintext. |
|
Chosen plaintext attack |
Attacker has captured the encrypted text and the plaintext. |
|
Chosen ciphertext attack |
Attacker can see whatever they want. They have compromised a workstation. (Often called a lunchtime or midnight attack) |
|
Meet in the middle attack |
Attacker tries to learn what the keys are used for. How does each key encrypts the msg in each step. Usually target against 3DES. |