| Terms |
Definitions |
|
Secure and Signed Message
|
w/asymmetric crypto, sender encodesmessage with own private key, sender re-encodes message with receiver’spublic key and receiver decodes with own private key and decodes again withsender’s public key — authentication, non-repudiation, and confidentiality
|
|
Digital Signature
|
used to detect unauthorized modifications and authenticatesender — provides non-repudiation — private key signs and public key verifies —used to authenticate software, data images, users, machinesSteps:1. Compute message digest2. Digest is fed into digital signature algorithm with sender’s private key togenerate digital signature3. Message and attached digital signature sent to recipient
|
|
Codes
|
list of codes or phrases and their corresponding code group
|
|
One time pad
|
key is a random set of non-repeating characters and each key bit is used only once — each key bit is XORed with message bit to produce ciphertext
|
|
Privacy Enhanced E-mail (PEM)
|
Proposed by IETF to comply with Public KeyCryptography Standards (PKCS) developed by Microsoft, Novell and Sun — UsesMD2/MD5 for message digest, DES-CBC or triple DES-EDE for text encryption andRSA for digital signature and key distribution — certificates based on X.5091. Privacy, message integrity, authentication and non-repudiation
|
|
Merkle-Hellman Knapsack
|
asymmetric — based on subset of sum problemin combinatorics — has been brokenQ. Time stamps can be used to prevent replay attacksR. Elliptic curve – best bandwidth, computation, and storage — WirelessS. Key escrow: Clipper chip with Skipjack algorithm (80 bit key, 64 bit block) — Keysplit in two and held by to escrows
|
|
Types of Machines
|
Hagelin machine (combines plaintext with key stream to produce ciphertext), rotor machine uses rotors to produce cipher alphabet (Japan’s Purple and Germany’s Enigma)
|
|
End-to-end encryption
|
encryption of data from source system to end system
|
|
Asymmetric Key Cryptography
|
public keyMessage encrypted with one of keys can be decrypted with other — two keypairs – private key (kept secret) and public key (made available)2. Based on difficult to solve problems – factoring the product of two large primesor discrete logarithm problemStrengths: efficient key distribution, scalable, provides confidentiality, accesscontrol, authentication, integrity, and non-repudiation services6. Weaknesses: very intense computations, slower than symmetric
|
|
DES - CFB
|
Cipher Feedback (CFB) — first 64-bit plaintext block is XORed with the key-ciphered initialization vector to produce the ciphertext – this ciphertext is encrypted with key and XORed with second 64-bit plaintext block to product second ciphertext block
|
|
International Data Encryption Algorithm (IDEA)
|
block cipher — symmetric— 128-bit key — 8 rounds of transpositions and substitutions — threemathematical functions: XOR, Addition mod 65536, and Multiplication mod65537
|
|
DES - OFB
|
Output Feedback (OFB) — similar to CFB except the XORed bits are not a function of either the plaintext of the ciphertext – initialization vector is used to seed the process – IV is DES encrypted and XORed with first data block to produce first ciphertext – the DES encrypted IV is DES encrypted again for the second block
|
|
Symmetric Key
|
private key/secret key1. Single key shared by sender and receiverStrengths: 1,000 or more times faster than asymmetric4. Weaknesses: key management is a weakness – requires secure keydistribution
|
|
Double DES
|
block cipher — symmetric key — 112 bit key — no more securethan DES
|
|
Advanced Encryption Standard (AES)
|
Rijndael Block Cipher — symmetric— variable block and key length (128, 192, 256)
|
|
RSA: (Rivest, Shamir, and Adleman)
|
asymmetric — factoring large primeintegers — services: encryption, key distribution of symmetric keys, and digitalsignatures — 512-bit and 768-bit keys are weak, but 1024-bit key ismoderately secure
|
|
Elliptical Curve Cryptosystem (ECC)
|
asymmetric — based onmathematical problem of factors that are coordinate pairs that fall on anelliptical curve — services: encryption, key distribution of symmetric keys, anddigital signatures — highest strength per bit of public key systems
|
|
Polyalphabetic cipher
|
use multiple substitution ciphers with differentalphabets to defeat frequency analysis
|
|
Diffie-Hellman
|
first public key algorithm — patent expired in 1997 — keyexchange algorithm
|
|
Substitution cipher
|
shift alphabet or scramble alphabet and substitutingcharacters
|
|
Pretty Good Privacy (PGP)
|
1. Privacy, integrity, identification authentication, and policy enforcement2. Symmetric encryption — 3DES, DES, IDEA3. RSA, DSS, and Diffie-Hellman for the symmetric key exchange4. SHA-1 and MD5 for hashing5. Web of trust instead of CABB. Attacks on Symmetric Block Ciphers1. Differential Cryptanalysis — private key cryptography — looks at ciphertextpairs with specific differences and analyzes the effects of these differences2. Linear Cryptanalysis — uses known plaintext and corresponding ciphertext togenerate a linear approximation of a portion of the key3. Differential Linear Cryptanalysis — combination of both4. Algebraic Attacks — relies on block ciphers displaying high degree ofmathematical structure
|
|
Rivest Cipher 5 (RC5)
|
variable block size — symmetric — variable key size— data dependent rotations — variable number of rounds — primarilysoftware implementation
|
|
key exchange, negotiation, ordistribution
|
Process of establishing a session key
|
|
El Gamal
|
asymmetric — based on difficulty in calculating discrete logarithmsin a finite field — services: encryption and digital signatures
|
|
Hybrid Systems
|
Symmetric key for bulk data encryption2. Asymmetric key for key distribution
|
|
Hash Function
|
1. Condenses arbitrary length messages to fixed length – usually for subsequentsigning by a digital signature algorithm2. Output is message digest, Two files cannot have same hash, Can’t create filefrom hash3. MD5 – 128 bit digest of input message, uses blocks of 512, 4 rounds oftransformation4. SHA-1 (by NIST) — SHA-256, SHA-384, SHA-512 supports AES — HAVAL5. HMAC — hashed MAC more secure and more rapid message digest
|
|
Running key cipher
|
uses text from a source, such as a book, to encryptthe plaintext – key is known to sender and receiver – page, line, and characternumber
|
|
Secure Message
|
w/asymmetric crypto, sender encodes message withreceiver’s public key and receiver decodes with private key — confidentiality
|
|
Steganography
|
data hidden in picture files (least significant bits of bitmapimage), sound files, slack space on disks
|
|
Concealment cipher
|
message is hidden in another message – every somany words for example
|
|
Cryptanalysis
|
science of breaking codes
|
|
Link encryption
|
individual application of encryption to data on each link of anetwork
|
|
Triple DES
|
block cipher — symmetric key — 168 bit key — different modes:a. 3 DES encryptions with 3 different keysb. Encrypt – decrypt – encrypt with three different keys
|
|
DES
|
block cipher — symmetric key — 56 bit key, plus 8 parity bits — 16rounds of transpositions and substitutions
|
|
Block code cipher
|
each block encryptedseparatelyDES is block cipher
|
|
Message Authentication Code (MAC)
|
used when sender only wants one personto be able to view the hash value – the value is encrypted with a symmetric key —similar to a CRC — weak form of authenticationX. Clustering: plaintext message generates identical ciphertext using the sametransformation algorithm, but with different keys (cryptovariables)
|
|
Public Key Cryptography
|
Uses one-way hash function for message integrity, time date stampb. Uses mathematical function that is easier to compute in one directionthan in the opposite directionc. Trap Door One-Way Function
|
|
work factor
|
estimate of time needed to break a protective measure
|
|
Cryptography
|
science of codes
|
|
Digital Signature Algorithm (DSA)
|
Digital Signature Standard (DSS) — usessecure hash algorithm (SHA-1) and condenses message to 160 bits — Key size 512to 1024
|
|
DES - CBC
|
Cipher Block Chaining (CBC) — first 64-bit plaintext block XORed with an initializing vector and processed with key to produce ciphertext which is then XORed with second 64-bit plaintext block to produce second ciphertext block
|
|
DES - ECB
|
Electronic Code Book (ECB) — 64-bit data blocks processed at one time — same message and key produce same ciphertext
|
|
Stream cipher
|
message broken into characters or bits and enciphered with a keystreamXOR generally used
|
|
Certificate Authority (CA)
|
binds public key to person — Certificate revocation list— X.509 provides format for digital certificates
|
|
Transposition cipher
|
position of letters is permuted
|
|
Open Message
|
w/asymmetric crypto, sender encodes message withsender’s private key and receiver decodes with sender’s public key —authentication and non-repudiation
|
