CISSP (ElementK) Cryptography Flashcards

Terms Definitions
Cryptography
analysis/practice of information concealment via encryption using algorithms
Encryption
security technique that converts data from clear/plaintext form into coded/ciphertext form
1 or 2 way encryption (hide original msg only; no encryption vs encoded msg transformed to original format)
Ciphers
SW or other tech that applies algorithm (rule/system used to encrypt data)
Avalanche Effect
small change in plaintext produces large change in ciphertext
Cyrptographic Keys
specific piece of info used w/algorithm to perform encrypt/decryption
Cryptography & CIA Triad
Confidentiality encrypt info to hide contents except to intended recipient

Integrity insured from modification; can ID any changes

Availability encrypting credentials (userID pw); hide pw; pw not shown in cleartext
Cryptography Process (5 steps)
Start w/plaintext
Select encryption key
Encrypt plaintext into ciphertext
Transport/store ciphertext until needed
Decrypt using key
Cryptosystems (Enigma)
HW/SW used to implement cryptographic process

cyrptanalysis study of cryptosystems; intent of breaking; determine workfactor (time to break code)

Enigma Device used by Germans in WWII to perform encryption/decryption
Cipher Evolution (3 Eras)
Early Spartan technique: encryption - wrap paper/leather around staff and write message; key - unwrap paper/leather; decryption - wrap paper/leather around staff of identical diameter

Mechanical HW-based like Enigma uses cypherdisk (fast en/decryption)

Software SW-based using computers; early on user must know process; now little knowledge of process required
Ideal Cipher (2 terms)
Usability simple keys/algorithms; easy to implement; plaintext not > ciphertext

Secrecy assume enemy knows key
using Diffusion (mixup plaintext during encryption) and Confusion (mixing up key values during encryption)
Substitution
don't have to encrypt EVERYTHING
during processing w/algorithm (encryption)
XML employs technique
Transposition
rearranging parts of msg/output (msg or key)
move letters around
Key Mgt Factors (9)
CM,R,S,RD,C,T,F,E
control measures who has keys/how assigned

Recovery recover lost keys

Storage secure repository of key assignment records

retirement/destruction how removed from use/destroyed

change changing keys to system on periodic basis

generation generate random key for better protection

theft what to do when key stolen

freq. of key use limits time that keys used and how often used

escrow spliting key into multiple parts, storing w/"escrowed" org.
Alt. Ciphers (4)
Steganography hides info by enclosing it into img, sound, movie

Watermark embed mark/image to ID source for copyright/ownership

Code book book/booklet that has phrases represented by codes

One-time path toll w/very long, non-repeating key is same length of plaintext. 1 time use, then destroyed.
Symmetric Encryption
key on both sides
also known as shared-key

same key used for both en/decryption
fast, but vulnerable
Cipher Types (2) and XOR
Stream symmetric encryption one bit @ a time; fewer errors; fast

Block encrypts one block @ time (64 or 128 bit); more secure; slower
XOR binary math operation tests whether 2 inputs are same or different from each other:
 
0,0 = 0
1,0 = 1
0 1 = 1
1 1 = 0
Stream Cipher
symmetric encryption one bit @ a time
fewer errors
fast
Block Cipher
encrypts one block @ time (64 or 128 bit)
more secure
slower
XOR Cipher
binary math operation tests whether 2 inputs are same or different from each other:
 
0,0 = 0
1,0 = 1
0 1 = 1
1 1 = 0
Initialization Vectors (IV)
string used w/symmetric cipher and key to produce unique result
same phrase encrypted different cipher/key @ different versions
Symmetric Encryption Algorithms (8)
DES
2DES
3DES
IDEA
AES
RC2/4/5/6
BLOWFISH
CAST-128
Symmetric Encryption Algorithm Issues (2)
Transportation must be done w/secure procedures

# of Keys [n*(n-1)]/2
DES Standard Process (4 steps)
Expansion 64 bit split into (2) 32 bit blocks.  Each block expanded to 48 bits

Key Mixing 48 bit block XORd w/subkey.  16 48 bit subkeys created from main key (1 key per round)

Substitution Substitutions performed (S-boxes: 32 4-bit blocks)

Permutation 32 4 bit blocks rearranged based on P-box (predefined scrambling process)
Block Cipher Modes (4)
ECB Electronic Code Book 64 bit blocks encrypted sep.

CBC Cipher Block Chaining 64 bit blocks XORed w/64 bit IV; encrypted w/1 key. outputted ciphertext used to replaces IV for next round, creating a chain

CFB Cipher FeedBack like CBC, but each round uses different key. iie AES
OFB Output FeedBack
Assymetric Encryption
2 way, 2 keys (private/public keys; 1 for encrypt, 1 for decrypt)
attempts to solve problems of key distro/mgt

key generation process of generating priv/pub keys
slower
more secure
Assym. Encryption Applications
Confidentiality increased confidentiality; only recipient can decrypt

Integrity  if msg altered in transmission, decryption not possible

Non-repudiation (can not be disputed) ID of sender is confirmed because only sender has private key
Assymetric Encryption Alogrithms
RSA Rivest Shamir Adleman

Elgamal developed by Taher Elgamal

ECC Elliptic Curve Crypto: discrete logs, shorter keys
Digital Certs
associates credentials w/public key
users and devices
CA issues certs and keys
Public Key Infrastructure
cyrpto system composed of certs, CA, RA, CRD (cert repository database), CMS (cert mgt system) to enable authenticity/validate of data
Public Key Infrastructure Components (5)
Digital certs
CA Cert Auth
RA Registration Auth
Cert Repository DB (SW)
Cert. Mgt System (SW)
 
PKI Process (5)
Obtain Key Pair
Issue Cert
CA verifies PK
CA creates ID
Revoke expired certs
Cert Info (14)
Ver
Serial #
Algorithm ID
Issuer
Validity
Not Before
Not After
Subject
Subject PK info
Issuer Unique ID (opt.)
Subject Unique ID (opt.)
Extensions (opt.)
Cert Signature Alog.
Cert Signature (determines validity)
 
Cert Revocation List (CRL)
list of certs (serial #) that have been revoked, no longer valid
Hashing
1 way encryption
produces hash, hash value, message digest

keyed or non-keyed
keyed w/secret key sent w/msg; non-keyed no mech used
hash len. fixed
suceptible to brute force
PW Protection is example
Digesting and Hashing Alog. (3)
MD2/4/5 128 bit; created in 89,90,91; 8-bit, 32-bit, 32-bit; MD5 stronger, but slower than MD4

HAVAL modified MD5 w/variable lengths (128, 160, 192, 224, 256)

SHA 1/256/384/512 stronger than MD5; used w/DSA (Digital Sig. Alg); 160, 256, 384, 512-bit len.
Auth. Code Alg. (4)
MAC Msg Auth Code; shared secret key; last block of encrypted file used as comparison: encrypted, then last block & unencrypted file sent.  recipient encrypts again and compares last block to lask block sent

HMAC Hash MAC

UMAC Universal HMAC

CMAC, OMAC, CBC-MAC, PMAC Cipher, One-key, Cipher-Block, Parallelized MAC are all BLOCK cipher ACA
Digital Signature
hash encrypted w/user's private key
msg sent digitally signed, recipient decrypts w/public key
message hashed
hash encrypted w/sender priv key
Msg re-hashed
Sender hash decrypted w/sender pub key
2 hashes compared
Email Security
PGP Pretty Good Privacy; email, digital signature; PK to encrypt; encrypt msg, then key. key decrypted, then msg w/key.

PEM Privacy-Enhanced Mail; std for secure exchange; various crypto tech. Msg Integ; Sender Auth; confidentiality- only intended recipient

MIME & S/MIME Multipurpose Internet Mail Extension; define/ID type of attachments in email; S/MIME digital signs & encrypts contents w/PK; content integrity.
Encryption Internet Security Methods
Link Encryption Layer 2 of OSI (Data) encryption; routers; devices @ both ends of transmission that en/decrypt

IPSec Transport (info encrypted) and Tunnel Mode (IP info and info encrypted); secures data over transmission; Layer 3 OSI (transport)

Upper-layer Encryption HTTPS TLS SSH SSL; upper layers of OSI
IPSec Process
Security Association (SA):
Negotiate time limit for SA
Mode
ESP encryption alg, key, IV
ESP auth alg, key
AH auth alg, key
seq # counter
Internet Key Exchange (IKE): not PKI
Wireless Security Protocol
WEP 1st encryption; single key; RC4; 40bit key;24bit IV; easy to break cause IV was always 24bit

WPA RC4; 128bit key w/48bit IV; TKIP alg

WPA2 AES
Encryption Attacks (5)
Bday Attack probability

Dictionary using predetermined list

Replay While in transmission, pw captured and replayed

Side Channel tries to exploits encryption technique

Factoring Prime #
Cryptoanalysis Attacks
Ciphertext-only attacker has ciphertext; intent to find encryption key; once has key, can decrypt other message

Known plaintext common msg format, using copies of cipher/plaintext & limited info to find correct key

Chosen plaintext key manupulated, decodes and finds key w/only part of plaintext

Chosen ciphertext key manupulated, decodes and finds key w/only part of ciphertext
/ 43
Term:
Definition:
Definition:

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})

{[comment.username]}

{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online