Information Security Management Chapter 2

the original message or data that is fed into the algorithm as input.
encryption algorithm
performs various substitutions and transformations on the plaintext.
secret key
input to the encryption algorithm, the exact substitutions and transformations performed by the algorithm depend on the key.
scrambled message produced as output. Depends on the plaintext and the secret key.
decryption algorithm
encryption algorithm run in reverse.Takes the ciphertext and the secret key and produces the original plaintext.
rely on the nature of the algorithm plus some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. This attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
brute-force attack
tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
modes of operation
alternative techniques to increase the security of symmetric block encryption for large sequences.
block cipher
processes the input one block of elements at a time, producing an output block for each input block. Advantage- can reuse keys.
stream cipher
processes the input elements continuously, producing output one element at a time, as it goes along. Advantage-faster and use far less code.
output of the generator.
contents of message have not been altered. The source is authentic. Verifying message's timeliness and sequence.
uniform distribution
the distribution of numbers in the sequence should be uniform, that is, the frequency of occurrence of each of the numbers should be approximately the same.
no one value in the sequence can be inferred from the others.
symmetric encryption
universal technique for providing confidentiality for transmitted or stored data. Also known as conventional encryption or single-key encryption. Has five ingredients: plaintext, encryption algorithm, secret key, ciphertext, and decryption algorithm.
Data Encryption Standard
Most widely used encryption scheme. Adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards and Technology (NIST).
Triple DES
involves repeating the basic DES algorithm three times, using either two or three unique keys, for a key size of 112 or 168 bits. Overcomes the vulnerability to brute-force attack of DES. The underlying encryption algorithm in 3DES is the same as in DES. High level of confidence that this is very resistant to cryptanalysis.
Advanced Encryption Standard
should have security strength equal to or better than 3DES and significantly improved efficiency. Must be a symmetric cipher with a block length of 128 bits and support for key lengths of 128, 192, and 256. Rijndael was chosen.
modes of operation
alternative techniques developed to increase the security of symmetric block encryption for large sequences of data.
Electronic Codebook
Simplest approach to multiple-block encryption. However, if it is known that the message always starts out with certain predefined fields, then the cryptanalyst my have a number of known plaintext-ciphertext pairs to work with.
Protects against active attack.
Message authentication
Protects against active active (falsification of data and transactions)
a message, file, document, or other collection of data is this if it is genuine and came from its alleged source. Verify that content of message have not been altered and source is legit.
involving the use of two separate keys.
one of the first public-key schemes developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT and first published in 1978. Most widely accepted and implemented approach to public-key encryption. A block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.
Diffie-Hellman Key Agreement
first published public-key algorithm. Its purpose is to enable two users to securely reach agreement about a shared secret that can be used as a secret key to subsequent symmetric encryption of messages.
Digital Signature Standard
makes use of SHA-1 and presents a new digital signature technique, the Digital Signature Algorithm (DSA).
Elliptic Curve Cryptography
appears to offer equal security for a far smaller bit size, thereby reducing processing overhead in comparison to RSA. Although confidence level for it as not as high as that in RSA.
consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third-party. Also includes some information about the third party plus an indication of the period of validity.
certificate authority
a third party trusted by the user community, such as a government agency or a financial institution.
Pretty Good Privacy (PGP)
enables a user to generate a key from a password and then use that key to encrypt selected files on the hard disk. The package does not store the password. To recover a file, the user enters the password, ______generates the password, and ______ decrypts the file.
back-end appliance
hardware device that sits between servers and storage systems and encrypts all data going from the server to the storage system and decrypts data going in the opposite direction.
library-based tape encryption
co-processor encrypts data using a nonreadable key configured into the board. The tapes can then be sent off-site to a facility that has the same tape drive hardware. The key can be exported via secure e-mail or a small flash drive that is transported securely.
asymmetric encryption
cryptography that involves the use of two separate keys. Each user generates a pair of keys to be used for the encryption and decryption of messages. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. If A wishes to send a message to B, A encrypts the message using B's public key. When B receives it, decrypts with private key.
collision resistant
Hash function requirement in which two different messages should never create the same has code. Also known as strong collision resistance.
digital signature
used for authenticating both source and data integrity. Created by encrypting hash code with private key. Does not provide confidentiality.
hash function
This provides message authentication. It accepts a variable size message as input and produces a fixed-size message digest as output. Typically the message is padded out to an integer multiple of some fixed length and the padding includes the value of the length of the original message in bits. To authenticate the message, the message digest is sent with the message in such a way that the message digest is authentic.
Message authentication code (MAC)
Message authentication technique that involves the use of a secret key to generate a small block of data. It is appended to the message. The technique assumes that the two communicating parties share a common secret key.
preimage resistant
Hash function requirement that states that given the message, it is impossible to figure out the hash code.
private key
One of the two keys used for public-key encryption. It is known only to its owner. It is generated locally and thus does not need to be distributed.
pseudorandom number
sequences of numbers that satisfy statistical randomness tests and are likely to be predictable.
public key
One of the two keys used for public-key encryption. All participants have access to this.
public key certificate
consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party. It also includes some information about the third party plus an indication of the period of validity of the ______________.
second preimage resistant
Hash function requirement for which the attacker cannot take a message and create another hash code that is the same as the first hash code. Also called weak collision resistant.
Secure Hash Algorithm (SHA)
Most widely used hash function. Developed by NIST.