Home
Subjects
Create
Search
Log in
Sign up
Upgrade to remove ads
Only $2.99/month
Home
Science
Computer Science
Computer Security and Reliability
CH3 Network security
Pearson_IT
Get Quizlet's official A+ Core 2 - 1 term, 1 practice question, 1 full practice test
Preview
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (53)
Cryptography
•Scrambling information so it cannot be read•Transforms information into secure form so unauthorized persons cannot access it
Steganography
•Hides the existence of data•An image, audio, or video file can contain hidden messages embedded in the file•Achieved by dividing data and hiding in unused portions of the file•May hide data in the file header fields that describe the file, between sections of the metadata (data used to describe the content or structure of the actual data
Encryption
Changing original text into a secret message using cryptography
Decryption
Changing secret message back to original form
Plaintext
Unencrypted data to be encrypted or is the output of decryption
Ciphertext
The scrambled and unreadable output of encryption
Cleartext data
Data stored or transmitted without encryption
cryptographic algorithm (also called a cipher)
Consists of procedures based on a mathematical formula used to encrypt and decrypt the data
Key
A mathematical value entered into the algorithm to produce ciphertext•The reverse process uses the key to decrypt the message
Substitution cipher
Substitutes one character for another•One type is a ROT13, in which the entire alphabet is rotated 13 steps (A = N)
XOR cipher
Based on the binary operation eXclusive OR that compares two bits
Modern cryptographic algorithms rely upon
underlying mathematical formulas
Software relies upon a
pseudorandom number generator (PRNG)
An algorithm for creating a sequence of numbers whose properties approximate those of a random numbe
Two factors that can thwart threat actors from discovering the underlying key to cryptographic algorithms:
Diffusion - if a single character of plaintext is changed then it should result in multiple characters of the ciphertext changing•Confusion - the key does not relate in a simple way to the ciphertext
Cryptography can provide five basic protections
Confidentiality-Ensures only authorized parties can view it•Integrity-Ensures information is correct and unaltered•Authentication-Ensures sender can be verified through cryptography•Non-repudiation-Proves that a user performed an action•Obfuscation-Making something obscure or unclear
Cryptography can provide protection to data as that data resides in any of three states
Data in-use - data actions being performed by "endpoint devices"•Data in-transit - actions that transmit the data across a network•Data at-rest - data this is stored on electronic media
high resiliency
The ability to quickly recover from these resource vs. security constraints
Stream cipher
- takes one character and replaces it with another
Block cipher
- manipulates an entire block of plaintext at one time
Sponge function
takes as input a string of any length and returns a string of any requested variable length
Three categories of cryptographic algorithms
•Hash algorithms•Symmetric cryptographic algorithms•Asymmetric cryptographic algorithms
Hash algorithms
Creates a unique "digital fingerprint" of a set of data and is commonly called hashing
Secure hashing algorithm characteristics:
Fixed size-Short and long data sets have the same size hash•Unique-Two different data sets cannot produce the same hash•Original-Data set cannot be created to have a predefined hash•Secure-Resulting hash cannot be reversed to determine original plaintext
Message Digest 5 (MD5
•Most well-known of the MD hash algorithms•Message length padded to 512 bits•Weaknesses in compression function could lead to collisions•Some security experts recommend using a more secure hash algorithm
Secure Hash Algorithm (SHA)
More secure than MD•SHA-2 is currently considered to be a secure hash•SHA-3 was announced as a new standard in 2015 and may be suitable for low-power devices
Race Integrity Primitives Evaluation Message Digest (RIPEMD)
The primary design feature is two different and independent parallel chains of computation•The results are combined at end of process•Several version of RIPEMD-RIPEMD -128, RIPEMD -256, and RIPEMD -320
Hashed Message Authentication Code (HMAC)
A hash variation providing improved security•Uses a "shared secret key" possessed by sender and receiver•Receiver uses a key to decrypt the hash
Symmetric cryptographic algorithms -
se the same single key to encrypt and decrypt a document
Also called private key cryptography (the key is kept private between sender and receiver)
Common algorithms include:
Data Encryption Standard•Triple Data Encryption Standard•Advanced Encryption Standard•Several other algorithms
Data Encryption Standard (DES)
Based on product originally designed in early 1970s•Uses a 56-bit key and is a block cipher
Triple Data Encryption standard (3DES)
Designed to replace DES•Uses three rounds of encryption•Ciphertext of first round becomes input for second iteration•Most secure versions use different keys used for each round
•Advanced Encryption Standard (AES
A symmetric cipher approved by the NIST in 2000 as a replacement for DES•Performs three steps on every block (128 bits) of plaintext•Designed to be secure well into the future
Other Algorithms
Rivest Cipher (RC)-Family of cipher algorithms designed by Ron Rivest•Blowfish-Block cipher operating on 64-bit blocks with key lengths from 32-448 bits-No significant weaknesses have been identified•International Data Encryption Algorithm (IDEA)-Used in European nations-Block cipher processing 64 bits with a 128-bit key with 8 rounds
Asymmetric cryptographic algorithms
public key cryptography
Uses two mathematically related keys•Public key available to everyone and freely distributed•Private key known only to individual to whom it belongs
Important principles
Key pairs•Public key•Private key•Both directions
Common asymmetric cryptographic algorithms:
RSA•Elliptic Curve Cryptography•Digital Signature Algorithm•Those relating to Key Exchange
RSA
Published in 1977 and patented by MIT in 1983•Most common asymmetric cryptography algorithm•Uses two large prime numbers
Elliptic curve cryptography (ECC)
Users share one elliptic curve and one point on the curve•Uses less computing power than prime number-based asymmetric cryptography-Key sizes are smaller•Considered as an alternative for prime-number-based asymmetric cryptography for mobile and wireless devices
•Digital Signature Algorithm (DSA)
•Digital signature - an electronic verification•Verifies the sender•Prevents sender from disowning the message•Proves message integrity
Key Exchange
-Diffie-Hellman (DH)-Diffie-Hellman Ephemeral (DHE)-Elliptic Curve Diffie-Hellman (ECDH)-Perfect forward secrecy
Downgrade Attack
A threat actor forces the system to abandon the current higher security mode of operation and instead "fall back" to implementing an older and less secure mode
Using Deprecated Algorithms
Means to use a cryptographic algorithm that should not be used because of known vulnerabilities
Improper Implementation
•Known as misconfiguration implementation•Many cryptographic algorithms have several configuration options•Unless careful consideration is given to these options the cryptography may be improperly implemented
Collision attack
An attempt to find two input strings of a hash function that produce the same hash result
Birthday attack
Based on the birthday paradox, which says that for there to be a 50 percent chance that someone in a given room shares your birthday, 253 people would need to be in the room
Cryptography should be used to secure:
Data-in-transit, data-at-rest, and when possible data-in-use
File and File System Cryptography
Encryption software can be used to encrypt or decrypt files one-by-one
Pretty Good Privacy (PGP)
Widely used asymmetric cryptography system•Used for files and e-mails on Windows systems•GNU Privacy Guard (GNuPG)-Open-source product that runs on Windows, UNIX, and Linux operating systems•OpenPGP is another open-source alternative that is based on PGP
Full Disk Encryption (FDE
Protects all data on a hard drive•Example: BitLocker drive encryption software that is included in Microsoft Windows•BitLocker encrypts the entire system volume, including the Windows Registry•Prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer
USB device encryption
Encrypted hardware-based flash drives can be used-Will not connect a computer until correct password has been provided-All data copied to the drive is automatically encrypted-Tamper-resistant external cases-Administrators can remotely control and track activity on the devices-Stolen drives can be remotely disabled
Self-Encrypting Drives (SEDs)
Self-encrypting hard disk drives protect all files stored on them•The drive and host device perform authentication process during initial power up•If authentication fails, the drive can be configured to deny access or even delete encryption keys so all data is permanently unreadable
Trusted Platform Module (TPM)
45Hardware Encryption (3 of 4)•Trusted Platform Module (TPM)•A chip on a computer's motherboard that provides cryptographic services•Includes a true random number generator•Entirely done in hardware so it cannot be subject to software attack•Prevents computer from booting if files or data have been altered•Prompts for password if hard drive moved to a new compute
Hardware Security Module (HSM)
A secure cryptographic processor•Includes an onboard key generator and key storage facility•Performs accelerated symmetric and asymmetric encryption•Can provide services to multiple devices over a LAN
THIS SET IS OFTEN IN FOLDERS WITH...
CCNA
67 terms
Regex
16 terms
Cyber Security
48 terms
Regex
18 terms
YOU MIGHT ALSO LIKE...
IS 577-01 Chapter 3
51 terms
ch5 net sec
40 terms
CH11
61 terms
Chapter 3 Security
65 terms
OTHER SETS BY THIS CREATOR
Networking Chapter 4
52 terms
Networking Powerpoint 5, 6, and 8
249 terms
Chapter two networking
9 terms
Chapter one networking powerpoints/ other sources
34 terms
OTHER QUIZLET SETS
424 Chapter 3
62 terms
264 - Security & Privacy - Vocab. - Stiltner.K
35 terms
Cyber Security//Ch.5 Mod.01 - Power Point
66 terms
Math 163 Test 3 Material
26 terms