Upgrade to remove ads
Securities and Assurance
Terms in this set (84)
What does Cryptology address?
The cryptography domain addresses the principles, means, and methods of disguising information to ensure its:
-Art and science of writing secrets.
-Storing and transmitting information in a form that allows it to be revealed only to those intended.
-Accomplished by cryptosystem
Types of Cryptography.
Data in unscrambled form
Act of scrambling using key
Descrambling with key
-Set of rules by which enciphering and deciphering is done.
-'Mathematical' function that takes plaintext and a key as input, and produces ciphertext as output.
-Practice of defeating attempts to hide information.
-Reduction or solution of secret messages without knowledge of the system or the key or the possession of a code book.
Includes both cryptography and cryptanalysis.
Secret sequence governing enciphering/deciphering
Number of distinct keys supported by a cipher.
Two different keys generate same cipher text from same plain text.
An estimate of the effort/time needed to overcome a protective measure by a penetrator with specified expertise and resources.
Purpose of Cryptography
-Protect sensitive information from disclosure.
-Identify the corruption or unauthorized change of information.
-Make compromise too expensive or too time consuming.
First appearance of Cryptography?
Egypt > 4000 years ago, Hieroglyphs
-Operate on continuous streams of plain text (as 1's and 0's).
-Usually implemented in hardware.
-Well suited for serial communications
Characteristics of a Stream Cipher
-A stream cipher algorithm should have these features:
1)Long periods with no repeating
4)Statistically unbiased keystream
-As many 0's as 1's
5)Keystream not linearly related to key
-Operate on fixed size blocks of plain text
-More suitably implemented in software to execute on general-purpose computer
-Overlap when block operated as stream
Characteristics of Block Ciphers
-Operates on fixed size text blocks
1)Usually 8-byte (64-bit) ASCII text in block ciphers with length a multiple of 8 bits
-Block mode ciphers are generally slower than stream mode
-Data Encryption Standard (DES) is best-known block cipher
-Shift Alphabet(move letters 3 spaces)
-Scramble Alphabet(substitute one letter for another)
Rearrange the letters of the message (the one in the box)
Uses several different alphabets to defeat frequency analysis
a polyalphabetic cipher that shifts the position of the English alphabet based on the keyword
Running Key Cipher
KEY = Name of readily available book plus page, line, and column number
-The only algorithm that is provably unbreakable by exhaustive search (brute force) .
-Random symmetric key same length as message
1)Each key bit is only used once and then discarded
2)Need a secure way to pre-share the key.
-Digital system key and message are both bit streams and are XORed together.
True letters of plaintext hidden/disguised by device or algorithm. (Ex. every 5th word in a sentence)
Art of hiding communications
-Deny Message Exists
-Data hidden in pictures of files
(First word on every line of a poem)
List of words/phrases (code) with corresponding random groups of numbers/letters (code groups)
What does cryptography address?
Cryptography addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity.
What is the purpose of cryptography?
The purpose of cryptography is to protect sensitive information from disclosure, identify the corruption or unauthorized change of information, and make compromise too expensive or too time consuming.
What is the difference between stream and block ciphers?
Stream ciphers operate on a continuous stream of bits, using the XOR operation to combine the plaintext bits with the keystream bits. Block ciphers operate on 'chunks' of bits, usually 64 bits, and apply the encryption algorithm to each block.
What are some examples of ciphers?
Examples of ciphers include simple substitution, transposition, polyalphabetic, codes, concealment ciphers, one-time pads, etc.
Symmetric Key Cryptography
-Also referred to as private key/single key/secret key
-Uses a single key shared by originator and receiver
-Algorithms include: Rijndael, DES, Triple DES, Blowfish, IDEA, RC4, RC6, SAFER, Serpent, Twofish, etc.
Strengths of Symmetric Key Cryptography
-Very fast which allows for large amounts of data to be encrypted in very little time
-Very difficult to break data encrypted with large keys.
-Availability - Algorithms and tools used for symmetric encryption are freely available
Weaknesses of Symmetric Key Cryptography
1) Key management and implementation
-Ensure that sender and receiver can agree upon a key, and how they exchange a key.
2) Key Distribution
-Same key used to both encrypt and decrypt.
-Requires very secure mechanism for key distribution.
-Keys and data must be delivered separately.
-Since a unique symmetric key must be used between the sender and each recipient, number of keys grows exponentially with the number of users : N (N-1) / 2
4) Limited security
-Symmetric keys only encrypt data and restrict its access.
-Does not provide proof of origin or non-repudiation.
Data Encryption Standard (DES)
-Block mode cipher
-64-bit input and output block size
-56-bit true key plus 8 parity bits
-Seventy-two quadrillion possible keys
-16 rounds of transposition and substitution to encrypt and decrypt
Cryptanalysis assumptions of Data Encryption Standard (DES)
-Algorithm is known by the adversary. The strength of the encryption relies on the secrecy of the key (Kerckhoff's Principle).
-Adversary must try all possible keys to find which one was used.
- Used in variety of applications and products
5 modes of Data Encryption Standard (DES)
1)ECB (Electronic Code Book)
2)CBC (Cipher Block Chaining)
3)CFB (Cipher Feed Back)
4)OFB (Output Feed Back)
Electronic Code Book (ECB)
-64-bit data blocks processed individually one at a time
-64-bit cipher blocks generated under key
-Decrypting starts at beginning of ciphertext file and processes 64-bits at a time, until end of file, using same key
-Fast and simple, but very susceptible to Known Plaintext Attack
Problems with Electronic Code Books
-Each 64-bit chunk is separately attackable problem, using the same exact key
-A given 64-bit value in plaintext will always produce same ciphertext
-A given message and key will always produce same ciphertext
Cipher Block Chaining (CBC)
-Most frequently used mode of operation
-64-bit plain text blocks
-XORed using a 64-bit initialization vector
-Key used to process combination into cipher
-First ciphertext XORed with next text block
-Process repeated until end of plaintext
Advantages of Cipher Block Chaining (CBC)
-Even if plaintext is simple, decrypting any block does not produce recognizable pattern
-Encrypted feedback (chaining) between blocks destroys any long running pattern - even a file of all zeroes would produce no repeating 64-bit groups
-If the IV is chosen differently each time, the exact same file will produce different ciphertext
Cipher Feed Back (CFB)
-Previous ciphertext block is encrypted and output produced is combined with plaintext block using XOR to produce current ciphertext block
-Uses seed for initialization vector.
-Plaintext patterns are concealed by the XOR operation
-Device generates stream of random binary bits
1)Combined with plain text
2)Same number of bits as text used to generate cipher
3)Next input uses a portion of the previous cipher text
Output Feed Back (OFB)
-Similar to CFB mode except that quantity XORed with each plaintext block is generated independently of both plaintext and ciphertext
-Initialization vector is used as 'seed' for sequence of data blocks
-Message stream XORed with DES generated keystream
1)Simulates one-time pad
2)Encrypting 64-bit initialization vector with secret key generates DES keystream
3)Next segment uses DES generated key bits output from previous segment
-Similar to OFB mode in that the quantity XORed with each plaintext block is generated independently of both plaintext and ciphertext
-Key difference is that instead of a static Initialization Vector, a Counter is incremented with each data block
-Encrypted Counter values generate a keystream to be XORed with message stream, much like stream cipher
Advantages of Counter (CTR)
-Like OFB, can preprocess the keystream
-Unlike OFB, encryption can be parallelized
Disadvantages of Advantages of Counter (CTR)
Counter values must be unique across all messages ever encrypted under a single key
-Intended key length 112 bits
-Turns out to be no more secure than DES (Meet-in-the-Middle-Attack)
-DES-EEE3: 3 DES encryptions with 3 different keys
-DES-EDE3: 3 DES operations (encrypt-decrypt-encrypt) with 3 different keys
-DES-EEE2, DES-EDE2: same as previous, except first and third operations use same key
-Block cipher that can be implemented very efficiently on a wide variety of processors and hardware.
-Supports block and key sizes of 128, 192, and 256 bits .
-Under FIPS 197, a block size of 128 and a key length of 128, 192 and 256 are approved for use.
-Variable number of rounds, each round containing 4 steps (Byte Sub, Shift Row, Mix Column, Add Round Key).
-The most commonly implemented stream cipher
-Variable key size
-Highly efficient, much faster than any block cipher
-Stream ciphers can be difficult to implement correctly
RC5 and RC6
Features data dependant rotations, variable block size, variable key size, variable number of rounds
-Highly efficient block cipher
-Key length up to 448 bits
-64 bit block size
-Optimized for 32 bit microprocessors
How does symmetric key cryptography operate?
Symmetric key cryptography uses one key for encryption, and it is the same, exact key that needs to be used for decryption.
What are the strengths of symmetric key cryptography?
The strengths of symmetric key cryptography are speed, availability, and difficulty to break using large key sizes.
What are the weaknesses of symmetric key cryptography?
Weaknesses include key distribution, key management, and scalability.
What are the modes of DES?
Modes of DES include ECB, CBC, CFB, OFB, CTR.
What is the key length of the 3DES algorithm?
The key length of the 3DES algorithm is 168 bits.
Asymmetric Key Cryptography
-Instead of a single key, there is a 'key pair.'
-The two keys are related to each other mathematically.
-One of the keys is kept secret (Private key).
-The other is made available to everyone (Public key).
-When data is encrypted with either one of the keys, the other key is the only one that can decrypt the ciphertext.
to derive the private key from knowledge of the public key
How can we use two different keys?
One key is the inverse of the other
One Way Function
-A mathematical function that is easier to compute in one direction (forward direction) than in the opposite direction (inverse direction).
-Forward direction could take seconds, the inverse could take months.
Trap-door one way function
is a one way function for which the inverse direction is easy given a piece of information (the trap door).
Strengths of Asymmetric Key Cryptography
1)Provides efficient encryption and digital signature services
2)Efficient symmetric key distribution
-Only two keys needed per user
-1,000 people need total of 2,000 keys (easier to manage than the 499,500 needed for symmetric)
Five security elements that Asymmetric Key Cryptography can provide.
-Confidentiality/Privacy (Data cannot be decrypted without the appropriate private key)
-Access Control (The private key should be limited to one person)
-Authentication (Identity of sender is confirmed)
-Integrity (Data has not been tampered with)
-Non-repudiation (Sender cannot deny sending)
Weaknesses of Asymmetric Key Cryptography
-Slow (1000 or more times slower than symmetric)
is splitting an integer into a set of integers that when multiplied together, form the original integer
mathematical problem using entities called groups. A group is a collection of elements, together with an operation defined on them that is commonly referred to as multiplication or composition and follow certain rules. Assuming the group has a finite number of elements, each element in the group has an order, the minimum number of times it must be multiplied by itself to get back to the identity, which is usually one
-public-key cryptosystem that offers both encryption and digital signatures (authentication)
-100 times slower than symmetric key encryption in software.
1,000 - 10,000 times slower than symmetric key encryption in hardware.
-512 and 768 bit key lengths are considered weak, 1024 is moderately secure, and larger keys are even better.
Session Key Negotiation
-To use single-key encryption, two parties must agree on secret session key
-Key agreement is technique for parties wishing to communicate securely to contribute to the establishment of a shared secret
-Security devices representing each party use public-key technology to allow the establishment of the shared secret.
Elliptic Curve Cryptosystem (ECC)
1)Uses algebraic system defined on points of elliptic curve to provide public-key algorithms.
2)Supports all three needs:
-Secret key distribution
3)Uses elliptic curve mathematical concepts to speed up public key operations.
4)Based on the mathematical problem of factors that are coordinate pairs that fall on an elliptic curve.
Advantages of ECC
1)Highest strength/bit of public key systems.
2)Big savings over other public key systems.
-Short signatures and certificates
4)Ideal for small hardware implementations
-Smart cards, mobile phones, etc.
1)Symmetric algorithms are fast and strong (given sufficiently long keys).
2)Asymmetric algorithms are good at key management, but terribly slow.
3)Hybrids will use each technology where it is best suited.
-Symmetric key algorithm for bulk data encryption.
-Asymmetric key algorithm for automated key distribution.
How does asymmetric key cryptography differ from symmetric?
Asymmetric key crypto differs from symmetric in that it uses two different keys for encryption and decryption. If you encrypt with one, it is the other that decrypts. The two keys are related to each other mathematically.
How do we address confidentiality and authentication of source with asymmetric key cryptography?
To address confidentiality, one would encrypt with the receiver's public key. To address authentication of source, sender would encrypt with their private key.
What are the strengths of asymmetric key cryptography?
The strengths of asymmetric key cryptography are efficient key distribution, scalability, efficient encryption and digital signature services, and ability to provide five security elements.
What are the weaknesses of asymmetric key cryptography?
Weaknesses include computationally intensive and very slow compared to symmetric.
Message Integrity Controls
a value calculated using an algorithm that is highly sensitive to bit changes
CBC - MAC
1)MIC function that includes a symmetric key shared by parties
-The key is required to compute CBC-MAC
-Key distribution and key use
-Verifier can also forge
-Non-repudiation is not addressed
-Any key holder is able to create the CBC-MAC
-Cannot hold any key holder accountable
Used to condense arbitrary length messages and produce fixed-size representation of message.
Used for subsequent signature by a digital signature algorithm
Good cryptographic hash functions
should have what properties?
-Be unable to compute hash value of two messages combined given their individual hash values.
-Hash should be computed on the entire message.
-Hash functions should be one-way (messages cannot be generated from their signature)
-It should be computationally infeasible to compute the same hash value on two different messages
-Should resist birthday attacks
What is a hashing function?
Hashing functions are mathematical functions used to condense arbitrary length messages and produce a fixed-size representation of the message.
-Authentication tool to verify a message origin and sender identity.
-Each user has public-private key pair
-A digital signature is created by encrypting a digest or hash value of a message with the senders private key.
Digital Signatures Operation
To "sign" a message
To verify a message
Digital Signatures Benefits
-Used to authenticate software, data, images, users, machines.
How is a digital signature produced?
A digital signature is produced by hashing the message (which produces a message digest) and then encrypting the message digest with the sender's private key.
What does a digital signature address?
A digital signature addresses the integrity of the message and authenticates the source of the message. It also addresses non-repudiation, which means that the sender cannot deny sending, and the receiver cannot claim having received a different message than the original.
YOU MIGHT ALSO LIKE...
Comptia Security+ (Exam SYO-401) - Lesson 1 Topic…
CISSP Cryptography (Set 1)
OTHER SETS BY THIS CREATOR
Business Continuity Planning
THIS SET IS OFTEN IN FOLDERS WITH...
Morse Code: Letters
CWNA - Wireless Standards and Organizations
CWNA - Radio Frequency Fundamentals
CWNA - Radio Frequency Components, Measurements, a…