71 terms

Database Security Chapter 5

STUDY
PLAY
One-time pad (OTP)
Uses a key a random set of letters that only the sender and recipient know. It can only be used at one time and only kept secret between the sender and the receiver. Does not need an computer.
Cryptography
The science of transforming information into a secure form so that unauthorized persons cannot access it.
Steganography
It is the art of hiding the data rather than transforming the data.
Metadata
Data that is used to describe the content or structure of the actual data.
Encryption
Changing the original text into a secret message using cryptography.
Decryption
Reverses the process of encryption so that the message or code can be read.
cleartext
Unencrypted form
Plaintext data
Cleartext Data that is to be encrypted and is the result of decryption; considered a special instance of cleartext.
Algorithm
Procedures based on a mathematical formula used to encrypt and decrypt data.
Key
Mathematical value entered into the algorithm to create encrypted data.
Ciphertext
Encrypted data.
When the key is inserted into the algorithm, it creates a cipthertext which "lock down" the data that is inputed.
What happens when a key is entered into an algorithm?
1. Confidentiality of information.
2. Integrity of information; unaltered data.
3. Availability of information; ease of access.
4. Authentication; Access of users
5. Non-repudiation; proves that the user has performed an action
What five basic protections can Cryptography offer?
Non-repudiation
Process of proving that a user performed an action, such as sending an email message.
Stream cipher
Takes one character and replaces it with one character; changes letters in order to make it hard for someone else to read it.
substitution cipher
Simplest type of stream cipher, it converts one letter or character into another.
homoalphabetic substitution cipher
maps a single plaintext character to multiple ciphertext characters.
Block Cipher
Unlike a stream cipher, it can manipulate an entire block of plaintext at one time.
advantage of an stream cipher is the speed since it takes only one plaintext to convert to another character.
1. Consumes much more processing power if the plaintext is long.
2. They are more prone to attack because the engine that generates the stream does not vary.
What are the advantages and disadvantages of an stream cipher?
1. Considered more secure because the output is more random.
2. Cipher is reset to its original state after each block is processed.
What are the advantages of a block cipher?
sponge function
takes as input a string of any length, and returns a string of any requested variable length.
Hash Algorithm
Basic type of cryptographic algorithm; creates a unique "digital fingerprint" of a set of data and is commonly called hashing. Integrity is the only characteristic that it has.
Digest
Fingerprint; represents the contents in a hash algorithm.
One-way in that its contents cannot be used to reveal the original set of data. Because of this it's impossible to determine the original set of data.
Hashing does not create ciphtertext but instead uses...........?
Comparison purposes for example the integrity of the information.
What is hashing primarily used for?
1. Fixed size - should produce the same size as a digest of a long set of data.
2. Unique - Two different sets of data cannot produce the same digest, which is known as a collision.
3. Original - It should be impossible to produce a data set that has a desired or predefined hash.
4. Secure - The resulting hash cannot be reversed in order to determine the original plaintext.
Hashing algorithm is considered secure if it has these characteristics.....
Hashed Message Authentication Code (HMAC)
Hash-based message authentication code in which a hash function is applied to both the key and the message.
Message Digest (MD); Message Digest 5
Length of message is padded to 512 bits in length. The hash algorithm uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the digest; not recommended because it might cause collisions.
Secure Hash Algorithm (SHA)
More secure than MD; Current version is at stage 3.
Whirlpool
ISO uses this type of hash function; Named after the first galaxy recognized to have a spiral structure. Is not patented and can be used for any purpose.
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
Developed by RACE, or the Research and Development in Advanced Communications Technologies which is affiliated with the European Union, created this hash function. Main primary design is two differen t parallel chains of computation.
Symmetric Cryptographic Algorithms (Private Key Cryptography)
Original cryptographic algorithms; Designed to encrypt and decrypt the ciphertext; key is private and must be kept private to prevent attacks. Lacks Authenticity and Non-repudiation.
Data Encryption Standard (DES)
U.S government officially adopted this as the standard for encrypting non classified information. It is also a block cipher whcih executes the algorithm 16 times. It has been broken several times and is not recommended.
Triple Data Encryption Standard (3DES)
Designed to replace the DES, uses three rounds of encryption instead of one. Uses different keys for each round. Performs better in hardware than it does on software. It is no longer considered the most secure symmetric cryptographic algorithm.
Advanced Encryption Standard (AES)
Approved by NIST in late 2000 as a replacement. This is the official standard for encryption by the U.S. government. Rijndael or AES. preform three steps on every block of plaintext. No attacks have been successful on this type of algorithm.
RC4
Stream cipher that accepts keys up to 128 bits in lenth.
International Data Encryption Algorithm (IDEA)
Dates back to early 1990s and is used in European nations. Processes 64 bits with a 128 bit key with 8 rounds.
Blowfish
Block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits.
Twofish
Later derivation of Blowfish; also considered to be a strong algorithm, not widely used as blowfish.
Pad
is a long sequence of random letters.
Asymmetric Cryptographic Algorithms (public key cryptography)
Instead of using one key, it uses two. The keys are mathematically related and are known as the public key and the public key.
distributing and maintaining a secure single key among multiple users.
What is the primary weakness of symmetric encryption algorithm
Public key
Can be distributed freely to everyone.
Private Key
The private key should be kept confidential and never shared.
Both Directions
Private keys can be decrypted by public key; Public keys can be decrypted by private key.
Digital Signature
Electronic verification of the sender; used in asymmetric cryptography.
1. Verify the sender - confirm the identify of the person from whom the electronic message originated.
2. Prevent the sender from disowning the message - Cannot attempt to disown the signature was forged (non repudiation)
3. Prove the integrity of the message - prove that the message has not been altered since it was signed.
What can digital signature do?
RSA
Published in 1977 and patented by MIT in 1983 is the most common cryptography algorithm and is the basis for several products. Has all characteristics involved.
Multiplies two large prime numbers, p and q, to compute their product ( n=pq). E is chosen that is less than N and a prim factor to (p-1)(q-1). The values of e and d are the public and private exponents. The public key is the pair (n,e) while the private key is (n,d). The numbers p and q can be discarded.
How does an RSA algorithm work?
Elliptic Curve Cryptography (ECC)
First proposed in the mid-1980s. Doesn't use two large prime numbers to function but instead uses sloping curves. Considered an alternative for prime-number-based ac for mobile and wireless devices.
NTRUEncrypt
Uses lattice-based cryptography that relies on a set of points in space and faster than the other two ACA's, resistant quantum computing attacks.
Quantum Cryptography
Attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys as well as to detect eavesdropping.
Key Exchange
Sending and receiving keys.
Out-of-band
Sending keys through physical means instead of going through the network.
In-band
key exchange happens within normal communications.
Diffie-Hellman (DH)
Agree upon a large prime number and related integer. Those two numbers can be made public. Uses the same keys all the time.
Diffie-Hellman Ephemeral (DHE)
Uses different keys.
Emphemeral keys
Temporary keys that are used only once and then discarded.
Elliptic Curve Diffie-Hellman (ECDH)
Uses elliptic curve cryptography instead of prime numbers in its computation.
Perfect forward secrecy
public key systems that can generate different random public keys that are different from each session.
File System
method used by the os system to store, retrieve and organize files.
Pretty Good Privacy (PGP/GPG)
Widely used asymmetric cryptography systems for files and email message on Windows systems. use both asymmetric and symmetric cryptography. uses RSA for protecting digital signatures and 3DES or IDEA for symmetric encryption.
GNU Privacy Guard (GPG)
Open source product and runs on Windows, linux, and Unix operating systems. GPG decrypts messages that come from PGP. use both asymmetric and symmetric cryptography. is unable to use IDEA because IDEA is patented
Microsoft Windows Encrypting File System (EFS)
USes the Windows NTFS File system. Encryption and decryption are transparent to the user. Automatically encrypted.
1. A user can set the encryption attribute for a file in the Advanced Attributes Dialog box.
2. Storing the file in a file folder set for encryption will automatically encrypt the file.
3. The Cipher.exe command-line utility can be used to encrypt files.
What ways can files be marked for encryption with EFS?
Whole Disk Encryption
Cryptography can be applied to entire disks. protects all data on a hard drive.
BitLocker
Windows version of whole disk encryption. Prevents attackers from accessing data by booting from another operating system or placing the hard drive in another computer.
USB Device Encryption
embedded program implemented in a USB. Administrators can remotely control and track activity on the devices.
Hard Disk Drive Encryption
embedded program that protects all files on a hard disk.
Trusted Platform Module (TPM)
Chip on the motherboard that provides cryptographic services. True random number generator instead of a pseudorandom number generator.
Hardware Security Module (HSM)
A secure cryptographic processor.