CHAP 6 (DOMAIN 3) TEST.

A one-way function

1). A mathematical operation that easily produces output values for each possible combination of inputs, - 2). But makes it impossible to retrieve the input values. For example, Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers.

Goals of Cryptography:

1). Confidentiality, 2). Integrity, 3). Authentication, and 4). Nonrepudiation.

Symmetric Key Cryptography Weakness's:

1). KEY DISTRIBUTION is a major problem. 2). Symmetric key cryptography does not implement NONREPUDIATION. 3). The algorithm is not SCALABLE. 4). Keys must be REGENERATED OFTEN.

Columnar Transposition:

A complex Transposition ciphers that involves writing the plaintext out in rows, and then reading the ciphertext off in columns. It usually requires a numbered key word. T R U M P 4 3 5 1 2 I H A T E T H E F A K E N E W S M E D I A becomes "ITKDAHHEMAENETFEDEAWI"

Truth Table:(function of the AND operation)

A function of the AND operation, The truth table that follows illustrates all four possible outputs for the AND function.

Bit Size:

A key space is defined by this. It represents nothing more than the number of binary bits (0s and 1s) in the key.

Monoalphabetic Substitution Cipher:

A single alphabet is used to encrypt the entire plaintext message.

Caesar Cipher:

A substitution cipher that is mono-alphabetic.

Cryptographic Keys:

All cryptographic algorithms rely on these to maintain their security. For the most part, they are nothing more than a number. It's usually a very large binary number, but it's a number nonetheless.

Running Key Ciphers:

Also known as a Book Cipher. Uses the numerical value of letters in the plaintext and is coded and decoded by using a copy of the text in a book as the key. For example, the sender and recipient might agree in advance to use the text of a chapter from Moby-Dick, beginning with the third paragraph, as the key. They would both simply use as many consecutive characters as necessary to perform the encryption and decryption operations.

Vernam Ciphers:

Also known as one-time pads, which are keystreams that can be used only once.

Period Analysis:

Although polyalphabetic substitution protects against direct frequency analysis, it is vulnerable to this second-order form of frequency analysis which is an examination of frequency based on the repeated use of the key.

Caesar Cipher:

An example of a stream cipher. To encrypt a message, you simply shift each letter of the alphabet three places to the right. For example, A would become D, and B would become E. If you reach the end of the alphabet during this process, you simply wrap around to the beginning so that X becomes A, Y becomes B, and Z becomes C. For this reason, this cipher also became known as the ROT3 (or Rotate 3) cipher.

Public key Cryptosystems:

Are all based on some sort of one-way function. In practice, however, it's never been proven that any specific known function is truly one way. Cryptographers rely on functions that they believe are one way, but it's always possible that they might be broken by future cryptanalysts.

Cryptographic Concepts:

As with any science, you must be familiar with certain terminology before studying cryptography. Let's take a look at a few of the key terms used to describe codes and ciphers.

Asymmetric Key Algorithms:

Asymmetric cryptosystems use public-private key pairs for communication between parties but operate much more slowly than symmetric algorithms.

Nonrepudiation:

Asymmetric key algorithms also provide support for digital signature technology. Basically, if Bob wants to assure other users that a message with his name on it was actually sent by him.

Plaintext Message:

Before a message is put into a coded form, it is known as this and is represented by the "LETTER P" when encryption functions are described.

Stream Ciphers:

Both Symmetric and Asymmetric Operates on one character or bit of a message (or data stream) at a time. The Caesar cipher is an example of a this type of Cipher as is one-time pad because the algorithm operates on each letter of the plaintext message independently. It can also function as a type of block cipher. In such operations there is a buffer that fills up to real-time data that is then encrypted as a block and transmitted to the recipient.

The AND operation (∧ symbol)

Checks to see whether two values are BOTH VALUES ARE TRUE. In Boolean math: 1). There are only 2 possible values for each of these variables, 2). leading to four possible inputs to the ? function. It's this FINITE NUMBER of POSSIBILITIES that makes it EXTREMELY EASY for COMPUTERS to IMPLEMENT LOGICAL FUNCTIONS in HARDWARE.

Ciphers:

Cipher systems have long been used by individuals and governments interested in preserving the confidentiality of their communications. In the following sections, we'll cover the definition of a cipher and explore several common cipher types that form the basis of modern ciphers. It's important to remember that these concepts seem somewhat basic, but when used in combination, they can be formidable opponents and cause cryptanalysts many hours of frustration.

Boolean Mathematics:

Computer Math: Defines the rules used for the bits and bytes that form the nervous system of any computer. Values of the variables are the truth values true and false, usually denoted 1 and 0 respectively - 0000101111010100010110110101010101111 This system has electrical origins. - In an electrical circuit, there are only two possible states—on (representing the presence of electrical current) and off (representing the absence of electrical current). - All computation performed by an electrical device must be expressed in these terms, giving rise to the use of xxxxxxx computation in modern electronics.

The Off Condition:

Computer scientists refer to this condition as a FALSE VALUE.

The On Condition:

Computer scientists refer to this condition as a TRUE VALUE.

One-Time Pad:

Considered a perfect encryption scheme because it is considered unbreakable when used properly. There is no repeating pattern of alphabetic substitution, rendering cryptanalytic efforts useless. It is an example of a stream cipher as the algorithm operates on each letter of the plaintext message independently. Requirements: However, several requirements must be met to ensure the integrity of the algorithm. 1). Its main strength is derived from the fact that it uses an EXTREMELY LONG KEY. 2). The one-time pad must be RANDOMLY GENERATED. 3). The one-time pad must be PHYSICALLY PROTECTED against disclosure. 4). Each one-time pad must be USED only ONCE. 5). The KEY MUST be at least AS LONG as the MESSAGE to be ENCRYPTED.

Cryptographic Mathematics

Cryptography is no different from most computer science disciplines in that it finds its foundations in the science of mathematics. To fully understand cryptography, you must first understand the basics of binary mathematics and the logical operations used to manipulate binary values. The following sections present a brief look at some of the most fundamental concepts with which you should be familiar.

Nonce:

Cryptography often gains strength by adding randomness to the encryption process. One method by which this is accomplished is through the use of a this function. It generates a random number that acts as a placeholder variable in mathematical functions. When executed, the (xxxxxx) is replaced with a random number generated at the moment of processing for 1-time use. It must be a unique number each time it is used.

Data Encryption Standard (DES):

DES is the data encryption standard, which describes the data encryption algorithm (DEA). DES is a symmetric block encryption algorithm. - 64-bit blocks of plaintext go in, ——— 64-bit blocks of ciphertext come out. It is also a symmetric algorithm, meaning - The same key is used for encryption and decryption. It uses a 64-bit key: - 56 bits make up the true key, and - 8 bits are used for parity. 56 + 8 = 64. DES divides the message into blocks and operates on them one at a time. 1). The blocks are put through 16 ROUNDS of TRANSPOSITION and SUBSTITUTION functions. 2). The order & type of transposition / substitution depends on the Key value. 3). The result is 64-bit blocks of ciphertext.

Symmetric Key Cryptography Weakness's:

DOES NOT SUPPORT NONREPUDIATION.

Eavesdropping Attacks:

Data in motion may be susceptible to this type of attack.

Message Integrity:

Enforced through the use of encrypted message digests, known as digital signatures, created upon transmission of a message. The recipient of the message simply verifies that the message's digital signature is valid, ensuring that the message was not altered in transit.

Cryptographic Integrity:

Ensures that data is not altered without authorization. These mechanisms ensure that the message received is identical to the message that was sent. Ensure that stored data was not altered between the time it was created and the time it was accessed. Protect against all forms of alteration

Exam Warning - DES & DEA

Even though DES is commonly referred to as an algorithm, it is technically the name of the published standard that describes DEA. It may sound like splitting hairs, but that is an important distinction to keep in mind on the exam. DEA may be the best answer for a question regarding the algorithm itself.

Key Space:

Every algorithm has a specific ( ? ). This area is the range of values that are valid for use as a key for a specific algorithm. The range between the key that has all 0s and the key that has all 1s.

Boolean Algebra: 0 =

False or 0 for false.

Decimal Math:

Human Math: You're most likely familiar with this. It is a base 10 system in which an integer from 0 to 9 is used in each place and each place value is a multiple of 10. It's likely that our reliance on this system has biological origins—human beings have 10 fingers that can be used to count.

Calculating Key Space:

If a key were eight bits (one byte) long, the keyspace would consist of 28 or 256 possible keys. Advanced Encryption Standard (AES) can use a symmetric key of 256 bits, resulting in a key space containing 2256 (or 1.1579 × 1077) possible keys. Keyspace = 2 to the power of the number of bits, so: 1). 4 bits = so, "2" to the power of "4", i.e: 2x2x2x2 (2, 2x2="4", 2x4="8", 2x8="16") = 16 2). 8 bits= so, so, "2" to the power of "8", i.e: (2x2x2x2x2x2x2x2) = 256 keys

Zero-Knowledge Proof:

In cryptography, a Knowledge method/protocol is a way by which one party (the prover) can prove to another party (the verifier) that she knows a value X, without conveying any information apart from the fact that she knows the value X.

Cryptographic Nonrepudiation:

Is ONLY offered only by public key, or asymmetric, cryptosystems.

Key Security:

It is absolutely critical to protect the security of secret keys. In fact, all of the security you gain from cryptography rests on your ability to keep the keys used private.

Asymmetric Key Cryptography Weakness:

Its slow speed of operation. For this reason, many applications that require the secure transmission of large amounts of data use public key cryptography to establish a connection and then exchange a symmetric secret key.

128-bit key:

Modern cryptographic systems use at least a this long to protect data against prying eyes.

Asymmetric Key Encryption Supports -

Of the FOUR FUNDAMENTAL CRYPTOGRAPHIC GOALS: Provides 1. integrity, 2. authentication, and 3. nonrepudiation. If a user does not share their private key with other individuals, a message signed by that user can be shown to be accurate and from a specific source and cannot be later repudiated.

Diffusion:

One change causes many! AVALANCHE, CASCADE. - This occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext. - The single plaintext bit has influence over several of the ciphertext bits. - Changing a plaintext value should change many ciphertext values, not just one. One of the two basic operations Cryptographic algorithms rely to obscure plaintext messages.

Block Ciphers:

Only Symmetric Operate on "chunks," or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. Transposition ciphers are examples of this type of cipher.

END-TO-END ENCRYPTION:

Packets are encrypted once at the original encryption source and then decrypted only at the final decryption destination. The advantages of end-to-end encryption are its speed and overall security. However, in order for the packets to be properly routed, only the data is encrypted, not the routing information.

Codes vs. Ciphers:

People often use the words code and cipher interchangeably, but technically, they aren't interchangeable. There are important distinctions between the two concepts.

Cryptographic Nonrepudiation:

Provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender. It also prevents the sender from claiming that they never sent the message in the first place (also known as repudiating the message). Secret key, or symmetric key, cryptosystems (such as simple substitution ciphers) do not provide this guarantee of nonrepudiation.

M of N Control - "M = 2" "N = 6":

Requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. So, implementing three of eight controls would require three people out of the eight with the assigned work task of key escrow recovery agent to work together to pull a single key out of the key escrow database (thereby also illustrating that M is always less than or equal to N).

LINK ENCRYPTION:

Requires that each node (for example, a router) has separate key pairs for its upstream and downstream neighbors. Packets are encrypted and decrypted, then re-encrypted at every node along the network path.

Cryptosystems:

Specific implementations of a code or cipher in hardware and software are known as ?

Cryptographic Confidentially:

Supported by both Symmetric & Asymmetric Cryptosystems.

Cryptographic Authentication:

Supported by only Asymmetric Cryptosystems.

Cryptographic Integrity:

Supported by only Asymmetric Cryptosystems.

Cryptographic Nonrepudiation:

Supported by only Asymmetric Cryptosystems.

Shared secret:

Symmetric key algorithms rely on a shared secret encryption key that is distributed to all members who participate in the communications. This key is used by all parties to both encrypt and decrypt messages, so the sender and the receiver both possess a copy of the shared key. The sender encrypts with the shared secret key and the receiver decrypts with it.

Symmetric Key Cryptography, A.K.A:

Symmetric key cryptosystems (or secret key cryptosystems) rely on the use of a shared secret key. They are much faster than asymmetric algorithms, but they lack support for scalability, easy key distribution, and nonrepudiation.

Kerckhoffs's Principle (a.k.a: Kerckhoffs's assumption):

That a cryptographic system should be secure even if everything about the system, except the key, is public knowledge. The principle can be summed up as "The enemy knows the system."

Key Escrow:

The BEST EXAMPLE of SPLIT KNOWLEDGE is seen in THIS CONCEPT. IN THIS METHOD OF SPLIT KNOWLEDGE, cryptographic keys, digital signatures, and even digital certificates can be stored or backed up in a special database called the key escrow database. In the event a user loses or damages their key, that key can be extracted from the backup. CAUTION: if only a single key escrow recovery agent exists, there is opportunity for fraud and abuse of this privilege.

Logical Operations

The Boolean mathematics of cryptography uses a variety of logical functions to manipulate data. We'll take a brief look at several of these operations.

The NOT operation (the ∼ or ! symbol) - No-oPosite "reverses the value of an input variable, operates on only one variable at a time"

The NOT operation (represented by the ∼ or ! symbol) simply reverses the value of an input variable. This function operates on only one variable at a time. Here's the truth table for the NOT function: From the original: "0 1 1 0 1 1 0 0" To The opposite: ∼ X: "1 0 0 1 0 0 1 1"

The OR operation (∨ symbol): "Looking for Truth, i.e. 1's (ones)"

The OR operation (represented by the ∨ symbol) checks to see whether at least ONE of the INPUT VALUES IS TRUE. Refer to the following truth table for all possible values of the OR function. Notice that the only time the OR function returns a false value is when both of the input values are false: We'll use the same example we used in the previous section to show you what the output would be if X and Y were fed into the OR function rather than the AND function: X: 0 1 1 0 1 1 0 0 Y: 1 0 1 0 0 1 1 1 ___________________________ X ∨ Y: 1 1 1 0 1 1 1 1

Symmetric key decryption:

The RECEIVER DECRYPTS with the SHARED SECRET KEY.

Symmetric key encryption:

The SENDER ENCRYPTS with the SHARED SECRET KEY.

Most modern encryption algorithms...

implement some type of block cipher.

Moore's Law:

The rapid increase in computing power allows you to use increasingly long keys in your cryptographic efforts. But, this same computing power is also in the hands of cryptanalysts attempting to defeat the algorithms you use.

Modern cryptosystems rely on......

The secrecy of one or more cryptographic keys used to personalize the algorithm for specific users or groups of users.

Encryption:

The sender of a message uses a cryptographic algorithm to perform this on the plaintext message and produce a ciphertext message, represented by the "LETTER C"

Cryptanalysis:

The study of methods to defeat codes and ciphers.

CONCEALMENT CIPHERS:

These ciphers include steganography, which we discuss in the section "Steganography: A picture is worth a thousand (hidden) words," later in this chapter.

The Vigenère Cipher (French pronunciation: ​[viʒnɛːʁ]):

Think of an alphabet written 26 times under the master heading and shifting by one letter each time. A method of encrypting alphabetic text by using a series of interwoven Caesar ciphers, Based on the letters of a keyword. It is a form of POLYALPHABETIC SUBSTITUTION.

Federal Information Processing Standard (FIPS) 140-2:

This document, "Security Requirements for Cryptographic Modules," defines the hardware and software requirements for cryptographic modules that the federal government uses.

One-Way Functions:

This is a function in a mathematical operation that easily produces OUTPUT VALUES for each possible combination of inputs but makes it IMPOSSIBLE to RETRIEVE the INPUT VALUES.

Initialization Vector (IV):

This is one of the more recognizable examples of a Nonce. This example uses random bit string that is the same length as the block size and is XORed with the message. They are used to create unique ciphertext every time the same message is encrypted using the same key.

Confusion:

This occurs when the RELATIONSHIP BETWEEN the PLAINTEXT and the KEY is so COMPLICATED that an ATTACKER CAN'T merely CONTINUE ALTERING the PLAINTEXT and analyzing the resulting ciphertext to determine the key.

Cryptology:

Together, cryptography and cryptanalysis are commonly referred to as ?

Boolean Algebra: 1 =

True or 1 for true.

VENONA:

US cryptanalysts broke a top-secret Soviet cryptosystem that relied on the use of one-time pads. A pattern in the way the Soviets generated the key values used in their pads was discovered. The existence of this pattern violated the first requirement of a one-time pad cryptosystem: the keys must be randomly generated without the use of any recurring pattern.

Symmetric Cryptosystems:

Use a shared secret key available to all users of the cryptosystem.

Transposition Ciphers:

Use an encryption algorithm to REARRANGE the LETTERS of a PLAINTEXT MESSAGE, forming the CIPHERTEXT MESSAGE. The decryption algorithm simply reverses the encryption transformation to retrieve the original message. This is a type of block ciphers.

Asymmetric Cryptosystems:

Use individual combinations of public and private keys for each user of the system.

Polyalphabetic Substitution Ciphers:

Use multiple alphabets in the same message to hinder decryption efforts.

Substitution Ciphers:

Use the encryption algorithm to replace each character or bit of the plaintext message with a different character. The Caesar cipher discussed in the beginning of this chapter is a good example of a substitution cipher.

Symmetric Key Cryptography Strength:

VERY FAST, often 1,000 to 10,000 times faster than asymmetric algorithms. Lends itself to hardware implementations, an opportunity for even higher-speed operations.

Cryptographic Authentication:

Verifies the claimed identity of system users and is a major function of cryptosystems. For example, suppose that Bob wants to establish a communications session with Alice and they are both participants in a shared secret communications system. Alice might use a CHALLENGE-Response authentication technique to ensure that Bob is who he claims to be.

Split Knowledge:

When the information or privilege required to perform an operation is divided among multiple users, no single person has sufficient privileges to compromise the security of an environment.

Cipher:

Work on individual characters and bits! Always meant to hide the true meaning of a message. Use a variety of techniques to alter and/ or rearrange the characters or bits of a message to achieve confidentiality. They convert messages from plaintext to ciphertext on: 1). A bit basis (that is, a single digit of a binary code), 2). A character basis (a single character of an American Standard Code for Information Interchange (ASCII) message), 3). A block basis (that is, a fixed-length segment of a message, usually expressed in number of bits).

Codes:

Work on words and phrases! A common example of a code is the "10 system" of communications used by law enforcement agencies. Under this system, the sentence "I received your communication and understand the contents" is represented by the code phrase "10-4." Or a spy might transmit the sentence "The eagle has landed" to report the arrival of an enemy aircraft.

ROT # (rotation/shift):

You can express the ROT3 cipher in mathematical terms by converting each letter to its decimal equivalent (where A is 0 and Z is 25). So the ROT12 cipher would turn an A into an M, a B into an N, and so on.

Work Function:

You can measure the strength of a cryptography system by measuring the effort in terms of cost and/ or time using this function or factor. Usually the time and effort required to perform a complete brute-force attack against an encryption system is what this function represents.

Symmetric Cryptography:

You've learned the basic concepts underlying symmetric key cryptography, asymmetric key cryptography, and hashing functions. In the following sections, we'll take an in-depth look at several common symmetric cryptosystems: the Data Encryption Standard (DES), Triple DES (3DES), International Data Encryption Algorithm (IDEA), Blowfish, Skipjack, and the Advanced Encryption Standard (AES).

One-Time Pad:

The only cryptographic system that has an unlimited life span.

Cryptography:

The art of creating and implementing secret codes and ciphers

The exclusive OR (XOR) function. (the ⊕ symbol). "returns a true value when only one of the input values is true"

The final logical function you'll examine in this chapter is perhaps the most important and most commonly used in cryptographic applications—the exclusive OR (XOR) function. It's referred to in mathematical literature as the XOR function and is commonly represented by the ⊕ symbol. The XOR function returns a true value when only one of the input values is true. If both values are false or both values are true, the output of the XOR function is false. Here is the truth table for the XOR operation: 1). if both values are the same, the result is 0 (1 XOR 1 = 0). 2). If the bits are different from each other, the result is 1 (1 XOR 0 = 1). So: X: 0 1 1 0 1 1 0 0 Y: 1 0 1 0 0 1 1 1 = (X ⊕ Y): 1 1 0 0 1 0 1 1

Major Strengths Of Asymmetric Cryptography:

The following is a list of the major strengths of asymmetric key cryptography: 1. Adding new users requires the generation of only one public-private key pair making the algorithm extremely scalable. 2. Users can be removed far more easily from asymmetric systems. 3. Provides. a key revocation mechanism that allows a key to be canceled, effectively removing a user from the system. 4. Key regeneration is required only when a user's private key is compromised. 5. Provides integrity, authentication, and nonrepudiation. If a user does not share their private key with other individuals, a message signed by that user can be shown to be accurate and from a specific source and cannot be later repudiated. 6. Key distribution is a simple process. 7. No preexisting communication link needs to exist.

The longer the key.....

The harder it is to break the cryptosystem.

Modulo Function, (%) (mod): "8 mod 6 = 2"

The modulo function is extremely important in the field of cryptography. Think back to the early days when you first learned division. At that time, you weren't familiar with decimal numbers and compensated by showing a remainder value each time you performed a division operation. Computers don't naturally understand the decimal system either, and these remainder values play a critical role when computers perform many mathematical functions. The modulo function is, quite simply, the remainder value left over after a division operation is performed. The modulo function is usually represented in equations by the abbreviation mod, although it's also sometimes represented by the % operator. Here are several inputs and outputs for the modulo function: 8 mod 6 = 2 6 mod 8 = 6 10 mod 3 = 1 10 mod 2 = 0 32 mod 8 = 0

Calculating the number Of Keys for Asymmetric Key Algorithms:

The number of keys required for a asymmetric algorithm is double the number of users, so 10 users = 20 Keys.

Calculating the number Of Keys for Symmetric Key Algorithms:

The number of keys required for a symmetric algorithm is dictated by the formula (n*( n-1))/ 2, , —— so, —— for 10 participants , it would be 10 x (10-1="9") 9 = 90 ÷ 2 = 45