Chapter 4 Review
frequency analysis
Basic substitution and transposition ciphers are vulnerable to cracking. Depends on the fact that some letters and groups of letters appear more frequently in natural language than others.
Cryptography
(literally meaning "secret writing") has been around for thousands of years. It is the art of making information secure.
cryptographic primitive.
A single hash function, symmetric cipher, or asymmetric cipher is called
secret algorithm
Attempting to hide details of the cipher ______ amounts to "security by obscurity." Modern ciphers are made stronger by being open to review (cryptanalysis) by third-party researchers.
substitutions
Confusion is achieved by using complex _______ employing both the whole key and parts of the key to output ciphertext blocks.
Galois/counter mode (GCM)
Most modern systems use a type of counter mode called? addresses this by combining the ciphertext with a type of message authentication code (GMAC), similar to an HMAC. Where CBC is only considered secure when using a 256-bit key, ______ can be used with a 128-bit key to achieve the same level of security.
The value can have different properties depending on the type of cryptography being used:
Nonce Initialization vector (IV) Salt
out-of-band
Symmetric encryption involves the sender and receiver using the same key. In this instance, transmitting the key securely is a huge problem. You could use an _________ transmission method, such as sending the key by courier or transmitting it verbally, but these methods increase the risk that the key will be compromised, not to mention introducing an unacceptable delay to the establishment of a secure session.
side channel attacks
While extremely difficult to launch in practice, it means monitoring things like timing, power consumption, and electromagnetic emanation.means monitoring things like timing, power consumption, and electromagnetic emanation. Obviously, it is necessary to obtain a physical copy of the cryptographic system or to have some extremely sophisticated monitoring equipment installed.
In selecting a product or individual cipher for a particular use case
a tradeoff must be achieved between the demand for the best security available and the resources available for implementation.
Malicious mathematical attacks are
difficult to launch and the chances of success against up-to-date, proven technologies and standards are remote.
digital signature
is used to prove the identity of the sender of a message and to show that a message has not been tampered with since the sender posted it. This provides authentication, integrity, and non-repudiation.
This risk is mitigated by perfect forward secrecy (PFS)
key agreement to create ephemeral session keys without using the server's private key. PFS can be implemented using either the Diffie-Hellman Ephemeral mode (DHE or EDH) or Elliptic Curve Diffie-Hellman Ephemeral mode (ECDHE) cipher. Because the D-H key is truly ephemeral, even if the encrypted session is recorded there will be no way of recovering a key to use to decrypt it at a later date.
in-band
key exchange (over an unencrypted channel) is straightforward. Bob just tells Alice his public key. Alice uses this public key to encrypt a secret session key and sends it to Bob, confident that only Bob owns the private key that will allow the secret key to be decrypted. Alice and Bob can now send secure messages, encrypted using a symmetric cipher and a secret key that only they know.
cryptographic service provider (CSP)
makes use of the Windows crypto module (CryptoAPI or CryptoNG [next generation]) to perform encryption and/or authentication services. A ______ might be implemented in software or it might run as firmware (a smart card, for instance). In Windows®, the program that makes these calls is referred to as a?
resist cryptanalysis
many cryptographic modules need to apply a value to the data being encrypted to ensure that if two identical plaintexts are used as input, the output is never the same. The value is usually applied using an XOR operation. The value does not have to be kept secret.
Diffusion
means that predictable features of the plaintext should not be evident in the ciphertext. If one bit of the plaintext is changed, many bits in the ciphertext should change as a result. prevents attackers from selectively determining parts of the message. Modern ciphers must use both substitution and diffusion to resist cryptanalysis attacks.
Confusion
means that the key should not be derivable from the ciphertext. If one bit in the key changes, many bits in the ciphertext should change (each plaintext bit should have a 50% chance of flipping). Also, the same key should not be used by the algorithm in a predictable way when outputting ciphertexts from different plaintexts. prevents attackers from selectively generating encrypted versions of plaintext messages and looking for patterns in their relationship to try to derive the key.
Cipher Block Chaining (CBC)
mode improves ciphertext integrity by applying an Initialization Vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext. The output of the first ciphertext block is then combined with the next plaintext block using an XOR operation. This process is repeated through the full "chain" of blocks, which (again) ensures that no plaintext block produces the same ciphertext. The problem with CBC is that the "chain" nature of the algorithm means that it must be processed serially when performing encryption operations and cannot take advantage of the ability of modern CPUs to process information in parallel. Decryption can be performed in parallel.
Random Number Generator (RNG)
module in the cryptographic implementation is critical to its strength. There are two principal ways for an RNG to work: True random number generator (TRNG) Pseudorandom number generator (PRNG)
hash-based message authentication code (HMAC)
n RFC 2104, is a particular means of generating a MAC, using the MD5 (HMAC-MD5), SHA-1 (HMAC-SHA1), or SHA-2 (HMAC-SHA2) algorithm. The key and message are combined in a way designed to be resistant to "extension" attacks against other means of generating MACs.
It is important to realize that just because an algorithm, such as AES, is considered strong does
not mean that the implementation of that cipher in a programming library is also strong. The implementation may have weaknesses. It is vital to monitor the status of this type of programming code and apply updates promptly.
You must carefully choose an algorithm that meets the needs
of the situation and is appropriate for the environment in which it will be used.
each pad must only ever be used
once. Re-using a pad makes ciphertexts susceptible to frequency analysis. If used properly, one-time pads are unbreakable.
No encryption system is
perfect. Encryption technology considered unbreakable today could become vulnerable to the improved technology or mathematical techniques of 1, 10, 20, or 50 years' time.
XOR
produces 0 if both values are the same and 1 if the values are different, or, put another way, an this operation outputs to true only if one input is true and the other input is false. has a 50% chance of outputting one or zero.
Transport encryption
refers to encrypting data as it is sent over a network. Examples include IPSec (for any IP-based network) and other encrypted Virtual Private Network (VPN) protocols; Secure Sockets Layer/Transport Layer Security (SSL/TLS) for TCP/IP application protocols, such as HTTPS; and WEP/WPA for wireless networks.
True random number generator (TRNG)
sample some sort of physical phenomena, such as atmospheric noise, with a high rate of entropy (lack of order). This method is slow but considered much stronger.
Remember that cryptography depends absolutely on the security of the key. The inputs available for cryptanalysis are as follows:
• Known ciphertext— • Known plaintext— • Chosen plaintext— • Chosen ciphertext—
Malicious attacks on encryption systems are generally made for two reasons:
• To decipher encrypted data without authorization. • To impersonate a person or organization by appropriating their encryption keys.
Two of the most commonly used HASHING ALGORITHMS
cryptographic hash algorithms are SHA and MD5.
weak key
is one that produces ciphertext that is easy to cryptanalyze.
Key exchange
is the process by which sender and receiver share the key to use for encryption.
MODES OF OPERATION
Any given block cipher can be used in different _____, which refers to the way a cryptographic product processes multiple blocks.
DATA STATES
Data at rest Data in transit (or data in motion) Data in use
transposition
Diffusion is obtained through
Data Encryption Standard
It is a block cipher using 64-bit blocks and a 56-bit key. DES was shown to be flawed, prompting the development (in 1998) of Triple DES (3DES), where the plaintext is encrypted three times using different subkeys. In 2-key 3DES, there is one round with key1 then a round with key2, then a final round with key1 again, making the key size 112-bit. Another mode uses three different keys, for an overall key size of 168 bits. 3DES is deprecated for most applications. It has been replaced by the faster and more secure AES.
Advanced Encryption Standard (AES)
It is faster and more secure than 3DES. AES is also a block cipher with a block size of 128 bits and key sizes of 128, 192, or 256 bits. AES is the preferred choice for many new applications. As an open standard it is patent-free. Note that while the 168-bit overall key length of 3-key 3DES is nominally larger than 128-bit AES, the way the keys are used makes a 3DES ciphertext more vulnerable to cryptanalysis than an AES-128 one.
BLOWFISH/TWOFISH
It uses 64-bit blocks and variable key sizes (32—448 bits). Blowfish is both secure and fast. were made available copyright- and patent-free by their inventors. A related cipher Twofish was developed by an extended team to enter the AES competition.
SYMMETRIC BLOCK CIPHER ALGORITHMS
Popular symmetric block cipher algorithms include AES, Blowfish/Twofish, and DES/ 3DES.
digital envelope
Secret key (symmetric) encryption is generally faster than public key cryptography, but public key cryptography can provide higher levels of convenience and security. Therefore, often, both are used. This type of key exchange system is known as a
Man-in-the-Middle (MitM) attack
Some attacks depend on capturing the communications between two parties. They do not break the cryptographic system but exploit vulnerabilities in the way it is used.
crypto module or API (application programming interface)
The algorithms underpinning cryptography must be interpreted and packaged as a computer program (or programming library). will support commands generated from other applications, such as "Create a hash of this data," "Encrypt this data with this algorithm," or "Decrypt this data using this key." This can be described as a?
trapdoor functions
The basis of mathematical ciphers is to use an operation that is simple to perform one way (when all the values are known) but difficult to reverse. These are referred to as
white box cryptography
The key used for decryption must usually be bundled with the source code and this means that you are relying on security by obscurity rather than strong cryptography. Attempts to protect an embedded key while preserving the functionality of the code
counter mode
The problem of parallelism is addressed by ________ (referred to as CTM in the in the exam blueprint, but more commonly CTR or CM). CTR actually functions in much the same way as a stream cipher. Each block is combined with a nonce (or non-repeating) counter value. This ensures unique ciphertexts from identical plaintexts and allows each block to be processed individually and consequently in parallel, improving performance.
keyspace
The range of key values available to use with a particular cipher is called?
STREAM CIPHERS
ach byte or bit of data in the plaintext is encrypted one at a time. This is suitable for encrypting communications where the total length of the message is not known. Like a one-time pad, the plaintext is combined with a separate randomly generated message. Unlike a one-time pad, this is not predetermined but calculated from the key (keystream generator) and an Initialization Vector (IV). might use markers to allow for synchronization and retransmission.
DES, RC4, IDEA, and Blowfish are examples of
algorithms known to have weak keys.
Three different types of cryptographic algorithms
are used in computer security systems: hash functions, symmetric encryption, and asymmetric encryption.
HASHING ALGORITHMS
are widely used in computer programming to create a short representation of data. These functions are used for things like checksums to ensure the validity of data. A cryptographic hash algorithm also produces a fixed length string, called a message digest, from a variable length string. The difference is that the function is designed so that it is impossible to recover the original message from the digest (one-way) and so that different messages are unlikely to produce the same digest (a collision).
downgrade attack
can be used to facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. For example, rather than use TLS 2.0, as the server might prefer, the client requests the use of SSL. It then becomes easier for Mallory to forge the signature of a certificate authority that Alice trusts and have Alice trust his public key.
transport encryption
confidentiality means that a message cannot be deciphered without having the appropriate cipher and key (or alternatively the means to crack the cipher).
replay attack
consists of intercepting a key or password hash then reusing it to gain access to a resource, such as the pass-the-hash attack. This type of attack is prevented by using once-only session tokens or timestamping sessions.
Low latency uses
if cryptography is deployed with a real time-sensitive channel, such as voice or video, the processing overhead on both the transmitter and receiver must be low enough not to impact the quality of the signal.
substitution cipher
involves replacing units (a letter or blocks of letters) in the plaintext with different ciphertext. Simple substitution ciphers rotate or scramble letters of the alphabet. For example, ROT13 (an example of a Caesarian cipher) rotates each letter 13 places (so A becomes N for instance). The ciphertext "Uryyb Jbeyq" means "Hello World".
Diffie-Hellman (D-H)
is a key agreement protocol, protocol be referred to as Diffie-Hellman-Merkle. D-H itself is not used to encrypt messages or to authenticate senders. It is used to securely agree on a key to encrypt messages using a symmetric encryption algorithm, such as AES.
message authentication code (MAC)
is a means of proving the integrity and authenticity of a message. To produce it rather than a simple digest, the message is combined with a secret key. As the secret key should be known only to sender and recipient and cannot be recovered from ______ (the function is one-way), in theory only the sender and recipient should be able to obtain the same _____, confirming the message's origin and that it has not been tampered with.
Rivest Ciphers (or Ron's Code)
is a stream cipher using a variable length key (from 40 to 128 bits). ______ was used in Secure Sockets Layer (SSL) and Wired Equivalent Privacy (WEP) but is now usually deprecated in favor of more modern ciphers.
Symmetric encryption
is a two-way encryption algorithm in which encryption and decryption are both performed by a single secret key. Alternatively, there may be two keys or multiple subkeys, but these are easy to derive from possession of the master key. The secret key is so-called because it must be kept secret. If the key is lost or stolen, the security is breached. is used for confidentiality only. Because the same key must be used to encrypt and decrypt information, it cannot be used to prove someone's identity (authentication and non-repudiation). If you tell someone the key to allow them to read a message that you have sent to them, they would gain the ability to impersonate you.
birthday attack
is a type of brute force attack aimed at exploiting collisions in hash functions. A collision is where a function produces the same hash value for two different plaintexts. This type of attack can be used for the purpose of forging a digital signature. The attack works as follows: the attacker creates a malicious document and a benign document that produce the same hash value. The attacker submits the benign document for signing by the target. The attacker then removes the signature from the benign document and adds it to the malicious document, forging the target's signature. The trick here is being able to create a malicious document that outputs the same hash as the benign document. The _______ paradox means that the computational time required to do this is less than might be expected.
one-time pad
is an unbreakable encryption mechanism. Itself is the encryption key. It consists of exactly the same number of characters as the plaintext and must be generated by a truly random algorithm. To encode and decode the message, each character on the pad is combined with the corresponding character in the message using some numerical system.
Elliptic curve cryptography (ECC)
is another type of trapdoor function used to generate public/private key pairs. ECC was published by Neal Koblitz and Victor Miller in 1985, though they arrived at the idea independently of one another. The principal advantage of ECC over RSA's algorithm is that there are no known "shortcuts" to cracking the cipher or the math that underpins it, regardless of key length. Consequently, ECC used with a key size of 256 bits is very approximately comparable to RSA with a key size of 2048 bits.
Non-repudiation
is linked to identification and authentication. It is the concept that the sender cannot deny sending the message. If the message has been encrypted in a way known only to the sender, it follows that the sender must have composed it.
Low power devices
some technologies require more processing cycles and memory space. This makes them slower and means they consume more power. Consequently, some algorithms and key strengths are unsuitable for handheld devices and embedded systems, especially those that work on battery power. Another example is a contactless smart card, where the card only receives power from the reader and has fairly limited storage capacity, which might affect the maximum key size supported.
transposition cipher
stay the same in plaintext and ciphertext, but their order is changed, according to some mechanism. See if you can figure out the cipher used on the following example: "HLOOLELWRD".
legacy algorithms
such as MD5, 3DES, and RC4 cannot use key sizes larger than 128 bits. That makes them susceptible to brute force attacks.
Known ciphertext
the analyst has obtained the ciphertext but has no additional information about it. The attacker may use statistical methods such as frequency analysis to try to break the encryption.
Chosen ciphertext
the attacker can submit ciphertexts to the same cryptographic process to derive corresponding plaintexts. The aim of this type of attack is to deduce the key used for decryption.
Chosen plaintext
the attacker can submit plaintexts to the same cryptographic process to derive corresponding ciphertexts, facilitating analysis of the algorithm and potentially recovery of the key.
Known plaintext
the attacker knows or can guess some of the plaintext present in a ciphertext, but not its exact location or context. This can greatly assist with analysis.
Resource versus security constraints
the comparative strength of one cipher over another largely depends on the bit-strength of the key and the quality of the algorithm. Some algorithms have known weaknesses and are deprecated for use in particular contexts.
block cipher
the plaintext is divided into equal-size blocks (usually 64- or 128-bit). If there is not enough data in the plaintext, it is padded to the correct size using some string defined in the algorithm. For example, a 1200-bit plaintext would be padded with an extra 80 bits to fit into 10 x 128-bit blocks. Each block is then subjected to complex transposition and substitution operations, based on the value of the key used.
Nonce
the principal characteristic of a nonce is that it is never reused ("number used once") within the same scope (that is, with the same key value). It could be a random or pseudo-random value, or it could be a counter value.
Initialization vector (IV)
the principal characteristic of an IV is that it be random (or pseudo-random). There may also be a requirement that an IV not be reused (as with a nonce), but this is not the primary characteristic.
To create a digital signature using RSA encryption
the private key is used to encrypt the signature; the public key is distributed to allow others to read it.
a secure cipher must exhibit
the properties of confusion and diffusion.
to use PFS
the server and client must negotiate use of a mutually supported cipher suite. A browser will usually try to select a PFS-compatible suite but may not support one supported by the server. Also, the server is able to "dictate" use of a preferred cipher suite and may not be set to prefer PFS. Use of Diffie-Hellman key agreement is likely to reduce server performance, though as use of PFS becomes more prevalent, faster implementations of the cipher suites are likely to be developed.
If a deprecated algorithm is in use
there is no need for panic, but there will be a need for a plan to closely monitor the affected systems and to transition to better technologies as quickly as is practical.
SHA-2
these are variants using longer digests (notably 256 bits and 512 bits). also addresses the weaknesses found in SHA-1.
Salt
this is also a random or pseudo-random number or string. The term salt is used specifically in conjunction with cryptographically hashing password values.
Cryptanalysis
this is the art of breaking or "cracking" cryptographic systems.
Cipher
this is the process (or algorithm) used to encrypt and decrypt a message.
Data in use—
this is the state when data is present in volatile memory, such as system RAM or CPU registers and cache. Examples of types of data that may be in use include documents open in a word processing application, database data that is currently being modified, event logs being generated while an operating system is running, and more. When a user works with data, that data usually needs to be decrypted as it goes from in rest to in use. The data may stay decrypted for an entire work session, which puts it at risk. However, some mechanisms, such as Intel Software Guard Extensions (https://software.intel.com/en-us/sgx/details) are able to encrypt data as it exists in memory, so that an untrusted process cannot decode the information.
Data in transit (or data in motion)
this is the state when data is transmitted over a network. Examples of types of data that may be in transit include website traffic, remote access traffic, data being synchronized between cloud repositories, and more. In this state, data can be protected by a transport encryption protocol, such as TLS or IPSec.
Data at rest
this state means that the data is in some sort of persistent storage media. Examples of types of data that may be at rest include financial information stored in databases, archived audiovisual media, operational policies and other management documents, system configuration data, and more. In this state, it is usually possible to encrypt the data, using techniques such as whole disk encryption, database encryption, and file- or folder-level encryption. It is also possible to apply permissions—access control lists (ACLs)—to ensure only authorized users can read or modify the data. ACLs can be applied only if access to the data is fully mediated through a trusted OS.
SHA-1
this was quickly released (in 1995) to address a flaw in the original SHA algorithm. It uses a 160-bit digest. was subsequently found to exhibit weaknesses.
asymmetric algorithm, operations are performed by
two different but related public and private keys in a key pair.
The keyspace is roughly equivalent to
two to the power of the size of the key. However, some keys within the ______ may be considered easy to guess ("weak") and should not be used. Using a longer key (2048 bits rather than 1024 bits, for instance) makes the encryption scheme stronger.
Asymmetric encryption
underpins many of the identification and authentication features of private and public networks. supports technologies such as digital signatures and transport encryption will help you to implement and support these important technologies.
MESSAGE DIGEST ALGORITHM (MDA/MD5)
uses a 128-bit hash value. is considered a weak algorithm as ways have been found to exploit collisions in the cipher. A collision is where a function produces the same hash value for two different inputs. Consequently, is no longer considered secure for password hashing or signing digital certificates. Despite this, most forensic tools default to using it as it is a bit faster than SHA, it offers better compatibility between tools, and the chances of an adversary exploiting a collision in that context are remote.
Twofish
uses a larger block size (128-bit) and keys up to 256 bits long. were made available copyright- and patent-free by their inventors.
Pseudorandom number generator (PRNG)
uses software routines to simulate randomness. The generator usually uses data from the system, such as mouse and keyboard input timing, process IDs, and hard drive samples, as a seed. The seed state is then passed through a mathematical formula in order to output a pseudorandom number.
Man-in-the-Middle (MitM) attack is prevented by
using secure authentication of public keys, such as associating the keys with certificates. This should ensure that Alice rejects Mallory's public key.
secure hash algorithm (SHA)
was created to address possible weaknesses in MDA (see the following). There are two versions of the standard in common use:
The way a cipher is implemented in software may also lead to
weak keys being used. An example of this is a bug in the pseudo-random number generator for the OpenSSL server software for Debian Linux, discovered in 2008