Chapter 8 Modern Cryptography

Rivest, Shamir, Adleman (RSA)

-based on factoring large numbers into their prime values -Is one of the most popular and secure asymmetric cryptosystems. -Is based on the difficulty of factoring N, a product of two large prime numbers (201 digits). -Has key-length ranges from about 512 bits to 8,000 bits (2401 digits).

Merkle-Hellman Knapsack

-based on the subset sum problem: given a list of numbers and a sum, determine the subset used to create the sum

A hybrid cryptography system works as follows:

1. A plaintext message is encrypted into ciphertext with a symmetric session key. 2. The symmetric session key is then encrypted with asymmetric cryptography using the public key of the recipient. 3. The encrypted symmetric session key and the ciphertext are sent to the recipient. 4. The recipient decrypts the symmetric session key with asymmetric cryptography (using the recipient's private key). 5. The ciphertext is then decrypted into plaintext with the decrypted session key.

When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?

Key clustering

Non-Repudiation

The assurance that someone cannot deny something.

Symmetric

This key is where the sender uses a private key to encrypt a message. Then the recipient uses that same private key to decrypt it.

Ephemeral keys

are generated every time the key establishment process is executed and only exist for the lifetime of a specific communication session. As such, these keys have a relatively short lifespan

Key stretching

- strengthens weak encryption keys against exhaustive key search attacks -the initial key is fed into an algorithm that enhances it to create a stronger key -commonly used key stretching algorithms include the following: PBKDF2 bcrypt scrypt

Ron's Cipher v2 or Ron's Code v2 (RC2)

-A symmetric cryptography method that implements a variable-key-sized block cipher and was designed to replace DES. -Uses 64-bit blocks. -Uses 8 to 128-bit keys in 8-bit increments. -Uses salt, which is used to modify a password hash by using a random string of data to prohibit password hash matching types of attacks.

Stream ciphers:

-Are best used for small amounts of data, usually less than 64 bits -Are slower than symmetric key block ciphers -Are best implemented in hardware because the data size makes it infeasible to have enough RAM or CPU cycles to process the data -Use bitwise functions in which the cipher is calculated on the individual bits in the datastream -Use a keystream generator to produce long streams of bits with no patterns -Are capable of block cipher emulation and can be used with block ciphers -Common uses for symmetric-key stream ciphers include ATM card PINs and smart cards.

Block ciphers:

-Are fast. -Can process large amounts of data. They do not process small amounts of data well. -Are typically implemented in software. -Use a substitution and transposition function. -Apply several alternating rounds of substitution and transposition. A round refers to data going through one substitution and transposition process. -May begin to show patterns in the cipher when processing large amounts of data. -Can be strengthened by implementing an Initialization Vector (IV) at the start of the encryption process.

Asymmetric encryption is used for:

-Data encryption to secure data. -Digital signing to confirm the integrity of the message and the authenticity of the sender. -Key exchange to ensure keys are secure during transit. -Asymmetric encryption is often used to securely exchange symmetric keys.

DES has four primary modes:

-Electronic Code Book (ECB): each block of text is run through the DES encryption and cipher text is created, weakest- subject to patterns -Cipher Block Chaining (CBC) mode-increases randomness. -Output Feedback (OFB) mode-adds stream emulation -Cipher Feedback (CFB) mode- strengthens OFB by increasing the randomness and variability

Two mechanisms are used that determine how long a cryptographic key remains in use:

-Ephemeral keys are generated every time the key establishment process is executed and only exist for the lifetime of a specific communication session. As such, these keys have a relatively short lifespan. -Static keys can be reused by multiple communication sessions. As such, these keys remain in use for a relatively long period of time.

If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.)

-The discovered password will allow the attacker to log in as the user, even if the discovered password is not the same as the user's password. -A collision was discovered.

Asymmetric encryption functions in the following manner:

-The public key is made available to anyone; the private key is kept secret. -One key encrypts and the other key decrypts. For example, if data is encrypted with the public key, the private key is used to decrypt the data. -The strength of an asymmetric encryption system lies in the secrecy and security of its private keys. If the private key is ever discovered, a new key pair must be generated. -Both private and public keys are created on a local machine by a local security authority (the security kernel) and a cryptographic service provider (CSP). -Asymmetric key ciphers are two associated algorithms that are inverses of each other. Both of the algorithms are easy to compute. -It is computationally infeasible to derive the second algorithm from the first without the private key.

Hybrid Cryptography

-Used by operating systems, applications, and other components of information systems -combines the strengths of both the symmetric and asymmetric cryptography systems (meaning that symmetric systems can process large amounts of data relatively fast, and asymmetric systems can securely distribute keys)

The most frequently used implementation of symmetric key stream ciphers is Ron's Code (or Ron's Cipher) v4, known as RC4. RC4:

-Uses a variable key up to 256 bits -Is commonly used with WEP and SSL -Uses the Key Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA)

ElGamal

-based on a discrete logarithm problem -Extends Diffie-Hellman for use in encryption and digital signatures -Is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems -Is considered to be very slow when used to create digital signatures -The Digital Signature Algorithm is a variant of the ElGamal signature scheme.

Elliptic Curve Cryptography (ECC)

-based on groups of numbers in an elliptical curve -Is a more efficient algorithm than other algorithms -Is used in conjunction with other methods to reduce the key size -Is suitable for small amounts of data for small devices, such as smart phones and PDAs -Produces a key of 160 bits that is equivalent to 1024-bit RSA key, which means less computational power and memory requirements. -an implementation of the Diffie-Hellman key exchange protocol -It allows two parties, each having their own elliptic curve public/private key pair, to generate symmetric keys simultaneously over a non-secure channel.

Keyed-hash Message Authentication Code (HMAC)

-embeds a symmetric key into a message before the message is hashed. When the message is received, the recipient's symmetric key is added back into the message before hashing the message. If the hash values match, message integrity is proven -Can use any hashing function, although more secure hashing functions are preferable, including SHA-1, MD5, and RIPEMD. -Is suitable anytime senders and receivers wish to guarantee integrity between sender and receiver. -May not be used for non-repudiation; both sender and receiver can correctly generate an HMAC output.

Diffie-Hellman Key Exchange

-first asymmetric algorithm -key agreement protocol that generates symmetric keys simultaneously at sender and recipient sites over non-secure channels -Provides for key distribution and does not provide any cryptographic services Is based on calculating discreet logarithms in a finite field -Is used in many algorithms and standards such as DES -Is subject to man-in-the-middle attacks and requires strong authentication to validate the end points -does not use authentication; however, it is used as a base for many other authenticated protocols -used to provide perfect forward secrecy by TLS when operating in ephemeral mode (referred to as EDH or DHE)

Blowfish

A keyed symmetric block cipher that was intended to be free of the problems associated with other algorithms and replace DES. -Uses 64-bit blocks and key lengths anywhere from 32 to 448 bits -Has no effective known cryptanalysis currently

Digital Signature

A mathematical scheme for demonstrating the authenticity of digital message or document.

Symmetric Cryptography

A method of encryption that uses a single key for both encryption and decryption.

Asymmetric Cryptography

A method of encryption that uses two different yet mathematically related keys, one for encryption and one for decryption.

Cipher Block Chaining (CBC):

A plaintext block is combined with the previous cipher text block, and the result is encrypted with the key.

Diffusion

A property of a cryptographic algorithm that identifies the amount of change to the ciphertext when there is a change in the input text.

Confusion

A property of a cryptographic algorithm that makes the relationship between the key and ciphertext as complex as possible.

Encryption Key

A random string of bits used in an encryption algorithm to scramble and unscramble data.

Twofish

A symmetric block cipher that permits a wide variety of tradeoffs between speed, software size, key setup time, and memory. -Uses 128-bit blocks and variable key lengths (128-, 192-, or 256-bits) -Uses up to 16 rounds of substitution and transposition -Was the runner up to Rijndael in the selection of the algorithm of AES

SkipJack

A symmetric cryptography method created by the NSA that uses the Clipper chip (Very Large Scale Integration) device with an Advanced RISC Machine (ARM). -Encrypts 64-bit blocks of data with an 80-bit key -Uses the Clipper chip (Very Large Scale Integration) device with an Advanced RISC Machine (ARM) -Became unpopular when a backdoor was discovered that allowed the NSA to decrypt all messages produced by the Clipper chip

Ron's Cipher v5 or Ron's Code v5 (RC5)

A symmetric cryptography method that implements a symmetric-key block cipher cryptographic algorithm produced by RSA Security, Inc. -Supports 32-, 64-, or 128-bit blocks -Supports key sizes 0-2K -Can implement up to 255 rounds of substitution and transposition -Supports variable bit length keys and variable bit block sizes

International Data Encryption Algorithm (IDEA)

A symmetric cryptography method that is a minor revision of an earlier PES (Proposed Encryption Standard) that uses 64-bit blocks with 128-bit keys and is employed by Pretty Good Privacy (PGP) email encryption. -Uses 64-bit blocks with 128-bit keys -Is used by Pretty Good Privacy (PGP) email encryption -Is an optional algorithm in OpenPGP -Does not support variable block size

Stream Cipher

A symmetric encryption that is performed on each bit within a stream of data in real time.

Block Cipher

A symmetric encryption that transposes plaintext to ciphertext in chunks (block by block).

Galois/Counter Mode (GCM)

A variation of the Counter mode, the throughput rates do not require high performance hardware to produce acceptable high speed communication channels.

Data Encryption Standard (DES)

A very popular symmetric cryptography method created by the National Security Agency (NSA) that was one of the first symmetric encryption methods and is now obsolete due to known weaknesses. -Was adopted by the government for sensitive but unclassified encryption -Uses data encryption algorithm with a 56-bit key and 8-bit parity -Implements a 64-bit block size with 16 rounds of substitution and transposition -Is used in IPsec as its weakest and fastest encipherment -Can be easily broken

Which of the following is not a countermeasure against dictionary attacks?

A. Avoiding common words B. Using three or four different keyboard character types (lowercase, uppercase, numerals, and symbols) C. Using short passwords D. Avoiding industry acronyms (C)

ElGamal

An asymmetric encryption system based on a discrete logarithm problem.

Rivest, Shamir,Adleman (RSA)

An asymmetric encryption system based on factoring large numbers into their prime values.

Elliptic CurveCryptography (ECC)

An asymmetric encryption system based on groups of numbers in an elliptical curve.

Merkle-Hellman Knapsack

An asymmetric encryption system based on the subset sum problem (given a list of numbers and a sum, determine the subset used to create the sum).

Asymmetric Encryption

An encryption method that uses two mathematically related keys called a key pair

Triple DES (3DES)

An enhanced version of DES. -Applies DES three times -Uses a 168-bit key -Is used in IPsec as its strongest and slowest encipherment

Advanced Encryption Standard (AES)

An iterative symmetric-key block cipher that was developed as a replacement for DES in 2001 -Uses the Rijndael Block Cipher, which is resistant to all known attacks -Uses a variable-length block and key length (128-, 192-, or 256-bit keys) -Is stronger and faster than 3DES when implemented with a large key size (256-bits) -Was selected as the method to replace DES

Which of the following is a mathematical attack that targets the complexity of a cryptosystem's algorithm?

Analytic attack

Which of the following statements is true when comparing symmetric and asymmetric cryptography?

Asymmetric key cryptography is used to distribute symmetric keys.

If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition?

Birthday attack

Counter (CTR)

Both the sender and recipient access a reliable counter that computes a new shared value each time a ciphertext block is exchanged. The counter needs to be synchronized between both parties.

Which of the following attacks typically takes the longest amount of time to complete?

Brute force attack

Which of the following is used in conjunction with a local security authority to generate the private and public key pair used in asymmetric cryptography?

CSP (resides on the client and generates the key pair. This is a software program that can generate keys using a specific algorithm)

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this?

Chosen plaintext

Which of the following functions are performed by the TPM?

Create a hash of system components

High Resilience Cryptography

Cryptographic protocols that remain secure and resistant to side channel attacks.

Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt or a local copy of a security accounts database?

Dictionary

Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5, or any other symmetric cryptography solution?

Diffie-Hellman

Which of the following is a direct protection of integrity?

Digital signature

What is the most obvious means of providing non-repudiation in a cryptography system?

Digital signatures

Digital Signatures explained

Digital signatures are created using the sender's private key. Thus, only the sender's public key can be used to verify and open any data encrypted with the sender's private key. The recipient's private and public keys are not involved in this type of cryptography situation. Often, the hashing value of a message is protected by the sender's private key (their digital signature). The recipient must extract the original hashing value.

Cipher Feedback (CFB)

Each cipher text block is fed back into the encryption and then used to encrypt the next plaintext block.

Which of the following is an example of a statistical attack against a cryptosystem?

Exploiting a computer's inability to produce random numbers

What is the main function of a TPM hardware chip?

Generate and store cryptographic keys

Which of the following password attacks adds appendages to known dictionary words?

Hybrid

Which form of cryptanalysis focuses on weaknesses in software, the protocol, or the encryption algorithm?

Implementation attack

In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text?

Known plaintext

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?

Mary's private key

When a sender encrypts a message using their own private key, what security service is being provided to the recipient?

Non-repudiation

Symmetric-key encryption uses the following key distribution methods:

Out-of-band distribution In-band distribution

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Private keys

Block Cipher

Provides confidentiality and authenticity services. A block cipher can encrypt or decrypt one fixed-length block. It encrypts or decrypts one large chunk of data (or block) at a time, often combining blocks for additional security. Are more useful when the amount of data is known.

Explain Asymmetric cryptography

Public key (asymmetric) cryptography uses two keys: one is referred to as the public key, and the other the private key. This key pair overcomes the difficulties associated with the secure distribution of private keys. The communicating parties do not need to share secret information; only the public keys are shared. Public keys are associated with users through authentication, usually through a mutually trusted directory, such as a certificate authority. The sender transmits a confidential message using only the recipient's public key. The message can only be decrypted with the associated private key possessed solely by the recipient. Public key cryptography not only provides encryption, but is the basis for authentication technologies such as digital signatures.

Perfect forward secrecy can be implemented in public-key cryptography systems so that:

Random public keys are generated for each session. No deterministic algorithm is used when generating the public keys.

Asymmetric encryption is used with the following protocols:

SSL/TLS IPsec VPNs (PPTP, L2TP, SSTP) S/MIME and PGP for email security SSH tunnels

Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message?

Sam's public key

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?

Sender's private key Receiver's private key Receiver's public key ----Sender's public key

Which of the following best describes a side-channel attack?

The attack is based on information gained from the physical implementation of a cryptosystem.

Low Latency

The delay before a transfer of data begins to follow an instruction for its transfer.

Diffie-Hellman Key Exchange

The first asymmetric algorithm developed by Whitfield Diffie and Martin Hellman in 1976 that generates symmetric keys simultaneously at sender and recipient sites over non-secure channels.

Output Feedback (OFB)

The output blocks are fed back into the block cipher. These blocks then make strings of bits to feed the encryption algorithm, acting as the key generator.

Encryption

The process of converting information or data into an code to prevent unauthorized access.

The success of asymmetric encryption is dependent upon which of the following?

The secrecy of the key

Why are brute force attacks always successful?

They test every possible valid combination.

Cryptanalysis

This is the method of recovering original data that has been encrypted without having access to the key used in the encryption process. --can be done to measure and validate the strength of a cryptosystem. --can also be done to violate the confidentiality and/or integrity of a cryptosystem.

Asymmetric

This key is where the sender's key and receiver's key are different for the encryption and decryption processes.

How many keys are used with asymmetric (public key) cryptography?

Two

Collision

When two or more inputs create the same ciphertext.

Elliptic curve Diffie-Hellman (ECDH)

an implementation of the Diffie-Hellman key exchange protocol using elliptic curve cryptography. It allows two parties, each having their own elliptic curve public/private key pair, to generate symmetric keys simultaneously over a non-secure channel.

Perfect forward secrecy

can be implemented in public key cryptography system so that random public keys are generated for each session. No deterministic algorithm is used when generating the public keys.

Static keys

can be reused by multiple communication sessions. As such, these keys remain in use for a relatively long period of time

Asymmetric key encryption can provide:

confidentiality (encryption), strong authentication, and non-repudiation.

Symmetric-key encryption is a form of cryptography that provides

confidentiality with a weak form of authentication or integrity

Out-of-band distribution

involves manually distributing the key, such as copying the key to a USB drive and sending it to the other party.

In-band distribution

uses mechanisms such as the following to distribute the key: -Using a key distribution algorithm such as Diffie-Hellman -Using asymmetric technology to encrypt the key for distribution