Security Ch. 9
key-distribution center (KDC)
A trusted organization that provides keys
Vigenère cipher
It works like multiple Caesar ciphers, each with its own shift characters
Message authentication
Message authentication confirms the identity of the person who started a correspondence
XKMS
The Extensible Markup Language (XML) key management specification
Anonymity
This disguises a user's identity
Revocation
This stops authorization for access to data
public (asymmetric) key
Those that use different keys to encrypt and decrypt
simple substitution cipher( cryptogram)
allowing any letter to uniquely map to any other letter
cipher
an algorithm to encrypt or decrypt information
quantum cryptography
bases its algorithms on the properties of quantum mechanics
digital signature
binds a message or data to a specific entity
certificate authority (CA)
can vouch for the validity of a credential
Symmetric key cryptography
cannot secure correspondence until after the two parties exchange keys
elliptic curve cryptography (ECC)
ciphers depend on the algebraic structures of elliptic curves over finite fields
SSL Handshake Protocol
consists of two phases: server authentication and an optional client authentication
Chosen-ciphertext attack
cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system
Nonrepudiation
enables you to prevent a party from denying a previous statement or action
key-encrypting key
encrypt a key
one-way algorithms / hashing functions
encryption algorithms that have no decryption algorithms
block cipher
encrypts an entire block of data at a time
stream cipher
encrypts one byte (or bit) at a time
differential cryptanalysis
looking for patterns in vast amounts of ciphertext
Open ciphers
make it possible for experts around the world to examine the ciphers for weaknesses
key management
managing keys
ephemeral
new for each session
Key revocation
occurs when someone is no longer trusted or allowed to use a cryptosystem
Key distribution
paper, digital media, or hardware transfer
IPSec
protects Internet Protocol (IP) packets from disclosure or change
perfect forward secrecy
protects past sessions from future session compromises
Timestamping
provides an exact time when a producer creates or sends information
Transposition ciphers
rearranges characters or bits of data.
Rivest-Shamir-Adelman (RSA)
relies on the difficulty of factoring large numbers
field theory
rely on the difficulty of solving certain mathematical problems
Substitution ciphers
replaces bits, characters, or blocks of information with other bits, characters, or blocks
ciphertext
secret message (encrypted)
Caesar cipher.
shifts each letter in the English alphabet a fixed number of positions
message digest algorithm
takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by finding another input
connection encryption / transport encryption
the encryption (and decryption) occurs at the transport layer in the network stack
cryptography
the art of concealing information from others
Chosen-plaintext attack
the cryptanalyst can encrypt any information and observe the output
Ciphertext-only attack (COA)
the cryptanalyst has access only to a segment of encrypted data and has no choice as to what those data may be
Known-plaintext attack (KPA)
the cryptanalyst possesses certain pieces of information before and after encryption
out-of-band key exchange
the key is exchanged within a different communications channel that is going to be encrypted.
in-band key exchange
the key is exchanged within the same communications channel that is going to be encrypted.
plaintext
unencrypted data
session keys
unique keys for each session
Secure Shell (SSH)
used to set up secure logon sessions to remote servers.
public key infrastructure (PKI)
user authentication and tools that securely send passwords across the Internet
keyword mixed alphabet cipher
uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet
Asymmetric key cryptography
uses a cipher with two separate keys
Elliptic Curve DHE (ECDHE
uses algebraic curves to generate keys
Attribute-based encryption (ABE)
uses descriptive attributes to encrypt and decrypt data
Diffie-Hellman in Ephemeral mode (DHE)
uses modular arithmetic to generate keys
identity-based encryption (IBE)
uses the encryptor's identity to derive a key
Receipt and confirmation
Receipt verifies that an entity acknowledges information has arrived. Confirmation acknowledges that the provider has provided a service.
steganography
Simply hiding information
AES
The U.S. government uses it
ANSI X9.17
The financial industry created this standard to define key management procedures
Data Encryption Standard (DES)
The most scrutinized cipher in history
keyspace
The number of possible keys to a cipher
Vernam cipher
The only unbreakable cryptographic cipher
cryptanalysis
The process of breaking codes
Ownership
This associates a person with information to claim legal rights
private (symmetric) key
Those that use the same key to encrypt and decrypt
key escrow
a key storage method that allows some authorized third party access to a key under certain circumstances
product cipher
a combination of multiple ciphers
ISAKMP
a key management strategy using security association (SA
algorithm
a repeatable process that produces the same result when it receives the same input
Diffie-Hellman algorithm
a sender and receiver use asymmetric encryption to securely exchange symmetric keys. After the initial key exchange, each party can then use symmetric encryption to encrypt and decrypt data
salt value
a set of random characters that you can combine with an actual input key to create the encryption key
key
a string of numbers or characters known only to the sender and/or recipient
public key cryptography
a system that allows correspondents to communicate only over a public channel using publicly known techniques
key directory
a trusted repository of all public keys
cryptosystem
algorithms, or ciphers, used to encrypt and decrypt data
Decryption
the process of unscrambling ciphertext into plaintext.
Encryption
the process of scrambling plaintext into ciphertext