CHapter 8: Cryptography

IDEA

International Data Encryption Algorithm (IDEA) Developed by a Swiss consortium. It's an algorithm that uses a 128-bit key. This product is similar in speed and capability to DES, but it's more secure. IDEA is used in Pretty Good Privacy (PGP), a public domain encryption system used by many for email. Currently, Ascom AG holds the right to market IDEA.

Electronic Watermarking

Is a form of steganography where the image contains a watermark placed there by the original artist, proving that copyright infringement has occurred in a copy is relatively easy.

What is key bit the DES is based on ?

It is a 64 bit encryption, 8 of these key are for error connection

Common method of verifying integrity

Adding a MAC to a message

What key bit is used by CAST?

CAST uses a 40-bit to 128-bit key, and it's very fast and efficient. Two additional versions, CAST-128 and CAST-256, also exist.

OTPs

One-Time Pads (OTP) Key that is used only once at the length as a plain text message

Cryptographic hash

A function that is one-way (nonreversible), has a fixed length output, and is collision resistant.

Forward secrecy

A property of any key exchange system that ensures that if one key is compromised, subsequent keys will not also be compromised

Salt

Bits added to a hash to make it resistant to rainbow table attacks.

Main purpose of LANMAN and NTLM

Although LANMAN and NTLM both employ hashing, they are used primarily for the purpose of authentication.

Block or Stream Cipher

An algorithm that takes one character and replaces it with one character.

What is the difference between Towfish encryption and Blowfish encryption?

Blowfish is a 64 bit block cipher, Towfish works on 128 bit blocks. This makes blowfish faster and less reliable, unlike Towfish.

Kerckhoff's Principle

The security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself

CBC

Cipher Block Chaining Divide the plain text into blocks (often 64-bit or 128-bit) and encrypt each block, one at a time. What CBC does is that when one block is finished encrypting, before the second block is started, the output of the first block is XOR'd with the plain text of the next block.

CBC

Cipher Block Changing when one block is finished encrypting, before the second block is started, the output of the first block is XOR'd with the plain text of the next block.

CIA

Confidentiality, Integrity, Availability

Asymmetric Cipher

Cryptographic algorithms that use two different keys— one key to encrypt and another to decrypt. Also called public key cryptography.

DES

Data Encryption Standard (DES) Its been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES

DHKE

Diffie-Hellman key exchange They are considered the founders of the public/private key concept. This algorithm is used primarily to generate a shared secret key across public networks. The process isn't used to encrypt or decrypt messages; it's used merely for the creation of a symmetric key between two parties.

List of ways the symmetric cipher can be executed?

ECB CBC CTM or CTR GCM

ECB

Electronic Cipher Book (ECB) Mode of operation for a block cipher , with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa. In other words, the same plaintext value will always result in the same ciphertext value.

Enterprise Mode

In the context of wireless networking, this refers to using a centralized authentication server such as RADIUS for authentication, instead of a pre-shared key (PSK).

Feistel Cipher

Feistel ciphers, also called Feistel networks, and Feistel functions are specific algorithm types developed originally by Horst Feistel and first used in DES. The process is to split the block of plain text into two halves. One half is put through a round function (repeated each round) and the other is not. Next the half that was not put through the round function is XOR'd with the output of the half that was put through the round function and the two are swapped. This process is repeated each round of the algorithm. DES, for example, goes for 16 rounds.

Hashing Algorithm

Function that takes a variable length string; and compresses and transforms it into a fixed length- output called a hash or message digest

What is key bit the 3DES is based on ?

It is a 168 bit encryption key

code barker attack used to identify Hitler messages

Known Plain Text attack

LSB

Least Significant Bit

LANMAN

Local Area Network Manager Prior to the release of Windows NT, Microsoft's operating systems used the LANMAN protocol for authentication. While functioning only as an authentication protocol, LANMAN used LM Hash and two DES keys. It was replaced by the NT LAN Manager (NTLM) with the release of Windows NT.

MAC

Message Authentication Code Message added to a hash to validate the integrity of the message

Birthday Attack

Method of code breaking technique that attacks on cryptographic hashes, based on something called the birthday theorem.

PBKDF2

Password-Based Key Derivation Function 2 part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.

PFS

Perfect forward secrecy occurs when the process of key exchange is unbreakable.

PRNG

Pseudo Random Number Generator (PRNG) is an algorithm that generates a sequence of numbers that seems random but is actually completely predictable.

RIPEMD

RACE Integrity Primitives Evaluation Message Digest There were questions regarding its security, and it has been replaced by RIPEMD-160, which uses 160 bits. There are versions in existence that use 256 and 320 bits (RIPEMD-256 and RIPEMD-320, espectively), but all versions of RIPEMD remain.

Downgrade Attack

The idea is to trick the user into shifting to a less secure version of the protocol, one that might be easier to break. used normally in secure communications such as TLS

Function of the public key in an asymmetric algorithm

The receiver uses the private key to decrypt the message

Replay Attack

When a user sends their login information, even if it is encrypted, the attacker captures it and later sends the same information. The user never decrypted that login information; they simply replayed it.

Collision

When two different inputs into a cryptographic hash produce the same output, this is known as a collision.

Vigenère cipher (Vee-zha-nair)

a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword.

Transposition Cipher

involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled.

Substitution Cipher

is a type of coding or ciphering system that changes one character or symbol into another.

PSK

preshared key Mode where the client and the wireless access point must negotiate and share a key prior to initiating communications.

Symmetric Algorithms

require both the sender and receiver of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected

Atbash

reverse the order of the letters of the alphabet. This is, by modern standards, a very primitive and easy-to-break cipher. For example, in English: A becomes Z, B becomes Y, C becomes X, and so forth.

GOST

symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. GOST processes a variable-length message into a fixed-length output of 256 bits.

Cryptographic System

system, method, or process that is used to provide encryption and decryption. It may be a hardware, software, or manually performed process

Steganography

the art and science of hiding information by embedding messages within other, seemingly harmless messages

Cryptology

the science of interpreting secret writings, codes, ciphers, and the like

Cryptanalysis

the study and practice of finding weaknesses in ciphers

What are the two approaches with Key Exchange?

+ In-band key exchange + out-ofband key exchange.

What are the 3 major areas of modern Cryptography

+ Symmetric cryptography + Asymmetric cryptography + Hashing algorithms

List common code breaking techniques

+Brute Force +Frequency Analysis +Known Plain Text +Chosen Plain Text +Related Key Attack +Birthday Attack +Downgrade Attack +Replay Attack +Dictionary attack

Methods of "key Stretching"

+PBKDF2 +Bcrypt

List of the two variations of ECC

1. Elliptic Curve Diffie-Hellman (ECC-DH) 2. Elliptic Curve Digital Signature Algorithm (ECC-DSA)

List the Improvements caused by CBC

1. Introduces more diffusion 2. Makes known plaintext attacks tottally ineffective

Three key characteristics of a hashing function

1. It must be one-way. This means that it is not reversible. Once you hash something, you cannot un-hash it. 2. Variable-length input produces fixed-length output. This means that whether you hash two characters or two million, the hash size is the same. 3. The algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.

What are the uses for PRNG?

1. Produces better random numbers used for cipher keys 2. Generates IVs

Name of the two keys used by the asymmetric algorithms

1. Public key 2. Private key

List of the four asymmetric systems used today

1. RSA 2. Diffie-Hellman Key Exchange 3. ECC 4. ElGamal

Why are OTPs completely secure?

1. They use a key that is as long as a plain-text message. This means that there is no pattern in the key application for an attacker to use. 2. One-time pad keys are used only once and then discarded.

What are 2 issues with Symmetric cipher?

1. latency refers to the difference between the time you input plain text and the time get out cipher text. You might think that it would be good simply to keep churning away at input, scrambling it more and more. However, low latency is a goal of any cipher. This is particularly important in low-power devices. The longer it takes to encrypt data, the more power is consumed. 2. High resiliency The concern is various rather advanced attacks that can "leak" a portion of the secret key, such as with side-channel attacks. The nature of these attacks is beyond the scope of this text. Nonetheless, the concept of high resiliency is that algorithms that are resilient are less prone to leaking bits of data.

Value produced by the SHA

160-bit Hash Value

Value produced by the SHA-2

224, 256, 334, and 512 bit. SHA-2 is the most widely used

Diffusion

A symmetric cipher where a change in a single bit of input changes more than one bit of the output

Confusion

A symmetric cipher where the relationship between the plain text, cipher text, and key are very difficult to see

Rainbow Table

A table of precomputed hashes used to guess passwords by searching for the hash of a password.

Caesar cipher

A technique for encryption that shifts the alphabet by some number of characters. Here is an example: I will pass the Security plus test. If you shift each letter three to the right, you get the following: L zloo sdvv wkh Vhfxulwb soxv whvw.

AES

Advanced Encryption Standard (AES) Replaced DES as the current standard, and it uses the Rijndael algorithm. AES is the current product used by U.S. governmental agencies. It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.

ElGamal

An asymmetric algorithm, and several variations of ElGamal have been created, including Elliptic Curve ElGamal. ElGamal and related algorithms use what is called an ephemeral key. An ephemeral key is simply a key that exists only for that session. Essentially, the algorithm creates a key

Symmetric Cipher

Any cryptographic algorithm that uses the same key to encrypt and decrypt. DES, AES, and Blowfish are examples.

The Enigma machine was created by German engineer _____________ by the end of _______________

Arthur Scherbius, World War I

CAST

Carlisle Adams and Stafford Tavares (CAST) encryption algorithm used in some products offered by Microsoft and IBM. CAST uses a 40-bit to 128-bit key, and it's very fast and efficient. Two additional versions, CAST-128 and CAST-256, also exist.

CHAP

Challenge Handshake Authentication Protocol (CHAP) is a challenge-response authentication protocol which uses MD5 hashing, that periodically re authenticates

CTM or CTR

Counter Mode Used to convert a block cipher into a stream cipher. It basically works by generating a keystream block by encrypting sequential values of some counter.

ECC

Elliptic Curve Cryptography Provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security. ECC encryption systems are based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems. Many vendors have implemented, or are implementing, the ECC system for security. The National Security Agency has also recommended several implementations of ECC. You can expect that ECC will be commonly implemented in mobile devices in the near future.

In-band key exchange

Encryption key is exchanged between parties as part of the communication

Blowfish Encryption

Encryption that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).

GCM

Galois Counter Mode A mode of operation used for encryption. It combines the Counter (CTM) mode with hashing techniques for data authenticity and confidentiality. In normal counter mode, each block is encrypted with a cipher in a sequential manner to produce a stream cipher.

GOST

Gosudarstvennyy (GOST) It was classified but released to the public in 1994. It uses a 64-bit block and a key of 256 bits. It is a 32-round Feistel cipher. The official designation is GOST 28147-89. It was meant as an alternative to the U.S. DES algorithm and has some similarities to DES.

Exclusive OR (XOR)

If one and only one, of the bits has the value of 1 then the result is 1. Else result value is 0 0+0=0 0+1=1 1+0=1 1+1=0

LSB method

If you changed the very last bit (the least significant bit in each byte), then that would not make a noticeable change in the image. In other words, you could not tell that anything had been changed. Using this fact, you can store data by putting it in the least significant bits of an image file.

IV

Initialization vector Provides randomization of encryption keys to help ensure that keys are not reused. WEP was susceptible to IV attacks because it used relatively small IVs. In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze, and discovers the encryption key.

MD5

MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security. Its biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use. SHA (1 or 2) are the recommended alternatives.

MDA

Message Digest Algorithm Creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. MD4 was used by NTLM to compute the NT Hash.

Dictionary Attack

Method of code breaking technique that involves attempting common words that might be used as a password, hoping one will work.

Frequency Analysis attack

Method of code breaking technique that involves looking at the blocks of an encrypted message to determine any patterns

Known Plain Text attack

Method of code breaking technique that involves the attacker having pairs of known plain text along with the corresponding cipher text. This gives the attacker a place to start attempting to derive the key.

Brute Force attack

Method of code breaking technique that involves trying every possible key

NTLM

Network LAN Manager Uses MD4/MD5 hashing algorithms. Several versions of this protocol exist (NTLMv1, NTLMv2), and it is still in widespread use despite the fact that Microsoft has pointed to Kerberos as being its preferred authentication protocol.

Collision

Occurs when two different inputs to a hashing algorithm produce the same output.

What is RC4 recognized for?

RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2,048 bits, and it is used in SSL and TLS. It is also popular with utilities used for downloading BitTorrent files, since many providers limit the download of these. By using RC4 to obfuscate the header and the stream, it makes it more difficult for the service provider to realize that they are indeed BitTorrent files being moved about.

Symmetric Key

Referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system

Key stretching

Refers to processes used to take a key that might be a bit weak and make it stronger, usually by making it longer

Security through obscurity

Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security practices.

RSA Encryption

Rivest-Shamir-Adleman (RSA) is the most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication. This symmetric Key of a minimum length of 2,048 bits.

RSA

Ron Rivest, Adi Shamir, and Leonard Adleman The RSA algorithm is an early public key encryption system that uses large integers as the basis for the process. It's widely implemented, and it has become a de-facto standard. RSA works with both encryption and digital signatures

RC

Ron's Cipher (RC) Is an encryption family produced by RSA laboratories. RC stands for Ron's Cipher or Ron's Code. (Ron Rivest is the author of this algorithm.) The current levels are RC4, RC5, and RC6. RC5 uses a key size of up to 2,048 bits. It's considered to be a strong system.

SHA

Secure Hash Algorithm Designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol.

Out-of-band key exchange

Some other channel that is going to be secured, is used to exchange the key.

X.509

The X.509 standard is the most widely used standard for digital certificates.

Function of the public key in an asymmetric algorithm

The sender uses a public key to encrypt the message

Related Key Attack

This is like a chosen plain-text attack, except the attacker can obtain cipher texts encrypted under two different keys.

ROT13

This simple algorithm rotates every letter 13 places in the alphabet. Thus an A becomes an N, a B becomes an O, and so forth. The same rotation of 13 letters that is used to encrypt the message is also used to decrypt the message.

3DES

Triple Digital Encryption Standard A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES.

Towfish Encryption

Twofish is quite similar to blowfish, and it works on 128-bit blocks. The distinctive feature of the latter is that it has a complex key schedule.

Bcrypt

Used with passwords, and it essentially uses a derivation of the Blowfish algorithm converted to a hashing algorithm to hash a password and add Salt to it.

Ciphering

is the process of using a cipher to do that type of scrambling to a message.

Cryptography

is the science of altering information so that it cannot be decoded without a key