Lesson 5 Cryptography C836
A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode
AES
is a set of symmetric block ciphers endorsed by the US government through NIST, and now used by a variety of other organizations, and is the replacement for DES as the standard encryption algorithm for the US federal government.
AES
uses three different ciphers: one with a 128-bit key, one with a 192-bit key, and one with a 256-bit key, all having a block length of 128 bits.
AES
AES shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode.
AES shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode.
Also known as public key cryptography, this method uses two keys: a public key and a private key.
Asymmetric key cryptography
corroborates the identity of an entity, whether it is the sender, the sender's computer, some device, or some information.
Authentication
represent a third cryptography type alongside symmetric and asymmetric cryptography, what we might call keyless cryptography.
Hash functions
These provide integrity (but not confidentiality) and are used to determine whether the message has changed
Hashes
cannot be used to discover the contents of the original message, or any of its other characteristics, but can be used to determine whether the message has changed. In this way, hashes provide integrity, but not confidentiality
Hashes
also serves as the basis for Microsoft's Active Directory, can make use of a variety of cryptographic protocols.
Kerberos
provides the basis of many single sign-on (SSO) implementations. SSO allows us to create a set of associated applications or systems that can all be accessed through a centralized login system. Kerberos also serves as the basis for Microsoft's Active Directory. As with many of the other cryptographic applications we have discussed, Kerberos can make use of a variety of cryptographic protocols.
Kerberos
can provide security for terminal connections, file transfers, remote desktop tools, VPN connectivity, Web browsing, and most any other application to which we might care to apply it.
SSH
There are a large number of other well-known symmetric block ciphers, including Twofish, Serpent, Blowfish, CAST5, RC6, and IDEA, as well as stream ciphers, such as RC4, ORYX, and SEAL.
There are a large number of other well-known symmetric block ciphers, including Twofish, Serpent, Blowfish, CAST5, RC6, and IDEA, as well as stream ciphers, such as RC4, ORYX, and SEAL.
connections use a variety of protocols to make a secure connection between two system
VPN
We are somewhat limited in our ability to protect which type of data? A Data in use B Data in motion C Data at rest
A Data in use
Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. The company is concerned that a wily, computer-savvy competitor will send e-mail messages pretending to be from Shovels and Shingles to its customers, in an attempt to gather customer information. What encryption solution best prevents a competitor from successfully impersonating the company? A Digital signatures B Advanced Encryption Standard (AES) C SSL D Blowfish E Elliptic Curve Cryptography (ECC)
A Digital signatures
Backordered Parts is a defense contractor that builds communications parts for the military. The employees use mostly Web-based applications for parts design and information sharing. Due to the sensitive nature of the business, Backordered Parts would like to implement a solution that secures all browser connections to the Web servers. What encryption solution best meets this company's needs? A Elliptic Curve Cryptography (ECC) B Digital signatures C Advanced Encryption Standard (AES) D Blowfish
A Elliptic Curve Cryptography (ECC)
The specifics of the process used to encrypt the plaintext or decrypt the ciphertext
Cryptographic algorithm
A type of cipher that takes a predetermined number of bits in the plaintext message (commonly 64 bits) and encrypts that block
Block cipher
Hashes provide _______, but not _______. A Confidentiality, integrity B Integrity, availability C Integrity, confidentiality D Availability, integrity E Confidentiality, availability
C Integrity, confidentiality
is a trusted entity that handles digital certificates. One well-known at present is VeriSign
CA
public key infrastructure (PKI) generally composed of two main components,
CAs that issue and verify certificates and the registration authorities (RAs) that verify the identity of the individual associated with the certificate.
is a generally public list that holds all the revoked certificates for a certain period of time
CRL
An example of ancient cryptography based on transposition and involving the shifting of each letter of the plaintext message by a certain number of letters, historically three
Caesar cipher
is based on transposition and involves shifting each letter of the plaintext message by a certain number of letters, historically three
Caesar cipher
Created to link a public key to a particular individual; used as a form of electronic identification for that person
Certificate
A trusted entity that handles digital certificates
Certificate authority (CA)
A public list that holds all the revoked certificates for a certain period of time
Certificate revocation list (CRL)
are created to link a public key to a particular individual and are often used as a form of electronic identification for that particular person
Certificates
DES can operate in several different block modes, including
Cipher Block Chaining (CBC), Electronic CodeBook (ECB), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR).
The science of breaking through the encryption used to create the ciphertext
Cryptanalysis
The science of keeping information secure
Cryptography
is the science of keeping information secure
Cryptography
The overarching field of study that covers cryptography and cryptanalysis
Cryptology
The science of breaking through encryption is known as _____. A Cryptography B Cryptology C Ciphertext D Cryptanalysis
D Cryptanalysis
is a block cipher based on symmetric key cryptography and uses a 56-bit key. Although DES was considered to be very secure for some period of time, it is no longer considered to be so.
DES
symmetric key algorithms have been in regular use by the US government and others as standard algorithms for protecting highly sensitive data.
DES, 3DES, and AES,
Data is generally considered to be at rest when it is on a storage device of some kind and is not moving over a network, through a protocol,
Data at Rest
Data that is on a storage device of some kind and is not moving
Data at rest
This type of data is protected using data security (encryption) and physical security
Data at rest
Data that is moving over a WAN or LAN, a wireless network, over the internet, or in other ways
Data in motion
This type of data is best protected by protecting the data itself (using SSL, TLS) and protecting the connection (using IPsec VPN, SSL VPN)
Data in motion
This type of data is the hardest to protect
Data in use
The process of recovering the plaintext message from the ciphertext
Decryption
is the process of recovering the plaintext message from the ciphertext
Decryption
A method of securing a message that involves generating a hash and encrypting it using a private key
Digital signature
allow us to sign a message in order to enable detection of changes to the message contents, to ensure that the message was legitimately sent by the expected party, and to prevent the sender from denying that he or she sent the message, known as nonrepudiation.
Digital signatures
A subset of cryptography that refers specifically to the transformation of unencrypted data into its encrypted form
Encryption
Cryptography is also commonly and interchangeably referred to as
Encryption
Also referred to as message digests, these functions do not use a key
Hash functions
are generally easy to perform in one direction but very difficult to perform in the other direction. Factorization of very large numbers is an example. Such problems form the basis of many modern cryptographic systems.
One-way problems
created by Phil Zimmerman, was one of the first strong encryption tools to reach the eye of the general public and the media. Created in the early 1990s, the original release of PGP was based on a symmetric algorithm and could be put to use in securing data such as communications and files.
PGP
Another name for unencrypted data
Plaintext (or cleartext)
Infrastructure that includes the CAs that issue and verify certificates and the registration authorities (RAs) that verify the identity of the individuals associated with the certificates
Public key infrastructure (PKI)
uses the same mechanism as the Caesar cipher but moves each letter 13 places forward.
ROT13
This more recent cipher uses the same mechanism as the Caesar cipher but moves each letter 13 places forward
ROT13 cipher
named for its creators Ron Rivest, Adi Shamir, and Leonard Adleman, is an asymmetric algorithm used all over the world, including in the Secure Sockets Layer (SSL) protocol, which is used to secure many common transactions such as Web and e-mail traffic.
RSA algorithm,
have replaced MD5 in cases where stringent hash security is required.
SHA-2 and the soon-to-arrive SHA-3
are often used to protect information sent over networks and over the Internet, and they operate in conjunction with other protocols such as Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) for e-mail, Hypertext Transfer Protocol (HTTP) for Web traffic, VoIP for voice conversations, instant messaging
SSL and TLS
allows us to create a set of associated applications or systems that can all be accessed through a centralized login system
SSO
Uses the RSA algorithm, an asymmetric algorithm, to secure web and email traffic
Secure Sockets Layer (SSL) protocol
A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time
Stream cipher
Also known as private key cryptography, this uses a single key for both encryption of the plaintext and decryption of the ciphertext
Symmetric key cryptography
also known as private key cryptography, utilizes a single key for both encryption of the plaintext and decryption of the ciphertext. The key itself must be shared between the sender and the receiver, and this process, known as key exchange
Symmetric key cryptography
cryptography, also known as public key cryptography, utilizes two keys: a public key and a private key.
asymmetric key
cipher takes a predetermined number of bits, known as a block, in the plaintext message and encrypts that block. Blocks are commonly composed of 64 bits but can be larger or smaller depending on the particular algorithm being used
block cipher
Symmetric key cryptography makes use of two types of ciphers
block ciphers and stream ciphers.
Unencrypted Data
called plaintext or cleartext
An algorithm used for cryptographic purposes is known as a
cipher
encrypted data
cipher text
Another name for encrypted data
ciphertext
symmetric key cryptography by itself provides only _______and, not integrity
confidentiality
The science of breaking through the encryption used to create the ciphertext is referred to as
cryptanalysis
The specifics of the process used to encrypt the plaintext or decrypt the ciphertext is referred to as a
cryptographic algorithm
he overarching field of study that covers cryptography and cryptanalysis is referred to as
cryptology
a concept that covers a given algorithm and all possible keys, plaintexts, and ciphertexts.
cryptosystem
The act of scrambling plain text into cyphertext is known as
encryption
Cryptographic algorithms generally use a key, or multiple keys, in order to encrypt or decrypt the message, this being roughly analogous to a password. The range of all possible values for the key is referred to as the
keyspace
encrypts each bit in the plaintext message, 1 bit at a time. It is also possible for a block cipher to act as a stream cipher by setting a block size of 1 bit.
stream cipher
The ciphertext can be decrypted by applying the same number of shifts in the opposite direction. This type of encryption is known as a
substitution cipher,
An encryption cipher that uses the same key to encrypt and decrypt is called a
symmetric (private) key
There are three main categories of cryptographic algorithms:
symmetric key cryptography, also known as private key cryptography; asymmetric key cryptography, also known as public key cryptography; and hash functions that we might refer to as keyless cryptography.