Chapter 7 Terminology
What is ROT13?
"rotate 13," is another simple substitution cipher. works the same way as the Caesar cipher but rotates every letter 13 places in the alphabet. Thus an A becomes an N, a B becomes an O, and so forth. Because the alphabet has 26 letters, you can use the same rotation of 13 letters to decrypt the message.
What do modern cryptosystems use for bits in a key?
128-bit key, at a minimum protects data against prying eyes. *The length of the key directly relates to the work function of the cryptosystem; for a secure cryptosystem, the lo
What is a Cipher?
A cipher is a method used to scramble or obfuscate characters to hide their value.
What is a Substitution Cipher?
A substitution cipher is a type of coding or ciphering system that changes one character or symbol into another. Character substitution can be a relatively easy method of encrypting information.
What is a way to protect intellectual property?
Adding digital watermarks to documents is accomplished by means of steganography. The hidden information is known only to the file's creator. If someone later creates an unauthorized copy of the content, the watermark can be used to detect the copy and (if uniquely watermarked files are provided to each original recipient) trace the offending copy back to the source.
What's are some important factors of CTR mode?
As with OFB mode, errors do not propagate in CTR mode. CTR mode allows you to break an encryption or decryption operation into multiple independent steps. This makes CTR mode well suited for use in parallel computing.
What does Authentication do in cryptography?
Authentication verifies the claimed identity of system users and is a major function of cryptosystems. For example, suppose that Bob wants to establish a communications session with Alice and they are both participants in a shared secret communications system. Alice might use a challenge-response authentication technique/protocol to ensure that Bob is who he claims to be.(pg 309/995)
What is the process in which cryptography is used today?
Before a message is put into coded form, it is known as plain-text message and is represented by the letter P when encryption functions are described. The sender of a message uses a cryptographic algorithm to encrypt the plain-text message and produce a ciphertext message, represented by the letter C. This message is transmitted by some physical or electronic means to the recipient. The recipient then uses a predetermined algorithm to decrypt the ciphertext message and retrieve the plaintext version.
What are two major categories Modern ciphers fit into?
Block ciphers Stream ciphers
What is a Block Cipher?
Block ciphers operate on "chunks," or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. The transposition ciphers are examples of block ciphers. The simple algorithm used in the challenge-response algorithm takes an entire word and reverses its letters. The more complicated columnar transposition cipher works on an entire message (or a piece of a message) and encrypts it using the transposition algorithm and a secret keyword. Most modern encryption algorithms implement some type of block cipher.
What is one of the oldest known substitution ciphers?
Caesar cipher, It was purportedly used by Julius Caesar. The system involves simply shifting all letters a certain number of spaces in the alphabet. Supposedly, Julius Caesar used a shift of three to the right. This simply means that you turn the A's of a message into D's, the B's into E's, and so on. When you hit the end of the alphabet, you simply "wrap around" so that X's become A's, Y's become B's, and Z's become C's. Decrypting a message encrypted with the Caesar cipher follows the reverse process Here is an example: I WILL PASS THE EXAM If you shift each letter three to the right, you get the following: L ZLOO SDVV WKH HADP
What is Ciphering?
Ciphering is the process of using a cipher to do that type of scrambling to a message.
What algorithms are used to perform encryption and decryption operations?
Ciphers
Was Cryptography strong back before the modernization of Cryptography?
Classic methods used relatively simple techniques that a human being could usually break in a reasonable amount of time. The obfuscation used in modern cryptography is much more sophisticated and can be unbreakable within a practical period of time.
What is Columnar transposition?
Columnar transposition is a classic example of a transposition cipher. With this cipher, you choose the number of rows in advance, which will be your encryption key. You then write your message by placing successive characters in the next row until you get to the bottom of a column. M E E T M E I N T H E S T O R E Using a key of 4, you would write the message in four rows, like this: M M T T E E H O E I E R T N S E Then, to get the ciphertext, you read across the rows instead of down the columns, giving you M M T T E E H O E I E R T N S E To decrypt this message, you must know that the message was encrypted using four rows, and then you use that information to recreate the matrix, writing the ciphertext characters across the rows. You then decrypt the message by reading down the columns instead of across the rows.
What allows cryptanalysts the possibility to defeat the algorithms you use?
Compute power
What allows you to use increasingly long keys in your cryptographic efforts?
Compute power
What practice is paralleled by cryptography?
Cryptoanalysis - the study of methods to defeat codes and ciphers.
The art of creating and implementing secret codes and ciphers is known as what?
Cryptography
How old is Cryptography?
Cryptography is a field almost as old as humankind. The first recorded cryptographic efforts occurred 4,000 years ago. Which focused exclusively on the goal of confidentiality.
Specific implementations of a code or cipher in hardware and software are known as what?
Cryptosystems
What are cryptographic keys sometimes referred as?
Cryptovariables.
What became the building block for 3DES?
DES
How does Output Feedback Mode(OFB) mode operate?
DES operates in almost the same fashion as it does in CFB mode. However, instead of XORing an encrypted version of the previous block of ciphertext, DES XORs the plain text with a seed value. For the first encrypted block, an initialization vector is used to create the seed value. Future seed values are derived by running the DES algorithm on the previous seed value.
How does DES operate?
DES uses a long series of exclusive or (XOR) operations to generate the ciphertext. This process is repeated 16 times for each encryption/decryption operation. Each repetition is commonly referred to as a round of encryption, explaining the statement that DES performs 16 rounds of encryption.
Both of these 3DES variants have an effective key length of 112 bits...
DES-EEE2 mode and DES-EDE2 mode *the third and fourth variant
What are the five variants of Triple DES(3DES)?
DES-EEE3 mode DES-EDE3 mode DES-EEE2 mode DES-EDE2 mode DES-EDE1 mode
How does DES-EEE3 mode work?
DES-EEE3 simply encrypts the plaintext three times, using three different keys: K1 , K2 , and K3 . (the Es indicate that there are three encryption operations, whereas the numeral 3 indicates that three different keys are used). DES-EEE3 can be expressed using the following notation, where E(K,P) represents the encryption of plaintext P with key K: E(K1,E(K2,E(K3,P))) DES-EEE3 has an effective key length of 168 bits.
When developing a cryptographic system for the purpose of providing confidentiality, you much think of what three types of data?
Data at rest, or stored data, is that which resides in a permanent location awaiting access. Examples of data at rest include data stored on hard drives, backup tapes, cloud storage services, USB devices, and other storage media. Data in motion, or data on the wire, is data being transmitted across a network between two systems. Data in motion might be traveling on a corporate network, a wireless network, or the public Internet. Data in use is data that is stored in the active memory of a computer system where it may be accessed by a process running on that system.
What is another term for Data in transit?
Data on the wire
How does Cipher Block Chaining Mode(CBC) mode operate?
Each block of unencrypted text is combined with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. The decryption process simply decrypts the ciphertext and reverses the encryption operation. CBC uses an initialization vector (IV), which is a randomly selected value that is used to start the encryption process. CBC takes the IV and combines it with the first block of the message using an operation known as the exclusive or (XOR), producing a unique output every time the operation is performed. The IV must be sent to the recipient, perhaps by tacking the IV onto the front of the completed ciphertext in plain form or by protecting it with ECB mode encryption using the same key used for the message.
How does Electronic Codebook(ECB) mode operate?
Each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key. This means that if the algorithm encounters the same block multiple times, it will produce the same encrypted block. *is the simplest mode to understand and the least secure.
What are the two operations of Cryptography?
Encryption, which transforms plain-text information into ciphertext using an encryption key Decryption, which transforms ciphertext back into plain text using a decryption key.
What are some of the goals of Cryptography?
First among these is the goal of confidentiality, which corresponds to one of the three legs of the CIA triad. Organizations use encryption to protect sensitive information from prying eyes. The second goal, integrity, also corresponds to one of the three elements of the CIA triad. Organizations use cryptography to ensure that data is not maliciously or unintentionally altered. When we get to the third goal, authentication, the goals of cryptography begin to differ from the CIA triad. Although authentication begins with the letter A, remember that the A in the CIA triad is "availability." Authentication refers to uses of encryption to validate the identity of individuals. The fourth goal, nonrepudiation, ensures that individuals can prove to a third party that a message came from its purported sender.
What is a key?
For the most part, a key is nothing more than a number. It's usually a very large binary number, but it's a number nonetheless. Every algorithm has a specific key space. The key space is the range of values that are valid for use as a key for a specific algorithm. A key space is defined by its key length. Key length is nothing more than the number of binary bits (0s and 1s) in the key. The key space is the range between the key that has all 0s and the key that has all 1s. Or to state it another way, the key space is the range of numbers from 0 to 2 n , where n is the bit size of the key. So, a 128-bit key can have a value from 0 to 2128 (which is roughly 3.40282367 × 1038, a very big number!).
How can a cryptanalytic use techniques to decipher a ECB?
If an enemy were eavesdropping on the communications, they could simply build a "code book" of all the possible encrypted values. After a sufficient number of blocks were gathered, cryptanalytic techniques could be used to decipher some of the blocks and break the encryption scheme.
How is ECB mode be used?
In everyday use, ECB is used only for exchanging small amounts of data, such as keys and parameters used to initiate other DES modes as well as the cells in a database.
Can I derive a message from a hash function?
It's extremely difficult, if not impossible, and it's very unlikely that two messages will produce the same hash value.
What are several weaknesses of Symmetric key cryptography?
Key distribution is a major problem. Parties must have a secure method of exchanging the secret key before establishing communications with a symmetric key protocol. If a secure electronic channel is not available, an offline key distribution method must often be used (that is, out-of-band exchange). Symmetric key cryptography does not implement nonrepudiation. Because any communicating party can encrypt and decrypt messages with the shared secret key, there is no way to prove where a given message originated. The algorithm is not scalable. It is extremely difficult for large groups to communicate using symmetric key cryptography. Secure private communication between individuals in the group could be achieved only if each possible combination of users shared a private key. Keys must be regenerated often. Each time a participant leaves the group, all keys known by that participant must be discarded.
How does modern cryptosystems deal with public algorithms?
Modern cryptosystems rely on the secrecy of one or more cryptographic keys used to personalize the algorithm for specific users or groups of users *As long as the security of this keyword is maintained, it doesn't matter that third parties know the details of the algorithm.
Is 56 bit key adequate in facing modern cryptanalytic techniques and supercomputing power?
No, this Data Encryption Standard no longer protects from these kinds of attacks.
What key doesn't guarantee Repudiation?
Secret key, or symmetric key, cryptosystems (such as simple substitution ciphers) For example, If Jim and Bob participate in a secret key communication system, they can both produce the same encrypted message using their shared secret key.
What is Steganography?
Steganography is the art of using cryptographic techniques to embed secret messages within another file. Steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files. The changes are so minor that there is no appreciable effect on the viewed image. This technique allows communicating parties to hide messages in plain sight—for example, they might embed a secret message within an illustration on an otherwise innocent web page. Steganographers often embed their secret messages within images, video files, or audio files because these files are often so large that the secret message would easily be missed by even the most observant inspector. Steganography techniques are often used for illegal or questionable activities, such as espionage and child pornography. Steganography can also be used for legitimate purposes, however.
What is a Stream Cipher?
Stream ciphers operate on one character or bit of a message (or data stream) at a time. The Caesar cipher is an example of a stream cipher. The one-time pad is also a stream cipher because the algorithm operates on each letter of the plaintext message independently. Stream ciphers can also function as a type of block cipher. In such operations there is a buffer that fills up to real-time data that is then encrypted as a block and transmitted to the recipient.
What are the two primary types of nonmathematical cryptography, or ciphering methods?
Substitution Transposition
Comparisons of Asymmetric cryptography & Symmetric cryptography...
Symmetric ///////////////////////////////// Asymmetric Single shared key//////////////////////////Key pair sets Out-of-band exchange///////////////In-band exchange Not scalable///////////////////////////////////Scalable Bulk encryption///////////////////////////Small blocks of data, digital signatures, digital certificates Confidentiality, integrity/////////////////Confidentiality, integrity, authentication, nonrepudiation
What two types of cryptosystems enforce confidentiality?
Symmetric cryptosystems use a shared secret key available to all users of the cryptosystem. Asymmetric cryptosystems use individual combinations of public and private keys for each user of the system. Both of these concepts are explored in the section "Modern Cryptography" later in this chapter.
What is the Enigma Machine?
The Enigma machine was created by the German government during World War II to provide secure communications between military and political units. Looked like a typewriter with some extra features. The operator was responsible for configuring the machine to use the code of the day by setting the rotary dials at the top of the machine and configuring the wires on the front of the machine. The inner workings of the machine implemented a polyalphabetic substitution, changing the substitution for each character of the message. Current location: National Security Agency's National Cryptologic Museum
What does asymmetric key algorithms provide support for?
digital signature technology Basically, if Bob wants to assure other users that a message with his name on it was actually sent by him, he first creates a message digest by using a hashing algorithm. Bob then encrypts that digest using his private key. Any user who wants to verify the signature simply decrypts the message digest using Bob's public key and then verifies that the decrypted message digest is accurate.
What is data in motion susceptible to?
eavesdropping attacks
What is a Polyalphabetic Substitution?
have multiple substitution alphabets for the same message. For example, you might shift the first letter by three to the right, the second letter by two to the right, and the third letter by one to the left; then repeat this formula with the next three letters.
When did the U.S. Gov. publish the DES?
in 1977 the DES was published as a proposed standard cryptosystem for all government communications.
When was the DES superseded by the AES?
in December 2001.
What is Obfuscation?
is a concept closely related to confidentiality. It is the practice of making it intentionally difficult for humans to understand how code works. This technique is often used to hide the inner workings of software, particularly when it contains sensitive intellectual property.
What is Cryptography?
is the practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.
How does Cipher Feedback Mode(CFB) mode operate?
is the streaming cipher version of CBC. In other words, CFB operates against data produced in real time. However, instead of breaking a message into blocks, it uses memory buffers of the same block size. As the buffer becomes full, it is encrypted and then sent to the recipients. Then the system waits for the next buffer to be filled as the new data is generated before it is in turn encrypted and then transmitted. Other than the change from preexisting data to real-time data, CFB operates in the same fashion as CBC.
What is data in use susceptible to?
may be accessed by unauthorized processes if the operating system does not properly implement process isolation
What does Nonrepudiation do in cryptography?
provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender. It also prevents the sender from claiming that they never sent the message in the first place (also known as repudiating the message). *Nonrepudiation is offered only by public key, or asymmetric, cryptosystems
What are Asymmetric key algorithms also known as?
public key algorithms, provide a solution to the weaknesses of symmetric key encryption. In these systems, each user has two keys: a public key, which is shared with all users, and a private key, which is kept secret and known only to the owner of the keypair. But here's a twist: opposite and related keys must be used in tandem to encrypt and decrypt. In other words, if the public key encrypts a message, then only the corresponding private key can decrypt it, and vice versa.
What can Symmetric key cryptography also be called?
secret key cryptography and private key cryptography. (pg 315/995)
In the early days of cryptography what was one of the predominant principles?
security through obscurity Some cryptographers thought the best way to keep an encryption algorithm secure was to hide the details of the algorithm from outsiders. Old cryptosystems required communicating parties to keep the algorithm used to encrypt and decrypt messages secret from third parties. Any disclosure of the algorithm could lead to compromise of the entire system by an adversary.
What is the major weakness of public key cryptography?
slow speed of operation. For this reason, many applications that require the secure transmission of large amounts of data use public key cryptography to establish a connection and then exchange a symmetric secret key. The remainder of the session then uses symmetric cryptography.
What happens when you use a large-sized Symmetric key algorithm?
symmetric encryption becomes very difficult to break. It is primarily employed to perform bulk encryption and provides only for the security service of confidentiality. Symmetric key cryptography can also be called secret key cryptography and private key cryptography.
What does Integrity ensure in cryptography?
that data is not altered without authorization. If integrity mechanisms are in place, the recipient of a message can be certain that the message received is identical to the message that was sent. Similarly, integrity checks can ensure that stored data was not altered between the time it was created and the time it was accessed. Integrity controls protect against all forms of alteration, including intentional alteration by a third party attempting to insert false information, intentional deletion of portions of the data, and unintentional alteration by faults in the transmission process. Message integrity is enforced through the use of encrypted message digests, known as digital signatures, created upon transmission of a message. The recipient of the message simply verifies that the message's digital signature is valid, ensuring that the message was not altered in transit. Integrity can be enforced by both public and secret key cryptosystems.
What does Confidentiality ensure in cryptography?
that data remains private in three different situations: when it is at rest, when it is in transit, and when it is in use.
What are the major advantages of OFB mode?
that there is no chaining function and transmission errors do not propagate to affect the decryption of future blocks.
What are some common symmetric cryptosystems?
the Data Encryption Standard (DES), Triple DES (3DES), and the Advanced Encryption Standard (AES)
What is a major strength of Symmetric key cryptography?
the great speed at which it can operate. Symmetric key encryption is very fast, often 1,000 to 10,000 times faster than asymmetric algorithms. By nature of the mathematics involved, symmetric key cryptography also naturally lends itself to hardware implementations, creating the opportunity for even higher-speed operations.
What is the most widely cited goal of cryptosystems using confidentiality?
the preservation of secrecy for stored information or for communications between individuals and groups.
What is a major flaw in implementing symmetric encryption algorithms into large systems?
the scalability issue, the fact that symmetric cryptosystems require each pair of potential communicators to have a shared private key makes the algorithm nonscalable. (pg 318/995)
What are Cipher suites?
the sets of ciphers and key lengths supported by a system.
What is data in rest susceptible to?
the theft of physical devices
In public key cryptosystems, each participant has what kind of key?
their own pair of keys
What is one of the problems with substitution ciphers?
they did not change the underlying letter and word frequency of the text.
How do cryptographic algorithms maintain security?
they rely on keys
What is Transposition Ciphers?
transposition cipher involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled. Characters are transposed by changing the ordering of characters within each group.
How does Counter Mode(CTR) mode operate?
uses a stream cipher similar to that used in CFB and OFB modes. However, instead of creating the seed value for each encryption/decryption operation from the results of the previous seed values, it uses a simple counter that increments for each operation.
How does DES-EEE2 mode work?
uses only two keys, K1 and K2 , as follows: E(K1,E(K2,E(K1,P)))
What is one important consideration when using CBC mode?
when errors propagate—if one block is corrupted during transmission, it becomes impossible to decrypt that block and the next block as well.
How does DES-EDE1 mode work?
which uses only one cryptographic key. However, it results in the same algorithm as standard DES, which is unacceptably weak for most applications. It is provided only for backward-compatibility purposes.
How can the term private key be used?
The use of the term private key can be tricky because it is part of three different terms that have two different meanings The term private key by itself always means the private key from the key pair of public key cryptography (aka asymmetric). However, both private key cryptography and shared private key refer to symmetric cryptography. The meaning of the word private is stretched to refer to two people sharing a secret that they keep confidential. (The true meaning of private is that only a single person has a secret that's kept confidential.)
What is an adapted version of DES?
Triple DES (3DES), uses the same algorithm to produce a more secure encryption.
What is one of the most famous examples of a polyalphabetic substitution from historical times?
Vigenère cipher, it used a keyword to look up the cipher text in a table. The user would take the first letter in the text that they wanted to encrypt, go to the Vigenère table, and match that with the letter from the keyword in order to find the ciphertext letter. This would be repeated until the entire message was encrypted. Each letter in the keyword generated a different substitution alphabet.(pg 301/995)
Do all DES modes operate in 64 bits?
Yes, All of the DES modes operate on 64 bits of plaintext at a time to generate 64-bit blocks of ciphertext. The key used by DES is 56 bits long. *The DES specification calls for a 64- bit key. However, of those 64 bits, only 56 actually contain keying information. The remaining 8 bits are supposed to contain parity information to ensure that the other 56 bits are accurate. In practice, however, those parity bits are rarely used. You should commit the 56-bit figure to memory.
Can a Hash function produce the same value for two different methods?
Yes, these are called collisions, and the existence of collisions typically leads to the deprecation of a hashing algorithm.
Does historical methods of Cryptography predate the modern computer age?
Yes, these methods did not depend on mathematics, as many modern methods do, but rather on some technique for scrambling the text.
What does a Symmetric key algorithm rely on?
a "shared secret" encryption key that is distributed to all members who participate in the communications. This key is used by all parties to both encrypt and decrypt messages, so the sender and the receiver both possess a copy of the shared key. The sender encrypts with the shared secret key and the receiver decrypts with it.
What is Data Encryption Standard?
a 64-bit block cipher that has five modes of operation: Electronic Codebook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, and Counter (CTR) mode.
What is the Kerchoff principle?
a concept that makes algorithms known and public, allowing anyone to examine and test them. is that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge. The principle can be summed up as "The enemy knows the system."
Message digests are summaries of what?
a message's content (not unlike a file checksum) produced by a hashing algorithm.
What is an algorithm?
a set of rules, usually mathematical, that dictates how enciphering and deciphering processes are to take place.
In private key (or secret key) cryptosystems, all participants use what kind of key?
a single shared key
How does DES-EDE3 mode work?
also uses three keys but replaces the second encryption operation with a decryption operation. E(K1,D(K2,E(K3,P)))
How does DES-EDE2 mode work?
also uses two keys but uses a decryption operation in the middle, represented by the D(K,C) function, where K is the decryption key and C is the ciphertext to be decrypted. E(K1,D(K2,E(K1,P)))
What is OpenStego?
an online tool for steganography. It simply requires that you specify a text file containing your secret message and an image file that you wish to use to hide the message. Steganography is an extremely simple technology to use, with free tools openly available on the Internet.
What do modern cryptosystems use?
computationally complex algorithms and long cryptographic keys to meet the cryptographic goals of confidentiality, integrity, authentication, and nonrepudiation.
cryptography and cryptanalysis are commonly referred to as what?
cryptology
What are the major strengths of Asymmetric key cryptography?
The addition of new users requires the generation of only one public-private key pair. This same key pair is used to communicate with all users of the asymmetric cryptosystem. This makes the algorithm extremely scalable. Users can be removed far more easily from asymmetric systems. Asymmetric cryptosystems provide a key revocation mechanism that allows a key to be canceled, effectively removing a user from the system. Key regeneration is required only when a user's private key is compromised. If a user leaves the community, the system administrator simply needs to invalidate that user's keys. No other keys are compromised and therefore key regeneration is not required for any other user. Asymmetric key encryption can provide integrity, authentication, and nonrepudiation. If a user does not share their private key with other individuals, a message signed by that user can be shown to be accurate and from a specific source and cannot be later repudiated. Key distribution is a simple process. Users who want to participate in the system simply make their public key available to anyone with whom they want to communicate. There is no method by which the private key can be derived from the public key. No preexisting communication link needs to exist. Two individuals can begin communicating securely from the start of their communication session. Asymmetric cryptography does not require a preexisting relationship to provide a secure mechanism for data exchange.
What Computer scientist led to the deciphering of German communication?
The efforts of Alan Turing led to great success in deciphering German communication, and those efforts were praised by British Prime Minister Winston Churchill himself, who reportedly told King George VI that "it is thanks to [Ultra], put into use on all the fronts, that we won the war!"
What determines the strength of a cryptosystem and the likelihood the encryption will not be compromised?
The length of a cryptographic key is an extremely important factor in determining a key would be compromised through cryptanalytic techniques.
