CISSP - Ch. 6 Cryptography and Symmetric Key Algorithms
What is Diffusion in regards to cryptographic algorithms?
Occurs when a change in the plaintext results in multiple changes throughout the ciphertext.
What are the three types of commonly used modern cryptography algorithms?
Symmetric, Asymmetric and Hashing encryption algorithms
What is Cryptology?
A generic term for the study and application of both Cryptography and Cryptanalysis.
Describe the Exclusive OR operation, or the XOR function
Boolean operation thaty used in cryptographic applications. It returns a TRUE value when only one of the input values is true. If both are TRUE or both are FALSE, the output is FALSE.
What is a plaintext message?
A message before it is put in a coded form. Extra: Represented by a "P" when encryption functions are described.
What are the five modes of operation for DES/DEA?
"ECCCO" 1. Electronic Codebook (ECB) mode 2. Cipher Block Chaining (CBC) mode 3. Cipher Feedback (CFB) Mode 4. Counter (CTR) Mode 5. Output Feedback (OFB) Mode
What is the Cipher Block Chaining (CBC) Mode used in a DES/DEA cipher, and what is it's primary vulnerability?
- 64-bit block of plaintext is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm, or DEA. - Implements an initialization vector (IV) to XOR the first block of the plaintext method prior to encryption - Produces a unique output every time due to the IV Vulnerability: Error propagation during transmission which makes it impossible to decrypt after the corrupted block.
How does asymmetric key cryptography solve the weaknesses of symmetric cryptography?
- Each user has their own keys and can be removed far more easily from asymmetric systems and no pre-existing comms needs to take place(distribution issue) - Each user has two keys assigned specifically to them (non-repudiation), one public and one private key. Every one involved gets a pair of keys (scalability) - Key generation is only needed if a user's private key is compromised.
Why does some literature state that DES uses a 64-bit key to perform encryption and decryption operations and is this incorrect?
- It is not incorrect. - DES specification calls for the use of a 64-bit key, but only 56 bits contain the keying information. - 8 bits contain parity information that verifies that the first 56 bits are accurate.
What are the requirements for the One-Time Pad algorithms?
- It must be randomly generated - It must be physically protected against disclosure. - It can only be used once - The key must be at least as long as the message being encrypted.
What is the ROt3 cipher?
A cipher that converts each alphabetical letter to it's decimal equivalent where A is 0 and Z is 25.
What is a Block Cipher?
A cipher that operates on "chunks" of a message and apply the encryption algorithm to an entire message block at the same time. These are known as transpositions ciphers.
What is the Kerchoff Principle?
A concept that makes all cryptographic algorithms known and public which allows anyone to examine and test them for flaws and loopholes because "a cryptographic systems should be secure even if everything about the system except the key is known".
What is key escrow, and what are the benefits and the risks associated with this method?
A control in which cryptographic keys, digital signatures, and even digital certificates needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. Benefit: A key can be extracted from a backup by a third party. in the event that the user loses or damages original Risk: If only one key escrow exists, there is a broad opportunity for fraud and abuse by the entrusted third party.
What is a cipher, and how is it different from a code?
A cryptographic system that converts messages from plain text to ciphertext by using a variety of techniques or algorithms to alter/rearrange the characters, blocks, or bits of a message. The difference: Ciphers are applied with the goal of intentional confidentiality of information.
What is Digital Signature?
A digital signature (not to be confused with a digital certificate) is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document.
In regards to cryptography, what is work function, also known as "work factor".
A meth of measure the strength of a cryptography systems by measuring the effort in terms of the cost and/or time it takes to complete encryption/decryption functions. The goal is to ensure that the cryptographic system is effective and cost efficient.
What is zero-knowledge proof method?
A method by which one party (certifying party) can prove that something is true to the other party (verifying party). Except for the fact that this specific statement is true, no additional information is disclosed. Often accomplished with passwords or other secret forms of authenticators.
What is M of N Control?
A method that requires that a minimum number of agents/entities (M) out of the total number of those authorized (N) work together to perform high-security tasks. M <= N
What is a substitution cipher and give an example.
A method that substitutes one letter for another. Caesar cipher is an example. It susceptible to breaking because of the frequency distributions of symbols/characters
Describe columnar transposition.
A method used in transposition cipher in which a keyword is used to encrypt the message. Numbers are assigned to letters in the keyword based on the alphabetical order, increasing with repetitive characters. (APPLE -> A=1, E=2, L=3, P=4, P=5). (Numbering the columns) Place letters above the message you wish to encrypt, arranging the message characters in columns of the key word. Sender enciphers message by reading down the column and placing it into from left to write.
What was the project code-named VENONA?
A pattern in the way the Soviets generated the key values used in their pads was discovered by cryptanalysts.
What is Asymmetric Cryptography?
A public/private key pair assigned to individuals is used to encrypt and decrypt messages sent between all parties.
What is an initialization vector?
A random bit string that is the same length as the block size and it is XOR'd with the message to create a unique ciphertext every time the same message is encrypted using the same key.
What is an algorithm in regards to cryptography?
A set of rules, logically and mathematically defined, that dictates how enciphering and deciphering processes are to take place.
What is Symmetric Cryptography?
A shared key is used by all parties to encrypt and decrypt messages.
What is the Cipher Feedback (CFB) Mode used in a DES/DEA cipher, and what is it's primary vulnerability?
A streaming cipher version of CBC that operates on data produced in real-time using 64-bit memory buffers rather than blocks of stored data. - As the 64-bit memory buffer is filled, it is encrypted, otherwise it operates similarly to CBC Mode using IV and XOR - Error propagation
What is a Caesar cipher? Briefly describe in a historical context.
A substitution cipher that shifts characters a certain number of positions in the alphabet. - Used by Julius Caesar to communication with Cicero in Rome. Caesar specifically shifted each character three places to the write to form a substitution cipher.
What is the Data Encryption Algorithm, or DEA, introduced by the Data Encryption Standard (DES) in 1977?
A symmetric 64-block cipher that uses a 56-bit key. It encrypts 64-bit blocks of plaintext at a time using a long series, called "rounds", of exclusive OR operations that use substitution and transposition repeated 16 times.
What is a challenge-response authentication protocol?
A technique used to verify that allows one party to force the secondary party to prove they are who they claim to be prior to transmitting sensitive data.
What is a hashing algorithm?
A utility designed to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a file or entire disk. The key in public-key encryption is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. Essentially, the hash value is a summary of the original value. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value
What is a cryptographic key?
A word, number, or phrase that must be known to encrypt or decrypt a message. Usually it's a very large binary number.
What are logical operations used to manipulate data in Boolean mathematics?
AND OR NOT Exclusive OR Modulo function
What is Offline Distribution (of keys)?
Actual physical exchange of key materials
What is Ultra and why was it developed?
Allied Forces top-secret effort to attack and decrypt Engima codes by reconstructing an enigma prototype which allowed British and American cryptologists to crack the Enigma cipher.
What is a ciphertext message?
An encrypted message represented by the letter "C".
What are transposition ciphers?
An encryption algorithm to rearrange the letters of plaintext message to form a cipher text.
One-time Pads?
An extremely powerful type of substitution cipher which uses a different substitution alphabet for each letter of the plaintext message. These are also known as Vernam ciphers, after the inventor.
Which cryptosystem allows for the provision of non-repudiation?
Asymmetric cryptosystems (public/private key pairing). (See Ch. 7)
Describe the NOT operation.
Boolean operation that simply reverses the value of an input variable and only operates on a singular variable at a time. There are two possible outcomes. Indicated by ~ or !, i.e. ~X or !X
Describe the OR operation.
Boolean operation that takes two variables as inputs and is used to logically check if at least one value is TRUE. There are four possible outcomes Indicated by a "v", i.e. X v Y
Describe the AND operation.
Boolean operation that takes two variables as inputs and is used to logically check if the two values are both TRUE. There are four possible outcomes. Indicated by a ^, i.e. X ^ Y
What is the formula for One-time pads, or Vernam Ciphers?
C = (P + K) mod 26
What is the Electronic Code Book (ECB) Mode used in a DES/DEA cipher, what is it vulnerable to and why?
Cipher that encrypts the block of plaintext using the chosen secret key.. - Vulnerable tocode book cracking by eavesdropping threat actors - Because it will produce the same encrypted block every time it is used on the same plaintext block because the key is not alternated.
What is a stream cipher?
Cipher that takes one character and replaces it with another. Aka... a Caesar cipher.
What basic operations do cryptographic algorithms rely on to be successful?
Confusion and Diffusion.
What are codes?
Cryptographic systems of symbols that represent words or phrases, sometimes kept secret, but are not always meant to provide confidentiality. (ex. "10-4")
What is "modern cryptography"?
Cryptosystem that uses computationally complex algorithms and long crypto keys to meet the cryptographic goals of CIA and non-repudiation.
What is Data in Motion/Data in Transit/data on the wire?
Data as it is transmitted across a network between two systems.
What are the two different types of data one must consider in regards to providing data confidentiality?
Data at Rest Data in transit ("on the wire")
What does "on the wire" refer too?
Data in transit. It refers to the network cables that carry data communications. n
What is Data at Rest?
Data stored in a permanent location awaiting access.
What does the term "encrypt" mean?
Defined as the use of a cryptographic algorithm to encrypt plaintext messages and procedure ciphertext message.
What is an "encrypted message digest" referring too?
Digital Signatures created upon the transmission of a message.
What is period analysis?
Examination of frequency based on the repeated use of the keys.
What standard defines the cryptographic modules used by the federal government?
FIPS 140-2, or "Security Requirements for Cryptographic Modules".
What is Enigma and how could be decrypted?
German commercial code making and breaking machine that used a series of three to six rotors to implement complicated substitution cipher. The only way to decrypt the code was to use a similar machine set up with the exact same rotor settings.
What is the key difference in philosophy between historical and modern day cryptography?
Historical cryptography operated on the thought system of "security through obscurity". Modern cryptography make algorithms public and therefore open to scrutiny and testing to improve their function.
What is a cryptosystem?
Implementations of a code or cipher in hardware and software.
How can the Caesar cipher be broken?
In regards to the English Language, it is easy to crack by determining the most frequently used letters in the alphabet and their placement within the cipher. (E, T, A, O, N, R, I, S, H - respective to frequency)
What is the Purple Machine?
Japanese cryptographic machine broken by Americans because the cipher had an established pattern which used very formal message formats that resulted in a large amount of similar text in multiple messages.
What are the major problems of Symmetric Key Cryptography?
Key Distribution Does Not Implement Non-Repudiation Algorithm is not Scalable Keys must be regenerated frequently
What are some other strengths of asymmetric encryption?
Key distribution is very simple for users who wish to participate in the system Asymmetric key encryption can provide integrity, authentication, as well as non-repudiation.
What are the three main methods used to exchange secret keys?
Offline Distribution Public Key Encryption Diffie-Hellman
Describe Integrity in regards to cryptography?
Principle that ensures that data at rest and in transit is not altered without authorization by authorized individuals or operations by protection againt all forms of alteration - intentional or accidental.
Describe confidentiality in regards to cryptography?
Principle that ensures that data remains private while at rest or in transit and it is the most widely cited goal of cryptography.
Describe Authentication in regards to cryptography?
Principle that ensures the claimed identity of the party sending and/or receiving an encrypted message/transmission or accessing encrypted data. It is a major function of cryptosystems to protect data confidentiality and integrity which guarantees that encrypted data is not accessed nor altered by unauthorized parties.
Describe Non-Repudiation in regards to cryptography?
Principle that provides assurance to the recipient that the message originated by the known sender and not and unknown third-party and prevents any sender from denying they sent a data/message transmission.
What is Asymmetric Key Cryptophray also known as?
Public Key Algorithm
What are the alternative names of Symmetric Key Algorithms?
Secret Key Cryptography and Private Key Cryptography
What is a message digest?
Summaries of a messages content (not the checksum) produced by a hashing algorithms.
What are the two main types of cryptographic systems/algorithms that enforce confidentiality?
Symmetric and Asymmetric Cryptosystems.
What does cryptography mean?
The art and science of creating and implementing secret codes and ciphers.
What is a one-way function?
The basis of Public Key cryptography. A mathematical operation that easily produces output values for each possible combination of inputs but ensures that retrieving the inputs is not possible. (i.e. modulo function).
What are cryptovariables?
The occasional term used for cryptographic keys.
What is cryptanalysis?
The practice and study of determining and exploiting weaknesses in cryptographic techniques. Aka - the practice of breaking code to obtain the meaning of encrypted data.
What is symmetric key management?
The practices and measures used by cryptosystem users and administrators to protect the security of cryptographic keys and keying material including creation, distribution, storage, destruction, recovery, and escrow of secret keys
What is a key space?
The range of values that are valid for use as a key for a specific algorithm and it is defined by its bit size, or the number of binary its (0's and 1's) in the key. Extra: The range of a key space can be any value fro 0 to 2n. Example: 128-bit key can have a key range of 0 to 2^128th power, or equal to 3.40282367 * 10^38th power.
What is Confusion in regards to cryptographic algorithms?
The relationship between a plaintext message and the key is so complicated that an attacker can't merely continue altering the plain text to determine the key
What is the modulo function in the field of cryptography?
The remainder value left over from a division operation. It is important to cryptography because it can act as a one-way function in which the the output obscures the input. Indicated by a %, and abbreviated as "mod", i.e. 8 mod 6 = 2.
What is the major weakness of public key cryptography?
The slow speed of operations
What is Boolean mathematics and how does it apply to computer systems.
Theory that defines the rules used for the bits and bytes that form the nervous system of any computer which is based upon electrical circuits. Electrical circuits only have two states - on or off. All computation is performed by an electrical device which must be expressed in boolean computational values of "TRUE" or "FALSE".
What is Split Knowledge?
This combines the concepts of separation of duties and two-person control to perform an operation into a single solution.
What is a nonce?
This is a random number that is a placeholder variable in mathematical functions. It is a unique number every time it is used. An initialization vector (IV) is a nonce.
What is a Polyalphabetic substitution cipher and give an example?
Uses a single encryption/decryption chart that replaces one letter for another by writing out the plain text, and writing encryption key underneath it by repeating the key as many times as needed to establish a line of text that is the same length as the plain text. Convert each letter position from plaintext to cipher. Vignere cipher
What is the purpose of cryptography and its four fundamental principles? ?
Using complex algorithms to provide added levels of security to data during processing, storage, and communications for the purpose of protecting confidentiality and integrity of that data and ensuring authentication and non-repudiation when access protected data. Four Principles are: 1. Confidentiality 2. Integrity 3. Authenticatoin 4. Non-Repudiation
what is a Running Key Cipher?
When an encryption key is chosen from a common book.