CISSP Chapter 6 - Cryptography & Symmetric Key Algorithms

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Serpent Block Cipher

- 128, 192, and 256 bit keys that operate on 128 bit data blocks - Uses 32 rounds working with a block of 4 32-bit words - Each round applies 1 of 8 4-bit to 4-bit S-boxes 32 times in parallel

ECB (Electronic Code Book)

- A most basic encryption mode - Message is divided into blocks encrypted separately - Same text always gives same cipher - Attackers can analyze to derive the key

Attacks on Cryptosystems

- Ciphertext only attacks - Known Plaintext Attack - Chosen Plaintext Attack - Man In the Middle Attack - Dictionary Attack - Side Channel Side Channel

Blowfish Block Cipher

- Designed by Bruce Schneier - Optimized for applications where key doesn't change often - VARIABLE length keys (32 to 448 bits) and operates on 64-bit data blocks

ARIA Block Cipher

- Designed by South Korea in 2004 - Similar to AES - 128, 192, and 256 bit keys that operate on 128 bit data blocks

Skipjack Block Cipher

- Designed for the Clipper Chip - Clipper chip has built-in encryption meant for law enforcement to decrypt data if needed - 80-bit keys and operates on 64-bit data blocks

PGP (Pretty Good Privacy)

- Free low cost email encryption - Uses symmetric and asymmetric encryption - Generates self-signed certificates

IDEA Block Cipher

- International Data Encryption Algorithm (IDEA) - Designed by Xuejia Lai and James Massey - 128-bit keys and operates on 64-bit data blocks - Faster than DES and quite secure

RSA Encryption

- Rivest, Shamir, and Adleman. - An asymmetric algorithm used to encrypt data and digitally sign transmissions. - Uses both a public key and a private key in a matched pair.

Three phases of the key lifecycle

- Setup and installation - Administration - Cancellation

Popular Symmetric Block Encryption Algorithms

- The Feistel Network - DES - 3DES - AES - Blowfish - Skipjack - IDEA - Serpent

Randomly selected Public Key (e) condition

1) Must be between 1 and value of < 0(n) OR 2) The GCD(e, 0(n)) must = 1

Trust models

1. Single Authority 2. Hierarchical 3. Web of Trust

Cipher

An algorithm that transforms plaintext to ciphertext

Rainbow Tables

In password cracking, a set of precalculated encrypted passwords located in a lookup table.

Key

Information used in a cipher that is known only to the sender or receiver

PKI

Involves: - Public-key cryptography standards - Trust models - Key management

encipher

To convert plaintext to ciphertext by means of a cryptographic system.

Decryption formula

m = c to the power of d mod n

PKCS (Public Key Cryptography Standards)

A set of protocol standards developed by a consortium of vendors to send information over the Internet in a secure manager using a PKI.

AES Block Cipher

Advanced Encryption Standard for US Govt - Replaces DES and specifies 3 key sizes: - 128, 192, and 256 bit keys that operate on 128 bit data blocks

ElGamal

Based on Diffie-Helmann and was invented in 1984 by Taher Elgamal. Comprised of 3 parts: - Key generator - Encryption algorithm - Decryption algorithm

Encryption formula

C = m to the power of e mod n

single-sided certificate

Contains both the signature and encryption information

Atbash Cipher

Invented by the Hebrew. Single substitution monoalphabetic cipher that substitutes each letter with it's reverse (a and z, b and y, etc).

Diffie-Hellman key exchange

Invented in the 1970s, it was the first practical asymmetric method for establishing a shared secret key over an unprotected communications channel.

ROT13 cipher

This more recent cipher uses the same mechanism as the Caesar cipher but moves each letter 13 places forward

Decipher

To recover plaintext from ciphertext

RSA Concepts

To understand RSA , you need to understand 4 concepts: - Prime - Co-Prime - Euler's Totient - Modulus operation

Key Space

Total number of possible values of keys

SHA-2

Two similar hash functions with different block sizes known as SHA-256 and SHA-512 - SHA-256 (32 byte word sizes or 256 bits) - SHA-512 (64 bytes word sizes or 512 bits) Also truncated versions SHA-224 and SHA-384 exist

Plaintext

normal text that has not been encrypted

TPM Trusted Platform Module

A chip on a motherboard that holds an encryption key required at startup to access encrypted data on the hard drive. Windows BitLocker Encryption can use the TPM chip.

Block Cipher

A cipher that manipulates entire blocks or chunks consisting of many bytes of plaintext at one time.

digital certificate

A data file that identifies individuals or organizations online and is comparable to a digital signature.

dual-sided certificate

A digital certificate in which the functionality is split between two certificates, the signing and encryption certificates.

Certificate Practice Statement (CPS)

A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate.

Initialization Vector (IV)

A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

Cryptographic hash

A function that is one-way (nonreversible), has a fixed length output, and is collision resistant.

CRL (Certificate Revocation List)

A list of certificates that are no longer valid.

Triple DES (3DES) Block Cipher

A more-secure variant of DES that repeatedly encodes the message using three separate DES keys (168-bit long). More secure than DES but considerably slower.

Message Authentication Code (MAC)

A small block of data that is generated using a secret key and then appended to the message to protect integrity. Types include: - HMAC - CBC-MAC

Ciphertext

A string of text that has been converted to a secure form using encryption.

Certificate Authority (CA)

A trusted third-party agency that is responsible for issuing digital certificates.

Asymmetric Encryption

A type of encryption based on algorithms that require two keys; one of which is secret (or private) and one of which is public (freely known to others).

Elliptical Curve Cryptography (ECC)

An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring. Smaller keys are more suitable to mobile devices.

PRNG (Pseudo Random Number Generator)

An algorithm that generates a sequence of numbers that seems random but is actually completely predictable. PRNGs are used as: - The nonce in a stream cipher - The cipher key in a block cipher - The input for a MAC

Digital Signature

An encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender. Encryption of a message performed using the sender's private key. The recipient uses the sender's public key to verify the message.

Symmetric Encryption

An encryption method in which the same key is used to encrypt and decrypt a message. Also known as private-key encryption.

Stream Cipher

An encryption method that encrypts a single bit at a time. Popular when data comes in long streams (such as with older wireless networks or cell phones).

PKI (Public Key Infrastructure)

An encryption system that is composed of a CA, certificates, software, services, and other cryptographic components, for the purpose of verifying authenticity and enabling validation of data and entities.

Scytale Cipher

Ancient encryption tool that used a type of paper and rod used by Greek military factions.

Rail Fence Cipher

Ciphers that write message letters out diagonally over a number of rows then read off cipher row by row. E I T E I Y X T H C T Ciphertext = EITEIYXTHCT Plaintext = Exit the city

DES Block Cipher

Data Encryption Standard - the most popular symmetric block encryption cipher in the past, developed by IBM and the US Govt. Now considered weak - 56-bit key

PGP Certificate Components

Defines its own format. A single key can contain multiple signatures. - PGP version number - Certificate holder's public key - Certificate holder's information - Digital signature of certificate owner - Certificate validity period - Preferred symmetric encryption algorithm for the key

DSA

Digital Signature Algorithm

File and drive encryption

FDE - Full disk encryption SED - Self encrypting drive HSM - Hardware security module (a physical device that safeguards and manages digital keys)

FIPS

Federal Information Processing Standards FIPS 140 - Cryptographic modules FIPS 186 - Digital signatures FIPS 197 - AES FIPS 201 - Identity verification

Digital certificate management

For Alice and Bob to use asymmetric cryptography: - Alice and Bob must generate a public and private key - A CA or RA must verify their identities - The certificates must be placed in a CR - When they expired they must be placed on a CRL All these are done by PKI

Calculate the value of the Private Key (d) where K < e

Formula for each iteration (K): d = (1 + K * 0(n) ) / e

Prime Numbers, Modulus, Totient

Prime: Choose 2 large primer numbers (factors are 1 and itself only) (p,q) Modulus: n = pxq Totient 0(n) = (p-1) x (q-1)

Hash - Salt

Random bits added to further secure encryption or hashing, most often encountered with hashing to prevent rainbow table attacks.

The Enigma Machine

Rotor-based cipher system used by Germans in WWI and WWII. Operator would pass a key and the encrypted ciphertext for the plaintext was altered each time. A multi-alphabet cipher consisting of 26 possible alphabets.

Cryptology

The discipline of both Cryptography and Cryptanalysis

SHA-3

The most recent iteration of SHA. It was developed by private designers for a public competition in 2012. SHA-3 is very different in design from SHA-2, even though it uses the same 256- and 512-bit hash lengths.

X.509

The most widely accepted format for digital certificates as defined by the International Telecommunication Union (ITU).

Cryptography

The study and use of encryption principles and methods

Cryptoanalysis

The study of principles and methods of deciphering ciphertext without knowing the key

Vigenère cipher (Vee-zha-nair)

a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword. Example: https://www.geeksforgeeks.org/vigenere-cipher/

Caesar Cypher

letter-by-letter method to make a cipher. For example, for each letter, substitute another letter 4 letters ahead. For "a", write "d".

Steganography

the art and science of hiding information by embedding messages within other, seemingly harmless messages. The most common implementation utilizes the least significant bit without altering the original file in a notiecable way.

Key stretching/key strengthening

used to ensure that a weak key is not victim of brute force attack. - special algorithm used to convert weak password into stronger keys by "stretching" it longer - common algorithm PBKDF2 and Bcyrpt


Ensembles d'études connexes

Les éléments et le tableau périodique

View Set

PN NCLEX 6th Edition- Adult Renal/Urinary

View Set

Chemistry and Society Final Exam

View Set

Chapter 6 Informational Text and Text Complexity

View Set

Chapter 4: The Northern Colonies in the Seventeenth Century, 1601-1700

View Set

NPLEX 2 Pharmacology Full (Elective and Core) 2019

View Set

3. Physics Practice Questions Chapter 23

View Set