CompTIA Sec+ SYO-601,2.8
Ciphers
A message in which letters or symbols replace the actual letters in the message Secret writings and codes.
confusion and diffusion
Confusion means that the key should not be derivable from the ciphertext. If one bit in the key changes, many bits in the ciphertext should change. -Diffusion means that predictable features of the plaintext should not be evident in the ciphertext. If one bit of the plaintext is changed, many bits in the ciphertext should change as a result
symmetric, asymmetric
Cryptographic algorithms are often grouped into two broad categories, _____ and _____
Symmetric Cryptography
Encryption that uses a single key to encrypt and decrypt a message.
Hashing algorithms
Fixed length digest/hash from variable string with cryptographic properties -One-way (ciphertext cannot be decrypted) -Anti-collision (no two plaintexts will produce the same digest) Used for password storage and checksums (integrity) -Secure Hash Algorithm (SHA-1 and SHA-2)Message -Digest Algorithm (MDA/MD5) -Research and Development in Advanced Communications Technologies in Europe[RACE] Integrity Primitives Evaluation Message Digest (RIPEMD) -Hash-based Message Authentication Code (HMAC) Hashing algorithms are used to create a message digest to ensure that data integrity is maintained. A sender creates a message digest by performing the hash function on the data files to be transmitted. The receiver performs the same action on the data received and compares the two message digests. If they are the same then the data was not altered.
Asymmetric Cryptography
In this Cryptography a Key Pair - Private and Public Key is used. Private Key is kept secret and the Public Key is Widely distributed.
plain text
Message data before it is encrypted.
Encryption
Process of converting readable data into unreadable characters to prevent unauthorized access.
Cipher text
The output of the cryptography process or cryptosystem. The encrypted version of the plaintext.
Decryption
a process that reverses encryption, taking a secret message and reproducing the original plain text
Salting
•Add a random value to each password when hashing it for storage •Prevents use of pre-computed hash tables
Subject Name Attributes
•Common Name (CN) •Legacy method of recording FQDN FQDN (Fully Qualified Domain Name) •Deprecated by standards •BUT still used in many implementations •Subject Alternative Name (SAN) •Structured identifiers •List multiple host/subdomains •Use wildcard subdomain •
Digital Certificates
•Contains subject's public key •Information identifying the subject plus usage and validity •Digital certificate standards •X.509 Public Key Infrastructure (PKIX) •PKCS (Public Key Cryptography Standards)
Downgrade Attack
•Downgrade attack •Forces server into using weak protocol versions and ciphers
Cryptographic Concepts
•Encryption and decryption—encoding and decoding •Plaintext is the unencoded message •Ciphertext is the coded message •Cipher is the means of change or algorithm •Cryptanalysis is the art of cracking cryptographic systems •Meet Alice and Bob (and observe Mallory, lurking) •Hashing algorithms •Encryption ciphers •Symmetric •Asymmetric
Blockchain
•Expanding list of transactional records (blocks) •Each block is linked by hashing •Public ledger •Ledger of transactions performed on a digital asset •Peer-to-peer so transactions are public •Transactions cannot be deleted or reversed •Widely used for cryptocurrencies •Potential uses for financial transactions, online voting systems, identity management systems, notarization, data storage, ...
Encryption Ciphers and Keys
•Hashing is not encryption—the process is not reversible •Encryption uses a reversible process based on a secret •Process should be too complex to unravel without the secret •Substitution •Transposition •Cannot keep the cipher/algorithm itself secret •Key ensures ciphertext remains protected even when the operation of the cipher is known •Protecting the key is easier than protecting the algorithm
Man-in-the-middle (MITM) attack
•Man-in-the-Middle (MitM) •Interferes with the public key presented to the client
Steganography
•Obfuscation: Make something hard to understand •Concealing messages within a covertext •Often uses file data that can be manipulated without introducing obvious artifacts •Image •Audio •Video •Covert channels
Certificate Authorities
•Private CAs versus third-party CAs •Define services offered •Ensure validity of certificates and users (domain validation) •Establish trustworthy working procedures •Manage servers and keys
Public and Private Key Usage
•Public key cryptography •When you want others to send you confidential messages, you give them your public key to use to encrypt the message •When you want to authenticate yourself to others, you create a signature and sign it by encrypting the signature with your private key •But how does someone trust the public key? •Public key infrastructure (PKI) validates the identity of the owner of a public key •Public key is wrapped in a digital certificate signed by a certificate authority (CA) •Sender and recipient must both trust the CA
asymmetric encryption
•Public/private key pair •If the public key encrypts, only the private key can decrypt •If the private key encrypts, only the public key can decrypt •Private key cannot be derived from the public key •Private key must be kept secret •Public key is easy to distribute (anyone can have it) •Message size is limited to key size so not suitable for large amounts of data •Used for small amounts of authentication data
asymmetric encryption
•Public/private key pair •If the public key encrypts, only the private key can decrypt •If the private key encrypts, only the public key can decrypt •Private key cannot be derived from the public key •Private key must be kept secret •Public key is easy to distribute (anyone can have it) •Message size is limited to key size so not suitable for large amounts of data •Used for small amounts of authentication data Asymmetric ciphers are mainly used for authentication and non-repudiation. Another important use is key exchange. A symmetric encryption key is encrypted by the client and sent to the server. The server decrypts the key and that secret key is then used to encrypt messages sent between server and client.
Public Key Cryptography Algorithms
•RSA algorithm (Rivest, Shamir, Adleman) •Basis of many public key cryptography schemes •Trapdoor function •Easy to calculate with the public key, but difficult to reverse without the private key •Elliptic curve cryptography (ECC) •Concerns about RSA being vulnerable to cryptanalysis •Another type of trapdoor function •Can use smaller keys to obtain same security
Symmetric Encryption
•Same secret key is used for encryption and decryption •Fast—suitable for bulk encryption of large amounts of data •Problem storing and distributing key securely •Confidentiality only— sender and recipient know the same key
PKI Trust Models and Certificate Chaining
•Single CA •Hierarchical/chain of trust •Root CA •Intermediate CAs •Leaf certificates •Online versus offline
Stream and Block Ciphers
•Stream ciphers •Encrypt and decrypt each bit/byte at a time •Must be used with an initialization vector (IV) •Block ciphers •Treat data as equal-size blocks, using padding if necessary •Advanced Encryption Standard (AES/AES256) •Key length •Range of key values is the key space •Longer key bit length means a larger key space •Strength of key of any given length varies between ciphers
Digital Signatures
•Using public key cryptography with hashing •Digital signatures provide integrity, authentication, non-repudiation •RSA-based digital signatures •Digital Signature Algorithm (DSA) with ECC cipher
Digital Certificates
•Wrapper for a public key to associate it with a digital identity •Identity assertion is validated by a certificate authority (CA) by signing the certificate •Both parties must trust the CA •Referred to as public key infrastructure (PKI)