Coursera cryptography chapter 3

five ideas for putting asymmetric cryptography to work:

-when a message is encrypted with one half of a key pair, it must be decrypted with the other half of the same key pair. -Encryption with receiver's public key provides confidentiality -Encryption with sender's private key (digital signing) provide proof of origin. -A digital signature is created by signing a hash with a private key. -A certificate binds a public key to an entity.

Researcher to Payroll ?

Block

Which of the following algorithms supports asymmetric key cryptography?

Diffie-Hellman

ElGamal Cryptographic Algorithm

ability to provide message confidentiality and digital signature services.

Transposition

changing the position of the letters or symbols in the input plaintext.

Transport mode

is used to provide end-to-end protection (client to server). Here, we will be considering transport mode.

Hierarchy of trust

-At the top of the hierarchy is a root CA -The lower level CAs are validated by the root

AES is a block cipher with what variable key lengths?

128, 192, or 256 bits

Examples of Symmetric Encryption

AES, DES, 3DES, blowfish, IDEA

Which attacks are a class of techniques whose success relies on block ciphers exhibiting a high degree of mathematical structure?

Algebraic

CFO to R&D?

Block

All of these are features of TLS except which one?

Compatible with SSL

What is the input that controls the operation of the cryptographic algorithm?

Cryptovariable

Which of the following is a one-way mathematical operation that reduces a message or data file into a smaller fixed length output?

Hash value

Alice provides Integrity checking by hashing message.

Integrity

What algorithm and key size are being used for the public key?

RSA 4096 Bits

substitution

The process of replacing one value for another.

Internet Key Exchange (IKE)

allows communicating partners to prove their identity to each other and establish a secure communication channel.

Tunnel mode

is generally used between networks, in which case we define a tunnel end point, and the traffic between the requestor (client) and server is protected. Generally, this is a firewall-to-firewall VPN.

Authentication header

-Used to prove the identity of the source IP address and ensure that the transmitted data has not been tampered with.

Implementation Attacks

-Side-channel analysis -Fault analysis -Probing attacks

Secure protocols IP security (IPsec)

A suite of protocols for communicating securely with internet protocol (IP) by providing mechanisms for authentication and encryption. IPsec can be implemented in two modes: -Tunnel mode -Transport mode

Accounts to Intranet ?

Allow

disadvantages of symmetric algorithms

Key distribution and management

Accounts to Payroll?

Negotiate

Researcher to R&D?

Negotiate

Cryptographic implementation attacks include which of the following

Side channel

Modern steganography tends more towards the use of technology to hide messages. These may include but are not limited to

-Covert channels -Hidden text within a web page -Hidden messages within picture or sound files -Null ciphers (hidden with another plaintext message) -There are a number of legitimate uses of steganography. One of the most widely used applications is digital watermarking. A watermark is the replication of an image, logo or text on paper stock and used to provide partial authentication. A digital watermark can provide the same function; a graphic artist might embed a signature in an image to prove ownership in the event of a copyright infringement.

CFO to FTP?

Allow

CFO to Intranet ?

Allow

Birthday Attack

Because a hash is a short representation of a message, given enough time and resources, another message would give the same hash value. However, hashing algorithms have been developed with this in mind so that they can resist a simple birthday attack. The point of the birthday attack is that it is easier to find two messages that hash to the same message digest than to match a specific message and its specific message digest. The usual countermeasure is to use a hash algorithm with twice the message digest length as the desired work factor

What is the correct choice for encrypting the entire original data packet in a tunneled mode for an IPsec solution?

Encapsulating Security Payload (ESP)

To provide message confidentiality, Alice should begin by ___?____ using a symmetrical algorithm.

Encrypting

Asymmetric key cryptography is used for the following:

Encryption of data, non-repudiation, access control

Internet Key Exchange (IKE) is often used together with which security protocol?

IPsec

What does non-repudiation ensure about an email message?

It can be attributed to a particular author.

What is the process called of using a key encrypting key (KEK) to protect session keys?

Key wrapping

Temporary Files

Most cryptosystems will use temporary files to perform their calculations. If these files are not deleted and overwritten, they may be compromised and lead an attacker to the message in plaintext.

Manual Key Creation

Probably the weakest and most error-prone way an organization can generate cryptographic keys is to have human beings create them; this is the pick-your-own-password problem in a different context. Humans are highly susceptible to errors in generating their own keys, no matter how large the key space or how strongly the system policies may encourage (or require) their passwords to be complex

A key escrow service is intended to reliably allow what?

Recovery of private keys

Which attack is meant to disrupt and damage processing by the attacker sending repeated files to the host?

Replay

When implementing a password-based access control solution, what function should be used to help avoid rainbow table collisions?

Salt

Chosen Plaintext

To execute the chosen plaintext attacks, the attacker knows the algorithm used for the encrypting or, even better, they may have access to the machine used to do the encryption and are trying to determine the key. This may happen if a workstation used for encrypting messages is left unattended. Now the attacker can run chosen pieces of plaintext through the algorithm and see what the result is. This may assist in a known plaintext attack. An adaptive chosen plaintext attack is one in which the attacker can modify the chosen input files to see what effect that would have on the resulting ciphertext.

True/False. The user of the (ISC)² website knows that the certificate is valid because the CA created a certificate using information supplied by (ISC)² and created a hash that it signed with its private key. The user's browser decrypts the signed (encrypted) hash using a copy of the CA's public key. The browser creates a hash of the certificate locally and compares it with the now decrypted hash (added to the end of the received certificate). If the match, the certificate is valid.

True

A certificate authority (CA) provides which benefit to a user?

Validation that a public key is associated with a particular user

Algebraic

are a class of techniques whose success relies on block ciphers exhibiting a high degree of mathematical structure. For instance, it is conceivable that a block cipher might exhibit a group structure. If this were the case, it would mean that encrypting a plaintext under one key and then encrypting the result under another key would always be equivalent to single encryption under some other single key. If so, the block cipher would be considerably weaker, and the use of multiple encryption cycles would offer no additional security over single encryption.

Side-channel attacks

are passive attacks that rely on a physical attribute of the implementation such as power consumption/emanation. These attributes are studied to determine the secret key and the algorithm function. Some examples of popular side channel approaches include timing analysis and electromagnetic differential analysis.

Probing attacks

attempt to watch the circuitry surrounding the cryptographic module in hopes that the complementary components will disclose information about the key or the algorithm. Additionally, new hardware may be added to the cryptographic module to observe and inject information.

Brute Force

consists of trying all possible keys until one is found that decrypts the ciphertext. This is why key length is such an important factor in determining the strength of a cryptosystem. With DES only having a 56-bit key, in time the attackers were able to discover the key and decrypt a DES message. This is also why SHA-256 is considered stronger than MD5, because the output hash is longer, and, therefore, more resistant to a brute-force attack. Graphics processing units (GPUs) have revolutionized brute force hacking methods. Where a standard CPU might take 48 hours to crack an eight-character mixed password, a modern GPU can crack it in less than 10 minutes. GPUs have a large number of arithmetic/logic units (ALUs) and are designed to continuously perform repetitive tasks. -These characteristics make them ideal for performing brute-force attack processes. Due to the introduction of GPU-based brute-force attacks, many security professionals are evaluating password length, complexity and multifactor considerations.

Security Association (SA)

defines the mechanisms that an endpoint will use to communicate with its partner.

Differential Cryptanalysis

is a more complex attack, executed by measuring the exact execution times and power required by the crypto device to perform the encryption or decryption. By measuring this, it is possible to determine the value of the key and the algorithm used.

Factoring Attack

is aimed at the RSA algorithm. Because that algorithm uses the product of large prime numbers to generate the public and private keys, this attack attempts to find the keys through solving the factoring of these numbers.

Null Cipher

is defined as hiding a message within another plaintext message — in other words, hiding ciphertext within plaintext.

Replay Attack

is meant to disrupt and damage processing by the attacker sending repeated files to the host. If there are no checks or sequence verification codes in the receiving software, the system might process duplicate files.

Dictionary Attack

is most commonly used against password files. It exploits the poor habits of users who choose simple passwords based on natural words. The dictionary attack merely encrypts all of the words in a dictionary and checks whether the resulting hash matches an encrypted password stored in the SAM file or other password file.

Reverse Engineering

is one of the most common types of attack. A competing firm buys a crypto product from another firm and tries to reverse engineer the product. Through reverse engineering, it may be able to find weaknesses in the system or gain crucial information about the operations of the algorithm

Clipping levels

many systems have a system that will allow a user to try to log in only a limited number times before locking out the user account.

mode of operation for symmetric encryption systems?

-Electronic Code Book (ECB) -Cipher Block Chaining (CBC) -Cipher Feedback (CFB)

Primary uses of symmetric algorithms

-Encrypting bulk data (backups, hard drives, portable media) -Encrypting messages traversing communications channels (IPsec, TLS).

Three Broad Task Areas

-First, own and manage you baseline. -Then, technically manage your PKI implementations -certificate management for small, medium and large enterprises.

Wed of trust

-Formed when individuals introduce and share the public keys of their trusted contacts with others who then become part of the web.

For Alice to receive proof of delivery, Bob takes the ___?___ value of the message that he created and encrypts it using ___?____ . (A time stamp might also be added)

-Hash -Receiver's Private Key

Twofish

one of the finalists for the AES. It is an adapted version of Blowfish developed by a team of cryptographers led by Bruce Schneier. It can operate with keys of 128, 192, or 256 bits on blocks of 128 bits. It performs 16 rounds during the encryption/decryption process.

To verify the message's __?___ , Bob takes a copy of the message and hashes it and compares the hash created locally with the hash he has decrypted.

Integrity

The capability to determine whether a given individual, and from where, took a particular action. For patient data this is a vital element. If data cannot be tracked to a legitimate source (sender), a healthcare practitioner could send the wrong information and deny sending it.

Non-repudiation

Alice provides proof of origin by encrypting the hash with the ____ and sending the encrypted hash with the message.

Sender's Private Key

RSA Encryption Algorithm

based on the mathematical challenge of factoring the product of two large prime numbers.

Digital signing provides

-Authentication -Non-repudiation -Data integrity

Bob can verify the message came from Alice by ___?___ the hash with a copy of the ___?____.

-Decrypting -Sender's Public Key

Types of trapdoor functions used in asymmetric cryptographic algorithms

-Discrete logarithms -Prime factoring

What is the certificate path?

Certificates are typically issued in a tiered hierarchical chain. The certificate path (sometimes called a chain of trust) maps out the tiers in the chain and shows the association between them.

Triple DES (3DES)

Designed to operate at a relative strength of 2^112 using two different keys to perform the encryption

Which attack is most commonly used against password files?

Dictionary

Unmanaged PKI: The Risks

In descending order of severity: -failing the compliance audits -MITM and phishing attacks -Code signing errors and key misuse -Unexpected outrages due to unmanaged certificate expiration -Server outages due to certificate and key misuse

Because only Alice has a copy of the ___?____ , this process provides non-repudiation.

Sender's Private Key

Why are stream ciphers normally selected over block ciphers?

The high degree of speed behind the encryption algorithms

Known Plaintext

the attacker has access to both the ciphertext and the plaintext versions of the same message. The goal of this type of attack is to find the link — the cryptographic key that was used to encrypt the message.

Encapsulating Security Payload (ESP) contains four sections

-ESP header -ESP payload -ESP trailer -Authentication

advantages symmetric Algorithms

-speed (or throughput rate) -Security -compliance

Accounts to FTP?

Allow

What is a CA?

Organizations, systems and/or servers that issue digital certificates.

Password Attacks

There are three common types of attacks on passwords or keys (besides the ever-popular social engineering). These are brute force, dictionary, and rainbow table attacks. Most systems will store a password as a hash value. A hash is computed on the password entered by the users and stored in the password file (e.g., a SAM file). The next time the user tries to log in, they must enter their password. What they enter is hashed to see if the password entered has the same hash as the hash value stored for the correct password. If the hash is not the same, access is denied. Of course, there are many different types of attacks, all of which are, in essence, designed to discover the necessary keys required to defeat encryption

Internet Security Association and Key Management Protocol (ISAKMP)

-Developed as a way of establishing security associations -Facilitates the exchange and authentication of keys between parties -Makes use of an IPSECKEY type of DNS record as a way of supporting the exchange and validation of keys

Remote access Content protection

-Virtual private network (VPN) -Point-to-Point Tunneling Protocol (PPTP) TCP Port 1723 -Layer 2 Tunneling Protocol (L2TP) UDP port 1701 -OpenVPN

Transport mode and Tunnel mode

Endpoints communicate with IPsec using either transport or tunnel mode. -In transport mode, the IP payload is protected -In tunnel mode, the IP payload and its IP header are protected.

Rainbow Table

Hash functions map plaintext into a hash. Since the hash function is a one-way process, one should not be able to determine the plaintext from the hash itself. There are two ways to determine a given plaintext from its hash: Hash each plaintext until matching hash is found. Hash each plaintext but store each generated hash in a table that can be used as a look-up table, so hashes do not need to be generated again.

IKE use two phases

Phase 1, the partners authenticate with each other. Phase 2, the peers' security associations are established using the secure tunnel and temporary SA created at the end of Phase 1.

Work Factor

The amount of effort necessary to break a cryptographic system, usually measured in total elapsed time.

Ciphertext-Only Attack

The ciphertext-only attack is one of the most difficult because the attacker has so little information with which to start. All the attacker starts with is some unintelligible data that they suspect may be an important encrypted message. The attack becomes simpler when the attacker can gather several pieces of ciphertext and thereby look for trends or statistical data that would help in the attack.

Frequency Analysis

This attack works closely with several other types of attacks. It is especially useful when attacking a substitution cipher where the statistics of the plaintext language are known. In English, for example, some letters will appear more often than others will, allowing an attacker to assume that those letters may represent an "E" or "S."

Chosen Ciphertext

This is similar to the chosen plaintext attack (described below) in that the attacker has access to the decryption device or software and is attempting to defeat the cryptographic protection by decrypting chosen pieces of ciphertext to discover the key. An adaptive chosen ciphertext would be the same, except that the attacker can modify the ciphertext prior to putting it through the algorithm. Asymmetric cryptosystems are vulnerable to chosen ciphertext attacks. For example, the RSA algorithm is vulnerable to this type of attack. The attacker would select a section of plaintext, encrypt it with the victim's public key and decrypt the ciphertext to get the plaintext back. Although this does not yield any new information to the attacker, they can exploit properties of RSA by selecting blocks of data, when processed using the victim's private key, which yields information that can be used in cryptanalysis. The weakness with asymmetric encryption in chosen ciphertext attacks can be mitigated by including a random padding in the plaintext before encrypting the data.

True or False? Perfect confidentially is impossible to achieve.

True- Regardless of the steps an organization or individual takes, there will always be the possibility of a loss or breach. It is important to remember that while confidentially cannot be perfect or absolute, we must try to provide sufficient protection based on a risk assessment aligned to legal or regulatory requirements.

Why does key clustering represent the significant failure of an algorithm?

Two different keys should not generate the same ciphertext from the same plaintext, using the same cipher algorithm.

Fault analysis

attempts to force the system into an error state to gain erroneous results. By forcing an error, gaining the results, and comparing it with known good results, an attacker may learn about the secret key and the algorithm.

Cryptography

is the process of hiding or obscuring the meaning of data or messages, and then recovering that meaning.

Linear Cryptanalysis

known plaintext attack that uses linear approximations to describe the behavior of the block cipher. Given sufficient pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained, and increased amounts of data will usually give a higher probability of success.

Secure Hash Algorithm (SHA) 2

the often-employed naming convention is to use the size of the created message digest to describe the particular SHA2 implementation. In SHA-2, the possible message digests are 224, 256, 384, and 512 bits in length. SHA-224 and SHA-256 use a block length of 512 bits while SHA-384 and SHA-512 use a block length of 1024 bits.

Cryptographic Hygiene

-Keep all algorithm suites and sets updated -Monitor threats intelligence and vulnerabilities -Ensure that session keys, digital certificates and other related materials are properly inventoried, managed and validated -Invest in appropriate key management and storage systems -Establish policies and procedures -Prohibits users and in-house developers from attempting to design their own cryptographic algorithms or systems

How digital signatures and message Encryption work Together

-Message encryption provides confidentiality whereas digital signing provides authentication and non-repudiation

advantages of asymmetric-key Algorithms

-Non-repudiation of origin -Access control -Data integrity -Non-repudiation of delivery

Numerous ways to prove the integrity of communications have been developed over the years, including:

-Parity bits -Checksums -Cyclic Redundancy Checks (CRC) -Message authentication codes (MAC and HMAC) -Hashing

Factors Affecting Risk Exposure

-Strength of the cryptographic mechanisms (e.g., the algorithm, key length, block size, and mode of operation) -Details of the cryptosystem's implementation -Operating environment (e.g., secure limited access facility, open office environment or publicly accessible terminal) -Volume of information flow or the number of transactions -Security life of the data -Security function (e.g., data encryption, digital signature, key production or derivation, key protection) -Re-keying method (e.g., keyboard entry, re-keying using a key loading device where humans have no direct access to key information, remote re-keying within a PKI) -Key update or key derivation process Number of nodes in a network that share a common key -Number of copies of a key and the distribution of those copies -Threat to the information (e.g., whom the information is protected from, and what are their perceived technical capabilities and financial resources to mount an attack)

Standards for financial Institutions and Segregation of Duties and split Knowledge

-The ANSI X9.17 approach is based on a hierarchy keys. -at the top of the hierarchy are master key-encrypting keys (KKMs) -At the bottom of the hierarchy are data keys (DKs)

attacks on hashing algorithms and message authentication codes

-The Birthday Paradox -Salting -Message Authentication code (MAC) - Hash Message Authentication Code (HMAC)

Several important factors to consider when choosing and implementing a key generation process are:

-The number of unique keys you need in use, across your total set of users and systems, at any one time. -The average and maximum time that keys remain valid. -The size of the required key space, and the distribution of keys across that space.

Hashing four main properties

-Useful -Non-reversible -content integrity assurance -uniqueness

All of the following are key characteristics of public-key infrastructures

-Uses third-party key distribution centers -Can produce a digital signature -Relies on large prime number factoring

Kerckhoffs' and Shannon's views about "the enemy knows our system"

-Using secure protocols between two (or more) parties requires handshaking. -Building a new trust relationship between strangers is best done by not telling each other secrets -The wisdom of the crowd of cryptographers helps friend and foe alike.

The two parts of the XML key management specification 2.0 are:

-XML key information service specification (X-KISS) -XML key registration service specification (X-KRSS)

Certificate authority (CA)

-creates a certificate based on the X509 version 3 standard. -can revoke certificates and provide an update service to the other members of the PKI via certificate revocation list (CRL).

Segregation of duties

-often assisted if not firmly anchored on the use of hardware security managers (HSMs)

Registration authority

-provide the facility for entities to submit requests for certificate generation. -Responsible for ensuring the accuracy of certificate request content.

Data Encryption Standard (DES)

A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks. Original standard for U.S. federal government.

guidance for storage of cipher keys include

All centrally stored data that is related to user keys should be signed or have a MAC applied to it for integrity and encrypted, if confidentiality is required (all user secret keys and CA private keys should be encrypted). Individual key records in a database, as well as the entire database, should be signed or have a MAC applied to it and encrypted. To enable tamper detection, each individual key record should be signed or have a MAC applied to it so that its integrity can be checked before allowing that key to be used in a cryptographic function. Backup copies should be made of central/root keys, since the compromise or loss of those components could prevent access to keys in the central database, and possibly deny system users the ability to decrypt data or perform signature verifications. Provide key recovery capabilities. There must be safeguards to ensure that sensitive records are neither irretrievably lost by the rightful owners nor accessed by unauthorized individuals. Key recovery capabilities provide these functions. Archive user keys for a sufficiently long crypto period. A crypto period is the time during which a key can be used to protect information. It may extend well beyond the lifetime of a key that is used to apply cryptographic protection (where the lifetime is the time during which a key can be used to generate a signature or perform encryption). Keys may be archived for a lengthy period (on the order of decades), so that they can be used to verify signatures and decrypt ciphertext.

Secure and Fast Encryption Routine (SAFER)

All of the algorithms in SAFER are patent-free. The algorithms were developed by James Massey and work on either 64-bit input blocks (SAFER-SK64) or 128-bit blocks (SAFER-SK128). A variation of SAFER is used as a block cipher in Bluetooth.

encryption is used for the exchange of the key over an insecure channel, because it uses a key pair: the sender's public key to encrypt and the receiver's private key to decrypt.

Asymmetric

IMI must protect patient data, because consequences to patients could be dire.

Authentication

Within IMI this applies to research data, financial records, personnel records, etc. Of course, IMI is producing imaging equipment for field use and, as such, this will need to extend to patient data produced in the field.

Confidentiality

Benefits of cryptography

Confidentiality Integrity Authentication Non-repudiation Access control Privacy Safety

True or False? Confidentiality is more important to an organization than integrity

False-It is almost impossible to make a carte blanch statement about these two different requirements. Certainly, there may be situations where one overrides the other, but that would have to be evaluated on a case-by-case basis.

But while symmetric encryption is fast and strong, it does rely on the use of a _____________, which must be exchanged often over an insecure channel.

Pre-Shared Key

Bob decrypts the encrypted message by using a copy of the encrypted ____?_____ produced by Alice.

Pre-shared Key (symmetric)

This applies to all of IMI's customers, contractors and staff, and it extends to patients.

Privacy

Which of the following is NOT on a digital certificate?

Receiver's digital signature

ECC encryption had not initially gained much traction in the world of asymmetric cryptography, losing out to the much more commonly implemented RSA. That is changing, though. Which statement best explains why this is changing?

Since ECC delivers far greater security for the same size key than RSA does, ECC is becoming more of a de facto standard in the marketplace.

encoding

The process of breaking the input plaintext then substituting the entire symbol set for another drawn from a codebook.

In Electronic Code Book (ECB) mode, data is encrypted using

The same cipher for every block of a message.

Digital signatures

are created by encrypting a digest of a message with the private key of the sender. The digest of the message proves the integrity of the message and the encryption of the digest with a private key proves who sent the message. The purpose of a digital signature, therefore, is to prove message integrity and establish non-repudiation such that the person who sent the message cannot later deny sending it. Note that the message itself is not confidential — that is not a feature of digital signatures.

What is a digital certificate and what are they used for?

They are electronic credentials used to assert online identities. Used to assert individuals and computers.

You are working for a public utility company that provides retail energy services to residential and business consumers. The company is evaluating proposals for smart metering systems that would use mobile phone technologies to send information from the meter to central processors for billing. Some of the people on your team argue that the data links from these smart meters do not need to use encryption, as this will add extra cost to the overall system. How would you respond?

We do need to protect both the identity of the consumer, their account information, and their usage data, so that's a good reason to include it in the design.

RC4

a stream-based cipher, was developed in 1987 by Ron Rivest for RSA Data Security and has become the most widely used stream cipher, being deployed, for example, in WEP. RC4 uses a variable-length key ranging from 8 to 2048 bits (1 to 256 bytes) and a period of greater than 10100. In other words, the keystream should not repeat for at least that length. The key is used to initialize a state vector that is 256 bytes in length and contains all possible values of 8-bit numbers from 0 through 255. This state is used to generate the keystream that is XORed with the plaintext. The key is only used to initialize the state and is not used thereafter. Because no transposition is done, RC4 is considered by some cryptographers to be theoretically weaker. The U.S. federal government through the NIST bans its use for protecting sensitive data for federal agencies and their contractors.

Pseudorandom numbers

are those generated by a deterministic set of equations or processes. These processes start with an initialization set of parameters (which might be called a seed, or an initialization vector or by another name). These algorithms are called repeatedly to generate a sequence of results, just like a sequence of keys. The important point is that every time you run that algorithm with the same starting set of parameter values, you get the same sequence of random numbers produced by that algorithm. So, they're not exactly random. Anyone with the same algorithm and the same seed or IV will get the same results.

Rijndael

can be used with block sizes of 128, 192, or 256 bits. The key can also be 128, 192, or 256 bits, with a variable number of rounds of operation depending on the key size. Using AES with a 128-bit key would do 10 rounds, whereas a 192-bit key would do 12 and a 256-bit key would do 14. Although Rijndael supports multiple block sizes, AES only supports one block size

disadvantages of Asymmetric-Key Algorithms

computational intensiveness results in extreme slowness

Certificate Signing Request (CSR)

contain the data required by the relevant certificate standard, normally X.509v3 identifies: -The entity -Physical and internet addresses -Point of contact -URL -Public Key

Counter mode with Cipher Block chaining message Authentication Code Protocol

defined in the IETF RFC 3610 and is included as a component of the 802.11i IEEE standard. Requires: 128-bit keys 128-bit block size 48-bit IV to minimize replay attack vulnerabilities

XML key registration service specification (X-KRSS)

describes a protocol for registration of public key information

XML key information service specification (X-KISS)

describes a syntax that allows a client to delegate part or all of the tasks required to process XML Signature <ds:KeyInfo> elements to a trust service.

Key Storage and Destruction

in order to guard against a long-term cryptanalytic attack, every key must have an expiration date after which it is no longer valid. The key length must be long enough to make the chances of cryptanalysis before key expiration extremely small. The validity period for a key pair may also depend on the circumstances in which the key is used. A signature verification program should check for expiration and should not accept a message signed with an expired key. The fact that computer hardware continues to improve makes it prudent to replace expired keys with newer, longer keys every few years. Key replacement enables one to take advantage of any hardware improvements to increase the security of the cryptosystem.

A loss of this element could result in serious hardship or worse, to the patients of IMI's clients.

integrity

RIPEMD-160

is a hash function that produces 160-bit message digests using a 512-bit block size. RIPEMD was produced by a collaborative effort of European cryptographers and is not subject to any patent restrictions.

Blowfish

is a symmetrical algorithm developed by Bruce Schneier. It is an extremely fast cipher and can be implemented in as little as 5K of memory. It is a Feistel-type cipher in that it divides the input blocks into two halves and uses them in XORs against each other. However, it varies from the traditional Feistel cipher in that Blowfish does work against both halves, not just one. The Blowfish algorithm operates with variable key sizes, from 32 up to 448 bits on 64-bit input and output blocks. One of the characteristics of Blowfish is that the S-boxes are created from the key and are stored for later use. Because of the processing time taken to change keys and recompute the S-boxes, Blowfish is unsuitable for applications where the key is changed frequently or in applications on smart cards or with limited processing power. Blowfish is currently considered unbreakable (using today's technology), and in fact, because the key is used to generate the S-boxes, it takes over 500 rounds of the Blowfish algorithm to test any single key.

Key Length

is another important aspect of key management to consider when generating cryptographic keys. Key length is the size of a key, usually measured in bits or bytes, which a cryptographic algorithm uses in ciphering or deciphering protected information. Keys are used to control how an algorithm operates so that only the correct key can decipher the information.

cryptology

is the formal science that deals with the study and application of mathematics, linguistics and other sciences to understand and develop cryptographic systems, which (as the name suggests) are elements, components and processes integrated together to perform a required set of cryptographic functions or operations.

key space

is the set of all of those possible keys, whether a given cryptosystem uses them all or not. Since almost all key spaces are represented by numbers, typically expressed in base 2, base 10 or base 16, then the number of possible digits in a key raised to the base gives us the key space size.

Benefits of an ECC Public Key

its easier to achieve high levels of protection because ECC public keys are smaller.

By reversing this key usage, it is also possible to digitally sign a message to provide ___________ and, thus, non-repudiation.

proof of origin

Steganography

refers to the ability to send a hidden message so that no one even knows about the presence of the message. This has been done for centuries through null ciphers, invisible ink, microdots and other secret means of communication. Steganography today often uses videos, pictures and music to carry a hidden message that can be buried in the least significant bit of each byte of the picture. This makes the very presence of the hidden message difficult to detect or read without possessing the correct steganography tool.

Methods for protecting stored keying material

trusted, tamper-proof hardware security modules (HSMs), passphrase-protected smart cards, key wrapping the session keys using long-term storage KEKs, splitting cipher keys and storing in physically separate storage locations, protecting keys using strong passwords/ passphrases, key expiry

MD5

uses a 512-bit block and generates a 128-bit message digest as well but does so over four rounds of operation along with several mathematical tweaks including a unique additive constant that is used during each round to provide an extra level of non-repudiation assurance. Nevertheless, there are numerous easy and well-published exploits available for creating hash collisions in an MD5-enabled environment. As defined early in this chapter, a collision occurs if two different messages would generate the same hash value. This would undermine the confidence in the integrity of the message.

Key wrapping

uses symmetric ciphers to securely encrypt (thus encapsulating) a plaintext key along with any associated integrity information and data. is protecting session keys in untrusted storage or when sending over an untrusted transport.

MD4

was created in 1990 and also generates a 128-bit message digest using a 512-bit block but does so through only three rounds of operation. MD4 is a popular choice among file-sharing and synchronization applications, although there are several well-published compromises that severely limit the non-repudiation qualities of an MD4 hash.

HAVAL

was created in the mid-1990s as a highly flexible and configurable hash function. With HAVAL, the implementer can create hashes of 128, 160, 192, 224, and 256 bits in length, using a fixed block size of 128 bits and 3, 4 or 5 rounds of operation

International Data Encryption Algorithm (IDEA)

was developed as a replacement for DES by Xuejia Lai and James Massey in 1991. It uses a 128-bit key and operates on 64-bit blocks. It does eight rounds of transposition and substitution using modular addition and multiplication, and bitwise exclusive-or (XOR).

RC5

was developed by Ron Rivest of RSA and is deployed in many of RSA's products. It is a very adaptable product useful for many applications, ranging from software to hardware implementations. The key for RC5 can vary from 0 to 2040 bits, the number of rounds it executes can be adjusted from 0 to 255, and the length of the input words can also be chosen from 16-, 32-, and 64-bit lengths.

CAST

was developed in 1996 by Carlisle Adams and Stafford Tavares. CAST-128 can use keys between 40 and 128 bits in length and will do between 12 and 16 rounds of operation, depending on key length. CAST-128 is a Feistel-type block cipher with 64-bit blocks. CAST-256 was submitted as an unsuccessful candidate for the new AES. CAST-256 operates on 128-bit blocks and with keys of 128, 192, 160, 224, and 256 bits. It performs 48 rounds and is described in RFC 2612.

Message Digest (MD) 2

was first created in 1989 and forms a 128-bit message digest using a 128-bit block through 18 rounds of operation. Although it is considered to be older than is ideal, MD2 is still used in certain PKI environments where it is used in the generation of digital certificates.

key clustering

which is when different keys actually end up generating the same ciphertext from the same plaintext input. This shows that there are fundamental flaws in the algorithm, its implementation, or use, and would result in the compromise of one of a clustered set of keys to put ciphertext produced with other keys (in that cluster) at risk.

stream based algorithms

work on a continuous flow of input symbols for the plain text and keystream and encrypt one symbol at a time.