Moudle 15-16 Cryptographic Services

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Public Key Infrastructure (PKI)

Asymmetric encryption algorithm based on the assumption that the two communicating parties have not previously shared a secret key

Brute-force method

Attack tries every possible key knowing that eventually one of them will work

Guarantees that a message comes from the source that it claims to come from

Authentication

In banking, it can be achieved by requiring a secure personal identification number (PIN) at an ATM

Authentication

Three primary objectives of securing communications?

Authentication, Integrity, Confidentiality

Key Generation

Automated generation of akey.

Methods of cracking code

Brute-force method Ciphertext method Known-Plaintext method Chosen-Plaintext method Chosen-Ciphertext method Meet-int-the-Middle method

Symmetric keys

Can be exchanged between two routers supporting a VPN

Frequency analysis of English alphabet

Characters in the English alphabet that is used more often than others. The letters E,T,A are the most popular letters The letters J,Q,X,Z are the least popular.

OTP inner workings

Combines character by character with the plaintext message to produce the ciphertext. To decipher the ciphertext, the same paper tape key was again combined character by character, producing the plaintext. It's only supposed to used once, if used correctly it's immune to an cryptanalytic attack.

A key is required to encrypt and decrypt a message

Confidentiality

Encryption and hashing are used to make certain that only authorized entities can read the message

Confidentiality

Ensures privacy so that only receiver can read the message.

Confidentiality

SHA-1

Creates a 160-bit hashed message is slightly slower than MD5. Known flaws and is a legacy algorithm

authenticity versus non repudiation

Data exchange between two computer of the same company versus a data exchange between a customer and an e-commerce website

What are two objectives of ensuring data integrity?

Data is not changed by unauthorized entities, Data is unaltered during transit

SHA-2

Developed by the NSA SHA-224(224 bit) SHA-256(256 bits) SHA-384(384 bit) SHA-512(512 bit) The SHA-256, SHA-384, SHA-512 should be used whenever possible

verifying the HMAC value

Digest that is calculated by the receiving device is equal to the digest that was sent, the message has not been altered. Sender can be authenticated, because they have a copy of the shared secret key.

Ciphertext

Encrypted version is called encrypted text

Key

Encrypts and decrypts a message.

Hash function

Ensures data confidentiality, transforms a string of characters into a usually shorter, fixed-length value or key that represents the original string

Authentication methods

Entering a PIN, data non repudiation which means that a device cannot repudiate or refute the validity of a message sent.

Key Revocation and Destruction

Erases old keys in a way that malicious attacks can't recover them and also alerts all interested parties that a certain key has been compromised.

Data integrity trivia

European nobility ensured data integrity of documents by creating wax seals to close an envelope, as shown in the figure. The seal was often cretaed using a signet ring. These bore the family crest, initials, a portrait or a personal symbol or motto of the owner of the signet ring.

Refer to Chart 3. What is the plaintext value for the encrypted text FMVMXIBKGVW?

F = U M = N V = E M = N X = C I = R B = Y K = P G = T V = E W D UNENCRYPTED

Ex key length and key size

2^2 bit (2^2 key length) and has a key space of 4 because 4 possible keys

keyspace and key length examples

3 bit (2^3) key length increase = keyspace of 8. Eight possible keys. (000, 001, 010, 011, 100, 101, 110, 111) 4-bit (2^4) key length = keyspace of 16 possible keys 40-bit(2^40) key length = keyspace of 1,099,511,627,776 possible keys.

Confidentiality algorithms

3DES (legacy), Advanced Encryption Security (AES)

DES keyspace

56 bits keys has a keyspace of more than 72,000,000,000,000,000.

Refer to Chart 2 What is the encrypted text for the word AUTHENCITY?

A = U U = O T = N H = B E = Y N = H C = W I = C T = N Y = S

What is computationally infeasible for hash functions?

For two different sets of data to come up with the same hash output. hash values changes every time the data is changed or altered. Also called digital signatures due to the ability to detect duplicate data files, file version changes, and similar applications.

MD5 hashing

Guarantees that no one intercepted the message and altered it

Data Confidentiality

Guarantees that only authorized users can read the message. Implemented using symmetric and asymmetric encryption.

Origin authentication

Guarantees that the message is not a forgery and does actually comes from whom it states

Data nonrepudiation

Guarantees that the sender cannot repudiate, or refute, the validity of a message sent THEY CANNOT DENY THAT THIS IS NOT THEM

Origin Authentication protocols

HMAC (Hash based message authentication code)

Authenticity Protocols

HMAC-MD5 (legacy), HMAC-SHA-256, RSA and DSA

Refer to chart 3 What is the encrypted value of the word INTEGRITY

I = R N = M T = G E = V G = T R = I I = R T = G Y = B

Brute Force scenarios

If a thief attempted to steal a bicycle secured with the combination lock displayed in the figure, they would have to attempt a maximum of 10,000 different possibilities (0000 to 9999) On average brute-force attacks succeeds about 50 percent of the way throught the keyspace, which the set o fall possible keys

Most attacks are focused on ___

The key management level, rather than at the cryptographic algorithm itself

What happens when the key length increases?

The keyspace also increase. 2bit (2^2) key length has a keyspace of 4.

What is cryptology?

The science of making and breaking secret codes

Confidentiality

This guarantees that if the message if captured, it cannot be deciphered. The receiver can read the message. This is provided using symmetric or asymmetric encryption algorithms

Integrity

This guarantees that no one intercepted the message and altered it; similar to a checksum function in a frame. This is provided by the implementing the SHA-2 or SHA-3 family of hash-generating algorithms

Authentication

This guarantees that the message is not a forgery and actually comes from the authentic source. Modern networks ensure authentication using hash message authentication code (HMAC)

What is the purpose of a nonrepudiation service in secure communications?

To ensure that the source of the communications is confirmed

Refer to Chart 1. What is the encrypted text for the term ENCRYPTION?

Top row is cleartext encoded text values are in the bottom row e = a n = j c = Y r = N y = U p = L t = P i = E o = K n = J

What cipher method does 3DES use as part of the algorithm?

Transposition

Refer to the exhibit which type of cipher method is depicted?

Transposition cipher, no letters are replaced, they are simply rearranged.

Data integrity protocols

Use Secure Hash Algorithm (SHA-2 or SHA-3 ) The MD5 message digest algorithm is still widely in use. However, it is inherently insecure and creates vulnerabilities in a network. Note that MD5 should be avoided

Data Confidentiality algorithms

Using asymmetric algorithms, including Rivest, Shamir, and Adleman (RSA) and the public key infrastructure (PKI) .

Complex Substitution cipher

Using the Vigenere Cipher Table, you can use a secret key (SECRETKEY) and then intersect those letters with your plain text, which creates a cipher text The F(Flank is encoded by looking at the intersection of column F and the row starting with S (SECRETKEY), resulting in the cipher letter x.

History of cryptanalysis

Vigenere was broken in the 19th century by English cryptographer Charles Babbage Mary Queen of Scots was plotting to overthrow Queen Elizabeth I from the throne, her scheme was found out and was beheaded in 1587. Enigma-encrypted communications were used by the Germans to navigate and direct their U-boats in the Atlantic.

Key Verification

Weak keys can be identified and regenerated to provide a more secure encryption.

Storing between hashing and encryption

With encrypted text, data can be decrypted with a key. With the hash function, after the data is entered and converted using the hash function, the plaintext is gone. Hashed data is there for comparison. Ex. User enters a password, password is hashed and then compared to the stored hashed value. If user forgets the password, it is impossible to decrypt the stored value, and the password must be reset.

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

confidentiality

What objective of secure communications is achieved by encrypting data?

confidentiality

What is the practice and study of determining the meaning of encrypted information, without access to the shared secret key?

cryptanalysis

Hash algorithm equation

h = H(x) H takes a input from x and returns a fixed string h.

Why would HMAC be used to help used to secure the data as it travels across various links

it's a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source

What is the term for when a device cannot refute the validity of a message that it has received?

non repudiation

Known-Plaintext method

The attacker has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext

Substitution ciphers

Substitute one letter for another. Retains the letter frequency of the original message. Caesar cipher was a simple substitution cipher. Basically shifting the letters by left or right (depending on the key)

What is a cipher that replaces one letter for another, possibly retaining the letter frequency of the original message?

Substitution

Ciphertext method

The attacker has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext

Meet-in-the-Middle method

The attacker knows a portion of the plaintext and the corresponding ciphertext

Cryptanalysis

The breaking of these codes

Cryptography

The development and use of codes

Chosen-Ciphertext method

The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext

Chosen-Plaintext method

The attacker chooses which data the encryption device encrypts and observes the ciphertext output

Hash algorithm equation properties

Input can be any length, output is a fixed league. It's relatively easy to compute for any given x, H(x) is one way and not reversible, It's collision free, meaning that two different input values will result in different hash values.

Ensures that messages that are not altered in transit

Integrity

The receiver can verify that the received message is identical to the sent message and that no manipulation occurred.

Integrity

OTP (one-Time pad ciphers)

Invented by Gilber Vernam at AT&T Bell Labs in 1917, invented and patented the stream cipher, co-invented the one-time pad cipher

Advanced Encryption Standard (AES)

Is a popular symmetric encryption algorithm where each communicating partly needs to know the pre-shared key

Cryptology

Is the science of making and breaking secret codes. Cryptology = crytography + cryptanalysis

How do you prove that algorithm is secure?

It can proven that it is not vulnerable to known crypt analytic attacks. Therefore there is a need for mathematicians, scholars, and security forensics experts to keep trying to break the encryption methods.

Cryptographic Hash Functions

It's easy to grind coffee beans, but it's impossible to put the tiny pieces back together. Plaintext goes into a hash function which takes this variable block of binary block and produced a fixed-length, condensed representation, called the hash. The resulting hash is also sometimes called message digest, digest or digital fingerprint.

Key length

Key size, measured in hits

What does it mean that the security of the encryption lies within the __

Keys, not the algorithm. With most modern algorithms, successful decryption requires knowledge of the appropriate cryptographic keys.

Integrity Protocols

MD5 (legacy, faster tho), Hash Algorithm 2 (SHA2 or SHA).

Hash functions

MD5 with 128-bit digest Developed by Ron Rivest and used in in variety of internet applications, MD5 is a one-way function that produces a 128-bit hashed message. (SHA-2 or SHA3 should be used)

Key Storage

Modern OS, keys are stored in memory. Possible problem is when a Trojan Horse is installed, the PC of a user could have access to the private keys of the user.

History of cryptology

National security organizations employ practitioners of both disciplines and put them to work against each other. Hundred Years War between France and England, the cryptanalysts were leading the cryptographers, and then the British cracked it. Successful cracking of encrypted codes and messages had a major impact on the outcome of World War II, currently it is believed that cryptographers are in the lead.

SHA-3

Newest hashing algorithm and was introduced by the National Institute of Standard of Technology and as an alternative for SHA-2 SHA-3 includes SHA-3-224 (224bit) SHA3-256 (256 bits) SHA3-384(384 bits) SHA3-512(512 bit) Should be used whenever possible Cannot be used to guard against deliberate changes that are made by a threat actor. It's vulnerable to MITM attacks, the threat actor can intercept a message, change it, recalculate the hash, and append it to the message. We need origin authentication as well.

Transposition ciphers

No letters are replaced, but rearranged. Also known as rail fence cipher. Modern encryption block cipher algorithms such as AES and legacy 3DES use transposition as part of the algorithm

Keyspace

Number of possibilities that can be generated by a specific key length

Vigenere cipher

Polyalphabetic ciphers was orignally by Giovan Battista Bellaso in 1553, but the scheme was later misattributed to the Frnech diplomat and cryptographer, Balise de Vigenere

Weak keys identification

Producing 16 identical subkeys. This occurs when the key bits are alternating ones and zeroes (0101010101010) Alternating F and E (FEFEFEFEFEFEFE) E0E0E0E0E0E0E0E0 1F1F1F1F1F0E0E0E0E

What is an example of the transposition cipher?

Rail fence

Difficulties of OTP

Random data isn't truly random, computers have a mathematical foundation and aren't capable of creating random data. Key is easy to break if used more than once, RC4 is an exmaple of this cipher that is widely used on the internet.

Plaintext

Readable data

Key Lifetime

Short key life improves the security of legacy ciphers. In IPsec 24-hours lifetime is typical, however 30 mins improves the security of algorithms as well.

Key Exchange

Should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party

What is the focus of cryptanalysis?

breaking encrypted codes

What is a method of cryptanalysis in which an attacker tries every possible key knowing that eventually one of them will work?

brute-force

As data is being stored on a local hard disk, which method would secure the data from unauthorized access?

data encryption

A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure?

data integrity

Which type of attack allows an attacker to use a brute force approach?

password cracking, social engineering, brute-force attacks, network sniffing

Only the sender and the receiver knows the

secret key, and the output of the hash function now depends on the input data and the secret key. If two parties share a secret key and use HMAC functions for authentication, a properly constructed HMAC digest of a message that a party has received indicates that the other party was the originator of the message.


Ensembles d'études connexes

Final Exam - Extra Credit (1 hr)

View Set

Chapter 6-Foundations of Business Intelligence: Databases and Information Management

View Set

Resource Prices and Utilization: SmartBook

View Set

Maternal Newborn Success - Intrapartum

View Set