15.1 Notes
A user needs to communicate securely with five other users using symmetric key encryption. How many keys are required?
50 keys are required.
RC6
A block cipher based on RC5 that uses the same key size, rounds, and block size. A cipher that has three key sizes (128,192, and 256 bit) and performs 20 rounds on each block.
Algorithm
A cipher or algorithm is the process or formula used to convert a message or otherwise hide its meaning. Examples of algorithms include: - A transposition cipher, also called an anagram, which changes the position of characters in the plain text message. - A substitution cipher, which replaces one set of characters with symbols or another character set. A code substitutes hidden words with unrelated terms. - A one-time pad is a cryptography method in which plain text is converted to binary and combined with a string of randomly generated binary numbers, referred to as the pad. It is a form of substitution.
Secure Hashing Algorithm (SHA)
A cryptographic function that produces a hash value for input data.
Digital Signature Algorithm (DSA)
A federal standard for digital signatures that uses modular exponentiation and the discrete logarithm problem.
Symmetric encryption
A form of cryptography that provides confidentiality with a weak form of authentication or integrity.
Extensible Authentication Protocol (EAP)
A framework that provides a standardized method to negotiate wireless authentications between wireless devices.
Blowfish
A keyed symmetric block cipher that was intended to be free of the problems associated with other algorithms and replace DES. A strong symmetric block cipher. It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits. Compare with Twofish. Blowfish is a keyed symmetric block cipher that was intended to be free of the problems associated with other algorithms and replace IDEA and DES
Cipher/Algorithm
A process or formula used to convert or otherwise hide the meaning of a message.
Elliptic Curve Cryptography (ECC)
A public-key cryptography method that is based on groups of numbers in an elliptical curve.
Rivest, Shamir, Adleman (RSA)
A public-key cryptosystem that is used for secure data transmission.
Public key infrastructure
A security architecture often used to ensure data transmissions between entities are validated and secure.
What is public key infrastructure (PKI)?
A series of certificate authorities (CAs) that enable users to manage public encryption. The glue that holds crypto together - PKI is the solution for exchanging and validating keys across a wide geographical area (relying on Certificate Authorities (CA) / trusted entities).
Twofish
A symmetric block cipher that permits a wide variety of tradeoffs between speed, software size, key setup time, and memory.
Ron's Code v5 (RC5)
A symmetric cryptography method that implements a symmetric-key block cipher cryptographic algorithm produced by RSA Security, Inc.
Encryption Algorithm (IDEA)
A symmetric cryptography method that is a minor revision of an earlier PES (Proposed Encryption Standard). It uses 64-bit blocks with 128-bit keys and is used by Pretty Good Privacy (PGP) email encryption.
International Data Encryption Algorithm (IDEA)
A symmetric encryption algorithm used in a variety of systems for bulk encryption services.
Stream cipher
A symmetric encryption that is performed on each bit within a stream of data in real time.
Ron's Cipher v6 or Ron's Code v6 (RC6)
A symmetric-key block cipher cryptographic algorithm that was produced by RSA Security, Inc.
Key
A variable in a cipher that is used to encrypt or decrypt a message.
Data Encryption Standard (DES)
A very popular symmetric cryptography method created by the National Security Agency (NSA). It was one of the first symmetric encryption methods. It is now obsolete due to known weaknesses.
Message Digest Function (MD5)
An algorithm that produces a value of 128 bits with 32 hexadecimal characters.
Ciphertext
An encrypted form of a communication that makes the communication unreadable to all but those who have the decryption cipher or key. Ciphertext is the encrypted form of a message that makes it unreadable to all but those the message is intended for.
Asymmetric encryption
An encryption method that uses two mathematically related keys called a key pair.
Triple DES (3DES)
An enhanced version of DES that corrects DES's known weaknesses.
Advanced Encryption Standard (AES)
An iterative symmetric block cipher that was developed as a replacement for DES in 2001.
For which type of environment is asymmetric cryptography best suited?
Asymmetric cryptography is scalable for use in very large and ever expanding environments where data are frequently exchanged between different communication partners. With asymmetric cryptography: Each user has two keys: a public key and a private key.
Why does asymmetric encryption require fewer keys than symmetric encryption?
Because asymmetric encryption is a more complicated process than its symmetric counterpart, the time required is greater. However, this type of encryption offers a higher level of security as compared to symmetric encryption since the private key is not meant to be shared and is kept a secret.
Block
Block ciphers encrypt by transposing plain text to ciphertext in chunks (block by block). Block ciphers are fast and can process large amounts of data.
Challenge-Handshake Authentication Protocol (CHAP)
Challenge-Handshake Authentication Protocol is a procedure that uses a challenge/response (three-way handshake) mechanism to protect passwords.
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange is an asymmetric algorithm that generates symmetric keys simultaneously at sender and recipient sites over non-secure channels.
Digital certificates
Electronic passwords created using PKI that allow secure data exchange over the internet. Digital certificates are electronic passwords. They associate the identity of a person or entity with a public/private key pair.
Comodo
Offers a wide range of PKI services including a strong SSL encryption available in either 128- or 256-bit encryption.
Where is PKI used?
PKI is used in a number of different ways. It's used in smart card logins, encryption of XML documents, secure email messaging and client system authentications. In all those cases where data security is of paramount importance, PKI is used.
How do public keys differ from private keys? What is the relationship between the two?
Private Key is used to both encrypt and decrypt the data and is shared between the sender and receiver of encrypted data The public key is only used to encrypt data and to decrypt the data, the private key is used and is shared.
IdenTrust
Provides CA services for several vertical entities such as banks, corporations, government, and healthcare.
GoDaddy
Provides SSL certificates for both business and personal use. GoDaddy offers simple services with pricing to match and a complete range of certificates that comply with CA and internet browser forum guidelines.
RC4 (Rivest Cipher 4)
RC4 (Rivest Cipher 4) is a stream cipher. RC4 is a stream cipher designed by Ron Rivest. It is used in many applications including Transport Layer Security (TLS), Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and so on. RC4 is fast and simple. However, it has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, nonrandom or related keys are used, or a single keystream is used twice. Some ways of using RC4 can lead to very insecure cryptosystems such as WEP.
RC5
RC5, or Rivest Cipher 5, is a fast block cipher. It is different from other symmetric algorithms in that it supports a variable block size, a variable key size, and a variable number of rounds. Allowable choices for the block size are 32, 64, and 128 bits. The number of rounds can range from 0 to 255 and the key can range up to 2,040 bits.
RC algorithms
Series of variable key length symmetric encryption algorithms developed by Ronald Rivest
Stream
Stream ciphers use a sequence of bits known as a keystream, which is the key used for encryption. The encryption is performed on each bit within the stream in real time. Common uses for symmetric key stream ciphers include ATM card PINs and smart cards. Stream ciphers are best used for small amounts of data, usually less than 64 bits.
What is the difference between a transposition cipher and a substitution cipher?
Substitution ciphers differ from transposition ciphers. In a transposition cipher, the plaintext is repositioned, but the letters are left unchanged. In contrast, a substitution cipher maintains the same sequence of the plaintext and modifies the letters themselves.
Symmetric Encryption Characteristics
Symmetric encryption is a form of cryptography that provides confidentiality with a weak form of authentication or integrity. Symmetric encryption is well-suited for bulk encryption of less sensitive data because it is less CPU-intensive than other encryption methods.
Block cipher
Symmetric encryption that transposes plain text to ciphertext in chunks (block by block).
How are symmetric keys typically exchanged between communication partners?
Symmetric key encryption, (also known as secret key encryption, pre-shared key or private key encryption) uses only one key to encrypt and decrypt data. It is well suited for bulk encryption of less sensitive data because it is less CPU-intensive than other encryption methods.
Validation authority (VA)
The PKI component used to verify the validity of a digital certificate by way of the X.509 standard and RFC 5280. The validation authority (VA) is used to verify the validity of a digital certificate using the X.509 standard and RFC 5280. The VA also stores certificates with their public/private keys.
End user
The end user is the consumer who requests and uses certificates. Most of the activities involved in PKI are transparent to the user. For example, an individual might go to a website and complete a transaction, such as online banking or shopping, without being aware of the processes that take place to secure the transaction.
Registration authority (RA)
The entity that acts as the verifier for the CA. The registration authority (RA) acts as the verifier for the CA. While, in many instances, the CA handles certificate registration, the CA may offload its registration and validation when an organization is geographically dispersed or PKI resources increase.
Cryptanalysis
The method that is used to recover data that has been encrypted without having access to the key used in the encryption process. Cryptanalysis is not a symmetric algorithm type, but a cryptography term meaning the method of recovering original data that has been encrypted without accessing the key used in the encryption process.
Certificate authority (CA)
The organization that issues the digital certificate and is also the controller of the PKI certificates. The certificate authority (CA) is the organization that issues the digital certificate. The CA is also the controller of the PKI certificates. The CA, in a sense, mints the certificate and specifies critical pieces of information such as the organization name and the certificate expiration date. The private key certificate on the hosted website is checked against the CA to ensure it is valid and authentic. If the certificate is expired or the company name is different, the user will receive a warning stating the site failed the authenticity check.
Certificate management system
The primary component that manages the certificate process. The certificate management system is the primary component of PKI. It manages the certificate process and creates key pairs, which consist of public and private keys. It stores the private key for the host and helps to ensure private key safety. It distributes the public key to those who will access the system. PKI works to ensure the continued authenticity of the keys and verifies certificates.
Decryption
The process of converting data from ciphertext into plain text so that it can be read.
Steganography
The process of hiding data or a message so that only the sender and the recipient suspect that the hidden data exists. Steganography is a cryptography term that means to hide data or a message so that only the sender or the recipient suspects that the hidden data exists. Stenographic messages are in clear text.
Encryption
The process of using an algorithm or cipher to transform data from clear text to ciphertext. The intent is to protect the confidentiality, integrity, and authenticity of the message. Cryptanalysis is the method of recovering original data that has been encrypted without having access to the key used in the encryption process. This can be done to measure and validate the strength of a cryptosystem. It can also be done to violate the confidentiality and/or integrity of a cryptosystem.
Plain text
The readable form of communication that is visible to everyone. Plain text is the readable form of an encrypted message. The term plain text should not be confused with the term clear text, which is information that is not encrypted. Plain text is information that will eventually be input into an encryption algorithm.
Cryptography
The science and study of concealing information that is used in electronic communication to protect the privacy of passwords, secret keys, and data.
Common Certificate Authorities
There are several CAs that issue PKI digital certificates and provide strong Secure Sockets Layer (SSL) encryption for secure communications such as email, banking, and trading. Some are well known, and others service more vertical markets that cater to the specific necessities requiring specialized services.
What are the key components of PKI?
There are three key components: digital certificates, certificate authority, and registration authority.
Key Length
Using longer keys reduces the possibility of successful attacks by dramatically increasing the number of possible unique key combinations. Increasing the size of a symmetric key by just one bit doubles the amount of effort that is required to conduct an exhaustive key search attack.
What is the advantage of increasing the number of bits in the key? What is a disadvantage?
Using longer keys reduces the possibility of successful attacks by dramatically increasing the number of possible unique key combinations. Increasing the size of a symmetric key by just one bit doubles the amount of effort that is required to conduct an exhaustive key search attack. Doubling the size of the key actually squares the amount of effort required to discover the key.
