Domain 6: Cryptography (11%)

Symmetric Algorithms

(B)lowfish, Twofish (R)C5 (Rivest Cipher) (A)dvanced Encryption Standard (AES) (I)nternational Data Encryption Algorithm (IDEA) (D)ata Encryption Standard (DES)

CA

...

Centralized Storage

...

Certificate Life Cycle

...

Decentralized Storage

...

Digital Certificate

...

GPG

...

HTTPS

...

Hierarchical model

...

IPSec

...

Key Escrow

...

Key History

...

Key Management & Storage

...

Key Protection & Storage

...

Key Recovery

...

M of N Control

...

PGP

...

PKI

...

Pull Model

...

Push Model

...

Recovery Agent

...

S/MIME

...

SSH

...

SSL

...

TLS

...

Third-Party (Single-Authority) Trust

...

Trust Models

...

Web of Trust

...

Algorithms

A complex mathematical formula that dictates how the encryption and decryption process takes place

Algorithm

A complex mathematical formula that dictates how the encryption and decryption process takes place. Strengthened with a secret key.

128 bits

A good minimum starting point for the size of a hash value.

One-Way Hash

A mathematical function that takes a variable-sized message and transforms it into a fixed-length value (hash value, or message digest). It's difficult to invert the procedure, and is never decrypted.

Steganography

A method of hiding data in another type of media that effectively conceals the existence of the data.

Steganography

A method of hiding data in another type of media that effectively conceals the existence of the data. Typically performed by hiding messages in graphic images such as bitmap (BMP) files or other types of media files such as digital music files. Also used for watermarks

Information Assurance

A method of protecting information and information systems by providing confidentiality, integrity, authentication, and nonrepudiation.

Keyspace

A specific range of values, usually measured in bits, that is created by the algorithm to contain keys. The strength of a key depends on it.

Cryptosystem

A system that provides encryption and decryption.

Hashing

A value used in encryption systems to create a "fingerprint" for message. This prevents the message from being manipulated on its way to its destination. Provides integrity

Centralized Storage:

Administration

AES

Advanced Encryption Standard: Created to replace DES. Standard using a symmetric block cipher supporting the key lengths of 128, 192, 256 bits

Digital Signature

An encrypted hash value used to ensure the identity and integrity of a message.

Confidentiality Authentication Nonrepudiation

Asymmetric schemes offer what information assurances?

Symmetric Keys

Both parties use the same key for encryption and decryption purposes. The sender uses the key to encrypt the message and then transmits it to the receiver. The receiver, who is in possession of the same key, uses it to decrypt the message

Transportation

Characters are rearranged through mathematical permutations

Confidentiality

Concept of ensuring data is not made available or disclosed to unauthorized people. Processes such as encryption must be used on the data, network infrastructure, and communication channels to protect against data interception and disclosure

Authentication

Concept of uniquely identifying individuals to provide assurance of an individual user's identity. It is the act of ensuring that a person is who he claims to be. Encrypted digital certificates are used to identify users electronically

CIA

Confidentiality, Integrity, Availability

Hash

Creates a "fingerprint" for a message.

DES/3DES

Data Encryption Standard: (Symmetric) Block cipher defined by the US government as an official standard. Most well-known and widely used cryptosystem in the world. Uses a 64-bit block size and a 56-bit key. 3DES: 168-bit encryption standard

SHA

Developed by the NSA to use with digital signature standards and is considered a more secure successor and alternative to MD5. AKA SHA-224, 256, 384, 512

DSA

Digital Signature Algorithm: Based on discrete logarithms and is used only for authentication. Secured secure when the key size is large enough. Originally proposed with a 512 bit key size and was eventually revised to support key sizes up to 1024 bits. Has a lack of key exchange capabilities, relatively slow, and has a public distrust of the public

ECC

Elliptic Curve Cryptosystems: Asymmetric: Used for encryption and digital signatures. Uses complex mathematical structures to create secure asymmetric algorithms and keys. Created for devices with smaller processing capabilities, such as cell phones, PDAs, and other wireless devices

Digital Signatures

Encrypted hash value used to ensure the identity and integrity of a message. Can be attached to a message to uniquely identify the sender. Guarantees the individual sending the message is who he claims to be

Symmetric

Encryption scheme in which both parties use the same key for encryption. Faster encryption because the underlying algorithms are more simple and efficient.

Asymmetric

Encryption scheme in which everyone uses different, but mathematically related, keys for encryption and decryption. Slower

One-Time Pad

Encryption scheme that, when implemented correctly, is considered secure and theoretically impossible to compromise. Pro: Secure because they're only used once. Con: Human error

Stream Cipher

Encrypts data one bit at a time

Stream Cipher

Encrypts data one bit at a time.

Block Cipher

Encrypts entire blocks of data

Block Cipher

Encrypts entire blocks of data. For many block ciphers, the block size is 64 bitz.

Quantum Cryptography

Extremely advanced, uses the quantum effect of light waves over fiber-optic cable to transmit code within theoretically unbreakable light pulses to distribute a shared key between two users

HMAC

Hash-based Message Authentication Code: Used as an algorithm for message authentication purposes where the authentication is applied using hash functions and a secret key to create an authentication code value. Used to authenticate a message and provide data integrity

Integrity

Hashing offers what information assurance?

Centralized Storage:

Integrity

IDEA

International Data Encryption Algorithm: Symmetric Block Cipher: Uses 64-bit blocks of data, with a key length o 128 bits. The data blocks are divided into 16 smaller sections, which are subjected to eight rounds of cryptographic computation. The speed of IDEA in software is similar to that of DES. IDEA is the cipher used in the popular encyrption program PGP

Key Escrow

Involves a third party that holds a special third key used to encrypt the private key.

Diffie-Helman

Isn't an actual encryption algorithm: it's a key agreement protocol that enables users to exchange encryption keys over an insecure medium. Depends on the discrete logarithmic formulas for its security. Used in PKI

MD4

Message Digest 4: One-way hash function that produces a 128-bit hash message digest value

MD5

Message Digest 5: A slower but more complex version of MD4. Popular and widely used for security applications and integrity checking

Information Assurance

Method of protecting information and information systems by providing confidentiality, integrity, authentication, and nonrepudication

Integrity

Protection of information from damage or deliberate manipulation during transit. A cryoptological function of hashing is often used to create signature files that indicate if the file has been tampered with if the hashed value does not match the original

RIPEMD

RACE Integrity Primitives Evaluation Message Digest: A hash function message digest. Reduces the chance of hash value collisions, slower and not as popular ain use a SHA-1 or MD5

RC4

Rivest Cipher: Symmetric Stream Cipher: Used in popular encryption protocols such as SSL, TLS, and also 40-bit and 128-bit WEP. Utilizes secure exchange of a shared key

RSA

Rivest, Shamir, and Adleman: Asymmetric Public Key: Main standard for encryption and digital signatures and is widely used for electronic devices, OS, and software applications. Used primarily for encryption and digital signatures

Centralized Storage:

Scalability

Centralized Storage:

Security

2 Main Types of Symmetric Encryption:

Stream & Block Cipher

2 Types of Cipher Encryption:

Substitution & Transportation

Twofish

Symmetric Block Cipher: Very similar to Blowfish but uses a block size of 128 bits and key sizes up to 256 bits. Twofish is a free public domain encryption cipher and is often used in open-source projects as an OpenPGP

Confidentiality

Symmetric systems can only offer what information assurance through encryption?

Blowfish

Symmetric: Uses 64-bit blocks of data. Its key length is 448 bits, and uses 16 rounds of cryptographic computations. Was designed specially for 32-bit machines and is significantly faster than DES

Substitution

Takes plain text and substitues the original characters in the data with other characters (Ex: ABC translates into XYZ)

Confidentiality

The concept of ensuring that data is not made available or disclosed to unauthorized people.

Authentication

The concept of uniquely identifying individuals to provide assuranc of an individual user's identity.

Cryptography

The conversion of communicated information into secret code that keeps the information confidential and private.

Nonrepudiation

The inability of a person to deny the origin of a signature or document, or the receipt of a message or document.

Public Key

The key known to all users

Private Key

The key which is given to the user remains secret.

Integrity

The protection of information from damage or deliberate manipulation.

The Receiver's Private Key

The receiver will decrypt a message or file with what key?

The Receiver's Public Key

The sender will encrypt a message or file with what key?

Encryption

The transformation of data into an undreadable form (ciphertext). The central function of cryptography.

Decryption

Transforms ciphertect into plain text.

Asymmetric Keys

Two keys are created for encryption and decryption purposes: One key is the public key, which is known to all users, while the private key remains secret and is given to the user to keep private. To use a system, a user encrypts with the intended receiver's public key. To decrypt, the receiver will use the private key that only he possesses

Transposition

Type of cipher encryption in which the characters are rearranged through mathematical permutations.

Substitution

Type of cipher encryption that takes plain text and substitues the original characters in the data with other characters.

Message Digest Hashing

Used for digital signature applications when a large message must be hashed in a secure manner

Nonrepudiation

Used to describe the inability of a person to deny or repudiate the origin of a signature or document

WPA/WPA2

Wi-Fi Protected Access: Most recent and secure form of encryption for wireless networks. Can use apre-shared key

WEP

Wireless Encryption Protocol: Security protocol that provides encrypted communication between wireless clients and access points. Uses a key encryption algorithm to encrypt communications between devices. Each client and access point on the wireless LAN must use the same encryption key. Key is manually configured on each access point and each client before either can access the network