Architecture & Design 2.8: Cryptography Concepts

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Asymmetric Encryption

Encryption that involves multiple keys

Low latency encryption use case

-Fast computation time -Symmetric encryption, small key

High resiliency encryption use case

-Larger key size -Encryption algorithm quality -Hashing

Low power device encryption use case

-Smaller encryption keys -ECC for asymmetric encryption

Blockchain process

1. Initiate Transaction 2. Validate Transaction 3. Create a Block 4. Calculate and insert a hash 5. Complete transaction

Stream Cipher

Encryption that is done one bit or byte at a time. High speed. Low hardware complexity. Symmetric encryption for less overhead.

Block Cipher

A cipher that manipulates an entire standard size of a block of plaintext at one time.

Quantum Communication

A communications network that relies on qubits made of photons (light) to send multiple combinations of 1s and 0s simultaneously which results in tamper resistant and extremely fast communications

GCM (Galois Counter Mode)

A mode of operation used for encryption. It combines the Counter (CTM) mode with hashing techniques for data authenticity and confidentiality.

Initialization Vector (IV)

A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.

Steganography

A technology that makes it possible to embed hidden information in documents, pictures, and music files

CBC (Cipher Block Chaining)

Adds some randomization where each block is XORed with the previous ciphertext block.

Elliptic Curve Cryptography (ECC)

An algorithm that uses elliptic curves instead of prime numbers to compute keys.

Perfect Forward Secrecy (PFS)

An encryption method that ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. To work properly, requires two conditions: Keys must not be reused, and new keys must not be derived from previously used keys. -Requires additional computing power -Browsers need to be able to support this function

Symmetric Encryption

An encryption method whereby the same key is used to encode and to decode the message. Aka Shared Secret Algorithm -Difficult to scale -Very fast to use

Supporting Non-repudiation

Confirm the authenticity of data. Digital signature provides both integrity and non-repudiation.

Lightweight cryptography

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Homomorphic Encryption (HE)

Enables processing of encrypted data without the need to decrypt the data. It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first.

Mode of operation

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Private key

In an asymmetric encryption scheme the decryption key is kept private and never shared, so only the intended recipient has the ability to decrypt a message that has been encrypted with a public key.

Key Strength

Larger keys and more bits are signs of better encryption and stronger keys. Symmetric: 128 bit+ Asymmetric: 3072 bit+

Supporting Obfuscation

Modern malware tries to hide itself. Encrypted data hides the active malware code. Decryption occurs during execution.

Hash collision

Occurs when the hashing algorithm creates the same hash from different text strings. Occurred w/MD5 (don't use)

Public key

One of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone.

Supporting authentication

Password hashing. Protect the original password. Add salts to randomize the stored password hash.

XOR (Exclusive OR)

Performing a different set of input and output to that data to add some randomization. -Initial plaintext gets an IV before encryption, encrypted output is used as the IV for the next block of data

Supporting integrity

Prevent modification of data. Validate the contents with hashes. File download, password storage, etc.

Quantum Key Distribution (QKD)

Protocol which uses quantum mechanics to securely send encryption keys over fibre optic networks

Digital Signatures

Provide authentication of a sender and integrity of a sender's message. -Created w/private key, verified with public key

Salted Hash

Random data added to passwords when hashing (helps secure a situation where it's possible that multiple people are using the same password)

Supporting confidentiality

Secrecy and privacy. Encryption (file-level, drive-level, email)

In-band key exchange

Sending an encryption key over the network and having it appear instantly on the other side it uses asymmetric encryption when sending the symmetric key to someone else

Cryptography Limitations

Speed, Size, Weak keys, Time, Longevity, Predictability, Reuse, Entropy, Computational overheads, and Resources vs. security constraints.

Session key

Symmetric key that is used only during a single communication session between two parties (ephemeral, need to be switched often)

Hash

Take any type of input and create a very specific unique string of text that's associated with that file (think of a fingerprint, also called message digest). -One way trip -Often used to store passwords, verify document is the same as an original, do digital signatures -Always a unique hash

key stretching

Taking a relatively small encryption key and find ways to make it larger. For example, we could hash a password and then hash the hash of the password, and so on.

ECB (Electronic Code Book)

The most simplistic encrpytion, in which each plaintext block is encrypted with the same key

Key Exchange

The process of sending and receiving secure cryptographic keys. Challenge is sending over a medium that is insecure (logistical challenge)

cryptographic key

Used by an algorithm to transform plaintext into ciphertext or ciphertext into plaintext (larger it is the more secure)

CTR (Counter Mode)

Uses an incremental counter to be able to add randomization to the encryption process. With this mode, we start with the incremental counter and then we encrypt that counter with the block cipher encryption. After that encryption has been done, we will perform the exclusive or to the plain text to finally create the ciphertext.

Quantum computing

Uses the principles of quantum physics to represent data and perform operations on these data. No longer bits but qubits. More scalable.

Diffie-Hellman key exchange

an asymmetric standard for exchanging keys. primarily used to send private keys over public networks.

Plaintext

normal text that has not been encrypted

Cyphertext

the encrypted form of a message

Cryptanalysis

the study and practice of finding weaknesses in ciphers

Out-of-band key exchange

two parties must exchange keys in a separate communication channel other than communication channel that is exchange data between parties (phone call, in-person etc.)

Key stretching libraries

• Already built for your application - No additional programming involved • bcrypt - Generates hashes from passwords - An extension to the UNIX crypt library - Uses Blowfish cipher to perform multiple rounds of hashing •Password-Based Key Derivation Function 2 (PBKDF2) - Part of RSA public key cryptography standards (PKCS #5, RFC 2898)


Set pelajaran terkait

Unit 2 Test: The Solar System and the Universe Study Guide

View Set

List of all planets in the Solar System

View Set