Chapter 8 Cryptography Basics
Non-repudiation
Prevents one party from denying actions they carried out
Certificate Management Protocol (CMP)
A messaging protocol used between PKI entities
Algorithm
A method or set of instructions used to perform a task
Cipher
A method use to encode characters to hide their value
Key Registration
The process of providing certificates to users typically handled by Registration Authority (RA)
Authentication
The process of verifying that the sender is who they say they are
Asymmetric Keys
The public and private key in an asymmetric algorithm
Steganography
The science of hiding information within other information such as a picture. Also Called Electronic Watermarking
Hypertext Transport Protocol over SSL (HTTPS)
The secure version of HTTP uses SSL to secure the channel between the client and server
Cryptographers
Individuals who specialize in the development and making of codes
Confidentiality
Intended to prevent unauthorized disclosure of information
Frequency Analysis
Involves looking at blocks of an encrypted message to determine if any common patterns exist
3 Primary types of Non-Mathematical Ciphering Methods
1) Substitution 2) Transportation 3) Steganography
Message Authentication Code (MAC)
A common method of verifying message integrity derived from the message and a shared secret key
An Electronic Wallet
A device that identifies you electronically in the same way as the cards you carry in your wallet
Layer 2 Tunneling Protocol (L2TP)
A hybrid of PPTP and L2F uses port 1701 and UDP
Stream Cipher
type of encryption method in which the data is encrypted a bit, or byte, at a time
Transport Layer Security (TLS)
A security protocol that expands upon SSL
IP Security (IPsec)
A security protocol that provides authentication and encryption across the internet. Becoming the standard for encrypting VPN
Federal Information Processing Standard (FIPS)
A set of guidelines for the US Federal government information systems. Issued by NIST
End-entity
A system that does not issue certificates but merely issues them
Secure Shell (SSH)
A tunneling protocol originally used on Unix systems
Message Digest Algorithm (MD)
Creates a hash value and uses a one-way hash. Newest Version produces 128-bit hash Susceptible to Birthday Attacks
Tunneling Protocols
Add a capability to the network to create tunnels between networks
Asymmetric Algorithm
Algorithm that uses two keys to encrypt and decrypt data
2-Way Hash
Allows a message to be reconstructed from the hash
Key Recovery Agent
An entity that has the ability to recover a key, key components, or plaintext messages as needed. Typically used with older keys
Institute of Electrical and Electronics Engineers (IEEE)
An international organization focused on technology and related standards
Symmetric Key
Another name for a secret or private key that is not disclosed to people who are not authorized to use the encryption system
World Wide Web Consortium (W3C)
Association concerned with the interoperability, growth, and standardization of the world wide web
2 Primary protocols used by IPsec at the bottom layer
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Brute-Force Attacks
Can be accomplished by applying every possible combination of characters that could be the key
Trusted Platform Module (TPM)
Can be used to assist with hash key generation. The name assigned to a chip that can store cryptographic keys, passwords, or certificates. Can be used to authenticate hardware devices
Layer 2 Forwarding (L2F)
Created by Cisco as a method of creating tunnels primarily for dial-up connections. Provides authentication but does not provide encryption uses port 1701 and TCP for connections
XML Key Management Specification (XKMS)
Designed to allow XML-Based programs access to PKI services
Pretty Good Privacy (PGP)
Developed by Phil Zimmerman to preserve privacy and protect citizens from oppressive governments. Became a de facto standard for email encryption for email encryption. Uses both symmetrical and asymmetrical encryption
Challenge Handshake Authentication Protocol (CHAP)
Form of authentication that challenges a system to verify identify. No user ID/password mechanism
Password Authentication Protocol (PAP)
Form of authentication where the username and password values are both sent to the server as clear text and check for a match. Offers no true security
Secure Hypertext Transport Protocol (S-HTTP)
HTTP with message security. HTTPS creates a secure channel while this protocol creates a secure message
Enigma Machine
Hybrid Cipher system used during WWII
Cryptanalyst
Individuals who specialize in breaking codes
Internet Engineering Task Force (IETF)
Mainly interested in improving the internet and computer security issues. Uses working groups to develop and propose standards
Quantum Cryptography
Messages are sent using a series of photons. Uses only fiber-optic technology
Secure Hash Algorithm (SHA)
One-way hash that provides hash value that can be used with an encryption protocol. Ensures integrity of message 160-bit hash value
Hashing
Performing Calculations on a message and converting it into a numeric hash value
Secure Electronic Transaction (SET)
Provides encryption for credit card numbers that can be transmitted over the internet
Integrity
Provides the assurance that a message was not modified during transmission. Can be accomplished by adding redundant data
National Institute of Standards and Technology (NIST)
Publishes information about known vulnerabilities in operating systems and applications
Access Control
Refers to the methods, processes, and mechanisms of preventing unauthorized access to the systems
Public Domain Cryptography
Refers to the standards and protocols that emerge from individual or corporate efforts and are released to the general public for use
Symmetric Algorithm
Requires both ends of an encrypted message to have the same key and processing algorithm
National Security Agent (NSA)
Responsible for creating codes, breaking codes, and coding systems
International Telecommunications Union (ITU)
Responsible for virtually all aspects of telecommunications and radio communications standards worldwide. ITU-R: Radio Communications ITU-T: Telecommunication Standards ITU-D: Expanding telecomm in undeveloped countries
Public-Key Cryptography Standards (PKCS)
Set of voluntary standards created by RSA and security leaders
American Bankers Association (ABA)
Sponsors and supports several key initiatives regarding financial transactions
X.509
Standard defines the certificate formats and fields for public keys. Defines procedures that should be used to distribute public keys Common Types: End-Entity Certificate CA Certificate (Can be issued from one CA to another)
Secure Multipurpose Internet Mail Extensions (S/MIME)
Standard used for encrypting email. Contains signature data
Point to Point Tunneling Protocol (PPTP)
Supports encapsulation in a single point-to-point environment encapsulates and encrypts PPP packets
Cryptography
The art of concealing information
Key Escrow
The key needed to encrypt/decrypt data are held in an account and made available if a third party request them
Request for Comments (RFC)
The mechanism use to propose a standard
Certificate Authority (CA)
Third-party organizations that manage public keys and issue certificates verifying the validity of the sender's message
Substitution Cipher
Type of coding ciphering system that changes one character or symbol to another
Transposition Cipher
Type of coding ciphering system that involves transporting or scrambling the letters in a certain manner
Block Cipher
Type of encryption method in which the algorithm works on chunks of data at a time
One-time Pad (OTP)
Type of encryption that has been proven to be impossible to crack if used correctly. The Key is as long as the message
One -Way Hash
Type of hashing that does not allow a message to be decoded back to the original value from the hash
Secure Sockets Layer (SSL)
Used to establish a secure communication connection between two TCP-based machines. Originally developed by Netscape. Establishes a sessions using asymmetric encryption and maintains the session using symmetric encryption
Checksum
Using a hash function to determine that a message is authentic
Digital Signature
Validates the integrity of the message and the sender
MIME
de facto standard for email messages