Principles of Cryptography
Integrity
-Assurance that information is accurate and free from alteration -The threat of information interception violates this security principle -Integrity is often ensured using secure hashing (digest) algorithms
How does certificate revocation work?
-Certificate Revocation Lists (CRL) -Online certificate status protocol (OCSP) -OCSP Stapling -Chrome CRLset and Firefox OneCRL
How does onion router TOR work?
-Does not use end to end encryption -No encryption between the exit relay and the server -Anyone spying does not know where the traffic came from -We encrypt our message with the public key of the exit relay and then the key of the second to last server and so forth until we get to the public key to the guard mode -None of the modes can see any of the message until it gets to the exit relay
Confidentiality
-Protecting information from unauthorized disclosure -The threat of information interception violates this security principle -Confidentiality of information in networks is primarily preserved using encryption
Non-repudiation
-Requires both authenticity and integrity -A legal issue, but conditions can be partially satisfied by technology -The ability to prove to others that a message originated with its source and was not forged -Non-repudiation is primarily ensured using digital signatures
Authenticity
-The assurance that a message was sent by the claimed source and not forged -The threat of fabrication violates this principle -Authenticity can be ensured in many ways: *Passwords, PIN numbers *Smartcards, USB tokens, Cell phone SMS *Biometrics *Digital Signatures and Digital Certificates
Availability
-The degree to which information and systems are accessible to authorized users -The threat of interruption violates this principle -Confidentiality and integrity depend on availability Availability is ensured in many ways: *Redundancy *Backup and recovery plans *Load balancing *Fixing bottlenecks *Updating hardware and software *... and others
Atbash Cipher
A Hebrew cipher based off the concept the first shall be last and the last shall be first. In English A->Z, B -> Y, C -> X and so forth... Basically ABCDEFGHIJKLMNOPQRSTUVWXYZ maps to ZYXWVUTSRQPONMLKJIHGFEDCBA... So just duplicate the alphabet, flip one, and that's your key.
Diffie-Hellman
A cryptographic algorithm that allows two users to share a secret key securely over a public network. Limits: ■A new key needs to be negotiated for every new person ■No authentication
A trapdoor function
A function that is easy to compute in one direction, yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information, called the "trapdoor." Widely used in cryptography.
Transposition Cipher
A message is written in a table left to right. The table columns are then mixed up. The number order of each column is the key. (Before: 12345 After: 34251) We will have to do this on the test. He will give us a key. Start by counting the characters in the scramble. Divide that by the number of characters in the key. This gives you the number of table rows. The number of characters in the key is the number of table columns. Create a blank table and write the scramble top down starting with the first column all the way to the last. Then move the columns around according to the key and read the message left to right.
What is a PKI?
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. PKI links keys to people/companies
OCSP stapling
A short lived message signed by issuing certificate authority verifying that certificate is still valid. Served by domain with certificate.
Vigenère cipher (Vee-zha-nair)
A simple polyalphabetic substitution cipher. The key is circular (repeated as many times as needed). You take the key and match it with the message you want to send. Then use those two letters to look up the encrypted character in the table. Ta da. Encryption. Ex. Key = CACTUSCOOLER Ex. Message = CORONA CORONA CACTUS C + C = E O + A = O R + C = T O + T = H N + U = H A + S = S Cipher = EOTHHS
Caesar Cipher
A technique for encryption that shifts the alphabet by some number of characters. If they key is 2 then A -> C if they key is 10 then A -> K.
Steganography
A technology that makes it possible to embed hidden information in documents, pictures, and music files.
VPN
Allows a secure private connection over a public network, using an encrypted 'tunnel'. Great for: -Getting around a geo fence -Protecting data and ensuring secure connection VPNs secure your public internet connection by encrypting your information and shielding your online activity from cybercriminals and even your own Internet Service Provider, or ISP.
AES Encryption
Also known as Rijndael algorithm -Advanced encryption standard -Block cipher -Designated for high speed and low memory requirements -Won an algorithm competition
Elliptic-Curve Cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys. A better trapdoor
Block Cipher
An encryption algorithm in which data is encrypted in "chunks" of bits at a time.
Stream Cipher
An encryption method that encrypts a single bit at a time. Popular when data comes in long streams (such as with older wireless networks or cell phones).
Symmetric Encryption
An encryption method whereby the same key is used to encode and to decode the message
What is the purpose of TOR?
Anonomyze internet traffic and protect identities
What is CA?
Certificate Authority: Trusted third party who keeps a directory of public keys
What are two major ways to gain trust in a certificate?
Certificate authorities Web of trust
CRL
Certification Revocation List. A list of certificates that have been revoked. Certificates are commonly revoked if they are compromised..
CBC
Cipher Block Chaining (CBC) ■Each plaintext block XORed with previous block's ciphertext ■Strengths -Diffusion - each block depends on all blocks ■Weaknesses -Requires an IV (initialization vector for first block) -Subject to some padding attacks (e.g., POODLE) -No parallelization ■Properties -Error Propagation - Yes -Parallelization - Encryption: No; Decryption: Yes -Confidentiality - Yes -Integrity - No
CFB
Cipher Feedback (CFB) ■One mode that makes a block cipher into a stream cipher ■Strengths -Use block ciphers as a stream cipher ■Weaknesses -No parallelization on encrypt -Has a "stall" while performing the block encryption -Requires block cipher on both ends ■Properties -Error Propagation - Yes, for several blocks -Parallelization - Encryption: No; Decryption: Yes -Confidentiality - Yes -Integrity - No
Kerckhoff's Principle
Concept that an algorithm should be known and only the keys should be kept secret. -A cryptosystem should be secure even if everything about the system is public knowledge -A system's security is based on the key strength not algorithm
Principles
Confidentiality Integrity Availability Authenticity Non-Repudiation
Euler's Totient φ(n)
Count of numbers co prime to N. It is time consuming to compute except for with prime numbers using this (p-1)(q-1)
Domain Validated
Domain Validated certificates are certificates that are checked against domain registry. There is no identifying organizational information for these certificates and thus Acmetek do not recommend these to be used for commercial purposes but use it instead for internal purposes.
Block Cipher Modes
ECB CBC CFB
ECB
Electronic Codebook (ECB) ■Each block encrypted separately ■Strengths -Simple ■Weaknesses -Each block is not independent and properly diffused ■Properties -Error Propagation - No (an error in one block wont cause an error in another) -Parallelization - Yes (-Can we parallelize the encryption/decryption or does it have to be done "single-threaded"?) -Confidentiality - Yes -Integrity - No (-Does it provide message integrity?)
Asymmetric Encryption
Esed in public key encryption, it is scheme in which the key to encrypt data is different from the key to decrypt.
Chrome CRLset and Firefox OneCRL
Google and Mozilla's abbreviated CRL lists distributed with browser updates
Collision
In computer science, a collision or clash is a situation that occurs when two distinct pieces of data have the same hash value, checksum, fingerprint, or cryptographic digest.
Randomness
In cryptography, the quality of the random numbers used directly determines the security strength of the system. The quality of the random number generator influences how difficult it is to break into to the system. Modern security algorithms and protocols have their cryptographic strength expressed in the number of bits(keys) that an attacker needs to guess before he can break the system. Many security protocols require random bits to remain secure. Algorithms such as the AES, RSA and ECC have been proven to be difficult to break. The strength of the random number generator used by the security systems often determines how secure the systems are depending on the actual randomness of the bits generated.
Threats
Interception Modification Interruption Fabrication
How is block integrity ensured in BlockChain?
Merkle Root Hash
OCSP
Online Certificate Status Protocol. A way to query a CA with the serial number of a certificate. The CA answers with good, revoked, or unknown.
Organization Validated
Organizational certificates are Trusted. Organizations are strictly authenticated by real agents against business registry databases hosted by governments. Documents may exchange and personnel may be contacted during validation to prove the right of use. OV certificates therefore contain legitimate business information. This is the standard type of certificate required on a commercial or public facing website.
ROT13 cipher
Replaces each message letter with the letter 13 places after it in the alphabet. This is just a Caesar cipher with a key of 13. A -> N
RSA
Rivest-Shamir-Adleman (RSA) is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. This is an asymmetric encryption algorithm meaning there are two different keys.
Why is steganography used?
Steganography can be used to hide important data inside another file so that only the parties intended to get the message even knows a secret message exists.
One-time pad
■Must be TRULY random (VERY DIFFICULT) ■Must be used only once ■Must be at least as long as message ■Proven: Plaintext + Random Pad = Random Claude Shannon proved it is unbreakable when used properly.
Cryptanalysis
The process of decrypting a message without knowing the cipher or key used to encrypt it.
Fabrication
The unauthorized addition of information
Interception
This is a threat. When an unauthorized party gains access to data.
Enigma
Used during WW2 by the Germans. Alan Turing is said to have cracked it. Weakness - decryption was the exact opposite of encryption Strength - they had a really strong key
Keyspace
The number of potential keys we have given our algorithm. The more keys, the longer it takes to brute force.
Extended Validataion
The best type! This turns the bar green and requires more in-depth validation than OV.
How are blocks linked?
The hash of a block includes the hash of the previous block
