Chapter 15 Cryptography

Ace your homework & exams now with Quizwiz!

Chosen key

A chosen key attack is a type of attack where a hacker not only breaks a ciphertext, but also breaks into a bigger system, which is dependent on that ciphertext.

Algorithm

A cipher or algorithm is the process or formula used to convert a message or otherwise hide its meaning. Examples of algorithms include:

Key

A key is a variable in a cipher used to encrypt or decrypt a message. The key should be kept secret. The key space is the range of the possible values that can be used to construct a key. Generally speaking, the longer the key space, the stronger the cryptosystem.

Symmetric encryption algorithms

Block Stream

Asymmetric encryption algorithms

Challenge handshake authenication protocol CHAP diffie hellman key exchange digital signature algorithm DSA elliptic curve cryptography ECC extensible authentication protocol EAP Message digest function MD5 Rivest, Shamir, Adleman RSA secure hashing algorithm SHA

Ciphertext

Ciphertext is the encrypted form of a message that makes it unreadable to all but those the message is intended for.

Cryptanalysis

Cryptanalysis is the method of recovering original data that has been encrypted without having access to the key used in the encryption process. This can be done to measure and validate the strength of a cryptosystem. It can also be done to violate the confidentiality and/or integrity of a cryptosystem.

Decryption

Decryption is the procedure used to convert data from ciphertext into plain text.

Asymmetric encryption

Diffie hellman secrecy and security of private keys 2 keys used public key encryption two keys mathematically related both called keypair trapdoor function easy to create difficult to reverse

Digital certificates

Digital certificates are electronic passwords. They associate the identity of a person or entity with a public/private key pair.

Two implementations of 3DES

EDE2 EEE3

Encryption

Encryption is the process of using an algorithm to transform data from plain text to ciphertext in order to protect the confidentiality, integrity, and authenticity of the message.

Adaptive chosen plain text

In a adaptive chosen plain text method, the hacker makes a series of interactive queries, choosing subsequent plain texts based on the information from the previous encryptions.

Chosen ciphertext

In a chosen ciphertext attack, the hacker analyzes the plain texts corresponding to an arbitrary set of ciphertexts the hacker chooses. Early versions of RSA used in SSL were vulnerable to this attack.

Chosen plain text

In a chosen plain text attack, the hacker creates plain text, feeds it into the cipher, and analyzes the resulting ciphertext. The chosen plain text attack occurs when the hacker can choose the information to be encrypted. The idea is to find patterns in the cryptographic output that might uncover a vulnerability or reveal the cryptographic key.

Dictionary

In a dictionary attack, the attacker constructs a dictionary of plain text along with its corresponding ciphertext collected over a period of time.

Related key

In a related key attack, the hacker obtains ciphertexts encrypted under two different keys. This attack is useful if the hacker can obtain the plain text and matching ciphertext.

Rubber hose

In a rubber hose attack, a hacker extracts cryptographic secrets, such as the password to an encrypted file, by coercion or torture.

Known plain text

In this attack, the only information available to the attacker is some plain text blocks, the corresponding ciphertext, and the algorithm used to encrypt and decrypt the text. This attack requires the hacker to have both the plain text and ciphertext of one or more messages. Together, these two items can be used to extract the cryptographic key and decrypt the remaining encrypted files.

Hybrid Cryptography (Asymmetric)

OS, apps, components use hybrid system combines symmetric and asymmetric combines symmetric systems to process large amounts of data and asymmetric to securely distribute keys

Plain text

Plain text is the readable form of an encrypted message. The term plain text should not be confused with the term clear text, which is information that is not encrypted. Plain text is information that will eventually be input into an encryption algorithm.

Common Symmetric cryptography methods

Ron's cipher v4 RC5 most common Ron's cipher v5 RC5 Rons cipher v6 RC6 international data encryption algorithm IDEA data encryption standard DES triple DES 3DES advanced encryption standard AES blowfish twofish

Digital Signature Algorithm (DSA)

Signature algorithm authentication, integrity, non-repudiation 1994 as FIPS 186 by NIST signs messages with singers private key verified by signers corresponding public key

Blowfish

Symmetric block cipher answer to IDEA and DES secret key to en/decrypt data 64-bit blocks 32-448 bit key no effective known cyptanalsis does not use a variable block length

Certificate authority (CA)

The certificate authority is the organization that issues the digital certificate. The CA is also the controller of the PKI certificates. The CA, in a sense, mints the certificate and specifies critical pieces of information such as the organization name and the certificate expiration date. The private key certificate on the hosted website is checked against the CA to ensure it is valid and authentic. If the certificate is expired or the company name is different, the user will receive a warning stating the site failed the authenticity check.

Certificate management system

The certificate management system is the primary component of PKI. It manages the certificate process and creates key pairs, which consist of public and private keys. It stores the private key for the host and helps to ensure private key safety. It distributes the public key to those who will access the system. PKI works to ensure the continued authenticity of the keys and verifies certificates.

End user

The end user is the consumer who requests and uses certificates. Most of the activities involved in PKI are transparent to the user. For example, an individual might go to a website and completes a transaction, such as online banking or shopping, without being aware of the processes that take place to secure the transaction.

Ciphertext-only

The goal of this attack type is to recover the encryption key from the ciphertext. This attack requires a hacker to obtain encrypted messages that have been encrypted using the same encryption algorithm. Ciphertext attacks don't require the hacker to have the plain text; the statistical analysis might be enough.

Registration authority (RA)

The registration authority acts as the verifier for the CA. While, in many instances, the CA handles certificate registration, the CA may offload its registration and validation when an organization is geographically dispersed or PKI resources increase.

Timing

The timing attack is based on repeatedly measuring the exact execution times of modular exponentiation operations.

Validation authority (VA)

The validation authority is used to verify the validity of a digital certificate using the X.509 standard and RFC 5280. The VA also stores certificates with their public/private keys.

Disk encryption tools

Vera crypt semantec Dr incription windows encrypting file system EFS BitLocker

Steganography

Which literally translates to "concealed writing," hides data or a message so that only the sender or the recipient suspects that the hidden data exists. Stenographic messages are in clear text. They are not encrypted, only hidden. Examples of steganography include: Embedding, hiding, watermaking, microdots

Hiding text messages or hiding alternate images within a photograph

With this method, data is distributed inside the last two bits of each color. When viewed normally, the hidden information cannot be detected. Using special tools, the data in the last two bits of each color is extracted to recreate the original.

Message Digest Function (MD5)

algorithm produces a value of 128 bits with 32 hexadecimal characters not collision resistant still used for digital signature apps, file integrity checking, storing passwords

Triple DES (3DES)

applies DES three times 168-bit key IPsec strongest/slowest encipherment large amounts of data creates patterns in ciphertext

Adaptive chosen plaintext

attacker makes series of interactive queries then chooses plain text based on information from previous encryption

Diffie hellman use as base

authenticated protocols use as base ephemeral mode (EDH DHE) provides TLS with perfect forward secrecy

codebreaking methods

brute force frequency analysis trickery and deceit

Confidentiality

by ensuring that only authorized parties can access data.

Authentication

by proving the identity of the sender or receiver.

Non-repudiation

by validating that communications have come from a particular sender at a particular time.

Integrity

by verifying that data has not been altered in transit.

Challenge-Handshake Authentication Protocol (CHAP)

challenge/response three way handshake to protect passwords username and password authentication only remote access authentication protocol ensures same client/system exists through session repeatedly and randomly retesting

Data Encryption Standard (DES)

created by NSA first symmetric encryption methods now obsolete sensitive but unclassified encryption 56-bit key (weak) 8-bit parity 64-bit block 16 rounds of substitution and transportation IPsec weakest/fastest encipherment easily broken does not use a variable block length

Secure Hashing Algorithm (SHA)

cryptographic hash function secure one way hash NIST 160-bit digest maximum length of 2^64-1 resembles MD5 family includes SHA-256 (32-bit words), SHA-2 (security apps) SHA-3 uses sponge construction, message blocks are XORed into initial bits of state

Skipjack

does not use a variable block length

DES modes

electronic code book ECB, run through of DES small amounts of data cipher block chaining CBC increases randomness output feedback stream emulation works with block cipher cipher feedback increase randomness and variability of cipher text

EDE2

encrypt 1 key decrypt key2 encrypts again key1

EEE3

encrypt key1 encrypt key2 encrypt key3

Symmetric encryption

faster than asymmetric confidentiality with weak form of authentication/integrity bulk encryption of less sensitive CPU intensive both parties exchange shared secret key out of band distribution in band distribution everyone requires unique shared key (grows exponentially) keyspace is short (56 to 512) having 2+ copies of keys less secure

HashMyFiles

free utility that calculates the MD5 and SHA1 hashes of files.

Asymmetric encryption features

functionality uses hybrid cryptography implementations management considerations

Ephemeral keys

generated every time key establishment process is executed and exits only for lifetime of specific communication session short life span

Watermarking

hidden data is embedded into an image or a file to prove ownership. Because the file contains the special data sequence, a file with that embedded data could only have come from the original source.

Microdots

images shrunk down to the size of a period, then included in a seemingly harmless message.

Elipticl curve diffie hellman ECDH

implementation of diffie hellman key exchange using elliptic curve cryptography each party has own elliptic curve public/private keypair to generate symmetric keys over insecure channel simuationsuly

BitLocker

is a Windows drive encryption feature that offers additional protection of EFS or non-EFS volumes. Provides the most protection when used with a Trusted Platform Module (TPM). A TPM is used to validate the integrity of system boot components. Encrypts all user and system files, including OS, swap, and hibernation files. Allows recovery keys to be archived to USB, file, print, or Active Directory. Supports multi-factor authentication.

One-time pad

is a cryptography method in which plain text is converted to binary and combined with a string of randomly generated binary numbers (referred to as the pad). It is a form of substitution.

VeraCrypt

is software for establishing and maintaining an encrypted volume for data storage devices. uses on-the-fly encryption, meaning the data is automatically encrypted immediately before it is saved and decrypted immediately after it is loaded. It requires no user intervention.

Advanced Encryption Standard (AES)

iterative symmetric key block replace DES repeats same operation multiple times Rijndael block cipher (resistant to all known attacks) variable length block and key length 128, 192, 256-bit keys stronger/faster than 3DES implemented with large key size (256-bits) sensitive unclassified material selected to replace DES

Diffie-Hellman Key Exchange

key agreement protocol generates symmetric keys at sender/receiver over insecure channels first asymmetric algorithm

Management Considerations (Asymmetric)

keys can be disturbed, no relation required private always secret Asymmetric scalable for large expanding environments, two keys per user keyspace 1k-30k bits slow processing than symmetric ephemeral/static keys

Common certificate authorities

komodo identrust GoDaddy

types of cryptanalysis

linear differential integral

Out of band distribution

manual distribute key USB

Cryptography tools

md5 calculator HashMyFiles

In band distribution

mechanisms Diffie Hellman asymmetric to encrypt key

International Data Encryption Algorithm (IDEA)

orginally called improved PES minor revision of proposed encryption standard PES 64 bit block 128-bit keys Pretty good privacy PGP for email openPGP does not support variable block size

Basic encoding rules BER

original rules for encoding abstract info into concrete data stream set of self identifying/delimiting schemes that allow data blue to be identified, extracted decoded individually

Hybrid system process

plaintext encrypted into ciphertext with symmetric session key session key encrypted with asymmetric using public key session key and ciphertext sent to receiver receiver decrypts symmetric session key with asymmetric private key ciphertext decrypted into plaint text with decrypted session key

Windows Encrypting File System (EFS)

proprietary function of the Windows operating system.

Uses (Asymmetric)

provide confidentiality, strong authentication, and non-repudiation data encryption to secure data digital signing to confirm integrity of message digital signing to confirm authenticity of sender key exchange to ensure keys are secure during transit asymmetric encryption used to securely exchange symmetric keys

Diffie hellman process

provide key distribution does not provide cryptographic services calculates discreet logarithms in finite field used in DES subject to MITM requires strong authentication to validate at end points

Self signed certificates

provide secure communications not vetted visitors to website will get warning common in internal websites and 3rd party tools where SSL is used

Symantec Drive Encryption

provides organizations with complete, transparent drive encryption for all data, including user files, swap files, system files, and hidden files on laptops, desktops, and removable media.

Elliptic Curve Cryptography (ECC)

public key cryptography groups of numbers in elliptical curve Koblitz Miller 1985 more efficient algo than others used in conjunction with other methods reduce key size small amounts of data for small devices 160-bit key equivalent to 1024-bit RSA less computational power less memory

Rivest, Shamir, Adleman (RSA)

public key cryptosystem used to secure data transmission factoring large numbers into prime values 1977 widely used defacto encryption standard asymmetric systems based on difficulty of factoring N (product of two large prime numbers, 201) key length 512-bits to 8k bits (2401 digits) modular arithmetic and elementary number theory

Functionality (Asymmetric)

public key made available to anyone private key secret one key encrypts, other key decrypts strength of asymmetric encryption lies in security and security of private key if private key is discovered new key pair required keys created by Local security authority (security kernel and cryptographic service provide CSP Asymmetric key ciphers are two associated algorithms that are inverses computationally infeasible to derive second algo from first without private key

Using longer keys

reduces possibility of successful attack increase possible unique key combination increase symmetric key by one bit doubles effort double key size squares effort

cryptography attack countermeasures

restrict access to cryptographic keys restrict access to cryptographic keys to apps IDs to monitor exchange of keys passwords to encrypt key if stored on disk key should not be present inside source code or binaries for certificates signing transfer of public keys should be prohibited symmetric key size 168 bits for small transactions symmetric key size 256 bytes for large transactions

Static keys

reused multiple communication sessions long lifetime

Email encryption tools

secure sockets layer SSL transport layer security TLS open SSL

Stream cipher

sequence of bits keystream for encryption real time ATM, smartcards small amounts of data <64 bits slower than symmetric block hardware bitwise functions on individual bits in datastream keystream generator to produce long streams with no pattern block cipher emulation for block cipher compatibility

Extensible Authentication Protocol (EAP)

standardised method to negotiate wireless authentication between devices framework variety of methods: passwords, certificates, smart cards alternative to CHAP and PAP more secure and supports different authentication mechanisms

Embedding

still pictures in a video stream. The picture can only be viewed by stepping through the video frame by frame (playing the video in real time hides the image because the eye cannot see one single frame within the video).

Ron's Code v4

stream cipher variable key 256 bits WEP and SSL Key scheduling algorithm KSA pseudo random generation algorithm PRGA Basic Encoding RUles

Cryptanalysis

study of cipher ciphertext cryptosystems verify vulnerabilities extract plaintext from ciphertext even if algorithm used is unknown

Twofish

symmetric block cipher 128-bit block variable key lengths 128 192 256-bit 16 rounds of substitution and transposition runner up to Rijndael in AES algo does not use a variable block length

Ron's Cipher v5 or Ron's Code v5 (RC5)

symmetric key block cipher RSA 32 64 128 bit blocks key size 0 - 2k 255 rounds of substitution and transposition variable bit length keys variable bit block sizes parameters increase variability making harder to crack

Ron's Cipher v6 or Ron's Code v6 (RC6)

symmetric key block cipher RSA added integer multiplication four 4-bit working registers (RC6 used two 2bit)

MD5 Calculator

tool used to create the MD5 hash value of the selected file

Symmetric Block algorithm

transposing plaintext to ciphertext in chucks block by block fast large amounts of data not good for small software substitution and transposition function several alternating rounds show patterns in large amounts of data IV to strengthen

Certificate signing

use common certificate authorities easy straightforward user answers simple questions about company

Implementations (Asymmetric)

used with protocols SSL/TLS IPsec VPN (pptp, l2tp, sstp) S/MIME and PGP for email SSH tunnels

Integral cryptanalysis

useful against block ciphers based on substitution premutation networks extension of differential cryptanalysis

Public key infrastructure PKI procedure

user company or system applies to RA for certificate RA receives request RA verifies subjects identity RA requests CA issue certificate to subject CA issue certificate binding subject identity with public private keys CA sends updated information to validation authority VA

Transposition cipher (also called an anagram)

which changes the position of characters in the plain text message.

Substitution cipher

which replaces one set of characters with symbols or another character set. A code substitutes hidden words with unrelated terms.

Diffie hellman formula

y = large number < p (~301 digits long) p = large prime number mod = modulus (remainder resulting from dividing two numbers)


Related study sets

Ms. Cherney's ALGEBRA FINAL EXAM REVIEW 2021-2022

View Set

Biology 1309 Life on Earth exam 5

View Set

Saunders Ch 35 Oncological Disorders

View Set

Chapter 8 LS Intermediate Corporate Finance

View Set

Chapter 2: Cybersecurity Threat Landscape

View Set

SIE Ch 2: Types of Markets & Offerings

View Set

Chapter 12: Production and Growth

View Set