CISSP Cryptography (Set 2) cs3600
What protocols should you replace with SSH?
Telnet, FTP, rlogin, rexec, or rsh
Blowfish
- a block cipher that works on 64-bit blocks of data - the key length can be anywhere from 32 bits to 448 bits - the data blocks go through 16 rounds of cryptographic functions - it's also open-source
Why bother with AH (which provides authentication and integrity) if ESP can provide authentication, integrity, and confidentiality already?
AH includes the network header in its ICV (integrity check value) so it can detect if it went through NAT translation
What encryption standard was chosen by NIST to replace DES?
Advanced Encryption Standard (AES)
Birthday Attack
Attempting to force a collision (when an algorithm produces the same value for two distinctly different messages) in order to create patterns Why this helps:The output of a hashing algorithm is n, and to find a message through a brute force attack that results in a specific hash value would require hashing 2^n random messages. finding 2 messages that hash to the same value would require review of only 2^(n/2) messages.
What security services does a Public Key Infrastructure (PKI) provide?
Basically, it establishes a level of trust within an environment - authentication - confidentiality - nonrepudiation - integrity of messages exchanged
What layer does PPTP encryption take place?
Data Link Layer (Layer 2)
What layer does Link encryption take place at?
Data Link and Physical Layer (Layer 1 and Layer 2)
What layer do all of these IPSec protocols work at?
Layer 3: Network
CBC-MAC
Provides data origin authentication and integrity 1. sender encrypts a message with a symmetric block algorithm in CBC mode 2. the last block is used as the MAC 3. the plaintext message and the appended MAC are sent to the receiver 4. the receiver encrypts the message, creates a new MAC, and compares the two values. if they are the same, the receiver knows the message was not modified and from which system it came
Hashing
Provides integrity and can detect only unintentional modifications 1. sender puts a message through a hashing algorithm and generates a message digest (MD) value 2. sender sends message and MD value to receiver 3. receiver runs just the message through the same hashing algorithm and creates an independent MD value 4. receiver compares both MD values. if they are the same, the message was not modified
What layer does SSL encryption take place?
Transport Layer (Layer 4)
Online Certificate Status Protocol (OCSP)
When using just a CRL, the user's browser must either check a central CRL to find out if the certification has been revoked or continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background
Zero Knowledge Proof
You give only enough information to do what is needed and no more. An example is when you encrypt something with your private key without actually giving your private key
One-Way Hash
a function that takes a variable-length string and a message and produces a fixed-length value called a hash value... the hashing algorithm is publicly known and the hash function is never used in reverse
Multipurpose Internet Mail Extension (MIME)
a technical specification indicating how multimedia data and email attachments are to be transferred. it uses labels to help the receiver device understand how to open a file with a certain format or how the sender can send it. it provides a standardized way of presenting the data.
Replay Attack
an attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information. many times, the data captured and resubmitted are authentication information, and the attacker is trying to authenticate himself/herself as someone else to gain unauthorized access
Algebraic Attacks
attacks that analyze the vulnerabilities in the math used within the algorithm and exploit the intrinsic algebraic structure
Analytic Attacks
attacks that identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm
Statistical Attacks
attacks that identify statistical weaknesses in algorithm design for exploitation
Digital Signature Standard (DSS)
developed for federal departments and agencies to create digital signatures, but most vendors also designed their products to meet these specifications. SHA creates a 160-bit message digest output, which is then inputted into either DSA, RSA, or elliptic curve digital signature algorithm (ECDSA).
Security Parameter Index (SPI)
each device has one of these that keeps track of the different SAs and tells the device which one is appropriate to invoke for the different packets it receives. The SPI value is in the header of an IPSec packet, and the device reads this value to tell it which SA to consult
Side-Channel Attack
instead of attacking a device head-on, just watch how it performs to figure out how it works (via "side-channels")... ex: a power attack reviews the amount of heat released and has been used successfully in uncovering confidential information from smart cards
What type of key systems and standard does PKI use?
it is an ISO authentication framework that uses public key cryptography and the X.509 standard
What is the difference between how parity bits and cyclic redundancy checks (CRC) show message integrity and how hashes do?
parity and CRCs can show that something was modified by accident. if a message was modified on purpose, that person may have modified those values so you couldn't detect the change. when the message gets to the recipient though, the change is always going to be able to be detected
Triple-DES
similar to DES, but it uses 48 rounds in its computation, which makes it highly resistant to differential cryptanalysis
Transport Layer Security (TLS)
the open-community version of SSL. open-community protocols can be modified by individuals within the community to expand what it can do and what technologies it can work with.
Polarization
the orientation of electromagnetic waves... which is what photons are. Photons are the particles that make up light... think of a photon like a jellybean
Cross Certification
the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves
Which hashing and encryption algorithms are used and how are keys exchanged between devices?
trick question! Because IPSec is a framework, it doesn't dictate these things. Key management can be handled manually or automated by a key management protocol... the de facto standard is to use IKE (Internet Key Exchange)
Link Encryption
(usually provided by service providers) encrypts all the data along a specific communication path without user intervention... user information is encrypted, but so are the headers, trailers, addresses and routing data that are part of the packets. Link encryption provides protection against packet sniffers and eavesdroppers... the problems with link encryption are that you have to decrypt the packets when they get to each router so it knows where to send them next, which adds more points of vulnerability, and it make key distribution and management more complex
What are the two basic security protocols used in IPSec?
- Authentication Header (AH) authentication protocol - Encapsulating Security Payload (ESP) authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity
What are the four different modes of 3DES?
- DES-EEE3: 3 different keys for encryption and data are encrypted, encrypted, encrypted - DES-EDE3: 3 different keys for encryption and data are encrypted, decrypted, and encrypted - DES-EEE2: same as DES-EEE3 but uses 2 keys and the first and third encryption processes use the same key - DES-EDE2: same as DES-EDE3 but uses only two keys, and the first and third encryption processes use the same key
What are the different types of security services that encrypting, hashing, digitally signing, and both encrypting and digitally signing a message provide?
- Encrypting a message provides confidentiality - Hashing a message provides integrity - Digitally signing a message provides authentication, nonrepudiation, and integrity - Encrypting and digitally signing a message provides confidentiality, authentication, nonrepudiation, and integrity
RC6
- a block cipher that has all the same attributes as RC5 - some modifications were made to increase the speed
International Data Encryption Algorithm (IDEA)
- a block cipher that operates on 64 bit blocks of data - the 64-bit block is divided into 16 smaller blocks - each block has eight rounds of mathematical functions performed on it - the key is 128 bits long and it's faster than DES when implemented in software and it's considered to be harder to break because it has a longer key size - IDEA is used in PGP
RC5
- a block cipher with a variety of parameters it can use for block size, key size, and the number of rounds used - block sizes are 32, 64, or 128 bits - key size goes up to 2048 bits - the number of rounds is variable and can go up to 255
RSA Algorithm
- a worldwide de facto standard for public key encryption - provides authentication and key encryption - the security of the algorithm comes from the difficulty of factoring large numbers. the public and private keys are functions of a pair of prime numbers and the necessary activity required to decrypt a message from is like going through that mathematical process - an advantage of using it is that it can be used for encryption and digital signatures - using its one-way function, RSA provides encryption and signature generation - it can be used as a key exchange protocol - most commonly used with DES; when RSA is used for key exchange, a cryptosystem generates a symmetric key using either DES or AES
What are the different parts of a PKI?
- certificate authorities (CA) - registration authorities (RA) - certificates - keys - users
What security services does a PKI supply?
- confidentiality - access control - integrity - authentication -nonrepudiation
Tiger algorithm
- designed to carry out hashing on 64-bit systems and to be faster than MD5 and SHA-1 - produces a 192 bit hash value - built upon a different type of architecture with the goal of not being vulnerable to the attacks that worked on the other algorithms
Registration Authority (RA)
- establishes and confirms the identity of an individual - initiates the certification process with a CA on behalf of an end user - performs certificate life-cycle management functions The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA
What are some of the key attributes of AES?
- it works well when implemented in software and hardware in a wide range of products and environments - it has low memory requirements. - it defends well against timing attacks - it is the standard required to protect sensitive but unclassified U.S. government information
What are the main rules for keys and key management?
- make the key length long enough to provide the protection you need - store and transmit the keys only by secure means - keys should be extremely random and the algorithm should use the full spectrum of the keyspace - the key's lifetime should correspond with the sensitivity of the data it is protecting - the more the key is used, the shorter its lifetime should be - keys should be backed up or escrowed in case of emergencies - keys should be destroyed when their lifetimes are up
RC4
- one of the most commonly implemented stream ciphers - has a variable key size - used in SSL - was improperly implemented in WEP - very simple, fast, and efficient
MD 5 (Message Digest 5) algorithm
- one-way function - produces a 128-bit hash value - more complex than MD4 - unfortunately, susceptible to collision attacks, so no longer useful for SSL certificates and digital signatures
MD2 (Message Digest 2) algorithm
- one-way function - produces a 128-bit hash value - much slower than MD4 and MD5
MD4 (Message Digest 4) algorithm
- one-way function - produces a 128-bit hash value - used for high-speed computation in software implementations and is optimized for microprocessors
Secure Hash Algorithm (SHA)
- one-way function - produces a 160-bit hash value - used with DSA (digital signature algorithms) - higher bit hash value makes it more resistant to brute force and birthday attacks
HAVAL
- one-way function - produces a variable-length hash value - a modification of MD5 algorithm that provides more protection against attacks that affect MD5
What elements does a PKI consist of?
- programs - data formats - procedures - communication protocols - security policies - public key cryptographic mechanisms
Elliptic Curve Cryptosystem (ECC)
- provides digital signatures, secure key distribution, and encryption - it's more efficient than RSA and any other asymmetric algorithm - it's used with devices that have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cell phones - it can provide the same level of protection with a key size that is shorter than what RSA requires... and because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device
Diffie-Hellman Algorithm
- public key algorithm that enables two systems to exchange a symmetric key securely without requiring a previous relationship or prior agreements - allows for key distribution but does not provide encryption or digital signature functionality - vulnerable to man-in-the middle attacks, so authentication prior to beginning is necessary
What are the characteristics that good cryptographic hash functions should have?
- the hash should be computed over the entire message - the hash should be a one-way function so messages are not disclosed by their values - given a message and its hash value, computing another message with the same hash value should be impossible - the function should be resistant to birthday attacks
SHA-1, SHA-256, SHA-384, SHA-512
- updated versions of SHA - SHA-1 produces a 160 bit hash value - SHA-256 produces a 256 bit hash value, etc
What are the two modes that IPSec works in?
1. Transport Mode: the payload of the message is protected 2. Tunnel Mode: the payload and routing and header information are protected... this mode provides a higher level of protection by also protecting the header and trailer data an attacker might find useful
What are the different block sizes that the Rijndael algorithm supports in AES?
128, 192, and 256 bits
HTTP Secure (HTTPS)
HTTP running over SSL (HTTP works at the application layer while SSL works at the transport layer)
What is IPSec and why would an organization want to use it?
It is an open, modular framework that provides a method of setting up a secure channel for protected data exchange between two devices... it can be more flexible and less expensive than end-to-end and link encryption methods. It can establish VPNs among networks across the Internet and it has strong encryption and authentication methods
HMAC Function
Provides integrity and data origin authentication 1. sender concatenates a message and secret key and puts the result through a hashing algorithm to create a MAC value 2. sender appends the MAC value to the message and sends it to the receiver 3. receiver takes just the message and concatenates it with own symmetric key to create an independent MAC value 4. receiver compares both MAC values and if they're the same, the receiver knows the message wasn't modified
What are the two best known and most widely used digital signature algorithms and how are they different?
RSA and DSA... DSA can be used only for digital signatures and is slower than RSA in signature verification. RSA can be used for digital signatures, encryption, and secure distribution of symmetric keys
S-HTTP
S-HTTP is a technology that protects each message sent between two computers... HTTPS protects the communication channel between two computers, messages and all. S-HTTP is used if an individual message needs to be encrypted
How does SSH work?
SSH sets up a secure tunnel between two computers after they go through a handshaking process and exchange (via Diffie-Helman) a session key that will be used during the session to encrypt and protect the data being sent
What do you have to take into account in the choice between hardware or software cryptography systems?
Software cryptography is generally less expensive, provides a slower throughput than hardware mechanisms and can be more easily modified and disabled compared to hardware systems. High-speed high-end encryption most likely requires more expensive hardware encryption solutions
Pretty Good Privacy (PGP)
a freeware email security program that was the first widespread public key encryption program. it can use RSA public key encryption for key management and IDEA symmetric cipher for bulk encryption of data, but the user can pick different types of algorithms to use in their places. It can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using public key certificates, and nonrepudiation by using cryptographically signed messages. There aren't any CAs, so PGP relies on a web of trust in which each user generates and distributes his or her public key and users sign each other's public keys (so a friend may tell you that this person is legit)
Internet Key Exchange (IKE)
a key management protocol that is a combination of the following protocols: - Internet Security Association and Key Management Protocol (ISAKMP): a key exchange architecture that is independent of the type of keying mechanisms used and provides the framework of what algorithms, protocols, modes, and keys are negotiated to set up an IPSec connection - OAKLEY: the protocol that carries out the negotiating process
Certificate Revocation List (CRL)
a list of every certificate that has been revoked because either 1) the key holder's private key was compromised or 2) because the CA discovered the certificate was issued to the wrong person... a good analogy for the CRL is like the database a cop looks at after pulling you over
One-Way Function
a mathematical function that is easier to compute in one direction than in the opposite direction. this means that only the public key can carry out encryption and signature verification and only the private key can carry out decryption and signature generation
El Gamal
a public key algorithm that can be used for digital signatures, encryption, and key exchange. it is based on the difficulty on calculating discrete logarithms in a finite field. its main drawback is performance
Security Association (SA)
a record of the configurations the device needs to support an IPSec connection... each device has one of these for each secure connection it uses. It can contain the authentication and encryption keys, the agreed-upon algorithms, the key lifetime, and the source IP address. When a device receives a packet via the IPSec protocol, it is the SA that tells the device what to do with the packet. SAs are directional, so a device will have one SA for outbound traffic and a different SA for inbound traffic for each individual communication channel (So if a device is connecting to three devices, it will have at least six SAs)
Secure Electronic Transaction (SET)
a security technology proposed by VISA and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method. SET is a cryptographic protocol and PKI infrastructure developed to send encrypted credit card numbers over the internet using electronic wallet software.
Secure MIME (S/MIME)
a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. the encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests
Certificate Authority (CA)
a trusted organization (or server) that maintains and issues digital certificates... when a person requests a certificate, the RA verifies that individual's identity and passes the certificate request off to the CA. the CA constructs the certificate, signs it, sends it to the requester, and maintains the certificate over its lifetime... when another person wants to communicate with this person, the CA will basically vouch for that person's identity
X.509 standard
an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
Privacy-Enhanced Mail (PEM)
an Internet standard to provide secure email over the Internet and for inhouse communication infrastructures. it was developed to provide compatibility with many types of key-management processes and symmetric and public key methods of encryption. it encrypts messages with AES in CBC mode, it uses public key management provided by RSA, and X.509 standard is used for certification structure and format
Linear Cryptanalysis
an attack that carries out functions to identify the highest probability of a specific key employed during the encryption process using a block algorithm. the attacker carries out a known-plaintext attack on several different messages encrypted with the same key... the more messages the attacker can use and put through this type of attack, the higher the confidence level in the probability of a specific key value. the attacker evaluates the input and output values for each S-box and he evaluates the probability of input values ending up in a specific combination
Differential Cryptanalysis
an attack that looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences... the attacker takes two messages of plaintext and follows the changes that take place to the blocks as they go through the different S-boxes... the differences identified in the resulting ciphertext values are used to map probability values to different possible key values
Message Authentication Code (MAC)
an authentication scheme derived by applying a secret key to a message in some form. it provides a form of authentication, data origin authentication. this is the weakest form of authentication because it is not bound to a user, just to a computer or device
Simple Key Management Protocol for IP (SKIP)
another key exchange protocol that provides basically the same function as IKE
What is the system behind how PKI works?
each person who wants to participate needs a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. the certificate is created and signed by a trusted third party (the CA). when the CA signs the certificate, it binds the individual's identity to the public key, and the CA takes liability for the authenticity of the individual. So if two people haven't met each other but they have the same CA, they can trust each other indirectly
How do you create a digital signature?
encrypt a message's hash with a private key. if the recipient can open the message and find something that makes sense (isn't a jumbled mess... like a correct hash value for the message), the recipient knows that it came from the person with the right private key, the sender who's public key the recipient used
Quantum Cryptography
if built correctly, this system is unbreakable and any eavesdroppers can be detected. Photon polarization is commonly used to represent bits (1 or 0). The two participants agree upon a key, which is the mapping between the polarization states of the photons and how those states are represented in a binary value. This happens at the beginning of a communication session over a dedicated fiber line. Once the symmetric key is established, it can be used to encrypt and decrypt messages that travel over a more public communication path. The randomness of the polarization and the complexity of creating a symmetric key in this manner help ensure that an eavesdropper will not uncover the encryption key. If someone is trying to sniff the line, the receiver would know because just this simple act changes the polarization of the photons
What does a PKI actually do?
it contains the pieces that will identify users, create and distribute certificates, maintain and revoke certificates, distribute and maintain encryption keys, and enable all technologies to communicate and work together for the purpose of encrypted communication and authentication
What does it mean if a company decides it wants multiparty control for emergency key recovery?
more than one person would be needed to recover the emergency key
Does a hashing function require the use of any keys?
no it doesn't require any keys
CMAC (Cipher-Based Message Authentication Code)
replaced CBC-MAC. provides the same type of data origin authentication and integrity as CBC-MAC, but more secure mathematically. It is approved to work with AES and Triple DES. CRCs are used to identify data modifications lower in the network stack (to identify corruptions) when the packet is transmitted from one device to another, but HMAC, CBC-MAC, and CMAC work higher in the network stack and can identify not only transmission errors (accidental), but also more nefarious modifications, as in an attacker messing with a message for her own benefit. it is a block cipher-based message authentication code algorithm
Cookies
text files that a browser maintains on a user's hard drive... some are used for demographic and advertising information by keeping track of browsing and spending habits and the user's customization for certain sites. as a user travels from site to site on the Internet, the sites could be writing data to the cookies stored on the user's system. The servers at the web site determine how cookies are actually used. Since HTTP is stateless, cookies are used to retain the memory between HTTP connections by saving prior connection data to the clients computer. They are also used for security: when you send your credentials to set up an SSL connection and are authenticated, the server generates a cookie with your authentication and account information which is sent to your browser and stored on your hard drive or in memory... cookies often have time stamps to timeout secure connections
What is the Web? And how is it different from the Internet?
the Internet is the network of routers and physical devices that allow for communication between hosts using communication protocols... the Web sits on top of it and is the collection of HTTP servers that hold and process web sites. Web browsers are used to access the Web. The IP protocol finds the way to get from A to Z, TCP makes sure the origin and destination are correct and that no packets are lost along the way, and, upon arrival at the destination, HTTP presents the payload, which is a wb page.
Chosen-Ciphertext Attacks
the attacker chooses the ciphertext to be decrypted and has access to the resulting decrypted plaintext... you compare the two to try to determine the key
Chosen-Plaintext Attack
the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext (maybe by convincing them to forward a message you sent to them using encryption). this gives the attacker more power and possibly a deeper understanding of the way the encryption process works so he can gather more information about the key being used
Known-Plaintext Attack
the attacker has the plaintext and the corresponding ciphertext of one or more messages and tries to discover the key used... messages usually start with the same type of beginning and close with the same type of ending, so after a few pieces of the puzzle are discovered, the rest is accomplished by reverse-engineering, frequency analysis, and brute force attacks
Cipher-Only Attack
the attacker uses the ciphertext of several messages that have been encrypted using the same encryption algorithm. he uses that to discover the key used in the encryption process... this is the most common type of active attack (because it's easy to get ciphertext by sniffing traffic), but it's the hardest to actually be successful at because the attacker has so little information about the encryption process
End-to-End Encryption
the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed... however, it also allows the traffic to stay encrypted even when it goes through routers, it provides higher granularity of functionality because each application or user can choose specific configurations, and the user has more flexibility in choosing what gets encrypted and how
PKI (Public Key Infrastructure)
the infrastructure protects the public keys so that they cannot be changed
What is the relationship between key size and work factor needed for a bad guy to decrypt a message?
the larger the key, the higher the work factor
What is the relationship between message digest size and the ease of creating a collision?
the larger the message digest size (the value of n), the more difficult it is is make collisions occur and cause a birthday attack
Certificate
the mechanism used to associate a public key with a collection of components in a manner that is sufficient to uniquely identify the claimed owner... the standard is X.509, which includes the following fields: the serial number, version number, identity information, algorithm information, lifetime dates, and the signature of the issuing authority.
Message Security Protocol (MSP)
the military's version of PEM... it's an X.400-compatible application-level protocol used to secure email messages... it can be used to sign and encrypt messages and to perform hashing functions
How does PGP generate and use keys?
the user's private key is generated and encrypted when the application asks the user to randomly type on a keyboard for a specific amount of time. then a passphrase encrypts the private key, which is stored on the hard drive. Each user keeps a collection of public keys that have been received from other users in a "key ring"
How does IPSec authenticate the sending devices of a packet?
using a MAC called an ICV (integrity check value)
Collision Free
what a hashing algorithm takes steps to ensure it does not create the same hash value for two or more messages, it is said to be collision free
Why does 3DES encrypt with one key and decrypt with another in some cases?
when data are encrypted with one symmetric key and decrypted with a different symmetric key, it is jumbled even more
What layer does End-to-End encryption take place at?
within the applications
Secure Sockets Layer (SSL)
works at the transport layer and has two protocols: one at the lower end of the session layer and the other at the top of the transport layer. uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. the client generates a session key and encrypts it with the server's public key. this encrypted key is sent to the web server, and they both use this symmetric key to encrypt the data they send back and forth. the data is encrypted while being transmitted, but not after the data are received by a computer