Domain 6: Cryptography (11%)
Symmetric Algorithms
(B)lowfish, Twofish (R)C5 (Rivest Cipher) (A)dvanced Encryption Standard (AES) (I)nternational Data Encryption Algorithm (IDEA) (D)ata Encryption Standard (DES)
CA
...
Centralized Storage
...
Certificate Life Cycle
...
Decentralized Storage
...
Digital Certificate
...
GPG
...
HTTPS
...
Hierarchical model
...
IPSec
...
Key Escrow
...
Key History
...
Key Management & Storage
...
Key Protection & Storage
...
Key Recovery
...
M of N Control
...
PGP
...
PKI
...
Pull Model
...
Push Model
...
Recovery Agent
...
S/MIME
...
SSH
...
SSL
...
TLS
...
Third-Party (Single-Authority) Trust
...
Trust Models
...
Web of Trust
...
Algorithms
A complex mathematical formula that dictates how the encryption and decryption process takes place
Algorithm
A complex mathematical formula that dictates how the encryption and decryption process takes place. Strengthened with a secret key.
128 bits
A good minimum starting point for the size of a hash value.
One-Way Hash
A mathematical function that takes a variable-sized message and transforms it into a fixed-length value (hash value, or message digest). It's difficult to invert the procedure, and is never decrypted.
Steganography
A method of hiding data in another type of media that effectively conceals the existence of the data.
Steganography
A method of hiding data in another type of media that effectively conceals the existence of the data. Typically performed by hiding messages in graphic images such as bitmap (BMP) files or other types of media files such as digital music files. Also used for watermarks
Information Assurance
A method of protecting information and information systems by providing confidentiality, integrity, authentication, and nonrepudiation.
Keyspace
A specific range of values, usually measured in bits, that is created by the algorithm to contain keys. The strength of a key depends on it.
Cryptosystem
A system that provides encryption and decryption.
Hashing
A value used in encryption systems to create a "fingerprint" for message. This prevents the message from being manipulated on its way to its destination. Provides integrity
Centralized Storage:
Administration
AES
Advanced Encryption Standard: Created to replace DES. Standard using a symmetric block cipher supporting the key lengths of 128, 192, 256 bits
Digital Signature
An encrypted hash value used to ensure the identity and integrity of a message.
Confidentiality Authentication Nonrepudiation
Asymmetric schemes offer what information assurances?
Symmetric Keys
Both parties use the same key for encryption and decryption purposes. The sender uses the key to encrypt the message and then transmits it to the receiver. The receiver, who is in possession of the same key, uses it to decrypt the message
Transportation
Characters are rearranged through mathematical permutations
Confidentiality
Concept of ensuring data is not made available or disclosed to unauthorized people. Processes such as encryption must be used on the data, network infrastructure, and communication channels to protect against data interception and disclosure
Authentication
Concept of uniquely identifying individuals to provide assurance of an individual user's identity. It is the act of ensuring that a person is who he claims to be. Encrypted digital certificates are used to identify users electronically
CIA
Confidentiality, Integrity, Availability
Hash
Creates a "fingerprint" for a message.
DES/3DES
Data Encryption Standard: (Symmetric) Block cipher defined by the US government as an official standard. Most well-known and widely used cryptosystem in the world. Uses a 64-bit block size and a 56-bit key. 3DES: 168-bit encryption standard
SHA
Developed by the NSA to use with digital signature standards and is considered a more secure successor and alternative to MD5. AKA SHA-224, 256, 384, 512
DSA
Digital Signature Algorithm: Based on discrete logarithms and is used only for authentication. Secured secure when the key size is large enough. Originally proposed with a 512 bit key size and was eventually revised to support key sizes up to 1024 bits. Has a lack of key exchange capabilities, relatively slow, and has a public distrust of the public
ECC
Elliptic Curve Cryptosystems: Asymmetric: Used for encryption and digital signatures. Uses complex mathematical structures to create secure asymmetric algorithms and keys. Created for devices with smaller processing capabilities, such as cell phones, PDAs, and other wireless devices
Digital Signatures
Encrypted hash value used to ensure the identity and integrity of a message. Can be attached to a message to uniquely identify the sender. Guarantees the individual sending the message is who he claims to be
Symmetric
Encryption scheme in which both parties use the same key for encryption. Faster encryption because the underlying algorithms are more simple and efficient.
Asymmetric
Encryption scheme in which everyone uses different, but mathematically related, keys for encryption and decryption. Slower
One-Time Pad
Encryption scheme that, when implemented correctly, is considered secure and theoretically impossible to compromise. Pro: Secure because they're only used once. Con: Human error
Stream Cipher
Encrypts data one bit at a time
Stream Cipher
Encrypts data one bit at a time.
Block Cipher
Encrypts entire blocks of data
Block Cipher
Encrypts entire blocks of data. For many block ciphers, the block size is 64 bitz.
Quantum Cryptography
Extremely advanced, uses the quantum effect of light waves over fiber-optic cable to transmit code within theoretically unbreakable light pulses to distribute a shared key between two users
HMAC
Hash-based Message Authentication Code: Used as an algorithm for message authentication purposes where the authentication is applied using hash functions and a secret key to create an authentication code value. Used to authenticate a message and provide data integrity
Integrity
Hashing offers what information assurance?
Centralized Storage:
Integrity
IDEA
International Data Encryption Algorithm: Symmetric Block Cipher: Uses 64-bit blocks of data, with a key length o 128 bits. The data blocks are divided into 16 smaller sections, which are subjected to eight rounds of cryptographic computation. The speed of IDEA in software is similar to that of DES. IDEA is the cipher used in the popular encyrption program PGP
Key Escrow
Involves a third party that holds a special third key used to encrypt the private key.
Diffie-Helman
Isn't an actual encryption algorithm: it's a key agreement protocol that enables users to exchange encryption keys over an insecure medium. Depends on the discrete logarithmic formulas for its security. Used in PKI
MD4
Message Digest 4: One-way hash function that produces a 128-bit hash message digest value
MD5
Message Digest 5: A slower but more complex version of MD4. Popular and widely used for security applications and integrity checking
Information Assurance
Method of protecting information and information systems by providing confidentiality, integrity, authentication, and nonrepudication
Integrity
Protection of information from damage or deliberate manipulation during transit. A cryoptological function of hashing is often used to create signature files that indicate if the file has been tampered with if the hashed value does not match the original
RIPEMD
RACE Integrity Primitives Evaluation Message Digest: A hash function message digest. Reduces the chance of hash value collisions, slower and not as popular ain use a SHA-1 or MD5
RC4
Rivest Cipher: Symmetric Stream Cipher: Used in popular encryption protocols such as SSL, TLS, and also 40-bit and 128-bit WEP. Utilizes secure exchange of a shared key
RSA
Rivest, Shamir, and Adleman: Asymmetric Public Key: Main standard for encryption and digital signatures and is widely used for electronic devices, OS, and software applications. Used primarily for encryption and digital signatures
Centralized Storage:
Scalability
Centralized Storage:
Security
2 Main Types of Symmetric Encryption:
Stream & Block Cipher
2 Types of Cipher Encryption:
Substitution & Transportation
Twofish
Symmetric Block Cipher: Very similar to Blowfish but uses a block size of 128 bits and key sizes up to 256 bits. Twofish is a free public domain encryption cipher and is often used in open-source projects as an OpenPGP
Confidentiality
Symmetric systems can only offer what information assurance through encryption?
Blowfish
Symmetric: Uses 64-bit blocks of data. Its key length is 448 bits, and uses 16 rounds of cryptographic computations. Was designed specially for 32-bit machines and is significantly faster than DES
Substitution
Takes plain text and substitues the original characters in the data with other characters (Ex: ABC translates into XYZ)
Confidentiality
The concept of ensuring that data is not made available or disclosed to unauthorized people.
Authentication
The concept of uniquely identifying individuals to provide assuranc of an individual user's identity.
Cryptography
The conversion of communicated information into secret code that keeps the information confidential and private.
Nonrepudiation
The inability of a person to deny the origin of a signature or document, or the receipt of a message or document.
Public Key
The key known to all users
Private Key
The key which is given to the user remains secret.
Integrity
The protection of information from damage or deliberate manipulation.
The Receiver's Private Key
The receiver will decrypt a message or file with what key?
The Receiver's Public Key
The sender will encrypt a message or file with what key?
Encryption
The transformation of data into an undreadable form (ciphertext). The central function of cryptography.
Decryption
Transforms ciphertect into plain text.
Asymmetric Keys
Two keys are created for encryption and decryption purposes: One key is the public key, which is known to all users, while the private key remains secret and is given to the user to keep private. To use a system, a user encrypts with the intended receiver's public key. To decrypt, the receiver will use the private key that only he possesses
Transposition
Type of cipher encryption in which the characters are rearranged through mathematical permutations.
Substitution
Type of cipher encryption that takes plain text and substitues the original characters in the data with other characters.
Message Digest Hashing
Used for digital signature applications when a large message must be hashed in a secure manner
Nonrepudiation
Used to describe the inability of a person to deny or repudiate the origin of a signature or document
WPA/WPA2
Wi-Fi Protected Access: Most recent and secure form of encryption for wireless networks. Can use apre-shared key
WEP
Wireless Encryption Protocol: Security protocol that provides encrypted communication between wireless clients and access points. Uses a key encryption algorithm to encrypt communications between devices. Each client and access point on the wireless LAN must use the same encryption key. Key is manually configured on each access point and each client before either can access the network
