EC-Council Certified Encryption Specialist (ECES)

Transport Layer Security (TLS)

*A TLS client and server negotiate a connection by using a handshaking procedure* A) The client and server agree on various parameters used to establish the connection's security B) Client connects to a TLS-enabled server requesting a secure connection and presents a list of encryption and hash functions it can support C) From this list, the server picks the strongest encryption and hash function that it can also support and notifies the client of the chosen algorithms D) The server sends back its identification in the form of a standard X.509 digital certificate E) The client may contact the Certificate Authority that issued the certificate and confirm the validity of the certificate before proceding F) In order to generate the session keys used for the secure connection, the client encrpyts a random number with the server's public key and sends the result to the server. The server decrypts that number with its private key G) From the random number, both parties generate key material for encryption and decryption

WPA2

*Based on the IEEE 802.11i standard and provides the following:* A) The Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames. B) The optional use of Pairwise Master Key (PMK) caching and opportunistic PMK caching. In PMK caching, wireless clients and wireless access points cache the results of 802.1x authentications. This improves access times C) The optional use of pre-authentication which allows a WPA2 wireless client to perform an 802.1x authentication with other wireless points in its range even though it is still connected to the current WAP. This also speeds connectivity.

Digital Certificate Terminology

*Certificate Revocation List (CRL)* - A list of certificates that have been revoked for one reason or another *Online Certificate Status Protocol (OCSP)* - A real time protocol for verifying certificates

Cracking Modern Cryptography: Ciphertext-only and Related-key Attack

*Ciphertext-only* The attacker only has access to a collection of ciphertexts. This is much more likely than known plaintext, but also the most difficult. The attack is completly successful if the corresponding plaintexts can be deduced, or even better, the key. The ability to obtain any information at all about the underlying plaintext is still considered a success. *Related-key Attack* Like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys. This is actually a very useful attack if you can obtain the plaintext and matching ciphertext

Tools

*Cryptool* A)Used to analyze encrypted text and attempt to derive the original plaintext B) https://www.cryptool.org *L0phtCrack* A) It is meant to attempt to crack passwords B) http://www.L0phtcrack.com *Ophcrack* A) It is a popular tool for cracking Windows passwords B) http://ophcrack.sourceforge.net

Server-based Certificate Validation Protocol

*Delegated Path Discovery* - Determining the path between a X.509 digital certificate and a trusted root *Delegated Path Validation* - The validation of that path according to a particular validation policy

PPTP VPN

*Extensible Authentication Protocol (EAP)* Designed specifically for PPTP and is not proprietary *Challenge Handshake Authentication Protocol (CHAP)* A) A three-way process whereby the client sneds a code to the server, the server authenticates it, and then the server responds to the client B) Also periodically re-authenticates a remote client, even after the connection is established *Microsoft Point-to-Point Encryption* A)Uses MMPE to encrypt packets B) MMPE is actually a version of DES C) DES is still useful for many situations; however, newer versions of DES, such as DES 3, are preferred

Kerberos Authentication Process

*Kerberos uses symmetric cryptography* *Authentication is UDP port 88* A) AS generates a secret key by creating a hash of the user password, then sends 2 messages to client: 1. CLIENT/TGS Session Key encrypted with secret key of client 2. TGT includes client ID, client network address, validity period B) The messages are encrypted using the key the AS generated C) The user attempts to decrypt message A with the secret key generated by the client hashing the users entered password. If the entered password does not match the password the AS found in the database, the hashes won't atch, and the decryption won't work. If it does work, then message A contains the Client/TGS session key that can be used for communications with the TGS. Message B is encrypted with the TGS secret key and cannot be decrypted by the client D) Upon receiving messages E and F from the TGS, the client has enough information to authenticate itself to the Service Server (SS). The client connects to the SS and sends the following 2 messages: 1. Message E from the previous step (the client-to-server ticket, encrypted using a service's secret key.) 2. Message G: A new authenticator, which includes the client ID, timestamp and is encrypted using Client/Server Session Key E) The SS decrypts the ticket (message E) using its own secret key to retrieve the Client/Server Session Key. Using the sessions key, SS decrypts the authenticator and sends the following message to the client to confirm its true identity and willingness to serve the client: "Message H: the timestamp found in the client's authenticator" F) The client decrypts the confirmation (message H) using the Client/Server Session key and checks whether the timestamp is correct. If so, then the client can trust the server and start issuing service requests to the server. G) The server provides the requested services to the client. H) When requesting services, the client sends the following messages to the TGS: 1. Message C: Composed of the TGT from message B and the ID of the requested service 2. Message D: Authenticator (which is composed of the client ID and the timestamp), encrypted using the Client/TGS Session Key I) Upon receiving messages C and D, the TGS retrieves message B out of message C. It decrypts message B using the TGS secret key. This gives it the "client/TGS session key". Using this key, the TGS decrypts message D (authenticator) and sends the following 2 messages: 1. Message E: Client-to-server ticket (which includes the client ID, client network addres, validity period and Client/Server Session Key) encrypted using the service's secret key 2. Message F: Client/Server Session Key encrypted with the Client/TGS Session Key

How RSA Works

*Key Generation* A) Generate two large random primes, p and q, of approximately equal size such that their product , n = pq, is the required bit length (such as 128 bits, 256 bits, etc.) B) Let n = pq C) Let m = (p -1)(q - 1) D) Chose a small number, e, co-prime to m (note: Two numbers are co-prime if they have no common factors.) E) Find d, such that de % m = 1 F) Publish e and n as the public key G) Keep d and n as the secret key *Encrypt* A) c = M^e % n (c is the ciphertext) *Decrypt* A) P - C^d % n B) Uses his private key (d,n) to compute m = C^d mod n

Components of Kerberos System

*Principal* - A server or client that Kerberos can assign tickets to *Authentication Server (AS)* - Server that authorizes the principal and connects them to the Ticket Granting Server *Ticket Granting Server (TGS)* - Provides Tickets *Key Distribution Center (KDC)* - A server that provides the initial ticket and handles TGS requests. Often it runs both AS and TGS services *Realm* - A boundary within an organization. Each real has its own AS and TGS *Remote Ticket Granting Server (RTGS)* - A TGS in a remote realm *Ticket Granting Ticket (TGT)* - The ticket that is granted during the authentication process *Ticket* - Used to authenticate to the server. Contains identity of client, session key, timestamp, and checksum. Encrypted with servers key *Session Key* - Temporary encryption key *Authenticator* - Proves session key was recently created. Often expires within 5 minutes

Secure Sockets Layer (SSL)

*SSL was developed by Netscape and has since been supplanted by TLS. It was the preferred method used with secure websites (i.e. https)* A) The browser asks the web server to prove its identity B) The server sends back a copy of its SSL certificate C) The browser checks to see if the certificate is from a CA it trusts D) The server sends back to a digitally signed acknowledgement and a session is started

Digital Certificate Management Cont.

*Setup and Initialization Phase* Process Components 1. Registration 2. Key Pair Generation 3. Certificate Generation 4. Certificate Dissemination *Administration Phase* 1. Key Storage 2. Certificate retrieval and validation 3. Backup or escrow 4. Recovery *Cancellation and History Phase* 1. Expiration 2. Renewal 3. Revocation 4. Suspension 5. Destruction *Update and Patch Vulnerabilities* 1. Person who can recover keys from the keystore on behalf of a user 2. Highly-trusted person 3. Issue recover agent certificate: (EFS Recovery Agent certificate, Key Recovery Agent certificate)

Other Forms of Steganography

*Steganophony* A) Hiding messages in sound files B) This can be done via: 1. LSB - replacing small parts of an audio file 2. Echo Hiding - adding extra sound that conceals information to an echo inside an audio file *Video Steganography* A) Hiding messages in video files B) This can be done via: 1. Discrete Cosine Transform - alters values of certain parts of the individual frames. The usual method is to round up the values

Classification of RNG

*The German Federal office for Information Security (BSI) has established four criteria for classifying random number generators* A) A sequence of random numbers with a low probability of containing identical consecutive elements B) A sequence of numbers which is indistinguishable from "true random" numbers according to to specified statistical tests C) It should be impossible for any attacker to calculate or otherwise guess from any given sub-sequence any previous or future values in the sequence D) It should be impossible for an attacker to calculate or guess from an inner state of the generator any previous numbers in the sequence or any previous inner generator states

SSL/TLS VPN

*The VPN is setup through a web browser* 1. The user logs into a web portal, via their web browser 2. That portal uses SSL/TLS to secure the web traffic 3. Instead of simply giving the user limited access to secure data, such as a bank account, the web portal gives the user access to the target network

Cryptanalysis Resources

*Time* The number of "primitive operations" which must be performed. This is quite loose; primitive operations could be basic computer instructions, such as addition, XOR, shift, and so forth, or entire encryption methods *Memory* The amount of storage required to perform the attack *Data* The quantity of plaintexts and ciphertexts required

Cryptanalysis Success

*Total Break* The attacker deduces the secret key *Global Deduction* The attacker discovers a functionality equivalent algorithm for encryption and decryption, but without learning the key *Instance (Local) Deduction* The attacker discovers additional plaintexts (or ciphertexts) not previously known *Information Deduction* The attacker gains some Shannon Information about plaintexts (or ciphertexts) not previously known *Distinguishing algorithm* The attacker can distinguish the cipher from a random permutation

Wi-Fi Protected Access (WPA)

*Uses Temporal Key Integrity Protocol (TKIP)* A) A 128-bit per packet key B) Dynamically generates a new key for each packet *WPA-Personal* A) Also referred to as WPA-PSK (Pre-shared Key) mode B) Designed for home and small office networks C) Doesn't require an authentication server D) Each wireless network device authenticates with the access point using the same 256-bit key *WPA-Enterprise* A) Also referred to as WPA-802.1x mode B) Designed for enterprise networks C) Requires a RADIUS authentication server D) An Extensible Authentication Protocol (EAP) is used for authentication E) EAP has a variety of implementation such as EAP-TLS and EAP-TTLS

Historical Steganography

*While digital steganography is obviously rather recent, the concept of hiding message is not* A) The ancient Chinese wrapped notes in wax and swallowed them for transport B) In ancient Greece a messenger's head might be shaved, a message written on his head, then his hair was allowed to grow back C) In 1518 Johannes Trithmeus wrote a book on cryptography and described a technique where a message was hidden by having each letter taken as a word from a specific column *In more recent times, but before the advent of computers, other methods were used to hide messages* A) During WWII, the French Resistance sent messages written on the backs of couriers using invisible ink B) Microdots are images/undeveloped film the size of a typewriter period, embedded on innocuous documents. These were said to be used by spies during the Cold War.

SHA-1

160-bit hash function that resmebles the earlier MD5 algorithm, Designed by the NSA to be part of the Digital Signature Algorithm

Digital Certificate

A digital "document" that contains a public key and some information to allow your system to verify where that key came from. *Digital certificates are used for: Web Servers, Authentication of Cisco Secure phones, and E-Commerce*

Trust Models - Hierarchial

A hierarchy for CA where CA is top tier, then branches down into Intermediate CAs, then branch down to the users

Trust Models - Web of trust

A mesh type model, where all users are connected to each other

Trust Models - Single Authority

A single branch where the CA branches to the users

Whitening

A technique intended to increase the security of an iterated block cipher. It consists of steps that combine the data with portions of the key.

Types of Digital Certificates

A) *PKI (Public Key Infrastructure)* uses asymmetric key pairs and combines software, encryption and services to provide a means of protecting the security of business communication and transactions B) *PKCS (Public Key Cryptography Standards)* are in place by RSA to ensure uniform certificate management throughout the internet C) A certificate is a digital representation of information that identifies you as a relevant entity by a *trusted third party (TTP)* D) A *CA (Certificate Authority)* is an entity trusted by one or more users to manage certificates E) *RA (Registration Authority)* is used to take the burden off of a CA by handling verification prior to certificates being issued. RA acts as a proxy between user and CA. RA receives request, authenticates it and forwards it to the CA. F) *CP (Certificate Policy)* is a set of rules that defiens how a certificate may be used

Types of Digital Certificates Cont.

A) *X.509* is an international standard for the format and information contained in a digital certificate (The most common digital certificate in the world) B) *CRL (Certificate Revocation List)* is a list of certificates issued by a CA that are no longer valid, distributed in two main ways: PUSH model - CA automatically sends the CRL out in regular intervals PULL model - The CRL is downloaded from the CA by those who want to see it to verify a certificate. End user is responsible C) Restrict DNS recursive service, either full or partial, to authorized users: 1. Described in RFC 2560 and is on the internet standards track 2. Created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI) 3. Allows the authenticity of a certification to be immediately verified.

X.509 Certificate File Extensions

A) .pem - (Privacy Enhanced Mail) Base64 encoded DER certificate, enclosed between "--BEGIN CERTIFICATE-----"and"------END CERTIFICATE------" B) .cer, .crt, .der - usually in binary DER form, but Base64-encoded certificates are common too C) .p7b, .p7c - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s) D) .p12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected) E) .pfx - PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)

MD5

A) 128 bit hash that is specified by RFC 1321 B) Designed by Ron Rivest in 1991 to replace MD4 C) In 1996, a flaw was found with the design of MD5...While it was not a clearly fatal weakness, cryptographers began recommending the use of algorithms, such as SHA-1. D) not collision resistant

Binary OR

A) A binary OR asks if there is a 1 in the first number, the second number, or both B) Each place is compared one at a time C) Finish the 1's place, then 2's place, then 4's, etc. Example *First Number 1101 Second Number 0110 Resulting Number (OR) 1111*

Diffie-Hellman

A) A cryptographic protocol that allows two parties to establish a shared key over an insecure channel B) Developed by Whitfield Diffie and Martin Hellman in 1976 C) Actually was independently developed a few years earlier by Malcolm J. Williamson of the British Intelligence Service, but it was classified

Fortuna

A) A group of PRNGs and has many options for whoever implements the algorithm B) It has three main components (Not this is quite similar to Yarrow): 1. A generator, which is seeded and will produce psuedorandom data 2. The entropy accumulator that collects random data from various resources and uses that to reseed the generator 3. The seed file, which has initial seed values

Hash Function

A) A hash function "H" takes a variable-size input "m" and returns a fixed-size string B) The resulting value is called the Hash Value "h" or the digest *Expressed mathematically as h = H(m)* C) Other properties of a good Hash function should include: input can be any length; output has a fixed length; H(x) is relatively easy to compute for any given x; H(x) is one-way; H(x) is collision free D) A hash function H is said to be one-way if it is hard to invert E) "Hard to invert" means that a given hash value h is computationally infeasible to find some input x such that H(x) = h F) A collision refers to a situation where two different inputs yield the same output.

Linear Congruential Generator

A) A linear congruential generator is determined by the following four integer values: 1. m *the modulus: m > 0* 2. a *the multiplier 0: 0 < a < m* 3. c *the increment 0: 0 < c < m* 4.X sub0 *the starting value 0: 0 < X sub0 < m* The algorithm is: X sub n + 1 = (aX subn + c) mod m: Where n > 0

Birthday Attack

A) A name used to refer to a class of brute-force attacks against hashes B) Uses birthday paradox Example: Assume the hash is MD5 (128-bit output). You would have to try 2^128 possible hashes. The birthday paradox shows we need need about 1.174 sqrt 2^128.

SHA-3

A) A proposed hash function still in development B) Being chosen in a public review process from non-government designers C) An ongoing NIST hash function competition is scheduled to end with the winning function being named SHA-3

Disk Encryption Software: VeraCrypt

A) A software for establishing and maintaining an on-the-fly-encrypted volume (data storage device) B) On-the-fly encryption mean that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention C) download from https://veracrypt.codeplex.com

Virtual Private Network (VPN)

A) A way to use the internet to create a virtual connection between a remote user or site and a central location B) The packets sent back and forth over this connection are encrypted, thus making it private C) The VPN must emulate a direct network connection D) There are four different protocols that are usually used to create VPNs: 1. Point-to-Point Tunneling Protocol (PPTP) 2. Layer 2 Tunneling Protocol (L2TP) 3. Internet Protocol Security (IPSec) 4. SSL/TLS VPN

AES (Advanced Encryption Standard)

A) AES, also known as Rijndael block cipher, was ultimately chosen as a replacement for DES in 2001 after a 5 year process involving 15 competing algorithms B) AES is designated as FIPS 197. Other algorithms that did not win that competition include such well known algorithms as Twofish C) AES can have three different key sizes, they are: 128, 192, or 256. The three different implementations of AES are referred to as AES 128, AES 192, and AES 256. All three operate on a block size of 128. D) This algorithm was developed by two Belgian cryptographers. Joan Daemen and Vincent Rijmen. Unlike both DES and 3DES, AES is not based on a Feistel network E) Uses a substitution-permutation matrix, rather than a Feistel network F) Operates on a 4x4 column-major order matrix of bytes called the state G) Versions of AES with a larger block size have additional columns in the state

Euler's Totient

A) Actually part of the RSA Algorithm B) The number of positive integers less than or equal to n that are co-prime to n is called the Euler's Totient of n C) The number 6, 4, and 5 are co-prime with 6, Therefore Euler's Totient = 2 D) For a prime number p the Euler's Totient is always p-1 E) Symbolized φ(n) F) Co-prime numbers have interesting relationships that are part of algorithms like RSA G) If m and n are co-prime, then φ(mn) = φ(m)φ(n)

SHA-2

A) Actually, two similar hash functions, with different block sizes (SHA-256 and SHA-512) B) SHA-256 uses 32-byte (256 bit) words C) SHA-512 uses 64-byte (512 bit) words D) There are also truncated versions of heach standard, known as SHA-224 and SHA-384.

NSA Suite B Encryption Algorithms

A) Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits B) For traffic, AES should be used with the Galois/Counter Mode (GCM) mode of operation - symmetric encryption C) Elliptic-Curve Digital Signature Algorithm (ECDSA) - digital signatures D) Elliptic-Curve Diffie-Hellman (ECDH) - key agreement E) Secure Hash Algorithm 2 (SHA-256 and SHA-384) - message digest

Challenge Handshake Authentication Protocol (CHAP)

A) After Link Establishment phase, the authenticator sends a "challenge" message to the peer B) The peer responds with a value calculated using a "one-way hash" function C) The authenticator checks the response against its own calculation of the expected hash value (if the values match, the authentication is acknowledged. If not, the connection SHOULD be terminated) D) At random intervals, the authenticator sends a new challenge to the peer, and repeats step 1 to 3.

National Security Agency: Type 4 Algorithms

A) Algorithms that are registered by the NIST but are not FIPS published B) Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage

CryptoBench

A) Allows you to see the output of a number of hashes B) You can enter any text you wish to encrypt, select the algorithm you wish to use, and then enter a key C) Download from http://www.addario.org

Multi-Alphabet Substitution

A) Also called "Poly-Alphabet Substitution" B) Use of more than 1 alphabet in a cipher. (to make ciphers like Caesar and Atbash more secure) Example: With +1 -1 +2 since you add 1 to the first letter, subtract 1 from the second letter, add 2 to the third letter, resets on the fourth letter... "A CAT" becomes "B BCA" C) Examples of "Poly-Alphabet Substitution" ciphers are: Cipher Disk, Vigenere, and Enigma Machine

Co-Prime Numbers

A) Also important in cryptography B) A number that has no factors in common with another number (3 and 7 are co-primes)

Steganalysis - Chi-Square Analysis

A) Another option uses the chi-squared method from statistics: 1. Calculates the average LSB and builds a table of frequencies and Pair of Values 2. Performs a chi-square test on these two tables 3. It measures the theoretical vs. calculated population difference

Prime Numbers

A) Any number whose factors are 1 and itself (2, 3, 5, 7, 11, 13, 17, 23, etc). Used in some public cryptography algorithms, such as RSA B) Prime Number Theorm: If a random number N is selected, the chance of it being prime is approximately 1 / ln(N), where ln(N) denotes the natural logarithm of N C) There have been many proposed methods for generating prime numbers (not an easy thing to do as all methods so far have failed) D) One attempt advanced by the mathematician Mersenne E) Mersenne Primes: M sub n - 2^n -1, where n is a prime number. (Works for 2, 3, 5, 7, but fails on 11 and many other values) F) Format also proposed a formula which he thought could be used to generate prime numbers (Format Numbers: F sub n = 2^2n + 1)

Asymmetric Cryptography

A) Asymmetric systems use key pairs which consist of a public key and private key B) The public key is made public (for example, by publishing it in a directory) and the private key is kept secret C) Asymmetric cryptography does not involve exchanging a secret key D) The public key can be used to encrypt messages, and only the recipient's private key can decrypt them E) Transmission is: Bob gets Alice's public key --> Bob encrypts Alice's public key --> Bob sends the message to Alice --> Alice decrypts the message with her private key

Confusion

A) Attempts to make the relationship between the statistical frequencies of the cipher text and the actual key as complex as possible B) This occurs by using a complex substitution algorithm

Binary AND

A) Binary AND asks if there is a one in BOTH the first and second number B) The numbers are compared one digit at a time Example *First Number 1101 Second Number 0110 Resulting Number (AND) 0100*

Binary XOR

A) Binary XOR asks if there is a 1 in one of the numbers, but NOT in both B) Reason XOR is important is because it's reversible. If you XOR number "A" with number "B", you get number "C". However, if you then XOR "C" with "B", you get back to "A". So "A" could be a plain text message, "B" could be the key, and "C" would be the resulting cipher text Example *First Number 1101 Second Number 0110 Resulting Number (XOR) 1101*

CAST-128

A) Can use either 12 or 16 rounds, working on a 64-bit block B) The key sizes are in 8-bit increments. C) The 12-round version of CAST-128 is used with key sizes less than 80 bits D) The 16-round version of CAST-128 is used with key sizes of 80 bits or more E) Has eight S-boxes, each 32 bits in size

Digital Certificate Management

A) Centralized key-management systems B) Decentralized key-management systems C) Three phases of key life cycle 1. Setup and Initalization 2. Administration 3. Cancellation

Microsoft Certificate Services

A) Certificate Authority B) Web Enrollment C) Online Responder D) Network Device Enrollment

RSA Example

A) Chose two distinct prime numbers such as p=17 and q=11 B) Compute n=pq giving n = 17 * 11 = 187 C) Compute m=(p-1)(q-1) = m=(17-1)(11-1) = 160 D) Choose any number 1 < e < 160, that is co-prime to 160. Choosing a co-prime for e leaves us to check that e is not a divisor of 160. Let e = 7. E) Find d such that de % m = 1, d = 23 F) The public key is (n = 160, e = 7). For a padded plaintext message m, the encryption function is m^7(mod 187) G) The private key is (n=187, d=23). For an excrpyted ciphertext c, the decryption function is c^23(mod 187)

Certificate Authority - Verisign

A) Class 1: For individuals, intended for email B) Class 2: For organizations for which proof of identity is required C) Class 3: For servers and software signing, for which independent verification and checking of identity and authority is is done by the issuing CA D) Class 4: For online business transactions between companies E) Class 5: For private organizations or governmental security

Examples of Symmetric Stream Ciphers: RC4

A) Created by Ron Rivest in 1987, the RC stands for "Ron's Cipher" B) Most widely used software stream cipher C) used identically for encryption and decryption as the data stream is simply XORed D) Uses a variable length key from 1 to 256 bytes, the key constitutes a state table used for subsequent generation of psuedo-random bytes and then to generate a psuedo-random stream which is XORed with the plaintext to produce the ciphertext E) RC4 generates a psuedo-random stream of bits F) To generate key stream, the cipher makes use of a secret internal state which consists of two parts (a permutation of all 256 possible bytes (s), and two 8-bit index pointers (i and j) G) The permutation is initialized with a variable length key, typically between 40 and 256 bits, using the key-scheduling algorithm (KSA) H) Then the stream of bits is generated using the psuedo-random generation algorithm (PRGA)

Naor-Reingold Psuedorandom Function

A) Created in 1997 by Moni Naor and Omer Reingold B) The mathematics of this function (and other RNG's) can be a bit complex to the non mathematician

Scytale

A) Cylinder tool used by the Greeks and often specifically attributed to the Spartans B) Used to encrypt messages C) Turning the cylinder produced different cipher texts D) First used in 7th century BC by Greek poet Archilochus E) Writer of message wraps parchment around a rod F) Recipient uses a rod of the same diameter as one used to create message G) Requires both parties to have same size rod, and same leather "key"

PGP Certificates

A) Defines its own format B) A single Certificate can contain multiple signatures C) PGP Certificate includes: 1. PGP version number 2. Certificate holder's public key 3. Certificate holder's information 4. Digital signature of certificate owner 5. Certificate's validity period 6. Preferred symmetric encryption algorithm for the key

IDEA (International Data Encryption Algorithm)

A) Designed as a replacement for DES, it is a block cipher B) Designed by James Massey and Xuejia Lai in 1991 C) Operates on 64-bit blocks and has a 128-bit key D) Consists of a series of eight identical transformations (each round) and an output transformation

PCBC (Propagating Cipher-block Chaining)

A) Designed to cause small changes in the ciphertext to propagate indefinitely when decrypting, as well as encrypting B) This method is sometimes called plaintext cipher-block chaining C) Variation on the CBC mode of operation D) Has not been formally published as a federal standard

Skipjack

A) Developed by the NSA and was designed for the clipper chip ( chip with built-in encryption *key was kept in a key escrow in case law enforcement needed to decrypt data without owners cooperation....highly controversial*) C) Uses 80-bit key to encrypt or decrypt 64-bit data blocks D) Unbalanced Feistel network with 32 rounds

Information Theory Cryptography Concepts

A) Diffusion B) Confusion C) Avalanche

CBC (Cipher-block Chaining)

A) Each block of plaintext is XORed with the previous ciphertext block before being encrypted B) This means there is significantly more randomness in the final ciphertext C) Much more secure than ECB Mode and is the most common mode D) Method is *Plain text block for round 1 --> Cipher text produced in round 1 --> Psuedo plain text --> Round function*

Single Substitution Weaknesses

A) Easy to break B) Easily susceptible to brute force attacks, even by low end computers

Elliptic Curve Variations

A) Elliptic Curve Diffie-Hellman (used for key exchange) B) Elliptic Curve Digital Signature (ECDSA) C) DNSCurve D) Elliptic Curve MQV key agreement protocol

Symmetric Block Cipher Algorithms

A) Encrypt the data in blocks. 64 bit blocks are quite common, although some algorithms (like AES) use larger blocks (128 bit). B) Types of Block Cipher Algorithms: The Feistel Network, DES, 3DES, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA, CAST, TEA, SHARK

3DES

A) Eventually it became obvious that DES was no longer secure B) Triple DES (3DES) uses a "key bundle" which is comprised of three DES keys, K1, K2, and K3 C) Each key is standard 56 bit DES key

Steganalysis - Audio Steganalysis

A) Examines noise distortion in the carrier file B) Noise distortion could indicate the presence of a hidden signal

Layer 2 Tunneling Protocol (L2TP)

A) Explicitly designed as an enhancement to PPTP B) Like PPTP, it works at the data link layer of the OSI model C) It has several improvements to PPTP D) It offers more and varied methods for authentication (PPTP offers two, L2TP offers five): CHAP, EAP, PAP, SPAP, and MS-CHAP E) PPTP will only work over standard IP networks, whereas L2TP will work over X.25 networks (a common protocol in phone systems) and ATM (asynchronous transfer mode, a high speed networking technology) systems F) L2TP also uses IPSec for its encryption

FIPS Standards

A) FIPS 140: Cryptographic Modules (Defines 4 security levels) B) FIPS 186: Digital Signatures C) FIPS 197: AES D) FIPS 201: Identity Verification

Breaking Ciphers

A) Finding any method to decrypt the message that is more efficient than simple brute force attacks B) Brute force is simply trying every possible key C) If an algorithm uses a 128-bit key that means 2^128 possible keys ( or 3.402 * 10^38 possible keys) D) At a rate of 1 million keys/second, it could still take as long as 10,790,283,070,806,014,188,970,529 years to break

Integral Cryptanalysis

A) First described by Lars Knudsne, this attack is particularly useful against block ciphers based on substitution-permutation networks as an extension of differential cryptanalysis B) Differential analysis looks at pairs that differ in only bit position, with all other bits identical C) Integral analysis, for block size b, holds b-k bits constant and runs the other k through all 2k possiblities D) For k=1, this is just differential cryptanalysis, but with k > 1 it is a new technique

Elliptic Curve

A) First described in 1985 by Victor Miller (IBM) and Neil Koblitz (University of Washington) B) Its security is based on the fact that finding the discrete logarithm of a random elliptic curve element with respect to a publicly-known base point is difficult to the point of being impractical to do C) The size of the elliptic curve determines the difficulty of finding the algorithm D) Level of security afforded by an RSA-based system with a large modulus can be achieved with a much smaller ECC group E) Endorsed NSA 1. They include schemes based on it in its Suite B set of recommended algorithms 2. Allows their use for protecting information classified up to top secret with 384-bit keys F) Based on equations of the form y^2 = x^3 +Ax + B along with a distinguished point at infinity, denoted G) An elliptic curve is the set of solutions to the equation given above H) All the points which satisfy the equation plus a point at infinity lies on the elliptic curve I) The public key is a point in the curve, obtained by multiplying the private key with the generator point (called G) J) The private key is a random number

Breaking the Vigenere Cipher

A) First person to break Vigenere Cipher was Friedrich Kaiski in 1863

Caesar Cipher

A) First used by Julius Caesar B) Every letter is shifted a fixed number of spaces to the left or the right in the alphabet C) The shifting is the "key" for this algorithm D) The shift is often called the "alphabet" being used. Example "I Like Computers" shift 1 to left becomes "H Khjd Bnlotsdqr" **Most common single-letter word is "A" and most common three-letter word is "the". Most common two-letter combinations are "EE" and "OO"** E) 128-bit number from AES (Advanced Encryption Standard)

IV (Initialization Vector)

A) Fixed-size input to a cryptographic primitive that is random or psuedorandom B) Some cryptographic methods require the IV only to be non-repeating, not truly random (in that case IV is called a nonce) C) In a block cipher using ECB mode, encryption of the same plain tet with the same key results in the same cipher text D) Use of an IV that is XORed with the first block of plaintext, or included in front of the plaintext prior to encryption, solves this problem

Steganalysis

A) Forensics examiners need to be concerned with detecting steganography and extracting the hidden information B) This task is usually done by software, but it is important that you understand what the software is doing C) By analyzing changes in an image's close color pairs, the steganalyst can determine if LSB substitution was used D) Close color pairs consist of two colors whose binary values differ only in the LSB

Certificates and Web Servers

A) HTTPS - HTTP secured with either SSL (older) or TLS (newer) B) The certificate must be installed on the web server for the website to use HTTPS

Atbash Cipher

A) Hebrew Code that reverses alphabet. Example "A" becomes "Z", "B" becomes "Y"... "A cat sleeps" becomes "Z "xzg hovvkh" B) Used by Hebrew scribes copying the book of Jeremiah C) Simple cipher not used in modern times

History of cryptography

A) Hidden or secret writing is very old: People have been practicing hidden writing for at least 3,000 years. B) Until the latter part of the 20th century, cryptography was almost exclusively used by military and government

National Security Agency: Type 1 Algorithms

A) Highest level of encryption algorithms B) Used for: 1. Classified or sensitive U.S. Government information, including cryptographic equipment, assembly or component classified 2. Certified by NSA for encrypting and decrypting classified and sensitivie national security information when appropriately keyed C) Type 1 products include: 1. JUNIPER - Block Cipher 2. MAYFLY - Asymmetric 3. FASTHASH - Hashing 4. WALBURN - High bandwidth link encryption 5. PEGASUS - Satellite telemetry

Birthday Theorem

A) How many people do you invite to your party so that two will have the same birthday (with high probability)? sqrt 365 B) You will need sqrt N to have a high probability of a collision

Birthday Paradox

A) How many people do you need to have a high likelihood that 2 share the same birth day B) There are 365 days a year, so you might think at least half of them, or 182 people, but its actually only 23! C) Birthday Paradox isn't asking how many people you need to *guarantee a match*, just how many you need to have a strong probability *Even 23 people in the room, you have a 50% chance that 2 will have the same birthday*

Rainbow Tables

A) In 1980, Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using pre-calculated data stored in memory B) These types of password crackers are working with pre-calculated hashes of all passwords available within a certain character space, be that a-z, or A-zA-Z, or a-zA-Z0-9, etc. C) These files are called Rainbow Tables D) They are particularly useful when trying to crack hashes. Since a hash is a one way function, the way to break it is to attempt to find a match E) The attacker takes the hashed value and searches the rainbow tables seeking a match to the hash. If one is found, then the original text for the hash is found F) Popular hacking tools like Ophcrack depend on Rainbow Tables

CFB (Cipher Feedback)

A) In CFB mode, the previous ciphertext block is enrypted B) The ciphertext produced is XOR'd back with the plaintext to produce the current ciphertext block C) Essentially, it loops back on itself, increasing the randomness of the resultant ciphertext D) Method is *Plain text block for round 1 --> Round function --> Cipher text for round 1 --> Cipher text produced in round 1*

The Enigma Machine

A) In World War II, the Germans made use of an electromechanical rotor based cipher system known as The Enigma Machine B) Designed so that when the operator pressed a key the encrypted cipher text for that plain text was different each time Example *When the operator pressed the "A" key, it might generate an "F" this time, and might generate a "D" next time* C) Multi-alphabet cipher consisting of 26 possible alphabets D) Allied cipher machines in WWII included the British TypeX and the American SIGABA (both were similar to Enigma machine, but contained improvements and more security)

Password Cracking

A) In addition to attempting to break cryptography, a common issue is the need to break passwords B) There are a number of legitimate and legal reasons to do this

Hash - Salt

A) In relationship to hashing, the term *salt* refers to random bits that are used as one of the inputs to the hash B) Salt data complicates dictionary attacks that use pre-encryption of dictionary entities C) The salt is intermixed with the message that is to be hashed D) For best security, the salt value is kept secret, separate from the password database/File

AES Specifics

A) In the SubBytes step, each byte in the matrix is substituted for another byte using an 8-bit substitution box, called the Rijndael S-box B) The ShiftRows step by shifting the bytes in each row by a certain among. The first row is left unchanged. The second row is shifted one to the left. The third row by two, etc C) In the MixColumns stop, the four bytes of each column of the state are combined using an invertible linear transformation. This takes four bytes as input and outputs four bytes D) Together with ShiftRows, MixColumns provides diffusion in the cipher E) In the AddRoundKey step, the subkey is XORed with the state. For each round, a subkey is derived from the main key using Rijndael's key schedule; each subkey is the same size as the state

Cracking Modern Cryptography: Chosen Plaintext Attack

A) In this attack, the attacker obtains the ciphertexts corresponding to a set of plaintests of his own choosing 1. This can allow the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key 2. This can be difficult but is not impossible

The MD5 Algorithm

A) Input message is broken into 512 byte chunks (16-32 bit integers) B) Message is padded with zeros if needed to reach 512 byte chunks C) Length of the message (before padding) is then appended as the last 64 bits of the message D) Algorithm operates on a 128-bit state, divided into four 32-bit words, denoted "A", "B", "C", and "D". They are initialized to an initial variable E) Algorithm consists of 4 stages, or rounds, each of which consists of 16 smaller operations F) Those operations are a non-linear function "F", a modular operation, and a shift

Restoring the EFS Key

A) Insert the removable media that contains your recovery certificate B) Click the Start button. In the search box, type secpol.msc, and then press Enter. If you're prompted for an administrator password or confirmation, type the password or provide confirmation C) In the left pane, double-click Public Key Policies, right-click Encrypting File System, and then click Add Data Recovery Agent. This opens the Add Recovery Agent wizard. D) Click Next, and then navigate to your recovery certificate E) Click the certificate, and then click Open F) When you are asked if you want to install the certificate, click Yes, click Next, and then click Finish G) Open the Command Prompt window by clicking the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt. H) At the Command Prompt window, type gpudate, and the press Enter.

Kerebos

A) Invented at MIT, derives its name from the mythical three headed dog that was reputed to guard the gates of Hades. The system is a bit complex, but the basic process is as follows: 1. UNIX system will have tar and gzip 2. They may be slow, klunky and starting to show their age, but it's a universal tool that will ge tthe job done 3. To use bzip2, which is quite a bit better than gzip at compressing text, but it is quite a bit slower B) There is a great deal of verification for the tickets, and these tickets expire in a relatively short time C) The client autenticates to the Authentication Server once using a long-term shared secret (e.g.) a password) and receives a Ticket-Granting Server from the Authentication Server D) Later, when the client wants to contact some Service Server, it can reuse this ticket to get additional tickets for Service Server without resorting to using the shared secret E) These tickets can be used to prove authentication to Service Server

Pretty Good Privacy (PGP)

A) Invented by Phillip Zimmerman in the early 1990's B) Not an algorithm in itself, but uses other, well established asymmetric and symmetric algorithms C) Software product for making encryption and decryption readily usable by end users. Zimmerman published the entire source code for PGP so that anyone can create their own implementation D) Most often associated with email encryption E) Can also be used to create certificates: 1. Unlike X.509 certificates, PGP certificates can contain multiple signatures 2. However, since they are self generated, there is no way to validate them with a certificate authority

Playfair Cipher

A) Invented in 1854 by Charles Wheatstone...named after Lord Playfair who promoted its use B) uses five-by-five table containing a keyword or key phrase. To generate the key table, one would first fill in the spaces with the keyword (dropping duplicates), then filled rest of spaces with letters from alphabet in order C) to encrypt a message, you would break message into groups of two letters. ("CheeseBurger" becomes "Ch ee se Bu rg er")

Password Authentication Protocol (PAP)

A) It is the most basic form of authentication B) User name and password are transmitted over a network and compared to a table of name-password pairs C) Passwords stored in the table are encrypted, however the transmission of the passwords are in clear text, unencrypted. This is the main weakness with PAP D) The Basic Authentication feature built into the HTTP protocol uses PAP

AES General Steps

A) Key Expansion - Round keys are derived from the cipher key using Rijndael's key schedule B) Initial Round - AddRoundKey: Each byte of the state is combined with the round key using bitwise XOR C) Rounds - 1. SubBytes: A non-linear substitution step where each byte is replaced with another according to a lookup table 2. ShiftRows: A transposition step where each row of the state is shifted cyclically a certain number of steps 3. MixColumns: A Mixing operation which operates on the columns of the state, combining the four bytes in each column 4. AddRoundKey D)Final Round- 1. SubBytes 2. ShiftRows 3. AddRoundKey

Lagged Fibonacci Generator (LFG)

A) LFG is a type of psuedorandom number generator B) If addition is used, then it is Additive Lagged Fibonacci Generator (ALFG) C) If multiplication is used, it is a Multiplicative Lagged Fibonacci Generator (MLFG) D) If the XOR operation is used, it is called a Two-tap generalized feedback shift register (GFS) E) The basic formula is: y = x^k + x^j + 1

Feistel Function

A) Larger block sizes increase security B) Larger key sizes increase security C) If the round function is secure, then more rounds increase security D) Named after its inventor, the German-born physicist and cryptographer Horst Feistel E) Forms the basis for most block ciphers, making it one of the most influential developments in symmetric block ciphers F) Also known as Feistel Network, or Feistel cipher

Serpent

A) Like Blowfish, Serpent is a symmetric key block cipher which was a finalist in the AES contest B) Designed by Ross Anderson, Eli Biham, and Lars Knudsen C) Has a block size of 128 bits D) Can have key size of 128, 192, or 256 bits E) Substitution-permutation network F) Uses 32 rounds working with a block of four 32-bit words. (each round applies one of eight 4-bit S-boxes 32 times n parallel)

OFB (Output Feedback)

A) Makes a block cipher into a synchronous stream cipher B) Generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext

Rail Fence Ciphers

A) May be the most widely known transposition cipher. B) You take down the message you want to encrypt and alter each letter on a different row Example* The message "Attackatdawn" or "Attack at dawn" is written as Atcadw taktan* C) Next you take it and write it out from left to right Example *Atcadwtaktan* D) To decrpyt, reverse the steps E) Most texts use two rows, but it can be done with any number of rows

Kerckhoffs's Principle

A) Modern cryptography is not based on keeping the algorithm secret B) in 1883, Auguste Kerckhoff created Kerckhoff's Principle *A cryptosystem should be secure even if everything about the system, except the key, is publicly known* C) Modern cryptography is based on mathematics

Information Theory

A) Modern methods of cryptography B) Many believe modern cryptography began with Claude Shannon in 1949 (paper titled "Communication Theory of Secrecy Systems") C) Claude Shannon and Warren Weaver published a book titled "Mathematical Theory of Communication D) Claude Shannon created information theory by quantifying information, leading to a number of new methods for encrypting and decrypting information E) Shannon's focus was information theory, but information theory provided insights into how ti improve cryptography

Mono-Alphabetic Substitution

A) Most primitive cryptographic algorithms B) Substitute one character of cipher text for each character of plain text C) Caesar Cipher, Atbash Cipher, Affine Cipher, Rot13 Cipher

Vigenere Cipher

A) Most widely known Poly-alphabet cipher B) Created in 1553 by Giovan Battista Bellaso...misattributed to Blaise de Vigenere C) Encrypted using a table and set of mono-alphabet ciphers using keyword D) Used in 1800 and 1900s Example:

Basic Number Facts

A) N = natural numbers. These are also sometimes called the counting numbers. They are 1, 2, 3, etc B) z = integers. These are whole numbers (-1, 0, 1, 2) minus the natural number combined with zero and the negative numbers C) Q = rational numbers. (ratios of integers) Any number that can be expressed as a ratio of two integers. Examples are 3/2, 17/4, 1/5 D) R = real numbers. This includes the rational numbers as well as numbers that cannot be expressed as a ratio of two integers such as sqrt 2 E) i = imaginary numbers. These are numbers whos square is a negative

Lehmer Random Number Generator

A) Named after D. H. Lehmer, sometimes also referred to as the Park Miller Random Number Generator, after S.K. Park and K.W. Miller B) It is a classic example of a Linear Congruential Generator C) This PRNG type of Linear Congruential Generator (LCG) that operates in multiplicative groups of integers modulo n

Fibonacci Numbers

A) Named after Leonardo of Pisa, who was known as Fibonacci B) Sequence of numbers derived by adding the last two numbers to create the next. Or N1 + N2 = n3 C) The first few of the sequence are: 0, 1, 1, 2, 3, 4, 8, 13, 21, 35, 56

NSA Suite A Encryption Algorithms

A) National Security Agency (NSA) Suite A Cryptography 1. Contains classified algorithms that will not be released 2. These algorithms are used to encrypt especially sensitive information

Digital Signatures Cont.

A) Normal Asymmetric Encryption 1. Bob wants to send Alice a message that Eve cannot read. 2. Bob uses Alice's public key 3. Even if Eve intercepts and has Alice's public key, she cannot decrypt it 4. Only Alice's PRIVATE key can decrypt *This example protects confidentiality* B) Digital Signature 1. Bob wants to send Alice a message and be able to have Alice know for a fact that it came from Bob 2. Bob uses his own private key 3. Anyone who receives the message can use Bob's public key to decrypt the message. If it works, then it must have been signed with Bob's private key *This example protects integrity*

Cracking Modern Cryptography

A) Obviously, cracking modern cryptographic methods is a non-trivial task B) In fact, the most likely outcome to your attempt is failure C) However, with enough time and resources (e.g. computational power, sample cipher/plaintexts, etc.) it is possible D) Not following any standard security policies or guidelines

Point-to-Point Tunneling Protocol (PPTP)

A) Oldest of the three protocols used in VPNs B) Designed as a secure extension to Point-to-Point Protocol (PPP) C) Originally proposed as a standard in 1996 by the PTP Forum (a group of companies that included Ascend Communications, ECI Telematics, Microsoft, 3Com, and U.S. Robotics D) Adds the features of encrypting packets and authenticating users to the older PPP protocol E) PPTP works at the data link layer of the OSI model

Homophonic Substitution

A) One of the earlier attempts to make substitution ciphers more robust by masking the letter frequencies. Plain text letters map to more than 1 cipher text symbol B) Having a single character of plain text map to more than 1 character of cipher text makes it more difficult to analyze homophonic substitution ciphers. C) The nomenclator combined a codebook that had a table of homophonic substitutions D) Originally the codebook used names of poeple, thus the term "nomenclator. Example *Mr. Smith could be XX, and Mr. Jones could be XYZ*

Twofish

A) One of the five finalists to replace DES for the US Government, but not chosen B) Uses a block size of 128 bits C) Uses key sizes up to 256 bits D) Was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson

Backing up the EFS Key

A) Open the Command Prompt window by clicking the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt B) Insert the removable media that you're using to store your certificate C) Navigate to the directory on the removable media drive where you want to store the recovery certificate by typing drive letter: (where drive letter is the letter of the removable media), and then press enter D) Type cipher /r:file name (where file name is the name that you want to give to the recovery certificate), and then press Enter. If you're prompted for an administrator password or confirmation, type the password or provide confirmation

Steganography Terms

A) Payload - The data to be covertly communicated, the message you wish to hide B) Carrier - The signal, stream, or data file into which the payload is hidden C) Channel - The type of medium used. This may be still photos, videos, or sound files

Mersenne Twister Psuedorandom Function

A) Permutations of it are suitable for cryptographic purposes B) Invented by Makoto Matsumoto and Takuji Nishimura C) It has a very large period 2^19937 - 1

Shiva Password Authentication Protocol (SPAP)

A) Proprietary version of PAP B) Most experts consider SPAP somewhat more secure than PAP because the username and password are both encrypted when they are sent, unlike PAP which sends them in clear text

Rivest Shamir Adleman (RSA)

A) Publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT *Perhaps the most widely used public key cryptography algorithm in existence today* B) Based on some interesting relationships with prime numbers C) The security of RSA derives from the fact that it is difficult to factor a large integer composed of two or more large prime factors

Examples of Symmetric Stream Ciphers: FISH

A) Published by the German engineering firm, Seimans, in 1993 B) The FISH (Fibonacci SHrinking) cipher is a software-based stream cipher using the Lagged Fibonacci generator along with a concept borrowed from the shrinking generator ciphers

Steganography Implementations

A) QuickStego - Very easy to use but very limited B) Invisible Secrets - Much more robust with both free and commercial versions C) MP3Stego - Specifically, for hiding payload in MP3 files. D) Stealth Files 4 - This works with sound files, video files, and image files E) Snow - Hides data in whitespace F) StegVideo - Hides data in a video sequence

RIPEMD-160

A) RACE Integrity Primitives Evaluation Message Digest is a 160-bit hash algorithm developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel B) There exists 128, 256 and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320 C) Not following any standard security policies or guidelines

Symmetric Stream Ciphers cont.

A) Random Key is XORed with a stream of plain text B) Sometimes called a state cipher C) Synchronous stream cipher is a stream of psuedo-random digits, generated randomly. That stream is then combined with the plaintext (to encrypt), or the ciphertext (to decrypt) D) Self-synchronizing stream ciphers use several of the previous N ciphertext digests to compute the key stream E) Sometimes also called asynchronous stream ciphers, or ciphertext autokey (CTAK)

X.509 Certificates

A) Relied on by S/MIME B) Issued by CA, they provide: 1. Public key 2. Proof of corresponding private kye 3. Detailed info about yourself 4. Digitally sign information 5. Send request to CA C) Contains your name, info about you, and signature of person who issued certificate

DES (Data Encryption Standard)

A) Selected by National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the US in 1976 B) Now considered outdated and not recommended for use, it was the premier block cipher for many years and bears study C) Many cryptography textbooks and university courses used this as the basic Processing Standard (FIPS) for the US in 1976 D) Uses a 56-bit key applied to a 64 bit block *there is actually a 64 bit key generated, but 8 bits are just for error correction* E) Feistel cipher with 16 rounds and a 48-bit roiund key for each round *general functionality follows the Feistel method of dividing the 64-bit block into halves (32 bits each); applying the round function to one half; then xor'ing that output with the other half* F) DES uses eight S-boxes (substitution boxes)

How to Embed

A) Sequential B) Random C) Specific

Modulus Operator

A) Simple, and used in a number of cryptography algorithms B) Simply divide A by N and return the remainder C) Sometimes symbolized as %, as in 5 % 2 = 1

Encrypting the Files

A) Since Windows 2000, Microsoft has implemented the Encrypting File System (EFS) as part of the NTFS file system B) Allows a simple way to encrypt and decrypt files/folders C) Simply right click file, choose properties, then choose advanced D) The file or folder will appear in green lettering now. The key is tied to the user who encrypted the file, so if you log in as a different user, you cannot decrypt and open that file

BitLocker

A) Starting with Windows 7, Microsoft also provides a system for encrypting partitions or entire drives called BitLocker B) Startup key only C) All required encryption key information is sotred on a USB flash drive 1. The user must insert the USB flash drive into the computer during startup 2. The key stored on the USB flash drive unlocks the computer 3. When the computer does not have a TPM, all of the information required to read the encrypted drive is included in the startup key 4. Using a TPM is recommended because it helps protect against attacks made against the computer's critical startup process D) Fixed data drives encrypted with BitLocker can be configured to automatically unlock when you log on to Windows E) Automatic unlocking for removable data drives can be selected after the drive is encrypted F) To be able to automatically unlock fixed data drives, the drive that Windows is installed on must also be encrypted by BitLocker - by default it uses the AES encryption algorithm with a 128 bit key

Steganography Detection Tools

A) StegSpy B) Stegdetect C) StegSecret D) AccessData's Forensic tookit E) Guidence Software's Encase

Steganographic File Systems

A) Stores data in seemingly random files B) Proposed by Ross Anderson, roger Needham, and Adi Shamir. Their paper proposed two main methods of hiding data: in a series of fixed size files originally consisting of random bits on top of which "vectors" could be superimposed in such a way as to allow levels of security to decrypt all lower levels but not even know of the existence of any higher levels, or an entire partition is filled with random bits and files hidden in it.

Transposition

A) Swapping blocks of cipher text. Example *"I like ice cream" if you transpose every three letter sequence you get "ikel I creiceam"* B) Combination of substitution and transposition increase the security of the resultant cipher text

Blowfish

A) Symmetric block cipher created in 1993, by Bruce Schneier B) Intended as a replacement for DES C) Uses 16 bit round on Feistel cipher on 64 bit block D) Can have keys varying from 32 bits to 448 bits

Binary Math

A) Symmetric ciphers often use binary math, specifically using the XOR method with a key B) Three primary operations: *AND, OR, and XOR (Exclusive OR)*

National Security Agency and Cryptography

A) The NSA is the de facto standard for cryptography B) Even non defense or intelligence related organizations are well advised to adopt NSA standards C) They classify cryptography as first Suite A or Suite B: 1. Suite A are not published 2. Suite B are published 3. Even the algorithms used in Suite A are classified D) The NSA also classifies algorithms as Type 1, 2 3, or 4, with 1 being the highest rating

Steganography

A) The art and science of writing B) Often the message is hidden in a digital picture or audio file, so as to defy detection C) The messages do not attract attention to themselves - If no one is aware the message is even there, then they won't try to decipher it D) The most common implementation utilizes the least significant bits in a file in order to store data. By altering the least significant bit, one can hide additional data without altering the original file in any noticeable way

Lehmer Random Number Generator Cont.

A) The basic algorithm is: X*subi + 1* = (aXsubi + c) mod m, with 0 ≤ Xsubi ≤ m *1. Xsub0, a, and c are known as the seed, multiplier and the increment, respectively 2. M is 2^p-1 where p is the CPU bits (32bit, 64 bit, etc. 3. If we pick small numbers to make the math easy like this 4. For example, consider m = 31, a = 7, c = 0 and begin with Xsub0 = 19. The next integers in the sequence are 9, 1, 7, 18, 2, 14, 5, 4, 28, 10, 8, 25, 20, 16* B) If the multiplier and seed are chosen properly, a Lehmer generator is statistically indistinguishable from drawing from with replacement

ADFGVX Cipher

A) The first chiper used by the German Army during World World I B) Invented by Colnel Fritz Nebel in 1918 C) Transposition cipher which used: A modified Polybius square, A single columnar transposition, and a 36 letter alphabet D) Extension of an earlier cipher called ADFGX

Public Key Infrastructure (PKI)

A) The infrastructure for distributing digital certificates, that contain public keys B) An arrangement that binds public keys with respective user identities by means of a CA

ECB (Electronic Codebook)

A) The most basic encryption mode B) The message is divided into blocks and each block is encrypted separately C) The weakness is the same plain text always equals the same cipher text D) This gives attackers a place to begin analyzing the cipher to attempt to derive the key

Steganography Details

A) The most common steganography method is Least Significant Bits (LSB) B) In every file there are a certain number of bits per unit of the file. For example, an image file in Windows is 24 bits per pixel C) By changing the least significant of those bits, the change is not noticeable to the naked eye D) One can hide information in the least significant bits of an image file. With LSB replacement, certain bits in the carrier file are replaced.

X.509

A) The most widely used digital certificate standard B) First issued in July 3, 1988 C) In the X.509 system, a CA issues a certificate binding a public key to a particular distinguished name. A distinguished name is a unique name such as an email address or domain name

Certificate Authority (CA)

A) The primary role is to digitally sign and publish the public key bound to a given user B) It is an entity trusted by one or more users to manage certificates C) Verisign and Godaddy are two obvious examples

Diffie-Hellman Cont.

A) The system has two parameters called p and g *Parameter p is a prime number and parameter g is an integer less than p with the following property: for every number (n) between 1 and p - 1 inclusive, there is a power (k) of g such that n = g^k mod p* B) Many cryptography textbooks use the fictitious characters "alice" and "bob" to illustrate cryptography: 1. Alice generates a random private value (a) and Bob generates a random private value (b). Both a and b are drawn from the set of integers 2. They derive their public values using parameters p and g and their private values. Alice's public value is g^a mod p and Bobs value is g^b mod p. 3. They exchange their public values 4. Alice computes g^ab = (g^b)^a mod p and Bob computes g^ba = (g^a)^b mod p 5. Since g^ab = g^ba = k, Alice and Bob now have a shared secret key (k)

Authentication

A) There are many authentication protocols, a few of the more common ones are: 1. *PAP* - Password Authentication Protocol 2. *SPAP* - Shiva Password Authentication Protocol 3. *CHAP* - Challenge HandShake Authentication Protocol

Unbreakable Encryption

A) There are many claims of unbreakable encryption. To date, one system is unbreakable B) That is the One Time Pad (OTP). OTP is a separate substitution for each character, in other words, the key is as long as the text C) No substitution is used more than once D) The key is only used one time, is kept secret, and is destroyed after each use E) Obviously, this is cumbersome and impractical for many situations

Steganalysis - Raw Quick Pair

A) There are several methods for analyzing an image to detect hidden messages B) The RQP method: 1. Based on statistics of the numbers of unique colors and close-color pairs in a 24-bit image 2. Analyzes the pairs of colors created by LSB embedding 3. Countermeasure - Maintaining the color palette without creating new colors

Tiger

A) This 192 bit hash function was designed by Ross Anderson and Eli Biham in 1995 B) Designed using the Merkle-Damgard construction (sometimes called the Merkle-Damgard paradigm). This is a method to build collision-resistant cryptographic hash functions from collision-resistant one-way compression functions. The Merkle-Damgard construction was described in Ralph Merkle's Ph.D. dissertation in 1979 C) The one-way compression function operates on 64-bit words, maintaining 3 words of state and processing 8 words of data D) There are 24 rounds, using a combination of operation mixing, with XOR and addition/subtraction, rotates, and S-box lookups, and a fairly intriate key scheduling algorithm for deriving 24 round keys from the eight input words

Elgamal

A) This algorithm is based on Diffie-Hellman and was invented in 1984 by Taher Elgamal B) Used in some PGP Implementations as well as GNU Privacy Guard software C) Consists of three parts: the key generator, the encryption algorithm, and the decryption algorithm D) Elgamal encryption is probabilistic 1. Any given plaintext can be encrypted to many possible ciphertexts 2. The actual math for Elgamal is a bit more complex than RSA or DSA and requires much more understanding of number theory

Yarrow

A) This algorithm was invented by Bruce Schneier, John Kelsey, and Niels Ferguson B) Yarrow is no longer recommended by its inventors and has be supplanted by Fortuna C) The general structure of Yarrow is relatively simple to understand. It has four parts: 1. An entropy accumulator: Collects semi0random samples from various sources and accumulates them in two pools. 2. A generation mechanism: Generates the PRNG outputs 3. Reseed mechanism: Reseeds the key periodically with new entries from the entropy pools. 4. Reseed control: Determines when reseeding should occur

Blum Blum Shub

A) This algorithm was proposed in 1986 by Lenore Blum, Manuel Blum, and Michael Shub. The format is as follows: X subn+1 = X sub n^2 Mod M B) M=pq is the product of two large primes p and q (this should remind you of the RSA algorithm). At each step of the algorithm, some output is derived from X subn+1 C) The main difficulty of predicting the output of Blum Blum Shub lies in the difficulty of "quadratic residuosity problem." That mathematical problem, put simply, is this: given a composite number (n), find whether x is a perfect square modulo n. D) It has been proven that this is as difficult as breaking the RSA public-key cryptosystem, which involves the factoring of a large composite. This makes Blum Blum Shub a quite effective PRNG.

Examples of Symmetric Stream Ciphers: PIKE

A) This algorithm was published in a paper by Ross Anderson as an improvement on FISH B) Anderson showed that FISH was vulnerable to known plaintext attacks C) PIKE is both faster and stronger than FISH

GOST

A) This hash algorithm was initially defined in the Russian national standard B) Produces a fixed-length output of 256 bits C) The input message is broken up into chunks of 256-bit blocks D) If a block is less than 256 bits, then the message is padded by appending as many zeros to it as are required to bring the length of the message up to 256 bits E) The remaining bits are filled up with a 256-bit integer arithmetic sum of all previously hashed blocks and then a 256-bit integer representing the length of the original message, in bits, is produced

Kasiski

A) This is sometimes also called Kasiski's Test or Kasiski's Method B) Developed by Friedrich Kasiski in 1863 C) Can be used to deduce the length of the keyword used in the polyalphabetic substitution cipher 1. Once the length of the keyword is discovered, you lineup the ciphertext in colums, where n is the length of the keyword 2. Each column can be treated as a mono-alphabetic substitution cipher and cracked with simple frequency analysis 3. The method simply involves looking for repeated strings in the ciphertet. The longer the ciphertext, the more effective this method will be

Frequency Analysis

A) This is the basic tool for breaking most classical ciphers B) In natural languages, certain letters of the alphabet appear more frequently than others. By examining those frequencies, you can derive some information about the key that was used C) This method is very effective against classic ciphers like Caesar, Vigenere, etc. but far less effective against modern methods D) Remember in English, the words "the" and "and" are the two most common three-letter words. The most common single letter words are "I" and "a". If you see two of the same letters together in a word, it is most likely "ee" or "oo".

Linear Cryptanalysis

A) This technique was invented by Mitsarue Matsul B) Based on finding affine approximations to the action of a cipher C) It is commonly used on block ciphers D) It is a known plaintext attack and uses a linear approximation to describe the behavior of the block cipher E) Given enough pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained F) Obviously the more pairs of plaintext and ciphertext one has, the greater the chance of success G) Remember cryptanalysis is an attempt to crack cryptography 1. For example with the 56 bit DES key, brute force could take up to 256 attempts 2. Linear cryptanalysis will take 2^43 known plaintexts 3. This is better than brute force, but still impractical for most situations

Differential Cryptanalysis

A) This was invented by Eli Biham and Adi Shamir B) Differential cryptanalysis is a form of cryptanalysis applicable to symmetric key algorithms C) Essentially, it is the examination of differences in an input and how that affects the resultant difference in the output D) It originally worked only with chosen plaintext. Could also work with known plaintext and ciphertext only

Random Number Generator (RNG)

A) Three types of generators: Table look-up generator, Hardware generator, Algorithmic (software generator). B) Algorithmic Generators are most often used in cryptography (it does not produce a truly random number, but a psuedo random number)

National Security Agency: Type 3 Algorithms

A) Type 3 product is a device for use with Sensitive But Unclassified (SBU) information on non-national security systems B) Approved algorithms include: 1. DES 2. 3DES 3. SHA 4. AES

National Security Agency: Type 2 Algorithms

A) Used for unclassified cryptographic equipment, assemblies, or components B) Endorsed by the NSA for use in telecommunications and automated information systems for the protection for national security information C) Some Type 2 algorithms include: 1. Skipjack - Block Cipher 2. Key Exchange Algorithm (KEA) - Asymmetric

Registration Authority (RA)

A) Used to take the burden off a CA by handling verification prior to certificates being issued B) Act as a proxy between user and CA C) Receives request, authenticates it, and forwards it to the CA

CTR (Counter)

A) Used to turn a block cipher into a stream cipher, much like OFB mode B) Generates the next keystream block by encrypting successive values of a "counter" C) The counter can be any simple function which produces a sequence, which is guaranteed not to repeat for a long time

FORK-256

A) Uses 512-bit blocks and implements preset constants that change after each repetition B) Each block is hashed into a 256-bit block through four branches that divides each 512 block into sixteen 32-bit words that are further encrypted and rearranged C) Because the four branches are used in parallel, whereas SHA-256 uses four serial rounds, FORK-256 is hard to analyze D) Still in analysis phase and not yet in widespread use

Cipher Disk

A) Uses a physical device to encrypt (like scytale) B) Invented by Leon Alberti in 1466 C) Physical disk, each time you turned disk...you created a new cipher D) Literal disk used to encrypt plain text

DESx

A) Uses a technique called "Key Whitening" B) Just XOR a key with text either before the round function, after the round function, or both

Common Cryptography Mistakes

A) Using a standard mod is RSA (modulus e = 216 + 1 = 65537) B) Using seeds for symmetric algorithms that are not random enough C) Hard coded cryptographic secrets/elements D) Using too short a key E) Re-using keys F) Unsecure Key Escrow G) Unsecure cryptographic mode (ECB mode) H) Proprietary cryptographic algorithms

Cryptanalysis

A) Using other techniques (other than brute force) to attempt to derive the key B) In some cases, cryptographic techniques are used to test the efficacy of a cryptographic algorithm C) Frequently used to test hash algorithms for collisions

Digital Signatures

A) Usually the encryption of a message or message digest with the sender's private key B) To verify the digital signature, the recipient uses the sender's public key. Good digital signature schemes provide: Authentication, Integrity, and Non-repudiation C) RSA algorithm can be used to produce and verify digital signatures; another public-key signature algorithm is DSA

X.509 Certificate Content

A) Version B) Certificate holder's public key C) Serial number D) Certificate holder's distinguished name E) Certificate's validity period F) Unique name of certificate issuer G) Digital signature of issuer H) Signature algorithm identifier

Wi-Fi Encryption

A) WEP (Wired Equivalent Privacy) - uses the stream cipher RC4 (128 bit or 256 bit) B) WPA (Wi-Fi Protected Access) - 1. Pre-shared key mode (PSK, also known as Personal mode) is designed for home and small office networks that don't require the complexity of an 802.1X authentication server 2. Enterprise mode uses a key server to exchange keys between client and WAP C) WPA 2 - 1. Implements the mandatory elements of 802.11i, introduces CCMP (a new AES-based encryption mode) 2. CCMP is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

Wired Equivalent Privacy (WEP)

A) WEP - uses the stream cipher RC4 to secure the data and a CRC-32 checksum for error checking B) Standard WEP uses a 40 bit key (known as WEP-40) with a 24 bit initialization vector, to effectively form 64 bit encryption C) 128 bit WEP uses a 104 bit key with a 24 bit IV D) Because RC4 is a stream cipher, the same traffic key must never be used twice E) The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network F) They way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets

CAST-256

A) Was a candidate in the AES contest and is based on the earlier CAST-128 B) Was created by Carlisle Adams and Stafford Tavares

TEA (Tiny Encryption Algorithm)

A) Was created by David Wheeler and RogerNeedham in 1994 (was publicly presented at that time) B) Simple algorithm, easy to implement in code C) Feistel cipher that uses 64 rounds (can be implement in fewer, or more, rounds)

SHARK

A) Was invented by a team of cryptographers including Vincent Rijmen, Joan Daemen, Bart Preneel, Antoon Bosselaers, and Erik De Win B) Uses a 64-bit block with a 128-bit key and operates in six rounds C) Has some similarities to the Rijndael cipher, including the use of S-boxes that are based on GF(2^8) *Remember GF is a Galois field defined by a particular prime number to some power*

MAC and HMAC

A) When used for message integrity, a standard hash may not be enough B) An HMAC (Hash Message Authentication Code) adds a key to a hash to improve integrity C) A MAC (Message Authentication Code) uses a block cipher in CBC mode to improve integrity

Linear Cryptanalysis Cont.

A) With this method, a linear equation expresses the equality of two expressions which consist of binary variables XOR'd B) For example: the following equation, XOR's sum of the first and third plaintext bits and the first ciphertext bit is equal to the second bit of the key "Psub1 XOR Psub3 XOR C1 = Ksub2" C) You can use this method to slowly recreate the key that was used

Avalanche

A) a small change yields large effects in the output, like an avalanche B) This is Fiestel's variation on Claude Shannon's concept of diffusion. C) Obviously a high avalanche impact is desirable in any cryptographic algorithm D) Ideally a change in one bit in the plain text would affect all the bits of the cipher text. This would be a *complete avalanche*

CrypTool

A) allows you to enter in any text, choose the historic algorithm you want to use, then encrypt that text in a matter of seconds *http://www.cryptool.org* B) You can easily use CrypTool to perform RSA encryption *You simply need to provide the plaintext and two large prime numbers to create the public and private keys*

Substitution

A) changing some part of the plain text for some matching part of cipher text B) Caesar and Atbash ciphers are simple substituion ciphers. Vigenere cipher is more complex, but still substitution cipher C) All historical examples are single substitution because each single character of plain text is converted into a single character of cipher text

Null Ciphers

A) message is hidden in unrelated text. Example *sending a message like "We are having breakfast at noon at the cafe. Would that be ok?"* B) Sender and recipient have prearranged to use a pattern, taking letters from the message. Example *3, 20, 22, 27, 32, 48* would produce the word "attack"

Symmetric Cryptography

A) same key is used for encryption and decryption B) Faster than asymmetric, but have the issue of exchanging the keys

Internet Protocol Security (IPSec)

A) the latest of the three VPN protocols B) One of the differences between IPSec and the other two methods is that it encrypts not only the packet data, but also the header information C) It also has protection against unauthorized retransmission of packets 1. This is important because one trick that a hacker can use is to simply grab the first packet from a transmission and use it to get their own transmissions to go through 2. Essentially, the first packet (or packets) has to contain the login data 3. If you simply re-send that packet (even if you cannot crack its encryption), you will be sending a valid logon and password that can then be followed with additional packets 4. Preventing unauthorized retransmission of packets prevents this from happening

Digital Signature Algorithm (DSA)

A) under U.S. Patent 5,231,668, filed July 26,1991 B) Attributed to David W. Kravitz C) Adopted by the US government in 1993 with FIPS 186 D) Choose a Hash function (traditionally SHA1, but the stronger the hash, the better) E) Select a key length (L) and (N) *The original Digital Signature Standard constrained L to be a multiple of 64 between 512 and 1024 (Now lengths of 2048 are recommended)* F)US Government documents now specify L and N length pairs of (1024,160), (2048,224), (2048,256) and (2072,256) G) Choose a prime number (q) thatmust be less than or equal to the hash output length H) Choose a prime number (p) such that p-1 is a multiple of q I) Choose g. This number (g) must be a number whose multiplicative order modulo p is q J) Choose a random number (x), where 0 < x < q K) Calculate y = g^x mod p L) Public key is (p, q, g, y) M) Private key is (x)

MD6

A) use a Merkle Tree-like structure to allow for immense parallel computation of hashes for very long inputs B) Was submitted to the NIST SHA-3 competition C) On July 1, 2009, Rivest posted a comment at NIST that MD6 is not yet ready to be a candidate for SHA-3 because of speed issues and other concerns

Unbalanced Feistel Cipher

A) uses a modified structure where L0 and R0 are not of equal lengths B) This means L0 might be 32 bits and R0 could be 64 bits (making a 96 bit block of text) C) This variation is actually used in the Skipjack algorithm

Reflective Questions 1. Considering the steganography, obviously there are illegitimate uses of this technology. Can you think of any legitimate uses? 2. With drive encryption so readily available, why do you think so many systems still have unencrypted hard drives? Is your hard drive encrypted, or at least the most sensitive data on it? 3. Do you see any potential (or actual) weaknesses in digital certificates that an attacker might exploit?

Answers Vary

Reflective Questions: 1. How do you think e-commerce and online banking would be different if we had to rely only on symmetric algorithms? 2. What mathematical advances might endanger the security of RSA? 3. Why do you think there are far fewer asymmetric algorithms than symmetric algorithms?

Answers Vary

Reflective questions: 1) Of the single alphabet substitution algorithms, which do you feel is the strongest, and why? 2) Consider that poly-alphabet substitution ciphers, like the Enigma machine, were used well into the 20th century, including in World War II, what impact do you think computers had on rendering these algorithms unacceptable?

Answers Vary

Reflective Questions A) Consider Kerckhoff's principle. Do you agree with this? Why or why not? What role does peer review play in the security of cryptographic algorithms? B) Why do you think AES allows three different key sizes, rather than simply using the longest and strongest? C) Obviously larger key sizes make brute force attacks less likely. Why do you think most symmetric algorithms use 256 bit or smaller keys? Why not use 1,024 bit keys?

Answers vary

Binary Math Simple Conversions

Base 10 (Decimal) Base 2 (Binary) 0 0 1 1 2 10 3 11 4 100 5 101

Diffusion

Changes to one character in the plain text affect multiple characters in the cipher text, unlike in historical algorithms where each plain text character only affects one cipher text character

Symmetric Algorithm Methods

ECB --> IV --> CBC --> PCBC --> CFB --> OFB --> CTR *Electronic Codebook --> Initialization Vector --> Cipher-block chaining --> Propagating cipher-block chaining --> Cipher feedback --> Output feedback --> Counter*

Symmetric Stream Ciphers

Encrypt the data as a stream, one bit at a time

Signing with DSA

If you wish to use DSA to digitally sign, then the following steps are taken: A) Let H be the hashing function and m the message B) Calculate r = (g^k mod p) mod q C) Calculate s = (k^-1(H(m) + x^*r)) mod q D) If r or s = 0, then recalculate for a non 0 result (i.e. pick a different K) E) The signature is (r, s)

Secure Hash Algorithm (SHA)

Most widely used hash algorithm today. All versions (SHA-1, SHA-2, SHA-3) are considered secure and collision free.

What is cryptography?

Noun - A) The process or skill of communicating in or deciphering secret writings or ciphers B) Secret writing Origin - Cryptography (or cryptology); derived from word kryptos which means "hidden", and grafo, which means "write", is the study of message secrecy Definition- Cryptography is the science of altering communication so that it cannot be understood without having the key

Cipher

The algorithm(s) needed to encrypt and decrypt a message

Algorithm

The mathematical process used to alter a message and read it unintelligible by any but the intended party

Key

The random bits used in encrypting a message

CAST

There are two well-known versions of CAST: CAST-128 and CAST-256

Interloper

a person who becomes involved in a place or situation where they are not wanted or are considered not to belong.

Affine Cipher

any single-substitution alphabet cipher (also called mono-alphabet substitution) in which each letter in the alphabet is mapped to some numeric value, permuted with some relatively simple mathematical function, and then converted back to a letter Example**in Caesar cipher, each letter is converted to a number, shifted by a certain amount, and converted back to a letter** Basic formula for affine cipher is "ax + b (modM) M= size of alphabet = 26 x= plain text letter's numeric equivalent b= shift a= some multiple, in Caesar cipher = 1 Caesar cipher (using affine cipher) 1x + shift (mod26)

Rot13 Cipher

similar to Caesar cipher, but all letters are rotated 13 spots Example "A CAT" becomes "N PNG"