Term
|
Definition
analysis/practice of information concealment via encryption using algorithms |
|
|
Term
|
Definition
- security technique that converts data from clear/plaintext form into coded/ciphertext form
- 1 or 2 way encryption (hide original msg only; no encryption vs encoded msg transformed to original format)
|
|
|
Term
|
Definition
SW or other tech that applies algorithm (rule/system used to encrypt data) |
|
|
Term
|
Definition
small change in plaintext produces large change in ciphertext |
|
|
Term
|
Definition
specific piece of info used w/algorithm to perform encrypt/decryption |
|
|
Term
|
Definition
- Confidentiality encrypt info to hide contents except to intended recipient
- Integrity insured from modification; can ID any changes
- Availability encrypting credentials (userID pw); hide pw; pw not shown in cleartext
|
|
|
Term
Cryptography Process (5 steps) |
|
Definition
- Start w/plaintext
- Select encryption key
- Encrypt plaintext into ciphertext
- Transport/store ciphertext until needed
- Decrypt using key
|
|
|
Term
|
Definition
- HW/SW used to implement cryptographic process
- cyrptanalysis study of cryptosystems; intent of breaking; determine workfactor (time to break code)
- Enigma Device used by Germans in WWII to perform encryption/decryption
|
|
|
Term
Cipher Evolution (3 Eras) |
|
Definition
- Early Spartan technique: encryption - wrap paper/leather around staff and write message; key - unwrap paper/leather; decryption - wrap paper/leather around staff of identical diameter
- Mechanical HW-based like Enigma uses cypherdisk (fast en/decryption)
- Software SW-based using computers; early on user must know process; now little knowledge of process required
|
|
|
Term
|
Definition
- Usability simple keys/algorithms; easy to implement; plaintext not > ciphertext
- Secrecy assume enemy knows key
- using Diffusion (mixup plaintext during encryption) and Confusion (mixing up key values during encryption)
|
|
|
Term
|
Definition
- don't have to encrypt EVERYTHING
- during processing w/algorithm (encryption)
- XML employs technique
|
|
|
Term
|
Definition
- rearranging parts of msg/output (msg or key)
- move letters around
|
|
|
Term
Key Mgt Factors (9)
CM,R,S,RD,C,T,F,E |
|
Definition
- control measures who has keys/how assigned
- Recovery recover lost keys
- Storage secure repository of key assignment records
- retirement/destruction how removed from use/destroyed
- change changing keys to system on periodic basis
- generation generate random key for better protection
- theft what to do when key stolen
- freq. of key use limits time that keys used and how often used
- escrow spliting key into multiple parts, storing w/"escrowed" org.
|
|
|
Term
|
Definition
- Steganography hides info by enclosing it into img, sound, movie
- Watermark embed mark/image to ID source for copyright/ownership
- Code book book/booklet that has phrases represented by codes
- One-time path toll w/very long, non-repeating key is same length of plaintext. 1 time use, then destroyed.
|
|
|
Term
|
Definition
- key on both sides
- also known as shared-key
- same key used for both en/decryption
- fast, but vulnerable
|
|
|
Term
|
Definition
- Stream symmetric encryption one bit @ a time; fewer errors; fast
- Block encrypts one block @ time (64 or 128 bit); more secure; slower
XOR binary math operation tests whether 2 inputs are same or different from each other:
0,0 = 0
1,0 = 1
0 1 = 1
1 1 = 0 |
|
|
Term
|
Definition
- symmetric encryption one bit @ a time
- fewer errors
- fast
|
|
|
Term
|
Definition
- encrypts one block @ time (64 or 128 bit)
- more secure
- slower
|
|
|
Term
|
Definition
binary math operation tests whether 2 inputs are same or different from each other:
0,0 = 0
1,0 = 1
0 1 = 1
1 1 = 0 |
|
|
Term
Initialization Vectors (IV) |
|
Definition
- string used w/symmetric cipher and key to produce unique result
- same phrase encrypted different cipher/key @ different versions
|
|
|
Term
Symmetric Encryption Algorithms (8) |
|
Definition
- DES
- 2DES
- 3DES
- IDEA
- AES
- RC2/4/5/6
- BLOWFISH
- CAST-128
|
|
|
Term
Symmetric Encryption Algorithm Issues (2) |
|
Definition
- Transportation must be done w/secure procedures
- # of Keys [n*(n-1)]/2
|
|
|
Term
DES Standard Process (4 steps) |
|
Definition
- Expansion 64 bit split into (2) 32 bit blocks. Each block expanded to 48 bits
- Key Mixing 48 bit block XORd w/subkey. 16 48 bit subkeys created from main key (1 key per round)
- Substitution Substitutions performed (S-boxes: 32 4-bit blocks)
- Permutation 32 4 bit blocks rearranged based on P-box (predefined scrambling process)
|
|
|
Term
|
Definition
- ECB Electronic Code Book 64 bit blocks encrypted sep.
- CBC Cipher Block Chaining 64 bit blocks XORed w/64 bit IV; encrypted w/1 key. outputted ciphertext used to replaces IV for next round, creating a chain
- CFB Cipher FeedBack like CBC, but each round uses different key. iie AES
- OFB Output FeedBack
|
|
|
Term
|
Definition
- 2 way, 2 keys (private/public keys; 1 for encrypt, 1 for decrypt)
- attempts to solve problems of key distro/mgt
- key generation process of generating priv/pub keys
- slower
- more secure
|
|
|
Term
Assym. Encryption Applications |
|
Definition
- Confidentiality increased confidentiality; only recipient can decrypt
- Integrity if msg altered in transmission, decryption not possible
- Non-repudiation (can not be disputed) ID of sender is confirmed because only sender has private key
|
|
|
Term
Assymetric Encryption Alogrithms |
|
Definition
- RSA Rivest Shamir Adleman
- Elgamal developed by Taher Elgamal
- ECC Elliptic Curve Crypto: discrete logs, shorter keys
|
|
|
Term
|
Definition
- associates credentials w/public key
- users and devices
- CA issues certs and keys
|
|
|
Term
Public Key Infrastructure |
|
Definition
- cyrpto system composed of certs, CA, RA, CRD (cert repository database), CMS (cert mgt system) to enable authenticity/validate of data
|
|
|
Term
Public Key Infrastructure Components (5) |
|
Definition
- Digital certs
- CA Cert Auth
- RA Registration Auth
- Cert Repository DB (SW)
- Cert. Mgt System (SW)
|
|
|
Term
|
Definition
- Obtain Key Pair
- Issue Cert
- CA verifies PK
- CA creates ID
- Revoke expired certs
|
|
|
Term
|
Definition
- Ver
- Serial #
- Algorithm ID
- Issuer
- Validity
- Not Before
- Not After
- Subject
- Subject PK info
- Issuer Unique ID (opt.)
- Subject Unique ID (opt.)
- Extensions (opt.)
- Cert Signature Alog.
- Cert Signature (determines validity)
|
|
|
Term
Cert Revocation List (CRL) |
|
Definition
- list of certs (serial #) that have been revoked, no longer valid
|
|
|
Term
|
Definition
- 1 way encryption
- produces hash, hash value, message digest
- keyed or non-keyed
- keyed w/secret key sent w/msg; non-keyed no mech used
- hash len. fixed
- suceptible to brute force
- PW Protection is example
|
|
|
Term
Digesting and Hashing Alog. (3) |
|
Definition
- MD2/4/5 128 bit; created in 89,90,91; 8-bit, 32-bit, 32-bit; MD5 stronger, but slower than MD4
- HAVAL modified MD5 w/variable lengths (128, 160, 192, 224, 256)
- SHA 1/256/384/512 stronger than MD5; used w/DSA (Digital Sig. Alg); 160, 256, 384, 512-bit len.
|
|
|
Term
|
Definition
- MAC Msg Auth Code; shared secret key; last block of encrypted file used as comparison: encrypted, then last block & unencrypted file sent. recipient encrypts again and compares last block to lask block sent
- HMAC Hash MAC
- UMAC Universal HMAC
- CMAC, OMAC, CBC-MAC, PMAC Cipher, One-key, Cipher-Block, Parallelized MAC are all BLOCK cipher ACA
|
|
|
Term
|
Definition
- hash encrypted w/user's private key
- msg sent digitally signed, recipient decrypts w/public key
- message hashed
- hash encrypted w/sender priv key
- Msg re-hashed
- Sender hash decrypted w/sender pub key
- 2 hashes compared
|
|
|
Term
|
Definition
- PGP Pretty Good Privacy; email, digital signature; PK to encrypt; encrypt msg, then key. key decrypted, then msg w/key.
- PEM Privacy-Enhanced Mail; std for secure exchange; various crypto tech. Msg Integ; Sender Auth; confidentiality- only intended recipient
- MIME & S/MIME Multipurpose Internet Mail Extension; define/ID type of attachments in email; S/MIME digital signs & encrypts contents w/PK; content integrity.
|
|
|
Term
Encryption Internet Security Methods |
|
Definition
- Link Encryption Layer 2 of OSI (Data) encryption; routers; devices @ both ends of transmission that en/decrypt
- IPSec Transport (info encrypted) and Tunnel Mode (IP info and info encrypted); secures data over transmission; Layer 3 OSI (transport)
- Upper-layer Encryption HTTPS TLS SSH SSL; upper layers of OSI
|
|
|
Term
|
Definition
Security Association (SA):
- Negotiate time limit for SA
- Mode
- ESP encryption alg, key, IV
- ESP auth alg, key
- AH auth alg, key
- seq # counter
Internet Key Exchange (IKE): not PKI |
|
|
Term
Wireless Security Protocol |
|
Definition
- WEP 1st encryption; single key; RC4; 40bit key;24bit IV; easy to break cause IV was always 24bit
- WPA RC4; 128bit key w/48bit IV; TKIP alg
- WPA2 AES
|
|
|
Term
|
Definition
- Bday Attack probability
- Dictionary using predetermined list
- Replay While in transmission, pw captured and replayed
- Side Channel tries to exploits encryption technique
- Factoring Prime #
|
|
|
Term
|
Definition
- Ciphertext-only attacker has ciphertext; intent to find encryption key; once has key, can decrypt other message
- Known plaintext common msg format, using copies of cipher/plaintext & limited info to find correct key
- Chosen plaintext key manupulated, decodes and finds key w/only part of plaintext
- Chosen ciphertext key manupulated, decodes and finds key w/only part of ciphertext
|
|
|