Shared Flashcard Set

Details

CISSP (ElementK) Cryptography
CISSP, Element K 2nd Edition, Lesson 8 Cryptography
43
Computer Science
Professional
11/19/2009

Additional Computer Science Flashcards

 


 

Cards

Term
Cryptography
Definition
analysis/practice of information concealment via encryption using algorithms
Term
Encryption
Definition
  • security technique that converts data from clear/plaintext form into coded/ciphertext form
  • 1 or 2 way encryption (hide original msg only; no encryption vs encoded msg transformed to original format)
Term
Ciphers
Definition
SW or other tech that applies algorithm (rule/system used to encrypt data)
Term
Avalanche Effect
Definition
small change in plaintext produces large change in ciphertext
Term
Cyrptographic Keys
Definition
specific piece of info used w/algorithm to perform encrypt/decryption
Term
Cryptography & CIA Triad
Definition
  • Confidentiality encrypt info to hide contents except to intended recipient
  • Integrity insured from modification; can ID any changes
  • Availability encrypting credentials (userID pw); hide pw; pw not shown in cleartext
Term
Cryptography Process (5 steps)
Definition
  1. Start w/plaintext
  2. Select encryption key
  3. Encrypt plaintext into ciphertext
  4. Transport/store ciphertext until needed
  5. Decrypt using key
Term
Cryptosystems (Enigma)
Definition
  • HW/SW used to implement cryptographic process
  • cyrptanalysis study of cryptosystems; intent of breaking; determine workfactor (time to break code)
  • Enigma Device used by Germans in WWII to perform encryption/decryption
Term
Cipher Evolution (3 Eras)
Definition
  • Early Spartan technique: encryption - wrap paper/leather around staff and write message; key - unwrap paper/leather; decryption - wrap paper/leather around staff of identical diameter
  • Mechanical HW-based like Enigma uses cypherdisk (fast en/decryption)
  • Software SW-based using computers; early on user must know process; now little knowledge of process required
Term
Ideal Cipher (2 terms)
Definition
  • Usability simple keys/algorithms; easy to implement; plaintext not > ciphertext
  • Secrecy assume enemy knows key
  • using Diffusion (mixup plaintext during encryption) and Confusion (mixing up key values during encryption)
Term
Substitution
Definition
  • don't have to encrypt EVERYTHING
  • during processing w/algorithm (encryption)
  • XML employs technique
Term
Transposition
Definition
  • rearranging parts of msg/output (msg or key)
  • move letters around
Term

Key Mgt Factors (9)

CM,R,S,RD,C,T,F,E

Definition
  1. control measures who has keys/how assigned
  2. Recovery recover lost keys
  3. Storage secure repository of key assignment records
  4. retirement/destruction how removed from use/destroyed
  5. change changing keys to system on periodic basis
  6. generation generate random key for better protection
  7. theft what to do when key stolen
  8. freq. of key use limits time that keys used and how often used
  9. escrow spliting key into multiple parts, storing w/"escrowed" org.
Term
Alt. Ciphers (4)
Definition
  1. Steganography hides info by enclosing it into img, sound, movie
  2. Watermark embed mark/image to ID source for copyright/ownership
  3. Code book book/booklet that has phrases represented by codes
  4. One-time path toll w/very long, non-repeating key is same length of plaintext. 1 time use, then destroyed.
Term
Symmetric Encryption
Definition
  • key on both sides
  • also known as shared-key
  • same key used for both en/decryption
  • fast, but vulnerable
Term
Cipher Types (2) and XOR
Definition
  1. Stream symmetric encryption one bit @ a time; fewer errors; fast
  2. Block encrypts one block @ time (64 or 128 bit); more secure; slower

XOR binary math operation tests whether 2 inputs are same or different from each other:

 

0,0 = 0

1,0 = 1

0 1 = 1

1 1 = 0

Term
Stream Cipher
Definition
  • symmetric encryption one bit @ a time
  • fewer errors
  • fast
Term
Block Cipher
Definition
  • encrypts one block @ time (64 or 128 bit)
  • more secure
  • slower
Term
XOR Cipher
Definition

binary math operation tests whether 2 inputs are same or different from each other:

 

0,0 = 0

1,0 = 1

0 1 = 1

1 1 = 0

Term
Initialization Vectors (IV)
Definition
  • string used w/symmetric cipher and key to produce unique result
  • same phrase encrypted different cipher/key @ different versions
Term
Symmetric Encryption Algorithms (8)
Definition
  1. DES
  2. 2DES
  3. 3DES
  4. IDEA
  5. AES
  6. RC2/4/5/6
  7. BLOWFISH
  8. CAST-128
Term
Symmetric Encryption Algorithm Issues (2)
Definition
  • Transportation must be done w/secure procedures
  • # of Keys [n*(n-1)]/2
Term
DES Standard Process (4 steps)
Definition
  1. Expansion 64 bit split into (2) 32 bit blocks.  Each block expanded to 48 bits
  2. Key Mixing 48 bit block XORd w/subkey.  16 48 bit subkeys created from main key (1 key per round)
  3. Substitution Substitutions performed (S-boxes: 32 4-bit blocks)
  4. Permutation 32 4 bit blocks rearranged based on P-box (predefined scrambling process)

Term
Block Cipher Modes (4)
Definition
  • ECB Electronic Code Book 64 bit blocks encrypted sep.
  • CBC Cipher Block Chaining 64 bit blocks XORed w/64 bit IV; encrypted w/1 key. outputted ciphertext used to replaces IV for next round, creating a chain
  • CFB Cipher FeedBack like CBC, but each round uses different key. iie AES
  • OFB Output FeedBack
Term
Assymetric Encryption
Definition
  • 2 way, 2 keys (private/public keys; 1 for encrypt, 1 for decrypt)
  • attempts to solve problems of key distro/mgt
  • key generation process of generating priv/pub keys
  • slower
  • more secure
Term
Assym. Encryption Applications
Definition
  • Confidentiality increased confidentiality; only recipient can decrypt
  • Integrity  if msg altered in transmission, decryption not possible
  • Non-repudiation (can not be disputed) ID of sender is confirmed because only sender has private key
Term
Assymetric Encryption Alogrithms
Definition
  • RSA Rivest Shamir Adleman
  • Elgamal developed by Taher Elgamal
  • ECC Elliptic Curve Crypto: discrete logs, shorter keys
Term
Digital Certs
Definition
  • associates credentials w/public key
  • users and devices
  • CA issues certs and keys
Term
Public Key Infrastructure
Definition
  • cyrpto system composed of certs, CA, RA, CRD (cert repository database), CMS (cert mgt system) to enable authenticity/validate of data
Term
Public Key Infrastructure Components (5)
Definition
  1. Digital certs
  2. CA Cert Auth
  3. RA Registration Auth
  4. Cert Repository DB (SW)
  5. Cert. Mgt System (SW)

 

Term
PKI Process (5)
Definition
  1. Obtain Key Pair
  2. Issue Cert
  3. CA verifies PK
  4. CA creates ID
  5. Revoke expired certs
Term
Cert Info (14)
Definition
  1. Ver
  2. Serial #
  3. Algorithm ID
  4. Issuer
  5. Validity
  6. Not Before
  7. Not After
  8. Subject
  9. Subject PK info
  10. Issuer Unique ID (opt.)
  11. Subject Unique ID (opt.)
  12. Extensions (opt.)
  13. Cert Signature Alog.
  14. Cert Signature (determines validity)

 

Term
Cert Revocation List (CRL)
Definition
  • list of certs (serial #) that have been revoked, no longer valid
Term
Hashing
Definition
  • 1 way encryption
  • produces hash, hash value, message digest
  • keyed or non-keyed
  • keyed w/secret key sent w/msg; non-keyed no mech used
  • hash len. fixed
  • suceptible to brute force
  • PW Protection is example
Term
Digesting and Hashing Alog. (3)
Definition
  1. MD2/4/5 128 bit; created in 89,90,91; 8-bit, 32-bit, 32-bit; MD5 stronger, but slower than MD4
  2. HAVAL modified MD5 w/variable lengths (128, 160, 192, 224, 256)
  3. SHA 1/256/384/512 stronger than MD5; used w/DSA (Digital Sig. Alg); 160, 256, 384, 512-bit len.
Term
Auth. Code Alg. (4)
Definition
  1. MAC Msg Auth Code; shared secret key; last block of encrypted file used as comparison: encrypted, then last block & unencrypted file sent.  recipient encrypts again and compares last block to lask block sent
  2. HMAC Hash MAC
  3. UMAC Universal HMAC
  4. CMAC, OMAC, CBC-MAC, PMAC Cipher, One-key, Cipher-Block, Parallelized MAC are all BLOCK cipher ACA
Term
Digital Signature
Definition
  • hash encrypted w/user's private key
  • msg sent digitally signed, recipient decrypts w/public key
  • message hashed
  • hash encrypted w/sender priv key
  • Msg re-hashed
  • Sender hash decrypted w/sender pub key
  • 2 hashes compared
Term
Email Security
Definition
  1. PGP Pretty Good Privacy; email, digital signature; PK to encrypt; encrypt msg, then key. key decrypted, then msg w/key.
  2. PEM Privacy-Enhanced Mail; std for secure exchange; various crypto tech. Msg Integ; Sender Auth; confidentiality- only intended recipient
  3. MIME & S/MIME Multipurpose Internet Mail Extension; define/ID type of attachments in email; S/MIME digital signs & encrypts contents w/PK; content integrity.
Term
Encryption Internet Security Methods
Definition
  1. Link Encryption Layer 2 of OSI (Data) encryption; routers; devices @ both ends of transmission that en/decrypt
  2. IPSec Transport (info encrypted) and Tunnel Mode (IP info and info encrypted); secures data over transmission; Layer 3 OSI (transport)
  3. Upper-layer Encryption HTTPS TLS SSH SSL; upper layers of OSI
Term
IPSec Process
Definition

Security Association (SA):

  1. Negotiate time limit for SA
  2. Mode
  3. ESP encryption alg, key, IV
  4. ESP auth alg, key
  5. AH auth alg, key
  6. seq # counter

Internet Key Exchange (IKE): not PKI

Term
Wireless Security Protocol
Definition
  • WEP 1st encryption; single key; RC4; 40bit key;24bit IV; easy to break cause IV was always 24bit
  • WPA RC4; 128bit key w/48bit IV; TKIP alg
  • WPA2 AES
Term
Encryption Attacks (5)
Definition
  1. Bday Attack probability
  2. Dictionary using predetermined list
  3. Replay While in transmission, pw captured and replayed
  4. Side Channel tries to exploits encryption technique
  5. Factoring Prime #
Term
Cryptoanalysis Attacks
Definition
  1. Ciphertext-only attacker has ciphertext; intent to find encryption key; once has key, can decrypt other message
  2. Known plaintext common msg format, using copies of cipher/plaintext & limited info to find correct key
  3. Chosen plaintext key manupulated, decodes and finds key w/only part of plaintext
  4. Chosen ciphertext key manupulated, decodes and finds key w/only part of ciphertext
Supporting users have an ad free experience!