Term
|
Definition
| Breaks the plaintext into blocks and encrypts each with the same algorithm |
|
|
Term
|
Definition
| Cryptographic transformation operates on the characters or bites |
|
|
Term
|
Definition
| Unintelligible message, also know as a Cryptogram |
|
|
Term
|
Definition
| Plaintext message generates identical ciphertext using the same algorithm but different keys |
|
|
Term
|
Definition
| A cryptographic transformation that operates at the word or phrase level |
|
|
Term
|
Definition
| Act of obtaining plaintext or key from ciphertext |
|
|
Term
|
Definition
| Step-by-step procedure used to encipher plaintext and decipher ciphertext |
|
|
Term
|
Definition
| Art and Science of hiding the meaning of communication |
|
|
Term
|
Definition
| Encompasses cryptography and cryptanalysis |
|
|
Term
|
Definition
| Set of transformations from message space to ciphertext space |
|
|
Term
|
Definition
| To make a message unintelligible to all except recipient |
|
|
Term
|
Definition
| Encrypted information that is sent from sender to receiver |
|
|
Term
|
Definition
| It is a boolean Operation, indicated by XOR or the symbol"O" with an x in the middle, easily implemented in hardware. Operates on the bit level |
|
|
Term
|
Definition
| Information or sequence that controls enciphering and deciphering of message |
|
|
Term
|
Definition
- Each entity has key in common with two neighboring nodes.
- Node 1 –Encrypts with key A
- Node 2 – Decrypts with key A and encrypts with key B
- Node 3 – Decrypts with Key B and encrypts with Key C |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Encryption with key K with components k1, k2,…kn, the encipherment uses each component of k to encrypt message M with components m1, m2,…mn. The Key is the same length as the Message and the Key is used only once, never again. Key must be completely random. It not considered not very practical. Invented 1917 by the US Army Signal Corps and AT&T |
|
|
Term
|
Definition
| Secret communication of a message where communication is hidden. Example – last bit of each pixel in an image file contains bit of a message. |
|
|
Term
|
Definition
- Difficulty in recovering plain text from ciphertext as a factor of time and cost
- Systems security is directly proportional to the work function
- Work function should be commensurate with the value of the data |
|
|
Term
|
Definition
| Used by Spartans in 400B.C., the user would wrap a message around wooden dowel. The diameter and length are the keys to the cipher. |
|
|
Term
|
Definition
| Monoalphabetic substitution – only used one alphabet, specifically involved shifting the alphabet three letters. Known as C3 (Caesar shift 3 places). |
|
|
Term
|
Definition
| Two concentric disks with letters on the edge that can be used to match up letters. |
|
|
Term
|
Definition
| Arab philosopher who wrote a manuscript on Deciphering Cryptographic Messages |
|
|
Term
|
Definition
- 1790 developed device with 26 disks that could be rotated individually
- Message would assembled by lining up the disks to the alignment bar
- Then the bar was rotated a given angle and the resulting letters were the cipher text
- The angle of rotation of the alignment bar was the key
- Disks used extensively during the civil war |
|
|
Term
|
Definition
| Shift the alphabet 13 places |
|
|
Term
|
Definition
| Developed in 1920 by Boris Hagelin in Stockholm Sweden, known as the M-209 in the US |
|
|
Term
|
Definition
| In 1920’ Herbert O. Yardley was in charge of U.S. MI-8. Cracked codes of a number of Nations. Gave U.S edge in Japanese negotiations in 1921-1922. U.S. State Department shut down MI-8. which upset Yardley, who then published book The American Black Chamber 1931. |
|
|
Term
|
Definition
| Father of American Cryptology |
|
|
Term
|
Definition
| William Friedman resumed cryptanalysis for U.S. Army after Yardley, broke the new Japanese cipher utilized by this machine for naval codes during World War II |
|
|
Term
|
Definition
- Polyalphabetic substitution cipher - using mechanical rotors
- Developed in 1919 by Dutchman Arthur Scherbius obtained US Patent for Berlin firm
- 1938 German went to six rings
- Disks have 26 contacts on each side, to communicate with each neighboring disk one of them makes contact with the other disk
- Also rotates the disks after encryption of each letter
- Rotates next highest rotor like a “gas pump” – polyalphabetic |
|
|
Term
|
Definition
- German Enigma
- Japanese Red
- Japanese Purple
- American SIGABA “Big Machine” |
|
|
Term
|
Definition
| Key that are Private or Shared Secret |
|
|
Term
|
Definition
| Public Key and Private Key |
|
|
Term
|
Definition
| Cannot derive the private Key |
|
|
Term
|
Definition
| Cryptography is 1,000 times faster than public key cryptography |
|
|
Term
| Vigenere Polyalphabetic Cipher |
|
Definition
- Caesar is a subset of the Vigenere Polyalphabetic Cipher
- Vigenere used 26 alphabets
- Each letter of the message corresponds to a different alphabet
- Subject to guessing the period, when the alphabet changes |
|
|
Term
|
Definition
| Write the message vertically and read horizontally, can be attacked through frequency analysis |
|
|
Term
|
Definition
| One time pad, random set of non-repeating characters |
|
|
Term
| Book or Running Key Cipher |
|
Definition
- Using text from a book as the key and performing modulo26 addition on it.
- Would use specific line and page number |
|
|
Term
|
Definition
| Every X number of words within a text, is a part of the real message. |
|
|
Term
|
Definition
| Used to detect copying of digital images |
|
|
Term
|
Definition
Symmetric Key based.
- Sender and receiver both know the key
- Encrypt and decrypt with the same key
- Secret key should be changed frequently
- Requires secure distribution of keys – by alternate channel
- Ideally only used once
- Secret Key Cryptosystem does have both public and private information
- Public
- Algorithm for enciphering plaintext
- Possibly some plaintext and cipher text
-Possibly encipherment of chosen plaintext
- Private
- The KEY
-One cryptographic transformation out of many possible transformations
- Large keys like >128 bit are very hard to break
- Very fast
- Sender requires different key for each receiver
- Time stamps can be associated to the key so valid only during time window (counters replay)
- No Authentication or repudiation
- Best known is DES developed by IBM in 1970’s for commercial use |
|
|
Term
| Data Encryption Standard (DES) |
|
Definition
- Uses confusion and diffusion
- Derived in 1972 as derivation of Lucifer algorithm developed by Horst Fiestel at IBM
- Patented in 1974 - Block Cipher Cryptographic System
- Commercial and non-classified systems
- Describes the Data Encryption Algorithm DEA
- Federal Information Processing Standard FIPS 46-1 adopted in 1977
- Re-certified in 1993 by National Institute of Standards and Technology but will be replaced by AES Advanced Encryption Standard by Rijndael.
- Uses 64 bit block size and 56 bit key, begins with 64 bit key and strips 8 parity bits
- DEA is 16 round cryptosystem designed for implementation in hardware
- 56 bit key = 256 or 70 quadrillion possible keys
- Distributed systems can break it. U.S. Government no longer uses it
- Triple DES – three encryptions using DEA are now being used until AES is adopted
-Considered vulnerable by brute force search of the key – replaced by triple DES and AES |
|
|
Term
| Modes that DES Operates in |
|
Definition
- Electronic Code Book (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB) |
|
|
Term
|
Definition
| Conceals statistical connection accomplished through s-boxes |
|
|
Term
|
Definition
| Spreads the influence of plaintext character over many ciphertext characters, accomplished through p-boxes |
|
|
Term
| Electronic Code Book (ECB) |
|
Definition
-Native encryption mode
-Provides the recipe of substitutions and permutations that will be performed on the block of plaintext.
-Data within a file does not have to be encrypted in a certain order.
-Used for small amounts of data, like challenge-response, key management tasks.
n Also used to encrypt PINs in ATM machines. |
|
|
Term
| Cipher Block Chaining (CBC) |
|
Definition
-The previously generated ciphertext from the last encrypted block of data is inputted into the algorithm to generate random values.
-These random values are processed with the current block of plaintext to create ciphertext.
-This mode is used when encrypting individual characters is required. |
|
|
Term
|
Definition
-Functioning like a stream cipher by generating a stream of random binary bits to be combined with the plaintext to create ciphertext.
-The ciphertext is fed back to the algorithm to form a portion of the next input to encrypt the next stream of bits. |
|
|
Term
|
Definition
-Double encryption is subject to meet in the middle attack
-Encrypt on one end decrypt on the other and compare the values
-So Triple DES is used
-Can be done several different ways:
DES – EDE2 (encrypt key 1, decrypt key 2, encrypt key 1)
DES – EE2 (encrypt key 1, encrypt key 2, encrypt key 1)
DES –EE3 (encrypt key 1, encrypt key 2, encrypt key 3) - most secure |
|
|
Term
|
Definition
-Resistance to all known attacks
-Design Simplicity
-Code compactness and speed on wide variety of platforms
-Iterative block cipher with variable block length and key lengths that can be independently chosen as 128, 192 or 256 bits.
-3.4 x 1038 possible 128 bit key combinations
-6.2 x 1057 possible 192 bit key combinations
-1.1 x 1077 possible 256 bit key combinations
-Intermediate cipher result is called “state” that transformations operate on
-Does not use Feistel transposition structure from DES
-Uses round transformation of 3 layers
-Non-linear layer
-Linear mixing layer
-Key addition layer
-Suitable for High Speed Chips and compact co-processor on smart cards |
|
|
Term
|
Definition
-128 bit blocks in 16 rounds, up to 256 bit keys
-Developed by Counterpane based on Blowfish (also by Counterpane) - Bruce Schnier
-Employs whitening before first round and after second round
-Need to break whitening keys in addition to Twofish key
-Transposition |
|
|
Term
| IDEA Cipher (International Data Encryption Algorithm) |
|
Definition
-64 bit block, 8 rounds, and 128 bit keys
-Used in PGP
-Much more difficult than DES |
|
|
Term
|
Definition
- Family of algorithms
- Developed by Ronald Rivest in 1994
- 32, 64 or 128 bit blocks, up to 0 to 255 rounds, 0 to 2048 bit keys
- RSA patented in 1997 |
|
|
Term
|
Definition
-Employee private and public key
-Public made available to anyone wanting to encrypt a message
-Private key is used to decrypt
-Public Key cannot decrypt the message it encrypted
-Ideally private key cannot be derived from the public key
-The other can decrypt a message encrypted by one of the keys
-Private key is kept private |
|
|
Term
|
Definition
- Rivest, Shamir and Addleman developed this algorithm
- Based on difficulty of factoring a number which is the product of two large prime numbers, may be 200 digits each.
- Can be used for Encryption, key exchange, and digital signatures |
|
|
Term
|
Definition
-Exchange secret keys over insecure medium without exposing keys
-Without additional session key
-Primarily key exchange
-Based on difficulty of factoring a number which is the product of two large prime numbers, may be 200 digits each.
-Can be used for Encryption, key exchange, and digital signatures |
|
|
Term
|
Definition
| Extended Diffie-Hellman to include signatures and encryption |
|
|
Term
|
Definition
-Having set of items with fixed weights
-Determining which items can be added in order to obtain a given total weight
-Illustrated using Super increasing weights (all weights greater than sum of previous) |
|
|
Term
|
Definition
-Elliptic curve discrete logarithm are hard to compute than general discrete logarithm
-Smaller key size same level of security
-Elliptic curve key of 160 bits = RSA of 1024 bits
-Suited to smart cards and wireless devices (less memory and processing)
-Digital signatures, encryption and key management |
|
|
Term
| Public Key Cryptosystem Algorithms |
|
Definition
| RSA, El Gamal, Diffie-Hellman, Shnorrs signature Alogorithm, Elliptic Curve, Nybergrueppels Signature Algorithm |
|
|
Term
| Asymmetric Key - Bit sizes |
|
Definition
512 bits
1792 bits
2304 bits |
|
|
Term
| Symmetric Key - Bit sizes |
|
Definition
|
|
Term
|
Definition
Secure Hash Algorithm produces 160 bit digest if message is less than 2^64 bits.
- It is computationally infeasible to find message from message digest
- It is computationally infeasible to find to different messages with same message digest
- Padding bits are added to message to make it a multiple of 512 |
|
|
Term
| Hashed Message Authentication Code (HMAC) |
|
Definition
| Uses key to generate a Message Authentication Code which is used as a checksum |
|
|
Term
|
Definition
| Developed by Ronald Rivest in 1991, produces 128 bit message digest |
|
|
Term
| Digital Signal Standard (DSS) and Secure Hash Standard (SHS) |
|
Definition
-Enables use of RSA digital signature algorithm or DSA –Digital Signature Algorithm (based on El Gamal)
-Both use The Secure Hash Algorithm to compute message digest then processed by DSA to verify the signature. Message digest is used instead of the longer message because faster. |
|
|
Term
| Purpose of Digital Signatures |
|
Definition
| To detect unauthorized modifications and to authenticate identity and non-repudiation. |
|
|
Term
|
Definition
-Generates block of data smaller than the original data
-One way hash functions
1)One way has produces fixed size output (digest)
2)No two messages will have same digest
3)One way no getting original file from hash
4)Message digest should be calculated using all of original files data
-After message digest is calculated it is encrypted with senders private key
-Receiver decrypts using senders public key, if it opens then it is from the sender.
-Then receiver computes message digest of sent file if hash is the same it has not been modified |
|
|
Term
|
Definition
| Try every possible combination |
|
|
Term
|
Definition
| Attacker has copy of plain text and the associated ciphertext of several messages |
|
|
Term
|
Definition
| The attacker has the plaintext and ciphertext and can choose the plaintext that gets encrypted. |
|
|
Term
| Adaptive Chosen Plain Text |
|
Definition
| Selection of plain text is altered based on previous results |
|
|
Term
|
Definition
| The attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. |
|
|
Term
|
Definition
| Portions of the cipher text are selected for trial decryption while having access to plain text. The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext |
|
|
Term
| Adaptive Chosen Ciphertext |
|
Definition
| Chosen cipher text are selected for trial decryption where selection is based on previous results |
|
|
Term
|
Definition
| The probability of two different messages having same message digest or finding two different messages that have the same message digest |
|
|
Term
|
Definition
| For attacking double encryption from each end and comparing in the middle |
|
|
Term
|
Definition
| Intercepting messages and forwarding on modified versions |
|
|
Term
|
Definition
| Intercepting messages and forwarding on modified versions |
|
|
Term
| Differential Cryptanalysis |
|
Definition
| Private key cryptography looking at text pairs after encryption looking for differences |
|
|
Term
|
Definition
| Using plain text and cipher text to generate a linear approximation of a portion of the key |
|
|
Term
| Differential Linear Cryptanalysis |
|
Definition
| Using both linear and differential approaches |
|
|
Term
|
Definition
| Using mathematics to determine the prime factors of large numbers |
|
|
Term
|
Definition
| Exploiting the lack of randomness in key generation |
|
|
Term
| Approaches to Escrowed Encryption |
|
Definition
-Allowing law enforcement to obtain the keys to view peoples encrypted data
-Escrow the key in two pieces with two trusted escrow agents
-Court order to get both pieces
-Clipper Chip – implemented in tamper proof hardware |
|
|
Term
| Public Key Infrastructure - (PKI) |
|
Definition
Integration of digital signatures and certificates. Requires the following:
1)Digital Certificates
2)Certificate Authorities (CA)
3)Registrations Authorities
4)Policies and procedures
5)Certificate Revocation
6)Non-repudiation support
7)Timestamping
8)Lightweight Directory Access Protocol
9)Security Enabled Applications
10)Cross Certification |
|
|
Term
| Certificate Authority (CA) |
|
Definition
| Acts as a notary to bind the key to the person |
|
|
Term
| Key Escrow using Public Key Cryptography |
|
Definition
- Private key is split and distributed
- Can verify each portion of the key without joining
- Created by Sylvio Micali, MIT |
|
|
Term
| Key Management Components |
|
Definition
1)Key control
2)Key recovery
3)Key storage
4)Key retirement/destruction
5)Key Change
6)Key Generation
7)Key theft
8)Frequency of key use |
|
|
Term
| Secure Multipurpose Internet Mail Extensions (S/MIME) |
|
Definition
-Adds secure services to messages in MIME format
-Provides authentication through digital signatures
-Follows Public Key Cryptography Standards (PKCS)
-Uses X.509 Signatures |
|
|
Term
| MIME Object Security Services (MOSS) |
|
Definition
-Provides flexibility by supporting different trust models
-Uses MD5, RSA Public Key and DES
-Permits identification outside of the X.509 Standard |
|
|
Term
| Privacy Enhanced Mail (PEM) |
|
Definition
-Compliant with Public Key Cryptography Standards (PKCS)
-Developed by consortium of Microsoft, Sun, and Novell
-Triple DES-EDE – Symmetric Encryption
-MD2 and MD5 Message Digest
-RSA Public Key – signatures and key distribution
-X.509 Certificates and formal CA |
|
|
Term
| Pretty Good Privacy - PGP |
|
Definition
-Phil Zimmerman
-Symmetric Cipher using IDEA
-RSA is used for signatures and key distribution
-No CA, uses “web of trust”
-Users can certify each other |
|
|
Term
| Message Authentication Code |
|
Definition
| Check value derived from message contents |
|
|
Term
| SET – Secure Electronic Transaction |
|
Definition
-Visa and Mastercard developed in 1997
-Encrypts the payment information
-DES – Symmetric Encryption
-RSA Public Key – signatures and key distribution |
|
|
Term
| Secure Sockets Layer (SSL) |
|
Definition
-Developed by Netscape in 1994
-Uses public key to authenticate server to the client
-Also provides option client to sever authentication
-Supports RSA public Key Algorithms, IDEA, DES, and 3DES
-Supports MD5 Hashing
-HTTPS header
-Resides between the application and TCP layer
-Can be used by telnet, FTP, HTTP and e-mail protocols.
-Based on X.509 |
|
|
Term
| Transaction Layer Security |
|
Definition
|
|
Term
| Internet Open Trading Protocol – (IOTP) |
|
Definition
-Aimed at consumer to business transaction
-Flexible and future focused |
|
|
Term
|
Definition
-Smart cash card application
-Proprietary encryption algorithm
-Card is same as cash |
|
|
Term
| Wireless Application Protocol |
|
Definition
| Designed for mobile devices (PDA, Phones) |
|
|
Term
| Wireless Transport Security Protocol (WTLS) |
|
Definition
Used by WAP, three classes
Class 1 – Anonymous Authentication
Class 2- Sever Authentication
Class 3 – Two way client and server authentication |
|
|
Term
|
Definition
| Where WTLS is decrypted and re-encrypted to SSL at the WAP gateway |
|
|
Term
|
Definition
| Stripped down HTML, C-HTML can be displayed on standard browser. Is competing with WML from Japan |
|
|
Term
|
Definition
SSH-2; Remote access via encrypted tunnel. Client to server authentication.
Comprised of Transport Layer protocol,
User Authentication protocol, and Connection Protocol |
|
|
Term
| IKE – Internet Key Exchange |
|
Definition
| Used for key management with IPSEC |
|
|
Term
| Internet Security and Key Management Protocol (ISAKMP) |
|
Definition
| IKE protocol; phases for establishing relationship |
|
|
Term
| Secure Key Exchange Mechanism – SKEME |
|
Definition
| IKE protocol; secure exchange mechanism |
|
|
Term
|
Definition
| IKE protocol; modes of operation needed to establish secure connection |
|
|
Term
|
Definition
-Provides encryption, access control, and non-repudiation over IP.
-Two Main Protocols are
1)Authentication Header – integrity, authentication and non-repudiation
2)Encapsulating Security Payload – encryption, limited authentication
-Security Association is required between two parties – one way connection - Comprised of Security Parameter Index – (SPI) – 32 bit identifier
- Bi-directional communication requires two Security Associations |
|
|
Term
| In VPN implementation IPSec can operate in... |
|
Definition
|
|
Term
|
Definition
| Data and original IP header encrypted, new header is added |
|
|
Term
|
Definition
| Data encrypted, header not |
|
|
Term
| When using IPSEC Security Associations can be combined into bundles using... either |
|
Definition
| Transport Adjacency and Iterated Tunneling |
|
|
Term
| IPSEC uses MD5 and SHA for... |
|
Definition
|
|
