Term
|
Definition
|
|
Term
Understand and apply fundamental concepts of Crytography
|
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
MD5 - Message digest algorithm
128 bit has - commonly used but not for goverment applications
SHA-1 Secure hash algorithm
160 bit hash - commonly used, however considered insecure against well trained attackers
SHA-2 Supports muliple bit lengths
Bits 224, 256, 384. 512 - current, but is beleived to have vulnerabilities
SHA-3 The new kid
Standard released by NIST in 2015 |
|
|
Term
| Hashing Algorythms example |
|
Definition
|
|
Term
|
Definition
|
|
Term
Symmetric /Asymmetric Encryption
|
|
Definition
Encrytion algoriths are not secret!
Keys used with the encryptin create a unique cipher
Symetric encrytion
Uses one key encrypt and decrypt
Keys need to be changed often
Asymetric encryption
Uses key pair (two keys) to encrypt and decrypt
Example public/private keys |
|
|
Term
| symetric algorithm: ROT13 |
|
Definition
|
|
Term
| symetric algorithm: ROT13 |
|
Definition
|
|
Term
Block and Stream Encryption
|
|
Definition
Symetric encryption uses two types of ciphers block and stream
Depending on data and purpose
Block - encrypts blocks of fixed length data
Advanced Encryption Standard (AES)
AES 128, 192, 256 bit lengths
Problems?
Key usage - same key produces same result
Keys need to be changed |
|
|
Term
| Electronic cookbook Mode (ECB) |
|
Definition
|
|
Term
Cipher Block Chaining Mode (CBC)
IV=Initialisation Vector
XOR = Truth
|
|
Definition
|
|
Term
|
Definition
Stream encrytps bit for bit - small blocks
Examples Video and audit
Cipher feedback mode (CFB)
Output feedback mode (OFB)
Counter (CTR) |
|
|
Term
|
Definition
AES
DES - 56bit block cipher - rarely used
3DES - Same as DES but performs three pases with diffrent keys
Blowfish - designed to replace DES
Overshowded by AES
IDEA - 128 bit - designed to replace DES
Used with PGP (Pretty good privacy)
RC4 - Rivest's cipher
|
|
|
Term
|
Definition
Aysemmetric Crytography - also known as public key Cryptography
Used key pairs - public and private
Public key is never shared - must be kept secret
Public key is freely shared
Anything encrypted with the public key can be decryted with the matching private key
Anything encryted with the private key can be decrytped with the public key |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Asymmetric Encryption is slower thn symmetric
High processer overhead
Not good for large amount of data
Often used to initiate a session to exchange a symmetric key
Then sender and reciever swith to symmetric
Rivest, Ahamir, Aldeman (RSA)
Aysmetric standard
Created in 1978
Uses large prime numbers (1024, 2048 bits) to create public and private keys
Prime numbers are multiplied to get a composite number
Not enough time to discover original prime numbers |
|
|
Term
|
Definition
|
|
Term
Non-key-based Asymmetric Encryption
|
|
Definition
Key distribution is a challenge
Sender and reciver may have no access to a PKI solution
Deffie-Hellman
Sender and reciver negotioatea shared key
Each has public and private integers
Public integers are used and calculated over several passes to derive shared secret key
ElGamal
Based on Diffie-Hellman
Designed to create a complete public key infrastructure (cryptosystem)
Available publically - not patened
Disadvantage: Doubles the length of the message making large transfers difficult |
|
|
Term
|
Definition
Elliptic Curve
Goal: Reduce the overhead of calculation using large prime numbers
Based on logarithm math to determine a point on an alliptic curve
Very complicated but leads to other wave encryption (light) - quantum crytography
Hybrid Encrytion
Combines both asymetric and symmetric
The bases of SSL/TLS
Massage Authentication Code (MAC)
Hashing method for authentication and integrity
Small part of data is encryted with a shared secret key
Authentication is verified because the sender is the only one with the shared key
Keyed-hash message authentication code (HMAC)
Similar to MAC
Shared secret is appended to message before hashing |
|
|
Term
|
Definition
|
|
Term
|
Definition
Commonly used with email - S/MIME
Asymetric encrytion
Provides Integrity
Message is hashed
Provides proof of Origin
The hash is encryted with the senders private key
the reciver decrypts with the senders public key
No confidentiality by default
Original message is not encryted |
|
|
Term
|
Definition
A person can not reasonably deny that they are responsible for the action or message
Logging, auditing, Digital signatures
Asymetric - user uses private key
Requires proper authentication
User must authenticate to system to gain access to private key
Symmetric - uses use a shared secret
If more than two users have the shared secret, then non-repudiation is more difficult
|
|
|
Term
|
Definition
Data classification - private or not
Determine level of sensitivity
Level of integrity and confidentiality
Strength os crytography should match sensitvity level
Don't forget this applies to risk management and availability |
|
|
Term
|
Definition
|
|
Term
| Organization Policies and compliance |
|
Definition
|
|
Term
|
Definition
Broad legal definition and application
Protects on organisation from constant reglation changes if they follow a set of conditions
Organisations may be impacted by local city, state and county regulations and changes
Offers protection from penalties and prosecution |
|
|
Term
|
Definition
Increases organizational security success
Increases overall security posture
Gives the emplyees the ability to participate
Educates organizational expectations and reglations
Educates vulnerabilities and threats
Improves the safety and welfare of humaity |
|
|
Term
|
Definition
|
|
Term
| Personally Identifiable Information (PII) |
|
Definition
|
|
Term
|
Definition
Do Not post sesitve company information
Careful with your own information
Malware, cross-site scritping, phishing and other attacks are common
Remember, shortened URLS can go anywhere! |
|
|
Term
|
Definition
File sharing directly between computers often for music and videos
Often banned in many Orgs
Files often contain malware
A conduit for data leakage
Pirated software is illegal in the office and at home |
|
|
Term
Understand and Support Secured Protocols
|
|
Definition
Internet Protocol Security (IPSec)
Provides encrytion and authentication of Internet Protcol (IP)
Used within an organization to protect confidential information transmition both locally and extranet
IPSec provides two modes:
Transport Mode
Tunnel mode |
|
|
Term
IPSec Modes
IPSEC is high on performance use. |
|
Definition
|
|
Term
|
Definition
Secure Socket Layer (SSL)
Transport Layer Security (TLS)
Often labeled SSL/TLS - but they are diffrent
Both begin with Asymetric encrytion with certificates - then switch to symmetric and shared key
SSL considered vulnerable to POODLE
Padding Oracle on Download Legacy Encrytion
Fallback to less secure (Legacy) systems |
|
|
Term
|
Definition
Eventually to replace SSL
Used in many applications today
Client and server negotiate a cipher suit
Offical cipher suite regisrty by IANA |
|
|
Term
|
Definition
|
|
Term
|
Definition
Secure Mulipurpose internet mail extensions
Used in many e-mail applications today
Standard for public key encryption and signing of MIME data - e-mail
Provides authentication, non- repudiation, integrity and message encryption |
|
|
Term
Operate and Implement Cryptographic systems
Fundamental Key Management Concepts
|
|
Definition
Key generation/creation
Modern systems create integers for both symmetric and asymetric keys
Keys can be automatically created by a computers random number generator
Often seeded to increase randomness
Keys can be manually created, such as ahared secret
Key distribution
Best to use modern cryptosystems
Can be distributedIN-Bans - over existing communication infrastructure
Can be out-ofband - such as handwritten note
Distributed keys need to be managed
Key Management
Lifetime of the key
Creation, revocation, renwal, deletion
|
|
|
Term
|
Definition
Process of deciphering codes through analysis
To compromise confidentiality and interity of data
Performed by hackers and researchers alike
Both are trying to find/confirm vulnerabilities
Hackers to expoit - researchers to improve |
|
|
Term
Crypto graphic Attacks
Attack types |
|
Definition
Bruteforce
Dictionary
Rainbow
Known plaintext
Chosen plaintext
Cipher test
There is more to this list! |
|
|
Term
Administration and Validation
|
|
Definition
Need to have cryptosystem to help
Key generation/creation
Keys should be created to meet the level of protection required
shorter key lengthsreduce the lifespan if the key Algorithms that reuse keys should use diffrent keys for the cycle or an initialization Vector (IV)
Keys should have secured distribution
Keys should be able to be renewed and revoked
Keys storage and recovery |
|
|
Term
| Keys storage and recovery |
|
Definition
Keys escrow - process to hold encrytion/decrytion
Keys in a secured environment
In case needed - such as lost by user
In case organization needs to gain access
Can be stored in a software or hardware solution
Key recovery performed by key recovery agent (Escrow agent)
One or more trusted people in the organisation
Often working in tandem
May required multifactor authentication |
|
|
Term
| Public Key Infrastructure (PKI) |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Trusted Authority (Certificates) |
|
Definition
|
|
Term
|
Definition
Certificates have the validity dates when they can no longer be trusted - however, sometimes they need to be revoked sooner
CA maintains a list of revoked certificates in a certificate Revocation List (CRL)
Clients can request the CRL to check certificate validity
Administrators of PKI can revoke and renew certificates as needed |
|
|
Term
|
Definition
PKI is centralized trust model - web of trust is decentralized
Created by PGP (pretty good privacy) creator Phil Zimmerman in 1992
Uses the Public/Private key concept
Users do not need to have root CA trusted authority - they can sign the certificate themselves as trusted. |
|
|
