2.8 - Summarize the basics of cryptographic concepts. Flashcards

1
Q

Digital signatures

A

-uses encrpyed hash of a msg
->hash encrypted wth sender’s PRIVATE key

-digital signature alg relies on public key cryptography + hashing functions

-if recipient can decrypt the hash it provides 3 benefits;

Authentication
->Prove the source of the message/identifies sender of the email
->email came from who it appears to be coming from

Non-repudiation
->Make sure the signature isn’t fake
->sender can’t later deny sending the msg
->sometimes req 4 online transactions

Integrity
->Prove the message was not changed
->provides assurances msg not modified/corrupted
->recipients know the msg is the same as the sent msg

-Sign with the private key
->msg doesn’t need to be encrypted
->Nobody else can sign this (obviously)

Verify with the public key
->Any change in the msg will invalidate the signature

EX:
-Alice encrypts using her private key (encrypted msg = digital signature)
->Bob decrypts digital signature using Alice’s public key

Gibson 370
Chapple 207

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Key length
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Key stretching
A

*
Already built for your application
– No additional programming involved
*
bcrypt
– Generates hashes from passwords
– An extension to the UNIX crypt library
– Uses Blowfish cipher to perform multiple
rounds of hashing
*
Password-Based Key Derivation Function 2 (PBKDF2)
– Part of RSA public key cryptography standards
(PKCS #5, RFC 2898)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Salting
A

Adding some salt
*
Salt
– Random data added to a password when hashing
*
Every user gets their own random salt
– The salt is commonly stored with the password
*
Rainbow tables won’t work with salted hashes
– Additional random value added to the
original password
*
This slows things down the brute force process
– It doesn’t completely stop the reverse engineering
*
Each user gets a different random hash
– The same password creates a different hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Hashing
A

Hashes
-Represent data as a short string of text - A message digest
-One-way trip
–> Impossible to recover the original message from the digest
–> Used to store passwords / confidentiality
-Verify a downloaded document is the same as the original
–> Integrity
-Can be a digital signature
–> Authentication, non-repudiation, and integrity
-Will not have a collision (hopefully)
–> Different messages will not have the same hash

Practical hashing
-Verify a downloaded file
–> Hashes may be provided on the download site
–> Compare the downloaded file hash with the
posted hash value
-Password storage
–> Instead of storing the password, store a salted hash
–> Compare hashes during the authentication process
–> Nobody ever knows your actual password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Key exchange
A

*
A logistical challenge
– How do you transfer an encryption key across an
insecure medium without having an encryption key?
*
Out-of-band key exchange
– Don’t send the symmetric key over the ‘net
– Telephone, courier, in-person, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ECC

A

Elliptic-curve cryptography (gibson 365, chapple 204)

-graphs points on curve to create keys

Instead of numbers, use curves!
– Smaller storage and transmission requirements
– Perfect for mobile devices
-doesn’t take as much processing power as other cryptographic methods
-keys can be much smaller compared to non ECC keys

-common use cases of low power devices
-sometimes used wth smaller wireless devices b/c doesn’t take much processing power to achieve desired security
-use 4 asymmetric encryption

Asymmetric encryption
– Need large integers composed of two or more large prime factors

-256 bit elliptic curve public key = provide same sec benefit of a 3072 key used wth DSA

defined by equation: ysquared = xtothethird + ax + b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PFS

A

Perfect Forward Secrecy

Change the method of key exchange
– Don’t use the server’s private RSA key
*
Elliptic curve or Diffie-Hellman ephemeral
– The session keys aren’t kept around
*
Can’t decrypt with the private server key
– Every session uses a different private key for the
exchange
*
PFS requires more computing power
– Not all servers choose to use PFS
*
The browser must support PFS
– Check your SSL/TLS information for details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Communications (Quantum)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • Computing (Quantum)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Post-quantum

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ephemeral

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Authenticated (Modes of operation)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Unauthenticated (Modes of operation)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Counter (Modes of operation)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Public ledgers (Blockchain)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Stream (Cipher suites)

A
18
Q

Block (Cipher suites)

A
19
Q

Symmetric vs. asymmetric

A

Symmetric encryption
A single, shared key
– Encrypt with the key
– Decrypt with the same key
– If it gets out, you’ll need another key
Secret key algorithm
– A shared secret
Doesn’t scale very well
– Can be challenging to distribute
Very fast to use
– Less overhead than asymmetric encryption
– Often combined with asymmetric encryption

Asymmetric encryption
Public key cryptography
– Two (or more) mathematically related keys
Private key - Keep this private
Public key - Anyone can see this key - Give it away
The private key is the only key that can decrypt data
encrypted with the public key
– You can’t derive the private key from the public key

20
Q

Lightweight cryptography

A

*Powerful cryptography has traditionally
required strength
– A powerful CPU and lots of time
*Internet of Things (IoT) devices have limited power
– Both watts and CPU
*New standards are being created
– National Institute of Standards and Technology (NIST)
leading the effort
– Provide powerful encryption
– Include integrity features
– Keep costs low

21
Q
  • Audio (Steganography)
A
22
Q
  • Video (Steganography)
A
23
Q
  • Image (Steganography)
A
24
Q

HE

A

Homomorphic encryption

Encrypted data is difficult to work with
– Decrypt the data
– Perform a function
– Encrypt the answer

Homomorphic encryption
– Perform calculations of data while it’s encrypted
– Perform the work directly on the encrypted data
– The decrypted data can only be viewed with
the private key

Advantages
– Securely store data in the cloud
– Perform research on data without viewing the data

25
Q

-Low power devices (Common use cases)

A
26
Q
  • Low latency (Common use cases)
A
27
Q
  • High resiliency (Common use cases)
A
28
Q
  • Supporting confidentiality (Common use cases)
A
29
Q
  • Supporting integrity (Common use cases)
A
30
Q
  • Supporting obfuscation (Common use cases)
A
31
Q
  • Supporting authentication (Common use cases)
A
32
Q
  • Supporting non-repudiation (Common use cases)
A
33
Q
  • Speed (Limitations)
A
34
Q
  • Size (Limitations)
A
35
Q
  • Weak keys (Limitations)
A
36
Q
  • Time (Limitations)
A
37
Q
  • Longevity (Limitations)
A
38
Q
  • Predictability (Limitations)
A
39
Q

Reuse (Limitations)

A
40
Q

Entropy (Limitations)

A
41
Q

Computational overheads (Limitations)

A
42
Q

Resource vs. security constraints (Limitations)

A