ch 3 Flashcards
scrambling information so i cannot be read
cryptography
hides the existing data in other pieces of data/ image audio or video
steganography
information within the data
meta data
data stored or transmitted without encryption
cleartext data
procedures based on a mathematical formula used to encrypt and decrypt the data
cryptographic algorithm
mathematical value entered into the algorithm to produce the cipher text
key
substitutes one character for another
substitution cipher
based on the binary operation exclusive or that compares to two bits
XOR Cipher
software that relies upon an algorithm for creating a sequence of numbers whose properties approximate those of random number.
(PRNG) Pseudorandom number generator
if a single character of plaintext is changed then it should result in multiple characters of the cipher text change
diffusion
the key not relate in simple way to the cipher text
confusion
ensures only authorized parties can view it
confidentiality
ensures information is correct and unaltered
integrity
ensures sender can be verified through cryptography
authentication
provides that a user performed an action
non-repudiation
making something obscure or unclear
obfuscation
data actions being performed by “endpoint devices”
data in use
actions that transmit the data across the network
data in transit
data is stored on electronic media
data at rest
the ability to quickly recover the resources vs. security constraints
high resiliency
takes one character and replaces it with another (RC-4)
stream cipher
manipulates an entire block of plaintext at one time
block cipher
takes a input string of any length and returns a string of any requested variable length
sponge function
creates a unique “digital fingerprint “ of a set of data. (symmetric cryptographic algorithms and asymmetric cryptographic algorithms
hashing
short and long data sets that have the same size hash
fixed size
two different data sets cannot produce the same hash
unique
data set cannot be created to have a predefined hash
original
resulting hash cannot be reversed to determine original plaintext
secure
padded to 512 bits/ MD hash algorithms/ weakness in compression function could lead to collusion
Message Digest (MD5)
More secure than MD and had a collision in 2012 (no longer secure)
(SHA) Secure Hash Algorithm
(European standard) Primary design feature is two different and independent parallel chains of command.
(RIPEMD) race integrity primitives evaluation message digest
uses a shared key, possessed by a sender and a receiver. Receiver uses a key to decrypt the hash. (CBC-MAC) cipher block chaining message authentication code
(HMAC) Hashed message authentication code
used the same single key to encrypt and decrypt a document. also called private key cryptography
Symmetric Cryptographic Algorithms
symmetric algorithm designed in the early 1970’s. uses a 52 bit key and is a block cipher
(DES) Data encryption standard
designed to replace DES uses three rounds of encryption, cypher text of the first round input for second iteration, most secure versions use different keys used for each round.
(3DES) Triple data encryption standard
Symmetric cypher approved by the NIST 2000 as a replacement for DES three steps on every block 128 bits of plaintext.
(AES) Advanced encryption standard
what encryption has each version has a number of rounds for each encryption 123=10, 192=12, 256=14
(AES) Advanced encryption standard
RC1-6 (RC4 Stream)
Rivest Cipher
Block cipher on 64 bit blocks, lengths from 32-448 bits, no significant weakness have been identified
blowfish
User in european nations, 64 bits, 128 bit key with 8 rounds. (used in PGP)
(IDEA) International in Encryption Algorithm
Also known as a public key cryptography, uses two mathematically related keys, public keys are available to everyone and private keys are known only to the individual who it belongs to.
Asymmetric Cryptographic Algorithm
common asymmetric cryptographic algorithms
RSA, Elliptic Curve Cryptography, digital Signature Algorithm, Those related to Key exchange.
published in 1997 and patented by MIT in 1983, most common asymmetric cryptographic algorithm/ uses two large primary numbers
(RSA) Rivest, Shamir and Adelman
Users share one curve and one point on the curve, less computing power than prime number based asymmetric cryptography, considered as an alternative for prime number based asymmetric cryptography for mobile wireless devices.
(DSA) Digital Signature Algorithm
what does (DH) Diffie-Hellman do
transfer same key each time
what does (DHE) Diffie- Hellman Ephemeral do
Transfers new key every time
what does (ECDH) Elliptic curve Diffie-Hellman do
transfers same key every time
what to cryptographic attacks do
attack , target algorithm weaknesses, and exploit collisions
what is known as cipher attacks, downgrade attacks, using deprecated algorithms, taking advantage of improperly implemented algorithms.
Algorithm attacks
statistical tool used to discover a pattern in cipher texts
known cipher text attack
Threat actor forces the system to abandon the current higher security mode of operation and instead of fall back to implementing an older and less secure mode.
downgrade attack
means to use a cryptographic algorithm that should not be used because of known vulnerabilities
using deprecated algorithms
finding two input strings of a hash function that produce the same hash result.
collision attack
50 percent chance that someone will have the same birthday out of 20 people
birthday attack
encryption software that can be used to encrypt or decrypt files one by one
file and file system cryptography
Asymmetric system Used for files and emails on windows computers
(PGP) Pretty good Privacy
Asymmetric system that runs on windows UNIX, Linux, operating systems.
(GNUPG) GNU Privacy Guard
file encryption system that runs on Microsoft Windows
(EFS) Encryption File System
Protects data on hard drives (EX. Bitlocker)
(FDE) Full disk encryption
type of encryption where everything is encrypted once added to the drive, admin can remotely control activity on the device, and can be remotely disabled.
USB Device Encryption
type of encryption where it protects all files stored on them, authenticating during initial startup, if authentication fails, the device can be configured to deny access or even delete the files.
(SED’s) Self-encrypted Drives
Chip on the motherboard that provides cryptographic services, includes true random number generator.
(TPM) Trusted platform module
secure cryptographic processor, performs accelerated symmetric and asymmetric encryption
(HSM) Hardware security Module
