Chapter 3 Cryptography

Question 1

Cryptography

Answer 1

protection & preservation of info in all its forms

Question 2

Old Techniques

Answer 2

Steganography - concealing msgs in non-secret text Encryption - manipulate & protect data Cryptanalysis - uncover secrets others try to hide

Question 3

Cryptography focuses on

Answer 3

1) Confidentiality Cryptography - primary goal; prevent unauthorized access; should not be able to reverse encryption unless user possesses correct key
2) Integrity Cryptography - helps detect changes in information (Hashing)
3) Authentication Cryptography - positively identifying user;
4) Nonrepudiation - ability to provide positive identification of source; (most common app is digital signatures) 5) Key Distribution - most valuable components; represents the specific code to encrypt or decrypt data

Question 4

RSA

Answer 4

named after its creators, is a public-key cryptosystem built onto current OS’, secure telephones, Ethernet cards, etc for both encryption & authentication

Question 5

Cryptography terms

Answer 5

1) Plaintext/Cleartext - original msg that has not been altered; usable information; (Caesar’s Cipher is an example, where letters are displaced to a certain position) plaintext can be anything, doesn’t have to make sense to you
2) Ciphertext - opposite of plaintext, msg that has been transformed into a different form using an algorithm; also can be reversed using algorithm & key
3) Algorithm’s Cipher - the algorithm to change plaintext to ciphertext & reverse
4) Keys - discrete piece of information used to determine meaningful result of cryptographic operation

Question 6

Types of cryptography

Answer 6

1) Symmetric Cryptography
2) Asymmetric Cryptography (public key cryptography)

Question 7

Symmetric Cryptography

Answer 7

Same key is used encrypt/decrypt; -PROS: [P]reserving confidentiality, [I]ncreasing speed, [P]roviding authenticity, [E]nsuring simplicity -CONS: Key mgmt issues, Lack of nonrepudiation features (i.e. Rijindael or Advanced Encryption Standard (AES) is used by U.S. to encrypt govt files)

Question 8

Assymetric Cryptography

Answer 8

public key system that features key pair: public & private key; The public key is published somewhere, whereas private is always in user’s possession; Both keys can encrypt, but only private can reverse process; Keys must be associated w/ user in trusted manner; -PROS: has nonrepudiation; Key distribution benefits; improved privacy, security, & authentication (i.e. Hash Function) -EXAMPLE: Alice wants to send a private message to Bob so she locates Bob’s public key to encrypt the message, now only Bob’s private key can decrypt. (Everyone’s public key is known) -If Alice uses her private key to encrypt, then that is where digital signatures come into play; Now when Bob receives the msg, he needs to locate Alice’s public key & use it to verify the private key was used, if reversed, that means the msg came from Alice, if can’t be reversed, it didn’t come from Alice

Question 9

Hash function (Hashing)

Answer 9

ONE WAY used in both creating & verifying digital signature; it is an algorithm that creates a digital fingerprint in the form of a hash value/result of a FIXED length (which is usually

Question 10

PKI

Answer 10

Public Key Infrastructure - an arrangement that binds public keys with respective user by means of CA (certificate authority)

Question 11

How do you know who owns a key?

Answer 11

To bind a key to specific signer/s, Certification Authorities (CAs) issue digital certificate Recipient uses public key listed in certificate to verify that the digital signature was created with the corresponding private key

Question 12

Digital Certificate

Answer 12

an electronic credential unique to a person, computer, or service; sealed object populated with various pieces of info principal function is to bind key pair with particular subscriber; if conditions violated, certificate must be revoked

Question 13

Signing certificate

Answer 13

generate a hash value & encrypt it w/ issuer’s private key For an attacker to compromise, they would need private key of the server or private key of issuer

Question 14

Authenticating the certificate

Answer 14

A digital certificate replaces other forms of authenticating; A user who presents the credential must have method in place to validate credentials, one method is the CA, after a series of steps, digital signature can take place

Question 15

CA

Answer 15

A certificate authority creates & revokes certificates that it has in its control along with the associated public keys; it is a trusted third party responsible for issuing, managing, identifying, & revoking certificates PLUS enrolling parties for their own certificates

Question 16

Steps taken when CA issues certificate (7)

Answer 16

1) request received
2) BG info requested & validated by CA
3) info applied to certificate
4) CA hashes certificate
5) issuing CA signs the certificate w/ their private key
6) requester informed their certificate is ready for pickup
7) requester installs certificate on their computer

Question 17

Functions of CA (5)

Answer 17

1) Generation of Key Pair
2) Generation of Certificates
3) Publication of Public Key
4) Validation of Certificates (CA acts as third party between two parties who DK each other)
5) Revocation of Certificates

Question 18

Types of CAs

Answer 18

1) Root CA - initiates all trust paths; TOP; If its trust is questioned, all other systems become invalid
2) Trusted Root CA - added to an application such as browser by SW vendor
3) Peer CA - provides self-signed certificate that is distributed to its certificate holders & used by them to initiate certification paths
4) Subordinate CA (aka Child CA) - does not begin trust paths; Trust initiated from root CA
5) Registration Authority (RA) - entity positioned between client & CA that is used to take load from CA; CANNOT generate certificate, can accept requests, verify person’s identity, & pass info to CA

Question 19

PKI (public key infrastructure) system

Answer 19

refers to a group of technologies & concepts that work together to validate, issue, and manage certificates at a large scale; good for exchanging info over insecure medium; Any system interacting with this system must be PKI-aware app, most apps have this; There needs to be TRUST for the system to work.

Question 20

Digital Signatures make use of several types of encryption such as

Answer 20

asymmetric, public & private key encryption, & hashing; combining all these functions, provides authentication of msg

Question 21

Digital Signature functions

Answer 21

1) Public/Private Key Encryption - public key is only needed since it is possessed by specific party
2) Digital Certificates - public key is bound to digital certificate
3) Hashing - Lets you know whether item has been altered; The hash states the signer agrees to the current state of the document

Question 22

Hashing process example

Answer 22

1) Sean creates a message
2) Sean hashes the message using an algorithm such as MD5 or SHA2
3) Sean encrypts the hash w/ his private key
4) Sean binds the encrypted bundle & the plaintext message together
5) Sean sends the combo to Katrina
6) Katrina sees the msg came from Sean
7) Seeing who the sender is, Katrina receives Sean’s public key from the CA they both trust
8) Katrina decrypts the hash successfully, validating Sean
9) Katrina reruns the MD5 against the plaintext msg & compares the new hash w/ the one she received from Sean
10) If the two matches, the message has not been altered

Question 23

Brute-force attack

Answer 23

every combo of characters are tried in an attempt to uncover a valid key Easiest to attack Govt, then Large Multinational, then Corporation, then Small Business, then Regular User

Question 24

Other types of Attacks on Cryptography

Answer 24

1) Ciphertext-only Attack - least successful; attacker has limited knowledge, only has Ciphertext but not corresponding plaintext or the key (goal is to find plaintext)
2) Known Plaintext Attack - similarities to brute force; attacker has plaintext & ciphertext of 1+ msgs; Attacker uses this to determine key
3) Chosen Plaintext Attack - attacker is able to generate ciphertext by chosen plaintext; attacker can “feed” info into ES (encryption system) & observe output, but may not know algorithm or key in use
4) Chosen Ciphertext Attack - attacker able to decrypt chosen ciphertext into corresponding plaintext; attacker can “feed” info into DS (decryption system) & observe output, but may not know algorithm or key in use
5) Record traffic through sniffing, retransmit info later & extract key from traffic
6) MiTM attack - attacker gets between two users communicating w/ goal of intercepting & modifying packets
7) Social Engineering - coercing a user to accept a self-signed certificate, exploit vulnerabilities in web browser, take adv of cert approval process to receive valid cert to put on attacker’s own site

Question 25

Applications of Cryptography

Answer 25

1) IPSec
2) PGP
3) SSL

Question 26

IPSec

Answer 26

Internet Protocol Security - set of protocols designed to protect confidentiality & integrity of data as it flows over a NW; works at NW layer of OSI model & processes packets according to predefined group of settings; Often used w/ out major changes to computer systems; Good for VPN & remote user access

Provides two mechniams

1) Authentication Header (AH) - provides authentication of service & sender of data
2) Encapsulating Security Payload (ESP) - authenticates info + encrypt data

All of this information is inserted into a packet in a header that follows the IP packet header

Question 27

PGP

Answer 27

Pretty Good Privacy - uses public key encryption; most widely recoganized;

protect privacy of online communication + data (on HD or removable drives) Email or IM travels to destination in encrypted form, recipient uses PGP to decrypt to plaintext Similar to private/public key mechanism described earlier;

PGP user can use private key to digitally sign outgoing mail to authenticate sender (third party would not have access to private key)

Question 28

SSL

Answer 28

Secure Sockets Layer - standard for exchanging data securely over insecure channels such as the internet;

supported by all modern browsers & email clients transparently so whenever you are using your web browser,

SSL provides a secure connection between your web browser and websites

Question 29

How Nessus works with SSL

Answer 29

1) Client connects to Nessus server
2) Nessus presents client w/ a digital certificate that allows the client to identify the server
3) Client makes sure domain name matches name on the CA & the CA has been generated by a trusted authority & bears a valid digital signature
4) Once handshake is complete, client will automatically encrypt all info sent to Nessus before it leaves the computer
5) Once info arrives to Nessus, it is decrypted using secret key
6) If Nesuss sends info back, info will be encrypted