Chapter 3 Cryptography Flashcards
Nonrepudiation
ability to provide positive identification of source; (most common app is digital signatures)
Symmetric Cryptography
Same key is used encrypt/decrypt; -PROS: [P]reserving confidentiality, [I]ncreasing speed, [P]roviding authenticity, [E]nsuring simplicity -CONS: Key mgmt issues, Lack of nonrepudiation features (i.e. Rijindael or Advanced Encryption Standard (AES) is used by U.S. to encrypt govt files)
Assymetric Cryptography
public key system that features key pair: public & private key; The public key is published somewhere, whereas private is always in user’s possession; Both keys can encrypt, but only private can reverse process; Keys must be associated w/ user in trusted manner; -PROS: has nonrepudiation; Key distribution benefits; improved privacy, security, & authentication (i.e. Hash Function) -EXAMPLE: Alice wants to send a private message to Bob so she locates Bob’s public key to encrypt the message, now only Bob’s private key can decrypt. (Everyone’s public key is known) -If Alice uses her private key to encrypt, then that is where digital signatures come into play; Now when Bob receives the msg, he needs to locate Alice’s public key & use it to verify the private key was used, if reversed, that means the msg came from Alice, if can’t be reversed, it didn’t come from Alice
Hash function (Hashing)
ONE WAY used in both creating & verifying digital signature; it is an algorithm that creates a digital fingerprint in the form of a hash value/result of a FIXED length (which is usually
PKI
Public Key Infrastructure - an arrangement that binds public keys with respective user by means of CA (certificate authority)
Digital Certificate
an electronic credential unique to a person, computer, or service; sealed object populated with various pieces of info principal function is to bind key pair with particular subscriber; if conditions violated, certificate must be revoked
Signing certificate
generate a hash value & encrypt it w/ issuer’s private key For an attacker to compromise, they would need private key of the server or private key of issuer
CA
A certificate authority creates & revokes certificates that it has in its control along with the associated public keys; it is a trusted third party responsible for issuing, managing, identifying, & revoking certificates PLUS enrolling parties for their own certificates
Functions of CA (5)
1) Generation of Key Pair
2) Generation of Certificates
3) Publication of Public Key
4) Validation of Certificates (CA acts as third party between two parties who DK each other)
5) Revocation of Certificates
Digital Signature components
hash of message
encrypted with private key
Other types of Attacks on Cryptography
1) Ciphertext-only Attack - least successful; attacker has limited knowledge, only has Ciphertext but not corresponding plaintext or the key (goal is to find plaintext)
2) Known Plaintext Attack - similarities to brute force; attacker has plaintext & ciphertext of 1+ msgs; Attacker uses this to determine key
3) Chosen Plaintext Attack - attacker is able to generate ciphertext by chosen plaintext; attacker can “feed” info into ES (encryption system) & observe output, but may not know algorithm or key in use
4) Chosen Ciphertext Attack - attacker able to decrypt chosen ciphertext into corresponding plaintext; attacker can “feed” info into DS (decryption system) & observe output, but may not know algorithm or key in use
5) Record traffic through sniffing, retransmit info later & extract key from traffic
6) MiTM attack - attacker gets between two users communicating w/ goal of intercepting & modifying packets
7) Social Engineering - coercing a user to accept a self-signed certificate, exploit vulnerabilities in web browser, take adv of cert approval process to receive valid cert to put on attacker’s own site
IPSec & its two mechanisms
Internet Protocol Security - set of protocols designed to protect confidentiality & integrity of data as it flows over a NW; works at NW layer of OSI model & processes packets according to predefined group of settings; Often used w/ out major changes to computer systems; Good for VPN & remote user access
Provides two mechniams
1) Authentication Header (AH) - provides authentication of service & sender of data
2) Encapsulating Security Payload (ESP) - authenticates info + encrypt data
All of this information is inserted into a packet in a header that follows the IP packet header
PGP
Pretty Good Privacy - uses public key encryption; most widely recoganized;
protect privacy of online communication + data (on HD or removable drives) Email or IM travels to destination in encrypted form, recipient uses PGP to decrypt to plaintext Similar to private/public key mechanism described earlier;
PGP user can use private key to digitally sign outgoing mail to authenticate sender (third party would not have access to private key)
SSL
Secure Sockets Layer - standard for exchanging data securely over insecure channels such as the internet;
supported by all modern browsers & email clients transparently so whenever you are using your web browser,
SSL provides a secure connection between your web browser and websites
Root CA
- initiates all trust paths; TOP; If its trust is questioned, all other systems become invalid
