Chapter 5 - Cryptography Flashcards
Quantum crytopgraphy
quantum key distribution - uses physics (not math, as was used in traditional cyrtography) to secure data. It is not used to encrypt, transfer of store encrypted data. it allows the exchange of a cryptography key between two remote parties by the laws of physics. - Uses single-photon light pulses. Increased speed of quantum computers comes from forming a superposition of numbers.
availability
cryptography doesn’t completely support it but denying attacker access helps not damaging the system for the authorized users.
hashed password files
not encrypted therefore no keys to decrypt
link encryption
provided by service providers - encrypts all data along a communication path - communication nodes need to decrypt the data to continue routing. Also encrypts routing information so provides better traffic confidentiality than end-to-end.
end to end
usually performed by end user at start of communications channel, remains encrypted until it is decrypted at remote end. Possible to combine both types. Routing information remains visible
key custering
different encryption keys generate the same ciphertext from the same plaintext message
synchronous
each encryption or decryption request is performed immediately
asynchronous
encrypt/decrypt requests are processed in queues.
a hash function
one-way mathematical operation that reduces a message into a smaller fixed length - hash value
digital signatures
provide authentication of a sender and integrity of a sender’s message. Hash value encrypted using private key of sender. Receiver decrypts the hash value using the signer’s public key, then performs the same hash computation over the message. if hash values are the same then signature is valid
asymmetric
one key to encrypt and another to decrypt - most commonly used with PKI - Public Key Infrastructure
digital certificate
electronic document with name of organization or individual, business address, digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date.
certificate authority
entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates
registration authority
performs certificate registration services on behalf of a CA
Ciphertext of Crytpogram
altered form of plaintext message
cryptosystem
entire operation - algorithm, the key and the management functions
encryption
same as enciphering - process of converting message from its plaintext to ciphertext
decryption
decipher, reverse process of encryption
key or cyrptovariable
the input that controls the behavior of the algorithm (mathematical function)
nonrepudiation
security service - evidence maintained so that the sender and the recipient cannot deny having participated in the communication.
cryptoanalysis/cryptogolgy
study to defeat cryptographic techniques/science that deals with hidden,disguised or encrypted communications
collision
hash function generates the same output for different inputs
key space
total number of possible values in an algorithm
work factor
time and effort to break a protective measure
initialization vector (IV)
nonsecret binary vector used as the initializing input algorithm - to increase security by introducing additional cyrptographic variance
encoding
changing a message into another format, decoding is the reverse
transposition or permutation
reordering plaintext to hide the message
substitution
exchanging one letter for another
SP-network
Claude Shannon - used in block ciphers to increase their strength. SP (Substitution and permutation)
Confusion
mixing key values in repeated rounds
diffusion
mixing up location of plaintext throughout ciphertext
avalanche effect
minor change in key or plaintext has significant impact in resulting ciphertext, fature of a strong hashing algorithm
two methods of encrypting data
stream and block methods
stream based ciphers
on bit by bit basis - most commonly associated with streaming applications such as voice or video transmission - mix plaintext with a keystream - Exclusive-or (XOR) operation - a very fast mathematical operation. Relies primarily on subsitution of bit for another. Keystream should be long enough to not be easily guessed or predictable. Many implemented in hardware
block ciphers
operates on blocks or chunks of data into a preset size. most use combination of substitution and tranposition - makes it realitvely stronger than stream based - more expensive to implement - many implemented in software
Electronic Code Book
each block encrypted separately - same plain text will encrypt to same ciphertext - revelas patterns in the code - for very short messages <64 bits e.g. transmission of a DES key
Cipher Block Chaining
each block is XORed with the previous ciphertext block before being encrypted - hides patterns. each initialization vector randonly generated will prevent patterns
DES
Data encryption standard work of Harst Feistal - 64 bits in length - every 8th bit ignored for parity. Effective length is 56 bits - 2 to the 56 power. 16 identical stages. - strong and fast but not suitable for very confidential data due to the increase incomputing power - suspetible to brute force attack
Blais de Vigenere
developed the polyalphabetic cioher using a keyword and 26 alphabets
one time pads
asserted as unbreakable - Gilbert Vernam - running key cipher
Asymmetric algorithms
RSA, EL Gamel and ECC have message authentication and digital signature functionality. Whit Diffie/Martin Hellman - two keys private and public. Sneder encrypts the the message with the public key of the receiver. The receiver decrypts with the private key. (Confidential Message). Open message is the reverse. By the sender doing both public and private there is confidential and proof of origin. Slower than symmetric.
symmetric
single key used for both encryption and decryption - shared key - Caesar copher, Spartan Scytale, and Enigma
ECB
electronic Codebook Mode - 64bit - only used for short messages
CBC
Cipher block chaining mode stronger than ECB
CFB
Cipher feedback mode - individual segments - 1 bit, 8 bit, 64 bit and 128 bit - IV loaded into shift register
OFB
Open feedback mode - feeds encrypted stream back into itself
Counter mode
used in high-speed applications such as IPSec and ATM - 64 bit random data block used as the first IV
Triple DES
2 o 112 power - slow
AES
Advanced encryption (128) standard Rijndael algorithm (Daemon/Rijmen) - block cipher CCMP is th actual encryption protocol. - 128, 192 ro 256 bits
IDEA
International Data Encryption Algorithm - 128 bit key and 64 bit blocks - 8 rounds
CAST
Carlisle Adams and Stafford Tavares keys betwee 40 and 128
blowfish
symmetrical algorithm - extremely fast - divides input blocks into two halves - twofish adapted version
rc5
ron rivest 0 to 2040 bit keys
rc4
stream based cipher - most widely used