Chapter 6: Cryptography and Symmetric Key Algorithms Flashcards
Uses a shared secret key available to all users of the cryptosystem.
Symmetric cryptosystems
Use individual combinations of public and private keys for each user of the system.
Asymmetric cryptosystems
True or False:
Codes work on words and phrases, whereas ciphers work on individual characters, bits, and blocks.
True
Uses an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.
Transposition ciphers
Uses a different substitution alphabet for each letter of the plaintext message. Usually written as a very long series of numbers to be plugged into the function.
One-time pad
Has a key length of one
Caesar cipher
Uses a key that is as long as the message itself
One-time pad
The encryption key is as long as the message itself and is often chosen from a common book, newspaper, or magazine
Running key cipher (aka book cipher)
“chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time
Block ciphers
Operate on one character or bit of a message (or data stream) at a time
Stream ciphers
Occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key
Confusion
When a change in the plaintext results in multiple changes spread throughout the ciphertext
Diffusion
Symmetric cryptography may be used with temporary keys that exist only for a single session. In those cases, the secret key is known as an
ephemeral key
What are some symmetric key cryptography weaknesses?
Key distribution is a major problem.
Symmetric key cryptography does not implement nonrepudiation.
The algorithm is not scalable.
Keys must be regenerated often.
What are some strengths of asymmetric key cryptography?
The addition of new users requires the generation of only one public-private key pair
Users can be removed far more easily from asymmetric systems.
Key regeneration is required only when a user’s private key is compromised.
Asymmetric key encryption can provide integrity, authentication, and nonrepudiation.
Key distribution is a simple process.
No preexisting communication link needs to exist.
The approach of combining symmetric and asymmetric cryptography
hybrid cryptography
The simplest mode to understand and the least secure. Each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key.
Electronic Code Book (ECB)
Summaries of a message’s content (not unlike a file checksum) produced by a hashing algorithm
Message digests
Each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted
Cipher Block Chaining (CBC)
The streaming cipher version of CBC. In other words, CFB operates against data produced in real time. However, instead of breaking a message into blocks, it uses memory buffers of the same block size.
Operates in almost the same fashion as they do in CFB mode. However, instead of XORing an encrypted version of the previous block of ciphertext, OFB XORs the plaintext with a seed value.
Output Feedback (OFB) mode
Uses a stream cipher similar to that used in CFB and OFB modes. However, instead of creating the seed value for each encryption/decryption operation from the results of the previous seed values, it uses a simple counter that increments for each operation.
Counter (CTR) mode
Takes the standard CTR mode of encryption and adds data authenticity controls to the mix, providing the recipient assurances of the integrity of the data received. This is done by adding authentication tags to the encryption process.
Galois/Counter Mode (GCM)
Combines a confidentiality mode with a data authenticity process. In this case, CCM ciphers combine the Counter (CTR) mode for confidentiality with the Cipher Block Chaining Message Authentication Code (CBC-MAC) algorithm for data authenticity. CCM is used only with block ciphers that have a 128-bit block length and require the use of a nonce that must be changed for each transmission.
Cipher Block Chaining Message Authentication Code Mode (CCM)
Operate on 64 bits of plaintext at a time to generate 64-bit blocks of ciphertext. The key is 56 bits long.
Data Encryption Standard (DES)
Operates on 64-bit blocks of plaintext/ciphertext. However, it begins its operation with a 128-bit key.
International Data Encryption Algorithm (IDEA)
Operates on 64-bit blocks of text. However, it extends IDEA’s key strength even further by allowing the use of variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits.
Blowfish
Operates on 64-bit blocks of text. It uses an 80-bit key and supports the same four modes of operation supported by DES. It supports the escrow of encryption keys.
Skipjack
Uses a single round of encryption and allows the use of variable-length keys ranging from 40 bits to 2,048 bits.
Rivest Cipher (RC4)
A block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 (zero) length and 2,040 bits. An improvement on an older algorithm called RC2 that is no longer considered secure.
RC5
It uses a 128-bit block size and allows the use of 128-, 192-, or 256-bit symmetric keys.
RC6
Allows the use of three key strengths: 128 bits, 192 bits, and 256 bits.
Advanced Encryption Standard (AES)
The most technically simple (but physically inconvenient) method involves the physical exchange of key material.
Offline Distribution
Use public key encryption to set up an initial communications link. Once the link is successfully established and the parties are satisfied as to each other’s identity, they exchange a secret key over the secure public key link.
Public Key Encryption
In this escrow approach, the secret keys used in a communication are divided into two or more pieces, each of which is given to an independent third party.
Fair Cryptosystems
This escrow approach provides the government or another authorized agent with a technological means to decrypt ciphertext. It was the approach proposed for the Clipper chip.
Escrowed Encryption Standard
