Chapter 7 Flashcards
HSM (Hardware Security Module)
Provides security management for crypto keys and is used to provide crypto keys for activities such as encryption, decryption, and authentication.
RADIUS (Remote Authentication Dial In User Service)
A remote server used for authenticating network users for WPA2-Enterprise wireless networks.
Cryptography
The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.
Cipher
A method used to scramble or obfuscate characters to hide their value
Substitution Cipher
A type of coding or ciphering system that changes one character or symbol into another.
Polyalphabetic Substitution Cipher
Using multiple alphabets as a substitution cipher for the same message
Transposition Cipher
Transposing or scrambling the letters in a certain manner.
Steganography
The art of using cryptographic techniques to embed secret messages withing another file.
Nonrepudiation
Provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender.
Symmetric Key Weaknesses
Key distribution
No nonrepudiation
Not scalable
Keys must be regenerated often
Symmetric Key Algorithms
Use a shared secret key that is distributed to all members who participate in the communications.
Asymmetric Key Algorithms
Each user has two keys: a public key, which is shared with all users, and a private key which is kept secret and known only to the owner of the keypair.
Asymmetric Key Strengths
Addition of new users only require a generation of one public-private key pair.
Users can be easily removed.
Key regeneration is only necessary when private key is compromised.
Distribution is simple.
Ensures integrity, authentication, and nonrepudiation.
No preexisting communication link needs to exist.
DES (Data Encryption Standard)
A proposed standard cryptosystem for all government communications.
ECB (Electronic Cookbook) Mode
Each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key.
CBC (Cipher Block Chaining) Mode
Each block of unencrypted text is combined with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm.
CFB (Cipher Feedback) Mode
Uses CBC to encrypt data produced in real time.
OBF (Output Feedback) Mode
Operates the same as CFB but instead of XOR’ing the encrypted version of the previous block of ciphertext, it XOR’s the plain text with a seed value.
CTR (Counter) Mode
Instead of using a seed value for each encryption/decryption, it uses a simple counter that increments for each operation.
Offline Distribution of Secret Keys
Involves the physical exchange of secret keys.
Public Key Encryption
Involves the use of public key encryption between two parties to ensure authentication, once that is done an exchange of secret keys is done before switching back to the secret key algorithm.
Diffie-Hellman
A secret key is calculated using randomly chosen values by two parties. Using the Diffie-Hellman Algorithm both parties will reach the same value which can then be used as the secret key.
5 Requirements for Cryptographic Hash Function
Accept any input of length.
Produce an output of a fixed length, regardless of input length.
Hash value is relatively easy to compute.
The has function is one way.
The has function is collision free.
SHA (Secure Hash Algorithm)
Government standard hash functions promoted by NIST (National Institute of Standards and Technology)
Digital Signature System
Assure the recipient that the message truly came from the sender.
Assure the recipient that the message was not altered.
HMAC (Hashed Message Authentication Code)
Implements a partial digital signature that guarantees the integrity but does not provide nonrepudiation.
PKI (Public Key Infrastructure)
A system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity.
Digital Certificates
Provide communicating parties with the assurance that the people they are communicating with are truly who they claim to be.
CA (Certificate Authorities)
These organizations offer notarization services for digital certificates.
RA (Registration Authorities)
Assist CA’s with verifying users’ identities prior to issuing digital certificates but do not issue the certificates themselves.