Chapter 7 - Crypto Flashcards
Monoalphabetic vs polyalphabetic
Mono - one alphabet
Poly - many alphabets
Substitution cypher
Replacing a letter for each letter with a predetermined one
Cipher
Algorithm or key
Scytale cipher
A piece of paper wrapped around a staff that could only be viewable on the correct size staff
Project lucifer
The original IBM project that NSA used to make DES
Cryptanalysis
Analyzing an encryption trying to figure out the key
Crypto system
A system that creates a crypto
Cryptovariable
The key
Key space
This is how large the key is in bits
Kerchiefs principle
Algorithm of a crypto system should always be known, only the key should be secret, others believe it should all be secret.
What gives a cryptosystem strength?
Algorithm Key length Secrecy Initialization Interoperability
Work factor
The length of time it will take to discover a message by brute force
Crypto offers what benefits?
Confidentiality Integrity Authentication Authorization Nonrepudiation - cannot deny it came from the sender
Encipher
Making data unreadable
Vernam cipher - one time pad
DUO could be an example of this..
Exclusive-OR (XOR) - if different than 1 if same than 0
Message - 1001
Key - 1100 (same length as message)
Ciphertext - 0100
Only useful one time to not develop patterns
Rules of crypto as I see it
Key - keep it secret, keep it safe
Random - computers are NOT random
Cipher - the word “the” is your enemy
Running key cipher
Physically analyzing data like the letter in a book with coordinates
Running to piece to piece to get the answer
Concealed cipher
Every third word is part of the message
Steganography
Hiding messages within other media .. Ex. Inside the Theodore jpg image
Security through obscurity.. Yikes
Least significant bit - LSB
These are the bits in the medium that do not affect the output, a perfect place to hide a message
Digital watermarking / DRM
Uses stenography to embed a logo or company specific information in the data using the LSB
Microdot
A micro photo put inside the wax of a stamp
Caesar cipher
Substitution cipher, a=z
Transposition cipher
Word grouping and scrambling based on a key
How do algorithms work within a cipher?
They are substitution and transposition methods randomized into several different sequence functions
Many algorithms to choose from, the key chooses the algorithms to use per message
Frequency analysis
E is the most common letter, the most common 8bit sequence therefor equals E
The comes next and so forth so on
KDF - key derivation function
This is the master key that creates all other subkeys
N(N-1)/2
Formula for # symmetrical keys needed
Out of band method
Using a completely separate media to transfer the key
Symmetrical key
Shared secret key
Pros:
Fast!
Hard to break
Confidentiality
Cons:
Requires secure delivery of key
Each pair needs unique key
No authenticity or nonrepudiation
Examples of symmetric algorithms
DES 3DES Blowfish IDEA RC4,5,6 AES
Asymmetrical key
PKI - private / public keys
Private to public is open message format as anyone can open the message
Public to private is secure message format because only the intended person can open it
What are the pros and cons of asymmetrical algorithms?
Pros:
Better key distribution
Better scalability
Can provide authentication and nonrepudiation
Cons:
Slow. . .
Examples algorithms for asymetrical keys
RSA DH ECC El Gamal Merkle-Hellman Knapsack
Block ciphers
A chunk of data is encrypted at a time in a block (s-box) of 32/64/128
Confusion vs diffusion
Substitution vs transposition respectively
Avalanche effect
One bit change can cause all the cipher text to change or as close as possible
Stream cipher
XOR based encryption but by bit using a keystream generator
Initialization vector
Randomness within the algorithm, cause a pattern in the plaintext to not cause a pattern in the cryptotext
Strong stream cipher characteristics
Long periods of no pattern repeat
Statistically unpredictable
Key stream is unrelated to key
Same number of 0’s and 1’s
Stream vs block
Stream is fast and less secure
Block is slower but more secure
Compression
Compression will cause redundancy to be reduced
Expansion
Expanding the plaintext to the key size
Padding
Adding material to make it more difficult to know what is legitimate message
Key mixing
This is just a subkey
Block ciphers
A chunk of data is encrypted at a time in a block (s-box) of 32/64/128
Confusion vs diffusion
Substitution vs transposition respectively
Avalanche effect
One bit change can cause all the cipher text to change or as close as possible
Stream cipher
XOR based encryption but by bit using a keystream generator
Initialization vector
Randomness within the algorithm, cause a pattern in the plaintext to not cause a pattern in the cryptotext
Strong stream cipher characteristics
Long periods of no pattern repeat
Statistically unpredictable
Key stream is unrelated to key
Same number of 0’s and 1’s
Stream vs block
Stream is fast and less secure
Block is slower but more secure
Compression
Compression will cause redundancy to be reduced
Expansion
Expanding the plaintext to the key size
Padding
Adding material to make it more difficult to know what is legitimate message
Key mixing
This is just a subkey
Public key cryptography
A hybrid approach using both asymetrical and symetrical algorithms
Asymetrical to encrypt the symetrical key and symetrical to encrypt the message
Private to public is nonrepudiation
Public to private is confidentiallity
Digital envelope
More common name for hybrid crypto approach.
What is the NSA version of DES?
DSA - data encryption algorithm - 56 bit intentionally weakened to 128 bit
What is the replacement for DES?
Rijndael - AES
How does DES work?
64 bit block goes in 64 bit block comes out..
What are the modes of symmetrical encryption?
Electronic code book ECB Cipher block chaining CBC Cipher feedback CFB Output feedback OFB Counter mode CTR
Electronic code book
Translative 1:1 cipher goes in hdkfjr comes out every time in 64 bit blocks
This is easily reverse engineered and stolen
Cipher block chaining
Plaintex 1 to ciphertext1 using IV
Plaintext2 to ciphertext2 using ciphertext1
Changing the Initialization Vector per message will assist in randomness
Processes 64 bit blocks at a time
Cipher feedback
Similar to stream cipher, uses an IV and a key to choose an algorithm generating the key stream and cipher text
The difference is in CFB the next block of plaintext uses the key and the last ciphertext to feed the key stream
Output feedback
This is exactly like cipher feedback except the key stream is used instead of the cipher text on the next plaintext block
It does not rely on the data for the crypto therefor corrupt data will not affect the output
Synchronous vs asynchronous cipher
Synchronous is stream/block
Asynchronous is chaining
3DES
Uses 48 rounds of encryption chaining to force random into the ciphertext
This was a quick fix until AES could be ratified using Rijndael
What does DES-EDE2 actually mean?
DES is used to encrypt plaintext with the first key the decrypt with a different key then encrypt that with the original key
What is IDEA?
IDEA is 64 bit block broken in 16 block chunks for processing
IDEA is an algorithm used in RSA
PGP
Software used to encrypt mail and files at rest
Blowfish
Block cipher with 32 - 448 bit key lengths and is completely open to the public
RC4
Very common stream cipher used in SSL and WEP
RC5
Highly variable round size, key size and block size..
RC6
RC5 but faster
What does rc5-32/12/16 mean?
Rc5
32 bit words or 64 bit encryption
12 rounds
16 byte key (128 bit)
Diffe-Hellman
Asymetrical key
A combines A’s private and B’s public keys to make a shared key
B combines B’s private and A’s public key to derive the same shared key
How can Non authenticated DH be broken by man in the middle?
Man in the middle generates two shared keys in either direction of the communication
RSA
An algorithm devised by multiplying two 2^300 prime numbers (numbers only divisible by themselves or 1) times the random encryption key.
One side does encryption one side does signatures each other side does the inverse
Key exchange vs key agreement?
Exchange means it needs to be shared from one side to the other
Agreement is when the keys are calculated on each side independently to be the same value
Trapdoor
This is the easiest way to solve for a crypto algorithm, in RSA this is to factor the large numbers
One way function
Easy to calculate hard to solve for
Like breaking a glass and putting it back together again
El Gamal
Extension of DH but slowest of the asymmetric algorithms
Elliptical curve cryptography
Uses an elliptical curve based on the encryption key to quickly get the values need for the crypto
Very fast, with small keys, used in mobile devices
Knapsack
Insecure Crypto based on the knapsack problem in math
What is zero knowledge proof?
Giving people only the information they need and nothing more and is relevant in private key to public key crypto
One way hash
Appended to the end of the message to ensure integrity
This is also called a message digest
What is a MAC in terms of hash and crypto
Message authentication code
It is used to protect message integrity
Uses a symmetric key to encrypt a message digest to ensure man in the middle has not occurred
HMAC
A symmetric key is appended to the message and the message is hashed with it together
CBC-MAC
Encrypts message, uses the final block of code as MAC value appended to a message
MAC offers system protection, what is this?
Data origin protection, you know the person who sent it had the symmetric key and is the weakest for of authentication
Should the same key be used for authentication and encryption?
NO
What is the block cipher MAC called
CMAC, same as CBC-Mac with a bit more complexity
CCM
Combines CMAC and CBC-MAC
CMAC for the encryption and the IV for the CBC-Mac
What is a collision free hashing algorithm?
This means no two messages can give the same hash value
MD2 MD4 MD5
Message Digest 2 - 128bit hash slowly
MD4 - 128 bit fast
MD5 - 128 bit fast and complex
None are suitable to prevent collision
SHA
160 bit message digest using an asymmetrical algorithm like Diffe-Hellman
HAVAL
Variable length modification to MD5
Tiger
Most notably a 192 bit message digest not using the MD4 architecture and does not use IVs
Birthday attack
It is easy to find two matching values I a sea of values than to find a match for a specific value, it’s a statistics problem
Meaning that 2^n/2 where n is the bit rate of the message digest is the number of attempts needed to find a duplicate of the hash value
Digital signature
Message digest encrypted by a private key giving both integrity and norepudiation
Registration Authority
Verifies the user is who they say they are
Cross certification
CA one trusts CA two and each acts as the other would
What is a certificate revoke list and online certificate status protocol?
CRL is the list of dead certificates
OCSP is the method to check when you enter a site
X.509
Certificate building standard, v3 is the most common.
How is the private key issued from as certificate authority?
It isn’t, the CER you submit has public key the certificate is made from, this public key is based off the private key generated from your machine
PKI offers what security services?
Confidentiality Access control Integrity Authentication Nonrepudiation
But not all at once, it depends on the direction and these are specifically for the slow asymmetrical encryption of the symmetric keys
Key escrow
This is the process or person who can recover a lost key
Multiparty key recovery
Requirement of 2 or more people in order to reassemble a key, this forces collusion to compromise
Trusted platform module
A hardware technology for encrypting, particularly hard drives. Provides sealing which is a hash of the configuration files to verify integrity
Link encryption vs end-to-end encryption ?
Link is with headers encrypted and is considered traffic flow security
End to end is just the data encrypted
What is MIME?
A mime type is a way to differentiate handling data types .txt is type/plaintext
S/MIME
Uses PKI for email encryption
What is a web of trust ?
Each request generates a public trust .. I give you my public key for yours and now we trust each other
Where are the public keys stored on PGP?
A key ring
What is the difference between SSL and TLS?
TLS is the open standard
What is secure electronic transaction ETS?
A superior technology of securing credit card data that requires participation and implementation from merchant, bank and vendor, not used much due to complexity .. SSL is still the standard
What is the primary purpose of a cookie?
To make stateless HTTP act more stateful.
This is how even though you close a browser your items stay in the cart..
How do I make a timeout page with cookies?
Have the client loaded web page check cookies client side periodically for session authenticity.
Cookies have timeouts.
IPSec
Used to establish a server to server VPN tunnel
What are the two security protocols and what do they do for IPSec?
Authentication header AH- does auth only
Encapsulating security payload ESP - does auth and crypto
What modes does IPSec work in?
Transport mode - payload encryption
Tunnel mode - routing/header/payload encryption
What is a security association SA?
A directional (out/in) store for the encryption keys and configurations used in an IPSec tunnel
How does a security parameter index assist in IPSec VPN?
These are used to organize and globally configure the SA for each device outbound and inbound separately
What is an ICV?
Basically just a hash, AH does the entire packet, ESP does just the data/transport for integrity
How is IKE used in IPSec?
As a key management architecture
ISAKMP is infrastructure
OAKLEY is the worker
Passive vs active attack
Passive is just listening
Active is actually modifying
Ciphertext only attack
Sniffing the ciphertext and trying to decode it
Known plaintext attack
I know this message starts with to:
And I see every message start with cypher text zxs
Zxs must be to:
Chosen-ciphertext attacks
I send you a note of importance in plaintext you feel compelled to send to others encrypted, I sniff the encrypted output and have a direct correlation
Chosen-ciphertext
I have cypher text part and the plaintext whole, where does it match?
Differential cryptanalysis
Figuring out which algorithms are more likely to run within a cryptosystem
Linear cryptanalysis
Sensing plaintext into an algorithm many ones to discover a pattern in s boxes chosen
Side channel attacks
Attacks using non mathematical means , like power voltage consumption
Replay attack
Capturing data and resubmitting it
Algebraic attack
Using mathematical principles to discover information, like 0 times something is always 0
Analytic attack
Isolated specific flaws in the algorithm to attack (double DES died this way)
Statistical attack
Checking for more 1 than 0, could identify the use of a weak random number generator
Social engineering attack
Persuasion, coercion, or bribery used to get keys
Meeting in the middle attack
Tries to match the decryption to the encryption by attacking both sides at the same time
