Chapter 8: Cryptography Flashcards
Cryptography
practice of storing and transmitting info in a form only authorized parties understand
plaintext
form of a readable message
ciphertext
encrypted form of a message
Cryptographic algorithms
mathematical rules to dictate functions of enciphering and deciphering
Cryptanalysis
name collectively given to techniques aimed to weaken or defeat cryptography
Nonrepudiation
service that ensures the sender cannot later falsely deny sending a message
keyspace
the range of possible keys
Larger keyspace or full use of the keyspace
allows more-random keys to be created which provides more protection
Two basic types of encryption mechanisms used in symmetric ciphers
substitution and transposition
Substitution cipher
change a character (or bit) out for another
Transposition cipher
scramble the characters (or bits)
polyalphabetic cipher
uses more than one alphabet to defeat frequency analysis
key
random string of bits inserted into an encryption algorithm; the result determines what encryption functions will be carried out on a message and in what order
Using the same key for encryption and decryption
symmetric key algorithms
Using different keys for encryption and decryption
asymmetric key algorithms
Challenges with symmetric key encryption
secure key distribution; scalability
Benefits of symmetric key algorithms
perform much faster than asymmetric key algorithms
Symmetric key algorithms provide confidentiality
but do not provide authentication or nonrepudiation
Examples of symmetric key algorithms
AES and ChaCha20
Asymmetric algorithms typical use
to encrypt keys
Symmetric algorithms typical use
to encrypt bulk data
Asymmetric key algorithms provide
authentication and nonrepudiation
Disadvantages of asymmetric key algorithms
much slower than symmetric key algorithms
Examples of asymmetric key algorithms
RSA, ECC, and DSA
Two main types of symmetric algorithms
Stream ciphers; Block ciphers
Stream ciphers
use a keystream generator and encrypt a message one bit at a time
Block cipher
divides the message into groups of bits and encrypts them
Algorithms are publicly known. the secret part of the process is the …
key provides the necessary randomization to encryption
RSA
asymmetric algorithm developed by Rivest, Shamir, and Adleman; the de facto standard for digital signatures
ECCs
Elliptic curve cryptosystems
Elliptic curve cryptosystems
used as asymmetric algorithms and can provide digital signatures, secure key distribution, and encryption functionality; use fewer resources, so better for wireless device and cell phone encryption use
Quantum cryptography
study that applies quantum mechanics to perform cryptographic functions; quantum key distribution is the application of this
QKD
quantum key distribution; generates and securely distributes encryption keys of any length between two parties
Hybrid system
when symmetric and asymmetric key algorithms are used together; asymmetric algorithm encrypts the symmetric key, and symmetric key encrypts the data
session key
symmetric key used by the sender and receiver of messages for encryption and decryption purposes; only good while that communication session is active and then it is destroyed
PKI
public key infrastructure; framework of programs, procedures, protocols, and public key cryptography to enable a diverse group of individuals to communicate securely
CA
certificate authority; trusted third party that generates and maintains user certificates, which hold public keys
CRL
certification revocation list; keeps track of revoked certificates
certificate
mechanism the CA uses to associate a public key to a person’s identity
RA
registration authority; validates user’s identity and then sends the request for a certificate to the CA. RA cannot generate certificates
one-way function
mathematical function easier to compute in one direction than in the opposite direction
RSA computing
based on a one-way function that factors large numbers into prime numbers; only the private key knows how to use the trapdoor and how to decrypt messages which were encrypted with the public key
Hashing algorithms provide …
data integrity only
Message digest
produced when a hash algorithm is applied to a message
digital signature
a message is hashed and creates a message digest, which is signed by a private key to produce a digital signature
Examples of hashing algorithms
SHA-1, SHA-2, SHA-3 and MD5
SHA produces … bit hash value and is used in …
160-bit hash value and is used in DSS
birthday attack
attack on hashing functions through brute force; attacker tries to create two messages with the same hashing value
one-time pad
a pad with random values that are XORed against the message to produce ciphertext; pad is at least as long as the message itself and is used once and then discarded
digital signature
result of a user signing a has value with a private key; provides authentication, data integrity, and nonrepudiation
the act of signing
the actual encryption of the value with the private key
ciphertext-only attacks
involve analyzing the ciphertext of one or more messages encrypted with the same algorithm and key to discover the key that was used
known-plaintext attack
attacker has the plaintext and corresponding ciphertext of one or more messages and wants to discover the key that was used to decrypt future encrypted messages
chosen-plaintext attack
similar to known-plaintext attack, but attacker chooses the plaintext that gets encrypted to see the corresponding ciphertext and then discover the key
chosen-ciphertext attack
similar to chosen-plaintext attack but the attacker chooses the ciphertext and then gets to see the corresponding decrypted plaintext to then discover the key
frequency analysis
statistical attack; identifies statistically significant patterns in the ciphertext generated by a cryptosystem
Implementation attacks
techniques used to exploit defects in the implementation of a cryptosystem
Side-channel attacks
analyze changes in the environment around a cryptosystem in an attempt to infer an encryption key whose processing causes those changes
Timing attacks
side-channel attacks that use time measurements to determine the inner workings, states, and even data flows within a cryptosystem
Fault injection attacks
attempt to cause errors in a cryptosystem in an attempt to recover or infer the encryption key
MitM attacks
man-in-the-middle attacks; threat actors intercept an outbound secure connection request from clients and relay their own request to the intended servers, terminating both and acting as a proxy
Pass the hash
type of attack against Microsoft Windows Active Directory in which the attacker resubmits cached authentication tokens to gain illicit access to resources
Ransomware
type of malware that encrypts victims’ files and holds them ransom until a payment is made to an account controlled by the attacker
Goal of Cryptanalysis
carried out by the white hats to test the strength of the algorithm; process of trying to reverse-engineer a cryptosystem to uncover the key used
one-way hash function
converts a message of arbitrary or variable length (any size) into a value of fixed length (message digest); SHA creates one of 160 bits
US federal government algorithm developed to secure message digests
SHA; Secure Hash Algorithm
DSS
Digital Signature Standard; the standard to create digital signatures; dictates SHA must be used and outlines the digital signature algorithms that can be used with SHA: RSA, DSA, ECDSA
DSA
Data Signature Algorithm
RSA vs DSA
RSA can provide data encryption, key exchange, and digital signatures; DSA only provides digital signatures
digital signature
message digest encrypted with the sender’s private key
Work factor of a cryptosystem
amount of time and resources necessary to break the cryptosystem or its encryption process
Goal of a work factor
To be so high that an attacker could not be successful in breaking the algorithm or cryptosystem
Purpose of one-way hashing on user passwords
Prevents anyone from reading passwords in plaintext; the actual password is not transmitted across the network or stored on a system in plaintext; greatly reduces the risk of an attacker being able to obtain the actual password
RSA algorithm’ security
based on the difficulty of factoring large numbers into their original prime numbers; a one-way function. calculating the product is easier than identifying the prime numbers used to generate that product
