CISSP ch 6 Flashcards
Symmetric modes of operation that propagate errors
CBC and CFB (stream version of CBC)
Symmetric modes of operation that provide authentication
GCM and CCM
HSM
Hardware security module
Manages cryptographic keys
Fair cryptosystems
Pieces of secret key are given to an independent third party who will share pieces with government pursuant to a court order
PKI
Public Key Infrastructure
Math of RSA
Factoring large prime numbers
Math of Elgamal
Modular arithmetic (extension of Diffie Helman), doubles size of message
Math of ECC
Elliptic curve cryptography, elliptic curve discrete logarithm problem
DHE / EDH
Diffie Helman key exchange, relies on factoring of prime numbers and modular arithmetic
ECDHE
Elliptic curve Diffie Helman exchange
SHA-256 message size
256 bits
SHA 256 block processing size
512 bits
SHA 224 processing block size
512 bits
SHA 512 message size
512 bits
SHA 512 processing block size
1024 bits
SHA 384 processing block size
1024 bits
MD5 processing block size
512 bits
MD5 message size
64 bits less than a multiple of 512
RIPEMD
RIPE message digest, hashing used in Bitcoin, only RIPEMD 160 and 320 are secure
HMAC
hashed message authentication code = implements a partial digital signature, guarantees integrity of message, but does not provide nonrepudiation = uses symmetric encryption / shared secret key that encrypts a hash value
DSS
Digital signature standard = specified by NIST in FIPS 186-5, all federally approved digital signature algorithms must use SHA-3 hashing functions, specifies encryption algorithms (only three that are approved):
RSA, specified in ANSI X9.31
ECDSA = Elliptic Curve digital signature algorithm, specified in ANSI X9.62
EdDSA = Edwards-Curve Digital Signature Algorithm
ECDSA
Elliptic Curve digital signature algorithm
EdDSA
Edwards-Curve Digital Signature Algorithm
DSA
Digital signature algorithm, no longer approved in current version of FIPS 186-5
Digital certificates
endorsed copies of an individual’s public key, use x.509 standard
CN and DN on a digital certificate
Common name and distinguished name of a subject
CA
Certificate Authority
RA
Registration authority = assist certificate authority with verifying users’ identities
CSR
Subject provides their public key in the form of a certificate signing request
DV certificate
Domain validation certificates, simples and most common, verifies that subject has control of the domain name
EV certificate
Extended validation certificates, higher level of assurance, certificate authority takes steps to verify that the certificate owner is a legitimate business
CRL
a certificate revocation list (CRL)
maintained by the various certificate authorities, contain serial numbers of certificates issued and revoked by a given certificate authority, along with date and time of revocation
must be downloaded and cross-referenced periodically, introducing a period of latency between the time a certificate is revoked and the time end users are notified of the revocation
OCSP
the Online Certification Status Protocol (OCSP)
eliminates latency by providing a means for real-time certificate verification
when a client receives a certificate, it sends an OCSP request to the CA’s OCSP server, who then responds with a status of valid, invalid or unknown
places significant burden on OCSP server
Certificate Stapling
An extension of OCSP that relieves some of the burden placed on certificate authorities
Web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server, which it then attaches, or staples, to the digital certificate provided to the client/user
When the next user visits the website, stapled certificate can be reused as long as the timestamp is recent enough (usually have a validity period of 24 hours)
DER certificate format
Distinguished Encoding Rules = most common binary format = .der, .crt or .cer extensions
PEM certificate format
Privacy Enhanced Mail = ASCII text version of the DER format = .pem or .crt
PFX certificate format
Personal Information Exchange = format commonly used by Windows systems, may be stored in binary form = .pfx or .p12
P7B certificate format
used by Windows systems, stored in ASCII text format = .p7b
TPM
Trusted Platform Module = chip that resides on the motherboard to store and manage keys used for full-disk encryption (FDE) solutions, prevents someone from removing and accessing the drive on another device
PGP
Pretty Good Privacy = secure email system developed by Phil Zimmerman in 1991, combines certificate authority hierarchy with the ‘web of trust’ concept (must become trusted by one or more PGP users to being using the system) = commercial product sold by Symantec and open source variant called OpenPGP, commercial providers also offer PGP-based email services
ProtonMail
StartMail
Mailvelope
SafeGmail
Hushmail
Minimum TLS security
TLS 1.2 (2008) now considered minimum secure option, anything older (SSL 3.0, TLS 1.0, TLS 1.1) is insecure
TLS 1.3 (2018) is also secure and adds performance improvements. Note: Must ensure that security algorithms being used by TLS are secure as well
POODLE
Padding On Downgraded Legacy Encryption = attack in 2014 on SSL 3.0 fallback mechanism of TLS, caused TLS v1.2 to drop this backward compatibility
Link encryption
protects entire communications circuits by creating a secure tunnel between two points using either a hardware solution or a software solution
all the data (header, trailer, address and routing data) is encrypted, each packet has to be decrypted and re-encrypted at each hop to be properly routed, which slows the routing
done at lower OSI layers
SSH minimum security
SSH2 drops support for DES and IDEA, but adds support for Diffie-Hellman key exchange and the ability to run multiple sessions over a single SSH connection, provides added protection against man-in-the-middle (on-path) attacks, eavesdropping and IP/DNS spoofing
IPsec transport mode vs tunnel mode
transport mode
for end-to-end encryption and peer-to-peer communication
only the packet payload is encrypted
tunnel mode
for link encryption
the entire packet, including the header is encrypted
IPsec SA
At runtime, you set up an IPsec session by creating a security association (SA)
SA represents the communication session and records any configuration and status information about the connection
Represents a simplex connection, if you want a two-way channel, you need two SAs, one for each direction. If you want a bidirectional channel using both AH and ESP, you will need to set up four SAs
IPsec can filter and manage communications on a per-SA basis
Without a valid SA defined, pairs of users or gateways cannot establish IPsec links
PBKDF2, bcrypt and scrypt
Specialized password hashing functions PBKDF2, bcrypt and scrypt allows for the creation of hashes using salts and incorporate a technique known as key stretching (adding values until input is a fixed length) that makes it more computationally difficult to perform a single password guess
Analytic Attack
Algebraic manipulation that attempts to reduce the complexity of the algorithm
Focuses on the logic of the algorithm itself
Implementation attack
Exploits weaknesses in the implementation of a cryptography system
Focuses on exploiting the software code
Statistical attack
Exploits statistical weaknesses in a cryptosystem (e.g., floating-point errors or the inability to produce truly random numbers)
Focuses on hardware or operating system hosting the cryptography application