CISSP Cryptography - Domain 5 Flashcards
Q
A
Cryptography goals - Confidentiality
Unauthorized parties cannot access information.
Cryptography goals - Authenticity
Validating the source of the message to ensure the sender is properly identified.
Cryptography goals - Integrity
Assurance that the message was not modified during transmission, accidentally or intentionally.
Cryptography goals - Non-repudiation
A sender cannot deny sending the message at a later date.
Binary operations and Key components -Key
Just a string of bits: 1. May be a single large number or group of numbers. 2. Possible length 2N.
Binary operations and Key components - Plain text
Digital representation of data - ASCII, MS Word, Excel, Email, etc.
Binary operations and Key components - Encryption and Decryption operations
- Bit-wise operations-XOR, shift left/right, substitutions or permeations. 2. Mod N arithmetic using numerical values - add, sub, mult, div, raise to the power.
Keyspace
- Range of possible values that can be used to construct a key. 2. The larger the keycap, the more possible key values, and the more random the whole process, which increases the cryptosystem’s strength.
Symmetric Keyspace
- For a small 16-bit key, the key is 2 to the power of 16 or 65536 keys. 2. For DES (56 bits) it is 2 to the power of 56 or 72 quadrillion keys.
Strength of a Cryptosystem
- Algorithm, secrecy of key, length of key. 2. Strength of the protection mechanism should be used in correlation to the sensitivity of the data being encrypted. 3. Even if the algorithm is very complex and thorough, there are other issues within encryption that can weaken the strength of encryption methods.
Symmetric Ciphers (Algorithms)
- Stream Ciphers - Exclusive OR (XOR). 2. Block Ciphers - a. Substitution ciphers - replacing one value for another b. Transposition/permutation ciphers - change in relative position.
Asymmetric Ciphers
Public Key Cryptography - public/private key pairs.
Cryptosystem solutions
- Confusion - hiding patterns in the plaintext by substitution. 2. Diffusion - transposing the plain text through cipher text. 3. Avalanche - a change in one bit of the plaintext causes a change in half the resultant ciphertext.
History of Cryptography - Hieroglyphics
- 2000 B.C.. 2. First known cryptographic method. 3. Not really for secrecy. 4. Use of “non-standard” hierglyphics.
History of Cryptography - Scythe Cipher
Spartans wrapped papyrus around a rod to encrypt and decrypt a message: 1. 400 B.C. 2. Used to convey military directives.
History of Cryptography - Substitution Cipher
- One character is replaced with another. 2. When only one set of characters is used for substitution it is a mono-alphabetic algorithm. 3. Caesar also used a similar algorithm that sifted characters three places.
History of Cryptography - Vigenere Cipher (Polyalphabetic)
- Vigenere Cipher - proposed by Blaise de Vigenere from the court of Henry III of France in the 16th century. 2. Polyalphabetic is using two or more cipher alphabets.
History of Cryptography - Cryptography in War
Enigma: 1. Used in WWII to encrypt telegraphic comms. 2. Rotor cipher machine that used polyalphabetic substitution. 3. Key was the orignal setting of the rotors and the sequence of advancement for each rotor. 4. Individual rotors are connected in a bank. 5. Character entered and substituted by each rotor for encryption.
Cryptography Definitions - Cryptography
Science of hiding meaning in communications.
Cryptography Definitions - Cryptanalysis
Science of studying and breaking the secrecy of encryption algorithms and their necessary pieces.
Cryptography Definitions - Cryptosystem
Mechanism that carries out the encryption process.
Cryptography Definitions - Work Factor
The amount of time and resources needed to overcome protective measures of a crypto system: “breaking” is decreasing the work factor to a reasonable level.
Cryptography Definitions - Cryptographic Algorithm (Cipher)
Procedure to encrypt plaintext into ciphertext and vice versa.
Cryptography Definitions - Cryptovariable (key)
A variable used in conjunction with an algorithm to encrypt and decrypt data.
Cryptography Definitions - Key Space
The range of available key values to be used by an algorithm..
Encryption
The process of turning plain text into ciphertext.
Decryption
The process of turning cipher text into plain text.
Encryption/Decryption process requires:
- An algorithm. 2 A key.
Two types of encryption operations:
- Symmetric and 2. Asymmetric.
Cryptography Definitions - Vernam Cipher (aka One-time pad)
- Devised by Vernam in 1917 - uses a one-time random “pad” that is at least as long as the message to be encrypted. 1. One-time pads are used in pairs - a. one copy is used by sender and the other is used by the recipient b. should only be used once.
Binary Mathematics - Exclusive OR
- Binary mathematical operation that is applied to two bits. 2. Two rules; a. If both bits are the same, the result is zero -or- b. if both bits are different the result is one. 3. Logical “either/or”: a. output is true if either, but not both inputs, are true. b. output is false, if both inputs are false or bot inputs are true.
Running Key Cipher aka Book Cipher
- Uses a key that does not require an electronic algorithm and bit alterations, but clever steps in the physical world. 2. Book number, page number, line number, and word number. 3. Example - 3rd book, page 112, line 4, 6th word is “informative”.
Symmetric Stream Cipher
- Can be much faster than a block cipher. 2. Operates on smaller units of plaintext, while block ciphers work on much larger. 3. More suited for hardware implementation than a block cipher.
Strength of a stream cipher depends on:
- Long periods of no repeating patterns within key stream values. 2. Statistically unpredictable. 3. The key stream is not linearly related to the key. 4. Statistically unbiased key stream ( as many 0’s as 1’s). 5. Used for secure wireless communications: RC4 cipher (WEP and WPA) Bluetooth “E0” cipher.
Symmetric Block Cipher
- Message is divided into blocks and put through mathematical functions called Substitution Boxes (S-Boxes). 2. Algorithm dictates all possible functions, and the key determines which of these possibilities will be used and in what order. 3. Each function performs a different mathematical operation. 4. Cipher should contain confusion and diffusion.
Clipper Chip
- Protects private communications. 2. Agents can obtain the “keys” upon “legal authorization”. 3. Keys are held by two government “escrow agents”. 4. Developed by NSA. 5. Skipjack algorithm was classified as secret. 6. Precluded any public scrutiny. 7. 80 bit key. 8. 16 bit checksum. 9. Several deficiencies. 10. Mainly a backdoor into your private data. 11. Started in ’93. Dead in ’96.
Data Encryption Standard (DES)
- IBM submitted Lucifer algorithm for the NSA DES standard in 1974. 2. Original Lucifer algorithm used 48 to 128 bit keys and NSA implemented the 64-bit key-56 bits for the key and 8 for parity. 3. Lucifer was altered and called Data Encryption Algorithm (DEA).
Data Encryption Standard (DES) Technical
- Block symmetric Algorithm. 2. Blocks of 64 bits are put through 16 rounds of transposition and substitution functions - order and type of functions is dictated by the key value. 3. For GOV agencies. 4. Double DES. 5. Triple DES.
Modes of Block Cipher - Electronic Code Book (ECB)
- Same cypher text is always produced for the same plaintext. 2. Easier to identify patterns. 3. It is best used on small amounts of data. 4. Each key indicates a different code book. 5. Uses MAC for integrity and authentication. DES has 5 modes.
Modes of Block Cipher - Cipher block chaining (CBC)
- Encryption is dependent on values from the previously encrypted block. 2. First block will be XORed against the IV as no previous cipher text exist for the first block. 3. Each block of encrypted cipher text is XOR’ed with the next plaintext block to be encrypted.
Modes of Block Cipher - Cipher Feedback mode (CFB)
- Previous cipher text is used to encrypt the next block of data. 2. Often used to encrypt individual characters (terminals).
Modes of Block Cipher - Output Feedback Mode (OFB)
- The entire output of the previous blocks calculation is used as input for the next block’s encryption. 2. Often used to encrypt satellite comms.
Modes of Block Cipher - Counter Mode (CTR)
- Similar to OFB, but IV’s are successive values of a “counter”. 2. CTR mode is well suited to operation on a multiprocessor machine because the encryption of each block can be performed in parallel. 3. Note the the nonce in this graph is the same thing as the IV in other graphs and is concatenated, added, or XORed with the counter value.
Triple DES
- As processing power increased DES was “broken”. 2. Encrypts messages 3 times with multiple keys: a.DES-EEE3 uses three keys for encryption b. DES-EDE3 uses 3 keys, encrypt decrypt, encrypt. c. DES-EEE2 or EDE2 are the same as EDE3 but first and third operation use the same key. 3. Performance hit.
Advanced Encrypted Standard
- Rijndael Algorithm. 2. U.S. Official standard for sensitive but unclassified data encryption. 3. Block Symmetric encryption algorithm. 4. Key sizes of 128, 192 and 256.
Public Key Ciphers
- Diffie-Helman. 2. RSA. 3. ECC 4. El Gamal 5. DSA.