Cryptography Flashcards

1
Q

Confidentiality

A

Only authorized parties can access data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity

A

Verifying data has not been altered in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authentication

A

Verifying the sender is who they say they are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Non-Repudiation

A

Prevents one party from denying actions they carried out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cryptography

A

“Science of secret writing”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cryptanalysis

A

Study and practice of finding weaknesses in ciphers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Algorithm

A

“Formulas to encrypt data”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cipher

A

Method used to encode characters to hide their value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Plain Text/Clear Text

A

Info which is transferred or stored without crypto protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cipher text

A

Result of encryption performed on plaintext using an algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Substitution Cipher

A

One character or symbol into another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Substitution Code

A

Substitution at the level of words or phrases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Transposition

A

Changing the positions of plaintext letters within a sentence.

eg. meet me at noon = noontaemteem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Exclusive-OR (XOR) Operation

A

Binary mathematical operation

If values are the same = 0
If values are different = 1

Used in One-Time Pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

One-Time Pad

A

Considered Unbreakable

3 Requirements:

  1. Made up of truly random values and used only once
  2. Must be at least as long as the message
  3. Securely distributed to destination and protected at sender’s and receiver’s sights.

Cons: More overhead, needs to be received in a secure fashion, sender/receiver must be perfectly synched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Frequency Analysis

A

Study of the frequency of letters or groups of letters in a cipher text.

Eg. Wheel of Fortune

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Initialization Vectors

A

Random values used with algorithms to ensure patterns are not created during encryption process.

Not encrypted when being sent

Used in WEP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Steganography

A

Electronic Watermarking

Hiding one’s message in another in order to prevent it from being detected.

Graphics/Sound Files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ADS

A

Alternate Data Streams

Adds a program on to another to help it work across multiple platforms.

Can be used for evil.

Eg. Drive in movie with someone in the trunk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Quantum Cryptography

A

Message is sent in a series of photons. Receiver must know sequence and polarity of photons to decode message.

If someone intercepts, some of the photons will change polarity and message will be altered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Hashing

A

Used for Integrity

One-way encryption function. Takes variable-length input and makes a fixed-length output.

Hash collision happens when different inputs create the same hash value. Collision detection prevents this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

MD5

A

Message Digest 5
Hash Function (Cisco)
Digest Size: 128 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

SHA-1

A

Secure Hashing Algorithm
Hash Function
Digest Size: 160 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

SHA-2/SHA-224/256

A

Secure Hashing Algorithm
Hash Function
Digest Sizes: 224, 256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
SHA-2/SHA-384/512
Secure Hashing Algorithm Hash Function Digest Size: 512 bits
26
RIPEMD-160
Hash Function | Digest Sizes: 128, 160, 256, 320 bits
27
HAVAL
Hash Function | Digest Sizes: 128, 160, 192, 224, 256 bits
28
Whirlpool
Hash Function | Digest Size: 512
29
Brute Force Attacks
Applying every possible combination of characters that could be the key. Time may be a factor/not fast enough
30
Dictionary Attack
Uses dictionary of common words (to include proper nouns)
31
Rainbow Table/Crack
Uses a lookup table comprised of pre-calculated hash from common words.
32
Birthday Attack
Probability that someone has the same hash that attacker has already figured out.
33
SALT
Randomly generated value that is calculated into the hashing process eg. Table Salt
34
MAC
Message Authentication Code Verifies integrity and origin Symmetric Key
35
HMAC
Hashed Message Authentication Code Hash function added to MAC Adds symmetric key to data to be hashed. Used in IPSec, SSL/TLS, SSH
36
Symmetric Cryptography
* Uses one key to encrypt/decrypt info * Both parties share same key * Best for bulk encryption; faster (smaller key) than asymmetric * AKA: secret key, private key, shared key, same key, single key, session key
37
Stream Cipher
Symmetric Encryption Method * Bit by bit * Keystream * Hardware * No memory * On-the-fly * Very fast
38
Block Cipher
Symmetric Encryption Method * Software * Fixed-length blocks * Block-by-block * Uses substitution/transposition ciphers * Stronger than stream-based * Slow/resource intensive
39
Symmetric Encryption Methods
Stream Cipher and Block Cipher Pros: * Less computationally intensive * Produces smaller file size * Faster transmissions Cons: * Key distribution security * Needs to be trust between parties * Key management (n(n-1)/2=# keys needed * No "non-repudiation"
40
Symmetric Key Algorithms
``` C - CAST 3 - 3DES 2 - Twofish B - Blowfish R - RC4, 5, 6 A - AES I - IDEA D - DES S - SAFER (+, ++) ```
41
DES
Data Encryption Standard/Symmetric Based on IBM's Lucifer algorithm 64-bit Block (56-bit key + 8 bits for parity) Algorithm: DEA (Data Encryption Algorithm) Easily Broken
42
3DES
Triple DES/Symmetric Upgrade of DES (still in use) Applies DES three times 168-bit key (+24 bits for parity)
43
AES
Advanced Encryption Standard/Symmetric Current standard replaced DES 128 bit block Algorithm: Rijndael Key Sizes: 128, 192, 256 bits
44
Blowfish
Symmetric Fastest of the symmetric 64 bit block cipher Variable-length keys (32-448 bits)
45
Twofish
Symmetric 128 bit block cipher Variable length keys (128, 192, 256 bits) Finalist for AES
46
CAST
Carlisle Adams and Stafford Tavares/Symmetric Used by PGP CAST-128: * 64 bit block size * Variable key lengths (40-128 bits) CAST-256: * 128 bit block size * Variable key lengths (128, 160, 192, 224, 256 bits)
47
RC
Rivest Cipher/Symmetric RC4 (stream): Variable key length (0-2048 bits) RC5 (block): Variable block (32, 64, 128 bits) * Variable key length (0-2048) RC6 (block): Variable block (128) * Variable key length (0-2048)
48
IDEA
International Data Encryption Algorithm/Symmetric 64 bit block 128 bit key length Developed by the Swiss Used in PGP and other encryption software
49
Skipjack
Symmetric Block cipher NSA Clipper chip
50
SAFER
Secure And Fast Encryption Routine/Symmetric Used in Bluetooth For key derivation NOT for encryption SAFER+: * 128 bit block cipher SAFER++: * 64, 128 bit block cipher
51
Asymmetric Cryptography
Public Key Encryption Each user has two keys: Private/Public Keys are mathematically related Pros: * Key Management (n*2) * Public key can be freely distributed * Offers: digital signatures, integrity, key exchange, non-repudiation Cons: * Slower than symmetric * Larger encryption file
52
Asymmetric Key Algorithms
D- Diffie-Hellman E- ElGamal E- ECC R- RSA
53
Diffie-Hellman
Asymmetric Based on difficulty of computing discrete logarithms Key exchange Variable key length: 512, 1024-2048 (secure) Same strength as 3072 bit RSA key
54
El Gamal
Asymmetric Encryption, Digital Signatures, Key Exchange Based on Diffie Hellman Slow Open standard/Legacy
55
RSA
Rivest, Shamir, Adleman/Asymmetric Encryption, Digital Signatures, Key Exchange De facto standard Based on difficulty of factoring N (prod of 2 large prime #) Variable block and key length * 512 bit to arbitrarily long * 1024-2048 considered secure Used in PGP
56
ECC
Elliptic Curve Cryptography/Asymmetric Encryption, Digital Signatures, Key Exchange Based on using points on a curve to define public/private key Key of 160 bis is equal to 1024 RSA key Hardware such as wireless devices and smart cards
57
Three Things Needed to Create a Digital Signature
* Email message * Hashing Algorithm * Sender's Private Key
58
Digital Signature Process
Sender: * Creates email message * Creates message hash * Uses private key to encrypt hash * Hash becomes digital signature and is sent with message Receiver: * Hashes received message * Uses sender's public key to decrypt * If hashes match message is valid and sender is verified
59
DSA
Digital Signature Algorithm Used only for digital signatures Does not provide confidentiality Public key algorithm with var key size from 512-4096 bits Follows NIST/FIPS DSS and goes up to 1024 bits Uses SHA-1 for integrity Faster than RSA at verifying signatures
60
Two Goals of DSA
Provide authentication and integrity
61
Hybrid Cryptosystem
Symmetric for data encapsulation Asymmetric for key encapsulation Cryptographic hash can be used to provide data integrity Eg. PGP, S/MIME, TLS, SSH, IPSec
62
SSL
Secure Socket Layer Secure connection between two TCP-based machines Uses X.509v3 TCP Port 443
63
SSL Vulnerabilities
Small key size Expired digital certificates Compromised keys
64
SSL Provides:
* Confidentiality: AES, IDEA, 3DES, DES, RC4, RC2 * Message Integrity: SSLv3 MAC w/ shared key (similar to HMAC) with MD5 or SHA1 * Key Exchange: RSA, Diffie Hellman Ability to implement Mutual Authentication
65
SSL Can Be Used to Secure:
Telnet, NNTP, FTP, HTTP, SMTP, IMAP
66
TLS
Transport Layer Security Secure connection between two TCP-based machines Operates like SSSL More secure hashing than SSL TCP Port 443
67
TLS Provides:
Confidentiality: AES, IDEA, 3DES, DES, RC4, RC2 Message Integrity: HMAC Key Exchange: RSA and Diffie-Hellman More alert codes that SSL
68
HTTPS vs S-HTTP
HTTPS: * HTTP over SSL * TCP Port 443 * Encrypts communication channel S-HTTP: * Dev by Netscape * Provides security over standard page requests * TCP Port 80 * Encrypts INDIVIDUAL MESSAGES * Does not require client-side public key certs (symmetric key only)
69
SSH
Secure Shell ``` Secures remote terminal communications Secure replacement for Telnet and FTP TCP Port 22 Encrypts data w/ symmetric algorithm Est connection and authentication using public key crypto ``` Eg. PuTTY and OpenSSH
70
SMTP
Transmits mail from e-mail clients to e-mail servers and between e-mail servers TCP port 25
71
POP3
Downloads e-mail from an inbox on an e-mail server to an e-mail client TCP port 110
72
IMAP4
Downloads e-mail from an inbox on an e-mail server to an e-mail client TCP port 143
73
MIME
Multipurpose Internet Mail Extensions Defines how e-mail clients handle non-plaintext content.
74
S/MIME
Secure Multipurpose Internet Mail Extensions Uses X.509 Standard Protection for email and attachments Provides: Authentication, Integrity, Confidentiality, non-repudiation Uses: AES, 3DES, DES, RC2 Key Exchange: Diffie-Hellman with DSS or RSA SHA-1 and MD5
75
x.509 Standard
ITU standard for defining digital certificates Defines the formats and fields for public keys Defines procedures for distributing public keys
76
PGP
Pretty Good Privacy E-mail encryption system Web of Trust NOT X.509 GPG = open source version Asymmetric: RSA, DSS, Diffie-Hellman Symmetric: AES, IDEA, CAST-128, IDEA, Twofish, 3DES Hash Coding: SHA-2, SHA-1, MD5 RIPEMD-160
77
Typical Certificate Contains (6):
``` Issuer's name Valid date / to date Owner (subject) Subject's public key Time stamp Certificate issuer's digital signature ```
78
PKI
Public Key Infrastructure * Framework for managing private keys and certificates * Follows X.509 standard * Standard for key generation, authentication, distribution and storage * Est who is responsible for authenticating the ID of the owners of the digital certificate
79
CA
Certificate Authority Organization responsible for issuing, storing, revoking and distributing certificates Authenticates the certificates by signing them with their private key
80
RA
Registration Authority * Middleman between CA and subscribers * Can distribute keys, accept registrations for CA and validate identities * Does not issue certs on their own
81
Digital Certificate Enrollment Process
* Subject must prove ID to CA before cert is created * Give info physically appearing w/ and agent ID, credit report data, etc. * Once satisfied, cert is made containing ID info, public key, etc. * CA then digitally signs the cert with their private key
82
CPS
Certificate Practice Statement ``` How CA is structured How certs will be managed How subscriber's ID is validated How to request revocation Which standards and protocols are used ```
83
OCSP
Online Certificate Status Protocol * Checks for revoked certs * Queries a CA or RA that maintains a list of expired certs * Server sends a response with status of valid, suspended or revoked
84
CRL
Certificate Revocation List IDs revoked certs Expired certs not on on the CRL
85
Certificate Suspension
Certs can be suspended Ensures key is unusable for a period of time Suspend rather than expire to make them TEMPORARILY invalid
86
Certificate Expiration
If a cert expires, a new cert must be issued | NOT added to the CRL
87
Certificate Renewal
Unexpired certs can be renewed close to the end of the expiring cert's lifetime Allows same cert to be used past the original expiry time Not a good practice
88
Certificate Destruction
Establish policies for destroying old keys When key/cert no longer useful, destroy and remove from system When destroyed, notify CA so CRL and OCSP can be updated Deregistration should occur when a key is destroyed
89
Trust Models (4):
Single-Authority (AKA third-party trust) Hierarchical Trust Bridge Trust Web of Trust (AKA peer-to-peer)
90
Single Authority
Third party signs key/cert User trusts authority and all keys issued by them Trust verified by digital sig attached to public key
91
Hierarchical Trust
Root CA>Intermediate CA>Leaf CA
92
Bridge Trust
Trust between Root CAs
93
Web of Trust
All parties involved trust each other | CA does not exist to certify owners
94
Centralized Key Management
Central entity in charge or issuing keys | CA keeps a copy of the key
95
Decentralized Key Management
End user generates their own key | Does not provide key escrow (no key recovery)
96
Two Methods for Key Storage
Software-based: * Access violations/intrusions * Easily destroyed * Subject to security of access control system Hardware-based: * Most secure * More expensive * Relies on physical security * Smart cards/flash drives
97
Key Escrow
Third party may gain access to key storage Allows for key recovery Key's must be secured on escrow network/systems
98
Recovery Agent
Someone with authority to remove keys from escrow
99
M of N Control
Requires two or more recovery agents Must but multiple key escrow recovery agents Minimum number of agents must work to recover key
100
Revoking Keys
Conducted when: * Keys compromised * Authentication process malfunction * People transferred/fired * Other security risks occur Keeps key from being misused
101
Suspending Keys
Temporary | Unusable for a period of time
102
Renewing Keys
Enable key for use after scheduled expiry Reissued for certain time Bad practice
103
TPM
Trusted Platform Module Hardware Stream Cipher Encryption Symmetric