Cryptology Flashcards
Encryption is…
A method of transforming readable data, called plaintext, into a form that appears to be random and unreadable, which is called ciphertext. It can be created through hardware components or program code in an application
Cryptosystem is
A system or product that provides encryption and decryption.
Algorithm
The set of rules also known as Ciphers, dictates how enciphering and deciphering take place.
In Encryption, the Key also known as cryptovariable
Is a value that comprises a large sequence of random bits.
Algorithm contains keyspace, which
Is a range of values that can be used to construct a key.
When algorithm need to generate a new key, it uses random value from the keyspace
Cryptosystem encompasses all the necessary components for encryption and decryption to take place. A Cryptosystem is made up of at least the following:
- Software
- Protocols
- Algorithms
- Keys
Example of a Cryptosystem
Pretty Good Privacy (PGP)
Crytosystems can provide the following services:
- Confidentiality
- Integrity
- Authentication
- Authorization
- Nonrepudiation
Cryptography is
Practice of storing and transmitting information in a form that only authorized parties can understand
Kerckhoff’s Principle:
August Kerckhoffs published a paper in 1883
Stating that the only secrecy involved with a cryptography should be the key. He claimed that the algorithm should be publicly exploit.
The strength of an encryption method comes from:
- the algorithm
- the secrecy of the key
- the length of the key
- how all work together within a cryptosystem
Breaking Cryptosystem can be accomplished by a….
Brute-force attack
Another name for cryptography strength is_____
Workfactor (work function), which is an estimate of the effort and resources it would take an attacker to penetrate a cryptosystem
(Time and effort to break a protective measure)
One-Time Pad, which is invented by Gilbert Vernam in 1917 (aka Vernam Cipher) is a ______
Perfect encryption scheme because it is considered unbreakable if implemented properly
One-Time pad is made up of random bits. This encryption process uses a binary mathematic function called…..
Exclusive-OR (XOR)
XOR (exclusive-OR) is an operation that is applied to 2 bits. When combing the bits: if both values are same the result is ____. If the bits are different from each other, the result is ____.
1 XOR 1 = 0
1 XOR 0 = 1
One-Time pad Requirements. (To be successful)
- Made up on truly random values
- Used only one time
- securely distributed to its destination
- secured at sender’s and receiver’s sites
- At least as long as the message
The Cryptographic life cycle is the….
Ongoing process of identifying your cryptography needs, selecting the right algorithms, provisioning the needed capabilities and services, and managing keys.
Cryptographic methods
- Symmetric Key (aka Secret key)
- Assymmetric key (Public and private key)
A variant of the approach is called ECC ( Elliptic Curve Cryptography)
Symmetric Key Cryptography:
- the sender and receiver use two instances of the same key for encryption and decryption.
- Key has dual functionality, it carry both encryption and decryption processes.
- Also called Secret Keys
- one separate key for each friend or receiver.
- depends on how well users protect their secret keys
- Provide confidentiality
- examples: AES (Advanced Encryption Standard) and ChaCha20
Advantages Symmetric Key
- Much Faster
- Hard to break if using a large key size
Block Ciphers
- Is used for encryption and decryption purposes, the message is divided into blocks of bits.
- these blocks are then put through mathematical functions, one block at a time.
A strong Cipher contains right level of 2 main attributes: Confusion and Diffusion….
- Confusion: is commonly carried out by substitution
- Diffusion: is carried out by using transposition
More on Confusion and Diffusion:
In algorithms,
- diffusion takes place as individual bits of a block are scrambled, or diffused, throughout that block.
- Confusion is provided by carrying out complex substitution functions so the eavesdropper cannot figure out how substitute the right values and come up with the plaintext.
Avalanche effect
- If the input to an algorithm is slightly modified, then then the output of the algorithm is changed significantly.
- So a small change to the key or the plaintext should cause drastic changes to the resulting ciphertext.
The ideas of Diffusion and Avalanche effect are basically the same. True or False
True
Who came up with Avalanche Term and Diffusion:
Avalanche: Horst Feistel
Diffusion: Claude Shannon
Stream Cipher
- A Steram Cipher does not divide a message into blocks. Instead, treats the message as a stream of bits and perform mathematical functions on each bit individually.
Stream Ciphers use…..
Keystream Generators, which produce a stream of bits that XORed with the plaintext bits to produce ciphertext.
Initialization Vector (IV)…
- Initialization Vectors are random values that are used with algorithms to ensure patterns are not created during the encryption process.
- they are used with keys and do not need to be encrypted when being sent to the destination.
If Initialization Vector (IV) are not used…
Then two identical plaintext values that are encrypted with the same key will create the same two identical plaintext values that are encrypted with the same key will create the same ciphertext.
What are the characteristics of a strong effective stream ciphers?
- Easy to implement Hardware
- Long periods of no repeating patterns within keystream values
- a keystream not linearly related to the key
- Statistically unbiased keystream (as many zeroes and ones)
Asymmetric Key Cryptography
- In Public Key systems, each entity has different, asymmetric keys.
- Two different asymmetric keys are mathematically related.
- If message is encrypted by one key, the other key is required to decrypt the message.
- One key is called public and the other one private.
- The public key is known to everyone, and the private key only known to the owner
Asymmetric | Secure Message Format
- If confidentiality is the most important security service to a sender, she would encrypt the file with the receiver’s public key.
- This is called a secure message format because it can only be decrypted by the person who has the corresponding private key.
Asymmetric | Open Message Format
- If authentication is the most important security service to the sender, then she would encrypt the data with her private key.
- Encrypting data with the sender’s private key is called an open message format.
Strengths of Asymmetric key Crytosystems
- Better key distribution than symmetric systems
- Better scalability than symmetric systems
- can provide authentication and Nonrepudiation
- Examples: RSA, ECC, DSA
Symmetric | Asymmetric: Use
- Symmetric: Bulk encryption, which means encrypting files and communication path
- Asymmetric: Key Distribution and Digital Signatures
Symmetric | Asymmetric: Security Services Provided
- Symmetric: Confidentiality
- Asymmetric: Confidentially, Authentication, and Nonrepudiation
RSA (Rivest, Shamir, Adleman) is a….
- Public Key algorithm that is the most popular when it comes to asymmetric algorithms.
- RSA is worldwide de facto standard and can be used for digital signatures, key exchange, and encryption.
- this can be used as a key exchange protocol
Quantum Key Distribution (QKD) is…
A system that generates and securely distributes encryption keys of any length between two parties.
HYBRID
Symmetric and Asymmetric
- A symmetric algorithm creates keys used for encrypting bulk data, and
- An Asymmetric algorithm creates key used for automated key distribution
What is a “session key”?
- A session key is a single-use symmetric key that is used to encrypt messages between two users during a communication session.
- Same as a symmetric key but is only good for one communication session
Symmetric Cryptography can be referred to as any the following four names:
- Secret key cryptography
- Session key cryptography
- Shared key cryptography
- Private key cryptography
One-Way hash is a
Function that takes a variable-length string (a message) and produces a fixed length value called a hash value.
Hashing Algorithm is not a secret - it is publicly known. True or false?
True. The secrecy of the one-way hashing function is its “one-wayness”
Collision Free Hash
If a hashing algorithm takes steps to ensure it does not create the same hash value for two or more messages, it is said to be “Collision Free”
Characteristics of a strong hash function:
- The has should be computed over entire message.
- The hash should be one-way function so message not disclosed by their values
- Given a message and its hash value, computing another message with the same hash value should be impossible
- The function should be resistant to birthday attacks
Hash MD5 (Ron Rivest 1991)
128-bit hash, but the algorithm is subject to collision attacks, and therefore no longer suitable for applications like digital certificates and signatures that require collision attack resistance.
Hash SHA is
Designed by NSA and published by the NIST to be used with the Digital Signature Standard (DSS)
One-Way Hash function - Birthday attack
An attacker can attempt to force a collision, which is referred to as a birthday attack.
Ways to verify message integrity
- Message Digest
- Message Authentication Code (MCA)
- Digital Signatures
Message Authentication Code (MAC)
- MAC, an authentication scheme derived by applying a secret key to a message in some form.
- this doesn’t mean the symmetric key is used to encrypt the message.
Example of MAC (Message Authentication Code)
Hash MAC (HMAC)
To add Authentication and Nonrepudiation to a hash, what should be done?
Digital Signatures
U.S. Federal government established a standards pertaining to their functions and acceptable use in 1991, NIST proposed a federal standard called
Digital Signatures Standard (DSS)
Best known and most widely used digital signature algorithms;
- RSA - Digital Signatures, Encryption, and secure distribution of symmetric keys
- DSA - Digital Signatures
Public Key Infrastructure (PKI) consists of…..
Programs, data formats, procedures, communication protocols, security policies, and Crytosystems working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
There is difference between PKI and Public Key Cryptography. True or False
True. Public Key Cryptography is another name for Asymmetric algorithms, while PKI is an infrastructure that is partly built on public key cryptography.
The central concept in PKI is the….
- Digital Certificates
- Certificates Authorities
- Registration Authorities
- Effective Key Management
Digital Certificate is a mechanism…
Used to associate a public key with a collection of components in a manner that is sufficient to uniquely identify the claimed owner.
The most commonly used standard for digital certificates is the
International Telecommunications Union’s X.509
Certificate Authorities (CA)
A Certificate Authority is a trusted third party that vouchers for the identity of a subject, issues a certificate to that subject, and then digitally signs the certificate to assure its integrity.
When a person request for a certificate what happens…
- A registration authority (RA) verifies that individuals identity and passes the certificate request off to the CA.
2 . CA constructs the certificate, signs it, sends it to requester, and maintains the certificate overs its lifetime.
Some well known CA’s are…
Symantec and GeoTrust
Cross-Certification happens between two CAs. True or False
True
Revocation is handled by CA, and the revocation information is stored on a….
Certificate Revocation List (CRL)
Online Certificate Status Protocol (OCSP) is being used more and more rather than CRL approach. The reason being…
- If OCSP auto check for validity in the background
- OCSP checks the CRL that maintained by the CA
Registration Authority (RA) cannot issue certificates but
Act as a broker between the user and the CA.
A PKI may be made up of the following entities and functions:
- Certification Authority
- Registration Authority
- Certificate Repository
- Certificate revocation system
- Key backup and recovery system
- Automatic Key update
- Management of key histories
- Time-stamping
- Client-side software
PKI supplies the following security services:
- Confidentiality
- Access Control
- Integrity
- Authentication
- Nonrepudiation
Many administrators know that _________ causes one of the biggest headaches in cryptographic implementation
Key Management
What does Kerberos authentication protocol use to store, distribute, and maintain cryptographic session and keys?
Key Distribution Center (KDC)
Key should not be ________ outside the cryptography device
Cleartext
Rules of Key Management
- be long enough to provide necessary level of protection
- Stored and Transmitted in a secure means
- Random and full spectrum of keyspace
- life should correspond to the sensitivity of the data
- more key is used, shorter the lifetime
- backed up or escrowed
- properly destroyed
Key Escrow
Is a process of entity that can recover lost or corrupted cryptographic keys, thus, it is a common component of key recovery operations.
When two or more entities are required to reconstruct a key for a recovery process, this is known as…
Multiparty key recovery
To mitigate availability of key resources to recover the key…
You can use a approach called m-of-n
n - group of agents
m - required agents
n always > m
Eavesdropping and sniffing data as it passes over a network are considered…what kind of attack?
Passive Attack
Altering messages, modifying system files, and masquerading as another individual are acts that are considered….what kind of attack?
Active Attack
Key and Algorithm attacks
- The first class of attack against Cryptosystems targets the algorithms themselves or the keyspace they use.
- Except for brute forcing, these approaches require significant level of knowledge of mathematical principles
Sometimes, all it takes to break a cryptosystem is to systematically try all possible keys until you find the right one. This approach is called…
Brute-force attack
Ciphertext-Only Attacks
- The attacker had the ciphertext of one or more messages, each of which had been encrypted using the same encryption algorithm and key.
- The attacker’s goal is to discover the key used in the encryption process.
- Most common type of active attack
Known-Plaintext Attacks
The attacker has the plaintext and corresponding ciphertext of one or more messages and wants to discover the key used to encrypt the messages so that he can decipher and read other messages.
Chosen-Plaintext Attacks
- The attacker had the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext.
- this is harder to carry out. Attacker may need to have control of the system that contains the cryptosystem
Differential Cryptanalysis
This attack looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences.
Frequency Analysis (aka Statistical Attack)
Identifies statistically significant patterns in the ciphertext generated by a cryptosystem.
PRNG - number generator (0, 1)
Pseudorandom Number Generator (PRNG)
Implementation Attacks
Implementation flaws are system development defects that could compromise’s real system, and implementation attire the techniques used to exploit the flaws.
Source Code Analysis
The first, and probably most common, approach to finding implementation flaw in cryptosystems is to perform source code analysis, ideally as part of large team of researchers l, and look for bugs.
Reverse Engineering
This approach to discovering implementation flaws in cryptosystems involves taking a products and tearing it apart to see how it works.
Side-Channel attack
- In cryptography, we can review facts and infer value of an encryption key.
- What happens around the cryptosystems
Fault Injection
This attack attempt to cause errors in a cryptosystem in an attempt to recover or infer the encryption key.
Replay Attacks
In which an attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information.
- Pass the hash is a well-known replay attack targets MS Windows Active Directory (AD)
- Timestamps and sequence numbers are two countermeasures to replay attacks.
Man-in-the-middle (MinM)
I this attacks, threat actors intercept an outbound secure connection request from clients and relay their own requests to the intended servers, terminating both and acting as a proxy.
Social Engineering attacks
People can be fooled by clever attackers who can trick them into providing their cryptographic key material through various social engineering attacks types.
Ransomware
This is a type of malware that typically encrypts victims files and holds them ransom until a payment is made to an account controlled by the attacker.
