Domain 3: Security Architecture and Engineering - Cryptography Flashcards
Caesar Cipher
Simple substitution
Shift Characters, etc. (Caesar was a 3 character shift)
Subject to pattern analysis to crack the cipher
Current example: Rot-13, move characters 13 spaces
Scytale Cipher
Spartans used this cipher to communicate messages to general in the field
Wrapped tape around a rod, then wrote on the tape
Diameter of the rod is the pre-agreed upon secret (key)
Symmetric Cryptography
Same secret is used on both ends
Vignere Cipher
First polyalphabetic cipher
Key word is agreed upon ahead of time
First letter of the key is matched up against first letter of the message and so on
Enigma Machine
Used by Germans in WWII; Japanese had Purple machine
Used a rotor configuration to create a cipher
Vernam Cipher
AkA One Time Pad
Mathematically unbreakable
pad must be as long as the message
pad must be securely distributed and only used once
Services provided by cryptography
PAIN
Privacy: prevents unauthorized disclosure
Authenticity: verifies claimed identity
Integrity: detects modification or corruption
Non-Repudiation: combines authentication and integrity. Sender can’t dispute having sent a message, or contents
Cipher Text Algorithm
Plain Text + Initialization vector + Algorithm (Cipher) + Key = Cipher Text
Initialization Vector
Provides randomness by changing the starting point randomly
Similar to Salt for a password
Cryptographic Algorithms
For data, it is broken into blocks (S-Blocks) and then complex and strong math to substitute the blocks.
Collection of math functions that should be open
Cryptographic Keys
Provide instructions on how to use the math
Should be random
Should be protected
Should be long “enough”
Symmetric Process
single key is shared by both parties and is used to encrypt and decrypt. aka Secret, private, shared, or session key
Symmetric Pro’s
Provides fast data transfer
Good strong privacy
Symmetric Cons
Out of band key distribution
Doesn’t scale well
Doesn’t provide non-repudiation
Asymmetric Cryptography
Every user has a key pair which consists of a public and private key
Anything encrypted with one key can only be decrypted by the other
Symmetric Cipher types
Stream - one bit at a time, uses transposition, substitution, XOR. fast and efficient, not as secure, RC-4
Block - Chunks data and each chunk goes through a series of math functions called S-boxes
Common Symmetric Algorithms
DES 3DES AES RC-4 (Stream) RC-5 Two Fish Blowfish IDEA CAST MARS Skipjack
Private key
Used to encrypt, can prove authenticity because only the public key pair can decrypt it
Public Key
Used to decrypt, shared with other systems
Integrity with Cryptography
Hashing/Checksums is a fixed length representation of the contents of the file. hashing performed on both ends of file transfer to ensure no changes have been made
One way math, cannot be reversed, once it is it is considered cracked
Hashing Algorithms
MD-5 128 bit
SHA-1 160 bit
Sha-2 256, 384, 512, etc
HAVAL, TIGER, RIPEMD are lesser known algorithms
Collision
When two different documents produce the same hash
Birthday attack
Attempt to cause collisions. based on the idea that it is easier to find two hashes that happen to match than to produce a specific hash
Non-Repudiation with cryptography
Encrypting the hash with private key allows for non repudiation. Hash is created, showing integrity. Encrypted with private key. Decrypted with public key. hash is generated for decrypted file, compared to prove who and what.
Digital signatures are a way to do this.
Common Asymmetric Algorithms
DSA and RSA
ECC (Elliptical Curve Cryptography) and El Gamal
Diffie Hellman (DH) and Knapsack
RSA (Rivest, Shamir, Adleman)
Standard for Digital Signatures, replacing DSA
Uses Factorization; Uses the idea that there is no efficient way to factor the product of large prime numbers
Trap-door math
Diffie-Hellman
First Asymmetric algorithm
Secure key-algorithm without pre-shared secrets
Based on discrete logarithms in a finite field
Asymmetric to agree on key, then symmetric for communication