Module 16 Flashcards
Basic Integrity and Authenticity
Four elements of secure communications
Data Integrity
Origin Authentication
Data Confidentiality
Data Non-Repudiation
Data integrity
Guarantees that the message was not altered. Any changes to data in transit will be detected.
How is integrity ensured?
By implementing either of the Secure Hash Algorithms (SHA-2 or SHA-3)
Why should MD5 be avoided?
It is inherently insecure and creates vulnerabilities in a network
Origin Authentication
Guarantees that the message is not a forgery and does actually come from whom it states
How do most modern networks ensure authentication?
Hash-based message authentication code (HMAC)
Data Confidentiality
Guarantees that only authorized users can read the message. If the message is intercepted, it cannot be deciphered within a reasonable amount of time
How is Data confidentiality implemented?
Using symmetric and symmetric encryption algorithms
Data Non-Repudiation
Guarantees that the sender cannot repudiate, or refute, the validity of a message sent
What does Non-repudiation rely on?
The fact that only the sender has the unique characteristics or signature for how that message is treated
Cryptography can be used almost anywhere
True
Hashes
Used to verify and ensure data integrity and authentication
What is hashing based on?
One-way mathematical function that is relatively easy to compute, but harder to reverse
What is a resulting hash sometimes called?
Message digest
Digest
Digital fingerprint
What is not possible with hash functions?
Two different sets of data having the same hash output
When a message is altered, what happens to the hash?
The hash changes
Cryptographic hash values (digital fingerprints) can be used to detect what?
Duplicate data files, file version changes, and similar applications
How are cryptographic hash values used?
To guard against an accidental or intentional change to the data, or accidental data corruption
What is h= H(x) used for?
To explain how a hash algorithm operates
How is HMAC calculated?
Using any cryptographic algorithm that combines a cryptographic hash functions with a secret key
MD5 with 128-bit digest
Legacy algorithm and should be avoided and used only when no better alternatives are available
SHA-1 (NSA)
Creates a 160-bit hashed message and is slightly slower than MD5.
Has known flaws and is a legacy algorithm
SHA-2 (NSA)
SHA-256, SHA-384, and SHA-512 algorithms should be used whenever possible
SHA-3 (NIST)
Alternative and eventual replacement for the SHA-2 family of hashing algorithms
Next-gen algorithms and should be used whenever possible
