Security Concepts - Cryptography Flashcards
set of identities, roles, policies and actions for creations, use, management, distribution and revocation of public and private keys
Public Key Infrastructure (PKI)
is a set of rules, which can also be called an algorithm, about how to perform encryption and decryption
ciphers
a symmetric key cipher (meaning the same key is use to encrypt and decrypt) that operates in a group of bits called block
block cipher
Example of block cipher algorithm
- Advanced encryption standard (AES)
- Triple Digitals encryption standard (3DES)
- Blowfish
- Digital encryption standard (DES)
- International Data Encryption Algorithm (IDEA)
is a symmetric key cipher where the plaintext data to be encrypted or decrypted is done a bit at a time against the bits of the key stream also called cipher digit stream
stream cipher
algorithm that uses same key to decrypt and encrypt
-AES, DES, 3DES, IDEA
symmetric algorithm
algorithm that uses different key that mathematically works together as a pair called public and private key
-RSA, Diffie-Hellman
asymmetric algorithm
example so asymmetric algorithm
RSA(River, Shamir and Adleman) DH (Deffie-Hellman) ElGamal DSA ECC
Method to used to verify data integrity
Hashing
3 most popular hashes
MD5 (message digest 5) - create 128digest
SHA-1 (Secure Hash Algo 1) 160 digest
SHA-2 (Secure Hash Algo 2) 224 digest
uses the mechanism of hashing. it includes in its a calculation a secret key of some type.
HMAC(hashed message authentication code)
digital signature core benefits
- authentication
- data intergrity
- nonrepudiation
deals with generating, verifying, exchanging, storing keys and destroying keys
key management
is a suite of protocols used to protect IP packets. provides the core benefits of confidentiality through encryption, data integrity through hashing and HMAC and authentication using. digital signatures or using a pre-shared key (PSK) that Is just for authentication similar to a password
IPSEC
IPSec Components
- ESP and AH
- Encryption algo for confidentiality (DES,3DES and AES)
- Hashing algo for integrity: MD5 and SHA
- Authentication algo: PSK and RSA digital signatures
- Key Management: DH,PKI,IKE(Internet Key Exchange)
Encryption of hash using private key and decryption of hash with the senders public key. (RSA Signatures)
Digital Signatures
Uses a public-private key pair asymmetrical algorithm but creates final shared secrets (keys) that are then used by symmetrical algorithms. Used in IPSEC
Diffie-Hellman Key Exchange
Encryption algorithm provide this by converting clear text into cipher text. (AES,DES,3DES,RSA,IDEA)
Confidentiality
Validates data by comparing hash values. (MD5,SHA-1, SHA-2, SHA-3)
Data Integrity
Verifies the peer’s identity. (PSK, RSA Signatures)
Authentication
is a computer or entity that create and issues digital certificates
Certificates Authorities
Certificate that contains public key of the CA server and the other details about the CA server.
Root certificate
a certificate similar to root certificate but it describes the client and contains the public key of and individual hosts
Identity certificates
is a series of standards focused on directory services and how those directories are organised. (Microsoft Active Directory)
X.500
