Security Concepts - Cryptography Flashcards
set of identities, roles, policies and actions for creations, use, management, distribution and revocation of public and private keys
Public Key Infrastructure (PKI)
is a set of rules, which can also be called an algorithm, about how to perform encryption and decryption
ciphers
a symmetric key cipher (meaning the same key is use to encrypt and decrypt) that operates in a group of bits called block
block cipher
Example of block cipher algorithm
- Advanced encryption standard (AES)
- Triple Digitals encryption standard (3DES)
- Blowfish
- Digital encryption standard (DES)
- International Data Encryption Algorithm (IDEA)
is a symmetric key cipher where the plaintext data to be encrypted or decrypted is done a bit at a time against the bits of the key stream also called cipher digit stream
stream cipher
algorithm that uses same key to decrypt and encrypt
-AES, DES, 3DES, IDEA
symmetric algorithm
algorithm that uses different key that mathematically works together as a pair called public and private key
-RSA, Diffie-Hellman
asymmetric algorithm
example so asymmetric algorithm
RSA(River, Shamir and Adleman) DH (Deffie-Hellman) ElGamal DSA ECC
Method to used to verify data integrity
Hashing
3 most popular hashes
MD5 (message digest 5) - create 128digest
SHA-1 (Secure Hash Algo 1) 160 digest
SHA-2 (Secure Hash Algo 2) 224 digest
uses the mechanism of hashing. it includes in its a calculation a secret key of some type.
HMAC(hashed message authentication code)
digital signature core benefits
- authentication
- data intergrity
- nonrepudiation
deals with generating, verifying, exchanging, storing keys and destroying keys
key management
is a suite of protocols used to protect IP packets. provides the core benefits of confidentiality through encryption, data integrity through hashing and HMAC and authentication using. digital signatures or using a pre-shared key (PSK) that Is just for authentication similar to a password
IPSEC
IPSec Components
- ESP and AH
- Encryption algo for confidentiality (DES,3DES and AES)
- Hashing algo for integrity: MD5 and SHA
- Authentication algo: PSK and RSA digital signatures
- Key Management: DH,PKI,IKE(Internet Key Exchange)
Encryption of hash using private key and decryption of hash with the senders public key. (RSA Signatures)
Digital Signatures
Uses a public-private key pair asymmetrical algorithm but creates final shared secrets (keys) that are then used by symmetrical algorithms. Used in IPSEC
Diffie-Hellman Key Exchange
Encryption algorithm provide this by converting clear text into cipher text. (AES,DES,3DES,RSA,IDEA)
Confidentiality
Validates data by comparing hash values. (MD5,SHA-1, SHA-2, SHA-3)
Data Integrity
Verifies the peer’s identity. (PSK, RSA Signatures)
Authentication
is a computer or entity that create and issues digital certificates
Certificates Authorities
Certificate that contains public key of the CA server and the other details about the CA server.
Root certificate
a certificate similar to root certificate but it describes the client and contains the public key of and individual hosts
Identity certificates
is a series of standards focused on directory services and how those directories are organised. (Microsoft Active Directory)
X.500
standard for digital certificates that is widely accepted and incorporates many of the same and naming standard. (Lightweight Directory Access Protocol)
X.509v3
PKCS> this is a format of a certificate request send to a CA that wants to receive its identity certificate. This type of request would include the public key for the entity desiring a certificate
PKCS#10
PKCS> this a format that can be used by a CA as a response to a PKCS#10 request. The response itself will very likely be the identity certificate
PKCS#7
PKCS>The RSA cryptography standard
PKCS#1
PKCS>A format for storing both public and private keys using a symmetric password-based key to “unlock” the data whenever the key needs to be used for accessed
PKCS#12
PKSC. Diffie-Hellman Key exchange
PKCS#3
can automate the process for requesting and installing an Identity certificate
Simple Certificate Enrolment Protocol (SCEP)
is a list of certificates based on their serial numbers that had initially been issued by. CA but have since been revoked and as a result should not been trusted
Certificate revocation list (CRL)
alternative to CRLs. Using this method, a client simply sends a request to find the status of a certificate and gets a response without having to know the complete list of revoked certiciates
Online Certificate Status Protocol (OCSP)
Cisco service that provide support for validating digital certificates including check to see wether a certificate has been revoked
Cisco AAA
Methods of Cipher - the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged
Transposition Cipher
is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.
Substitution Cipher
Relevants Part of Certificate
Serial number Issuer Validity Dates Subject of Certificates Public key Thumbprint algo and thumbprint
An algorithm that allows two devices to negotiate and establish shared secret keying materials (keys) over untrusted network
Diffie-hellman
Common methods used by ciphers
- transposition
- substitution
- polyalphabetic
