Security Plus - Chapter 7 Flashcards
Cryptography
The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.
Encryption
Transforming plain text information into cyphertext using an encryption key.
Decryption
Transforming cyphertext into plain text using a decryption key.
Goals of Cryptography
- Confidentiality - Encryption is used to protect sensitive information from persons that do not have the need to have the information.
- Integrity - Ensures that data is not maliciously or unintentionally altered
- Authentication - Validating the identity of an individual
- Non-repudiation - Ensures that individuals can prove to a third-party that a message came from its purported sender.
Cipher
A method used to scramble or obfuscate characters to hide their value.
Algorithms used to perform encryption and decryption operations of secret messages.
Substitution
A type of coding or cypher system that changes one character or symbol into a different one.
- Caesar cipher - used by Julius Caesar
- ROT13 - Means you rotate the characters 13 positions to decipher the original message.
- Polyalphabetic - Using multiple substitution alphabets for the same message. - Vigenere cipher - Used a keyword to look up the cipher text in a table to decipher the message.
Transposition Cipher
Involves transposing or scrambling the letters in a certain manner to hide the value of the message.
Columnar Transposition
Choose the number of rows in advance, which is the encryption key, then write the message by placing successive characters in the next row until you get to the bottom of the column.
The Enigma Machine
German government during World War II produced to provide secure communications between military and political units. Similar to a typewriter, the encryption code could be updated as needed based on the days encryption algorithm. The machine was based on polyalphabetic substitution which changed the substitution for each character of the message.
Stenography
The art of using cryptographic techniques to embed secret messages within another file. Alterations are made to the least significant bits of the many bits that make up image files.
Confidentiality
Ensures that data remains private in three different situations: when it is at rest, when it is in transit, and when it is in use.
Types of cryptosystems that enforce confidentiality:
- Symmetric cryptosystems - Use a shared key available to all users of the cryptosystem
- Asymmetric cryptosystems - Use individual combinations of public and private keys for each user of the system.
Obfuscation
The practice of making it intentionally difficult to for humans to understand how code works.
Encrypting Data at Rest
Encrypt data on disk - Data stored directly on a disk may be managed with full-disk encryption, partition encryption, file encryption, and volume encryption.
Full-Disk Encryption
A form of encryption where all the data on a hard drive is automatically encrypted, including the operating system and system files.
Partition Encryption
Targets a specific partition of a hard drive to encrypt.
File-Level Encryption
This allows users to encrypt specific files on a hard drive which allows for easier setup and management.
Volume Encryption
Encrypting a set “volume” on a storage device, which may contain several folders and files.
Database Encryption
A method used to protect sensitive information stored in a database from access by unauthorized users.
- Transparent data encryption (TDE) - Encrypts the entire database
- Column-level encryption (CLE) - Allows for specific columns within a table to be encrypted.
Record level encryption - Allows for individual records within a database to be encrypted.
Integrity
Ensures that data is not altered without authorization.
Message Integrity
Encrypting messages through the use of message digest or digital signatures, which are validated by the recipient of the message, ensuring the message was not altered during transit.
Authentication
Verifies the claimed identity of system users and is a major function of cryptosystems.
Non-repudiation
Assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender. Prevents the sender from claiming they never sent the message initially.
Key Space
The range of values that are valid for use as a key for a specific algorithm. It is defined by its key length (the number of binary bits). The range of numbers between 0 and 2 to the nth power. o to 2 to the 128th is a 128-bit key.
Algorithm
A set of rules, usually mathematical, that dictates how enciphering and deciphering processes are to take place.
Block Ciphers
operate on chunks or blocks of a message and apply the encryption algorithm to an entire message block at the same time. An example is the transposition cipher and columnar transposition.
Stream Ciphers
Operate on one character or bit of a message or data stream at a time. The algorithm operates on each letter of the message independently. The Caesar cipher and one-time pad cipher are examples.
Symmetric Key Algorithm
Rely on a shared secret encryption key that is distributed to all members who participate in the communications. The sender encrypts with the shared key, and the receiver decrypts with the shared key. Provides confidentiality.
- Private Key Cryptography
- Secret Key Cryptography
Cons:
- Key distribution must occur through secured online channels or sending offline through an out of band method.
- Does not provide non-repudiation
- The algorithm is not scalable for large groups to use for communicating
- Keys must be regenerated often
Asymmetric Key Algorithm
Public Key Algorithm. Each user has two keys, a public key, and a private key, which is kept secret and known only to the owner of the key pair. Opposite and related keys must be used in tandem to encrypt and decrypt. If the public key encrypts a message, then the corresponding private key must decrypt the message.
Provide support for digital signature technology.
Strengths of Asymmetric cryptography:
- Adding new users requires generation of only one public-private key
- Users are removed more easily by including a key revocation system
- Key regeneration is only required if the user’s private key has been compromised
- Provides integrity, authentication, and non-repudiation
- Key exchange is a simple process by making their public key available, and then keeping their private key secured
No preexisting communication link is needed, so users can begin communicating right away by providing their public key.
Cons of Asymmetric cryptography:
- Slow speed of operation
- Best when used with smaller data set transmission
Summary of Symmetric vs. Asymmetric
Attributes
Keys Symmetric - Same key is used by sender to encrypt and
receiver to decrypt
Asymmetric - Each user has a key pair - a public key and
a private key
Key Exchange Symmetric - Out-of-band
Asymmetric - Public key is freely shared
Speed Symmetric - Algorithm is less complex and much faster
Asymmetric - Algorithm is more complex and slower
Number of keys Symmetric - N*(N-1)/2
Asymmetric - 2N
Use Symmetric - Bulk encryption, meaning encrypting files and
communication
Asymmetric - Key encryption and digital signatures.
Security service provided Symmetric - Confidentiality
Asymmetric - Confidentiality,
authentication, and non-repudiation
Hashing Algorithm
Produces message digests which are summaries of the messages contents. It is extremely difficult to derive a message from an ideal hash function, and very unlikely that two messages will produce the same hash value. If this occurs, it is known as collision.
Symmetric Cryptography
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
Symmetric Cryptography Overview
Pros: - Provides fast data transfer
- Good strong privacy
Cons: - Out of band key distribution
- Doesn’t scale well
- Doesn’t provide non-repudiation
Aliases - Secret, Private, Shared, Session
A single key shared by both parties
Symmetric Ciphers
- Stream - one bit at a time
- Block - chunks of data
Symmetric Algorithms
DES
3DES
AES
RC-4
RC-5
Two Fish
Blowfish
IDEA
CAST
MARS
Skipjack
Data Encryption Standard
Published in 1977 and is no longer in use due to flaws in the algorithm. Officially retired in 2001.
Triple DES
Uses the DES algorithm three times, with three different encryption keys produced. This is also considered insecure and was retired in 2023.
Advanced Encryption Standard
Introduced in 2000, the Rijndael block cipher was chosen as the replacement for DES. The Federal Information Processing Standard (FIPS) mandated the use of Rijndael/AES for the encryption of all sensitive information.
This cipher allows the use of 3 key strengths128, 192, & 256. The number of encryption rounds depends on the key length.
128 bit key = 10 rounds of encryption
192 bit key = 12 rounds of encryption
256 bit key = 14 rounds of encryption
