Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
66 Cards in this Set
- Front
- Back
Mathematical rules used in encryption and decryption
|
Algorithm or Cipher
|
|
Hardware or software implementation of cryptography that transforms a message into ciphertext and back to plaintext
|
Cryptosystem
|
|
Instance of 2 different keys generating the same ciphertext from same plaintext
|
Key clustering
|
|
A range of possible values used to construct keys
|
Keyspace
|
|
Estimated time, effort or resources necessary to break a cryptosystem
|
Work factor
|
|
Does not require an electronic algorithm and bit alterations, but uses components of physical world - like book, page, line…
|
Running key cipher
|
|
Hiding data in another media type so the existence is concealed. Usually hiding messages in images
|
Steganography
|
|
What is Symmetric Cryptography?
|
Sender and receiver use same key for encryption and decryption
Also called secret keys because each user has to keep the key secret |
|
What are some examples of Symmetric Cryptography?
|
DES
Triple DES (3DES) Blowfish IDEA RC4, RC5, RC6 AES |
|
What is Asymmetric Cryptography?
|
AKA Public key
The 2 different keys are mathematically related One public and one private key |
|
What are some examples of Asymmetric Cryptography?
|
RSA
ECC Diffie-Hellman El Gamel DSA Knapsack |
|
What security service does Asymmetric Cryptography provide?
|
Authentication and nonrepudiation
|
|
What security service does Symmetric Cryptography provide?
|
Confidentiality
|
|
What are block ciphers?
|
Message is divided into blocks of bits that are put thru mathematical functions one block at a time
If it is a 64 bit block cipher, your message is broken up into blocks of 64 bits |
|
What are stream ciphers?
|
Does not break message up into blocks. Treats message as a stream of bits and performs mathematical functions on each bit
|
|
What is a hybrid encryption method?
|
Symmetric algorithm creates keys used for encrypting bulk data and asymmetric algorithm creates keys for automated key distribution
|
|
Describe DES
(key type, cipher type, block size, key length) |
Key type: Symmetric
Cipher type: Block Block size: 64 Key length:56 |
|
Describe 3DES
(key type, cipher type, block size, key length) |
Key type: Symmetric
Cipher type: Block Block size: 192 Key length:168 |
|
Describe AES
(key type, cipher type, block size, key length) |
Key type: Symmetric
Cipher type: Rijindael block Block size: 128 Key length:128, 192, 256 |
|
What is Spartan Scytale?
|
Strip of papyrus around a wooden rod
Key is a similar sized rod |
|
Describe IDEA
(key type, cipher type, block size, key length) |
Key type: Symmetric
Cipher type: Block Block size: 64 Key length: 128 |
|
What is the Caesar Cipher?
|
Substitution cipher
Shift each letter of alphabet and shift by 3 characters |
|
What is Battista cipher disk?
|
2 concentric disks
Each disk has alphabet around its periphery Rotate one disk with respect to the other |
|
What are Hebern Machines?
|
Rotor based machines
Examples: Japanese Purple, German Enigma, American Sigaba, Stafford |
|
What is the Vernam Cipher?
|
One time pad
Modulo 26 - wrap around the alphabet |
|
Describe RSA
(Key type, use, strength, used in) |
Key type: Asymmetric
Use: Key transport, digital sigs, encryption Strength: Strong Used in: smime |
|
Describe Diffie Hellman
(Key type, use, strength, used in) |
Key type: Asymmetric
Use: key exchange (agreement) Strength: Moderate Used in: SSL handshake |
|
Describe El Gamal
(Key type, use, strength, used in) |
Key type: Asymmetric
Use: key exchange, digital signatures, encryption Strength: very strong Used in: PKI |
|
Describe ECC
(Key type, use, strength, used in) |
Key type: Asymmetric
Use: Key transport, digital sigs, encryption Strength: Used in: |
|
What is a Message Authentication Code (MAC)?
|
Short piece of information used to authenticate a mesage.
Encrypt hash value |
|
What is Message Digest 2 (MD2)?
|
One way hashing algorithm. Produces a 128 bit hash value. Much slower than MD4 and MD5
|
|
What is Message Digest 4 (MD4)?
|
One way hashing algorithm. Produces 128 bit hash value.
|
|
What is Message Digest 5 (MD5)?
|
One way hashing algorithm. Produces 128 bit hash value. More complex than MD4
|
|
What is HAVAL?
|
One way hash algorithm. Variable length hash value. Modification of MD5 that provides more protection against MD5 vulnerabilities
|
|
What is SHA?
|
One way hash algorithm. Produces 160 bit hash value. Used with DSA
|
|
Describe digital signatures.
|
Hash value that has been encrypted with sender's private key
Hashing ensures integrity Signing provides authentication and nonrepudiation |
|
What security service does encryption provide?
|
Confidentiality
|
|
What security service does hashing provide?
|
Integrity
|
|
What security service does digital signature provide?
|
Authentication, nonrepudiation, integrity
|
|
Describe Public Key Infrastructure (PKI).
|
Enables a level of trust with in an environment
ISO authentication framework that uses public key cryptography and X.509 standard Authentication, confidentiality, nonrepudiation, integrity Hybrid of symmetric and asymmetric key algorithms |
|
Name key components of PKI.
|
Certificate Authorities
Certificates Registration Authority |
|
What is an organization or server that maintains and issues digital certificates?
|
Certificate Authority
|
|
What is a mechanism used to associate public keys with collection of components in a manner that is sufficient to uniquely identify the claimed owner?
|
Certificate
|
|
What is the standard for how the CA creates the certificate?
|
X.509
|
|
What performs certification registration duties? Does not issue certificates, but acts as a broker
|
Regestration authority
|
|
What is Link Encryption
|
Encrypts all the data along a specific communication path as in a satellite link, T3 line or telephone circuit
User info, header, trailer, addresses, routing data all encrypted Only data link control messaging info not encrypted Users do not need to do anything to initiate it since it works at data link and physical layers |
|
What is End to End Encryption
|
Headers, addresses, routing and trailer info not encrypted
Flexibility for user to decide what gets encrypted and how Higher granularity of functionality Each hop computer on network does not need key to decrypt each packet At application layer |
|
What is Multipurpose Internet Mail Extension (MIME)
|
Specification that dictates how certain file types should be transmitted and handled
S/Mime or secure MIME is standard for digitally signing email and providing secure data transmission |
|
What is Privacy Enhanced Mail (PEM)
|
Internet standard for secure email over internet and for in house communication
Authentication, message integrity, encryption and key management Messages encrypted in AES with CBC mode Public key management provided by RSA X.509 standard use for certification structure and format |
|
What is Pretty Good Privacy (PGP)?
|
Complete cryptosystem that uses cryptographic protection to protect email and files
Can use RSA public key encryption for key management IDEA symmetric cipher for bulk encryption of data Confidentiality using IDEA encryption algorithm Integrity using MD5 hashing Authentication using public key certificates Nonrepudiation using cryptographically signed messages Uses own type of digital cert - web of trust |
|
What are Cipher Only attacks?
|
Attacker has ciphertext of several messages & wants to discover encryption process
Common, but not often successful |
|
What are Known Plaintext attacks?
|
Attacker has plaintext and ciphertext of one or more message. Trying to discover the key
|
|
What are Chosen Plaintext attacks?
|
Attacker has plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext
|
|
What are Chosen Ciphertext attacks
|
Attacker has chosen ciphertext to be decrypted and has access to the decrypted plaintext
|
|
What is Differential Cryptanalysis?
|
Used first against DES
Attacker takes 2 messages of plaintext and follows the changes that take place to the blocks as they go through the different S-boxes Compare difference and use results to map probability to different possible key values |
|
What is Linear Cryptanalysis?
|
Carries out functions to identify the highest probability of a specific key employed during the encryption process using a block algorithm
|
|
What are Side Channel Attacks?
|
Doesn't use mathematics to find the key
Review other facts like how much power consumption was used for encryption, intercept the radiation emissions |
|
What are replay attacks?
|
Attacker captures some type of data and resubmits it with hopes of fooling the receiving device
Timestamps and sequence numbers are countermeasures |
|
What is COCOM (Coordinating Committee for Multilateral Export Controls)?
|
Prevent crypto from being exported to dangerous countries
|
|
What is the Wassenaar Arrangement?
|
Symmetric crypto free to export
Asymmetric crypto requires a license 28 countries including US signed it |
|
What are US controls on Crypto?
|
No controls on import
Signed Wassenaar Agreement but had stricter export controls Looser export controls occurred on July 2000 |
|
What is the Electronic Code Book (ECB) mode of DES
|
Right block/left block pairing 1-1. Replication occurs. Not enough randomness. Good for small amounts of data. Plain vanilla DES
|
|
What is the Cipher Block Chaining (CBC) mode of DES
|
Blocks of 64 bits with 64 bits initialization vector. Errors will propagate. Adds randomness to DES
|
|
What is the Cipher feedback mode (CFB) mode of DES
|
Stream cipher where the cipher text is used as feedback into key generation. Errors will propagate
|
|
What is the Output feedback mode (OFB) mode of DES
|
Stream cipher that generates the key but XOR-ing the plaintext with a key stream. No errors will propagate
|
|
What is the Counter Mode (CTR) mode of DES
|
Different counter for every block of text
|