IA Test 1.2 Cards

use context to guess at some words, a secrect memo from OSU may use the words cowboy, stillwater, or orange

We have use of T the transmission medium, we send messages, read the encrypted result, leads to a known plaintext anaylsis

We have the algorithm and the ciphertext, our goal is to determine the key

Lazy behavior- repeat key use, pick easy keys - bribes and coercion

Hardware failure can cause predictable results- typewriters - Data may not get fully erased, remanance

Once you break someones encryption you can't

1972 call for proposals from the natioanl bureau of stands for public encryption algorithim

IBM wins with Licifer - DEA(Data encryption algorithm( DEA 1 outside US)) Uses substitution and transposition

a block cipher that segments the input data into blocks of 64 bits using a 56 bit key and outputs blcosk of 64 bits

returns a 1 when the value of either the first bit or the second bit is a 1. Returns a 0 when neither or both of the bits is 1. used to flip bits in a piece of plaintext to create a cipher text

uses either two or three keys instead of the single key. It spins through the DES algorithm three times in multiple encryption.

1997 NIST issues another call for proposals - unclassified, publically disclosed, available royalty free, symmetric block cipher algorithms, usable with key sizes 128, 256, 512 Rijndeal wins US gov't standard

Final Five Voting- Rijndael, Serpent, Twofish, RC6, MARS

substitution, shift, transposition, XOR, and more
Fast
10,12, or 14 cycles for keys of 128, 192 and 256 bits respectivelty

128 bit block for a 128 bit block using substitution table (AES)

Transposition, row is shifted a certain amount (AES)

Shifing left and XORing bits with themselves (AES)

A portion of the key is XORed with the cycle result (AES)

Used for integrity (all it does) results in a hash, checksum, message digest - uses a one way function (easy to get hash, near impossible to compute the plaintext from a hash)

the generic version of a hash algorithm, designed to create a message digest or hash from data input into the algorithm

was developed in 1991 by the national institute of standards and technology for secure hashing in the U.S. Digital Signature Standard(DSS) - it uses block mode, accepting an input of up to 264 bits and compressing to 160 bits

after hash has been generated for all blocks the message is represented by a 160 bit string - one of the more secure hash functions as its output is 160 bit long versus the more common 128 bit result from MD5

takes a data input of any length and produces a hash output of 128 bits

___ is optimized for 8 bit machines and ____ and ____ are optimized for 32 bit machines

Only known attac successful against ___ depends on the checksum not being appended to the message before the hash function is run

was developed in 1990 and is optimized for 32 bit computors - a fast algorithm but not as secure

the final four words left after compreesion are the 128 bit hash
there is an extended version of MD4 that computes the message in parallel and produces two 128 bit ouptus
although a longer hash is produced, security has not been improved because of basic flaows in the algorithm

similar to the MD4 algorithm, but it is slightly slower and more secure - creates a 128 bit hash of a message of any length- there are no known attacks but there has been cryptanalysis that displays weaknesses in the compression function

Diffie and Hellman come up with this in 1976 - public key is public, private keys are private - 1 key for everyone to use to send me a message, instead of each pair needing a key

Each user has 2 keys - private and public - inverses- one key undoes the encryption done by the other

Popular Asymmetric encryption protocols

one of the first public key cryptosystms invented- the algorithm uses the product of two very large prime numbers to generate one key for decryption and another for encryption - security has withstood the test of over 20 years analysis but can be 100 times slower than DES

used in the electronic key echange method of the secure sockets layer protocol(SSL) used by the SSH and IPsec protocols - enables the sharing of a secret between two people who have not contacted each other before

like RSA uses large prime numbers to work - it is very effective because it protects a temporary, autromatically generated secret key that is only good for a single communication session

used as the US government standard for digital signatures and may also be used for encryption - based on the difficulty of computing discrete logarithms over finite fields - basis of the US digital signature algorightm - PUBLIC KEY PRIVATE KEY

works on the basis of elliptic curves - twp points can be added to get a thrid point on the cuve- the security has been a concern due to lack of analysts

fast and good - requires a shared secret

provides integrity

slow and good - everyone can get someone else's public key

encrypt a document with my private key you can use my public key to decrypt it - and therefore you know it came from me

can hash a document, then encrypt that hash value with my private key and put the result on the document - if you decrypt the hash value with my public key and that value is the same as when you hash the document, then you know it came from me and the integrity is intact

public key, the slower protocol is used to exchange the secret key, and then the communication uses the faster symmetric key protocol - all based on certificates

made up of - hardware, applications, policies, services, programming interfaces, cryptographic algorithms, protocols, users, utilities

involves entities called registration aturieis and certificate authorities

require proff of identri yfro mthe individual requesting a certificate and validate this information

After the RA does its job it then advises the ____ to generate a certificate, which is analogous to a driver's license

In a Public Key Infrastructure the CA digitally signs the certificate using its

is made up of the software, hardware, procedures, policies, and people who are involved in validating identities and generating certificates - if one of these is compromised it negatively affects the ___ and can threaten the integrity of the certificates it produces

the trusted authority for certifying an individuals identity and creating an electronic document indicating that individuals are who they claim to be the e-document is referred to as a digital certificate - it establishes an association between the subject's identity and the public key, the private key is paired with the public key in the certificate is stored seperately

the componont that accepts a request for a digital certifcate, perform the necessary steps of registering and authenticating the person requesting a certificate

types of certificates availabe can vary between different CAs but there are usually at least __ different types and they are referred to as classes

each higher class of certificate can perform mroe powerful and critical tasks than the ones before it - each CA outlines the certification classes it provies and the id requirments that must be met to acquire each type of certificate

the algorithm used to hash the certifiate

the hash itself to ensure that the certificate has not been tampered with

if an application creates a key store to be accessed by other applications, it will provide an interface, referred to as an

Once the certificate is registered, identity is proven, and a key is pair generated, the certificate must

are held in a publicly available ropository - must be available to whoever requires them to communicate within a PKI environment

a term that describes a centralized directory that can be accessed by a subset of individuals

When an individual initializeds communication with another person the sender can send the ___ and ___ to the receiver. this allows the receiver to communicate with the sender using encryption or digital signatures without needing to track down the necessary items. If a person wants to encrypt the first message sent to the receiver, the sender must find the receiver's public key in a certificate repository.

are available and used by the public, or by a wide range of people

Special emphasis should be put into looking at the specific information included within the certificates such as:

a holding place for individuals' certificates and public keys that are participating in a particualr PKI environment

The security requirements for repositories are _________as needed for actual CAs and for the equipment and software used to perform CA functions

Since each certificate is _____ _____ by the CA, if a certificate stored in the certificate repository is modified, the recipient would be able to detect this change and not accept the certificate as valid

compare the CA that digitally signed ther cert to a list of cas that has already been loaded into the receivers compter
calculate a message digest fo the certificate
use the CAs public key to decrypt the digital signature and recover what is claimed to be the original message digest embedded within the certificate

The CA can provide protection by maintaining a

contains a statement indicating why invidivual certificates were revoked and the date of revocation

Certificates are _____ when the certficate's validity needs to be ended before its actual expiration date

a user loses a laptop or smart card that stored a private key - an improper software implementation has been unvovered that directly affected the sercurity of a private key - a user has fallen victim to a social engineering attack and gave up a private key - date held within the cert no longer applies - an employee has left a company and should not be identified as a member of an in house PKI

is responsible for the status of the certificates it generates, must be informed of a revocation, must provide this info to others, is responbile for maintainging the revocation list and posting it in a publicly availabe directory

Hidden writing =

secret writing =

book written by Johannes Trithemius - book about magic using spirits to communicate over long distances - really about steganography and cryptology

The message you are wanting to send and hide

the message, data, picture that actually shows and hides the payload

payload + carrier =

the percentage of payload bytes in the carrier

the detection of payload within a covert message

uses scientifc methods to hide a message, such as the use of invisible ink or microdots and other size reduction methids

hides the message in the carrier in some non obvious ways and is further categorized as semagrams or open codes

hide informaiton by the use of symbols or signs

uses innocent looking or everyday physical objects to convey ea message, such as doodles or the positiong of items on a desk or websit

hides a message by midfying the appearance of the carrier text such as subtle changes in font size or type, adding extra spaces, or different flourishes in letters or handwritten text

hide a message in a legitamate carrier message in ways that are not obvious to an unsuspecting observer. The carrier message is sometimes called the overt communication whereas the hidden message is the covert communication. This category is subdivided into jargon codes and covered ciphers

uses language that is understood by a group of peopld but is meaningless to others - include warchaking, underground terminology, innocent conversation that conveys special meaning because of facts known only to speakers - navajo code talkers WWII

A subset of jargon codes - where certian prearranged phrases convey meaning

hide a message openly in the carrier medium so that it can be revocred by anyone who knows the secret for how it was concealed

a covered cipher a ____ ____ employs a template that is used to voer the carrier message. the openings reveal the message

hides the mssage according to some prearranged set of rules such as read every fifth word