-
Access Control
Restricting and controling subject and object access attempts
-
Algorithm - Cipher
Set of mathematical rules used in encryption and decryption
Cipher - same
-
Cryptography
Science of secret writing that enables you to store transmit dat in a form that is available only to the intended individuals.
-
Cryptosystem
Hardware or software implementation of cryptography
-
Cryptanalysis
Breaing cryptic systems
-
Data Origin Authentication
proving the source of a message (system-based authentication)
-
Encipher
Decipher
Encipher - Act of transforming data into an unreadable format
Decipher - Transforming data into a readible format
-
Entity Authentication
Proving the identity of the entity that sent a message
-
Key
sequence of bits and instructions that governs the acto of encryption and decryption
-
key clustering
instance when two different keys generate the same ciphertext from the same plaintext
-
keyspace
a range of possible values used to construct keys
-
Work factor
Estimated time, effort, and resources necessary to break a cryptosystem
-
-
Symmetric Cryptography - Strengths and weaknesses
- Strengths
- Must faster than asymmectric systems
- hard to break if using a large key size
- Confidentiality
- Weaknesses
- Requires a secure mechanism to deliver keys
- Each pair is a unique key - key management
- Does not provide Authenticity or nonrepudiation
- TYPES
- Data Encryption Standard (DES)
- Triple-DES (3DES)
- Blowfish
- IDEA
- RC4, RC5, RC6
- Advanced Encryption Standard (AES)
-
Aysmmetric Cryptography - Strengths and weaknesses
- Strengths
- Better Key distribution than symmetric
- Scalability
- Authentication and non-repudiation
- Weaknesses
- works much more slowly than symmetric systems
- matehmatically intensive tasks
- TYPES
- RSA
- Elliptic curve cryptosystem (ECC)
- Diffie-Hellman
- El Gamal
- Digital Signature Algorithm (DSA)
- Knapsack
-
Block cipher
block of message that is devided into blocks and then put through mathematical functions
-
Confusion
Substition of data
-
-
DES
Lucifer
DEA - Data Encryption Algorithm
- Data Encryption Standard
- symmetric block encryption algorithm
- 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out
- 65-bit key - 8 bits parity - 52 bit true key
Lucifer - IBM - 128 bit
DEA - Data Encryption Algorithm - NASA - 64 bit
-
DES Modes
Eleectronic Cod Book (ECB)
- A 64 bit data block is enered into algorith, with a key and a block of ciphertext is produced
- for a given block of plaintext and a given key, the same block of ciphertext is always produced
NOT RANDOM ENOUGH
-
DES Modes
Cipher Block Chaining (CBC)
Each blcok of text, the key, and the value is based on teh previous block that is processed in teh algorithm .. applied to the next block of data.
MORE RANDOM CIPHERTEXT
-
DES Modes
Cipher Feedback modes (CFM)
OUTPUT Feedback mode (OFM)
Better for smaller amounts of data
First 8 bits needs to be encrypted - IV (initialization vector)
The Key + IV put in to Algorithm - > creates KEY STREAM
Plaintext -> KEYSTREAM -> Cyphertext
Cyphertext +Key goes put into Algorithm - Creates next set of KEY STREAM
- Same as CFM EXCEPT -
- Keystream +Key goes into algorithm to create next Key stream
REDUCES number of errors
-
DES Modes
Counter Mode
Same as OFB, but instand of a unique IV, it uses a IV counter tha increments for each plaintext block that needs to be encrypted
-
Triple DES (3DES)
- 48 rounds in computation
- 3 keys 56 bits
- DES-EEE3 - 3 different keys for encryption - encrypted, encrypted, encrypted
- DES-EDE3 - 3 different keys for encryption - encrypted, decrypted, encrypted
- DES-EEE2 - 2 keys - first and third are the same - encrypted, encrypted, encrypted
- DES-EDE2 - 2 keys - first and third are the same - encrypted, decrypted, encrypted
-
AES
Symmectric block cipher supporting key sizes of 128, 192, & 256 bits
- runners up
- MARS
- RC6
- Serpent
- Twofish
- Rijinel
-
IDEA
- International Data Encryption Algorithm
- 64 bit data block is split into 16 different smaller blockes - each has 8 rounds of mathematical functions performed on it
Key size is 128 bits
Faster when implemented in software than DES
Used in PGP
-
Blowfish
Works on 64-bit blocks of data
key length 32 bits upt ot 448 bits
16 rounds of functions
unpatented
-
RC4
Commenly implmented stream ciphers - variable key size
altorithm is simple, fast, and efficient but the source code was released
-
RC5
RC6
Can use variety of parameters for block size, key size and the number of rounds used.
- BLOCK - 32, 64, 128
- Key size - goes up to 2048 bits
- Rounds - up to 255
RC6 - similar to RC5 - but submitted as AES -
-
ECC
Elliptic Curve Cryptosystem - More efficient that RSA - Asymmetric encryption
-
Hashes, HMACS, and CDC-MACs
- (MAC) - Message authentication code
-
-
-
PKI
CA
CRL
RA
- Certificate Authority
- Certificate Revocation List
- Registration Authority
-
Encryption at Different Layers
-
MIME
S/MIME
- Multipurpose Internet Mail Extension - how multimedia data dn e-mail attachments are handled
- Secure MIME - handles encrypting and digitally signing electronic mail
-
PEM
MSP
- Privacy Enhanced Mail
- Provide secure e-mail over the Inernet
Message Security Protocol - Military's PEM
-
HTTP Secure (HTTPS)
- Uses SSL over Transport Layer
- HTTP - application layer
- Secure HTTP - secures message between two computers
- HTTPS - secures communication channel between two computers
-
SET
Secure Electronic Transaction - proposed by Vise - more secure credit card transaction possibilities
-
IPSec
AH
ESP
Transport Mode
Tunnel Mode
IKE
- AH - Authentication Header - Authentication & Integrity
- ESP - Encapsulating Security - Authentication & Integrity & Confidentiality
- transport mode - payload of the message is protected
- tunnel mode - payload AND routing information is protected
- security assocation - SA - record for each VPN
IKE - internet Key exchange - Standard for IPSec Key exchange
- ISAKMP - architecture of key exchange
- OAKLEY - protocol that carries out the negotiation process
- ICV - Integrity Check value -
- SPI - security parameter index - keeps track of SAs
|
|