
Access Control
Restricting and controling subject and object access attempts

Algorithm  Cipher
Set of mathematical rules used in encryption and decryption
Cipher  same

Cryptography
Science of secret writing that enables you to store transmit dat in a form that is available only to the intended individuals.

Cryptosystem
Hardware or software implementation of cryptography

Cryptanalysis
Breaing cryptic systems

Data Origin Authentication
proving the source of a message (systembased authentication)

Encipher
Decipher
Encipher  Act of transforming data into an unreadable format
Decipher  Transforming data into a readible format

Entity Authentication
Proving the identity of the entity that sent a message

Key
sequence of bits and instructions that governs the acto of encryption and decryption

key clustering
instance when two different keys generate the same ciphertext from the same plaintext

keyspace
a range of possible values used to construct keys

Work factor
Estimated time, effort, and resources necessary to break a cryptosystem


Symmetric Cryptography  Strengths and weaknesses
 Strengths
 Must faster than asymmectric systems
 hard to break if using a large key size
 Confidentiality
 Weaknesses
 Requires a secure mechanism to deliver keys
 Each pair is a unique key  key management
 Does not provide Authenticity or nonrepudiation
 TYPES
 Data Encryption Standard (DES)
 TripleDES (3DES)
 Blowfish
 IDEA
 RC4, RC5, RC6
 Advanced Encryption Standard (AES)

Aysmmetric Cryptography  Strengths and weaknesses
 Strengths
 Better Key distribution than symmetric
 Scalability
 Authentication and nonrepudiation
 Weaknesses
 works much more slowly than symmetric systems
 matehmatically intensive tasks
 TYPES
 RSA
 Elliptic curve cryptosystem (ECC)
 DiffieHellman
 El Gamal
 Digital Signature Algorithm (DSA)
 Knapsack

Block cipher
block of message that is devided into blocks and then put through mathematical functions

Confusion
Substition of data


DES
Lucifer
DEA  Data Encryption Algorithm
 Data Encryption Standard
 symmetric block encryption algorithm
 64bit blocks of plaintext go in, 64bit blocks of ciphertext come out
 65bit key  8 bits parity  52 bit true key
Lucifer  IBM  128 bit
DEA  Data Encryption Algorithm  NASA  64 bit

DES Modes
Eleectronic Cod Book (ECB)
 A 64 bit data block is enered into algorith, with a key and a block of ciphertext is produced
 for a given block of plaintext and a given key, the same block of ciphertext is always produced
NOT RANDOM ENOUGH

DES Modes
Cipher Block Chaining (CBC)
Each blcok of text, the key, and the value is based on teh previous block that is processed in teh algorithm .. applied to the next block of data.
MORE RANDOM CIPHERTEXT

DES Modes
Cipher Feedback modes (CFM)
OUTPUT Feedback mode (OFM)
Better for smaller amounts of data
First 8 bits needs to be encrypted  IV (initialization vector)
The Key + IV put in to Algorithm  > creates KEY STREAM
Plaintext > KEYSTREAM > Cyphertext
Cyphertext +Key goes put into Algorithm  Creates next set of KEY STREAM
 Same as CFM EXCEPT 
 Keystream +Key goes into algorithm to create next Key stream
REDUCES number of errors

DES Modes
Counter Mode
Same as OFB, but instand of a unique IV, it uses a IV counter tha increments for each plaintext block that needs to be encrypted

Triple DES (3DES)
 48 rounds in computation
 3 keys 56 bits
 DESEEE3  3 different keys for encryption  encrypted, encrypted, encrypted
 DESEDE3  3 different keys for encryption  encrypted, decrypted, encrypted
 DESEEE2  2 keys  first and third are the same  encrypted, encrypted, encrypted
 DESEDE2  2 keys  first and third are the same  encrypted, decrypted, encrypted

AES
Symmectric block cipher supporting key sizes of 128, 192, & 256 bits
 runners up
 MARS
 RC6
 Serpent
 Twofish
 Rijinel

IDEA
 International Data Encryption Algorithm
 64 bit data block is split into 16 different smaller blockes  each has 8 rounds of mathematical functions performed on it
Key size is 128 bits
Faster when implemented in software than DES
Used in PGP

Blowfish
Works on 64bit blocks of data
key length 32 bits upt ot 448 bits
16 rounds of functions
unpatented

RC4
Commenly implmented stream ciphers  variable key size
altorithm is simple, fast, and efficient but the source code was released

RC5
RC6
Can use variety of parameters for block size, key size and the number of rounds used.
 BLOCK  32, 64, 128
 Key size  goes up to 2048 bits
 Rounds  up to 255
RC6  similar to RC5  but submitted as AES 

ECC
Elliptic Curve Cryptosystem  More efficient that RSA  Asymmetric encryption

Hashes, HMACS, and CDCMACs
 (MAC)  Message authentication code
 HMAC  Hash MAC



PKI
CA
CRL
RA
 Certificate Authority
 Certificate Revocation List
 Registration Authority

Encryption at Different Layers

MIME
S/MIME
 Multipurpose Internet Mail Extension  how multimedia data dn email attachments are handled
 Secure MIME  handles encrypting and digitally signing electronic mail

PEM
MSP
 Privacy Enhanced Mail
 Provide secure email over the Inernet
Message Security Protocol  Military's PEM

HTTP Secure (HTTPS)
 Uses SSL over Transport Layer
 HTTP  application layer
 Secure HTTP  secures message between two computers
 HTTPS  secures communication channel between two computers

SET
Secure Electronic Transaction  proposed by Vise  more secure credit card transaction possibilities

IPSec
AH
ESP
Transport Mode
Tunnel Mode
IKE
 AH  Authentication Header  Authentication & Integrity
 ESP  Encapsulating Security  Authentication & Integrity & Confidentiality
 transport mode  payload of the message is protected
 tunnel mode  payload AND routing information is protected
 security assocation  SA  record for each VPN
IKE  internet Key exchange  Standard for IPSec Key exchange
 ISAKMP  architecture of key exchange
 OAKLEY  protocol that carries out the negotiation process
 ICV  Integrity Check value 
 SPI  security parameter index  keeps track of SAs

