Cryptography - Ch. 8

Restricting and controling subject and object access attempts

Set of mathematical rules used in encryption and decryption

Cipher - same

Science of secret writing that enables you to store transmit dat in a form that is available only to the intended individuals.

Hardware or software implementation of cryptography

Breaing cryptic systems

proving the source of a message (system-based authentication)

Encipher - Act of transforming data into an unreadable format

Decipher - Transforming data into a readible format

Proving the identity of the entity that sent a message

sequence of bits and instructions that governs the acto of encryption and decryption

instance when two different keys generate the same ciphertext from the same plaintext

a range of possible values used to construct keys

Estimated time, effort, and resources necessary to break a cryptosystem

• Strengths
• Must faster than asymmectric systems
• hard to break if using a large key size
• Confidentiality

• Weaknesses
• Requires a secure mechanism to deliver keys
• Each pair is a unique key - key management
• Does not provide Authenticity or nonrepudiation

• TYPES
• Data Encryption Standard (DES)
• Triple-DES (3DES)
• Blowfish
• IDEA
• RC4, RC5, RC6
• Advanced Encryption Standard (AES)

• Strengths
• Better Key distribution than symmetric
• Scalability
• Authentication and non-repudiation

• Weaknesses
• works much more slowly than symmetric systems
• matehmatically intensive tasks

• TYPES
• RSA
• Elliptic curve cryptosystem (ECC)
• Diffie-Hellman
• El Gamal
• Digital Signature Algorithm (DSA)
• Knapsack

block of message that is devided into blocks and then put through mathematical functions

Substition of data

Transposition

• Data Encryption Standard
• symmetric block encryption algorithm
• 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out
• 65-bit key - 8 bits parity - 52 bit true key

Lucifer - IBM - 128 bit

DEA - Data Encryption Algorithm - NASA - 64 bit

• A 64 bit data block is enered into algorith, with a key and a block of ciphertext is produced
• for a given block of plaintext and a given key, the same block of ciphertext is always produced

NOT RANDOM ENOUGH

Each blcok of text, the key, and the value is based on teh previous block that is processed in teh algorithm .. applied to the next block of data.

MORE RANDOM CIPHERTEXT

Better for smaller amounts of data

First 8 bits needs to be encrypted - IV (initialization vector)

The Key + IV put in to Algorithm - > creates KEY STREAM

Plaintext -> KEYSTREAM -> Cyphertext

Cyphertext +Key goes put into Algorithm - Creates next set of KEY STREAM

• Same as CFM EXCEPT -
• Keystream +Key goes into algorithm to create next Key stream

REDUCES number of errors

Same as OFB, but instand of a unique IV, it uses a IV counter tha increments for each plaintext block that needs to be encrypted

• 48 rounds in computation
• 3 keys 56 bits

• DES-EEE3 - 3 different keys for encryption - encrypted, encrypted, encrypted
• DES-EDE3 - 3 different keys for encryption - encrypted, decrypted, encrypted
• DES-EEE2 - 2 keys - first and third are the same - encrypted, encrypted, encrypted
• DES-EDE2 - 2 keys - first and third are the same - encrypted, decrypted, encrypted

Symmectric block cipher supporting key sizes of 128, 192, & 256 bits

• runners up
• MARS
• RC6
• Serpent
• Twofish
• Rijinel

• International Data Encryption Algorithm
• 64 bit data block is split into 16 different smaller blockes - each has 8 rounds of mathematical functions performed on it

Key size is 128 bits

Faster when implemented in software than DES

Used in PGP

Works on 64-bit blocks of data

key length 32 bits upt ot 448 bits

16 rounds of functions

unpatented

Commenly implmented stream ciphers - variable key size

altorithm is simple, fast, and efficient but the source code was released

Can use variety of parameters for block size, key size and the number of rounds used.

• BLOCK - 32, 64, 128
• Key size - goes up to 2048 bits
• Rounds - up to 255

RC6 - similar to RC5 - but submitted as AES -

Elliptic Curve Cryptosystem - More efficient that RSA - Asymmetric encryption

• (MAC) - Message authentication code
• 

• HMAC - Hash MAC
• 

• Certificate Authority
• Certificate Revocation List
• Registration Authority

• Multipurpose Internet Mail Extension - how multimedia data dn e-mail attachments are handled
• Secure MIME - handles encrypting and digitally signing electronic mail

• Privacy Enhanced Mail
• Provide secure e-mail over the Inernet

Message Security Protocol - Military's PEM

• Uses SSL over Transport Layer
• HTTP - application layer

• Secure HTTP - secures message between two computers
• HTTPS - secures communication channel between two computers

Secure Electronic Transaction - proposed by Vise - more secure credit card transaction possibilities

• AH - Authentication Header - Authentication & Integrity
• ESP - Encapsulating Security - Authentication & Integrity & Confidentiality

• transport mode - payload of the message is protected
• tunnel mode - payload AND routing information is protected
• security assocation - SA - record for each VPN

IKE - internet Key exchange - Standard for IPSec Key exchange

• ISAKMP - architecture of key exchange
• OAKLEY - protocol that carries out the negotiation process
• ICV - Integrity Check value -
• SPI - security parameter index - keeps track of SAs