Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/84

Click to flip

84 Cards in this Set

  • Front
  • Back

Substitution cipher

one character or symbol is changed into another


one of the oldest - Caesar cipher (shift 3-rt)


other e.g.s Atbash, Playfair, Scytale

multi-alphabet substitution

Vigenere cipher


uses keyword to look up cipher text in a table

transposition ciphers

message is broken into equal blocks, then each block is scrambled


Rail Fence cipher

ROT13

algorithm rotates every letter 13 places in the alphabet


enigma machine

typewriter that implemented multi-alphabet cipher


uses 26 alphabet substitutions

steganography

uses LSB (least significant bit) to hide messages in a medium


Programs- QuickStego , Invisible Secrets


used for watermarking

Encrypt filesystem in Linux

1. login as root and start YaST


2. Choose System>Partitioner


3. yes to prompt. select filesystem and edit


4. select the Encrypt file system check box. Ok

What are the major areas of modern cryptography?

symmetric cryptography


asymmetric cryptography


hashing algorithms

symmetric cryptography

both ends of encrypted message use the same key and algorithms


uses a secret/private key


uses block or stream cipher


fast


e.g.s- DES, 3DES, AES, AE256, CAST, RC4, RC5, RC6, Blowfish, Teofish, IDEA, One time pads

DES ( data encryption standard)

replaced by AES


based on 56 bit


considered insecure due to small key size

3DES (Triple DES)

upgrade to DES


key length is 168 bits


uses 3 56 bit DES keys

AES (advanced encryption standard)

replaced DES


uses Rijndael algorithm


used bu govt agencies


default key is 128 bits


supports 128, 192, 256 bits

AES256

uses 256 bits


qualifies for US govt top secret classification


CAST

developed by Carlisle Adams & Stafford Tavares


used in microsoft and IBM products


uses 40-128 bit key


fast and efficient


additional versions- CAST128, CAST256

Ron's Cipher (RC)

an encryption family by RSA labs


authored by Ron rivest


current levels are RC4, RC%, and RC6


uses key size up to 2048 bits

RC4 (ron's cipher 4)

popular with WEP/WPA encryption


streaming cipher using 40-2048 bit keys


used in SSL and TLS


used in utilities for downloading BitToreents

Blowfish

invented by Bruce Schneier and team


performs 64 bit block cipher (symmetric) fast speeds


uses variable length keys from 32-448 bits

Twofish

similiar to Blowfish


works on 128 bit blocks


has complex key schedule

IDEA (international data encryption algorithm)

developed by Swiss consortium


uses 128 bit key


more secure than DES but similiar concept


used in PGP (pretty good privacy)


Ascom AG holds the right to market

One-Time Pads

only truly completely secure cryptographic implementation


use a key that is as long as a plaintext message


used only once

key exchange

2 primary approaches: in band key exchange (same channel as encryption), out of band key exchange

forward secrecy

property of any key exchange system that ensures if 1 key is compromised, subsequent keys will not be compromised.

perfect forward secrecy

when the key exchange process is unbreakable


common approach uses ephemeral keys

asymmetric algortihms

uses public key to encrypt and private key to decrypt


based on number theory


the 4 popular ones are: RSA, Diffie-Hellman, ECC,and ElGamal


RSA

named after inventors Rivest, shamir, Adleman


the de facto standard


uses large integers


works with both encryption and digital signatures


can be used for key exchange

Diffie-Helman

used primarily to send keys across public networks.


used to create symmetric keys between 2 parties


does not encrypt nor decrypt

ECC (elliptic curve cryptography)

similiar to RSA but uses smaller keys


uses points on a curve combined with a point at infinity and the difficulty of solving discrete algorithms


NSA recommended


will be commonly implemented on cell phones soon


variations: ECC-DH and ECC-DSA

ElGamal

use ephemeral key


used for single communication session

ephemeral key

a key that exists for only a single session


allows for perfect forward secrecy

Kerckhoff's Principle

the security of an algorithm should depend only on the secrecy of the key and not the algorithm itself.

Hashing Algorithms

secure hash algorithm (SHA)


message digest algorithm (MD)


The RACE integrity Primitives Evaluation Message (RIPEMD)


GOST


LANMAN


NT Lan Manager (NTLM)

hash characteristics

1. must be 1 way


2. variable length input produces fixed length output


3. algorithm must have few or no collisions ( 2 inputs don't give same output)

rainbow tables

all possible hashes are computed in advance


e.g. OphCrack

salt

added bits at key locations either before or after hash

key stretching

strengthening a weak key


2 methods: PBKDF2 (Password-based key derivation function 2) & Bcrypt

quantum cryptography

originally limited to lab work and secret govt applications


basis for QKE (quantum key exchange)

Common code breaking techniques`

frequency analysis- looks at patterns


chosen plaintext


related key attack


brute force attacks


exploiting human error

cryptographic system

a system, method, or process that is used to provide encryption and decryption

pre-shared key

when all the clients and access points share the same key

work factor

an estimate of the amount of time and effort that would be needed to break a system

digital signatures

sender uses private key to create digital signature


receiver uses public key attached to message to decrypt


most use a hash to ensure message hasn't been altered


receiver compares signature area (message digest) to calculated value

nonrepudiation

prevents one party from denying actions they carried out

Certificate Authority (CA)

manage public keys


issue certificates verifying validity of a sender's message (nonrepudiation)

key escrow

keys to encrypt/decrypt in escrow until requested by 3rd party

key recovery agent

entity that has the ability to recover a key, key components, or plaintext messages

key registration

the process of providing certificates to users


done by a registration authority (RA)

certificate revocation list (CRL)

a list of certificates a specific CA states should no longer be used.


being replaced by OCSP (online certificate status protocol)

types of trust models

bridge


hierarchical


hybrid


mesh

National Security Agency (NSA)

responsible for creating codes, breaking codes, and coding systems for the US government.\


chartered in 1952


responsible for obtaining foreign intelligence and supplying to US govt agencies


world's largest employer of mathematicians

National Security Agency/Central Security Service (NSA/CSS)

independently functioning part of the NSA


supports all branches of the US military


created in the 1970s to standardize and support the DoD

National Institute of Standards and Technology (NIST)

formerly NBS ( national bureau of standards)


develops and supports US govt standards


publishes info about known vulnerabilities

RFC ( Request for Comments)

method to propose a standard


originated in 1969


categorized as a standard, best practice, informational, experimental or historic

major associations

American Bankers Association (ABA)


Internet Engineering Task Force (IETF)


Internet society (ISOC)- oversees the IETF


World Wide Web Consortium (W3C)- sponsors XML


International Telecommunications Union (ITU)


Institute of Electrical and Electronics Engineers (IEEE)- development of PKC, wireless and networking protocols


Public Key Infrastructure X.509 (PKIX)

the working group formed by IETF to develop standards and models for the PKI environment

Public Key Cryptography Standards (PKCS)

a set of voluntary standards created by RSA and security leaders.


there are 15 standards


early group members: Apple, microsoft, HP, Lotus, Sun, MIT

X.509 standard

defines the certificate formats and fields for public keys


defines procedures for public key distribution


currently on v3


2 basic types: End-entity certificate, CA certificate

X.509 properties

signature (primary purpose)


version


serial#


signature algorithm id


issuer name


validity period


subject name


subject public key info


issues unique identifier (v2 and v3)


subject unique identifier (v2 and v3)


extensions (v3)

cipher suite

a combination of methods such as authentication, encryption and message authentication code (MAC) algorithm used together


e.g TLS and SSL

configure ssl port in windows server 2012

1. start> admin tools> IIS manager


2. right click on website and go to Properties


3. select web site tab, enter port #


4. click ok and exit


-default port is 443

certificate management protocol (CMP)

a messaging protocol used between PKI entities

XML Key Management Specification (XKMS)

designed to allow XML-based programs access to PKI services.


built on CMP

Secure Multipurpose Internet Mail Extensions (S/MIME)

standard for encrypting email


contains signature data


assymetric alogorithms for confidentiality


uses digital certificates for authentication

Secure Electronic Transaction (SET)

provides encryption for credit card numbers that can be transmitted over the internet


developed by Visa and Mastercard


works with an electronic wallet

electronic wallet

a device that identifies you electronically in the same ways as the cards you carry in your wallet

Pretty Good Privacy (PGP)

freeware email encryption system


used for email security


uses both asymmetric and symmetric systems


GNU Privacy Guard (GPG)

free alternative to PGP

HTTP Secure (HTTPS)

port 443


uses SSL


used for secure transactions by providing a secure channel

Secure HTTP (S-HTTP)

HTTP with message security


port 80


seldom used


creates a secure message


provides data integrity and authentication

configure IPSec on windows 7/8

1. run perfmon.msc


2. select performance monitor


3. right-click graph, choose Add Counters


4. select IPSec IKEv1 IPv4 and expand options


5. click show description and read comments


6. Click Add--Failed main mode negotiations and failed quick mode negotiations

Federal Information Processing standard (FIPS)

a set of guidelines for US federal government information systems


issued by NIST

Public Key infrastructure (PKI)

a framework


a 2 key, asymmetric system with 4 main components: certificate authority (CA), registration authority (RA), RSA, and digital certificates

certificate policies

define what certificates do


affect how a certificate is issued and how it is used


the policy indicates which certificates will be accepted in a given application

cross certification

the process of requiring interoperability of a certificate

Certificate Practice Statement (CPS)

a detailed statement the CA uses to issue certificates and implement its policies.


discusses how certificates are issued, measures taken to protect certificates, rules that CA users must follow to maintain certificate eligibility

certificate revocation

the process of revoking a certificate before it expires


handled through a CRL (certificate revocation list) or by using OCSP (online certificate status protocol)

PKI trust models

hierarchical


bridge


mesh


hybrid

hierarchical trust model

tree


allows tight control over certificate-based activities


the root CA is at the top and provides all the info


then comes the intermediate CA> Leaf CA (the end of the chain/network)

bridge trust model

a peer-to-peer relationship exists among the root CAs


useful for large, geographically dispersed or 2 separate orgs

mesh trust model

expands on bridge model by supporting multiple paths and root CAs.


also known as a web structure


useful when several orgs need to cross certify certificates

hybrid trust model

uses the capabilities of any or all of the other trust models.

hardware based encryption devices

in the advanced config settings in BIOS you can enable TPM (trusted platform module).


as well as HSMs (hardware security module) which are PCI adapters- its a cryptoprocessor that is used to enhance security

TPM (trusted platform module)

used to assist with hash key generation


a chip that can store cryptographic keys/passwords/certificates


used to protect mobile devices


is sometimes used with BitLocker


may be installed on motherboard

BitLocker

a full disk encryption feature


uses 128 bit encryption


a.k.a. hard drive encryption

data encryption

bitlocker


bitlocker to go


Truecrypt


database encryption