# Cryptography - Ch. 8

The flashcards below were created by user wathy64 on FreezingBlue Flashcards.

1. Access Control
Restricting and controling subject and object access attempts
2. Algorithm - Cipher
Set of mathematical rules used in encryption and decryption

Cipher - same
3. Cryptography
Science of secret writing that enables you to store transmit dat in a form that is available only to the intended individuals.
4. Cryptosystem
Hardware or software implementation of cryptography
5. Cryptanalysis
Breaing cryptic systems
6. Data Origin Authentication
proving the source of a message (system-based authentication)
7. Encipher
Decipher
Encipher - Act of transforming data into an unreadable format

Decipher - Transforming data into a readible format
8. Entity Authentication
Proving the identity of the entity that sent a message
9. Key
sequence of bits and instructions that governs the acto of encryption and decryption
10. key clustering
instance when two different keys generate the same ciphertext from the same plaintext
11. keyspace
a range of possible values used to construct keys
12. Work factor
Estimated time, effort, and resources necessary to break a cryptosystem
13. One time pad
14. Symmetric Cryptography - Strengths and weaknesses
• Strengths
• Must faster than asymmectric systems
• hard to break if using a large key size
• Confidentiality

• Weaknesses
• Requires a secure mechanism to deliver keys
• Each pair is a unique key - key management
• Does not provide Authenticity or nonrepudiation

• TYPES
• Data Encryption Standard (DES)
• Triple-DES (3DES)
• Blowfish
• IDEA
• RC4, RC5, RC6
• Advanced Encryption Standard (AES)
15. Aysmmetric Cryptography - Strengths and weaknesses
• Strengths
• Better Key distribution than symmetric
• Scalability
• Authentication and non-repudiation

• Weaknesses
• works much more slowly than symmetric systems
• matehmatically intensive tasks

• TYPES
• RSA
• Elliptic curve cryptosystem (ECC)
• Diffie-Hellman
• El Gamal
• Digital Signature Algorithm (DSA)
• Knapsack
16. Block cipher
block of message that is devided into blocks and then put through mathematical functions
17. Confusion
Substition of data
18. diffusion
Transposition
19. DES

Lucifer

DEA - Data Encryption Algorithm
• Data Encryption Standard
• symmetric block encryption algorithm
• 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out
• 65-bit key - 8 bits parity - 52 bit true key

Lucifer - IBM - 128 bit

DEA - Data Encryption Algorithm - NASA - 64 bit
20. DES Modes
Eleectronic Cod Book (ECB)
• A 64 bit data block is enered into algorith, with a key and a block of ciphertext is produced
• for a given block of plaintext and a given key, the same block of ciphertext is always produced

NOT RANDOM ENOUGH
21. DES Modes
Cipher Block Chaining (CBC)
Each blcok of text, the key, and the value is based on teh previous block that is processed in teh algorithm .. applied to the next block of data.

MORE RANDOM CIPHERTEXT
22. DES Modes
Cipher Feedback modes (CFM)

OUTPUT Feedback mode (OFM)
Better for smaller amounts of data

First 8 bits needs to be encrypted - IV (initialization vector)

The Key + IV put in to Algorithm - > creates KEY STREAM

Plaintext -> KEYSTREAM -> Cyphertext

Cyphertext +Key goes put into Algorithm - Creates next set of KEY STREAM

• Same as CFM EXCEPT -
• Keystream +Key goes into algorithm to create next Key stream

REDUCES number of errors
23. DES Modes
Counter Mode
Same as OFB, but instand of a unique IV, it uses a IV counter tha increments for each plaintext block that needs to be encrypted
24. Triple DES (3DES)
• 48 rounds in computation
• 3 keys 56 bits

• DES-EEE3 - 3 different keys for encryption - encrypted, encrypted, encrypted
• DES-EDE3 - 3 different keys for encryption - encrypted, decrypted, encrypted
• DES-EEE2 - 2 keys - first and third are the same - encrypted, encrypted, encrypted
• DES-EDE2 - 2 keys - first and third are the same - encrypted, decrypted, encrypted
25. AES
Symmectric block cipher supporting key sizes of 128, 192, & 256 bits

• runners up
• MARS
• RC6
• Serpent
• Twofish
• Rijinel
26. IDEA
• International Data Encryption Algorithm
• 64 bit data block is split into 16 different smaller blockes - each has 8 rounds of mathematical functions performed on it

Key size is 128 bits

Faster when implemented in software than DES

Used in PGP
27. Blowfish
Works on 64-bit blocks of data

key length 32 bits upt ot 448 bits

16 rounds of functions

unpatented
28. RC4
Commenly implmented stream ciphers - variable key size

altorithm is simple, fast, and efficient but the source code was released
29. RC5

RC6
Can use variety of parameters for block size, key size and the number of rounds used.

• BLOCK - 32, 64, 128
• Key size - goes up to 2048 bits
• Rounds - up to 255

RC6 - similar to RC5 - but submitted as AES -
30. ECC
Elliptic Curve Cryptosystem - More efficient that RSA - Asymmetric encryption
31. Hashes, HMACS, and CDC-MACs
• (MAC) - Message authentication code

• HMAC - Hash MAC
32. Hashing Algorithms
33. Digital Signature
34. PKI
CA
CRL
RA
• Certificate Authority
• Certificate Revocation List
• Registration Authority
35. Encryption at Different Layers
36. MIME
S/MIME
• Multipurpose Internet Mail Extension - how multimedia data dn e-mail attachments are handled
• Secure MIME - handles encrypting and digitally signing electronic mail
37. PEM
MSP
• Privacy Enhanced Mail
• Provide secure e-mail over the Inernet

Message Security Protocol - Military's PEM
38. HTTP Secure (HTTPS)
• Uses SSL over Transport Layer
• HTTP - application layer

• Secure HTTP - secures message between two computers
• HTTPS - secures communication channel between two computers
39. SET
Secure Electronic Transaction - proposed by Vise - more secure credit card transaction possibilities
40. IPSec
AH
ESP

Transport Mode
Tunnel Mode

IKE
• AH - Authentication Header - Authentication & Integrity
• ESP - Encapsulating Security - Authentication & Integrity & Confidentiality

• transport mode - payload of the message is protected
• tunnel mode - payload AND routing information is protected
• security assocation - SA - record for each VPN

IKE - internet Key exchange - Standard for IPSec Key exchange

• ISAKMP - architecture of key exchange
• OAKLEY - protocol that carries out the negotiation process
• ICV - Integrity Check value -
• SPI - security parameter index - keeps track of SAs
 Author: wathy64 ID: 26165 Card Set: Cryptography - Ch. 8 Updated: 2010-07-10 04:29:51 Tags: CISSP Cryptography Folders: Description: Shon Harris Ch. 8 CISSP review Show Answers: