Cryptography - Ch. 8

Card Set Information

Author:
wathy64
ID:
26165
Filename:
Cryptography - Ch. 8
Updated:
2010-07-10 00:29:51
Tags:
CISSP Cryptography
Folders:

Description:
Shon Harris Ch. 8 CISSP review
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user wathy64 on FreezingBlue Flashcards. What would you like to do?


  1. Access Control
    Restricting and controling subject and object access attempts
  2. Algorithm - Cipher
    Set of mathematical rules used in encryption and decryption

    Cipher - same
  3. Cryptography
    Science of secret writing that enables you to store transmit dat in a form that is available only to the intended individuals.
  4. Cryptosystem
    Hardware or software implementation of cryptography
  5. Cryptanalysis
    Breaing cryptic systems
  6. Data Origin Authentication
    proving the source of a message (system-based authentication)
  7. Encipher
    Decipher
    Encipher - Act of transforming data into an unreadable format

    Decipher - Transforming data into a readible format
  8. Entity Authentication
    Proving the identity of the entity that sent a message
  9. Key
    sequence of bits and instructions that governs the acto of encryption and decryption
  10. key clustering
    instance when two different keys generate the same ciphertext from the same plaintext
  11. keyspace
    a range of possible values used to construct keys
  12. Work factor
    Estimated time, effort, and resources necessary to break a cryptosystem
  13. One time pad
  14. Symmetric Cryptography - Strengths and weaknesses
    • Strengths
    • Must faster than asymmectric systems
    • hard to break if using a large key size
    • Confidentiality

    • Weaknesses
    • Requires a secure mechanism to deliver keys
    • Each pair is a unique key - key management
    • Does not provide Authenticity or nonrepudiation

    • TYPES
    • Data Encryption Standard (DES)
    • Triple-DES (3DES)
    • Blowfish
    • IDEA
    • RC4, RC5, RC6
    • Advanced Encryption Standard (AES)
  15. Aysmmetric Cryptography - Strengths and weaknesses
    • Strengths
    • Better Key distribution than symmetric
    • Scalability
    • Authentication and non-repudiation

    • Weaknesses
    • works much more slowly than symmetric systems
    • matehmatically intensive tasks

    • TYPES
    • RSA
    • Elliptic curve cryptosystem (ECC)
    • Diffie-Hellman
    • El Gamal
    • Digital Signature Algorithm (DSA)
    • Knapsack
  16. Block cipher
    block of message that is devided into blocks and then put through mathematical functions
  17. Confusion
    Substition of data
  18. diffusion
    Transposition
  19. DES

    Lucifer

    DEA - Data Encryption Algorithm
    • Data Encryption Standard
    • symmetric block encryption algorithm
    • 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out
    • 65-bit key - 8 bits parity - 52 bit true key



    Lucifer - IBM - 128 bit

    DEA - Data Encryption Algorithm - NASA - 64 bit
  20. DES Modes
    Eleectronic Cod Book (ECB)
    • A 64 bit data block is enered into algorith, with a key and a block of ciphertext is produced
    • for a given block of plaintext and a given key, the same block of ciphertext is always produced

    NOT RANDOM ENOUGH
  21. DES Modes
    Cipher Block Chaining (CBC)
    Each blcok of text, the key, and the value is based on teh previous block that is processed in teh algorithm .. applied to the next block of data.

    MORE RANDOM CIPHERTEXT
  22. DES Modes
    Cipher Feedback modes (CFM)

    OUTPUT Feedback mode (OFM)
    Better for smaller amounts of data

    First 8 bits needs to be encrypted - IV (initialization vector)

    The Key + IV put in to Algorithm - > creates KEY STREAM

    Plaintext -> KEYSTREAM -> Cyphertext

    Cyphertext +Key goes put into Algorithm - Creates next set of KEY STREAM

    • Same as CFM EXCEPT -
    • Keystream +Key goes into algorithm to create next Key stream

    REDUCES number of errors
  23. DES Modes
    Counter Mode
    Same as OFB, but instand of a unique IV, it uses a IV counter tha increments for each plaintext block that needs to be encrypted
  24. Triple DES (3DES)
    • 48 rounds in computation
    • 3 keys 56 bits



    • DES-EEE3 - 3 different keys for encryption - encrypted, encrypted, encrypted
    • DES-EDE3 - 3 different keys for encryption - encrypted, decrypted, encrypted
    • DES-EEE2 - 2 keys - first and third are the same - encrypted, encrypted, encrypted
    • DES-EDE2 - 2 keys - first and third are the same - encrypted, decrypted, encrypted
  25. AES
    Symmectric block cipher supporting key sizes of 128, 192, & 256 bits

    • runners up
    • MARS
    • RC6
    • Serpent
    • Twofish
    • Rijinel
  26. IDEA
    • International Data Encryption Algorithm
    • 64 bit data block is split into 16 different smaller blockes - each has 8 rounds of mathematical functions performed on it

    Key size is 128 bits

    Faster when implemented in software than DES

    Used in PGP
  27. Blowfish
    Works on 64-bit blocks of data

    key length 32 bits upt ot 448 bits

    16 rounds of functions

    unpatented
  28. RC4
    Commenly implmented stream ciphers - variable key size

    altorithm is simple, fast, and efficient but the source code was released
  29. RC5

    RC6
    Can use variety of parameters for block size, key size and the number of rounds used.

    • BLOCK - 32, 64, 128
    • Key size - goes up to 2048 bits
    • Rounds - up to 255

    RC6 - similar to RC5 - but submitted as AES -
  30. ECC
    Elliptic Curve Cryptosystem - More efficient that RSA - Asymmetric encryption
  31. Hashes, HMACS, and CDC-MACs
    • (MAC) - Message authentication code

    • HMAC - Hash MAC
  32. Hashing Algorithms
  33. Digital Signature
  34. PKI
    CA
    CRL
    RA
    • Certificate Authority
    • Certificate Revocation List
    • Registration Authority
  35. Encryption at Different Layers
  36. MIME
    S/MIME
    • Multipurpose Internet Mail Extension - how multimedia data dn e-mail attachments are handled
    • Secure MIME - handles encrypting and digitally signing electronic mail
  37. PEM
    MSP
    • Privacy Enhanced Mail
    • Provide secure e-mail over the Inernet

    Message Security Protocol - Military's PEM
  38. HTTP Secure (HTTPS)
    • Uses SSL over Transport Layer
    • HTTP - application layer

    • Secure HTTP - secures message between two computers
    • HTTPS - secures communication channel between two computers
  39. SET
    Secure Electronic Transaction - proposed by Vise - more secure credit card transaction possibilities
  40. IPSec
    AH
    ESP

    Transport Mode
    Tunnel Mode

    IKE
    • AH - Authentication Header - Authentication & Integrity
    • ESP - Encapsulating Security - Authentication & Integrity & Confidentiality

    • transport mode - payload of the message is protected
    • tunnel mode - payload AND routing information is protected
    • security assocation - SA - record for each VPN

    IKE - internet Key exchange - Standard for IPSec Key exchange

    • ISAKMP - architecture of key exchange
    • OAKLEY - protocol that carries out the negotiation process
    • ICV - Integrity Check value -
    • SPI - security parameter index - keeps track of SAs

What would you like to do?

Home > Flashcards > Print Preview