Cryptography Flashcards
(38 cards)
Stream Cipher
A stream cipher is a symmetric encryption method that encrypts data one bit at a time.
A stream cipher solves the problem of having excessively large keys associated with OTP by using a smaller, fixed-length seed key, such as one that is 2048 bits in length. The following describes the process of creating a seed key:
The seed key is run through a pseudorandom number generator, which outputs a new and unique encryption key the same size as the data being encrypted. This new key is called a keystream.
The keystream is XORed with the data to create the ciphertext.
The seed key can be used repeatedly throughout the encryption process.
While stream ciphers are less secure than the one-time pad, this method can be used in real-time. One of the most widely used stream ciphers was Rivest’s Cipher 4 (RC4). However, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is no longer used today.
Electronic Code Book (ECB)
ECB is the simplest mode of operation.
Each block of plaintext data is encrypted separately.
Blocks of data can be encrypted simultaneously, allowing for faster encryption.
The biggest disadvantage is that blocks with identical data will generate the same ciphertext.
Cipher Block Chaining (CBC)
CBC is similar to ECB, except this mode uses an initialization vector (IV).
The IV is a starting variable that is XORed with the plaintext of the current block to encrypt the data.
The IV for the starting block is a randomly generated value. Each subsequent IV is the ciphertext from the previous block.
CBC is more secure than ECB due to the IV, but it is slower because blocks cannot be encrypted simultaneously.
Cipher Feedback mode (CFB)
CFB also uses an IV, but instead of using it on the plaintext, the IV is encrypted first. That output is then XORed with the plaintext to create the block of ciphertext.
This is the equivalent of using a one-time pad to encrypt the data.
The IV for the starting block is a randomly generated value. Each subsequent IV is the ciphertext from the previous block.
Output Feedback mode (OFB)
This mode is identical to CFB except for the IV used after the first round.
The output of the IV encryption is used as the next block’s ciphertext.
Counter mode (CTR)
Instead of using an initialization vector, CTR uses a nonce combined with a counter that is encrypted.
A nonce is a random string used for all blocks during the encryption process.
The encrypted output of the nonce and counter is then XORed with the plaintext to create the ciphertext.
The counter increments for each block. This ensures that each block uses a different value so that even if blocks have the same data, the ciphertext will be different.
Galois Counter mode (GCM)
All other modes of operation are unauthenticated forms of encryption. The Galois Counter mode provides both encryption and authentication.
GCM works like Counter mode, except the ciphertext is combined with a special hash.
The output of the ciphertext and hash contains the encrypted data and a Message Authentication Code (MAC) that gives assurance that the message has not been tampered with.
Because GCM is extremely efficient and provides authentication, it is often used with network communications such as 802.11 and when sending encrypted data to a web server using TLS or SSH.
There are other encryption methods that also provide authentication, but GCM is the most widely used method.
Homomorphic Encryption
An inherent risk with all encryption is that for the data to be worked on (computation on ciphertexts), it must first be decrypted. Homomorphic encryption addresses this concern by allowing data to be worked on without decrypting it first.
Partially homomorphic encryption (PHE)
PHE allows only select simple math functions (such as addition) to be performed. This means that only one math function can be performed an unlimited number of times on the encrypted values.
Somewhat homomorphic encryption (SHE)
SHE allows more complex math (such as multiplication) to occur. However, it can only be performed a limited number of times.
Fully homomorphic encryption (FHE)
This method can handle both simple and advanced math functions (such as addition and multiplication) being performed an unlimited number of times on the encrypted values.
FHE is still in the developmental stage.
Blockchain
Blockchain is a concept in which an expanding list of transactional records is secured using cryptography. Each record is referred to as a block and is run through a hash function. The hash value of the previous block in the chain is added to the hash calculation of the next block in the chain. This ensures that each successive block is cryptographically linked. Each block validates the hash of the previous block all the way through to the beginning of the chain, ensuring that each historical transaction has not been tampered with. In addition, each block typically includes a time stamp of one or more transactions as well as the data involved in the transactions themselves.
Open Public Ledger
The blockchain is recorded in an open public ledger . This ledger does not exist as an individual file on a single computer; rather, one of the most important characteristics of a blockchain is that it is decentralized. The ledger is distributed across a peer-to-peer (P2P) network in order to mitigate the risks associated with having a single point of failure or compromise. Blockchain users can, therefore, trust each other equally. Likewise, another defining quality of a blockchain is its openness—everyone has the same ability to view every transaction on a blockchain.
Dictionary Attack
A dictionary attack is a type of brute-force attack. The hacker uses a list of words and phrases to try to guess the decryption key.
Dictionary attacks work well if weak passwords are used.
Using longer and uncommon passphrases is the best way to secure data against these attacks.
Collision attack
A collision attack tries to find two inputs that produce the same hash value. This type of attack is often used on digital signatures.
If a hacker wanted to get User2 to sign a document by making it seem like it came from User1, they would generate two documents that generate the same hash.
The hacker would send one document to User1 and get that signature.
The signature would be attached to the second document and sent to User2. Because the hashes are identical, User2 thinks the document is legitimate and has been signed by User1.
Generating longer hash outputs is the key to stopping these types of attacks.
Birthday attack
This attack combines a collision attack and a brute-force attack. The name is taken from the birthday probability math problem.
The birthday probability math problem states that if you have 30 people in a room, the probability that someone has the same birthday as you is approximately 8%. However, the probability that any two people in the room have the same birthday is 70%. This is because we are not looking for an exact match (just any match), so the probability is higher. Digital signatures can be susceptible to birthday attacks.
Generating longer hash outputs is the key to stopping these attacks.
Downgrade attack
A downgrade attack forces the system to use an older, less secure communication protocol.
SSL exploitation is a common implementation of this attack. A hacker can set up their computer to only use SSL so that when the request is sent to the server, the server downgrades from TLS to SSL to communicate. This then allows the hacker to launch SSL-based attacks on the server.
Downgrade attacks are often used as part of a man-in-the-middle (MITM) attack. The hacker can intercept an HTTPS packet and downgrade it to an HTTP packet. If the server is not configured properly, the server responds using HTTP. This allows the hacker to now see all communications.
To prevent downgrade attacks, servers must be set up not to support these older and less secure protocols. Proper server configuration is the key to stopping these types of attacks.
Hybrid Cryptography
A hybrid cryptography system combines the strengths of hashing, symmetric encryption, and asymmetric encryption, depending on the needs of the project or service.
Microsoft’s Encrypting File System, or EFS
Microsoft’s EFS uses the following steps to encrypt data:
A file is encrypted using a File Encryption Key (FEK).
The FEK is encrypted with the user’s public asymmetric key.
The file is sent to the intended recipient.
The user’s private key is used to decrypt the FEK.
The FEK is used to decrypt the file.
One of the biggest weaknesses of the EFS is that the user’s private key is essentially their user password. If the password is weak, the encryption will also be weak.
Obfuscation
A technique that essentially hides or camouflages code or other information so that it is harder to read by unauthorized users.
Data masking
A de-identification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.
Data masking can mean that all or part of the contents of a database field are redacted by substituting all character strings with “x,” for example.
Tokenization
A de-identification method where a unique token is substituted for real data.
Tokenization means that all or part of the value of a database field is replaced with a randomly generated token.
Encryption with Steganography
There has been an increased amount of research done on how to best combine encryption with steganography. The process essentially follows the steps below:
Encrypt plaintext with a private key to generate ciphertext.
The ciphertext is hidden inside a media file, such as an image, using steganography.
The recipient extracts the ciphertext and decrypts it using the matching public key.
Because the ciphertext is hidden in the image file, someone intercepting the message would have to know it is there before being able to decrypt it.
Key Management
Key management refers to operational considerations for the various stages in a key’s lifecycle. A key’s lifecycle may involve the following stages:
Key Generation — creates an asymmetric key pair or symmetric secret key of the required strength using the chosen cipher.
Storage — prevents unauthorized access to a private or secret key and protects against loss or damage.
Revocation — prevents use of the key if it is compromised. If a key is revoked, any data that was encrypted using it should be re-encrypted using a new key.
Expiration and Renewal — gives the certificate a “shelf-life,” increasing security. Every certificate expires after a certain period. Certificates can be renewed with the same key pair or with a new key pair.
