zzDomain 3 - Cryptographic concepts | Crypto Attacks | PKI Infrastructure Flashcards
1
Q
Symmetric Encryption - Strengths
A
Speed, and strength per bit of key
2
Q
Symmetric Encryption - Weakness
A
Key must be shared securely
3
Q
Symmetric Encryption - Stream Cipher
A
Each bit is independently encrypted
4
Q
Symmetric Encryption - Block cipher
A
Blocks of data are encrypted
5
Q
Initialization Vector
A
Symmetric Encryption
Encryption step. Used on Symmetric ciphers to ensure that the first block of data is random
6
Q
Cipher Block Chaining (feedback in stream modes)
A
Uses the previous ciphertext from the previous block, and uses it to XOR’ the next block.
First block uses an Initialization Vector.
7
Q
DES Encryption type
A
Symmetric
8
Q
DES
A
Data Encryption Standard
9
Q
DES Encryption dates
A
1976 US Fed standard
10
Q
DES Encryption, who designed
A
IBM, based on older lucifer symmetric cipher
11
Q
DES Encryption, block size
A
64 bit
12
Q
DES Encryption, key size
A
56 bit
13
Q
DES Modes
A
5 modes: Electronic Code Book - ECB Cipher Block Chaining - CBC Cipher Feedback - CFB Output Feedback - OFB Counter Mode - CTR
14
Q
DES ECB
A
Electronic Code Book
No initialization vector
susceptible to replay attacks.
15
Q
DES CBC
A
Cipher Block Chaining
- Block Mode
- XORs previous block as seed to next block
- First encrypted block is IV for next.
- Errors propogate. An error in one block propagates everywhere
16
Q
DES CFB
A
Cipher Feedback
- Stream
- Uses feedback to destroy patterns
- Uses IV
- Errors propogate
17
Q
DES - OFB
A
Output Feedback
- XORs previous block as seed to next block
- Stream cipher
- Uses subkey before it is XORed to plaintext
- Subkey is not affected by Encryption errors
- errors don’t propagate
18
Q
DES CTR
A
Counter
- Uses a counter
- Errors don’t propogate
19
Q
Double DES
A
Repeat the process twice
20
Q
Triple DES
A
Applies DES three times per block before moving to next block
21
Q
2TDES
A
Two triple DES. Uses 1 key to encrypt, another to ‘decrypt’ and again key 1 to encrypt.
Key length of 112 bits
22
Q
3TDES
A
Strongest form, three triple des
168 bits in key length
23
Q
IDEA Encryption/Cipher Type
A
International Data Encryption Algorithm.
Symmetric Block Cipher
24
Q
IDEA Key Size
A
128
25
IDEA block size
64 bit
26
IDEA - good or bad?
Held up to cryptanalysis
27
IDEA - drawback
Patent encumbrance and slow speed
28
AES
Advanced Encryption Standard
29
AES Key Size
128 bit with 10 rounds of encryption
192 bit with 12 rounds of encryption
256 bit with 14 rounds of encryption
30
AES Block size
128 bit
31
AES Functions
Subbytes
ShiftRows
MixColumns
AddRoundKey
32
AES data State
4 Rows of 4, 16 byte blocks
33
AES SubBytes
Uses substitution to add confusion
34
AES ShiftRows
Shifts the rows to add confusion
35
AES MixColumns
Provides diffusion by mixing the columns fo the state via finite field mathematics.
36
AES AddRoundKey
Final function
| XORs the state with the subkey
37
Blowfish cipher type
symmetric
38
Blowfish Key size and block
default 128. variable 32 through 448
| 64 bit blocks
39
Twofish
128 bit blocks
| 128-256 bit keys
40
RC5 and RC6 designed by
RSA LAbs
41
RC5 block size
32, 64, 128
42
RC5 key size
0 -2040 bits
43
RC6
Based on RC5
| 128 bit blocks
44
RC6 key size
128, 192, 256
45
Asymmetric Encryption Pros
Solves issues around preshared keys
46
Asymmetric key how many
two. Public/private key pair
47
Asymmetric one-way functions
easy to compute one way. VERY difficult to reverse
48
Asymmetric, factoring prime numbers
Relies on strength of composite number. Example: 6269 x 7883 = 49418527.
To crack, you must factor 49418527 to find which two prime numbers are factors.
49
Discrete logarithm
Basis of the Diffie-hellman and ElGamal asymmetric algs
50
Diffie-Hellman Key agreement protocol
Allows two parties to securely agree on a symmetric key via a public channel
51
Diffie-hellman
Type of key exchange that is secure. If an attacker sniffs the whole conversation, they still can't obtain the key.
52
Elliptic Curve Cryptography
Type of encryption.
Uses One way function that uses discrete logaratinms
Stronger than discrete logarithms
Uses less computational power
53
Asymmetric and Symmetric tradeoffs
Asymmetric - slower, weaker on equal sized keys. Pro no need for preshared key
Both types are often used together
Symmetric - faster, weak due to pre-shared keys.
54
Hash Functions
Encryption using algorithm and NO KEY
One Way. Because impossible to reverse
Variable length plaintext is hashed into a fixed length hash
55
Collisions
This is what happens if two separate, and non-identical inputs to a hash algorithm result in identical hashes.
56
MD5
Message Digest 5
128 bit hash value based on any input length. Prone to collisions
57
MD5 creator
Ronald Rivest
58
MD6
Message Digest 6
Newest version of the MD family of hashes - published in 2008
59
SHA - Secure Hash Alg
Series of Hash algs
60
SHA1
160 bit hash value
61
SHA3
announced as successor in 2015
62
HAVAL
Hash of variable length. Uses design principles of MD family
63
HAVAL Hash lengths
128, 160, 192, 224, 256
64
HAVAL number of rounds
3, 4, 5
65
Crypto attacks
used by cryptanalysts to recover plaintext
66
Brute force
trying every possible combination. Will work eventually
67
Known Plaintext
If I know an input and output. I can potentially guess a key.
68
Chosen Plaintext and adaptive chosen plaintext
analyst chooses plaintext to be encrypted.
Analyst then changes further rounds of encryption based on previous round
69
Chosen Ciphertext adaptive chosen cipher text
Mirror version of chosen plaintext/adaptive plaintext
70
meet in the middle attack
Read up on this.
71
Known Key
Analyst knows something about the key, and can use that to reduce efforts used to attack it.
72
Differential Cryptanalysis
Seeks to find the difference between related plaintexts that are encrypted. Uses stat analysis to search for signs of non-randomness.
73
Linear Cryptanalysys
when you have a lot of plaintext and ciphertext - pairs are studied to find information about the key.
74
Side Channel Attacks
USe physical data to break cryptosystem. Monitoring CPU cycles or power consumption used while encrypting/decrypting.
75
Birthday Attack
Create hash collisions and break the key
76
Key clustering
two different symmetric keys on same plaintext produce same ciphertext
77
Digital signatures
Method of authentication and non-repudiation.
Process:
1. Sender hashes their message, and appends hash to email
2. Sender then encrypts entire email using their private key.
3. Receiver decrypts message using public key (they now know the sender is authentic - only the sender could have encrypted).
4. Receiver then hashes the message on their own - if the hash is the same as appended to the email they know that integrity has been preserved.
78
HMAC
READ UP ON
79
PKI Public Key Infrastructure
leverages all three forms of encryption. Digital certs.
80
Cert Authorities
Digitals certs are signed by CAs
They authenticate identity of orgs before issuing a certs
May be private, or public
81
Cert Revocation lists
Lists revoked certs. Maintained by CAs
82
IPSec
Suite of protocols to provide cryptographic IPV4 and v6. Used to build VPNs
83
IPSec primary protocols
AH - Authentication Header
| ESP - Encapsulating Security Payload
84
IPSec Supporting protocols
ISAKMP, and IKE
85
ISAKMP
internet security assoc and key mgmt protocol
86
IKE
Internet key exchange
87
AH
Authentication header provides authentication and integrity for each packet of net data.
NO CONFIDENTIALITY
88
ESP
provides confidentiality by encrpyting packet data
89
IPSec Security Association (ISAKMP)
one way/simplex connection used to negotiate ESP or AH Parameters. Each ESP and AH session results in a Security Associatin (so, up to 4 SAs may be in each two-way VPN)
ISAKMP is the protocol that manages SA creation.
90
SA Identification index
Identifies the SA. 32 bits
91
ESP Tunnel mode
Encrypts everything
92
ESP Transport mode
only encrypts data, not IP headers. May use AH to authenticate the un-encrypted headers.
93
IKE vs ISAKMP
IKE - Encryption algorithm negotiation protocol. Allows both sided so select and agree upon the best encryption that both sides support.
ISAKMP - Manages Security Associations.
94
IKE
Another way to manage key exchanges. Both sides will use IKE to negotiate fastes and highes sec level.
95
SSL and TLS
TSL succeeds SSL. Commonly used for HTTPS. Encrypted out of the gate. Uses Asymmetric encryption to exchange a key, for a subsequent symmetric session.
96
PGP
pretty good privacy.
97
PGP year
1991
98
PGP
uses web-of-trust instead of cert authority.
99
S/MIME
Email encryption and authentication
100
Escrowed Encryption
splits private key into two or more parts. Will only release their part of the key on a court order.
101
Clipper Chip
Name of tech used in the Escrowed Encryption Standard. Allows backdoor to govt while encrypting voice.
102
Steganography
Science of hidden communication. Hiding information into other media.
103
Digital watermaks
encode data in a file. Watermark is probably hidden
104
Mantrap
Two doors requireing separate authentication to open
105
Bollard
Post designed to stop a car
106
Smart card
physical access card containing integrated circuit
107
tailgating
following an auth person into building w/o providing creds
108
Perimeter defenses
fence doors, walls, locks
109
Class 1 gate
residential
110
class 2 gate
Commercial, general access
111
Class 3 gate
industrial limited access - loading dock for 18 wheeler
112
Class 4 gate
restricted access. Prison or airport
113
Lights
detective and/or deterrant
114
vigenere cipher
- Vigenère cipher
o Polyalphabetic
o Repeated 26 times to form a matrix
115
Jefferson disks
o Tommy J
| o 36 wooden disks
116
Caesar cipher
- Caesar cipher
o Monoalphabetic
o Simple substitution
o Rotated 3 times
117
book cipher and running key cipher
- Book cipher and running key cipher
| o Use well known texts as the basis for keys
118
Codebooks
assign codeword for important people/locations/terms
119
one time pad
```
o one time pad
uses identical paird pads
one page is used to encrypte
same page to decrypt
pages are then discarded, never reused
only one mathematically proven to be secure
```
120
vernam cipher
o First known one time pad
o Named after gilbert vernam
o Used bits before computer
o One-time pad bits were also XORed to the plaintext bits
121
project VERONA
o Broke KGB encryption in 1940s
o KGB used one time pads
o KGB violated one of the three rules though
o Reused pads.
122
Hebern Machines and PURPLE
o Class of cryptographic devices
o Large manual typewriter looking devices electrified with rotors
o Used through WWII
123
ENIGMA
doi
124
SIGABA
o Rotor machine used by US through 1950s
o More complex and covered weaknesses of the Enigma
o Large complex and heavy
o Never known to be broken
125
PURPLE
japanese version of enigma
126
COCOM
o Coordinating comeittee for multilateral export controls
| Designed to control export of critical technologies to iron curtain countries
127
Wassenaar arrangement
o After COCOM ended
o Created in 1996
o Many iron curtain countries included
o Relaxed restriction on exporting cryptography.
128
DEA
Data Encryption Algorithm described by DES (Data Encryption Standard)
129
PKI standard
X.509
130
CAs and ORAs
Certificate Authority (Issues Certs)
Organizational Registration Authority (authenticates client certs)
131
OCSP
Online Certificate Status Protocol - Replacement for CRL (Cert Revocation Lists). Scales beeter than CRL
132
CRL
Certificate Revocation Lists
133
PGP encryption type
Symmetric
