Shared Flashcard Set

Details

Cryptography
Quick learn on Crytopgraphy to help you study for the CISSP exam
53
Computer Networking
Professional
03/09/2010

Additional Computer Networking Flashcards

 


 

Cards

Term
IPSEC
Definition

·         is a framework for a set of protocols for security at the network or packet processing layer of network communication.

·        provides security services at the IP layer

·        determine the algorithm(s) to use for the service(s), and

·        put in place any cryptographic keys required to provide the requested services.

·         used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host

Term

ESP: (Encapsulating Security Protocol)

Definition

·        used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service

·         applied alone, in combination with the IP Authentication Header (AH)

·        and may be employed in two ways: transport mode or tunnel mode

o   transport (not tunnel) mode, ESP is inserted after the IP header and before an upper layer protocol

o   tunnel mode, the 'inner' IP header carries the ultimate source and destination addresses, while an 'outer' IP header may contain distinct IP addresses, e.g., addresses of security gateways.  ESP protects the entire inner IP packet, including the entire inner IP header.

·        ESP is compatible with NAT and PAT, as its authentication and encryption do not incorporate the IP header being modified by NAT.

Term
Key clustering
Definition

occurs when two different keys produce equivalent ciphertext from the same plaintext.

Term
Key schedule
Definition

describes the algorithm for computing the subkeys for each round in a product cipher from the encryption (or decryption) key.

Term
The Security Parameter Index (SPI)
Definition

o   is a 32-bit number that is chosen to uniquely identify a particular SA for any connected device and is placed in AH or ESP datagrams

o    links each secure datagram to the security association.

o   The sending host uses it to identify and select which SA to use to secure every packet. The receiving host uses it to identify and select the encryption algorithm and key used to decrypt packets.

Term
Asymmetric key cryptography
Definition

o   KNOWN as public key cryptography

o   Uses a class of algorithms in which the sender has a private key and the receiver has the sender's public key.

o   The public and private keys are generated at the same time, and data encrypted with one key can be decrypted with the other.

o   Data encrypted with the public key can be decrypted with the private key and

o   Data encrypted with the private key can be decrypted with the public key.

o   Data encrypted with the sender's public key CANNOT be decrypted with the receiver's private key. 

o   Asymmetric algorithms are relatively slow, and are NOT suited for encrypting large messages.

Term

Symmetric key Cryptography (ciphers)

Definition

Which type of algorithm has the following charateristics:

 

Known as a Secret Key Cryptography

A class of algorithms in which the sender and receiver share a secret key.Primarily used to achieve confidentiality, but can provide authentication, integrity, and very limited non-repudiation.

 

Requires that the sender and receiver share a secret key, the first shared key must usually be established through "out-of-band" mechanisms in order to prevent the compromise of the key.

Term
chosen plaintext attack
Definition
attack model that presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.
Term
chosen ciphertext attack
Definition

- attack model in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specifically, portions of ciphertext are selected for decryption using trial keys, and compared with corresponding decrypted plaintext.

Term
birthday attack
Definition

o   used to find collisions of hash functions. A "collision attack" allows an attacker to find two messages M1 and M2 that have the same hash value in fewer than 2^(L/2) attempts. 

For example:  if an attacker can create a malicious program that results in the same hash value as an innocuous program, the attacker can then substitute the innocuous program with a malicious program.

Term
frequency analysis
Definition

o   study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers.

Term
steganalysis
Definition
identifying messages that have been hidden
Term
differential cryptanalysis
Definition

study of how differences in an input can affect the resultant difference at the output.

 

For Example:  it is a chosen-plaintext/chosen-ciphertext cryptanalytic attack, where pairs of plaintexts are selected and the difference between the corresponding ciphertext are reviewed and analyzed.

 

 

Term
DES has four modes of operations
Definition

ECB

CFB

CBC

OFB

Term
ECB
Definition
With respect to DES, which mode is each plaintext block is encrypted independently with the block cipher?
Term

CFB

CIPHER FEEDBACK BLOCK

Definition

With respect to DES, in which mode is the previous cipher text block is encrypted and the resulting output combined with the plaintext block XOR to produce the current cipher text block.

Term
CBC
Definition
each plaintext block is XORed with the previous cipher text block and then encrypted.
Term
OFB
Definition

o   similar to CFB mode except that the quantity XORed with each plaintext block is generated independently of both the plaintext and cipher text.

Term

Diffie-Hellman (aka exponential key agreement)

Definition
  • is a key agreement algorithm used by two parties to agree on a shared secret.
  • An algorithm for converting the shared secret into an arbitrary amount of keying material is provided. The resulting keying material is used as a symmetric encryption key.
  •  requires that both the sender and recipient of a message have key pairs. By combining one's private key and the other party's public key, both parties can compute the same shared secret number. This number can then be converted into cryptographic keying material.
  • The shared secret is NOT sent over the network.
  • The protocol depends on the discrete logarithm problem for its security.
  • is vulnerable to a man-in-the-middle attack since it does NOT authenticate the participants of the communication.
Term

Discrete Logarithm – Encryption Algorithms

Definition

·        El Gama

·        Diffie Hellman

·        Elliptic Curve

Term

Perfect Hash

Definition

·        should be a one-way function.

o   A one-way function is a mathematical function that is significantly easier to compute in one direction (the forward direction) than in the opposite direction (the inverse direction).

·        any two different messages of any size should have an exceedingly small probability of having the same hash value.

·        finding a pair of messages M1 and M2 that have the same hash value should take 2^(L/2) attempts, where L is the length of the hash value.

  •  by itself, does NOT provide non-repudiation, i.e. protection against false denial of involvement in a communication.
  • it's computationally infeasible to derive the original message from its hash
  • resists birthday attacks
Term

TLS protocol

Definition
  • Based on the SSL 3.0 Protocol Specification as published by Netscape.
  • Does NOT interoperate with SSL 
  •  Composed of two layers            
  • TLS Record Protocol and the TLS Handshake Protocol

Provides:  authentication, confidentiality, integrity and interoperability

Term
TLS Record Protocol
Definition
  • Is used for encapsulation of various higher level protocols
  • The connection is private. Symmetric cryptography is used for data encryption (e.g., DES, RC4, etc.)
  • The connection is reliable. Message transport includes a message integrity check using a keyed MAC.
  • Provides symmetric cryptography is used for data encryption (e.g., DES, RC4, etc.)
  •  
Term
TLS Handshake Protocol
Definition

o   The peer's identity can be authenticated using asymmetric cryptography

o   The negotiation of a shared secret is secure

o   An attacker cannot modify the communication without being detected

Term

Block cipher

Definition

·        Is a symmetric key cipher and operates on a fixed length block of plain text and transforms it into a fixed length block of ciphertext. .

·        Certain modes of operation of a block cipher transform it into a keystream generator and so any block cipher can be used as a stream cipher.  Examples are DES in CFB or OFB modes.

·        On the other hand, a stream cipher operates on individual digits one at a time, and the transformation varies during the encryption.

Term

Confusion

Definition

o   Substitution has been identified as a mechanism for primarily confusion

o   The goal is to conceal the statistical connection between the plaintext and ciphertext.

o   Refers to making the relationship between the key and the ciphertext as complex and involved as possible.

Term

MD5 HASH

Definition

o   algorithm is designed to be quite fast on 32-bit machines

o   algorithm does not require any large substitution tables

o   provides a 128-bit value

o   provides for data integrity

Term
Running Key Cipher
Definition
The key is repeated (or runs) for the same length as the plaintext input. 
Term
Cryptography
Definition
A mathematical manipulation of information that prevents the information from being disclosed or altered. 
Term
Cryptanalysis
Definition
The practice of defeating the protective properties of cryptography.  For example: reading protected information, altering messages or integrity values and violating authentication schemes.
Term
Cryptology
Definition
the study of cryptography and cryptanalysis
Term
Plaintext/Cleartext
Definition
the natural or human readable form of a message
Term
Ciphertext/Cryptogram
Definition
The enciphered, encrypted or scrambled form of a message
Term
Cryptographic Algorithm
Definition
The mathematical function that determines the cryptographic operations
Term
Cryptosystem
Definition
The device or process used to perform encryption and decryption
Term
Cryptovariable (Key)
Definition
The (secret) value used in the transformation of the message in a cryptographic operation that controls the operation of the algorithm in a unique, predictable manner.
Term
Key Space
Definition
The total number of keys available to the user of a cryptosystem
Term
Work Factor
Definition
An estimate of the time/effort needed to overcome a protective measure by an attacker with specified expertise and resources.
Term
Synchronous Cryptosystem or Stream Cipher
Definition

An algorithm in which the keystream is generated bit by bit, in sync with the arrival of the plaintext. 

 

For Example:  Since the keystream arrives at the same time as the plaintext, the two must be independent.

Term
Asynchronous Cryptosystem or non-synchronous stream cipher
Definition

Is an algorithm in which the keystream is generated based upon the previously received plaintext and the cryptovarible, or key. 

 

For example:  Since the keystream must be computed after the arrival of the plaintext, the output of the ciphertext is asynchronous with the arrival of the plaintext. 

Term
Substitution
Definition
an action replacing one letter or value for another.  It creates confusion. 
Term
Transposition
Definition

Changing the order of the input data so that letters appear in a different order in the output ciphertext - this is also called permutation

 

This also causes diffusion. 

Term
AES
Definition
  • It's a block cipher based on Rijindael Block Cipher algorithm
  • Has a fixed block size of 128, and a key size of 128, 192, 256
Term
Digitally Signed Message
Definition

Steps in sending a message digest: 

  1. The sender must apply a hash function to the message to create a message digest
  2. The message digest must be encrypted with a private key
  3. The receiver must apply the same hash function to the message to verify the sender. 

What type of process/encryption is this called?

Term
Monoalphabetic Cipher
Definition
The Caesar cipher is described as a?
Term
ONE TIME PAD
Definition
  • Can only be used once
  • If the data is not truly random, the security is comprised
  • relies on physical security
  • unbreakable by exhaustive search

 

Term

 Symmetric Disadvantages/Issues:

o   impersonation of users upon compromise of secret key

o   key management issues when communicating with large network of users

o   secure distribution of shared secret

Definition

Symmetrical Cryptography has the following disadvantages?

Term
The work factor for 2DES is equivalent to single DES
Definition
Which is true regarding the DES, 2DES and 3DES?
Term
MEET-IN-THE-MIDDLE
Definition
Works by encrypting from one end and decrypting from the other end?
Term
RIJINDAEL CIPHER
Definition

Which cipher has the following charateristics:

 

  • Employs a round transformation that consists of 3 layers of transformations
  • Has a block length and key length can be specified to 128,192 and 256 bits
  • Is an iterated cipher with a variable key length
  • Is a block cipher
Term
AUTHENTICATION HEADER
Definition
Which protocol provides authentication and integrity for IPSEC and also non-repudiation?
Term
PKI
Definition

All of the following are components :

 

CA - Certificate Authority - confirms identifies of parties sending and receiving electronic communications. similar to a notary

 

RA - Registration Authority - an entity that is trusted by the CA to register / vouch for the identify of users to a CA

 

CRL - certificate revocation lists - lists of certificates that have been revoked

 

X.509 public key certificate - standard / format for defining digital certificates

Term
MD5
Definition
  • is designed to be quite fast on 32-bit machines
  • does not require any large substitution tables
  • provides a 128-bit value
  • provides for data integrity
Supporting users have an ad free experience!