Algorithm
mathematical process or series of structured steps for performing some function
Unencrypted Information
Information in understandable form. (aka plaintext, cleartext)
Encrypted Information
Information in scrambled form. (aka ciphertext)
Asymmetric Key Cryptography
type of cryptography that uses cipher with two separate keys, one for encryption and decryption
Checksum /Hash
the output of a one way algorithm
Cipher
algorithm to encrypt or decrypt information
Two ways to break a cipher:
1. Analyzing the ciphertext to find the plaintext or key
2. Analyzing the ciphertext and its associated plaintext to find the key
Ciphertext-only attack (COA)
The crytanalyst has access only to a segment of encrypted data, and has no choice as to what that data may be.
Known-plalintext attack (KPA)
The cryptanalyst possesses certain pieces of information before and after encryption.
Chosen-plaintext attack
The cryptanalyst can encrypt any information and observe the output.
Chosen-ciphertext attack
Cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system
Objectives of cryptanalysis:
1. Derive the plaintext of a target message
2. Determine the key used to encrypt a target message
3. Derive the algorithm used by a particular cipher
4. Solve the general mathematical problem underlying the cryptography
Cryptography's satisfies these requirements:
Confidentiality
Integrity
Authentication
Nonrepudiation
Confidentiality
Keeps information secret from all but authorized people
Authentication
Confirms the identity of an entity
Integrity
Ensures no one, even the sender, changes information after transmitting it.
Nonrepudiation
prevents a party from denying a previous statement or action
One-way algorithms
Encryption algorithms that have no decryption algorithms
Hash
The output of a one-way algorithm
Decryption
act of unscrambling ciphertext into plaintext
Digital Signature
Bind the identity of an entity to a particular messsage or piece of information. Ensure the integrity of a message and verify who wrote it.
Digitized Signature
Electronic images of handwritten signatures
Key
secret value of a cipher uses to encrypt or decrypt information
Key directory
trusted repository of all public keys
Key distribution
process of issuing keys to valid users of a cryptosystem so they can communicate
Three forms of key distribution:
1. Paper (no technology)
2. Digital media (cds or email)
3. Hardware (smartcard, plug-in modules)
Key revocation
situation in which someone is no longer trusted or allowed to use a cryptosystem
Key-encrypting key
an encryption key used to encrypt other keys before transmitting them
Keyspace
set of all possible encryption keys
One-way algorithm
an encryption algorithm that has no corresponding decryption algorithm
Plaintext
encrypted information
Private symmetric key
encryption cipher that uses the same key to encrypt and decrypt
Public asymmetric key
encryption cipher that uses different keys to encrypt and decrypt
Public Key cryptography
system that allows correspondents to communicate only over a public channel using publicity known techniques
Four key properties of asymmetric key ciphers:
1. Two associated algorithms exist that are inverses of each other
2. Each of these two algorithms is easy to compute
3. It is computationally infeasible to derive the second algorithm if you know the first algorithm
4. Given some random input, you can ge
Public key infrastructure(PKI)
set of hardware, software, people, policies, procedures needed to create, manage, distribute , use, store, and revoke digital certificates
Salt Value
random characters that you can combine with an actual input key to create the encryption key
Transposition cipher
Encryption cipher that rearranges characters or bits of data. Writes characters into rows in a matrix, then reads the columns as output.
Substitution cipher
encryption cipher that replaces bits, characters, or blocks of information with other bits, characters, or blocks
Revocation
stopping authorization for access to data
Keyword Mixed alphabet cipher
encryption cipher that uses a cipher alphabet that consists of a keyword
Vigenere Cipher
encryption cipher that uses multiple encryption schemes in succession
Simple subsititution cipher
encryption cipher that uniquely maps any letter to any other letter
Product cipher
encryption cipher that is a combination of multiple ciphers
One-time pad cipher/ Vernam Cipher
only unbreakable cryptography cipher
Differential Cryptanalysis
looking for patterns in vast amounts of ciphertext
Caesar Cipher
one of the simplest substitution ciphers
SSL Handshake
created the first secure communications sessions between a client and server
Certificate Authority (CA)
trusted entity that stores and distributes certified digital certificates
Symmetric key cryptography
type of cryptography that cannot secure correspondence until after the two parties exchange keys
Timestamping
providing an exact time when a producer creates or sends information
Data Encryption Standard (DES)
encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation
Triple DES
A protocol that consists of three passes of DES (encrypt, decrypt, encrypt) using multiple keys. It increases the keyspace. It is computationally secure.
International Data Encryption Algorithm (IDEA)
Like DES, this block cipher operates on 64-bit blocks. It uses a 128-bit key and runs somewhat faster than DES on hardware and software.
CAST
The CAST algorithm is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public.
Blowfish
It is a strong algorithm that is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA
Advanced Encryption Standard (AES)
Aka Rijndael; AES is a block cipher that can operate on variable block lengths. It's both strong and fast.
RC2
A variable key-size block cipher designed by Ronald Rivest. It operates as a drop-in replacement for DES, and operates on 64-bit blocks
RC4
It's a variable key-size stream cipher with byte-oriencted operations; Produced by RSA Security
IPSec
Protects Internet Protocol (IP) packets from disclosure or change. The protocol provides privacy and integrity
Internet Security Association and Key Management Protocal (ISAKMP)
A key-management strategy that is a set of procedures for authenticating a communicating peer, creating and managing security associations, key-generations techniques, and threat mitigations (denial or service and replay attacks)
Security Association (SA)
Contains all the information needed to do a variety of network security services; Basic element of ISAKMP key management
Extensible markup language Key Management Specification (XKMS)
Gives protocols for distributing and registering public keys for use with SML
Extensible Markup Language (XML)
A markup language for documents containing structured information. It provides syntax that supports sharing complex structured documents over the Web