Principle of Information Security Chapter 8

Cryptology

Is the science of encryption; combines cryptography and cryptanalysis. It has a long and multicultural history.

Cryptanalysis

Is the process of obtaining orginal message from encrypted message without knowing algorithms.

Encryption

converting orginial message into a form unreadable by unauthorized individuals. With emergence of technology the need for this in information technology environment is greatly increased. All popular Web browsers use this built-in feature for secure e-comm

Decryption

Is the process of converting the ciphertext message back into plaintext.

Bit Stream

Is when each plaintext bit is transformed into a cipher bit one bit at a time.

Plaintext

This can be encrypted through bit stream or block cipher method

Block Cipher

Is when the message is divided into blocks (e.g., sets of 8 or 16 bit blocks) and each is transformed into encrypted "Blank" of "Blank" bits using algorithm and key.

Encryption Key Size

The strength of many encryption applications and cyptosystems is measured by key size. The users have to decide on the size of the cryptovariable or key.

RSA Algorithm

This is the de facto standard for public-use encryption applications. It was the 1st public key encryption algorithm developed in 1977.

Time-Memory Tradeoff Attack or Rainbow Cracking

Is when the attackers gain access to a fiole of hashed passwords, they can use a combination of brute force and dictionary attacks to reveal user passwords.

Message Authentication Code (MAC)

A key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.

Message Digest

Is a fingerprint of the author's message that is compared with the recipient's locally calculated has of the same message.

Hash Algorithms

Are public functions that create a hash value, also known as a message digest, by converting variable-lengh messages into a single fixed-length value.

Work Factor

The amount of effor (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.

Plaintext or Cleartext

The original unencrypted message, or a message that as been successfully decrypted.

Link encryption

A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using

Substituion Cipher

Will substitue one value for another.

Monoalphabetic substitution

This uses only one alphabet.

Polyalphabetc substitution

This is more advanced and uses two or more alphabets.

Vigenere Cipher

Is an advanced cipher type that uses simple polyalphabetic code; made up of 26 distinct cipher alphabets.

Transposition Cipher or Permutation Cipher

It rearragnes values within a block to create ciphertext. It can be done at the bit level or at the byte level.

Exclusive OR (XOR)

Is a funtion of Boolean algebra; two bits are compared. (e.g., if two bits are identical, result is binary 0: if two bits are not identical, result is binary 1)

Vernam Cipher

This uses a set of characters once per encryption process. This was developed by AT&T.

Book or Running Key Cipher

This uses text in a book as the key to decrypt a message. Ciphertext contains codes representing page, line, and word numbers.

Hash Functions

This uses mathematical algorithms that generates a message summary/digest to confirm the message identity and to confirm that no content has been changed.

Cryptographic Algorithms

These are often grouped into two broad categories, Symmetrc and Asymmetrc algorithms which are distinguished by types of keys used for encryptions and decryptions operations.

Symmetric Encryption or Private Key Encryption

This uses the same "secret key" to encipher and decipher the message. This method can be extremely efficient, requiring minimal processing power. Both the sender and receiver must possess the endryption key. If either copy of the key is compromised, an in

Data Encryption Standard (DES)

This is one of the most popular Symmetric Encryption Cryptosystems. It uses a 64-bit block size and a 56-bit key. It was adopted by NIST in 1976 as a federal standard for encrypting non-classified information.

Triple DES (3DES)

This was created to provide security far beyond DES. This was an advanced application of DES, and while it did deliver on tis promise of encryption strength beyond DES, it too soon proved too weak to surive indefinitely.

Keyspace

The entire range of values that can be used to construct an individual key.

Key or Cryptovariable

The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext; it can be a series of bits used by a computer program, or it can be a passphrase used by humans that is then con

Encipher

To encrypt, encode, or convert, plaintext into the equivalent ciphertext.

Decipher

To decrypt, decode, or convert, ciphertext into the equivalent plaintext.

Code

The process of converting components (words or phrases) of an unencrypted message into encrypted components.

Ciphertext or Cryptogram

The encoded message resulting from encryption

Cipher or Cryptosystem

An encryption method or process encompassing the algorithm, key or cryptovariable, and procedures used to perform encryption and decryption.

Algorithm

The programmatic steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; sometimes refers to the programs that enable the cryptographic processes.

Man-in-the-Middle Attack

This was designed to intercept transmission of public key or insert known key structure in place of requested public key. Establishment of public keys with digial signatures can prevent these.

Attacks on Cryptosystems

Attempts to gain unauthorized access to secure communications have used brute force attacks (ciphertext attacks). The attacker may alternatively conduct known-plaintext attack or selected-plaintext attack schemes.

Internet Protocol Security (IPSec)

Is an open-source protocol framework for security development within the TCP\IP famil of protocols. It is designed to protect data integrity, user confidentiality, and authenticity at IP packet level. It combines serveral different cryptosystems: Diffie-H

Bluetooth

This can be exploited by anyone within approximately 30 foot range, unless suitable security controls are implemented.

Next Generation Wireless Protocols

This uses Robust Secure Networks (RSN), AES - Counter Mode Encapsulation, AES - Offset Codebook Encapsulation

Wi-Fi Protected Access (WPA & WPA2)

This was created to resolve isues with WEP.

Wired Equivalent Privacy (WEP)

Was an early attempt to provide security with the 802.11 network protocol.

Secure Electronic Transactions (SET)

Provides security for both Internet-based credit card transactions and credit card swipe systmes in retail stores. It uses DES to encrypt credit card information transfers. It was developed by MasterCard and VISA in 1197 to provide protection from electro

Pretty Good Privacy (PGP)

This uses IDEA Cipher for message encoding. It combines the best available cryptograhic algorithms to become open source de facto standard for encryption and authentication of e-mail and file storage. It is a hybrid cryptosystem designed in 1991 by Phil Z

Privacy Enhance Mail (PEM)

Is proposed as standard to function with public-key cryptosystmes; it uses 3DES symmetric key encryption.

Secure Mutipurpose Internet Mail Extensions (S/MIME)

This builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication.

Secure Hypertext Transfer Protocol (S-HTTP)

It provides for encryption of individual messages between client and server across the Internet. It allows encryption of information passing between computers through protected and scure virtual connection. It is the application of SSL over HTTP.

Secure Socket Layer (SSL) Protocol

This uses public key encryptions to secure channel over public Internet.

Steganography

Is the process of hiding information. The most popular version hides information within files appearing to contain digital pictures or other images. Some applications hide messages in .bmp, .wav, .mp3, and .au files, as well as in unused space on CDs and

Diffie-Hellman Key Exchange

Is the most common Hybrid Cryptography System that is used. It provided foundation for subsequent developments in the Public-Key Encryption.

Hybrid Cryptography System

Is when Asymmetric encryption is more often used with Symmetric key encryption. Except with Digital Certificates, pure asymmetric key encryption is not widely used.

Distinguished Name (DN)

This uniquely identifies a certificate entity.

Digital Certificates

This is an electronic document containing key value and identifying information about entity that controls key. A Digital signature is attached to this document container file to certify the file is from entity it claims to be from. It includes
MUST KNOW

Digital Signatures

Were created in response to the rising need to verify information transferred using electronic systems. Asymmetric encryption processes is used to create this.

Public-Key Infrastructure (PKI)

Is an intergrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely. It protects the transmission and reception of secure information by integrating the following:
MU

Cryptographic Tools

Have the avility to conceal the contents of sensitive messages. They verify the contents of the messages and the identities of thier senders. They can be applied to the everyday world of computing.

Cryptosystem Security

The encrypted data is not dependent on keeping encrypting algorithm secret. It depends on keeping some or all of the elements of cryptovariables or keys secret.

Asymmetric Encryption or Public-Key Encryption

This uses two different but related keys. Either a key can encrypt or decrypt a message; If key "A" encrypts a message, then only key "B" can decrypt it; the highes value when one key serves as a private key and the other serves and a public key. It uses

Advanced Encryption Standard (AES)

This was developed to replace both DES and 3DES. This implements a block cipher called the Rijndael Block Cipher with a varable block length and a key length of 128, 192, or 256 bits.

Algorithm

the programmic step used to convert an uncrypted message into an encrypted sequence of bits that represent the message

cipher or crytosystem

an encryption method or process encompassing the algorithm, ket, crytovariable, and procedures used to perform encryption and decryption.

decipher

to decrypt, decode, or convert ciphertext into equivalent plaintext

encipher

to encrpt, encode, or convert, plaintext into the equivalent ciphertext

message authentication code

a key dependent, one way hash function

trapdoor

secret mechanism that enables you to easily accomplish the reverese function in one way function

public key infrastructure(PKI)

is an intergrated system of software, encryption methololdogies, prototocls, legal agreements that enables the users to communicate securely

digital certificates

are public-key container files that allows computer programs to valiadate the key and identify to whom it belongs

certificate authority(CA)

issues,manages, authenticates, signs, and revokes user's digitial certificates

registration authority(RA)

which operates under the trusted collaboration if the certificate authority and can handle day-to-day certifications functions,

application header (AH)

protocol that provides system-to-system authentication and data integrity verification and data integrity verificatyion