CISSP Prep - Pt 1: Cryptography

CISSP Prep-Part 1 (Cryptography)

(Of how many parts is unknown right now.)

Cryptography — Part 1: Cryptographic Concepts

[Writers Note: This is taken from the slides for CISSP-Certified Information Systems Security Professional course on Udemy. Italicized text and images are content I have added. The rest can be found on the course slides.]

• Cryptology: The science that studies encrypted communications and data.
• Plaintext: A message in its original format. Also referred to cleartext.
• Ciphertext: An altered form of a message that is unreadable without knowing the key and the encryption system used. Also referred to as a cryptogram. 
• Key: A parameter that controls transformation of plaintext into ciphertext or vice versa. Keys can both public and private
• Keyspace: All the possible key values when using a particular algorithm or other security measures. 
• Cryptosystem: The components that make encryption possible, including the algorithm, key, and key management functions.
• Encryption: The process of converting data from plaintext to ciphertext
• Decryption: The process of converting data from ciphertext to plaintext
• Algorithm: A mathematical function that encrypts and decrypts data. Also referred to as a cipher.
• Encoding: The process of changing data in another form using code
• Decoding: The process of changing an encoded message back into its original format. 
• Transposition: The process of shuffling or reordering the plaintext to hide the original message. 
• Asynchronous: When encryption or decryption requests are processed from a queue.
• They are mathematically related in such a way that one key will encrypt and then the other key can decrypt
• Symmetric: An encryption method whereby a single private key encrypts and decrypts the data. Same key is used
• Asymmetric: An encryption method whereby a key pair, one private key and one public key performs encryption and decryption.
• Hash: A one-way function that reduces the message to a hash value. A comparison of the sender’s hash value to the receiver’s hash value determines message integrity. 
• Digital signature: A method of providing the sender with authentication and message integrity. The message acts as an input to a hash function, and the sender’s private key encrypts the hash value. A hash computation on the received message determines the validity of the message. 
• Digital certificate: An electronic document that identifies the certificate holder. 

Cryptographic Problems

• Key clustering: Occurs when different encryption keys generate the same ciphertext from the same plaintext message.
• Collision: An event that occurs when a hash function produces the same hash value on different messages. 

(Man, what a day. Yet, here I am punching this out. #Goals.)

(Soundtrack for this post Don’t Stop Me Now by Queen)

• Substitution: The process of exchanging 1 byte in a message for another.
• Confusion: The process of changing a key value during each round of encryption
• Diffusion: The process of changing the location of the plaintext within the ciphertext. Often carries out using transposition.
• Avalanche Effect: The condition in which any change in the key or plaintext, no matter how minor, will significantly change the ciphertext. 
• Work factor: The amount of time and resources that would be needed to break the encryption. 
• One-Way Function: A mathematical function that can be more easily performed in one direction than in the other. 
• Trapdoor: A secret mechanism that allows the implementation of the reverse function in a one-way function

(Whoo!! One slide down! Thank you Freddy!)

Cryptographic Life Cycle Involves

• Implementation — Putting the algorithm in place and teaching the users to use it.
• Maintenance — Managing the renewal of keys.
• Retirement or replacement — Selecting a different encryption algorithm.

Cryptographic History

Earliest forms were some sort of substitution cipher — each character in the alphabet was replaced with another.

• Mono-alphabetic: Substitution cipher using one alphabet.
• Polyalphabetic: Substitution cipher using multiple alphabets
• Scytale Cipher: Created by the Spartans it used a sheet of papyrus wrapped around a wooden rod. To decrypt the message had to be wrapped around a rod of the correct size.
• Kerchoff’s Principles:
• The key is secret. The algorithm (The system) is know. 
• Practically, if not mathematically, indecipherable. 
• It must not be required to be secret in case the message is intercepted by an attacker.
• Keys must be communicable and retainable without the help of written notes. 
• The system must be changeable and modifiable at the will of the correspondents. 
• Must be applicable to telegraphic correspondence. 
• Must be portable, and its usage and function must not require the concourse of several people. 
• System needs to be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe
• Enigma Machine
• Used during World War II by the Nazi’s. It was made of rotors and a plug board
• To encrypt the machine operator would configure the initial settings. Type out the plaintext message. The machine would generate a different letter. The initial machine setting and increments of the rotor had to be know by the cipher. 
• Lucifer Algorithm
• Developed by IBM for NSA and the US Data Encryption Standard (DES) using complex mathematical equations. 
• Started with the Feistel cipher which is an iterated block cipher that encrypts the plaintext by breaking the block into tow halves.
• Then a round transformation is applied to one of the halve using a subkey
• The output is XORed with the other half of the Feistel block
• Then the two halves are swapped to complete the round. 

• Cryptosystem Features

  Consists of software, protocols, algorithm, and keys. Strength comes from the algorithm and the length and secrecy of the key.
  Provides 
  • Authentication using digital signatures to determine the sender's identity and validity. 
  • Confidentiality through encryption
  • Integrity with hash functions that are sent along with the data
  • Using the hash functions on the receiving end the receiver can verify whether anything has changed in the data. 
  • The has does not prevent data alteration, but it provides a means to determine it has occurred. 
  • Authorizations by providing a key to a valid use that will allow the use to access a resource. 
  • Non-repudiation prevents the send form denying that they sent the message.
  • Public key cryptography and digital signatures provide non-repudiation.
  (Completely reorganized this from four slides to one.)
  
  
  Encryption Systems
  
  
  • Running Key Cipher: Uses a physical component, usually a book (A book?), to provide the polyaphabetic characters. Also referred to as key cipher
  • Indicator block identifies location in the book the originator started. 
  • Parties must agree upon which book to use and where the indicator block will be included in the cipher message

  

  • Concealment Cipher: Plaintext is interspersed somewhere within other written material. Belongs in the stenography realm. 
  • Parties must agree on the key value, which defines which letters are part of the actual message.
  • Substitution Cipher: Uses the key to substitute characters or character blocks with different characters or characters blocks. 

  

  • Examples include:
  • Caesar Cipher — Mono-alphabetic cipher the shifts the letters of the alphabet three places.
  • Vigenere Cipher — Uses 27 shift alphabets with letters being shifted up one place.
  • The shifting is referred to as a Vigenere table.
  • To encrypt a message, you must know the security key.
  • The security key is then used with the plaintext message to determine the cipher text.
  • Modulo 26 — Letters of the alphabet are numbered in order starting at zero
  • Sender takes the original message and determines the number of each letter in the original message. 
  • Then the letter values for the keys are added to the original letter values. 
  • The value results is then converted back to text.
  • Transposition Ciphers: Scrambles the letters of the original message in a different order. 
  • The key determines the positions to which the letter are moved.

  

  • Symmetric Algorithms: Use a private or secret key that must remain secret between the two parties. Each party pair requires a separate private key.

  

  
  

  • To calculate the number of keys needed, you would use the following formula :
  •  # of users * (# of users -1)/2
  • 250 users * (250 user -1)/2 = 31,125 keys
  • Encryption key must remain secure. 
  • A secure out-of-band method for communicating the secret key must be used including courier or direct physical contact between the users. 
  • Session key encrypts messages between two users during one communication session. 
  • Also referred to as single-key, secret-key, private-key or shared-key cryptography
  • Provide confidentiality but not authentication or non-repudiation
  • Includes DES, AES, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6, and CAST.
  • Stream-Based Symmetric Algorithms: Perform encryption on a bit-by-bit basis and uses keystream generators that create a bit stream that is XORed with the plaintext bits. The result of this XOR operation is the ciphertext.
  • Example RC4
  • Advantages of stream-based ciphers include the following: 
  • Have lower error propagation because encryption occurs on each bit. 
  • Used more in hardware implementation.
  • Use the same key for encryption and decryption.
  • Cheaper to implement than block ciphers.
  • Employ only confusions.
  • Block Symmetric Algorithms: Perform encryption by breaking the message into fixed-length units. 

  

  • Examples: IDEA, Blowfish, RC5, and RC6
  • Advantages: 
  • - Implementation is easier than stream-based.
  • - Less susceptible to security issues.
  • - Used more in software implementations
  • Employ both confusion and diffusion
  • Often use different modes — ECB, CBC, CFB, and CTR
  • Initialization vectors (IV) are used by the modes to ensure that patters are not produced during encryption by using random values with the algorithms. 
  • Asymmetric Algorithms: User both a public key and private or secret key.

  

  • Public key is know by all parties, and the private key is know only by its owner
  • One key encrypts the message and the other decrypts the message. 
  • Deriving the private key from the public key is virtually impossible even though the keys are mathematically related.
  • Provide confidentiality, integrity, authentication, and non-repudiation.
  • For confidentiality message should be encrypted with the receiver’s public key, which is referred to as secure message format.
  • For authentication, a message should be encrypted with the sender’s private key, which is referred to as open message format. 
  • Includes Diffie-Hellman, RSA, El Gamal, ECC, Knapsack, DSA, and Zero Knowledge Proof. 
  • Hybrid Cipher: Uses both types of algorithms. Provides confidentiality, authentication, and non-repudiation.
  • Process:
  1. Symmetric algorithm provides the keys used for encryption.
  2. Symmetric keys are then passed to the asymmetric algorithm, which encrypts the symmetric keys and automatically distributes them.
  3. Message is then encrypted with the symmetric key.
  4. Message and the key are send to the receiver.
  5. Receiver decrypts the symmetric key and uses the symmetric key to decrypt the message. 
  • Use hybrid encryption if the parties do not have a shared secret key and large quantities of sensitive data must be transmitted. 

"Something Is About To Give..."

The moment was somewhere on a darkened interstate at the start of a road trip to DC. It was either really late or really early depending on your perspective of such things. Regardless of this opinion it was dark. The only light was the ambient blue glow from the dashboard as my travel buddy was sleeping soundly while we hurtle down the payment. During this moment stuck in between time and locations, U2's "Kite" came up as one of the tracks from a long forgotten playlist.

The revolving door quality of the lyrics struck my mind again and it has become the earworm of the moment. Singing along in the car it felt like I was serenading people from my past, then the present, and also the future. People I have known will get to know in years to come. Those lost to me and those who I will leave eventually whether or I want to or not.

Carp! by Bernardo

Digging through business cards I have picked up over the past year I came across one from artist Bernardo Corman. You can find a gallery of his work here.

The ones that caught my eye when I spied his stuff at the Hoboken Arts Festival are below:

My Burp Just Farted

I swear this is something I have said at some point in time.

My hidden 2 year old must have sneaked out.

Source: http://spaghetti-toes.tumblr.com/
Martin Bruckner's excellent designs of what is said around a house that is controlled by a 2 year old.

More of his designs can be found here: https://www.behance.net/Creatureland-studio

My favorite :

It would probably be best to bookmark this, (Does anyone bookmark pages anymore?) 

http://playingonair.org/

The content was coming fast and furious in January with one a day. With the last podcast over a month ago you wonder if maybe there just is not enough content to keep up.

Saving this for future reference.

SNOW A story in progress, weather permitting

Edward Snowden with NBC Brian Williams