EC Council CES Flash Cards

Atbash Cipher

Invented by the Hebrew. Single substitution monoalphabetic cipher that substitutes each letter with it's reverse (a and z, b and y, etc).

Caesar Cipher

Monoalphabetic cipher where letters are shifted one or more letters in either direction.

ROT 13

Monoalphabetic cipher that shifts characters 13 characters. Stands for Rotate 13. A would become N, B would become O, etc.

Scytale Cipher

Was a staff with papyrus or letter wrapped around it so edges would line up. There would be a stream of characters which would show you your message. When unwound it would be a random string of characters. Would need an identical size staff on other end for other individuals to decode message.

Multi-Alphabet Substitution Cipher

Doing something like +1, -2, +3 and shifting each character a different amount to the left or right. For example, doing +1, -2, +3 with dog would results in emj.

Cipher Disks

A disk you rotated to encrypt/decrypt. Created by Leon Alberti. Similar technologies were used in the Enigma machine. Considered the forefather of modern encryption.

Vigenere Cipher

Invented by Giovan Battista Bellaso in middle 1553. Vigenere created a stronger version of the cipher. Combining/Weaving Caesar cipher. Not cracked until late 1800s. It is a cipher square with A to Z across all the columns and rows. You then use a keyword to encrypt the message. For example, if the message is cat, and the keyword is horse, you would look up where c and h intersect on the table (which is j), then where a and o intersect (o) and t and r (k). Cat would then be encrypted as jok.

Playfair Cipher

Invented by Charles Wheatstone in mid 1800s. Lord Playfair pushed use of it. Uses a 5x5 table and a key word. Rest of the alphabet is placed on table in alphabetic order, skipping letters used in the keyword. You break up the message into two character chunks and return a single character value. If the letters appear on the same row of your table, replace them with the letters to the right. If it is on the same column, replace them with the letters below.

ADFGVX Cipher

Invented by Colonel Fritz Nebel in 1918. It is a 6x6 grid with ADFGVX at the top of each column and beginning of each row. The 26 letters and numbers 0-10 are placed randomly on the table. You then replace each character of your message with two characters which are represented by the column followed by the row each character is present in.

Enigma Machine

Invented between World Wars, used by Germans and Japanese. Data could be transmitted both via radio or printed on paper. Designed so that when a key was pressed, the cipher text for that plain text was different each time. Was a multi-alphabet cipher with 26 possible alphabets.

Kerckhoff's Principle

We can expose everything but the private key and the data can still be secure.

Issue with Symmetric Encryption

There's only one key, and it's difficult to only have both parties who need the key to have it. It typically needs to be sent via another medium than the message or else it could be compromised by the attacker. Keys can also be sent via out of band (off the network being used to send the message).

Binary Math

Base 2 system instead of base 10 system.

Binary AND

If both numbers have a one in the same place, then the resultant number is a one. If not then it is a zero

1st number - 1100
2nd number - 0100
--------------------------
Result - 0100

Binary OR

Checks to see if there is a one in either or both numbers in the same place. If so, the resultant number is one, if not, it is zero.

1st number - 1100
2nd number - 0100
--------------------------
Result - 1100

Binary XOR (Exclusive OR) ⊕

Checks to see if there is a one in either number in the same place. If so, the resultant number is one, if not, it is zero.

1st number - 1100
2nd number - 0100
--------------------------
Result - 1000

XOR is reversible. If you XOR the result with the 2nd number, you will get the 1st number as a result. If you XOR the result with the 1st number, you will get the 2nd number as a result.

Substitution

XORing the plain text with the key.

Transposition

Swapping blocks of text.

Confusion

Making the relationship between a key and the ciphertext as complex as possible.

Diffusion

Each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.

Avalanche

The concept that if one bit of data changes, the cipher text will all completely change as well.

Key Schedule

An algorithm for the key that calculates the subkeys for each round that the encryption goes through.

Hybrid Encryption

Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.

Symmetric Algorithms

Examples are DES, 3DES, DESX, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA

Whitening

A technique used to increase the security of block ciphers. It consists of steps that combine the data with portions of the key (most commonly using a simple XOR) before the first round and after the last round of encryption.

Block Cipher

Data fills up a block (typically 64 or 128 bits) and that block is encrypted as a whole. Slower than stream ciphers. If a block was not full, you would need to pad the data to end up at the block size.

Feistel Network

Chunk data into evenly sized blocks. The two chunks are typically called L0 and R0 (left 0 and right 0). As long as these are even, it is considered a traditional/normal Feistel Cipher. An unbalanced Feistel Cipher is when the basket does not split evenly. Next is the round function, which is applied to both halves and is used to go through the multiple rounds/iterations based on the symmetric encryption algorithm. Output of each round function is XORed with the other half (L0 is XORed with R0). R0 is then moved over to L0. R0 is moved over to the left and XORed.

DES

Symmetric algorithm. One of the most widely deployed algorithms in the world, even though it is no longer recommended or considered secure. 64 bit key (56 bits + 8 bits party), 64 bit block sizes.

3DES

Symmetric algorithm. Does DES 3 times, doing one of the following: 1st key encrypts, 2nd key decrypts, 3rd key encrypts, or one key encrypts/decrypts/encrypts, or 1st key encrypts, 2nd key decrypts, and 1st key encrypts again.

DESX

Symmetric algorithm. 64 bit key is appended to data, XOR it, and then apply the DES algorithm.

AES

Symmetric algorithm. FIPS 197 was used to announce AES. Key size is either 128, 192 and 256 bits. 10 rounds for 128 bits, 12 for 192 bits, 14 for 256 bit keys. Block size is 128 bit for each key size. Uses a substitution/permutation matrix instead of a Feistel cipher.

Blowfish

Symmetric algorithm. Designed in 1993 by Bruce Schneier. 16 round Feistel cipher working with 64 bit blocks. Key size ranges from 32 to 448 bits. Designed as a replacement for DES.

Serpent

Symmetric algorithm. Designed by Ross Anderson, Eli Biham, and Lars Knudsen. Has a block size of 128 bits. Key size is 128, 192, or 256 bits. Uses a substitution-permutation network instead of Feistel cipher. Uses 32 rounds working with a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. Designed so all operations can be done in parallel.

Twofish

Symmetric algorithm. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Uses a block size of 128 bits and key sizes of 128, 192, or 256 bits. It is a Feistel cipher.

Skipjack

Symmetric algorithm. Designed by NSA for the clipper chip - a chip with built in encryption. The decryption key was kept in key escrow in case law enforcement needed to decrypt data without the owner's cooperation, making it highly controversial. Uses an 80 bit key to encrypt/decrypt 64 bit data blocks. It is an unbalanced Feistel network with 32 rounds.

IDEA

Symmetric algorithm. Designed by James Massey and Xuejia Lai. Operates on 64 bit blocks and has a 128 bit key. Consists of 8 identical transformations each round and an output transformation.

CAST-128

Symmetric algorithm. Created in 1996 by Carlisle Adams and Stafford Tavares. Operates on 64 bit blocks and has a key size of 40-128 bits. Typically used in GPG and PGP. Encryption is either 12 or 16 rounds.

CAST-256

Designed by Carlisle Adams, Stafford Tavares, Howard Heys, and Michael Wiener. Operates on 128 bit blocks and has a key size of 128, 160, 192, 224 or 256 bits. Encryption has 48 rounds.

Steganography

Data that is hidden inside of a common carrier.

Least Significant Bit

What is chosen to hide data as they are typically padding or other parts that do not affect what the data is hidden in.

Payload

The data to be covertly communicated.

Carrier

The signal/stream/file itself that we're hiding the payload inside of.

RQP (Raw Quick Pair)

Statistical analysis on number of unique colors and color number pairs in the picture and you look for least significant bits and manipulation of data in those bits, typically inside of whitespace.

Chi Square

Doing a calculation/comparison and looking at the number of overall bits and the info in those bits and then calculate the theoretical amount of information in the file and compare it to the actual information in the file The delta between the two is then used to compare the file bits to attempt to find the hidden information.

Suite A Algorithms

Confidential, not published, used for secret and top secret government communications. We have no knowledge of them other than what's on this list is used by the government to securely communicate.

Suite B Algorithms

Commercially available and used in all modern software in one way or another that are recommended by the NSA.

Type 1

Suite B Algorithms - Juniper, Mayfly, Fast hash, Walburn, Pegasus, AES (depending on implementation)

Type 2

Suite B Algorithms - Skipjack, KEA

Type 3

Suite B Algorithms - DES, 3DES, SHA1, AES (depending on implementation)

Type 4

Suite B Algorithms - Not certified by government, but there may be public or private sector algorithms that exist on this level.

Stream Cipher

Encrypts data bit by bit. Processed in a sequential/linear progression.

Electronic Code Book (ECB)

Each block is encrypted independently, identical plaintext blocks are encrypted into identical ciphertext blocks. Each block is encrypted independently and only one round of encryption is done. Cannot diffuse/confuse or inject an initialization vector with this.

Cipher Block Chaining (CBC)

Each block of plaintext is XORed with the previous ciphertext block before being encrypted. The initial plaintext block has an IV added prior to encryption to produce a unique ciphertext value.

Propagating Cipher Block Chaining (PCBC)

It's basically CBC with the prior cipher text included as well. You take the previous plaintext and ciphertext, XOR them, and then XOR them with the next block's plaintext.

Cipher Feedback (CFB)

You start with an IV, encrypt it with your key, then XOR it with the plaintext to get cipher text. This value is then used as the starting point for the next round to encrypt with the key again before XORing it with the next block of plaintext.

Output Feedback (OFB)

Very similar to CFB, the only difference is that the output after the encryption is used as the IV for the next round prior to XORing it with plaintext, while CFB does the XOR prior to becoming the IV for the next round. It acts like a stream cipher since each bit is encrypted with the key individually and is then sent to act as the IV, one bit at a time for the next round.

Counter (CTR)

Essentially this is ECB, but instead of plaintext encrypted with the key a nonce (a random challenge) and an incrementing counter is used. This is then XORed with the plaintext to get the cipher text. Nothing is carried over to the next round like some of the prior methods. This is a stream cipher as well.

Digital Certificate

Standard template is X509 V3. It's been around since 1988 and it's the most commonly used format today. Used to identify the certificate holder when conducting electronic transactions. When modified, they typically become invalidated. The can expire as well or be revoked for a number of reasons (private key compromised, etc). They are used for web servers, authentication of Cisco Secure phones, E-Commerce. This is one of the most common methods to distribute public keys.

Common Digital Certificate Fields

Certificate Information Statement, Issued to, Issued by, Valid from

Digital Certificate Details Fields

Version,Serial Number, Signature Algorithm, Hash Algorithm, Issuer, Valid From, Valid To, Subject, Public Key, Key Usage Statement, Friendly Name

Certification Path

The path for certification. For Root CAs, since they are self-signed, the only part of the path is themselves since it's issued to itself. For Intermediary CAs, it will show the Root CA who issued the certificate as the step above the certificate. For other certificates, there may be several steps above in the certification path. You can also view the certificates above in the path to validate information. If there is an issue, you would see something like the following: The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered.

Commercial CA

A company that is an issuing authority that sells certificates.

Certificate Extension Types

.pem, .cer/.crt/.der, .p7b, .p7c, .pk12. .pfx

.pem

Private enhanced mail - uses base 64 encoding with distinguished encoding rules enclosed between the open and close statements of begin certificate and end certificate.

.cer/.crt/.der

Different extensions for distinguished encoding rules. Typically binary encoded.

PKCS#7 or PKCS standard 7 (.p7b, .p7c)

Signed data structures, typically a CRL (certificate revocation list).

.pk12/PKCS#12

These have our actual certificate certificates. Typically the public & private keys we are dealing with. They are password protected as well.

.pfx

Predecessor to .pk12

Symmetric encryption formula

C = E(k,p)

Symmetric decryption formula

P = E(k,c)

Claude Shannon

Created the theory of the avalanche effect. Considered the founder of information theory with his paper published in 1948, A Mathematical Theory of Communication. He also wrote Communication Theory of Secrecy systems in 1949 which was on the mathematical theory of cryptography.

Key Clustering

Different encryption keys generated the same ciphertext from the same plaintext message.

Synchronous

Encryption or decryption is performed immediately - typically used with stream ciphers.

Asynchronous

Encryption or decryption requests are processed in queues - typically used with block ciphers.

Hash function

A one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value.

Salt

Random bits of data intermixed with the message that is to be hashed.

MD4

Hash. Created by Ronald Rivest. 128 bit output size, 512 bit block size, 32 bit word size, 3 rounds. Considered very insecure.

MD5

Hash. Created by Ronald Rivest. Replaced MD4. 128 bit output size, 512 bit block size, 32 bit word size, 64 rounds. Infamously compromised by Flame malware in 2012.

SHA-1

Secure Hashing Algorithm. Designed by NSA. 160 bit output size, 512 bit block size, 40 bit word size, 80 rounds.

SHA-224/SHA-256

Secure Hashing Algorithm. Designed by NSA. 224/256 bit output size, 512 bit block size, 56 bit word size, 64 rounds.

SHA-384, SHA-512, SHA-512/224, SHA-512/256

Secure Hashing Algorithm. Designed by NSA. 384/512/224/256 bit output size, 1024 bit block size, 64 bit word size, 80 rounds.

SHA-3

Secure Hashing Algorithm. Designed by NSA. 224/256/384/512 bit output size, up to 1600 bit block size, 64 bit word size, 24 rounds.

TIGER

Hash. Created by Ross Anderson and Eli Baham. 192/160/128 bit output size, 512 bit block size, 53 bit word size, 24 rounds.

RIPEMD

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128 bit output size, 512 bit block size, 32 bit word size, 48 rounds. In 2004, a collision was discovered.

RIPEMD-128/256

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128/256 bit output size, 512 bit block size, 32 bit word size, 64 rounds.

RIPEMD-160

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 160 bit output size, 512 bit block size, 32 bit word size, 80 rounds.

RIPEMD-320

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 320 bit output size, 512 bit block size, 32 bit word size, 80 rounds.

Symmetric Encryption

A single key is used to encrypt and decrypt.

Asymmetric Encryption

Two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. Has both a public key to be shared and a private key that is held onto by the owner that should remain private. If the public key encrypts, only the private key can decrypt and vice versa.

Digital Signature

Provide authentication of a sender and integrity of a sender's message. A message is input into a hash function. Then that hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature. Created by signing with the sender's private key. Typically used in e-mail. RSA and DSA can be used to produce and verify digital signatures.

Certificate Authority (CA)

An entity trusted by one or more users as an authority in a network that issues revokes, and manages digital certificates.

Root CA

Typically only issues certificates to subordinate CA's - typically kept offline so they do not get compromised.

Subordinate CA

Issues certificates to users & computers on behalf of the root CA.

Registration Authority

Used to proxy the certificate requests on behalf of the user and validate whether or not they are legitimate instead of having the user go directly to the CA. The RA talks to the subordinate CA on behalf of the user, which makes it harder for the actor to get directly to the certificate authority and do harm.

Enterprise CA

Tied to an LDAP provider. It is a CA that has a domain controller (typically used in enterprises).

Standalone CA

A CA installed outside of the directory (LDAP) service. It is on a standalone server, not connected to an LDAP provider.

Plaintext or cleartext

The input provided to the cryptosystem. The information we want to provide confidentiality protections for. The unencrypted version of the data we want to protect

Cipher text or cryptogram

The output of the cryptography process or cryptosystem. The encrypted version of the plaintext.

Cryptosystem

This represents the entire cryptographic operation. This includes the algorithm, key, and key management functions.

Encryption

The process of taking plaintext, running it through the cryptosystem, and producing cipher text on the backend.