Ch. 3: Fundamentals of Cryptography

steganography

“covered writing” hides the existence of message or informationby embedding it within another medium, such as images or audio files.

metadata

data that is used to describe the content or structure of the actual data

cryptography

practice of transforming (“scrambling”) information that its meaning cannot be understood by unauthorized parties

transposition

Cryptography method

each letter of the message is rearrangedto create a new order, making it difficult to read without the key.

substitution

Cryptography method

where one letter is substituted for another letter

data masking

form of obfuscation

involves creating a copy of the original data and making it unintelligible

tokenization

form of obfuscation

obfuscates sensitive data elements, such as account number, into a random string of characters (token)

obfuscation

action of making something obscure

ROT13

type of subsitution

rotates the entire alphabet 13 steps (A=N, N=O, C=P, etc.)

ex. word “security” becomes “frphevgl”

encryption

the process of changing original text into a scrambled message

decryption

the process of converting an encrypted message back into its original text.

plaintext

unencrypted data that is input for encryption or is the output of decryption

ciphertext

scrambled and unreadable output of encryption

cleartext

unencrypted data that is not intended to be encrypted

cipher

cryptographic algorithm which consists of procedures based on a mathematical formula

key

a mathematical value entered into the algorithm to produce the ciphertext

confidentiality

Ensures only authorized parties can view it

integrity

ensures information is correct and unaltered

authentication

ensures sender can be verified through cryptography

nonrepudiation

proves that a user performed an action

obfuscation

making something obscure or unclear

security through obscurity

approach in security where virtually any system can be made secure as long as outsiders are unaware of it or how it functions

one-time pad (OTP)

strong secure cryptographic algorithm that is hand-calculated with a pad

combines plaintext with a random key

pad

long sequence of random letters

stream cipher

takes one character and replaces it with another

block cipher

manipulates an entire block of plaintext at one time

sponge function

input that has been padded with additional characters until all characters are used (“absorbed in the sponge”)

hashing

algorithm creates a unique “digital fingerprint” of a set of data

digest

resulting fingerprint from a hash algorithm

fixed size (hashing algorithm)

digest of a short data should produce the same size as a digest of a long set of data

unique (hashing algorithm)

Two different sets of data cannot produce the same digest. Changing a single letter in one data set should produce an entirely different digest

original (hashing algorithm)

it should not be possible to produce a data set that has a desired or predefined hash

secure (hashing algorithm)

the resulting hash cannot be reversed to determine the original plaintext

secure hash algorithm (SHA)

A family of cryptographic hash functions designed to ensure data integrity and security, producing a fixed-size output that is difficult to reverse.

RipeMD (RACE Integrity Primitives Evaluation Message Digest)

A family of cryptographic hash functions known for its efficiency and security, producing variable-length hashes.

Whirlpool

A cryptographic hash function that produces a 512-bit hash value, known for its security and resistance to collisions.

Symmetric cryptographic algorithms

A type of encryption where the same key is used for both encryption and decryption. They are generally faster and more efficient than asymmetric algorithms.

private key cryptography

Encryption method using a private key for both encryption and decryption, ensuring that only authorized parties can access the information.

(also called private key cryptography)

public key cryptography

asymmetric cryptographic algorithm

protects the confidentiality of data, uses two keys instead of only one. These keys are mathematically related and are known as the public key and private key

key pairs (asymmetric cryptography)

unlike symmetric cryptography that uses only one key asymmetric cryptography requires a pair of keys

public key (asymmetric cartography)

designed to be public and not need to be protected. Can be freely given to anyone or even posted on the Internet

elliptic curve cryptography (ECC)

users share one elliptic curve and one point on the curveto generate their key pairs. It is a form of public key cryptography that offers high security with smaller key sizes.

digital signature algorithm (DSA)

creates digital signature which can do the following : verify the sender, prevent the sender from disowning the message and prove message integrity

Diffie-Hellman (DH)

DH key exchange requires A and B to each generate a private key and a corresponding public key, allowing them to securely share a secret key over a public channel.

Diffie-Hellman Ephemeral (DHE)

is a variation of the Diffie-Hellman key exchange that uses temporary, or "ephemeral," keys for each session. This enhances security by ensuring that session keys are not reused.

Elliptic Curve Diffie-Hellman (EDCH)

is a key exchange protocol based on elliptic curve cryptography, which allows two parties to generate a shared secret over an insecure channel, providing enhanced security with smaller key sizes.

Perfect forward secrecy

public key systems that generate random public keys that are different for each session. The value of this is that if the secret key is compromised, it cannot reveal the contents of more than one message.

file-level encryption

to encrypt or decrypt files individually

full-disk encryption (FDE)

technology to protect the entire hard drive using cryptography including the installed OS

volume-level encryption

applying cryptography to a volume of a hard drive

partition-level encryption

applying cryptography to a partition of a hard drive

database-level encryption

applying cryptography to a database

record-level encryption

Applying cryptography to database records

self-encrypting drives (SED)

drives that can protect all data written to them

hardware security model (HSM)

removable external cryptographic dcevice that includes onboard key generator and key storage facility

trusted execution environment (TEE)

secure cryptoprocessor that is internal to the computer itself

trusted platform module (TPM)

international standard for cryptoprocessors that provides cryptographic sevices

secure enclave

a TPM on apple and android devices

blockchain

shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network

public blockchain (open public ledger)

blockchain network that anyone can join and become a part of

private blockchain

operates in a closed network

federated blockchain

typically used when organizations need to both a public and private blockchain

collision attack

attempt to find two input strings of a hash function that produce the same hash result

key length

number of bits in a key

downgrade attack

an attack in which the system is forced to abandon the current higher security mode of operation and f”all back” to implementing an older and less secure mode

collision

whgen two files have the same hash

collision attack

is an attempt to find two input strings of hash function that produce the same hash result

birthday attack

a statistical phenomenon that makes finding collisions easier

birthday paradox

is the probability theory that states in a group of people, the chance of two having the same birthday increases with group size, illustrating the principles behind the birthday attack in cryptography.

quantum computing

relies on quantum physics using atomic-scale units (qubits)

full-disk encryption FDE

What type of encryption would protect all data on a hard drive, including the installed OS?