unsa

Cryptography

is the technique of securing information by converting it Info an unreadable form so that anly authorized users can access and understand it.

Data Confidentiality

ensures that information is accessible only to authorized Individuals or systems. It is usually enforced through encryption techniques and confidentiality agreements.

Data integrity

ensures that information remains accurate, complete. and unchanged throughout its lifecycle, Any unauthorized modification of data can be detected.

Authentication

verifies the identity of a user or system and confirms that the data being claimed actually belongs to the sender

Non-repudiation

guarantees that a sender carinot deny sending a message or signing a document. It provides proof of origin and deliver of data.

Secret key cryptography

, also known as symmetric encryption, uses a single key to encrypt and decrypt a message. The sender encrypts the plaintext message using the key and sends it to the recipient who then uses the same key to decrypt it and unlock the original plantest message.

Stream ciphers

work on a single bit or byle at any time and constantly change the key using feedback mechanisms. A self-synchronizing stream cipher ensures the decryption proces stays in the with the encryption process by recognizing where it is in the bit keystream. A synchronous stream cipher generates the keysheam independently of the message stream and generates the same keystream function of both the sender and the receiver

Block ciphers

encrypt one block of fixed-size data at a time. It will always encrypt a plaintext data block to the same ciphertext when the same key is used. A good example of this is the Feistel cipher, which uses elements of key expansion, permutation, and substitution to create vast confusion and diffusion in the cipher

Public key cryptography

or asymmetric cryptography, uses mathematical functions to create codes that are exceptionally difficult to crack. It enables people to communicate securely over a nonsecure communications channel without the need for a secret key. For example, proxy reencryption enables a proxy entity to reencrypt data from one public key to another without requiring access to the plaintext or private keys

Weak keys

Keys are essentially random number that become more difficult to crack the longer the number is. Key strength and length need to be relative to the value of the data it protects and the length of time that data needs to be protected. Keys should be created with a high-quality. certified random number generator that collects entropy-the information density of a file in bits or characters from suitable hardware noise sources.

Incorrect use of keys

When keys are used improperly or encoded poorly, it becomes easier for a hacker to crack what should have been a highly secure key.

Reuse of keys

Every key should only be generated for a specific single-use encrypt/decrypt purpose, and use beyond that may not offer the level of protection required

Non-rotation of keys

Keys that are overused, such as encrypting too much data on a key. become vulnerable to attacks. This is particularly the case with older ciphers and could result in data being exposed. Keys need to be rotated, renewed, and updated when appropriate.

Inappropriate storage of keys

Storing keys alongside the information they have been created to protect increases their chances of being compromised. For example, keys stored on a database or server that gets breached could also be compromised when the data is exfiltrated.

Inadequate protection of keys

Huge cyberattacks lite Meltdown/Spectre and Heartbleed have been capable of exposing cryptographic keys stored in server memory. Therefore, stored keys must be encrypted and only made available unencrypted when placed within secure, tamper-protected environments, or even kept offline

Insecure movement of keys

Moving keys between systems should only occur when the key is encrypted or wrapped under an asymmetric or symmetric pre-shared transport key. If this is not possible, then the key must be spilt up into multiple parts that are kept separate, re-entered into the target system. then destroyed.

Insider threats (user authentication, dual control, and segregation of roles

Lack of resilience

Resilience is vital to protecting the avaliability, confidentiality, and Integrity of keys. Any key that suffers a fault with no backup results in the data the key protects being lost or inaccessible.

Lack of audit logging

Key life cycles must be logged and recorded in full to ensure any compromise can be tracked and enable subsequent investigations to occur smoothly.

Manual key management processes

Recording key management processes manually on paper o spreadsheets runs the risk of human error and makes the kims Fighly vulnerable to attack or theft.

Hashing

is the process of transforming any given key or a string of characters into another value. This is usually represented by a shorter, fixed-length value or key that represents and makes it easier to find or employ the original string