Chapter 2

What does CIA confidentiality ensure?

Only authorized parties can access sensitive information

What are 2 ways to enforces confidentiality?

Deny read and encryption

What dees CIA integrity ensure?

The data has not been modified in an unauthorized way.

What are two ways to maintain integrity?

Deny write access and use of hashing

What does CIA availability ensure?

Maintaining access to an object when need of access

What is disclosure?

When confidentiality has been compromised

Who takes disclosure very serious

Governments place heavy emphasis on confidentiality

What is tampering

When integrity has been compromised and object is no longer trustworthy

What is the data state model?

1. Data in transit

2. Data at rest

3. Data in use

4 security goals of cryptography

1. Confidentiality -only authorized parties can read data

2. Integrity- verifying data has not been altered

3. Authentication - verifying a source is who they say they are 4. Non-repudiation - prevents someone from denying their actions

What is a PRNG

Pseudo-random number generator

A program or function that can produce a random number that can strengthen encryption or authentication

What is an IV

Initialization vector

A random rate created by a RNG or PRNG used before encryption process is finalized to prevent repetition and patterns

What is a nonce

A number used once with often with network based authentication protocols

What is a salt?

A random number added to a password before encryption to create a password hash

What is a password hash?

Transforms password into scrambled unreadable string that can't be reversed

What is PFS

Perfect forward secrecy - a security goal of protecting communication data during and after the session

What should be avoided to achieve PFS

Avoid static keys and predictable keys

What is an ephemeral key

A temporary key used for a current conversation and discarded when conversation is ended

General rule for key length

The size of an encryption key is proportional to its ability to resist brute-force attack. Positive and negative effect

What are key stretching protocols

Lengthen a key or password to make it more resistant to attacks

Examples of key stretching

PBKDF2 (password-based key derived function2) to protect password bcrypt() used by Linux to salt password before encryption and store in shadow file

What is steganography

Concealing a message within some other data object ( weaker form of confidentiality compared tocrypt ography)

Where is steganography used?

• Convert channel and digital rights management and meta data

What is obfuscation

Disguises computer code or data so its meaning isn't obvious.

What ave some examples of obfuscation

Encoding data with rot 13 shift cipher or using exclusive - OR logic on data

What are the 3 different encryption ciphers

Lightweight cryptography, stream and block

What is the light weight cryptography cipher

Algorithm designed to be efficient on resource - constrained device (RFID chips or IOT firmware) - these devices operate without power cable

Why is lightweight cryptography good?

Using other traditional asymmetric cryptographic algorithms would drain battery too quickly

What is a stream cipher?

Speedy and simple way of encrypting data one bit or byte at a time and does not require significant resources. (RC4)

What is a block cipher?

A method of encrypting data to a block once as a group needs more resources but stronger than stream.

What is hashing?

Performing calculation on a message and converting it into a numeric hash value, it establishes message integrity

What is impossible with hashing and why?

Decryption is not possible because it doesn't use a key

What is a hashing collision?

2 different hashing inputs van through same hash function create the same hash value

What is MAC

Message authentication code- authenticates integrity and authenticity of a message. ( data integrityand origin)

What is HMAC

Hashed message authentication code - a type of MAC using a specific hashed function with a secret key - the shared key is appended to the data to be hashed

What are symmetric algorithms?

Require both ends of a encrypted message to have same key and same algorithms

What is a symmetric key?

A key not disclosed to those who aren't authorized to the encryption system - if a key is lost the entire cryptosystem is breached

What are some advantages of symmetric cryptography

• Less computationally intensive

• Produces smaller file size

• Allows faster transmissions

What are disadvantages of symmetric cryptography

• Lacks “ non- repudiation “

• Is there trust between the parties

• Secure communications between n people means a total of n (n-i)/2 keys are needed and how do we exchange keys securely

what do cipher modes of operation do?

provide an organized way for managing encryption keys, IVs, and the plaintext data as block cipher performs encryption

what are the different cipher modes

CBC cipher block chaining

CTR counter mode

GCM Galois counter mode

CCM Counter by CBC-MAC

what is CBC

a cipher mode that provides confidentiality for anything from files to wireless frames and hard dives. it is unauthenticated and uses an IV to avoid repetitions

what is CTR

Does not use chaining and can be used with parallel processin, uses a nonce and its inattentive

what is GCM

a fast and efficient cipher block that uses parallel processing. Can be authenticated and provides confidentiality

What is CCM

So authentication is established using the CBC MAC tag

and then confidentiality using the Counter modes symmetric algorithm

what is Asymmetric Cryptogragy

A type of cryptography where two keys are used: a public key for encryption and a private key for decryption, enabling secure communication.

what are advantages of asymmetric cryptography

more simplified key management and the public key is freely distributed enabling secure communication and exchange. It also allows for non-repudiation, as the private key can verify the identity of the sender.

what are the disadvantages of asymmetric cryptography

It is generally slower than symmetric cryptography, requires more computational power, and may involve a more complex key management system.

what is the diffie-hellman asymetric cryptography algorithm

It is a method for sharing keys over a unsecured communication channel. No keys are created by the algorithm just a way to securely exchange cryptographic keys.

what are diffie-hellman groups?

DH groups set the size of the secret number during the DH process.

what is the RSA asymmetric cryptography algorithm

Rivest, Shamir, Adleman

a public-key encryption system that uses large prime numbers that are computationally difficult to factor as the basis of its structure. It is the defacto standard. It provides digital signature, key exchange, and encryption services

what is ECC asymmetric cryptography algorithm

Elliptical Curve Cryptography

is an encryption technique based on the using points on a curve to define the public/private key pair. It offers high levels of security with relatively small key sizes and less computing power..

what are digital sigantures

A persons signature. It indicates knowledge and approval of an act carried out by that person.

What is a digital signature comprised of?

1. Data

2. Hashing

3. Asymmetric Private key

How does hashing support integrity?

A hash is generated with the original file and sent along with the file. The recipient then hashes the file again and if it doesnt match the hash sent over. The integrity of the message is compromised.

How does Asymetric Private key support autehntication and nonrepudiation?

Authentication - Only ONE person has their specific private key and so anyone with a public key can verify who it was who created it by seeing their private key since its unique.

Nonrepudiation- Again only ONE person has their unique key making it impossible for them to claim they didnt do something if they used that key.

What is a blockchain?

A linked list of blocks of data of an individuals financial transactions (most commonly digital). It is public and cannot be changed.

What are the components of a Blockchain

1. Block header

   1. A nonce and timestamp

   2. A hash of previous block data creating the chain

   3. a hash of this blocks data

2. Block data

what is in-band key exchange

exchanging keys over the same communication channel. Not very secure

what is out-band key exchange?

Exchanging keys over differing communication channels or with alternative technology. More secure

What is the RSA key exchange method

using the RSA servers public key for verification of the website and also for encryption and exchange of the Session key. Does not support perfect forward secrecy.

What is the Diffie-Hellman Ephemeral key exchange method

Uses DH to agree on the session key. This method does support perfect forward secrecy because the key is not connected to the servers asymmetric keys and is destroyed when the session is over.

What is the Elliptical Curve Diffie Hellman Ephemeral key exchange.

Uses DH for agreeing on a key by using points on an agreed upon curve to come up with the keys. This one supports perfect forward secrecy the best because the keys are not tied to the servers asymmetric keys AND the keys are smaller and therefore easier to compute.

What is PKI?

Public Key infrastructure

A system for generating and assigning, stores, and deleting a users key pair for asymmetric keys. It has one or more Certificate Authoritythat create private and publick keys.

What is CA

Certificate Authority

Responsible for issuing revoking and distributing certificates. A key component of PKI. Each user of a PKI system has a certificate that can be used to verify their authenticity.

what is trust root certificate authority?

A CA server that creates its own asymmetric keys and digitally signs its public key. It also creates keys for the intermediate CA and signs the public key. The root of the hierarchical trust model

What is the X.509 digital certificate

developed by the International Telecommunications Union. In the hierarchical trust model and uses centralized key management

what are the seven items in the X.509 certificati

DN Distinguished name of owner

Owners public key

The CAs Distinguished Name

the CAs digital signature

Periodicity

Certificat policy

Serial number

what is a CSR and what does it include

certificate signing request

a request from a client to a CA asking for a certificate to be issued.

clients digital signature, public key to be signed, common name, business name, email address, location info

what is key escrow

Storage of key information with third party (key escrow agency). Can be a part of key recovery process.

who is the recovery agent

someone with access to keys stored in a key repository

what is m of n control

A method to access the key server. It can only be accessed if m number of n administrators authorize access