cryptograhpgy

• Algorithm – A step-by-step procedure; typically an established computation for solving a problem within a set number of steps.

• Block cipher – A cipher that operates on blocks of data.

• Collision attack – An attack on a hash function, in which a specific input is generated to produce a hash function output that matches another input.

• Cryptanalysis – The process of attempting to break a cryptographic system.

• Cryptography – The art of secret writing that enables an individual to hide the contents of a message or file from all but the intended recipient.

• Diameter – The base protocol that is intended to provide an authentication, authorization, and accounting (AAA) framework for applications such as network access or IP mobility. Diameter is a draft IETF proposal.

• Hash – Form of encryption that creates a digest of the data put into the algorithm. These algorithms are referred to as one-way algorithms because there is no feasible way to decrypt what has been encrypted.

• Key – In cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message.

• Keyspace – The entire set of all possible keys for a specific encryption algorithm.

• Linear cryptanalysis – The use of linear functions to approximate a cryptographic function as a means of analysis.

• Multiple encryption – The use of multiple layers of encryption to improve encryption strength.

Bcrypt – key-stretching mechanism that uses the Blowfish cipher and salting, and adds an adaptive function to increase the number of iterations.

Birthday attack – a special type of brute-force attack that gets its name from something known as the birthday paradox, which states that in a group of at least 23 people, the chance that two individuals will have the same birthday is greater than 50 percent.

Cipher suite - An arranged group of algorithms.

Cryptographic service provider (CSP) - A software library that implements cryptographic functions. CSPs implement encoding and decoding functions, which computer application programs may use.

Crypto modules - A module that uses a hardware, software, or hybrid cryptographic engine contained within the boundary, and cryptographic keys that do not leave the boundary, maintaining a level of security.

Data at rest - A state of data in a computing system. Data at rest is the most prominent use of encryption and is typically referred to as data encryption.

Data in transit - A state of data in a computing system. Transport encryption is used to protect data in transit, or data that is in motion. When data is being transported across a network, it is at risk of interception.

Data in use - A state of data in a computing system. Data in use is the term used to describe data that is stored in a nonpersistent state of either RAM, CPU caches, or CPU registers.

Digital rights management (DRM) - The process for protecting intellectual property from unauthorized use. This is a broad area, but the most concentrated focus is on preventing piracy of software or digital content.

Digital signature - Provides a means of verifying authenticity and integrity of a message. Digital signatures have been touted as the key to truly paperless document flow, and they do have promise for improving the system. Digital signatures are based on both hashing functions and asymmetric cryptography.

DNSSEC - A protocol for the translation of names into IP addresses.

Ephemeral keys - Cryptographic keys that are used only once after they are generated.

Federal Information Processing Standards Publications (FIPS PUBS or simply FIPS) - Describe various standards for data communication issues. These documents are issued by the U.S. government through the National Institute of Standards and Technology (NIST), which is tasked with their development.

FTPS - The implementation of FTP over an SSL/TLS secured channel.

HMAC-based one-time password (HOTP) - An algorithm that is a key component of the Open Authentication Initiative (OATH). YubiKey is a hardware implementation of HOTP that has significant use.

Hypertext Transfer Protocol Secure (HTTPS) - The use of SSL or TLS to encrypt a channel over which HTTP traffic is transmitted.

IPsec - A collection of IP security features designed to introduce security at the network or packet-processing layer in network communication.

Key escrow - The process of keeping a copy of the encryption key with a trusted third party.

Key exchange - The central foundational element of a secure symmetric encryption system. Maintaining the secrecy of the symmetric key is the basis of secret communications. In asymmetric systems, the key exchange problem is one of key publication.

Key stretching - A mechanism that takes what would be weak keys and “stretches” them to make the system more secure against brute-force attacks.

Lightweight Directory Access Protocol Secure (LDAPS) - Involves the use of an SSL tunnel to connect LDAP services. Technically, this method was retired with LDAPv2 and replaced with Simple Authentication and Security Layer (SASL) in LDAPv3. SASL is a standard method of using TLS to secure services across the Internet. LDAP is the primary protocol for transmitting directory information.

Message integrity - Also known as integrity, it is a crucial component of message security. Integrity refers to the ability to independently make sure that a document has not been tampered with.

Password-Based Key Derivation Function 2 (PBKDF2) - A key-derivation function designed to produce a key derived from a password. This function uses a password or passphrase and a salt and then applies an HMAC to the input thousands of times. The repetition makes brute-force attacks computationally unfeasible.

Pretty Good Privacy (PGP) - A popular program that is used to encrypt and decrypt e-mail and files. It also provides the ability to digitally sign a message so the receiver can be certain of the sender’s identity.

Rainbow tables - Precomputed tables or hash values associated with passwords. This can change the search for a password from a computational problem to a lookup problem. This can tremendously reduce the level of work needed to crack a given password.

Replay attack - Attacks that work against cryptographic systems like they do against other systems. If one can record a series of packets and then replay them, what was valid before may well be valid again.

Secure IMAP – IMAP over a SSL/TLS session. Secure IMAP uses TCP port 993.

Secure POP3 - POP3 over a SSL/TLS session. Secure POP3 utilizes TCP port 995.

Secure/Multipurpose Internet Mail Extensions (S/MIME) - A standard for public key encryption and signing of Multipurpose Internet Mail Extensions data in e-mails. S/MIME is designed to provide cryptographic protections to e-mails and is built into the majority of modern e-mail software to facilitate interoperability.

Secure Real-time Transport Protocol (SRTP) - A network protocol for securely delivering audio and video over IP networks. SRTP uses cryptography to provide encryption, message authentication, and integrity, as well as replay protection to the RTP data.

Secure Shell (SSH) - An encrypted remote terminal connection program used for remote connections to a server. SSH uses asymmetric encryption but generally requires an independent source of trust with a server, such as manually receiving a server key, to operate. SSH uses TCP port 22 as its default port.

Secure Sockets Layer (SSL) - An application of encryption technology developed for transport-layer protocols across the Web. This protocol uses public key encryption methods to exchange a symmetric key for use in confidentiality and integrity protection as well as authentication. The current version, v3, is outdated, having been replaced by the IETF standard TLS.

Session key - A symmetric key used for encrypting messages during a communication session. It is generated from random seeds and is used for the duration of a communication session.

SFTP - Involves the use of FTP over an SSH channel. This leverages the encryption protections of SSH to secure FTP transfers. Because of its reliance on SSH, it uses TCP port 22.

Simple Network Management Protocol version 3 (SNMPv3) - A standard for managing devices on IP-based networks.

Steganography - An offshoot of cryptography technology that gets its meaning from the Greek word steganos, meaning covered.

Transport encryption – Used to protect data that is in motion. When data is being transported across a network, it is at risk of interception.

Flashcards for Cryptography Concepts

1. Algorithm: A step-by-step procedure for solving a problem within a set number of steps.

2. Block Cipher: A cipher that operates on blocks of data.

3. Collision Attack: An attack on a hash function to produce a matching hash output for different inputs.

4. Cryptanalysis: The process of attempting to break a cryptographic system.

5. Cryptography: The art of secret writing to conceal message contents.

6. Diameter: A protocol providing framework for authentication, authorization, and accounting (AAA).

7. Hash: A one-way encryption algorithm creating a data digest.

8. Key: A sequence of characters/bits used to encrypt/decrypt messages.

9. Keyspace: The total set of all possible keys for a specific encryption algorithm.

10. Linear Cryptanalysis: Using linear functions to approximate cryptographic functions for analysis.

11. Multiple Encryption: Utilizing multiple encryption layers for enhanced security.

12. Bcrypt: A key-stretching mechanism using Blowfish cipher with salting.

13. Birthday Attack: A brute-force attack based on the birthday paradox.

14. Cipher Suite: A group of algorithms arranged for cryptographic purposes.

15. Digital Signature: A method to verify message authenticity and integrity based on hashing and asymmetric cryptography.

16. Secure Sockets Layer (SSL): Encryption technology for transport-layer protocols on the web.