Encryption & Network Security Protcols

🃏 Flashcard Set: Encryption & Network Security Concepts

HSM (Hardware Security Module)
➡ A physical device that manages digital keys and performs encryption/decryption.
Often used for secure key storage and cryptographic processing in enterprises.

TPM (Trusted Platform Module)
➡ A hardware chip on the motherboard that provides secure cryptographic key storage and supports device authentication and integrity checks.

SED (Self-Encrypting Drive)
➡ A data storage device with built-in, hardware-level encryption.
Encrypts all data automatically as it’s written to the drive.

FDE (Full Disk Encryption)
➡ Software technology that encrypts the entire contents of a storage device, protecting data at rest.

EFS (Encrypting File System)
➡ A Windows feature that allows users to encrypt individual files or folders, protecting them from unauthorized access.

BitLocker
➡ A Microsoft Windows tool for full disk encryption, protecting entire drives using TPM or a password.

GPG (GNU Privacy Guard)
➡ Open-source encryption software that implements OpenPGP standard to encrypt, sign, and manage keys.

PGP (Pretty Good Privacy)
➡ Encryption software used for securing emails, files, and communications through public-key cryptography.

HTTPS (HyperText Transfer Protocol Secure)
➡ Secure version of HTTP that encrypts web traffic using SSL/TLS.

SFTP (Secure File Transfer Protocol)
➡ A protocol for secure file transfer over SSH (not SSL/TLS).
Encrypts both commands and data.

SSH (Secure Shell)
➡ A cryptographic protocol for secure network communication, remote login, and command execution.

ESP (Encapsulating Security Payload)
➡ A part of IPsec that provides authentication, integrity, and confidentiality for IP packets.

VPN (Virtual Private Network)
➡ Creates encrypted “tunnels” over public networks to connect remote systems securely.

SRTP (Secure Real-time Transport Protocol)
➡ Protocol for secure, real-time delivery of audio and video over IP networks.

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
➡ Encryption protocol used in WPA2 Wi-Fi security; based on AES.

TLS (Transport Layer Security)
➡ Successor to SSL; provides encryption and integrity for communications over networks.

Symmetric Encryption
➡ Uses a single key for both encryption and decryption.
Fast and suitable for bulk data encryption.

Asymmetric Encryption
➡ Uses a public key to encrypt and a private key to decrypt.
Used in PKI, digital signatures, and key exchange.

DHE (Diffie-Hellman Ephemeral)
➡ Temporary key exchange protocol providing Perfect Forward Secrecy.

ECC (Elliptic Curve Cryptography)
➡ Uses elliptic curve math for strong encryption with smaller key sizes.
Ideal for IoT and mobile devices.

RSA
➡ Public-key cryptosystem based on large prime factorization; used for encryption, key exchange, and digital signatures.

KEK (Key Encryption Key)
➡ A key used to encrypt or protect other cryptographic keys within a key management system.

IKE (Internet Key Exchange)
➡ Protocol used in IPsec to securely exchange cryptographic keys and establish secure connections.

PFS (Perfect Forward Secrecy)
➡ A property ensuring that compromise of one session key doesn’t affect past or future sessions.

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)
➡ A key exchange method using elliptic curves to provide forward secrecy and efficiency.

AES (Advanced Encryption Standard)
➡ Symmetric block cipher widely used for secure data encryption.
Available in 128, 192, and 256-bit key sizes (256-bit is strongest).

DES (Data Encryption Standard)
➡ Older symmetric-key encryption algorithm, now deprecated and replaced by AES.

3DES (Triple DES)
➡ An improvement on DES that applies encryption three times for increased security (still weaker than AES).

IDEA (International Data Encryption Algorithm)
➡ Symmetric cipher once used in PGP; largely replaced by AES.

XOR (Exclusive OR)
➡ Logical operation used in many encryption algorithms to combine plaintext with key material.

CBC (Cipher Block Chaining)
➡ Block cipher mode where each ciphertext block depends on the previous block.
Provides diffusion but not parallelizable.

CFB (Cipher Feedback)
➡ Block cipher mode that turns a block cipher into a stream cipher for encrypting smaller units of data.

CTR / CTM (Counter Mode)
➡ Block cipher mode that turns a block cipher into a stream cipher using counters for each block.

GCM (Galois/Counter Mode)
➡ Combines CTR encryption with authentication for both confidentiality and integrity.

ECB (Electronic Codebook)
➡ Simplest and weakest block cipher mode—encrypts each block independently, revealing patterns.

Key Size / Key Length
➡ Number of bits in a key; longer keys mean more possible combinations and stronger security.