Term
|
Definition
|
|
Term
|
Definition
| science of breaking codes |
|
|
Term
|
Definition
| estimate of time needed to break a protective measure |
|
|
Term
|
Definition
individual application of encryption to data on each link of a
network |
|
|
Term
|
Definition
| encryption of data from source system to end system |
|
|
Term
|
Definition
each block encrypted
separately
DES is block cipher |
|
|
Term
|
Definition
message broken into characters or bits and enciphered with a key
stream
XOR generally used |
|
|
Term
key exchange, negotiation, or
distribution |
|
Definition
| Process of establishing a session key |
|
|
Term
|
Definition
private key/secret key
1. Single key shared by sender and receiver
Strengths: 1,000 or more times faster than asymmetric
4. Weaknesses: key management is a weakness – requires secure key
distribution |
|
|
Term
| Asymmetric Key Cryptography |
|
Definition
public key
Message encrypted with one of keys can be decrypted with other — two key
pairs – private key (kept secret) and public key (made available)
2. Based on difficult to solve problems – factoring the product of two large primes
or discrete logarithm problem
Strengths: efficient key distribution, scalable, provides confidentiality, access
control, authentication, integrity, and non-repudiation services
6. Weaknesses: very intense computations, slower than symmetric |
|
|
Term
|
Definition
Symmetric key for bulk data encryption
2. Asymmetric key for key distribution |
|
|
Term
|
Definition
shift alphabet or scramble alphabet and substituting
characters |
|
|
Term
|
Definition
| position of letters is permuted |
|
|
Term
|
Definition
use multiple substitution ciphers with different
alphabets to defeat frequency analysis |
|
|
Term
|
Definition
uses text from a source, such as a book, to encrypt
the plaintext – key is known to sender and receiver – page, line, and character
number |
|
|
Term
|
Definition
| key is a random set of non-repeating characters and each key bit is used only once — each key bit is XORed with message bit to produce ciphertext |
|
|
Term
|
Definition
message is hidden in another message – every so
many words for example |
|
|
Term
|
Definition
data hidden in picture files (least significant bits of bitmap
image), sound files, slack space on disks |
|
|
Term
|
Definition
| list of codes or phrases and their corresponding code group |
|
|
Term
|
Definition
| Hagelin machine (combines plaintext with key stream to produce ciphertext), rotor machine uses rotors to produce cipher alphabet (Japan’s Purple and Germany’s Enigma) |
|
|
Term
|
Definition
block cipher — symmetric key — 56 bit key, plus 8 parity bits — 16
rounds of transpositions and substitutions |
|
|
Term
|
Definition
| Electronic Code Book (ECB) — 64-bit data blocks processed at one time — same message and key produce same ciphertext |
|
|
Term
|
Definition
| Cipher Block Chaining (CBC) — first 64-bit plaintext block XORed with an initializing vector and processed with key to produce ciphertext which is then XORed with second 64-bit plaintext block to produce second ciphertext block |
|
|
Term
|
Definition
| Cipher Feedback (CFB) — first 64-bit plaintext block is XORed with the key-ciphered initialization vector to produce the ciphertext – this ciphertext is encrypted with key and XORed with second 64-bit plaintext block to product second ciphertext block |
|
|
Term
|
Definition
| Output Feedback (OFB) — similar to CFB except the XORed bits are not a function of either the plaintext of the ciphertext – initialization vector is used to seed the process – IV is DES encrypted and XORed with first data block to produce first ciphertext – the DES encrypted IV is DES encrypted again for the second block |
|
|
Term
|
Definition
block cipher — symmetric key — 112 bit key — no more secure
than DES |
|
|
Term
|
Definition
block cipher — symmetric key — 168 bit key — different modes:
a. 3 DES encryptions with 3 different keys
b. Encrypt – decrypt – encrypt with three different keys |
|
|
Term
| International Data Encryption Algorithm (IDEA) |
|
Definition
block cipher — symmetric
— 128-bit key — 8 rounds of transpositions and substitutions — three
mathematical functions: XOR, Addition mod 65536, and Multiplication mod
65537 |
|
|
Term
|
Definition
variable block size — symmetric — variable key size
— data dependent rotations — variable number of rounds — primarily
software implementation |
|
|
Term
| Advanced Encryption Standard (AES) |
|
Definition
Rijndael Block Cipher — symmetric
— variable block and key length (128, 192, 256) |
|
|
Term
|
Definition
Uses one-way hash function for message integrity, time date stamp
b. Uses mathematical function that is easier to compute in one direction
than in the opposite direction
c. Trap Door One-Way Function |
|
|
Term
|
Definition
w/asymmetric crypto, sender encodes message with
receiver’s public key and receiver decodes with private key — confidentiality |
|
|
Term
|
Definition
w/asymmetric crypto, sender encodes message with
sender’s private key and receiver decodes with sender’s public key —
authentication and non-repudiation |
|
|
Term
| Secure and Signed Message |
|
Definition
w/asymmetric crypto, sender encodes
message with own private key, sender re-encodes message with receiver’s
public key and receiver decodes with own private key and decodes again with
sender’s public key — authentication, non-repudiation, and confidentiality |
|
|
Term
| RSA: (Rivest, Shamir, and Adleman) |
|
Definition
asymmetric — factoring large prime
integers — services: encryption, key distribution of symmetric keys, and digital
signatures — 512-bit and 768-bit keys are weak, but 1024-bit key is
moderately secure |
|
|
Term
| Elliptical Curve Cryptosystem (ECC) |
|
Definition
asymmetric — based on
mathematical problem of factors that are coordinate pairs that fall on an
elliptical curve — services: encryption, key distribution of symmetric keys, and
digital signatures — highest strength per bit of public key systems |
|
|
Term
|
Definition
first public key algorithm — patent expired in 1997 — key
exchange algorithm |
|
|
Term
|
Definition
asymmetric — based on difficulty in calculating discrete logarithms
in a finite field — services: encryption and digital signatures |
|
|
Term
|
Definition
asymmetric — based on subset of sum problem
in combinatorics — has been broken
Q. Time stamps can be used to prevent replay attacks
R. Elliptic curve – best bandwidth, computation, and storage — Wireless
S. Key escrow: Clipper chip with Skipjack algorithm (80 bit key, 64 bit block) — Key
split in two and held by to escrows |
|
|
Term
|
Definition
used to detect unauthorized modifications and authenticate
sender — provides non-repudiation — private key signs and public key verifies —
used to authenticate software, data images, users, machines
Steps:
1. Compute message digest
2. Digest is fed into digital signature algorithm with sender’s private key to
generate digital signature
3. Message and attached digital signature sent to recipient |
|
|
Term
| Digital Signature Algorithm (DSA) |
|
Definition
Digital Signature Standard (DSS) — uses
secure hash algorithm (SHA-1) and condenses message to 160 bits — Key size 512
to 1024 |
|
|
Term
|
Definition
1. Condenses arbitrary length messages to fixed length – usually for subsequent
signing by a digital signature algorithm
2. Output is message digest, Two files cannot have same hash, Can’t create file
from hash
3. MD5 – 128 bit digest of input message, uses blocks of 512, 4 rounds of
transformation
4. SHA-1 (by NIST) — SHA-256, SHA-384, SHA-512 supports AES — HAVAL
5. HMAC — hashed MAC more secure and more rapid message digest |
|
|
Term
| Message Authentication Code (MAC) |
|
Definition
used when sender only wants one person
to be able to view the hash value – the value is encrypted with a symmetric key —
similar to a CRC — weak form of authentication
X. Clustering: plaintext message generates identical ciphertext using the same
transformation algorithm, but with different keys (cryptovariables) |
|
|
Term
| Certificate Authority (CA) |
|
Definition
binds public key to person — Certificate revocation list
— X.509 provides format for digital certificates |
|
|
Term
| Privacy Enhanced E-mail (PEM) |
|
Definition
Proposed by IETF to comply with Public Key
Cryptography Standards (PKCS) developed by Microsoft, Novell and Sun — Uses
MD2/MD5 for message digest, DES-CBC or triple DES-EDE for text encryption and
RSA for digital signature and key distribution — certificates based on X.509
1. Privacy, message integrity, authentication and non-repudiation |
|
|
Term
| Pretty Good Privacy (PGP) |
|
Definition
1. Privacy, integrity, identification authentication, and policy enforcement
2. Symmetric encryption — 3DES, DES, IDEA
3. RSA, DSS, and Diffie-Hellman for the symmetric key exchange
4. SHA-1 and MD5 for hashing
5. Web of trust instead of CA
BB. Attacks on Symmetric Block Ciphers
1. Differential Cryptanalysis — private key cryptography — looks at ciphertext
pairs with specific differences and analyzes the effects of these differences
2. Linear Cryptanalysis — uses known plaintext and corresponding ciphertext to
generate a linear approximation of a portion of the key
3. Differential Linear Cryptanalysis — combination of both
4. Algebraic Attacks — relies on block ciphers displaying high degree of
mathematical structure |
|
|
