• security technique that converts data from clear/plaintext form into coded/ciphertext form
• 1 or 2 way encryption (hide original msg only; no encryption vs encoded msg transformed to original format)

• Confidentiality encrypt info to hide contents except to intended recipient
• Integrity insured from modification; can ID any changes
• Availability encrypting credentials (userID pw); hide pw; pw not shown in cleartext

1. Start w/plaintext
2. Select encryption key
3. Encrypt plaintext into ciphertext
4. Transport/store ciphertext until needed
5. Decrypt using key

• HW/SW used to implement cryptographic process
• cyrptanalysis study of cryptosystems; intent of breaking; determine workfactor (time to break code)
• Enigma Device used by Germans in WWII to perform encryption/decryption

• Early Spartan technique: encryption - wrap paper/leather around staff and write message; key - unwrap paper/leather; decryption - wrap paper/leather around staff of identical diameter
• Mechanical HW-based like Enigma uses cypherdisk (fast en/decryption)
• Software SW-based using computers; early on user must know process; now little knowledge of process required

• Usability simple keys/algorithms; easy to implement; plaintext not > ciphertext
• Secrecy assume enemy knows key
• using Diffusion (mixup plaintext during encryption) and Confusion (mixing up key values during encryption)

• don't have to encrypt EVERYTHING
• during processing w/algorithm (encryption)
• XML employs technique

• rearranging parts of msg/output (msg or key)
• move letters around

Key Mgt Factors (9)

CM,R,S,RD,C,T,F,E

1. control measures who has keys/how assigned
2. Recovery recover lost keys
3. Storage secure repository of key assignment records
4. retirement/destruction how removed from use/destroyed
5. change changing keys to system on periodic basis
6. generation generate random key for better protection
7. theft what to do when key stolen
8. freq. of key use limits time that keys used and how often used
9. escrow spliting key into multiple parts, storing w/"escrowed" org.

1. Steganography hides info by enclosing it into img, sound, movie
2. Watermark embed mark/image to ID source for copyright/ownership
3. Code book book/booklet that has phrases represented by codes
4. One-time path toll w/very long, non-repeating key is same length of plaintext. 1 time use, then destroyed.

• key on both sides
• also known as shared-key
• same key used for both en/decryption
• fast, but vulnerable

1. Stream symmetric encryption one bit @ a time; fewer errors; fast
2. Block encrypts one block @ time (64 or 128 bit); more secure; slower

XOR binary math operation tests whether 2 inputs are same or different from each other:

0,0 = 0

1,0 = 1

0 1 = 1

1 1 = 0

• symmetric encryption one bit @ a time
• fewer errors
• fast

• encrypts one block @ time (64 or 128 bit)
• more secure
• slower

binary math operation tests whether 2 inputs are same or different from each other:

0,0 = 0

1,0 = 1

0 1 = 1

1 1 = 0

• string used w/symmetric cipher and key to produce unique result
• same phrase encrypted different cipher/key @ different versions

1. DES
2. 2DES
3. 3DES
4. IDEA
5. AES
6. RC2/4/5/6
7. BLOWFISH
8. CAST-128

• Transportation must be done w/secure procedures
• # of Keys [n*(n-1)]/2

1. Expansion 64 bit split into (2) 32 bit blocks.  Each block expanded to 48 bits
2. Key Mixing 48 bit block XORd w/subkey.  16 48 bit subkeys created from main key (1 key per round)
3. Substitution Substitutions performed (S-boxes: 32 4-bit blocks)
4. Permutation 32 4 bit blocks rearranged based on P-box (predefined scrambling process)

• ECB Electronic Code Book 64 bit blocks encrypted sep.
• CBC Cipher Block Chaining 64 bit blocks XORed w/64 bit IV; encrypted w/1 key. outputted ciphertext used to replaces IV for next round, creating a chain
• CFB Cipher FeedBack like CBC, but each round uses different key. iie AES
• OFB Output FeedBack

• 2 way, 2 keys (private/public keys; 1 for encrypt, 1 for decrypt)
• attempts to solve problems of key distro/mgt
• key generation process of generating priv/pub keys
• slower
• more secure

• Confidentiality increased confidentiality; only recipient can decrypt
• Integrity  if msg altered in transmission, decryption not possible
• Non-repudiation (can not be disputed) ID of sender is confirmed because only sender has private key

• RSA Rivest Shamir Adleman
• Elgamal developed by Taher Elgamal
• ECC Elliptic Curve Crypto: discrete logs, shorter keys

• associates credentials w/public key
• users and devices
• CA issues certs and keys

• cyrpto system composed of certs, CA, RA, CRD (cert repository database), CMS (cert mgt system) to enable authenticity/validate of data

1. Digital certs
2. CA Cert Auth
3. RA Registration Auth
4. Cert Repository DB (SW)
5. Cert. Mgt System (SW)

1. Obtain Key Pair
2. Issue Cert
3. CA verifies PK
4. CA creates ID
5. Revoke expired certs

1. Ver
2. Serial #
3. Algorithm ID
4. Issuer
5. Validity
6. Not Before
7. Not After
8. Subject
9. Subject PK info
10. Issuer Unique ID (opt.)
11. Subject Unique ID (opt.)
12. Extensions (opt.)
13. Cert Signature Alog.
14. Cert Signature (determines validity)

• list of certs (serial #) that have been revoked, no longer valid

• 1 way encryption
• produces hash, hash value, message digest
• keyed or non-keyed
• keyed w/secret key sent w/msg; non-keyed no mech used
• hash len. fixed
• suceptible to brute force
• PW Protection is example

1. MD2/4/5 128 bit; created in 89,90,91; 8-bit, 32-bit, 32-bit; MD5 stronger, but slower than MD4
2. HAVAL modified MD5 w/variable lengths (128, 160, 192, 224, 256)
3. SHA 1/256/384/512 stronger than MD5; used w/DSA (Digital Sig. Alg); 160, 256, 384, 512-bit len.

1. MAC Msg Auth Code; shared secret key; last block of encrypted file used as comparison: encrypted, then last block & unencrypted file sent.  recipient encrypts again and compares last block to lask block sent
2. HMAC Hash MAC
3. UMAC Universal HMAC
4. CMAC, OMAC, CBC-MAC, PMAC Cipher, One-key, Cipher-Block, Parallelized MAC are all BLOCK cipher ACA

• hash encrypted w/user's private key
• msg sent digitally signed, recipient decrypts w/public key
• message hashed
• hash encrypted w/sender priv key
• Msg re-hashed
• Sender hash decrypted w/sender pub key
• 2 hashes compared

1. PGP Pretty Good Privacy; email, digital signature; PK to encrypt; encrypt msg, then key. key decrypted, then msg w/key.
2. PEM Privacy-Enhanced Mail; std for secure exchange; various crypto tech. Msg Integ; Sender Auth; confidentiality- only intended recipient
3. MIME & S/MIME Multipurpose Internet Mail Extension; define/ID type of attachments in email; S/MIME digital signs & encrypts contents w/PK; content integrity.

1. Link Encryption Layer 2 of OSI (Data) encryption; routers; devices @ both ends of transmission that en/decrypt
2. IPSec Transport (info encrypted) and Tunnel Mode (IP info and info encrypted); secures data over transmission; Layer 3 OSI (transport)
3. Upper-layer Encryption HTTPS TLS SSH SSL; upper layers of OSI

Security Association (SA):

1. Negotiate time limit for SA
2. Mode
3. ESP encryption alg, key, IV
4. ESP auth alg, key
5. AH auth alg, key
6. seq # counter

Internet Key Exchange (IKE): not PKI

• WEP 1st encryption; single key; RC4; 40bit key;24bit IV; easy to break cause IV was always 24bit
• WPA RC4; 128bit key w/48bit IV; TKIP alg
• WPA2 AES

1. Bday Attack probability
2. Dictionary using predetermined list
3. Replay While in transmission, pw captured and replayed
4. Side Channel tries to exploits encryption technique
5. Factoring Prime #

1. Ciphertext-only attacker has ciphertext; intent to find encryption key; once has key, can decrypt other message
2. Known plaintext common msg format, using copies of cipher/plaintext & limited info to find correct key
3. Chosen plaintext key manupulated, decodes and finds key w/only part of plaintext
4. Chosen ciphertext key manupulated, decodes and finds key w/only part of ciphertext