2 CBKdocument. Ths gude does not repace n any way the outstandng vaue of the CISSP Semnar and the fact that you must have been nvoved nto the securty ed for at east a few years f you ntend to take the CISSP exam. Ths booket smpy ntends to make your fe easer and to provde you wth a centrazed resource for ths partcuar doman of expertse. Ths gude was created by Cement Dupus on 5th Apr 1999
WARNING: As wth any securty reated topc, ths s a vng document that w and must evove as other peope read t and technoogy evoves. Pease fee free to send me comments or nput to be added to ths document. Any comments, typo correcton, etc. are most wecome and can be sendng drecty to: cdupuis@uniconseil.com
DISTRIBUTION AGREEMENT: Ths document may be freey read, stored, reproduced, dssemnated, transated or quoted by any means and on any medum provded the foowng condtons are met: Every reader or user of ths document acknowedges that he hs aware that no guarantee s gven regardng ts contents, on any account, and speccay concernng veracty, accuracy and tness for any purpose. Do not bame me f some of the exam questons are not covered or the correct answer s dherent from the content of ths document. Remember: ook for the most correct answer, ths document s based on the semnar content, standards, books, and where and when possbe the source of nformaton w be mentoned. No modcaton s made other than cosmetc, change of representaton format, transaton, correcton of obvous syntactc errors. Comments and other addtons may be nserted, provded they ceary appear as such. Comments and addtons must be dated and ther author(s) dentabe. Pease forward your comments for nserton nto the orgna document. Redstrbutng ths document to a thrd party requres smutaneous redstrbuton of ths cense, wthout modcaton, and n partcuar wthout any further condton or restrcton, expressed or mped, reated or not to ths redstrbuton. In partcuar, n case of ncuson n a database or coecton, the owner or the manager of the database or the coecton renounces any rght reated to ths ncuson and concernng the possbe uses of the document after extracton from the database or the coecton, whether aone or n reaton wth other documents.
Cryptography
Description: The Cryptography doman addresses the prncpes, means, and methods of securng nformaton to ensure ts ntegrty, condentaty, and authentcty.
Expected Knowledge: The professona shoud fuy understand : Basic concepts within cryptography. Public and private key algorithms in terms of their applications and uses. Cryptography algorithm construction, key distribution, key management, and methods of attack Applications, constructions, and use of digital signatures Principles of authenticity of electronic transactions and non-repudiation
The CISSP can meet the expectations defned above by nderstanding sch !perations Secrity "ey areas o# "nowledge as: Authentication Certificate authority Digital ignatures!"on-#epudiation $ncryption $rror Detecting!Correcting features %ash &unctions 'erberos 'ey $scrow (essages Digest (D) %A %(AC *ne-+ime cipher keys Private 'ey Algorithms Applications and ,ses Algorithm (ethodology 'ey Distribution and (anagement 'ey -eneration!Distribution 'ey #ecovery 'ey torage and Destruction 'ey trenth o Comple.ity o ecrecy o /eak keys (ethod of attack Public key Algorithms Application and uses Algorithm (ethodology 'ey Distribution and (anagement 'ey Distribution and (anagement 'ey torage and Destruction 'ey #ecovery 'ey trength Comple.ity ecrecy /eak 'eys (ethos of attack tream Cipher
Examples o# Knowledgeability Describe the ancient history o# Cryptography CISSP Seminar : &irst appearance 0 $gypt 1 2333 years ago cytale 0parta 0 233 BC Paper wrapped on rod +e.t written on paper Paper removed 0 cipher te.t Ceasar Cipher 0 4ulius Caesar 0 #ome 0 25 BC 6 th Century AD 0 Arabs Cipher Alphabets in magic 0 7)) AD 8eon Batista Alberti9s cipher disk 0 :taly 0 ;2)5 AD +homas 4efferson ciphering device- ;653- tack of <= disks $ach disk contained alphabet around face of edge in different order Positioning bar attached to align letters in row Created message by moving each disk to proper letter Bar rotated fi.ed amount >the key? 8etters around new position >cipher te.t? #*+ ;@ 0 (any ,":A system hifts letters ;@ places "ot secured from freBuency analysis $ncrypted twice-plain te.t From Cryptography FAQ : The story begns: When |uus Caesar sent messages to hs trusted acquantances, he ddn't trust the messengers. So he repaced every A by a D, every B by a E, and so on through the aphabet. Ony someone who knew the ``shft by 3'' rue coud decpher hs messages. From CMEs Cryptography Timeline : (if you are really interested in no!ing it all" or else #ump o$er% Date C or $ Sorce In#o about 1900 BC cv Kahn p.71 An Egyptan scrbe used non-standard herogyphs n an nscrpton. Kahn sts ths as the rst documented exampe of wrtten cryptography. 1500 BC Cv Kahn p.75 A Mesopotaman tabet contans an encphered formua for the makng of gazes for pottery. 500-600 BC Cv Kahn p.77 Hebrew scrbes wrtng down the book of |eremah used a reversed-aphabet smpe substtuton cpher known as ATBASH. (|eremah started dctatng to Baruch n 605 BC but the chapters contanng these bts of cpher are attrbuted to a source abeed ``C'' (beeved not to be Baruch) whch coud be an edtor wrtng after the Babyonan exe n 587 BC, someone contemporaneous wth Baruch or even |eremah hmsef.) ATBASH was one of a few Hebrew cphers of the tme. 487 BC Govt Kahn p.82 The Greeks used a devce caed the ``skytae'' -- a stah around whch a ong, thn strp of eather was wrapped and wrtten on. The eather was taken oh and worn as a bet. Presumaby, the recpent woud have a matchng stah and the encryptng stah woud be eft home. %&ote: an article in Cryptologia late in '(() ma"es the case that the cryptographic se o# the s"ytale may be a myth*+ 50-60 BC Govt Kahn p.83 ,lis Caesar (100-44 BC) used a smpe substtuton wth the norma aphabet (|ust shftng the etters a xed amount) n government communcatons. Ths cpher was ess strong than ATBASH, by a sma amount, but n a day when few peope read n the rst pace, t was good enough. He aso used tansteraton of Latn nto Greek etters and a number of other smpe cphers. 0-400? Cv Burton The Kama Sutra of Vatsayana sts cryptography as the 44th and 45th of 64 arts (yogas) men and women shoud know and practce. The date of ths work s uncear but s beeved to be between the rst and fourth centures, AD. |Another expert, |ohn W. Speman, w commt ony to the range between the 4th century BC and the 5th century AD.| Vatsayana says that hs Kama Sutra s a compaton of much earer works, makng the datng of the cryptography references even more uncertan. Part I, Chapter III sts the 64 arts and opens wth: ``Man shoud study the Kama Sutra and the arts and scences subordnate thereto |....| Even young mads shoud study ths Kama Sutra, aong wth ts arts and scences, before marrage, and after t they shoud contnue to do so wth the consent of ther husbands.'' These arts are ceary not the provnce of a government or even of academcs, but rather are practces of aymen. In ths st of arts, the 44th and 45th read: +he art of understanding writing in cipher, and the writing of words in a peculiar way. +he art of speaking by changing the forms of words. :t is of various kinds. ome speak by changing the beginning and end of words, others by adding unnecessary letters between every syllable of a word, and so on. 200's Cv Kahn p.91 ``The so-caed Leden papyrus |...| empoys cpher to concea the cruca portons of mportant |magc| recpes''. 725-790? Govt/(cv) Kahn p.97 -b .-bd al/0ahman al/Khalil ibn -hmad ibn .-mr ibn Tammam al 1arahidi al/2adi al 3ahmadi wrote a (now ost) book on cryptography, nspred by hs souton of a cryptogram n Greek for the Byzantne emperor. Hs souton was based on known (correcty guessed) pantext at the message start -- a standard cryptanaytc method, used even n WW-II aganst Engma messages. 855 Cv Kahn p.93 -b 4a"r -hmad ben .-li ben 5ahshiyya an/&abati pubshed severa cpher aphabets whch were tradtonay used for magc. --- Govt Kahn p.94 ``A few documents wth cphertext survve from the Ghaznavd government of conquered Persa, and one chroncer reports that hgh omcas were supped wth a persona cpher before settng out for new posts. But the genera ack of contnuty of Isamc states and the consequent faure to deveop a permanent cv servce and to set up permanent embasses n other countres mtated aganst cryptography's more wdespread use.'' 1226 Govt Kahn p.106 ``As eary as 1226, a fant potca cryptography appeared n the archves of Vence, where dots or crosses repaced the vowes n a few scattered words.'' about 1250 Cv Kahn p.90 0oger 4acon not ony descrbed severa cphers but wrote: ``A man s crazy who wrtes a secret n any other way than one whch w concea t from the vugar.'' 1379 Govt/cv Kahn p.107 $abrieli di 6avinde at the request of Cement VII, comped a combnaton substtuton aphabet and sma code -- the rst exampe of the nomen&lator Kahn has found. Ths cass of code/cpher was to reman n genera use among dpomats and some cvans for the next 450 years, n spte of the fact that there were stronger cphers beng nvented n the meantme, possby because of ts reatve convenence. 1300's Govt Kahn p.94 .-bd al/0ahman Ibn Khaldn wrote "The Muqaddmah", a substanta survey of hstory whch ctes the use of ``names of perfumes, fruts, brds, or owers to ndcate the etters, or |...| of forms dherent from the accepted forms of the etters'' as a cpher among tax and army bureaus. He aso ncudes a reference to cryptanayss, notng ``We- known wrtngs on the sub|ect are n the possesson of the peope.'' 'p()*+ 1392 Cv Prce p.182-7 "The Equatore of the Panets", possby wrtten by $eo7rey Chacer, contans passages n cpher. The cpher s a smpe substtuton wth a cpher aphabet consstng of etters, dgts and symbos. 1412 Cv Kahn p.95-6 Shihab al/Din ab .l/.-bbas -hmad ben .-li ben -hmad .-bd -llah al/ 8al9ashandi wrote "Subh a-a `sha", a 14- voume Arabc encycopeda whch ncuded a secton on cryptoogy. Ths nformaton was attrbuted to Ta: ad/Din .-li ibn ad/ Draihim ben ;hammad ath/Tha.alibi al/;asili who ved from 1312 to 1361 but whose wrtngs on cryptoogy have been ost. The st of cphers n ths work ncuded both substtuton and transposton and, for the rst tme, a cpher wth mutpe substtutons for each pantext etter. Aso traced to Ibn a- Durahm s an exposton on and worked exampe of cryptanayss, ncudng the use of tabes of etter frequences and sets of etters whch can not occur together n one word. 1466-7 Cv Kahn p.127 6eon 4attista -lberti (a frend of 6eonardo Dato, a potca secretary who mght have nstructed Abert n the state of the art n cryptoogy) nvented and pubshed the rst poyaphabetc cpher, desgnng a cpher dsk (known to us as the Captan Mdnght Decoder Badge) to smpfy the process. Ths cass of cpher was apparenty not broken unt the 1800's. Abert aso wrote extensvey on the state of the art n cphers, besdes hs own nventon. Abert aso used hs dsk for encphered code. These systems were much stronger than the nomencator n use by the dpomats of the day and for centures to come. 1473-1490 Cv Kahn p.91 ``A manuscrpt |...| by -rnalds de 4rxella uses ve nes of cpher to concea the cruca part of the operaton of makng a phosopher's stone.'' 1518 Cv Kahn p.130-6 ,ohannes Trithemis wrote the rst prnted book on cryptoogy. He nvented a steganographc cpher n whch each etter was represented as a word taken from a successon of coumns. The resutng seres of words woud be a egtmate prayer. He aso descrbed poyaphabetc cphers n the now- standard form of rectanguar substtuton tabes. He ntroduced the noton of changng aphabets wth each etter. 1553 Cv Kahn p.137 $iovan 4atista 4elaso ntroduced the noton of usng a passphrase as the key for a repeated poyaphabetc cpher. (Ths s the standard poyaphabetc cpher operaton ms- named ``Vgenre'' by most wrters to ths day.) 1563 Cv Kahn p.138 $iovanni 4attista Porta wrote a text on cphers, ntroducng the dgraphc cpher. He cassed cphers as transposton, substtuton and symbo substtuton (use of a strange aphabet). He suggested use of synonyms and msspengs to confuse the cryptanayst. He apparenty ntroduced the noton of a mxed aphabet n a poyaphabetc tabeau. 1564 Cv Kahn p.144(footnote) Beaso pubshed an autokey cpher mprovng on the work of Cardano who appears to have nvented the dea. 1623 Cv Bacon Sir 1rancis 4acon descrbed a cpher whch now bears hs name -- a btera cpher, known today as a 5-bt bnary encodng. He advanced t as a steganographc devce -- by usng varaton n type face to carry each bt of the encodng. |See Bacon's wrtngs on- ne.| 1585 Cv Kahn p.146 4laise de <igen=re wrote a book on cphers, ncudng the rst authentc pantext and cphertext autokey systems (n whch prevous pantext or cphertext etters are used for the current etter's key). |Kahn p.147: both of these were forgotten and re-nvented ate n the 19th century.| |The autokey dea survves today n the DES CBC and CFB modes.| 1790's cv/govt Kahn p.192, Cryptooga v.5 No.4 pp.193-208 Thomas ,e7erson, possby aded by Dr* 0obert Patterson (a mathematcan at U. Penn.), nvented hs whee cpher. Ths was re- nvented n severa forms ater and used n WW-II by the US Navy as the Strp Cpher, M- 138-A. 1817 Govt Kahn p.195 Colonel Decis 5adsworth produced a geared cpher dsk wth a dherent number of etters n the pan and cpher aphabets -- resutng n a progressve cpher n whch aphabets are used rreguary, dependng on the pantext used. 1854 Cv Kahn p.198 Charles 5heatstone nvented what has become known as the Payfar cpher, havng been pubczed by hs frend 6yon Play#air. Ths cpher uses a keyed array of etters to make a dgraphc cpher whch s easy to use n the ed. He aso re-nvented the Wadsworth devce and s known for that one. 1857 Cv Kahn p.202 -dmiral Sir 1rancis 4ea#ort>s cpher (a varant of what's caed ``Vgenre'') was pubshed by hs brother, after the admra's death n the form of a 4x5 nch card. 1859 Cv Kahn p.203 Pliny Earle Chase pubshed the rst descrpton of a fractonatng (tomographc) cpher. 1854 Cv Cryptooga v.5 No.4 pp.193-208 Charles 4abbage seems to have re-nvented the whee cpher. 1861-1980 Cv Deavours CCA study of ,nited tates patents from the issuance of the first cryptographic patent in ;7=; through ;573 identified ;,6=5 patents which are primarily related to cryptography.DD [p.1] 1861 cv/(govt) Kahn p.207 1riedrich 5* Kasis"i pubshed a book gvng the rst genera souton of a poyaphabetc cpher wth repeatng passphrase, thus markng the end of severa hundred years of strength for the poyaphabetc cpher. 1861-5 Govt Kahn p.215 Durng the Cv War, possby among other cphers, the Unon used substtuton of seect words foowed by word coumnar- transposton whe the Confederacy used Vgenre (the souton of whch had |ust been pubshed by Kassk). 1891 Govt/(cv) Cryptooga v.5 No.4 pp.193-208 ;a:or Etienne 4a?eries dd hs verson of the whee cpher and pubshed the desgn n 1901 after the French Army re|ected t. |Even though he was a mtary cryptoogst, the fact that he pubshed t eads me to rate ths as (cv) as we as govt.| 1913 Govt Cryptooga v.5 No.4 pp.193-208 Captain Par"et @itt renvented the whee cpher, n strp form, eadng to the M-138-A of WW-II. 1916 Govt Cryptooga v.5 No.4 pp.193-208 ;a:or ,oseph !* ;aborgne put Htt's strp cpher back n whee form, strengthened the aphabet constructon and produced what ed to the M-94 cpher devce. 1917 Cv Kahn p.371 5illiam 1rederic" 1riedman, ater to be honored as the father of US cryptanayss (and the man who coned that term), was empoyed as a cvan cryptanayst (aong wth hs wfe Ezebeth) at 0iverban" 6aboratories and performed cryptanayss for the US Government, whch had no cryptanaytc expertse of ts own. WFF went on to start a schoo for mtary cryptanaysts at Rverbank -- ater takng that work to Washngton and eavng Rverbank. 1917 Cv Kahn p.401 $ilbert S* <ernam, workng for AT&T, nvented a practca poyaphabetc cpher machne capabe of usng a key whch s totay random and never repeats -- a one- tme-tape. Ths s the ony provaby secure cpher, as far as we know. Ths machne was ohered to the Government for use n WW-I but t was re|ected. It was put on the commerca market n 1920. 1918 Govt Kahn p.340-5 The ADFGVX system was put nto servce by the Germans near the end of WW-I. Ths was a cpher whch performed a substtuton (through a keyed array), fractonaton and then transposton of the etter fractons. It was broken by the French cryptanayst, 6ietenant $eorges Painvin. 1919 Cv Kahn p.420 @go -lexander Koch ed a patent n the Netherands on a rotor based cpher machne. He assgned these patent rghts n 1927 to Arthur Scherbus who nvented and had been marketng the Engma machne snce about 1923. 1919 Cv Kahn p.422 -rvid $erhard Damm apped for a patent n Sweden for a mechanca rotor cpher machne. Ths machne grew nto a famy of cpher machnes under the drecton of 4oris Caesar 5ilhelm @agelin who took over the busness and was the ony one of the commerca cryptographers of ths perod to make a thrvng busness. After the war, a Swedsh aw whch enabed the government to approprate nventons t fet mportant to defense caused Hagen to move the company to Zug Swtzerand where t was ncorporated as Crypto AG. The company s st n operaton, athough facng controversy for havng aegedy weakened a cpher product for sae to Iran. 1921 Cv Kahn p.415 Edward @gh @ebern ncorporated ``Hebern Eectrc Code'', a company makng eectro-mechanca cpher machnes based on rotors whch turn, odometer stye, wth each character encphered. 1923 Cv Kahn p.421 -rthr Scherbis ncorporated ``Chhrermaschnen Aktengeseschaft'' to make and se hs Engma machne. 1924 Cv Deavours p.151 -lexander von Kryha produced hs ``codng machne'' whch was used, even by the German Dpomatc Corps, nto the 1950s. However, t was cryptographcay weak - havng a sma perod. A test cryptogram of 1135 characters was soved by the US cryptanaysts 1riedmanA Kllbac"A 0owlett and Sin"ov n 2 hours and 41 mnutes. Nevertheess, the machne contnued to be sod and used -- a trumph of saesmanshp and a esson to consumers of cryptographc devces. 1927-33 Cv Kahn p.802h Users of cryptography weren't mted to egtmate bankers, overs, expermenters, etc. There were aso a handfu of crmnas. ``The greatest era of nternatona smuggng -- Prohbton -- created the greatest era of crmna cryptoogy.'' 'p(,-*+ To ths day, the FBI runs a cryptanaytc omce to dea wth crmna cryptography. |As of Kahn's wrtng n 1967, that omce was ocated at 215 Pennsyvana Avenue SE, Washngton DC.| CCA retired lieutenant commander of the #oyal "avy devised the systems for Consolidated $.portersD Pacific operation, though its -ulf and Atlantic groups made up their own as needed. CC%is name was unknown but his cryptologic e.pertise was apparent. +he smugglersD systems grew increasingly more complicated. Eome of these are of a comple.ity never even attempted by any government for its most secret communications,E wrote Mrs. [Elizebeth Smith] Friedman in a report in mid- ;5@3. EAt no time during the /orld /ar, when secret methods of communication reached their highest development, were there used such involved ramifications as are to be found in some of the correspondence of /est Coast rum running vessels.E DD [p.804] 1929 Cv Kahn p.404 6ester S* @ill pubshed ``Cryptography n an Agebrac Aphabet'' n whch a bock of pantext s encphered by a matrx operaton. 1933-45 Govt Kahn p.422 (and many others) The Engma machne was not a commerca success but t was taken over and mproved upon to become the cryptographc workhorse of Naz Germany. |It was broken by the Posh mathematcan, ;arian 0e:ews"i, based ony on captured cphertext and one st of three months worth of day keys obtaned through a spy. Contnued breaks were based on deveopments durng the war by -lan TringA $ordon 5elchman and others at Betchey Park n Engand.| 1937 Govt Kahn p.18h. The |apanese Purpe machne was nvented n response to reveatons by @erbert !* 3ardley and broken by a team headed by 5illiam 1rederic" 1riedman. The Purpe machne used teephone steppng reays nstead of rotors and thus had a totay dherent permutaton at each step rather than the reated permutatons of one rotor n dherent postons. 1930's Govt Kahn p.510h., Deavours p.10,89-91 Kahn attrbutes the Amercan SIGABA (M-134- C) to 5illiam 1* 1riedman whe Deavours attrbutes t to an dea of 1ran" 0owlett, one of Fredman's rst hres. It mproved on the rotor nventons of Hebern and Scherbus by usng pseudo-random steppng of mutpe rotors on each encpherng step rather than have unform, odometer-ke steppng of rotors as n Engma. It aso used 15 rotors (10 for character transformaton, 5 probaby for controng steppng) rather than the Engma's 3 or 4. 1930's Govt Deavours p.144 The Brtsh TYPEX machne was an ohshoot of the commerca Engma purchased by the Brtsh for study n the 1920's. It was a 5-rotor machne wth the two nta rotors beng stators, servng the purpose of the German Engma's pugboard. 1970 Cv Feste Dr* @orst 1eistel ed a research pro|ect at the IBM Watson Research Lab n the 1960's whch deveoped the Lucfer cpher. Ths ater nspred the US DES (beow) and other product cphers, creatng a famy abeed ``Feste cphers''. 1976 cv/govt FIPS PUB-46 A desgn by IBM, based on the Lucfer cpher and wth changes (ncudng both S-box mprovements and reducton of key sze) by the US NSA, was chosen to be the U.S. Data Encrypton Standard. It has snce found wordwde acceptance, argey because t has shown tsef strong aganst 20 years of attacks. Even some who beeve t s past ts usefu fe use t as a component -- e.g., of 3- key trpe-DES. 1976 Cv Dme 5hitfeld DiBe and ;artin @ellman pubshed ``New Drectons n Cryptography'', ntroducng the dea of pubc key cryptography. They aso put forth the dea of authentcaton by powers of a one way functon, now used n the S/Key chaenge/response utty. They cosed ther paper wth an observaton for whch ths tmene web page gves detaed evdence: ``Sk n producton cryptanayss has aways been heavy on the sde of the professonas, but nnovaton, partcuary n the desgn of new types of cryptographc systems, has come prmary from amateurs.'' Apr 1977 Cv Shamr Inspred by the Dme-Heman paper and actng as compete novces n cryptography, 0onald 6* 0ivestA -di Shamir and 6eonard ;* -dleman had been dscussng how to make a practca pubc key system. One nght n Apr, Ron Rvest was ad up wth a massve headache and the RSA agorthm came to hm. He wrote t up for Shamr and Ademan and sent t to them the next mornng. It was a practca pubc-key cpher for both condentaty and dgta sgnatures, based on the dmcuty of factorng arge numbers. They submtted ths to Martn Gardner on Apr 4 for pubcaton n Scentc Amercan. It appeared n the September, 1977 ssue. The Scentc Amercan artce ncuded an oher to send the fu technca report to anyone submttng a sef-addressed, stamped enveope. There were thousands of such requests, from a over the word. Someone at NSA ob|ected to the dstrbuton of ths report to foregn natonas and for a whe, RS&A suspended mangs -- but when NSA faed to respond to nqures askng for the ega bass of ther request, RS&A resumed mangs. Ad Shamr beeves ths s the orgn of the current pocy |as of August 1995| that technca reports or papers can be freey dstrbuted. |Note: two nternatona |ournas, ``Cryptooga'' and ``The |ourna of Cryptoogy'' were founded shorty after ths attempt by NSA to restran pubcaton.| Contrary to rumor, RS&A apparenty had no knowedge of ITAR or patent secrecy orders. They dd not pubsh before appyng for nternatona patents because they wanted to avod such restrants on free expresson but rather because they were not thnkng about patents for the agorthm. They |ust wanted to get the dea out. 1978 Cv RSA The 0S- agorthm was pubshed n the Communcatons of the ACM. 1984-5? Cv ROT13 The rot13 cpher was ntroduced nto USENET News software to permt the encrypton of postngs n order to prevent nnocent eyes from beng assauted by ob|ectonabe text. Ths s the rst exampe I know of n whch a cpher wth a key everyone knows actuay was ehectve. 1990 Cv IACR90 Ce:ia 6ai and ,ames ;assey n Swtzerand pubshed ``A Proposa for a New Bock Encrypton Standard'', a proposed Internatona Data Encrypton Agorthm (IDEA) -- to repace DES. IDEA uses a 128-bt key and empoys operatons whch are convenent for genera purpose computers, therefore makng software mpementatons more emcent. 1990 Cv IACR90 Charles @* 4ennettA $illes 4rassard et a. pubshed ther expermenta resuts on Ouantum Cryptography, whch uses snge photons to communcate a stream of key bts for some ater Vernam encpherment of a message (or other uses). Assumng the aws of quantum mechancs hod, Ouantum Cryptography provdes not ony secrecy but a postve ndcaton of eavesdroppng and a measurement of the maxmum number of bts an eavesdropper mght have captured. On the downsde, OC currenty requres a ber-optc cabe between the two partes. 1991 Cv Garnke Phil 2immermann reeased hs rst verson of PGP (Pretty Good Prvacy) n response to the threat by the FBI to demand access to the ceartext of the communcatons of ctzens. PGP ohered hgh securty to the genera ctzen and as such coud have been seen as a compettor to commerca products ke Masafe from RSADSI. However, PGP s especay notabe because t was reeased as freeware and has become a wordwde standard as a resut whe ts compettors of the tme reman ehectvey unknown. 1994 Cv Rvest Pro#essor 0on 0ivest, author of the earer RC2 and RC4 agorthms ncuded n RSADSI's BSAFE cryptographc brary, pubshed a proposed agorthm, RC5, on the Internet. Ths agorthm uses data-dependent rotaton as ts non-near operaton and s parameterzed so that the user can vary the bock sze, number of rounds and key ength. It s st too new to have been anayzed enough to enabe one to know what parameters to use for a desred strength -- athough an anayss by RSA Labs, reported at CRYPTO'95, suggests that w=32, r=12 gves strength superor to DES. It shoud be remembered, however, that ths s |ust a rst anayss. Sorces sed #or above table : Bacon: ir &rancis Bacon, CCDe Augmentis cientarumDD, Book =, Chapter i. Fas Buoted in C. topes, CCBacon-hakspere GuestionDD, ;775H Burton: ir #ichard &. Burton trans., CC+he 'ama utra of IatsayanaDD, Arkana!Penguin, ;55;. Deavours: Cipher A. Deavours and 8ouis 'ruh, CC(achine Cryptography and (odern CryptanalysisDD, Artech %ouse, ;57). Diffie: /hitfield Diffie and (artin %ellman, CC"ew Directions in CryptographyDD, :$$$ +ransactions on :nformation +heory, "ov ;56=. Feistel: %orst &eistel, CCCryptographic Coding for Data-Bank PrivacyDD, :B( #esearch #eport #C<7<6. Garfinkel: imson -arfinkel, CCP-PJ Pretty -ood PrivacyDD, *D#eilly K Associates, :nc., ;55). !"#$%: Proceedings, $,#*C#LP+ D53M pringer Ierlag. &ahn: David 'ahn, CC+he CodebreakersDD, (acmillan, ;5=6. 'rice: Derek 4. Price, CC+he $Buatorie of the PlanetisDD, edited from Peterhouse ( 6).:, Cambridge ,niversity Press, ;5)). #ivest: #onald 8. #ivest, CC+he #C) $ncryption AlgorithmDD, document made available by &+P and /orld /ide /eb, ;552. #()*+: teve Bellovin and (arcus #anum, individual personal communications, 4uly ;55). #S!: #ivest, hamir and Adleman, CCA method for obtaining digital signatures and public key cryptosystemsDD, Communications of the AC(, &eb. ;567, pp. ;<3-;<=. Shamir: Adi hamir, CC(yths and #ealitiesDD, invited talk at C#LP+* D5), anta Barbara, CAM August ;55). Describe the @istory o# Cryptography in the Dnited State CISSP Seminar : %erbert Lardley %eaded first crypto unit 0 ;5;6 o Black chamber &ather of crypto in america $stablished foreign crypto units o China 0 ;5@7 o Canada 0 ;52; /illiam &riedman Dean of modern American Crypto &irst Chief of ignal :ntelligence ervice 0 ;5<5 #eplaced Lardley9s cipher bureau &ormed CB' Applied mathematics and statistical analysis 8aurance afford Developed naval communications intelligence organiNation Became Armed &orces ecurity Agency >A&A 0 ;525? o "A ;5)< Developed ,nderwood Code machine /ith ,nderwood typewriter company 2= 4apanese-$nglish keys o Copy traffic more efficiently 4oseph /enger Pioneered development of cryptanalysis machines Deputy director A&A 0 ;525 Iice director "A 0 ;5)< &rank #owlett Cryptanalysis work on machine systems /heatstone device -erman 'ryha machine +he Damm machine Iernam9s A+K+ machine +he %ebern machine igaba o (ost secure through //:: Cracked 4apanese Purple machine 0 ;523 Ierona ;52@ ProOect to analyNe and translate encrypted oviet message traffic >;7)3 translations? Public releases >;5))-5=? oviet espionage against ,.. A-bomb research '-B, "L and /ash DC J ;522-2) messages '-B, an &rancisco and (e.ico city J ;52<-2= messages -#,, "L and /ashington J ;52= messages '-B and -#,, non ,.., non-me.ico >e.g., (ontevideo? J ;523-2= messages
Defne Plaintext and Ciphertext CISSP Seminar : Pantext : Data n unscrambed form Cphertext : Scrambe data Cryptography FAQ : The original message is &alled a plainte.t( The dsgused message s caed a cphertext.
Compare and contrast the terms Encipher and Decipher CISSP Seminar : Encpher : act of scrambng the data Decpher : act of descrambng data wth secret key /SA Crypto FAQ : Encrypton (Encpher) s the transformaton of data nto a form that s as cose to mpossbe as possbe to read wth out the approprate knowedge (a key). Its purpose s to ensure prvacy by keepng nformaton hdden from anyone for whom t s not ntended, even those who have access to the encrypted data. Decrypton (Decpher) s the reverse of encrypton; t s the transformaton of encrypted data back nto an ntegbe form. Encrypton and decrypton generay requre the use of some secret nformaton, referred to as a key. For some encrypton mechansms, the same key s used for both encrypton and decrypton; for other mechansms, the keys used for encrypton and decrypton are dherent
Defne Cryptanalysis CISSP Seminar : Cryptanayss : Descrambng wthout secret key /SA Crypto FAQ : Cryptanayss s the p-sde of cryptography: t s the scence of crackng codes, decodng secrets, voatng authentcaton schemes, and n genera, breakng cryptographc protocos. In order to desgn a robust encrypton agorthm or cryptographc protoco, one shoud use cryptanayss to nd and correct any weaknesses. Ths s precsey the reason why the best (most trusted) encrypton agorthms are ones that have been made avaabe to pubc scrutny. For exampe, DES has been exposed to pubc scrutny for years, and s therefore we-trusted, whe Skp|ack s secret and ess we-trusted. It s a basc tenet of cryptoogy that the securty of an agorthm shoud not rey on ts secrecy. Inevtaby, the agorthm w be dscovered and ts weaknesses (f any) w be expoted. The varous technques n cryptanayss attemptng to compromse cryptosystems are referred to as attacks. Some attacks are genera, whereas others appy ony to certan types of cryptosystems. Defne EKeyE as it re#er to Cryptography CISSP Seminar: Key: Secret sequence governng en/decpherng /SA Crypto FAQ: A cryptosystem s usuay a whoe coecton of agorthms. The agorthms are abeed; the abes are caed keys. For nstance, Caesar probaby used ``shft by n'' encrypton for severa dherent vaues of n. It's natura to say that n s the "ey here.
Defne the Strength o# "ey as it pertains to "ey length CISSP Seminar: Consderng that encrypton s based on factorng factor, a onger key w provde better protecton than a shorter key. However one must ensure that the agorthm beng used s a strong cryptosystem. Consider the follo!ing from the Cryptography FAQ: Every we-desgned cryptosystem has such a arge key space that ths brute-force search s mpractca. Advances n technoogy sometmes change what s consdered practca. For exampe, DES, whch has been n use for over 10 years now, has 256, or about 1017, possbe keys. A computaton wth ths many operatons was certany unkey for most users n the md-70's. The stuaton s very dherent today gven the dramatc decrease n cost per processor operaton. Massvey parae machnes threaten the securty of DES aganst brute force search. /SA Crypto FAQ: The securty of a strong system resdes wth the secrecy of the key rather than wth the supposed secrecy of the agorthm. A strong cryptosystem has a arge keyspace. It has a reasonaby arge uncty dstance. The uncty dstance s an approxmaton to that amount of cphertext such that the sum of the rea nformaton (entropy) n the correspondng source text and encrypton key equas the number of cphertext bts used. Cphertexts sgncanty onger than ths can be shown probaby to have a unque decpherment. Ths s used to back up a cam of the vadty of a cphertext-ony cryptanayss. Cphertexts sgncanty shorter than ths are key to have mutpe, equay vad decryptons and therefore to gan securty from the opponent's dmcuty choosng the correct one.
Defne Ciphertext !nly -ttac" FC!-G CISSP Seminar: Ony statstca knowedge of pantext avaabe. /SA Crypto FAQ: A cphertext-ony attack s one n whch the cryptanayst obtans a sampe of cphertext, wthout the pantext assocated wth t. Ths data s reatvey easy to obtan n many scenaros, but a successfu cphertext-ony attack s generay dmcut, and requres a very arge cphertext sampe.
Defne "nown Plaintext -ttact FKP-G CISSP Seminar: Some past pan text and matchng cphertext known /SA Crypto FAQ: A known-pantext attack s one n whch the cryptanayst obtans a sampe of cphertext and the correspondng pantext as we.
Defne Chosen Text -ttac" FCT-G CISSP Seminar: Crypto devce oaded wth hdden key provded and nput of pantext or cphertext aowed to see the other. /SA Crypto FAQ: A chosen-pantext attack s one n whch the cryptanayst s abe to choose a quantty of pantext and then obtan the correspondng encrypted cphertext.
Describe Stream Ciphers CISSP Seminar: Operate on contnuous streams of pan text (as 1s and 0s) Usuay mpemented n hardware /SA Crypto FAQ: A stream cpher s a type of symmetrc encrypton agorthm. Stream cphers can be desgned to be exceptonay fast, much faster than any bock cpher. Whe bock cphers operate on arge bocks of data, stream cphers typcay operate on smaer unts of pantext, usuay bts. The encrypton of any partcuar pantext wth a bock cpher w resut n the same cphertext when the same key s used. Wth a stream cpher, the transformaton of these smaer pantext unts w vary, dependng on when they are encountered durng the encrypton process. A stream cpher generates what s caed a keystream (a sequence of bts used as a key). Encrypton s accompshed by combnng the keystream wth the pantext, usuay wth the btwse excusve-OR operaton. The generaton of the keystream can be ndependent of the pantext and cphertext (yedng what s termed a synchronous stream cpher) or t can depend on the data and ts encrypton (n whch case the stream cpher s sad to be sef-synchronzng). Most stream cpher desgns are for synchronous stream cphers.
Defne 4loc" Ciphers CISSP Seminar: Operate on xed sze bocks of pan text More sutabe mpemented n software to execute on genera-purpose computer There s some overap when bock operated as stream. /SA Crypto FAQ: A bock cpher s a type of symmetrc-key encrypton agorthm that transforms a xed-ength bock of pantext (unencrypted text) data nto a bock of cphertext (encrypted text) data of the same ength. Ths transformaton takes pace under the acton of a user-provded secret key. Decrypton s performed by appyng the reverse transformaton to the cphertext bock usng the same secret key. The xed ength s caed the bock sze, and for many bock cphers, the bock sze s 64 bts. In the comng years the bock sze w ncrease to 128 bts as processors become more sophstcated.
Describe 1eatres o# Stream Cipher -lgorithm CISSP Seminar: Long perods of tme wth no repeatng Functonay compex Statstcay unpredctabe Statstcay unbased keystream As many 0s and 1s Keystream not neary reated to key
Identi#y the -pplications o# Cryptography CISSP Seminar: Data torage Prevent disclosure Password files Backup tapes Bulk +elecommunications Prevent disclosure Data transmission +, (essage authentication Detect fraudulent insertion Detect fraudulent deletion Detect fraudulent modification Detect replay Digital ignature ource Ierification "on-#epudiation /SA Crypto FAQ : A typca appcaton of cryptography s a system but out of the basc technques. Such systems can be of varous eves of compexty. Some of the more smpe appcatons are secure communcaton, dentcaton, authentcaton, and secret sharng. More compcated appcatons ncude systems for eectronc commerce, certcaton, secure eectronc ma, key recovery, and secure computer access. In genera, the ess compex the appcaton, the more qucky t becomes a reaty. Identcaton and authentcaton schemes exst wdey, whe eectronc commerce systems are |ust begnnng to be estabshed. Secure Communcaton Secure communcaton s the most straghtforward use of cryptography. Two peope may communcate securey by encryptng the messages sent between them. Ths can be done n such a way that a thrd party eavesdroppng may never be abe to decpher the messages. Whe secure communcaton has exsted for centures, the key management probem has prevented t from becomng commonpace. Thanks to the deveopment of pubc-key cryptography, the toos exst to create a arge-scae network of peope who can communcate securey wth one another even f they had never communcated before. Identcaton and Authentcaton Identcaton and authentcaton are two wdey used appcatons of cryptography. Identcaton s the process of verfyng someone's or somethng's dentty. For exampe, when wthdrawng money from a bank, a teer asks to see dentcaton (e.g. a drver's cense) to verfy the dentty of the owner of the account. Ths same process can be done eectroncay usng cryptography. Every automatc teer machne (ATM) card s assocated wth a "secret" persona dentcaton number (PIN), whch bnds the owner to the card and thus to the account. When the card s nserted nto the ATM, the machne prompts the cardhoder for the PIN. If the correct PIN s entered, the machne dentes that person as the rghtfu owner and grants access. Another mportant appcaton of cryptography s authentcaton. Authentcaton s smar to dentcaton, n that both aow an entty access to resources (such as an Internet account), but authentcaton s broader because t does not necessary nvove dentfyng a person or entty. Authentcaton merey determnes whether that person or entty s authorzed for whatever s n queston. For more nformaton on authentcaton and dentcaton. Secret Sharng Another appcaton of cryptography, caed secret sharng, aows the trust of a secret to be dstrbuted among a group of peope. For exampe, n a (K, N)-threshod scheme, nformaton about a secret s dstrbuted n such a way that any K out of the N peope (K<N) have enough nformaton to determne the secret, but any set of K-1 peope do not. In any secret sharng scheme, there are desgnated sets of peope whose cumuatve nformaton sumces to determne the secret. In some mpementatons of secret sharng schemes, each partcpant receves the secret after t has been generated. In other mpementatons, the actua secret s never made vsbe to the partcpants, athough the purpose for whch they sought the secret (e.g. access to a budng or permsson to execute a process) s aowed. Eectronc Commerce Over the past few years there has been a growng amount of busness conducted over the Internet - ths form of busness s caed eectronc commerce or e-commerce. E-commerce s comprsed of onne bankng, onne brokerage accounts, and Internet shoppng, to name a few of the many appcatons. One can book pane tckets, make hote reservatons, rent a car, transfer money from one account to another, buy compact dsks (CDs), cothes, books and so on a whe sttng n front of a computer. However, smpy enterng a credt card number on the Internet eaves one open to fraud. One cryptographc souton to ths probem s to encrypt the credt card number (or other prvate nformaton) when t s entered on-ne, another s to secure the entre sesson. When a computer encrypts ths nformaton and sends t out on the Internet, t s ncomprehensbe to a thrd party vewer. The web- server ("Internet shoppng center") receves the encrypted nformaton, decrypts t, and proceeds wth the sae wthout fear that the credt card number (or other persona nformaton) spped nto the wrong hands. As more and more busness s conducted over the Internet, the need for protecton aganst fraud, theft and corrupton of vta nformaton ncreases. Certcaton Another appcaton of cryptography s certcaton; certcaton s a scheme by whch trusted agents such as certfyng authortes vouch for unknown agents, such as users. The trusted agents ssue vouchers caed certcates whch each have some nherent meanng. Certcaton technoogy was deveoped to make dentcaton and authentcaton possbe on a arge scae. Key Recovery Key recovery s a technoogy that aows a key to be reveaed under certan crcumstances wthout the owner of the key reveang t. Ths s usefu for two man reasons: rst of a, f a user oses or accdentay deetes ther key, key recovery coud prevent a dsaster. Secondy, f a aw enforcement agency wshes to eavesdrop on a suspected crmna wthout ther knowedge (akn to a wretap), they must be abe to recover the key. Key recovery technques are n use n some nstances; however, the use of key recovery as a aw enforcement technque s somewhat controversa. Remote Access Secure remote access s another mportant appcaton of cryptography. The basc system of passwords certany gves a eve of securty for secure access, but t may not be enough n some cases. For nstance, passwords can be eavesdropped, forgotten, stoen, or guessed. Many products suppy cryptographc methods for remote access wth a hgher degree of securty. Other Appcatons Cryptography s not conned to the word of computers. Cryptography s aso used n ceuar phones as a means of authentcaton; that s, t can be used to verfy that a partcuar phone has the rght to b to a partcuar phone number. Ths prevents peope from steang ("conng") ceuar phone numbers and access codes. Identi#y the Dses o# Cryptography CISSP Seminar: $&+ systems $-(ail Communication links /SA Crypto FAQ: Today's cryptography s more than encrypton and decrypton. Authentcaton s as fundamentay a part of our ves as prvacy. We use authentcaton throughout our everyday ves -when we sgn our name to some document for nstance and, as we move to a word where our decsons and agreements are communcated eectroncay, we need to have eectronc technques for provdng authentcaton. Cryptography provdes mechansms for such procedures. A dgta sgnature bnds a document to the possessor of a partcuar key, whe a dgta tmestamp bnds a document to ts creaton at a partcuar tme. These cryptographc mechansms can be used to contro access to a shared dsk drve, a hgh securty nstaaton, or a pay-per-vew TV channe. The ed of cryptography encompasses other uses as we. Wth |ust a few basc cryptographc toos, t s possbe to bud eaborate schemes and protocos that aow us to pay usng eectronc money, to prove we know certan nformaton wthout reveang the nformaton tsef, and to share a secret quantty n such a way that a subset of the shares can reconstruct the secret.
Compare and contrast Symmetric and -symmetric Key Cryptography CISSP Seminar: SYMMETRIC KEY: Also known as private key, single key, secret key 'ey shared by originator and receiver Computational efficiency advantage ;-;33 million bits!sec. Data $ncryption tandard >D$? ASYMMETRIC KEY: Also known as public key ,ses < asymmetric keys *ne to encrypt and one to decrypt Computationnally slow &ew thousand bits!sec. >early versions? #ivest-hamir-Adleman >#A? algorithm #elated to known mathematical problem Difficulty factoring product of < large prime numbers /SA Crypto FAQ: There are two types of cryptosystems: secret-key and pubc-key. In secret-key cryptography, aso referred to as symmetrc cryptography, the same key s used for both encrypton and decrypton. The most popuar secret-key cryptosystem n use today s known as DES, the Data Encrypton Standard. IBM deveoped DES n the mdde 1970's and t has been a Federa Standard ever snce 1976. In pubc-key cryptography, each user has a pubc key and a prvate key. The pubc key s made pubc whe the prvate key remans secret. Encrypton s performed wth the pubc key whe decrypton s done wth the prvate key. The RSA pubc-key cryptosystem s the most popuar form of pubc- key cryptography. RSA stands for Rvest, Shamr, and Ademan, the nventors of the RSA cryptosystem. The Dgta Sgnature Agorthm (DSA) s aso a popuar pubc-key technque, though t can ony be used ony for sgnatures, not encrypton. The prmary advantage of pubc-key cryptography s ncreased securty and convenence: prvate keys never need to be transmtted or reveaed to anyone. In a secret-key system, by contrast, the secret keys must be transmtted (ether manuay or through a communcaton channe) snce the same key s used for encrypton and decrypton. A serous concern s that there may be a chance that an enemy can dscover the secret key durng transmsson. Another ma|or advantage of pubc-key systems s they can provde dgta sgnatures that cannot be repudated. Authentcaton va secret- key systems requres the sharng of some secret and sometmes requres trust of a thrd party as we. As a resut, a sender can repudate a prevousy authentcated message by camng the shared secret was somehow compromsed by one of the partes sharng the secret. For exampe, the Kerberos secret-key authentcaton system nvoves a centra database that keeps copes of the secret keys of a users; an attack on the database woud aow wdespread forgery. Pubc-key authentcaton, on the other hand, prevents ths type of repudaton; each user has soe responsbty for protectng hs or her prvate-key. Ths property of pubc-key authentcaton s often caed non-repudaton. A dsadvantage of usng pubc-key cryptography for encrypton s speed. There are many secret-key encrypton methods that are sgncanty faster than any currenty avaabe pubc-key encrypton method. Nevertheess, pubc-key cryptography can be used wth secret-key cryptography to get the best of both words. For encrypton, the best souton s to combne pubc and secret-key systems n order to get both the securty advantages of pubc-key systems and the speed advantages of secret-key systems. Such a protoco s caed a dgta enveope. Pubc-key cryptography may be vunerabe to mpersonaton, even f users' prvate-keys are not avaabe. A successfu attack on a certcaton authorty w aow an adversary to mpersonate whomever he or she chooses by usng a pubc-key certcate from the compromsed authorty to bnd a key of the adversary's choce to the name of another user. In some stuatons, pubc-key cryptography s not necessary and secret-key cryptography aone s sumcent. These ncude envronments where secure secret key dstrbuton can take pace, for exampe, by users meetng n prvate. It aso ncudes envronments where a snge authorty knows and manages a the keys, e.g., a cosed bankng system. Snce the authorty knows everyone's keys aready, there s not much advantage for some to be "pubc" and others "prvate." Aso, pubc-key cryptography s usuay not necessary n a snge-user envronment. For exampe, f you want to keep your persona es encrypted, you can do so wth any secret-key encrypton agorthm usng, say, your persona password as the secret key. In genera, pubc-key cryptography s best suted for an open mut-user envronment. Pubc-key cryptography s not meant to repace secret-key cryptography, but rather to suppement t, to make t more secure. The rst use of pubc-key technques was for secure key estabshment n a secret-key system |DH76|; ths s st one of ts prmary functons. Secret-key cryptography remans extremey mportant and s the sub|ect of much ongong study and research.
Identi#y Types o# Encryption Systems CISSP Seminar: Classical substitution ciphers +ransposition >permutation? ciphers Polyalphabetic Ciphers #unning key ciphers Concealment Digital ystem Codes (achines *ne-+ime pad D$!Clipper Double!+riple D$ Public 'ey #A $lliptic curve P-P $l -amal Diffie-%ellman
Compare and contrast Sbstittion ciphers and Transposition Ciphers CISSP Seminar: An exampe of substtuton cpher woud be the Ceasar cpher. In whch each pantext character s repaced by the character three to the rght of moduo 26 (A s repaced by D, B s repaced by E, and so on. Shft aphabet Exampe: A B C D E F.. BAD D E F G H I EDG Scrambe Aphabet Exampe: A B C D E F.. BAD Q E Y R T M. EQR An exampe of transposton cpher woud be as foows: Position of letters permuted. (essage broken into )-character groups 8etters rearranged dont give up the ship (Message) 1234512345123451234512345 (Groups of 5) 3512435124351243512435124 (The key) ndtoiv egp tu shhe i p (Ciphertext)
/SA Crypto FAQ: A substtuton cpher s one n whch each character of the pantext s substtuted for another character of cphertext. The recever nverts the substtuton on the cphertext to recover the pantext. In a Transposton cpher the pantext remans the same, but the order of characters s shumed around.
Describe the concept o# Polyalphabetic Ciphers CISSP Seminar: Uses dherent aphabets to defeat frequency anayss. ee e.ample with ) alphabets below Exampe: a b c d e f g h i (normal alphabet) q w e r t. (1 st alphabet) d m s i k (2 nd Alphabet) o h g x f (3 rd Alphabet) z b n l a (4 th Alphabet) y c v u p (5 th Alphabet) abcde (Plaintext) qdozy (ciphertext) Applied Cryptography 0ood" Page -1: A poyaphabetc cpher s made up of mutpe smpe substtuton cpher. For exampe, there mght be ve dherent smpe substtuton cpher used; the partcuar one used changes wth the poston of each character of the pantext.
Describe the concept o# Concealment Ciphers CISSP Seminar: The true etters of pantext are hdden/dsgused By device or algorithm $.ampleJ divide message o ,se ; word at a time o %ave it appear as every ) th word in a sentence o (essage in clear te.tJ P9Buy gold99 o (essage in concealmentJ P9Product is a good B,L, it has ten percent -*8D content99
Defne and describe Steganography CISSP Seminar: Stenography s the art of hdng communcatons Deny message e.ists Data hidden in picture files, sound files, slack space on floppies o :Je 8east significant bits of Bitmap image can be used to hide messages, usually without material change to original file. Applied Cryptography" Page ): Steganography serves to hde secret messages n other messages, such that the secrets very exstence s conceaed. Generay the sender wrtes an nnocuous message and then conceas a secret message on the same pece of paper. Hstorca trcks ncudes nvsbe nks, tny pn puncture on seected characters, mnute dherences between handwrtten characters, penc marks on typewrtten characters, gres whch cover most of the message except for a few characters, and so on. More recenty peope are hdng secrets n graphc mage.
Describe Digital System Encryption CISSP Seminar: The key and message both streams of bts $ach te.t character Q 7 bits $ach key bit A*#ed >e.clusived-or9ed? with corresponding message bit A*# operation yields 3 if both bits the same and ; is different Exampe: MESSAGE STREAM 01001000 KEY STREAM 11010001 CIPHERTEXT STREAM 10011001
Defne the word ECodesE as it pertains to Cryptography CISSP Seminar: Lst of words/phrases/ (codes) wth correspondng random groups of numbers/etters (code groups) Applied Cryptography" Page ): Hstorcay, a code refers to a cryptosystem that deas wth ngustc unts: words, phrases, sentences, and so forth. For exampe, the word OCELOT mght be the cphertext of the entre phrase Turn eft 90 degrees, the word LOLLIPOP mght be the cphertext for Turn rght 90 degrees, and the words BENT EAR mght be the cphertext for HOWITZER. Codes are ony usefu for specazed crcumstances. Cphers are usefu for any crcumstance. Codes are mted, f your code does not have an entry for a specc word then you cant say t, you can say anythng you wsh usng cpher.
Compare and contrast @agelin and 0otor Cryptography ;achines CISSP Seminar: %agelin (achine Combines plain te.t >character by character? withJ 'eystream >long pseudo-random seBuence? +o produce cipher te.t #otor (achines #otor implements cipher alphabet #otor connected in banks ignal entering one end permuted by each of rotors before leaving at other end 'eyed by changing rotor variables o #otors!order of rotors o "umber of stopping pieces per wheel o Pattern of motion
Describe the se and characteristics o# E!ne/Time/PadE Encryption CISSP Seminar: ,nbreakable by e.haustive search >brute force? #andom key same length as message *nly used once Digital system key and message both bit streams 7 bits per character $ach key bit A*#ed with corresponding message bit Produces cipherte.t bit 'ey bits A*#ed with cipherte.t to decrypt
Describe the history o# the DES Encryption CISSP Seminar: :B( cryptographic research >late ;5=39s? (odification of 8ucifer developed by :B( "on-linear block ciphers :B( developed >about ;56<? "B solucited >about ;56@ and ;562? Adopted >;566? A": approved >;567? "A threatened decertification >;576? ":+ recertified for ) years >;577, ;55@? 2et!or Computing: The most common prvate key encrypton standard that s used s the Data Encrypton Standard (DES) deveoped by IBM n the eary 1970s. It s the de facto ndustry standard for cryptography systems and s the words most commony used encrypton mechansm. Ths prvate key system s wdey depoyed n nanca networks ncudng automated teer machnes and pont-of-sae networks. It was adopted as a Federa Informaton Processng Standard (FIPS PUB 46) n 1977 and as an Amercan Natona Standard (ANSI X3.92) n 1981. Further carcaton on the modes of use of the agorthm s contaned n ANSI standard X3.106.
Describe the DES -lgorithm CISSP Seminar: =2 bit plain and cipher te.t block siNe )= bit true key plus 7 parity bits eventy Buadrillion possible keys ingle-Chip 8: implentation About )3R per unit ;= rounds of simple operations to encrypt +ransposition and substitution #everse to decrypt /SA Crypto FAQ: The DEA, aso caed DES, has been extensvey studed snce ts pubcaton and s the best known and wdey used symmetrc agorthm n the word. The DEA has a 64-bt bock sze and uses a 56-bt key durng executon (8 party bts are strpped oh from the fu 64-bt key). The DEA s a symmetrc cryptosystem, speccay a 16-round Feste cpher and was orgnay desgned for mpementaton n hardware. When used for communcaton, both sender and recever must know the same secret key, whch can be used to encrypt and decrypt the message, or to generate and verfy a message authentcaton code (MAC). The DEA can aso be used for snge-user encrypton, such as to store es on a hard dsk n encrypted form. In a mut-user envronment, secure key dstrbuton may be dmcut; pubc-key cryptography provdes an dea souton to ths probem. NIST has recerted DES (FIPS 46-1) every ve years; DES was ast recerted n 1993, by defaut. NIST has ndcated, however, t w not recertfy DES agan. The deveopment of AES, the Advanced Encrypton Standard s underway. AES w repace DES. Compare and contrast the ;odes o# the DES -lgorithm CISSP Seminar: $lectronic code book =2 bits data blocks entered directly into device =2 bits cipher blocks generated under key #estricted to protection of encrypting keys and initialiNing vectors *utput &eedback D$ generated keystream A*#ed with message stream imulates one-time-pad 'eystream generated by D$ encrypting =2 bits initialiNation vector with secret key D$ output bits fed back as input to generate ne.t segment key bits Cipher &eedback Device generates stream of random binary bits Combined with plain te.t -enerated cipher with same number of bits as te.t Cipher te.t fed back to form a portion of ne.t input Cipher Block Chaining =2 bit plain te.t blocks loaded seBuentially A*#ed with =2 bits initialiNing vector Combination processed into cipher under key &irst cipherte.t A*#ed with ne.t te.t block Process continues until end of plainte.t chain /SA Crypto FAQ: ECB - Eectronc Code Book Each bock of cphertext s encrypted ndependenty of any other bock. Therefore each cphertext bock corresponds to one pantext bock |ust ke n a code book. CBC - Chan Bock Cpher ECB does not protect aganst nserton of repeated bocks because bocks are treated ndependenty. Another weakness s that dentca pantext bocks generate dentca cphertext bocks. To mprove DES for communcaton streams each 64 bt bock s EXORed wth the prevous 64 bt cphertext before entered nto the DES chp. In addton to a common secret key the sender and recever need to agree on an nta vector to be EXORed wth the rst bock of a messages stream. CFM - Cpher Feedback Mode CFM s an aternate mode for DES on 8 bt characters. The nput character s EXORed wth the east sgncant byte of the DES output and then transmtted over the communcaton nk. In order to coect enough bts for the 64 bt encrypton bock the output characters are coected n a character based shft regster. Each output character advances the shft regster by 8 bts and trggers a new DES encrypton. Thereby the next nput character w be EXORed wth a new DES output. CFM s sutabe for use on sera nes.
Describe the caracteristics and sage o# DobleHTriple DES CISSP Seminar: Double D$ $ffective key length ;;< bits /ork factor about the same as single D$ "o more secure +riple D$ $ncrypt with first key Decrypt with second key $ncrypt with first key "o successfull attack reported /SA Crypto FAQ: For some tme t has been common practce to protect and transport a key for DES encrypton wth trpe-DES. Ths means that the nput data (n ths case the snge-DES key) s, n ehect encrypted three tmes. There are of course a varety of ways of dong ths; we w expore these ways beow. A number of modes of trpe-encrypton have been proposed: DES-EEE3: Three DES encryptons wth three dherent keys. DES-EDE3: Three DES operatons n the sequence encrypt-decrypt-encrypt wth three dherent keys. DES-EEE2 and DES-EDE2: Same as the prevous formats except that the rst and thrd operatons use the same key. Attacks on two-key trpe-DES have been proposed by Merke and Heman |MH81| and Van Oorschot and Wener |VW91|, but the data requrements of these attacks make them mpractca. Further nformaton on trpe-DES can be obtaned from varous sources |Bh95| |KR96|. The use of doube and trpe encrypton does not aways provde the addtona securty that mght be expected. Prenee |Pre94| provdes the foowng comparsons n the securty of varous versons of mutpe-DES and t can be seen that the most secure form of mutpe encrypton s trpe-DES wth three dstnct keys. # Encryptions #Keys Computation Storage Type of attack single 1 2^56 - known plaintext single 1 2^38 2^38 chosen plaintext single 1 - 2^56 chosen plaintext double 2 2^112 - known plaintext double 2 2^56 2^56 known plaintext double 2 - 2^112 known plaintext trpe 2 256 256 256 known pantext triple 2 2^120-t 2t 2t known plaintext triple 2 - 2^56 chosen plaintext triple 3 2^112 2^56 known plaintext triple 3 2^56 2^112 chosen plaintext
Tabe 1: Comparson of dherent forms of DES mutpe encrypton Lke a bock cphers, trpe-DES can be used n a varety of modes. The ANSI X9.52 standard (see Oueston 5.3.1) detas the dherent ways n whch trpe-DES mght be used and s expected to be competed durng 1998.
Compare and Contrast the 0elative 4enefts o# Escrowed Encryption CISSP Seminar: To be competed???? Personal &omments: Key escrow s a rea can of worm dependng on who you are takng to. There s two sde of ths, a group that cam t s madatory and another group that cam t woud be aganst ther freedom of speech and cv bertes. Here are some of the degates: Crmna encrypton use exsts. Encrypton has aready been used by crmnas to keep ther actvtes secret from the FBI and aw enforcement. From 1995 to 1996, the number of cases n whch the FBI was foed by encrypton more than doubed (5 to 12). Encrypton s not reguatabe outsde the US. Non-escrowed strong encrypton s aready avaabe n over 200 other countres, and t w st be avaabe n these countres, even f the US Government decdes to nsttute an escrowed encrypton pocy. Key recovery s expensve. A mandatory key recovery pocy, f nsttuted by the government, woud be very costy not ony for the government tsef (operatona costs), but aso for software companes that have deveoped the 800 encrypton products currenty on the market. These companes w have to competey re-engneer ther products n order to compy wth the government's new pocy. Escrow has not been thoroughy tested. There are mons of encrypton users and thousands of agents and aw enforcement agences. Key escrow has never been tested n a wde-scae envronment. Mandatory escrow can be crcumvented. There s no way to "scan" the Internet to detect use of non-escrowed encrypton. Key recovery eaves a "back door" n the software. Our naton's crtca systems (ar tramc contro, defense systems, the power grd, etc.) woud key be protected by key recovery. There s no way to ensure that the system w be safe from hackers and terrorsts. Escrow nvoves humans. As wth any type of securty system nvovng humans, there are vunerabtes. The government woud hod the key to everyone's persona data. Under current proposed egsaton, keys woud be reeased by a court subpoena, not a |udca order.
Defne EClipperE and the EShip:ac"E -lgorithm CISSP Seminar: Clipper +amper-resistant hardware chip "A-designed single-key encryption algorithm >shipOack? Decrypted by special chip, uniBue key and special law enforcement access field >8$A&? transmitted with encrypted communication. #egardless of session key Chip uniBue key is A*# of < components $ach encrypted and stored in escrow with separate escrow agent Both needed to construct chip uniBue key and decrypt #elease to authoriNed government agent for authoriNed surveillance. hipOack Algorithm +ransform =2 bit input block into =2 bit output block 73 bit key length ame operating modes as D$ >2 of them? Classified to prevent implementing >in either software or hardware? without 8$A& /SA Crypto FAQ: The Cpper chp contans an encrypton agorthm caed Skp|ack. Each chp contans a unque 80-bt unt key U, whch s escrowed n two parts at two escrow agences; both parts must be known n order to recover the key. Aso present s a sera number and an 80-bt "famy key" F; the atter s common to a Cpper chps. The chp s manufactured so that t cannot be reverse engneered; ths means that the Skp|ack agorthm and the keys cannot be recovered from the chp. Skp|ack s the encrypton agorthm contaned n the Cpper chp, desgned by the NSA (see Oueston 6.2.2). It uses an 80-bt key to encrypt 64-bt bocks of data. Skp|ack s expected to be more secure than DES n the absence of any anaytc attack snce t uses 80-bt keys. By contrast, DES uses 56-bt keys. Intay the detas of Skp|ack were cassed and the decson not to make the detas of the agorthm pubcy avaabe was wdey crtczed. Some peope were suspcous that Skp|ack mght not be secure, ether due to an oversght by ts desgners, or by the deberate ntroducton of a secret trapdoor. Snce Skp|ack was not pubc, t coud not be wdey scrutnzed and there was tte pubc condence n the cpher. Aware of such crtcsm, the government nvted a sma group of ndependent cryptographers to examne the Skp|ack agorthm. They ssued a report |BDK93| whch stated that athough ther study was too mted to reach a dentve concuson, they nevertheess beeved Skp|ack was secure. In |une of 1998 Skp|ack was decassed by the NSA. Eary cryptanayss has faed to nd any substanta weakness n the cpher.
Describe the elements o# the Electronic Data Secrity -ct o# '((I CISSP Seminar: To be competed???? Ele&troni& 3ata Se&urity A&t -))*: The Eectronc Data Securty Act states ts goas as: To enabe the deveopment of a key management nfrastructure for pubc-key-based encrypton and attendant encrypton products that w assure that ndvduas and busnesses can transmt and receve nformaton eectroncay wth condence n the nformaton's condentaty, ntegrty, avaabty, and authentcty, and that w promote tmey awfu government access.
Describe the basis o# Pblic/Key -lgorithms CISSP Seminar: &actoring large prime numbers #A Discrete log problem >difficulty of taking logarithms in finite fields? $l -amal encryption scheme and signature algorithm chnorr9s signature algorithm "ybergrueppel9s signature algorithm tation-to-tation protocol for key agreement >+? Digital ignature Algorithm >DA? $lliptic Curve Crypto >$CC? /SA Crypto FAQ: Pubc-key cryptosystems are based on a probem that s n some sense dmcut to sove. Dmcut n ths case refers more to the computatona requrements n ndng a souton than the concepton of the probem. These probems are caed hard probems. Some of the most we known exampes are factorng, theorem-provng, and the "traveng saesman probem" - ndng the route through a gven coecton of ctes whch mnmzes the tota ength of the path. Factorng s the underyng, presumaby hard probem upon whch severa pubc-key cryptosystems are based, ncudng the RSA agorthm. Factorng an RSA moduus woud aow an attacker to gure out the prvate key; thus, anyone who can factor the moduus can decrypt messages and forge sgnatures. The securty of the RSA agorthm depends on the factorng probem beng dmcut and the presence of no other types of attack. In genera the arger the number the more tme t takes to factor t. Of course f you have a number ke 2100 t s easer to factor than say, a number wth haf as many dgts but the product of two prmes of about the same ength. Ths s why the sze of the moduus n RSA determnes how secure an actua use of RSA s; the arger the moduus, the onger t woud take an attacker to factor, and thus the more resstant the RSA moduus s to an attack.
Defne Elleptic Crve Cryptosystems FECCG CISSP Seminar: ,ses algebraic system defined on points of elliptic curve to provide public-key algorithms. Digital signature ecret key distribution Confidential info transmission &irst proposed by Iictor (iller >:B(!C#D? ;57) K "eal koblitN > /ashington univ?
/SA Crypto FAQ: Eptc curve cryptosystems were rst proposed ndependenty by Vctor Mer |M86| and Nea Kobtz |Kob87| n the md-1980s. At a hgh eve, they are anaogs of exstng pubc-key cryptosystems n whch moduar arthmetc s repaced by operatons dened over eptc curves. The eptc curve cryptosystems that have appeared n the terature can be cassed nto two categores accordng to whether they are anaogs to RSA or dscrete ogarthm based systems.
Describe the advantages o# Elliptic Crves Cryptosystems FECCG CISSP Seminar: %ighest strength!bit of public key systems Big saving over other public key systems Computation Bandwidth torage Bandwith reduced hort signature and certificates &ast encryption and signature speed %ardware and software :deal for very small hardware implementations mart card $ncryption and digital signatures stages separable to simplify e.port /SA Crypto FAQ: Presenty, the methods for computng genera eptc curve dscrete ogs are much ess emcent than those for factorng or computng conventona dscrete ogs. As a resut, shorter key szes can be used to acheve the same securty of conventona pubc-key cryptosystems, whch mght ead to better memory requrements and mproved performance. One can easy construct eptc curve encrypton, sgnature, and key agreement schemes by makng anaogs of EGama, DSA, and Dme-Heman. These varants appear to oher certan mpementaton advantages over the orgna schemes, and they have recenty drawn more and more attenton from both the academc communty and the ndustry. The man attracton of eptc curve cryptosystems over other pubc- key cryptosystems s the fact that they are based on a dherent, hard probem. Ths may ead to smaer key szes and better performance n certan pubc-key operatons for the same eve of securty. Very roughy speakng, when ths FAO was pubshed eptc curve cryptosystems wth a 160-bt key oher the same securty of RSA and dscrete ogarthm based systems wth a 1024-bt key. As a resut, the ength of the pubc key and prvate key s much shorter n eptc curve cryptosystems. In terms of speed, however, t s qute dmcut to gve a quanttatve comparson, party because of the varous optmzaton technques one can appy to dherent systems. It s perhaps far to say the foowng: Eptc curve cryptosystems are faster than the correspondng dscrete ogarthm based systems. Eptc curve cryptosystems are faster than RSA n sgnng and decrypton, but sower than RSA n sgnature vercaton and encrypton. For more detaed comparsons, see the survey artce by Matt Robshaw and Yqun Lsa Yn |RY97|. Wth academc advances n attackng dherent hard mathematca probems both the securty estmates for varous key szes n dherent systems and the performance comparsons between systems are key to change.
Identi#y the standards -ctivities Involving Elliptic Crve Cryptosystems FECCG CISSP Seminar: :$$$, P;@=@ >public-key crypto? Covers main public key techniBues #A, $CC, $l -amal, Diffie-%ellman A": A5 $lliptic curve Digital ignature Algorithm >$CDA? proposed work item A": AC A5 $lliptic curve key agreement and key management proposed work item :*!:$C CD ;2777@ EDigital ignature with appendi.E Iariety of digital signature mechanisms /SA Crypto FAQ: The IEEE P1363 s an emergng standard that ams to provde a comprehensve coverage of estabshed pubc-key technques. It contnues to move toward competon, wth baotng expected ater ths year. The pro|ect, begun n 1993, has produced a draft standard coverng pubc-key technques from the dscrete ogarthm, eptc curve, and nteger factorzaton fames. Contrbutons are currenty socted for an addendum, IEEE P1363a, whch w cover addtona pubc-key technques. The pro|ect s cosey coordnated wth emergng ANSI standards for pubc-key cryptography n bankng, and forthcomng revsons of RSA Laboratores' Pubc-Key Cryptography Standards w aso be agned wth IEEE P1363. Amercan Natona Standards Insttute (ANSI) s broken down nto commttees, one beng ANSI X9. The commttee ANSI X9 deveops standards for the nanca ndustry, more speccay for persona dentcaton number (PIN) management, check processng, eectronc transfer of funds, etc. Wthn the commttee of X9, there are subcommttees; further broken down are the actua documents, such as X9.9 and X9.17. The Internatona Organzaton for Standardzaton, (ISO), s a non- governmenta body promotng standardzaton deveopments gobay. Atogether, ISO s broken down nto about 2700 Technca Commttees, subcommttees and workng groups. ISO/IEC (Internatona Eectrotechnca Commsson) s the |ont technca commttee deveopng the standards for nformaton technoogy. One of the more mportant nformaton technoogy standards deveoped by ISO/IEC s ISO/IEC 9798 |ISO92a|. Ths s an emergng nternatona standard for entty authentcaton technques. It conssts of ve parts. Part 1 s ntroductory, and Parts 2 and 3 dene protocos for entty authentcaton usng secret-key technques and pubc-key technques. Part 4 denes protocos based on cryptographc checksums, and part 5 addresses zero-knowedge technques.
Describe Pretty $ood Privacy FP$PG CISSP Seminar: Created by Phil Simmerman #andom prime number T pass phrase 'ey crunching generates key Convert passphrase into bitsteam &or random key, passphrase must be long o +heoryJ number of passphrase characters Q numbers of bits in key /SA Crypto FAQ: PGP (Pretty Good Prvacy) s a software package orgnay deveoped by Ph Zmmerman that provdes cryptographc routnes for e-ma, e transfer, and e storage appcatons. Zmmerman used exstng cryptographc agorthms and protocos and deveoped a system that can run on mutpe patforms. It provdes message encrypton, dgta sgnatures, data compresson, and e-ma compatbty. The agorthms used by PGP have changed over ts varous versons. Versons pror to 5.0 used RSA for key exchange, MD5 for dgta sgnatures, and IDEA for buk encrypton of messages and es. Verson 5.0 added Dme-Heman (E Gama) for key exchange, RIPEMD-160 and SHA-1for dgta sgnatures, and 3DES and CAST for buk encrypton of messages and es. A versons of PGP have ncorporated the routnes from the freeware program ZIP (whch uses routnes that are comparabe to the routnes used n PKZp) to compress data before encrypton. Ths s done to add securty to the cryptographc mpementaton, as we as mnmze the transmsson tme of the encrypted data. E-ma compatbty s acheved by Radx-64 converson of the bnary data. PGP s bound by Federa export aws due to ts usage of the RSA, IDEA, Dme-Heman, 3DES and CAST agorthms. The source code to PGP was egay exported n book form, and s avaabe (aong wth bnary dstrbutons of the program for use outsde of the USA) at http://www.pgp.com
Defne the #or FJG types o# P$P certifcates CISSP Seminar: (ake up yourself Provided commercially Iouching on business relationship Authenticated individual activity /SA Crypto FAQ:
Compare and contrast E Gama and Dme-Heman Agorthms CISSP Seminar: $l -amal ,npatented, public-key algorithm used for both digital signatures and encryption ecurity stems from difficulty in calculating discrete logarithms in a finite field &irst public-key crypto algorithm suitable for encryption and digital signatures unencumbered by patents in ,.. Diffie-%ellman :nvented in ;56= 0 &irst public key algorithm ecurity stems from difficulty in calculating discrete logarithms in a finite field ,sed for key distribution but not for message encryption!decryption Patent e.pired in ;556 4ry&e 5endri. paper on Cryptography: E Gama Another popuar system s the E Gama agorthm, whch rees on the dmcuty of dscrete ogarthms. The agorthm s based on the probem of exponentaton as foows: gven a moduus q and some b < q, a character x can be encrypted as nteger y s the condton by x mod q. The nteger y shoud not be easy computabe, provdng securty through the unfeasbty of compcated dscrete ogarthms. The actua E Gama agorthm requres, for a secure system, that everyone agrees on a arge prme moduus, q. A number g s chosen such that, deay, the order of g s q-1. The user generates a prvate key, y, then uses that prvate key to generate the pubc key, gy; addtonay pubc key must be congruent to 1 mod q. For E Gama to be secure, y must be dmcut to compute from gy. Suppose Ace now wshes to encrypt a message M for Bob usng hs pubc key. Snce both g and gy are known to Ace, she then computes the kth power of each and sends Bob gk and Mgyk. Snce Bob knows y, he can then reconstruct M by ndng the nverse of gyk and mutpyng Mgyk by the nverse to attan M |Achter|. Comparng the E Gama agorthm wth the RSA agorthm, t s noted that both empoy exponentaton, so they can be assumed to have comparabe speed n encrypton and decrypton as we as key gener aton. RSAs securty s based on factorzaton, whch has been studed comprehensvey over the past two hundred years. E Gama, on the other hand, rees on sovng by dscrete ogarthms, whch remans fary unstuded. By varyng g and the nverse functon smutaneousy an attack that has a compexty ower than sovng by dscrete ogarthms or factorng, not t can be sad that E Gama s at best no more secure than RSA and possby much ess secure |Nechvata|. It shoud aso be ponted out that E Gama requres two vaues to be sent, the encrypted method and a message dependent arge nteger- For ths reason, E Gama s sad to be ess space emcent than RSA, athough t may present better securty aganst some attacks, especay f k s dherent for gk and Mgyk |Nechvata|. Milgo Solution: Dme Heman Dme Heman was the rst pubc key agorthm ever deveoped. It s st extremey popuar and hghy recommended for key exchange. Its prmary advantage over RSA, the most wdey used pubc key agorthm, s that Dme Heman s a negotated key generaton whe RSA s a master/save key generaton. The pubc portons of Dme Heman are: Moduus = m Integer = g Two partes, Ace and Bob, who want to negotate a key that ony they w know, perform the foowng: 1.Ace generates a arge random number a and computes X = ga mod m 2.Bob generates a arge random number b and computes Y = gb mod m 3.Ace sends X to Bob. 4.Bob computes Key 1 = Xb mod m 5.Bob sends Y to Ace. 6.Ace computes Key 2 = Ya mod m Both Key 1 and Key 2 are equa to gab mod m. No one besdes Ace and Bob s abe to generate ths vaue. Ony someone who knows a or b s abe to generate the key. Therefore Dme Heman pubc key s a means for two partes who have never met to be abe to negotate a key over a pubc channe. The securty of Dme Heman revoves around the choce of the pubc parameters m and g. Moduus m shoud be a prme number and (m- 1)/2 shoud aso be a prme number. Fnay moduus m shoud be arge because the securty s reated to ndng the dscrete ogarthm n a nte ed of sze m. SafeDa uses a 1024-bt moduus, whch s consdered to be hghy secure by most experts.
Compare and contrast Cryptographic ;odle Confgrations CISSP Seminar: There s four type of modues: nne, omne, enbedded, stand-aone :nline &ront end configuration (odule capable of accepting plainte.t from source o Performing crypto processing o Passing processed data directly to communications eBuipment o /ithout passing back to source (ay also decrypt reverse process Data cannot leave host without passing through module Comm eBuip in module or e.ternal to host *ffline Back end configuration (odule capable of accepting data from source o Performing crypto processing o Passing processed data back to source ource responsible for storage and further transmission o (aintaining separation between protected and unprotected data :deal for local file encryption Comm boards may be internal to host $mbedded (odule physically enclosed within and interfaces with computer $ither inline or offline 8ess e.pensive Physical security >temper protection and detection? Buestionable tandalone (odule contained in own physical enclosure *utside host computer $ither inline or offline
Identi#y the -ctivities 0elated to Key management CISSP Seminar: 'ey management 'ey change 'ey disposition 'ey recovery Control of crypto keys /SA Crypto FAQ: Key management deas wth the secure generaton, dstrbuton, and storage of keys. Secure methods of key management are extremey mportant. Once a key s randomy generated (see Oueston 4.1.2.2), t must reman secret to avod unfortunate mshaps (such as mpersonaton). In practce, most attacks on pubc-key systems w probaby be amed at the key management eve, rather than at the cryptographc agorthm tsef. Users must be abe to securey obtan a key par suted to ther emcency and securty needs. There must be a way to ook up other peope's pubc keys and to pubcze one's own pubc key. Users must be abe to egtmatey obtan others' pubc keys; otherwse, an ntruder can ether change pubc keys sted n a drectory, or mpersonate another user. Certcates are used for ths purpose. Certcates must be unforgeabe. The ssuance of certcates must proceed n a secure way, mpervous to attack. In partcuar, the ssuer must authentcate the dentty and the pubc key of an ndvdua before ssung a certcate to that ndvdua. If someone's prvate key s ost or compromsed, others must be made aware of ths, so they w no onger encrypt messages under the nvad pubc key nor accept messages sgned wth the nvad prvate key. Users must be abe to store ther prvate keys securey, so no ntruder can obtan them, yet the keys must be ready accessbe for egtmate use. Keys need to be vad ony unt a speced expraton date but the expraton date must be chosen propery and pubczed n an authentcated channe.
Compare and contrast the types o# "ey management CISSP Seminar: 8ink encryption $nd-+o-$nd encryption 'ey Distribution Center >'DC? ,ser uniBue key distributed o Changed infreBuently A calls B Calling protocol contacts 'DC 'DC generates random session key >k? 'DC encrypts k using A9s uniBue key and sends it to A 'DC encrypts k using B9s uniBue key and sends it to B A and B uses k for session
Describe the principle o# "ey management CISSP Seminar: (ust be fully automated &or key discipline and secrecy "o key in clear outside of crypto device &or secrecy and known plainte.t attack resistance Choose keys randomly from entire key space Pattern can be e.ploited by attacker to reduce work 'ey encrypting keys must be separate from data keys "othing appearing in clear is encrypted with key-encrypting-key 'eep '$' invulnerable to brute force attack Disguise all pattern in clearte.t obOect before encryption &ormat, language, alphabet, public code +o resist cipherte.t only attacks :nfreBuently use keys with long life (ore key is used, more likely a successful attack and greater the conseBuences
Describe the concept o# "ey recovery and "ey recovery systems CISSP Seminar: Permits recovery of lost or damaged keys without needs to store or escrow them with a third party 'ey recovery alliance of vendors formed >;3!<!5=? Developed e.portable, worldwide approach to strong encryption to enable secure international commerce Developing modern, high-level crypto E'ey recoveryE solutions (eet business reBuirements $ase crypto import!e.port restrictions worldwide Alliance proposed reBuirements for ideal key recovery system >5!;5!56? /SA Crypto FAQ: One of the barrers to the wdespread use of encrypton n certan contexts s the fact that when a key s somehow "ost", any data encrypted wth that key becomes unusabe. Key recovery s a genera term encompassng the numerous ways of permttng "emergency access" to encrypted data. One common way to perform key recovery, caed key escrow, s to spt a decrypton key (typcay a secret key or an RSA prvate key) nto severa parts and dstrbute these parts to escrow agents or "trustees". In an emergency stuaton (exacty what denes an "emergency stuaton" s context-dependent), these trustees can use ther "shares" of the keys ether to reconstruct the mssng key or smpy to decrypt encrypted communcatons drecty. Ths method s used by Securty Dynamcs' RSA SecurPC product. Another recovery method, caed key encapsuaton, s to encrypt data n a communcaton wth a "sesson key" (whch vares from communcaton to communcaton) and to encrypt that sesson key wth a trustee's pubc key. The encrypted sesson key s sent wth the encrypted communcaton, and so the trustee s abe to decrypt the communcaton when necessary. A varant of ths method, n whch the sesson key s spt nto severa peces, each encrypted wth a dherent trustee's pubc key, s used by TIS' RecoverKey. Key recovery can aso be performed on keys other than decrypton keys. For exampe, a user's prvate sgnng key mght be recovered. From a securty pont of vew, however, the ratonae for recoverng a sgnng key s generay ess compeng than that for recoverng a decrypton key.
Defne Digital Signatre as it Pertains to Cryptography CISSP Seminar: Authentication tool to verify a message origin and a sender identity #esolves authentication issues Block of data attached to message >document, file, record, etc? Binds message to individual whose signature can be verified o By receiver or third party o Can9t be forged $ach user has public-private key pair. /SA Crypto FAQ: The dgta sgnature of a document s a pece of nformaton based on both the document and the sgner's prvate key. It s typcay created through the use of a hash functon and a prvate sgnng functon (encryptng wth the sgner's prvate key), but there are other methods. Authentcaton s any process through whch one proves and veres certan nformaton. Sometmes one may want to verfy the orgn of a document, the dentty of the sender, the tme and date a document was sent and/or sgned, the dentty of a computer or user, and so on. A dgta sgnature s a cryptographc means through whch many of these may be vered.
Describe the Digital Signatre Standard FDSSG CISSP Seminar: ":+ proposed in ;55; ,ses secure hash algorithm >%A? Condenses message to ;=3 bits (odular arithmetic e.ponentiations of large numbers 'ey siNe );<-;3<2 bits Difficult to invert e.ponentiations >security? $Buivalent to factoring >#A? FIPS -,6: Ths Standard speces a Dgta Sgnature Agorthm (DSA) approprate for appcatons requrng a dgta rather than wrtten sgnature. The DSA dgta sgnature s a par of arge numbers represented n a computer as strngs of bnary dgts. The dgta sgnature s computed usng a set of rues (.e., the DSA) and a set of parameters such that the dentty of the sgnatory and ntegrty of the data can be vered. The DSA provdes the capabty to generate and verfy sgnatures.
Defne !peration o# the Digital Signatre Standard CISSP Seminar: To sgn a message ender computes digest of message ,sing public hash function Crypto signature by sender9s private key Applied to digest creates digital signature Digital signature sent with message To verfy a message #eceiver computes digest of message Ierifying functions with sender9s public key Applied to digest and signature received Ierified if both digest match ignature decryption identifies sender /SA Crypto FAQ: The dgta sgnature s computed usng a set of rues (.e., the DSA) and a set of parameters such that the dentty of the sgnatory and ntegrty of the data can be vered. The DSA provdes the capabty to generate and verfy sgnatures. Sgnature generaton makes use of a prvate key to generate a dgta sgnature. Sgnature vercaton makes use of a pubc key whch corresponds to, but s not the same as, the prvate key. Each user possesses a prvate and pubc key par. Pubc keys are assumed to be known to the pubc n genera. Prvate keys are never shared. Anyone can verfy the sgnature of a user by empoyng that user's pubc key. Sgnature generaton can be performed ony by the possessor of the user's prvate key. A hash functon s used n the sgnature generaton process to obtan a condensed verson of data, caed a message dgest. The message dgest s then nput to the DSA to generate the dgta sgnature. The dgta sgnature s sent to the ntended verer aong wth the sgned data (often caed the message). The verer of the message and sgnature veres the sgnature by usng the sender's pubc key. The same hash functon must aso be used n the vercaton process. The hash functon s speced n a separate standard, the Secure Hash Standard (SHS), FIPS 180. Smar procedures may be used to generate and verfy sgnatures for stored as we as transmtted data.
Identi#y the benefts o# the Digital Signatre Standard CISSP Seminar: Provides non-repudiation ,sed with electronic contracts, purchase orders, etcU ,sed to authenticate software, data, images, users, machines. Protect software against viruses mart card with digital signature can verify user to computer /SA Crypto FAQ: The dgta sgnature s computed usng a set of rues (.e., the DSA) and a set of parameters such that the dentty of the sgnatory and ntegrty of the data can be vered.
Defne &on/0epdiation as it pertains to Cryptography CISSP Seminar: Proves message sent and received $nsures sender can9t deny sending #ecipient can9t deny claim that they received something else or deny receiving proper message
Defne @ash #nctions as they pertain to Cryptography CISSP Seminar:
/SA Crypto FAQ: The man roe of a cryptographc hash functon s n the provson of message ntegrty checks and dgta sgnatures. Snce hash functons are generay faster than encrypton or dgta sgnature agorthms, t s typca to compute the dgta sgnature or ntegrty check to some document by appyng cryptographc processng to the document's hash vaue, whch s sma compared to the document tsef. Addtonay, a dgest can be made pubc wthout reveang the contents of the document from whch t s derved. Ths s mportant n dgta tmestampng where, usng hash functons, one can get a document tmestamped wthout reveang ts contents to the tmestampng servce.
Describe the Dse o# Certifcation -thority CISSP Seminar: Binds individuals to their public keys Certification authrority9s digital signature Attest binding Certification authority certification ,ser identification, public key, date A)35 certification standard ":+ "ational Digital ignature Certification Authority study /SA Crypto FAQ: Certcates are ssued by certcaton authorty. Certcates are dgta documents attestng to the bndng of a pubc key to an ndvdua or other entty. They aow vercaton of the cam that a specc pubc key does n fact beong to a specc ndvdua. Certcates hep prevent someone from usng a phony key to mpersonate someone ese. In some cases t may be necessary to create a chan of certcates, each one certfyng the prevous one unt the partes nvoved are condent n the dentty n queston. In ther smpest form, certcates contan a pubc key and a name. As commony used, a certcate aso contans an expraton date, the name of the certfyng authorty that ssued the certcate, a sera number, and perhaps other nformaton. Most mportanty, t contans the dgta sgnature of the certcate ssuer. The most wdey accepted format for certcates s dened by the ITU-T X.509 nternatona standard; thus, certcates can be read or wrtten by any appcaton compyng wth X.509.
Dene Eectronc Document Authorzaton (EDA) CISSP Seminar: AuthoriNes certificates pecifies public key holder authority!power pend, authoriNe payments, perform business functions pecifies limits to prevent abuse Cosignature reBuirements $nalbles checks and balances
Defne and distingish between message athentication code and Code $eneration CISSP Seminar: Message Authentcaton: imple (ACing /eakest form of authentication (AC generation standard 0 A": A5.5 >&:(A? Computed value derived from document Detect accidental!intentional alteration &orgery possible MAC Generaton Algorithm e.amines bitstream Data field output appended to bitstream Before transmission!storage Parity!checksum application Bitstream and (AC (achine!communications error /SA Crypto FAQ: A message authentcaton code (MAC) s an authentcaton tag (aso caed a checksum) derved by appyng an authentcaton scheme, together wth a secret key, to a message. Unke dgta sgnatures, MACs are computed and vered wth the same key, so that they can ony be vered by the ntended recpent. There are four types of MACs: (1) uncondtonay secure, (2) hash functon-based, (3) stream cpher-based, or (4) bock cpher-based. Smmons and Stnson |St95| proposed an uncondtonay secure MAC based on encrypton wth a one-tme pad. The cphertext of the message authentcates tsef, as nobody ese has access to the one- tme pad. However, there has to be some redundancy n the message. An uncondtonay secure MAC can aso be obtaned by use of a one- tme secret key. Hash functon-based MACs (often caed HMACs) use a key or keys n con|uncton wth a hash functon to produce a checksum that s appended to the message. An exampe s the keyed-MD5 method of message authentcaton. Describe 4itstream -thentication CISSP Seminar: -enerate new (AC Compare with original (ac Algorithm Bualities ensitive to bit changes Creates (AC unable to be duplicated
Describe brte #orce attac" as they pertain to Cryptography CISSP Seminar: Tryng a keys /SA Crypto FAQ: Exhaustve key search, or brute-force search, s the basc technque of tryng every possbe key n turn unt the correct key s dented. To dentfy the correct key t may be necessary to possess a pantext and ts correspondng cphertext, or f the pantext has some recognzabe characterstc, cphertext aone mght sumce. Exhaustve key search can be mounted on any cpher and sometmes a weakness n the key schedue of the cpher can hep mprove the emcency of an exhaustve key search attack. Advances n technoogy and computng performance w aways make exhaustve key search an ncreasngy practca attack aganst keys of a xed ength. When DES was desgned, t was generay consdered secure aganst exhaustve key search wthout a vast nanca nvestment n hardware. To date, there s no pubc evdence that such hardware has been constructed. Over the years, however, ths ne of attack w become another ncreasngy attractve to a potenta adversary usefu artce on exhaustve key search can be found n the Wnter 1997 ssue of CryptoBytes avaabe onne at the foowng URL: http://www.rsa.com/rsaabs/pubs/cryptobytes/htm/artce_ndex.htm
Compare and contrast the cost and time ta"en in 4rte 1orce -ttac"s CISSP Seminar: Cost of brute force: Year MIPs Year Cost 56 bt key 40 Bt key 1997 $15.00 $17.0M $260.00 2002 $1.50 $1.7M $26.00 2007 $0.15 $170,000 $2.60 Tme for brute force: Key tested per second 56 bt key 40 bt key 1,000 300,000,000 years 17.5 years 1,000,000 300,000 years 6.2 days 1,000,000,000 300 years 9.0 mnutes 1,000,000,000,000 109 days .5 seconds
/SA Crypto FAQ: Whe exhaustve search of DES's 56-bt key space woud take hundreds of years on the fastest genera purpose computer avaabe today, the growth of the Internet has made t possbe to utze thousands of such machnes n a dstrbuted search by parttonng the key space and dstrbutng sma portons to each of a arge number of computers. In |anuary 1999, the DES Chaenge III was soved n |ust 22 hours and 15 mnutes by the Eectronc Fronter Foundatons `Deep Crack n a combned ehort wth dstrbuted.net. Whe the 56-bt key n DES now ony ohers a few hours of protecton aganst exhaustve search by a modern dedcated machne |We94|, the current rate of ncrease n computng power s such that an 80-bt key as used by Skp|ack can be expected to oher the same eve of protecton aganst exhaustve key search n 18 years tme as DES does today |BDK93|. Absent a ma|or breakthrough n quantum computng, t s unkey that 128-bt keys, such as those used n IDEA or RC5- 32/12/16, w be broken by exhaustve search n the foreseeabe future.
Compare and contrast 4rte 1orceA -nalyticA StatisticalA and Implementation -ttac"s CISSP Seminar: Analytic ,sing algorithm and algebraic manipulation weakness to reduce comple.ity #A factoring attack Double D$ attack tatistical ,sing statistical weakness in design (ore ;9s than 39s in the keystream :mplementation ,sing the specific implementation of the encryption protocol 5) attack of netscape key o deficient key randomiNation o string algorithm T ;<7 bit key
Describe the Commercial C!;SEC Endorsement Program FCCEPG CISSP Seminar: Commerca communcatons securty endorsement program "A and industry relationship Combine government crypto knowledge with industry product-development e.pertise +ype ; or type < high-grade crypto products. +ype ; encrypt classified and ,: o +, ecure telephone unit +ype < encrypts ,: o Authentication devices, transmission security devices, secure 8A"9s The #ournal of Ameri&an 7ndergroung Computing: In the md-80's, NSA ntroduced a program caed the Commerca COMSEC Endorsement Program, or CCEP. CCEP was essentay Cpper n a back box, snce the technoogy was not sumcenty advanced to bud ower-cost chps. Vendors woud |on CCEP (wth the proper securty cearances) and be authorzed to ncorporate cassed agorthms nto communcatons systems. NSA had proposed that they themseves woud actuay provde the keys to end-users of such systems.
Defne the levels o# Encryption as Defned in the CCEP CISSP Seminar: +ype ; or type < high-grade crypto products. +ype ; encrypt classified and ,: o +, ecure telephone unit +ype < encrypts ,: o Authentication devices, transmission security devices, secure 8A"9s
Compare and contrast the di7erences in Export Isses regarding Encryption CISSP Seminar: Ths has to be competed. /SA Crypto FAQ: Cryptography s export-controed for severa reasons. Strong cryptography can be used for crmna purposes or even as a weapon of war. Durng wartme, the abty to ntercept and decpher enemy communcatons s cruca. For that reason, strong cryptography s usuay cassed on the U.S. Muntons Lst as an export-controed commodty, |ust ke tanks and msses. Cryptography s |ust one of many technooges whch s covered by the ITAR (Internatona Tramc n Arms Reguatons). In the Unted States, government agences consder strong encrypton to be systems that use RSA wth key szes over 512-bts or symmetrc agorthms (ke DES, IDEA, or RC5) wth key szes over 40-bts. Snce government encrypton pocy s heavy nuenced by the agences responsbe for gatherng domestc and nternatona ntegence (the FBI and NSA, respectvey) the government s compeed to baance the conctng requrements of makng strong cryptography avaabe for commerca purposes whe st makng t possbe for those agences to break those codes, f need be. The US government does, however, aow 56-bt bock cphers to be exported for nanca cryptography.