X.509 IDEA
Motivation and Study Techniques to help you learn, remember, and pass your technical exams!
S/MIME
CISSP CEH More coming soon...
Confidentiality
RSA
Cisco
Visit us
PGP
Key Exchange
www.mindcert.com
Web of Trust not PKI Between application and transport layers Uses digital certs
SSL/TLS
Hidden to the user Browser support AH
IPSec
ESP WAP WTLS Uses SKIPJACK Escrow
Misc Security Applications
Art relating to converting Ciphertext into plaintext without the secret key
Definitions Clipper
Two identical pads/keys
L2TP SSL
Non-repudiation
Traffic Analysis
Inference of information from analysis of traffic
Traffic Padding
Generation of spurious data units Effort/Time needed to overcome a protective measure
Work Factor
Unbreakable
IPSec
Encryption from source to system/Client to Server
Denial of sending a message
Repudiation
An embedded chip
Key stored in two places
Encrypting data on the network
End-to-end Encryption
For government to spy on you!
One time Pad
Pads can only be used once relies on physical storage of the pads
Replace one letter with another one
Substitution Ciphers
Distribution a NIGHTMARE Hiding text in a .JPG
Art relating to encrypting and decrypting information
Cryptanalysis Link Encryption
Wireless
Security Layer
Cryptography
Hiding data in another format
History
Steganography
Monoalphabetic Uses more than one method
Transposition Ciphers
Transposes the keys Does not follow a common pattern
Issuing CA
CA
SSL For e-mail ActiveX Controls
Symmetric
Encryption Categories
Server Personal
Hash Algorithmic
Software Publishers The authenticating agency
The end user or device listed in the subject field of the X.509 certificate A public document containing the rules of the CA
Fundamentals
CA
End Entity
Terminology Certification Path
A trusted body that can verify the authenticity of a person or host Where clients store the Certificate
Secret algorithm Newer
Systems
Secrecy is provided by the key
Keyed Systems
Known algorithm
CISSP
Strength of the algorithm
Encryption Strength
Cryptography
RA
Secrecy of the keys Length of the key
Uses the same key to encrypt and decrypt Encrypts data in discrete blocks
Certificate Repository
Data is padded if required Block
An answer to the symmetric Key Distribution problem
Block size usually 64 or 128 bytes long Most popular method
Ciphers
Based on Public Keys and Private Key pairs Only receiver can decrypt it
Older
PKI
Certificate Policy Statement
The traceable history of parties who have vouched for this certificate
Asymmetric
Types of Certificates
Stream
Confidentiality
Encryption with the Private signature provides Authentication
Fastest Cannot verify stream so not considered as secure as block mode
Authentication Hash provides integrity
56 bit Key
Then encrypted with private key to create a Digital Signature
Industry standard
Integrity
Provided by hashing
Block Cipher Diffusion and Confusion
Combats MITM Attacks
NIST
160 Bits
Uses SHA
DSS
Fast and simple
Uses a shared secret to combine with the hash Faster than using asymmetric with the hash SHA HMAC MD5 HMAC
Problems
Hashed Message Authentication Code (HMAC)
Variants
Asymmetric/Public Key Fundamentals
S/MIME is used for secure emails Faster than using the public/private key pair Provides confidentiality
Verification
Encrypts data bit by bit
Plain text is encrypted with the receivers public key
S/MIME uses session keys to encrypt the message 160 bit HASH 128 bit HASH
Based on Factoring two large prime numbers
S/MIME
Cipher Block Chaining
Symmetric Algorithms Diffusion
MD5 3DES
Based on elliptic curve discreet logarithms Faster than RSA movianVPN
RC4
Based on modular arithmetic
Can use DH
Key Distribution
Key Distribution and Management Issues
Two Fish
S Box
112 or 168 bit DES but with two or three keys
1-448 bit Up to 256 bit 128, 192, or 256 bit
AES
CISSP Cryptography.mmap - 15/05/2009 - Andrew Mason
P Box Conceals the statistical connection between cipher and plain texts
Variable length
Blowfish
Repeated use of a key makes it easier to crack Both sender and receiver must have the same key
Cipher Feedback
Spread the influence of a plain text character
128 bit
IDEA
ECC
Great for PDAs
Electronic Code Book Output Feedback
SHA
Algorithms
Can be cracked
Operating Modes
Symmetric/Private Key Fundamentals
Confusion
RSA
Single key distribution is problematic
DES
Rijndael Supports smart cards and 32, 64 bit processors NIST competition winner
