<<

. 3
( 5 .)



>>


Compare and contrast Symmetric and Asymmetric Key Cryptography
CISSP Seminar:
SYMMETRIC KEY:
Also known as private key, single key, secret key
Key shared by originator and receiver
Computational efficiency advantage
1-100 million bits/sec.
Data Encryption Standard (DES)
ASYMMETRIC KEY:
Also known as public key
Uses 2 asymmetric keys
One to encrypt and one to decrypt
Computationnally slow
Few thousand bits/sec. (early versions)
Rivest-Shamir-Adleman (RSA) algorithm
Related to known mathematical problem
Difficulty factoring product of 2 large prime numbers
RSA Crypto FAQ:
There are two types of cryptosystems: secret-key and public-key.
In secret-key cryptography, also referred to as symmetric cryptography, the same key is used for both encryption and decryption. The most popular secret-key cryptosystem in use today is known as DES, the Data Encryption Standard. IBM developed DES in the middle 1970's and it has been a Federal Standard ever since 1976.
In public-key cryptography, each user has a public key and a private key. The public key is made public while the private key remains secret. Encryption is performed with the public key while decryption is done with the private key.
The RSA public-key cryptosystem is the most popular form of public-key cryptography. RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem.
The Digital Signature Algorithm (DSA) is also a popular public-key technique, though it can only be used only for signatures, not encryption.
The primary advantage of public-key cryptography is increased security and convenience: private keys never need to be transmitted or revealed to anyone. In a secret-key system, by contrast, the secret keys must be transmitted (either manually or through a communication channel) since the same key is used for encryption and decryption. A serious concern is that there may be a chance that an enemy can discover the secret key during transmission.
Another major advantage of public-key systems is they can provide digital signatures that cannot be repudiated. Authentication via secret-key systems requires the sharing of some secret and sometimes requires trust of a third party as well. As a result, a sender can repudiate a previously authenticated message by claiming the shared secret was somehow compromised by one of the parties sharing the secret. For example, the Kerberos secret-key authentication system involves a central database that keeps copies of the secret keys of all users; an attack on the database would allow widespread forgery. Public-key authentication, on the other hand, prevents this type of repudiation; each user has sole responsibility for protecting his or her private-key. This property of public-key authentication is often called non-repudiation.
A disadvantage of using public-key cryptography for encryption is speed. There are many secret-key encryption methods that are significantly faster than any currently available public-key encryption method. Nevertheless, public-key cryptography can be used with secret-key cryptography to get the best of both worlds. For encryption, the best solution is to combine public and secret-key systems in order to get both the security advantages of public-key systems and the speed advantages of secret-key systems. Such a protocol is called a digital envelope.
Public-key cryptography may be vulnerable to impersonation, even if users' private-keys are not available. A successful attack on a certification authority will allow an adversary to impersonate whomever he or she chooses by using a public-key certificate from the compromised authority to bind a key of the adversary's choice to the name of another user.
In some situations, public-key cryptography is not necessary and secret-key cryptography alone is sufficient. These include environments where secure secret key distribution can take place, for example, by users meeting in private. It also includes environments where a single authority knows and manages all the keys, e.g., a closed banking system. Since the authority knows everyone's keys already, there is not much advantage for some to be "public" and others "private." Also, public-key cryptography is usually not necessary in a single-user environment. For example, if you want to keep your personal files encrypted, you can do so with any secret-key encryption algorithm using, say, your personal password as the secret key. In general, public-key cryptography is best suited for an open multi-user environment.
Public-key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. The first use of public-key techniques was for secure key establishment in a secret-key system [DH76]; this is still one of its primary functions. Secret-key cryptography remains extremely important and is the subject of much ongoing study and research.

Identify Types of Encryption Systems
CISSP Seminar:
Classical substitution ciphers
Transposition (permutation) ciphers
Polyalphabetic Ciphers
Running key ciphers
Concealment
Digital System
Codes
Machines
One-Time pad
DES/Clipper
Double/Triple DES
Public Key
RSA
Elliptic curve
PGP
El Gamal
Diffie-Hellman

Compare and contrast Substitution ciphers and Transposition Ciphers
CISSP Seminar:
An example of substitution cipher would be the ‘’Ceasar cipher’’. In which each plaintext character is replaced by the character three to the right of modulo 26 (‘’A’’ is replaced by ‘’D’’, ‘’B’’ is replaced by ‘’E’’, and so on…
Shift alphabet Example:
A B C D E F….. BAD
D E F G H I…… EDG
Scramble Alphabet Example:
A B C D E F….. BAD
Q E Y R T M…. EQR
An example of transposition cipher would be as follows:
Position of letters permuted.
Message broken into 5-character groups
Letters rearranged
don’t give up the ship (Message)
1234512345123451234512345 (Groups of 5)
3512435124351243512435124 (The key)
n’dtoiv egp tu shhe i p (Ciphertext)

RSA Crypto FAQ:
A substitution cipher is one in which each character of the plaintext is substituted for another character of ciphertext. The receiver inverts the substitution on the ciphertext to recover the plaintext.
In a Transposition cipher the plaintext remains the same, but the order of characters is shuffled around.

Describe the concept of Polyalphabetic Ciphers
CISSP Seminar:
Uses different alphabets to defeat frequency analysis.
See example with 5 alphabets below
Example:
a b c d e f g h i (normal alphabet)
q w e r t……………. (1st alphabet)
d m s i k ………… (2nd Alphabet)
o h g x f…………… (3rd Alphabet)
z b n l a ……… (4th Alphabet)
y c v u p …… (5th Alphabet)
abcde (Plaintext)
qdozy (ciphertext)
Applied Cryptography bood, Page 10:
A polyalphabetic cipher is made up of multiple simple substitution cipher. For example, there might be five different simple substitution cipher used; the particular one used changes with the position of each character of the plaintext.

Describe the concept of Concealment Ciphers
CISSP Seminar:
The true letters of plaintext are hidden/disguised
By device or algorithm
Example: divide message
Use 1 word at a time
Have it appear as every 5th word in a sentence
Message in clear text: ‘’Buy gold’’
Message in concealment:
‘’Product is a good BUY, it has ten percent GOLD content’’

Define and describe Steganography
CISSP Seminar:
Stenography is the art of hiding communications
Deny message exists
Data hidden in picture files, sound files, slack space on floppies
I:e Least significant bits of Bitmap image can be used to hide messages, usually without material change to original file.
Applied Cryptography, Page 9:
Steganography serves to hide secret messages in other messages, such that the secret’s very existence is concealed. Generally the sender writes an innocuous message and then conceals a secret message on the same piece of paper. Historical tricks includes invisible inks, tiny pin puncture on selected characters, minute differences between handwritten characters, pencil marks on typewritten characters, grilles which cover most of the message except for a few characters, and so on. More recently people are hiding secrets in graphic image.

Describe Digital System Encryption
CISSP Seminar:
The key and message both streams of bits
Each text character = 8 bits
Each key bit XORed (exclusived-or’ed) with corresponding message bit
XOR operation yields 0 if both bits the same and 1 is different
Example:
MESSAGE STREAM 01001000
KEY STREAM 11010001
CIPHERTEXT STREAM 10011001

Define the word "Codes" as it pertains to Cryptography
CISSP Seminar:
List of words/phrases/ (codes) with corresponding random groups of numbers/letters (code groups)
Applied Cryptography, Page 9:
Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. For example, the word ‘’OCELOT’’ might be the ciphertext of the entire phrase ‘’Turn left 90 degrees’’, the word ‘’LOLLIPOP’’ might be the ciphertext for ‘’Turn right 90 degrees’’, and the words ‘’BENT EAR’’ might be the ciphertext for ‘’HOWITZER’’. Codes are only useful for specialized circumstances. Ciphers are useful for any circumstance. Codes are limited, if your code does not have an entry for a specific word then you can’t say it, you can say anything you wish using cipher.

Compare and contrast Hagelin and Rotor Cryptography Machines
CISSP Seminar:
Hagelin Machine
Combines plain text (character by character) with:
Keystream (long pseudo-random sequence)
To produce cipher text
Rotor Machines
Rotor implements cipher alphabet
Rotor connected in banks
Signal entering one end permuted by each of rotors before leaving at other end
Keyed by changing rotor variables
Rotors/order of rotors
Number of stopping pieces per wheel
Pattern of motion

Describe the use and characteristics of "One-Time-Pad" Encryption
CISSP Seminar:
Unbreakable by exhaustive search (brute force)
Random key same length as message
Only used once
Digital system key and message both bit streams
8 bits per character
Each key bit XORed with corresponding message bit
Produces ciphertext bit
Key bits XORed with ciphertext to decrypt

Describe the history of the DES Encryption
CISSP Seminar:
IBM cryptographic research (late 1960’s)
Modification of Lucifer developed by IBM
Non-linear block ciphers
IBM developed (about 1972)
NBS solucited (about 1973 and 1974)
Adopted (1977)
ANSI approved (1978)
NSA threatened decertification (1987)
NIST recertified for 5 years (1988, 1993)
Network Computing:
The most common private key encryption standard that is used is the Data Encryption Standard (DES) developed by IBM in the early 1970s. It is the de facto industry standard for cryptography systems and is the world’s most commonly used encryption mechanism. This private key system is widely deployed in financial networks including automated teller machines and point-of-sale networks. It was adopted as a Federal Information Processing Standard (FIPS PUB 46) in 1977 and as an American National Standard (ANSI X3.92) in 1981. Further clarification on the modes of use of the algorithm is contained in ANSI standard X3.106.

Describe the DES Algorithm
CISSP Seminar:
64 bit plain and cipher text block size
56 bit true key plus 8 parity bits
Seventy quadrillion possible keys
Single-Chip LSI implentation
About 50$ per unit
16 rounds of simple operations to encrypt
Transposition and substitution
Reverse to decrypt
RSA Crypto FAQ:
The DEA, also called DES, has been extensively studied since its publication and is the best known and widely used symmetric algorithm in the world.
The DEA has a 64-bit block size and uses a 56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). The DEA is a symmetric cryptosystem, specifically a 16-round Feistel cipher and was originally designed for implementation in hardware. When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a message authentication code (MAC). The DEA can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. In a multi-user environment, secure key distribution may be difficult; public-key cryptography provides an ideal solution to this problem.
NIST has recertified DES (FIPS 46-1) every five years; DES was last recertified in 1993, by default. NIST has indicated, however, it will not recertify DES again. The development of AES, the Advanced Encryption Standard is underway. AES will replace DES.
Compare and contrast the Modes of the DES Algorithm
CISSP Seminar:
Electronic code book
64 bits data blocks entered directly into device
64 bits cipher blocks generated under key
Restricted to protection of encrypting keys and initializing vectors
Output Feedback
DES generated keystream XORed with message stream
Simulates one-time-pad
Keystream generated by DES encrypting 64 bits
initialization vector with secret key
DES output bits fed back as input to generate next segment key bits
Cipher Feedback
Device generates stream of random binary bits
Combined with plain text
Generated cipher with same number of bits as text
Cipher text fed back to form a portion of next input
Cipher Block Chaining
64 bit plain text blocks loaded sequentially
XORed with 64 bits initializing vector
Combination processed into cipher under key
First ciphertext XORed with next text block
Process continues until end of plaintext chain
RSA Crypto FAQ:
ECB - Electronic Code Book
Each block of ciphertext is encrypted independently of any other block. Therefore each ciphertext block corresponds to one plaintext block just like in a code book.
CBC - Chain Block Cipher
ECB does not protect against insertion of repeated blocks because blocks are treated independently. Another weakness is that identical plaintext blocks generate identical ciphertext blocks. To improve DES for communication streams each 64 bit block is EXORed with the previous 64 bit ciphertext before entered into the DES chip. In addition to a common secret key the sender and receiver need to agree on an initial vector to be EXORed with the first block of a messages stream.
CFM - Cipher Feedback Mode
CFM is an alternate mode for DES on 8 bit characters. The input character is EXORed with the least significant byte of the DES output and then transmitted over the
communication link. In order to collect enough bits for the 64 bit encryption block the output characters are collected in a character based shift register. Each output character advances the shift register by 8 bits and triggers a new DES encryption. Thereby the next input character will be EXORed with a new DES output. CFM is suitable for use on serial lines.

Describe the caracteristics and usage of Double/Triple DES
CISSP Seminar:
Double DES
Effective key length 112 bits
Work factor about the same as single DES
No more secure
Triple DES
Encrypt with first key
Decrypt with second key
Encrypt with first key
No successfull attack reported
RSA Crypto FAQ:
For some time it has been common practice to protect and transport a key for DES encryption with triple-DES. This means that the input data (in this case the single-DES key) is, in effect encrypted three times. There are of course a variety of ways of doing this; we will explore these ways below.
A number of modes of triple-encryption have been proposed:
DES-EEE3: Three DES encryptions with three different keys.
DES-EDE3:
Three DES operations in the sequence encrypt-decrypt-encrypt with three different keys.
DES-EEE2 and DES-EDE2:
Same as the previous formats except that the first and third operations use the same key.
Attacks on two-key triple-DES have been proposed by Merkle and Hellman [MH81] and Van Oorschot and Wiener [VW91], but the data requirements of these attacks make them impractical. Further information on triple-DES can be obtained from various sources [Bih95][KR96].
The use of double and triple encryption does not always provide the additional security that might be expected. Preneel [Pre94] provides the following comparisons in the security of various versions of multiple-DES and it can be seen that the most secure form of multiple encryption is triple-DES with three distinct keys.
# Encryptions #Keys Computation Storage Type of attack
single 1 2^56 - known plaintext
single 1 2^38 2^38 chosen plaintext
single 1 - 2^56 chosen plaintext
double 2 2^112 - known plaintext
double 2 2^56 2^56 known plaintext
double 2 - 2^112 known plaintext
triple 2 2^56 2^56 2^56 known plaintext
triple 2 2^120-t 2t 2t known plaintext
triple 2 - 2^56 chosen plaintext
triple 3 2^112 2^56 known plaintext
triple 3 2^56 2^112 chosen plaintext

Table 1: Comparison of different forms of DES multiple encryption
Like all block ciphers, triple-DES can be used in a variety of modes. The ANSI X9.52 standard (see Question 5.3.1) details the different ways in which triple-DES might be used and is expected to be completed during 1998.

Compare and Contrast the Relative Benefits of Escrowed Encryption
CISSP Seminar:
To be completed????
Personal comments:
Key escrow is a real can of worm depending on who you are talking to.
There is two side of this, a group that claim it is madatory and another group that claim it would be against their freedom of speech and civil liberties.
Here are some of the degates:
Criminal encryption use exists. Encryption has already been used by criminals to keep their activities secret from the FBI and law enforcement. From 1995 to 1996, the number of cases in which the FBI was foiled by encryption more than doubled (5 to 12).
Encryption is not regulatable outside the US. Non-escrowed strong encryption is already available in over 200 other countries, and it will still be available in these countries, even if the US Government decides to institute an escrowed encryption policy.
Key recovery is expensive. A mandatory key recovery policy, if instituted by the government, would be very costly not only for the government itself (operational costs), but also for software companies that have developed the 800 encryption products currently on the market. These companies will have to completely re-engineer their products in order to comply with the government's new policy.
Escrow has not been thoroughly tested. There are millions of encryption users and thousands of agents and law enforcement agencies. Key escrow has never been tested in a wide-scale environment.
Mandatory escrow can be circumvented. There is no way to "scan" the Internet to detect use of non-escrowed encryption. Key recovery leaves a "back door" in the software. Our nation's critical systems (air traffic control, defense systems, the power grid, etc.) would likely be protected by key recovery. There is no way to ensure that the system will be safe from hackers and terrorists.
Escrow involves humans. As with any type of security system involving humans, there are vulnerabilities.
The government would hold the key to everyone's personal data. Under current proposed legislation, keys would be released by a court subpoena, not a judicial order.

Define "Clipper" and the "Shipjack" Algorithm
CISSP Seminar:
Clipper
Tamper-resistant hardware chip
NSA-designed single-key encryption algorithm (shipjack)
Decrypted by special chip, unique key and special law enforcement access field (LEAF) transmitted with encrypted communication.

<<

. 3
( 5 .)



>>