. 5
( 5 .)

The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures. Signature generation makes use of a private key to generate a digital signature. Signature verification makes use of a public key which corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Public keys are assumed to be known to the public in general. Private keys are never shared. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the
user's private key.
A hash function is used in the signature generation process to obtain a condensed version of data, called a message digest. The message digest is then input to the DSA to generate the digital signature. The digital signature is sent to the intended verifier along with the signed data (often called the message). The verifier of the message and signature verifies the signature by using the sender's public key. The same hash function must also be used in the verification process. The hash function is specified in a separate standard, the Secure Hash Standard (SHS), FIPS 180. Similar procedures may be used to generate and verify signatures for stored as well as transmitted data.

Identify the benefits of the Digital Signature Standard
CISSP Seminar:
Provides non-repudiation
Used with electronic contracts, purchase orders, etc…
Used to authenticate software, data, images, users, machines.
Protect software against viruses
Smart card with digital signature can verify user to computer
RSA Crypto FAQ:
The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified.

Define Non-Repudiation as it pertains to Cryptography
CISSP Seminar:
Proves message sent and received
Ensures sender can’t deny sending
Recipient can’t deny claim that they received something else or deny receiving proper message

Define Hash functions as they pertain to Cryptography
CISSP Seminar:

RSA Crypto FAQ:
The main role of a cryptographic hash function is in the provision of message integrity checks and digital signatures. Since hash functions are generally faster than encryption or digital signature algorithms, it is typical to compute the digital signature or integrity check to some document by applying cryptographic processing to the document's hash value, which is small compared to the document itself. Additionally, a digest can be made public without revealing the contents of the document from which it is derived. This is important in digital timestamping where, using hash functions, one can get a document timestamped without revealing its contents to the timestamping service.

Describe the Use of Certification Authority
CISSP Seminar:
Binds individuals to their public keys
Certification authrority’s digital signature
Attest binding
Certification authority certification
User identification, public key, date
X509 certification standard
NIST National Digital Signature Certification Authority study
RSA Crypto FAQ:
Certificates are issued by certification authority. Certificates are digital documents attesting to the binding of a public key to an individual or other entity. They allow verification of the claim that a specific public key does in fact belong to a specific individual. Certificates help prevent someone from using a phony key to impersonate someone else. In some cases it may be necessary to create a chain of certificates, each one certifying the previous one until the parties involved are confident in the identity in question.
In their simplest form, certificates contain a public key and a name. As commonly used, a certificate also contains an expiration date, the name of the certifying authority that issued the certificate, a serial number, and perhaps other information. Most importantly, it contains the digital signature of the certificate issuer. The most widely accepted format for certificates is defined by the ITU-T X.509 international standard; thus, certificates
can be read or written by any application complying with X.509.

Define Electronic Document Authorization (EDA)
CISSP Seminar:
Authorizes certificates
Specifies public key holder authority/power
Spend, authorize payments, perform business functions
Specifies limits to prevent abuse
Cosignature requirements
Enalbles checks and balances

Define and distinguish between message authentication code and Code Generation
CISSP Seminar:
Message Authentication:
Simple MACing
Weakest form of authentication
MAC generation standard – ANSI X9.9 (FIMAS)
Computed value derived from document
Detect accidental/intentional alteration
Forgery possible
MAC Generation
Algorithm examines bitstream
Data field output appended to bitstream
Before transmission/storage
Parity/checksum application
Bitstream and MAC
Machine/communications error
RSA Crypto FAQ:
A message authentication code (MAC) is an authentication tag (also called a checksum) derived by appying an authentication scheme, together with a secret key, to a message. Unlike digital signatures, MACs are computed and verified with the same key, so that they can only be verified by the intended recipient.
There are four types of MACs: (1) unconditionally secure, (2) hash function-based, (3) stream cipher-based, or (4) block cipher-based.
Simmons and Stinson [Sti95] proposed an unconditionally secure MAC based on encryption with a one-time pad. The ciphertext of the message authenticates itself, as nobody else has access to the one-time pad. However, there has to be some redundancy in the message. An unconditionally secure MAC can also be obtained by use of a one-time secret key.
Hash function-based MACs (often called HMACs) use a key or keys in conjunction with a hash function to produce a checksum that is appended to the message. An example is the keyed-MD5 method of message authentication.
Describe Bitstream Authentication
CISSP Seminar:
Generate new MAC
Compare with original
Mac Algorithm qualities
Sensitive to bit changes
Creates MAC unable to be duplicated

Describe brute force attack as they pertain to Cryptography
CISSP Seminar:
Trying all keys
RSA Crypto FAQ:
Exhaustive key search, or brute-force search, is the basic technique of trying every possible key in turn until the correct key is identified. To identify the correct key it may be necessary to possess a plaintext and its corresponding ciphertext, or if the plaintext has some recognizable characteristic, ciphertext alone might suffice. Exhaustive key search can be mounted on any cipher and sometimes a weakness in the key schedule of the cipher can help improve the efficiency of an exhaustive key search attack.
Advances in technology and computing performance will always make exhaustive key search an increasingly practical attack against keys of a fixed length. When DES was designed, it was generally considered secure against exhaustive key search without a vast financial investment in hardware. To date, there is no public evidence that such hardware has been constructed. Over the years, however, this line of attack will become another increasingly attractive to a potential adversary useful article on exhaustive key search can be found in the Winter 1997 issue of CryptoBytes available online at the following URL: http://www.rsa.com/rsalabs/pubs/cryptobytes/html/article_index.html

Compare and contrast the cost and time taken in Brute Force Attacks
CISSP Seminar:
Cost of brute force:
Year MIPs Year Cost 56 bit key 40 Bit key
1997 $15.00 $17.0M $260.00
2002 $1.50 $1.7M $26.00
2007 $0.15 $170,000 $2.60
Time for brute force:
Key tested per second 56 bit key 40 bit key
1,000 300,000,000 years 17.5 years
1,000,000 300,000 years 6.2 days
1,000,000,000 300 years 9.0 minutes
1,000,000,000,000 109 days .5 seconds

RSA Crypto FAQ:
While exhaustive search of DES's 56-bit key space would take hundreds of years on the fastest general purpose computer available today, the growth of the Internet has made it possible to utilize thousands of such machines in a distributed search by partitioning the key space and distributing small portions to each of a large number of computers. In January 1999, the DES Challenge III was solved in just 22 hours and 15 minutes by the Electronic Frontier Foundation?s `Deep Crack? in a combined effort with distributed.net.
While the 56-bit key in DES now only offers a few hours of protection against exhaustive search by a modern dedicated machine [Wie94], the current rate of increase in computing power is such that an 80-bit key as used by Skipjack can be expected to offer the same level of protection against exhaustive key search in 18 years time as DES does today [BDK93]. Absent a major breakthrough in quantum computing, it is unlikely that 128-bit keys, such as those used in IDEA or RC5-32/12/16, will be broken by exhaustive search in the foreseeable future.

Compare and contrast Brute Force, Analytic, Statistical, and Implementation Attacks
CISSP Seminar:
Using algorithm and algebraic manipulation weakness to reduce complexity
RSA factoring attack
Double DES attack
Using statistical weakness in design
More 1’s than 0’s in the keystream
Using the specific implementation of the encryption protocol
95 attack of netscape key
deficient key randomization
string algorithm + 128 bit key

Describe the Commercial COMSEC Endorsement Program (CCEP)
CISSP Seminar:
Commercial communications security endorsement program
NSA and industry relationship
Combine government crypto knowledge with industry product-development expertise
Type 1 or type 2 high-grade crypto products.
Type 1 encrypt classified and SUI
STU Secure telephone unit
Type 2 encrypts SUI
Authentication devices, transmission security devices, secure LAN’s
The journal of American Undergroung Computing:
In the mid-80's, NSA introduced a program called the Commercial COMSEC Endorsement Program, or CCEP.
CCEP was essentially Clipper in a black box, since the technology was not sufficiently advanced to build lower-cost chips. Vendors would join CCEP (with the proper security clearances) and be authorized to incorporate classified algorithms into communications systems. NSA had proposed that they themselves would actually provide the keys to end-users of such systems.

Define the levels of Encryption as Defined in the CCEP
CISSP Seminar:
Type 1 or type 2 high-grade crypto products.
Type 1 encrypt classified and SUI
STU Secure telephone unit
Type 2 encrypts SUI
Authentication devices, transmission security devices, secure LAN’s

Compare and contrast the differences in Export Issues regarding Encryption
CISSP Seminar:
This has to be completed.
RSA Crypto FAQ:
Cryptography is export-controlled for several reasons. Strong cryptography can be used for criminal purposes or even as a weapon of war. During wartime, the ability to intercept and decipher enemy communications is crucial. For that reason, strong cryptography is usually classified on the U.S. Munitions List as an export-controlled commodity, just like tanks and missiles.
Cryptography is just one of many technologies which is covered by the ITAR (International Traffic in Arms Regulations).
In the United States, government agencies consider strong encryption to be systems that use RSA with key sizes over 512-bits or symmetric algorithms (like DES, IDEA, or RC5) with key sizes over 40-bits. Since government encryption policy is heavily influenced by the agencies responsible for gathering domestic and international intelligence (the FBI and NSA, respectively) the government is compelled to balance the conflicting requirements of making strong cryptography available for commercial purposes while still making it possible for those agencies to break those codes, if need be. The US government does, however, allow 56-bit block ciphers to be exported for financial cryptography.


. 5
( 5 .)