Categorias: Todos - algorithms - integrity - attacks - confidentiality

por Richard Falcon 2 anos atrás

598

CASP CAS-002

Cryptography ensures the confidentiality, integrity, authenticity, and non-repudiation of information. Confidentiality is protected through measures like separation of duties and need-to-know principles, countering threats such as social engineering and media reuse.

CASP CAS-002

CASP CAS-004

HOST AND APPLICATION SECURITY

ORGANIZATIONAL SECURITY

SECURITY ANALYSIS/ASSESSMENT

ENTERPRISE COMPUTING

SECURITY POLICY/PROCEDURES

RISK

Availability

providing timely access to resources

The ability to detect modification within a system

Confidentiality

keeping secrets, secret

CRYPTOGRAPHY

Protects Confidentiality, Integrity, Authenticity, and Non-Repudiation. Prevent unauthorized disclosure of information.

Key/Crypto variable

Instruction on how to use the algorithm

Algorithms/Ciphers

Plain Text+Initialization Vector+Algorithm+Key=Cipher Text.
An IV is not always used. Used for sudo randomness.
Key (Crypto Variable)= The instructions on how the algorithm is used.

Kerckhoff's Principal-He said algorithms should be open.

Asymmetric

Two keys issued to each user: Public and Private key.
Provides key exchange, scalability, and non-repudiation.

Cons: slow
--------------------------------------------------------
Privacy/Confidentiality: Always encrypts with the receivers public key. Receiver decrypts with receivers private key which only the receiver has.
Authenticity: Sender encrypts with senders private key. When the receiver is able to decrypt with senders public key, that proves it was encrypted with the senders private key which only the sender has.
Integrity: Create a message digest(Hash) with a hashing algorithm (MD5, SHA-1, SHA-256).
Non-repudiation: Sender encrypts hash with senders private key. Receiver decrypts hash with senders public key. Receiver hashes document-if hashes match, receiver has a guarantee that the message has not been modified. This is called a digital signature.

RSA

Factorization

Discrete Logarithms

Symmetric

Other names = Private Key, Secret Key, Shared Key, or Session Key
Pros: Fast

Cons:
No means for key distribution.
Not scalable
No Authenticity, Integrity, or Non-repudiation

Stream Cipher

Block Cipher

Chunk data in to 64/128/256 bit blocks.
Block ciphers are slower but more secure.
Each block goes through a series of math functions.
Confusion = Complex math for substitution.
Diffusion = Permutation/Rounds

ECB

CBC

DES

16 Rounds

3DES

48 Rounds

Not very efficient.

AES

128/192/256 bit key.
More processor friendly than 3DES

Non-Repudiation

A combination of Integrity and strong Authenticity. A sender cannot dispute the message was sent nor the contents of the message.

Integrity

Modification- Accidental or Intentional

Digital Signature or PKI

Protects Integrity and Authenticity. Detects Intentional Modification.
Takes the message + symmetric key + hashing algorithm.

Hash/Message Digest

Detect accidental modification.
One way math function.

SHA-256

SHA-1

160 bit hash

MD5

Authenticity

Verify the origin of the message.

MAC or Message Authentication Code

Protects Integrity and Authenticity. Detects Intentional Modification.

Digital Signature/PKI

Protects Integrity and Authenticity. Requires PKI infrastructure.

Confidentiality/Privacy

Privacy. Threats to Confidentiality: Social Engineering and Media Reuse.

Solutions

Need to Know

Only the knowledge/privileges to complete you job/duties.

Sepration of Duties

Distinct roles. Sys Admin, Network Team, Active Directory.

Attacks to Confidentiality

Eavesdropping

Protocol Analyzer or Packet Sniffer

Media Reuse

Degauss magnetic media, destroy hard drives.

Social Engineering

Spear Phishing
Whaling