por Richard Falcon 2 anos atrás
598
Mais informações
providing timely access to resources
The ability to detect modification within a system
keeping secrets, secret
Protects Confidentiality, Integrity, Authenticity, and Non-Repudiation. Prevent unauthorized disclosure of information.
Instruction on how to use the algorithm
Plain Text+Initialization Vector+Algorithm+Key=Cipher Text.
An IV is not always used. Used for sudo randomness.
Key (Crypto Variable)= The instructions on how the algorithm is used.
Kerckhoff's Principal-He said algorithms should be open.
Two keys issued to each user: Public and Private key.
Provides key exchange, scalability, and non-repudiation.
Cons: slow
--------------------------------------------------------
Privacy/Confidentiality: Always encrypts with the receivers public key. Receiver decrypts with receivers private key which only the receiver has.
Authenticity: Sender encrypts with senders private key. When the receiver is able to decrypt with senders public key, that proves it was encrypted with the senders private key which only the sender has.
Integrity: Create a message digest(Hash) with a hashing algorithm (MD5, SHA-1, SHA-256).
Non-repudiation: Sender encrypts hash with senders private key. Receiver decrypts hash with senders public key. Receiver hashes document-if hashes match, receiver has a guarantee that the message has not been modified. This is called a digital signature.
RSA
Factorization
Discrete Logarithms
Other names = Private Key, Secret Key, Shared Key, or Session Key
Pros: Fast
Cons:
No means for key distribution.
Not scalable
No Authenticity, Integrity, or Non-repudiation
Stream Cipher
Block Cipher
Chunk data in to 64/128/256 bit blocks.
Block ciphers are slower but more secure.
Each block goes through a series of math functions.
Confusion = Complex math for substitution.
Diffusion = Permutation/Rounds
ECB
CBC
DES
16 Rounds
3DES
48 Rounds
Not very efficient.
AES
128/192/256 bit key.
More processor friendly than 3DES
A combination of Integrity and strong Authenticity. A sender cannot dispute the message was sent nor the contents of the message.
Modification- Accidental or Intentional
Protects Integrity and Authenticity. Detects Intentional Modification.
Takes the message + symmetric key + hashing algorithm.
Detect accidental modification.
One way math function.
SHA-256
SHA-1
160 bit hash
MD5
Verify the origin of the message.
Protects Integrity and Authenticity. Detects Intentional Modification.
Protects Integrity and Authenticity. Requires PKI infrastructure.
Privacy. Threats to Confidentiality: Social Engineering and Media Reuse.
Need to Know
Only the knowledge/privileges to complete you job/duties.
Sepration of Duties
Distinct roles. Sys Admin, Network Team, Active Directory.
Eavesdropping
Protocol Analyzer or Packet Sniffer
Media Reuse
Degauss magnetic media, destroy hard drives.
Social Engineering
Spear Phishing
Whaling