CASP CAS-004

CRYPTOGRAPHY

r

Protects Confidentiality, Integrity, Authenticity, and Non-Repudiation. Prevent unauthorized disclosure of information.

Confidentiality/Privacy

r

Privacy. Threats to Confidentiality: Social Engineering and Media Reuse.

Attacks to Confidentiality

Social Engineering

r

Spear PhishingWhaling

Media Reuse

r

Degauss magnetic media, destroy hard drives.

Eavesdropping

r

Protocol Analyzer or Packet Sniffer

Solutions

Sepration of Duties

r

Distinct roles. Sys Admin, Network Team, Active Directory.

Need to Know

r

Only the knowledge/privileges to complete you job/duties.

Authenticity

r

Verify the origin of the message.

Digital Signature/PKI

r

Protects Integrity and Authenticity. Requires PKI infrastructure.

MAC or Message Authentication Code

r

Protects Integrity and Authenticity. Detects Intentional Modification.

Integrity

r

Modification- Accidental or Intentional

Hash/Message Digest

r

Detect accidental modification.One way math function.

MD5

SHA-1

r

160 bit hash

SHA-256

MAC or Message Authentication Code

r

Protects Integrity and Authenticity. Detects Intentional Modification. Takes the message + symmetric key + hashing algorithm.

Digital Signature or PKI

r

Protects Integrity and Authenticity. Requires PKI infrastructure.

Non-Repudiation

r

A combination of Integrity and strong Authenticity. A sender cannot dispute the message was sent nor the contents of the message.

Digital Signature/PKI

Algorithms/Ciphers

r

Plain Text+Initialization Vector+Algorithm+Key=Cipher Text.An IV is not always used. Used for sudo randomness. Key (Crypto Variable)= The instructions on how the algorithm is used.Kerckhoff's Principal-He said algorithms should be open.

Symmetric

r

Other names = Private Key, Secret Key, Shared Key, or Session KeyPros: FastCons: No means for key distribution.Not scalableNo Authenticity, Integrity, or Non-repudiation

Block Cipher

r

Chunk data in to 64/128/256 bit blocks.Block ciphers are slower but more secure.Each block goes through a series of math functions.Confusion = Complex math for substitution.Diffusion = Permutation/Rounds

AES

r

128/192/256 bit key.More processor friendly than 3DES

3DES

r

48 RoundsNot very efficient.

DES

r

16 Rounds

CBC

ECB

Stream Cipher

Asymmetric

r

Two keys issued to each user: Public and Private key.Provides key exchange, scalability, and non-repudiation.Cons: slow--------------------------------------------------------Privacy/Confidentiality: Always encrypts with the receivers public key. Receiver decrypts with receivers private key which only the receiver has.Authenticity: Sender encrypts with senders private key. When the receiver is able to decrypt with senders public key, that proves it was encrypted with the senders private key which only the sender has.Integrity: Create a message digest(Hash) with a hashing algorithm (MD5, SHA-1, SHA-256). Non-repudiation: Sender encrypts hash with senders private key. Receiver decrypts hash with senders public key. Receiver hashes document-if hashes match, receiver has a guarantee that the message has not been modified. This is called a digital signature.

Discrete Logarithms

Factorization

RSA

Key/Crypto variable

r

Instruction on how to use the algorithm

RISK

Confidentiality

r

keeping secrets, secret

Integrity

r

The ability to detect modification within a system

Availability

r

providing timely access to resources

SECURITY POLICY/PROCEDURES

ENTERPRISE COMPUTING

SECURITY ANALYSIS/ASSESSMENT

ORGANIZATIONAL SECURITY

HOST AND APPLICATION SECURITY