Domain 3: Security Engineering
Study Notes
Cryptography
RealWorld Demo of Symmetric Key Encryption
â€‹

Associate These Terms With Cryptography

Confidentiality, integrity, nonrepudiation, digital signatures, authentication, IPSec, VPNs, SSL, TLS


Historical Cryptography Stuff

Caesar Substitution, Scytale, Enigma

Symmetric Key Encryption  noitpyrcnE yeK cirtemmyS
â€‹

Types of Symmetric Key Block Ciphers

DES

For DES, remember it has a 64bit cipher, but only a 56bit key length is used. The other 8 bits are for parity.â€‹

DES also has 16 rounds of substitution and transposition

DES Modes: ECB, CBC, CFB, OFB, CTR

FYI: Block ciphers use confusion and diffusion


AES

AES256 is the STRONGEST encryption method for the CISSP exam!

Key size cipher rounds: 128bit, 192bit, 256bitâ€‹

Uses substitution, shift row, column mixing


Other types of block ciphers

3DES, AES, RC6, Blowfish, Twofish, Skipjack, IDEA


Why Do We Use Cryptography?
Where Do We Use Cryptography?

Public Key Infrastructure (PKI)

Think public/private keysâ€‹


HTTPS/SSL

Cryptographic ciphers are exchanged after the TCP Handshake and during the SSL Handshakeâ€‹


SSH

SSH is the more secure version of Telnet as it uses public/private keys â€‹


PGP

We use asymmetric encryption when using PGP for emailâ€‹


IPSec VPN

Cryptography is used heavily in IPSec VPNs to create an encrypted tunnel that is near impossible to break


For Confidentiality

Unauthorized persons cannot see or decode the data unless they have a private key, symmetric key, or session keyâ€‹â€‹


For Integrity

Unauthorized persons cannot change â€‹the data

Authorized persons cannot accidentally change the data


Availability?

In terms of availability, it is not associated with cryptography that much. â€‹Sure, data at rest is encrypted, but when it comes to the CISSP, availability is not usually associated with cryptography


Authentication

Verifies the identity of a person or subject

This includes people, processes, and systemsâ€‹

Important note: authentication is NOT a part of the CIA Triad


Nonrepudiation

A technique of confirming the original senderâ€‹

Disallows the sender to deny they sent a message

Important when it comes to accountability, logging, and auditingâ€‹


Cryptography Terms and Definitions

Cryptosystem

Everything you basically need to implement encryption

You'll pick some method to generate a key

One key will enrypt

One key will decrypt


Plaintext or cleartext

Data before it is encrypted â€‹

Example "Meet me at 3PM"


Ciphertext

Data after it is encrypted

Example "@:L#jk09'PFIJ093jf"


Algorithm

The mathmatical â€‹calculations required to turn plaintext into ciphertext


Encrypt

Change from plaintext to ciphertextâ€‹


Decrypt

Change from ciphertext to plaintextâ€‹


Work factor

The amount of time it takes to break an algorithmâ€‹

The amount of time it takes to figure out an encryption key


Key

For each algorithm used, there is a key

The keys are the ones that make each ciphertext unique

The keys to an algorithm is what hackers will try to get

Can be symmetric or asymmetric â€‹

Each key should ALWAYS generate a different set of ciphertext if used on the same plaintext


Keyspace

The amount of 1's and 0's that can be used to create a keyâ€‹


Key clustering

When the same ciphertext is generated from the same plaintextâ€‹

This is NOT good

You want every key to have a unique ciphertext output


Initialization Vector

Sometimes patterns are created if the same keyspace or keys are used over and over again. â€‹

An IV injects a small random number to eliminate any patterns

Used in DESCBC mode


Salt

Kind of like an initialization vectorâ€‹

Used for increasing the randomness and unpredictability of ciphertext

Fields of Cryptography

Cryptography

graphy means writingâ€‹

It means the science of coming up with difference types of super strong algorithmsâ€‹â€‹


Cryptanalysisâ€‹

analysis means analysisâ€‹

It is the art of breaking the algorithms created in cryptography

The NSA employs cryptanalyst to help break encryption ciphers to decode messages


Cryptology

logy means reading â€‹

It is the study of both cryptography and cryptanalysis

The study of creating encryption ciphers, and the study of breaking encryption ciphers
