top of page

Domain 3: Security Engineering

Study Notes

Cryptography

Real-World Demo of Symmetric Key Encryption 

​

  • Associate These Terms With Cryptography

    • Confidentiality, integrity, nonrepudiation, digital signatures, authentication, IPSec, VPNs, SSL, TLS

  • Historical Cryptography Stuff

    • Caesar Substitution, Scytale, Enigma

Symmetric Key Encryption | noitpyrcnE yeK cirtemmyS

​

  • Types of Symmetric Key Block Ciphers

    • DES

      • For DES, remember it has a 64-bit cipher, but only a 56-bit key length is used.  The other 8 bits are for parity.​

      • DES also has 16 rounds of substitution and transposition

      • DES Modes: ECB, CBC, CFB, OFB, CTR

      • FYI: Block ciphers use confusion and diffusion 

    • AES

      • AES-256 is the STRONGEST encryption method for the CISSP exam!

      • Key size cipher rounds: 128-bit, 192-bit, 256-bit​

      • Uses substitution, shift row, column mixing

    • Other types of block ciphers

      • 3DES, AES, RC6, Blowfish, Twofish, Skipjack, IDEA

Why Do We Use Cryptography?

Where Do We Use Cryptography?

 

  • Public Key Infrastructure (PKI)

    • Think public/private keys​

  • HTTPS/SSL

    • Cryptographic ciphers are exchanged after the TCP Handshake and during the SSL Handshake​

  • SSH

    • SSH is the more secure version of Telnet as it uses public/private keys ​

  • PGP

    • We use asymmetric encryption when using PGP for email​

  • IPSec VPN

    • Cryptography is used heavily in IPSec VPNs to create an encrypted tunnel that is near impossible to break

 

  • For Confidentiality

    • Unauthorized persons cannot see or decode the data unless they have a private key, symmetric key, or session key​​

  • For Integrity

    • Unauthorized persons cannot change ​the data

    • Authorized persons cannot accidentally change the data

  • Availability? 

    • In terms of availability, it is not associated with cryptography that much.  â€‹Sure, data at rest is encrypted, but when it comes to the CISSP, availability is not usually associated with cryptography

  • Authentication 

    • Verifies the identity of a person or subject

    • This includes people, processes, and systems​

    • Important note: authentication is NOT a part of the CIA Triad

  • Non-repudiation

    • A technique of confirming the original sender​

    • Disallows the sender to deny they sent a message

      • Important when it comes to accountability, logging, and auditing​

Cryptography Terms and Definitions

 

  • Cryptosystem

    • Everything you basically need to implement encryption  

    • You'll pick some method to generate a key

    • One key will enrypt

    • One key will decrypt 

  • Plaintext or cleartext

    • Data before it is encrypted ​

    • Example "Meet me at 3PM" 

  • Ciphertext

    • Data after it is encrypted

    • Example "@:L#jk09'PFIJ093jf"

  • Algorithm

    • The mathmatical ​calculations required to turn plaintext into ciphertext 

  • Encrypt

    • Change from plaintext to ciphertext​

  • Decrypt

    • Change from ciphertext to plaintext​

  • Work factor

    • The amount of time it takes to break an algorithm​

    • The amount of time it takes to figure out an encryption key

  • Key

    • For each algorithm used, there is a key 

    • The keys are the ones that make each ciphertext unique

    • The keys to an algorithm is what hackers will try to get

    • Can be symmetric or asymmetric ​

    • Each key should ALWAYS generate a different set of ciphertext if used on the same plaintext

  • Keyspace

    • The amount of 1's and 0's that can be used to create a key​

  • Key clustering

    • When the same ciphertext is generated from the same plaintext​

    • This is NOT good

    • You want every key to have a unique ciphertext output 

  • Initialization Vector

    • Sometimes patterns are created if the same keyspace or keys are used over and over again.  â€‹

    • An IV injects a small random number to eliminate any patterns 

    • Used in DES-CBC mode

  • Salt

    • Kind of like an initialization vector​

    • Used for increasing the randomness and unpredictability of ciphertext

Fields of Cryptography

 

  • Cryptography

    • graphy means writing​

    • It means the science of coming up with difference types of super strong algorithms​​

  • Cryptanalysis​

    • analysis means analysis​

    • It is the art of breaking the algorithms created in cryptography 

    • The NSA employs cryptanalyst to help break encryption ciphers to decode messages

  • Cryptology

    • logy means reading ​

    • It is the study of both cryptography and cryptanalysis

    • The study of creating encryption ciphers, and the study of breaking encryption ciphers

bottom of page