Domain 3: Security Engineering
Study Notes
Cryptography
RealWorld Demo of Symmetric Key Encryption

Associate These Terms With Cryptography

Confidentiality, integrity, nonrepudiation, digital signatures, authentication, IPSec, VPNs, SSL, TLS


Historical Cryptography Stuff

Caesar Substitution, Scytale, Enigma

Symmetric Key Encryption  noitpyrcnE yeK cirtemmyS

Types of Symmetric Key Block Ciphers

DES

For DES, remember it has a 64bit cipher, but only a 56bit key length is used. The other 8 bits are for parity.

DES also has 16 rounds of substitution and transposition

DES Modes: ECB, CBC, CFB, OFB, CTR

FYI: Block ciphers use confusion and diffusion


AES

AES256 is the STRONGEST encryption method for the CISSP exam!

Key size cipher rounds: 128bit, 192bit, 256bit

Uses substitution, shift row, column mixing


Other types of block ciphers

3DES, AES, RC6, Blowfish, Twofish, Skipjack, IDEA


Why Do We Use Cryptography?
Where Do We Use Cryptography?

Public Key Infrastructure (PKI)

Think public/private keys


HTTPS/SSL

Cryptographic ciphers are exchanged after the TCP Handshake and during the SSL Handshake


SSH

SSH is the more secure version of Telnet as it uses public/private keys


PGP

We use asymmetric encryption when using PGP for email


IPSec VPN

Cryptography is used heavily in IPSec VPNs to create an encrypted tunnel that is near impossible to break


For Confidentiality

Unauthorized persons cannot see or decode the data unless they have a private key, symmetric key, or session key


For Integrity

Unauthorized persons cannot change the data

Authorized persons cannot accidentally change the data


Availability?

In terms of availability, it is not associated with cryptography that much. Sure, data at rest is encrypted, but when it comes to the CISSP, availability is not usually associated with cryptography


Authentication

Verifies the identity of a person or subject

This includes people, processes, and systems

Important note: authentication is NOT a part of the CIA Triad


Nonrepudiation

A technique of confirming the original sender

Disallows the sender to deny they sent a message

Important when it comes to accountability, logging, and auditing


Cryptography Terms and Definitions

Cryptosystem

Everything you basically need to implement encryption

You'll pick some method to generate a key

One key will enrypt

One key will decrypt


Plaintext or cleartext

Data before it is encrypted

Example "Meet me at 3PM"


Ciphertext

Data after it is encrypted

Example "@:L#jk09'PFIJ093jf"


Algorithm

The mathmatical calculations required to turn plaintext into ciphertext


Encrypt

Change from plaintext to ciphertext


Decrypt

Change from ciphertext to plaintext


Work factor

The amount of time it takes to break an algorithm

The amount of time it takes to figure out an encryption key


Key

For each algorithm used, there is a key

The keys are the ones that make each ciphertext unique

The keys to an algorithm is what hackers will try to get

Can be symmetric or asymmetric

Each key should ALWAYS generate a different set of ciphertext if used on the same plaintext


Keyspace

The amount of 1's and 0's that can be used to create a key


Key clustering

When the same ciphertext is generated from the same plaintext

This is NOT good

You want every key to have a unique ciphertext output


Initialization Vector

Sometimes patterns are created if the same keyspace or keys are used over and over again.

An IV injects a small random number to eliminate any patterns

Used in DESCBC mode


Salt

Kind of like an initialization vector

Used for increasing the randomness and unpredictability of ciphertext

Fields of Cryptography

Cryptography

graphy means writing

It means the science of coming up with difference types of super strong algorithms


Cryptanalysis

analysis means analysis

It is the art of breaking the algorithms created in cryptography

The NSA employs cryptanalyst to help break encryption ciphers to decode messages


Cryptology

logy means reading

It is the study of both cryptography and cryptanalysis

The study of creating encryption ciphers, and the study of breaking encryption ciphers
