Wondershare EdrawMind
MindMap Gallery CISSP study notes-6 (cryptography and symmetric key algorithms)
- 37
CISSP study notes-6 (cryptography and symmetric key algorithms)
CISSP Chapter 6 content notes and important exercises, which provide the information security field with the means to protect data confidentiality, integrity, authentication and establish secure communication channels, while also helping to meet compliance and legal requirements.
Edited at 2024-02-16 10:45:22
- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
CISSP study notes-6 (cryptography and symmetric key algorithms)
- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
- Recommended to you
- Outline
CISSP study notes-6 (cryptography and symmetric key algorithms)
Knowledge points
Goals of cryptography
Confidentiality
Cryptosystem
Symmetric cryptosystem
asymmetric cryptosystem
Protect data at rest, in motion, and in-use
integrity
Message summary
Digital signature implementation
Such as: hash function
Authentication
challenge-response pattern
Both symmetric and asymmetric can be achieved
non-repudiation
Asymmetric key system provides
cryptography concepts
keykey
key space
a specific range of values, determined by the bit size
algorithm
Kerkhoff's principle: the algorithm is completely public, the key is kept secret, and the cryptosystem is secure
private key cryptosystem
All participants use a shared secret
public key cryptosystem
Each participant has a key pair
cryptography
Create and execute secret codes and passwords
cryptanalysis
How to beat codes and passwords
Cryptography
Cryptosystem
The embodiment of a code or password in software and hardware
cryptographic mathematics
Boolean mathematics
0 and 1, binary
logic operation
and and ^
or or v
not non ~
exclusive or or different
modular function
Take the remainder mod %
One way function
nonce
random number
Zero knowledge proof
Split knowledge
Key escrow is an example of escrow to a third party called a recovery agent.
M of N control
cost function
Efforts to crack a cryptographic system are measured in terms of cost or time
password
code
Does not necessarily provide confidentiality protection
Semaphore, Morse code
password
Always hide the true meaning
shift cipher
Replace password
One time pad Vernam
The key must be at least as long as the encrypted message
Can only be used once
Must be randomly generated
Physical protection of secret book
Movement key password
block cipher
stream cipher
confusion and diffusion
Confusion and diffusion are two basic principles
Obfuscation: The password cannot be determined by continuously modifying the plaintext and analyzing the ciphertext.
Diffusion: One change in the plaintext causes multiple changes to propagate throughout the ciphertext
modern cryptography
Password key
Symmetric key algorithm
Everyone's public key encrypts and decrypts messages, also called a secret key or private key cipher
weakness
Key distribution needs to be secure
Encryption algorithms do not provide non-repudiation
Algorithm lacks scalability
Keys must be frequently reproduced
Advantage
Fast computing speed
Suitable for hardware execution
Asymmetric key algorithm
Public key encryption, private key decryption
advantage
New public key-private key pair for new user
Easy to remove users
Regenerate the key after the private key is compromised
Can provide integrity, authentication and non-repudiation
Easy to distribute
No need to establish communication association in advance
weakness
Slow operation speed
The connection can be established using the public key first, then a symmetric key is exchanged, and subsequent sessions use symmetric encryption algorithms
Hash algorithm
Non-repudiation and integrity
Symmetric cipher
Password operating mode
Electronic codebook mode-ECB
Process one 64-bit block at a time
easy to crack
Cipher Block Connection Mode-CBC
The initialization vector IV needs to be sent to the recipient. If the IV is destroyed, subsequent blocks will not be able to be cracked.
Password feedback mode-CFB
Similar to CBC, but the IV is not the original data, and a link is used
Output feedback mode-OFB
The decryption of subsequent blocks will not be affected by previous transmission errors.
Counter Mode-CTR
Use stream ciphers like CFB and OFB. The seed value is not the previous encryption/decryption operation value, but a simple counter, and errors will not be propagated.
Galois/Counter Mode-GCM
Among the modes in this section, the only one can provide both confidentiality and data authenticity.
Counter Mode with Cipher Block Chained Message Verification Code - CCM
Only used for block ciphers that are 128 bits in length and must use a different nonce for each transmission
GCM and CCM include both confidentiality and data authenticity. ECB, CBC, CFB, OFB and CTR modes only provide confidentiality.
data encryption standards
DES
56-bit key
64-bit ciphertext block
3DES
International Data Encryption Algorithm
Blowfish
Skipjack
Rivest Ciphers
Rivest Cipher 4 RC4
Rivest Cipher 5 RC5
Rivest Cipher 6 RC6
Advanced Encryption Standard
AES
Key length: 128 192 256
CAST
Symmetric key management
Password life cycle
Exam points
Understand the role confidentiality, integrity, and non-repudiation play in cryptographic systems. Secrecy is one of the main goals pursued by cryptography. This goal protects the confidentiality of data at rest and in transit. Integrity assures the message recipient that the data has not been altered (either intentionally or unintentionally) from the time it was created to the time it was accessed. Non-repudiation provides irrefutable proof. The sender of the message did authorize the message. This prevents the sender from later denying that he sent the original message.
Understand the ways in which cryptographic systems achieve authentication goals. Identity authentication can provide user identity protection. Challenge-response protocols are one possibility for performing authentication, requiring the remote user to encrypt a message with a key known only to the communicating parties. Both symmetric and asymmetric cryptosystems can perform authentication.
Familiar with basic cryptography terminology. For a sender to send a private message to a recipient, he first extracts the plaintext (unencrypted) message and then encrypts it using an algorithm and a key. This will generate a ciphertext message for delivery to the recipient. The recipient will then use the same algorithm and key to decrypt the ciphertext and reconstruct the original plaintext message for viewing.
Understand the difference between codes and passwords and explain the basic types of passwords. A code is a cryptographic system of symbols acting on words or phrases that is sometimes confidential but does not always provide confidentiality security services. A password will always hide the true meaning of the message. Understand how the following types of ciphers work: shift ciphers, substitution ciphers (including one-time pads), stream ciphers, and block ciphers.
Understand the requirements for successfully using a one-time pad. For a one-time pad to be successful, the key must be generated randomly and without using any known pattern. The key must be at least as long as the message being encrypted, the pad must be protected from physical leakage, and each pad must be discarded after being used once.
Learn about segmentation. Splitting knowledge means splitting the information or permissions required to perform an operation among multiple users to ensure that no one person has enough permissions to compromise the security of the environment. N only replacing M control is an example of segmented knowledge.
Understanding the Cost Function (Cost Factor) The cost function or cost factor measures the strength of a cryptographic system by measuring the effort required to decrypt a message in terms of cost and/or time. The time and effort required to fully implement a brute force attack on an encryption system is usually expressed by the cost function evaluation. The protection provided by a cryptographic system is directly proportional to the value of its cost function/factor.
Understand the importance of key security. Cryptographic keys provide the necessary element of confidentiality for a cryptographic system. Modern cryptographic systems provide adequate security with keys that are at least 128 bits long.
Learn the differences between symmetric and asymmetric cryptosystems. Symmetric key cryptosystems (or secret key cryptosystems) rely on the use of an exclusive secret key. Symmetric key cryptosystems operate much faster than asymmetric cryptosystems, but they do not support scalability, easy distribution of keys, and non-repudiation. Asymmetric cryptosystems use public-private key pairs for communication between two parties, but operate much slower than symmetric algorithms.
Be able to explain the basic operating modes of symmetric cryptosystems. Symmetric cryptosystems operate in several discrete modes: Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, Counter (CTR) mode, Galois/Counter mode (GCM) and Counter Mode (CCM) with Cipher Block Chained Message Verification Code. ECB mode is considered the least secure and is only used to transmit short messages. 3DES uses two or three different keys to iterate DES three times to increase the effective key strength to 112 or 168 bits respectively.
Learn about Advanced Encryption Standard (AES). The Advanced Encryption Standard (AES) uses the Rijndael algorithm and is a U.S. government standard for securely exchanging sensitive, unclassified data. AES uses 128, 192, and 256-bit key lengths and a fixed block size of 128 bits to achieve a level of security that is far superior to the older DES algorithm.
Important exercises
Ryan manages the cryptographic keys used by his organization at his expense. Here's how he should select and manage these Rachels #达中Which ones are correct? (Check all that apply.) A. If data is expected to remain secret, the key should be long enough to withstand future attacks. B. Keys should be chosen that can be generated through some predictable pattern. C. The key should remain non-deterministic. D. The longer the key, the greater the security strength it can provide.
AD 1 The key is long enough 2 Unpredictably composed, randomly generated 3. Safe destruction is no longer used
You are developing a security product that must facilitate the exchange of symmetric encryption keys between two parties who cannot securely exchange keys face-to-face. Which algorithm might you use? A. Rijndael B. Blowfish C. Vernam D. Diffic-Hellman
D
What comes into play when the relationship between the plaintext and the key is complex enough that an attacker cannot determine the key simply by continually modifying the plaintext and analyzing the ciphertext? (Select all that apply.) A. Confusion B. Displacement C. Polymorphism D. Diffusion
AD Confusion and diffusion are two basic principles Obfuscation: The password cannot be determined by continuously modifying the plaintext and analyzing the ciphertext. Diffusion: One change in the plaintext causes multiple changes to propagate throughout the ciphertext
Randy is implementing an AES-based cryptographic system for internal use within his organization; he would like to learn more about how he can use this cryptographic system to achieve his goals. Which of the following daily targets can be achieved by AES? (Answers that are more useful than all roads.) A. Non-repudiation B. Confidentiality C. Identity authentication D.Integrity
BCD Non-repudiation cannot be achieved with symmetric cryptosystems
Brian discovered encrypted data left behind by attackers when communicating with each other on one of his systems. He tried using various encryption techniques to decrypt the data, but failed. he thinks. The data may be protected using an unbreakable system. So, only which cryptosystem, if executed properly, can be considered unbreakable? A. Shift code B. Replace password C. Commercial Grade Encryption Standard (AES) D. Single copy
D Word Code is the only cryptosystem without loopholes, and there are others.
Helen plans to use one-time pads to meet her organization's unique encryption needs. She attempts to determine the requirements for using such a cryptographic system. So, which of the following are requirements for using a one-time pad? (Check all that apply.) The length of the A encryption key must be at least half the length of the message to be encrypted. B Encryption keys must be randomly generated. C. Each single-time pad must be used only once. D. The one-time pad must be protected from leakage under physical protection.
BCD
Brim manages a symmetric cryptosystem used by 20 users, where each user can communicate privately with any other user. One user has lost control of his account. Brian believes that this user's keys have been compromised. How many keys must she replace? A.1 piece B. 2 C. 19 D. 190
C
Dave is developing a key escrow system that requires multiple people to be present together to quickly complete a transaction, but does not require all participants to be present. What technology is Dave using? A. Split knowledge B.N takes M control C.Cost function D. Zero-knowledge proof
B
Which of the following is used to increase cryptographic strength by encrypting the same message with the same key each time, creating a unique ciphertext each time? A. Initialization vector B. Vigenere Password C steganography D. Stream cipher
A Option B is the replacement password C embeds hidden messages into binary files
Tammy is selecting an operating mode for a symmetric cryptosystem she will use at her workplace. She hopes that the model she sends can not only provide confidentiality protection for the data, but also ensure the authenticity of the data. Which of the following models would meet her requirements? A.ECB B. GCM C. OFB D.CTR
B Only GCM can do this, others can only provide confidentiality.
Which of the following encryption algorithm modes would allow the undesirable properties of errors to propagate between blocks? A. Electronic Code Book (ECB) B. Cipher Block Chaining (CBC) C.Output feedback (OFB) D. Counter (CTR)
B
Victoria was selecting an encryption algorithm for the organization she worked for, and wanted to choose the most secure symmetric algorithm from a list of encryption algorithms supported by a software package she planned to use. If the following algorithms are supported by this package, then is Victoria the best choice? A. AES-256 B. 3DES C.RCA D. Skipjack
A
The ones institute, which has six employees, uses a symmetric key encryption system to ensure the confidentiality of communications. If all employees need to communicate privately with all other employees, how many keys will they need? A.1 piece B. 6 C. 15 D. 30 pieces
C