click below
click below
Normal Size Small Size show me how
Security Systems Ch8
Chapter 8 vocab
Question | Answer |
---|---|
Cryptology | -is the science of encryption, it encompasses cryptography and cryptanalysis. |
Cryptography | -From the Greek word kryptos, meaning hidden, and graphein, meaning to write. The process of making and using codes to secure transmission of information. |
Encryption | -is the process of converting an original message into a form that is unreadable by unauthorized individuals |
Decryption | -is the process of converting the ciphertext message back into plaintext so it can be readily understood. |
Algorithm | -is the programmatic steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; sometimes refers to the programs that enable the cryptographic processes. |
Cipher or cryptosystem | -is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption |
Ciphertext or cryptogram | -is the encoded message resulting from an encryption |
Code | -the process of converting components (words or phrases) of an unencrypted message into encrypted components. |
Decipher | -To decrypt or convert ciphertext into the equivalent plaintext |
Encipher | -To encrypt or convert plaintext into the equivalent ciphertext |
Key or cryptovariable | -is the information used in conjunction with an algorithm to create the ciphertext form the plaintext or derive the plaintext from the ciphertext; the key can be a series of bits used by a computer program, or it can be a passphrase used by humans that is |
Keyspace | - is the entire range of values that can be used to construct an individual key |
Link encryption | -is a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using different keys and sends it to the next neighbor, and this process continues until the m |
Plaintext or ciphertext | -is the original unencrypted message, or a message that has been successfully decrypted. |
Steganography | - is the hiding of messages--for example, within the digital encoding of a picture or graphic |
Work factor | is the amount of effort (usually in hours) required to perform cryptoanalysis to decode an encrypted message when the key or algorithm (or both) are unknown |
Cryptosystems | -are made up of a number -is the amount of effort (usually in hours) required to perform cryptoanalysis to decode an encrypted message when the key or algorithm (or both) are unknown of elements or components such as algorithms, data handling techniques, |
2 methods of encrypting plaintext | : the bit stream method or the block cipher method. |
Bit stream method | - each bit in the plaintext is transformed into a cipher bit one bit at a time. They commonly use algorithm functions like the exclusive OR operation (XOR). |
Block cipher method | -the message is divided into blocks. They use substitution, transposition, XOR, or some combination of these operations. |
Substitution cipher | -in an encryption, an encryption method that involves the substitution of one value for another. |
Monoalphabetic substitution | -is the substitution of one value for another using a single alphabet |
Polyalphabetic substitution | - the substitution of one value for another, using two or more alphabets |
Vigenere cipher | -is an advanced type of substitution cipher that uses a simple polyalphabetic code and involves using the Vigenere Square, which is made up of 26 distinct cipher alphabets |
Transposition cipher | - (or permutation cipher) is the rearranging of values within a block to create coded information |
Exclusive OR operation (XOR | )- is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0. If the two bits are not the same, the result is a binary 1. |
Vernam cipher | -is an element of cryptosystems that was developed by AT&T and uses a set of characters only one time for each encryption process. Also known as the one-time pad |
Hash functions | - are mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm the identity of a specific message and to confirm that there have not been any changes to the content. |
Hash algorithms | -are public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value. |
Message digest | -is a fingerprint of the author's message that is compared with the recipient's locally calculate hash of the same message |
Message authentication code (MAC)- | is a key-dependent, one-way hash function--that allows only specific recipients (symmetric key holders) to access the message digest. |
Secure Hash Standards (SHS) | - is a standard issued by the National Institute of Standards and Technology (NIST). It is an encryption norm that specifies SHA-1 (Secure Hash Algorithm 1) as a secure algorithm for computing a condensed representation of a message or data file |
Time-memory tradeoff attack- | is a method of attack in which attackers compare hashed text against a database of precomputed hashes from sequentially calculated passwords |
Secret key | -is a password or passphrase used in private key or symmetric encryption |
Private Key encryption or symmetric encryption- | is a method of communicating on a network using a single key to both encrypt and decrypt a message. |
Data encryption standard (DES) | - is an algorithm that is federally approved for encryption. The algorithm is based on the Data Encryption Algorithm (DEA), which uses a 64-bit block size and a 56-bit key |
Triple DES (3DES) | - is an enhancement to the Data Encryption Standard (DES). An algorithm that uses up to three keys to perform three different encryption operations. |
Advanced Encryption Standards (AES | )-is a Federal Information Processing Standard (FIPS) that specifies a cryptographic algorithm for use within the U.S. government to protect information in federal agencies that are not part of the national defense infrastructure. |
Public key encryption or asymmetric encryption- | is a method of communicating on a network using two different but related keys, one to encrypt and the other to decrypt messages. |
Trapdoor- | is a secret mechanism that enables you to easily accomplish the reverse function in a one-way mechanism |
RSA algorithm- | most popular public key cryptosystems, whose name is derived from Rivest-Shamir-Adleman. It is the de facto standard for public use encryption applications. The security of the algorithm is based on the computational difficulty of factoring large composi |
Public-key Infrastructure (PKI) | - is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. They are based on public-key cryptosystems and include digital certificates and certificate |
Digital Certificates | - are public-key container files that allow computer programs to validate the key and identify to whom it belongs. |
Authentication | -Individuals, organizations, and Web servers can validate the identity of each of the parties in an Internet transaction. |
Integrity | -Content signed by the certificate is known to be unaltered while being moved from host to server to client |
Privacy | -Information is protected from being intercepted during transmission. |
Authorization | -is the validated identity of users and programs can enable authorization rules that remain in place for the duration of a transaction; this reduces some of the overhead and allows for more control of access privileges for specific transactions. |
Nonrepudiation | -Customers or partners can be held accountable for transactions, such as online purchases, which they cannot later dispute. |
Certificate Authority (CA), | which issues, manages, authenticates, signs, and revokes users' digital certificates, which typically contain the user name, public key, and other indentifying information. |
Registration authority (RA) | which operates under the trusted collaboration of the certificate authority and can handle day-to-day certification functions, such as verifying registration information, generating end-user keys, revoking certificates, and validating user certificates. |
Certificate Revocation List (CRL) | is a list distributed by the certificate authority that identifies all revoked certificates |
Digital signatures | -are encrypted messages that can be mathematically proven authentic. |
Digital Signature Standard (DSS)- | digital signatures should be created using processes and products based on DSS. |
Distinguished Name (DN) | uniquely identifies a certificate entity, to a user's public key. |
Diffie-Hellman key exchange | -which is a method for exchanging private keys using public key encryption. |
Session keys- | are limited-use symmetric keys for temporary communications; they allow two organizations to conduct quick, efficient, secure communications based on symmetric encryption. |
Secure Sockets Layer (SSL | )-is a protocol to use public key encryption to secure a channel over the internet. |
SSL Record Protocol- | is a protocol responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. |
Standard HTTP | -provides the Internet communication services between client and host without consideration for encryption of the data that is transmitted between client and server. |
Secure-HTTP (S-HTTP)- | is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server |
Secure Multipurpose Internet Mail Extensions (S/MIME)- | is a specification developed to increase the security of e-mail that adds encryption and user authentication. |
Privacy Enhanced Mail (PEM)- | is a standard proposed by the Internet Engineering Task Force (IETF) to function with the public key cryptosystems. |
Pretty Good Privacy (PGP)- | is a hybrid cryptosystem that combines some of the best available cryptographic algorithms. PGP is the open source de facto standard for encryption and authentication of e-mail and file storage applications. |
Secure Electronic Transactions (SET)- | is a means of securing Web transactions that was developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud. |
Wired Equivalent Privacy (WEP)- | was an early attempt to provide security with 802.11 network protocol. It is now considered too cryptographically weak to provide any meaningful protection from eavesdropping, but for a time it did provide some measure of security for low-sensitivity netw |
Wi-Fi Protected Access (WPA)- | was created to resolve issues with WEP. WPA has a key size of 128 bits, and instead of static, seldom changed keys, it uses dynamic keys created and shared by an authentication server. |
Temporal key Integrity Protocol (TKIP)- | is a suite of algorithms that attempts to deliver the best security that can be obtained given the constraints of the wireless network environment. |
Robust Secure Networks (RSN)- | is a protocol planned for deployment as a replacement for TKIP in WPA, uses the Advanced Encryption Standard (AES), along with 802.1x and EAP. |
Bluetooth- | is a de facto industry standard for short range wireless communications between devices. It is used to establish communications links between wireless telephones and headsets, between PDAs and desktop computers and between laptops. |
Internet Protocol Security (IPSec)- | is an open source protocol that secures communications across IP-based networks such as LANs, WANs, and the Internet. The protocol is designed to protect data integrity, user confidentiality, and authenticity at the IP packet level. |
Transport mode- | is one of the two modes of operation of IP Security Protocol. In transport mode, only the IP data is encrypted, not the IP headers. |
Tunnel mode | -is one of the two modes of operation of IP Security Protocol. In tunnel mode, the entire IP packet is encrypted and placed as payload into another IP packet. |
Application header (AH) protocol- | provides system to system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. |
Encapsulating security payload (ESP) protocol- | provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. |
PGP security solution | -provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management. |
Known-plaintext attack- | is a method of attacking a cryptosystem that relies on knowledge of some or all of the plaintext that was used to generate a ciphertext. |
Selected-plaintext attack- | is a crypto system attack in which the attackers send a target a section of plaintext they want encrypted and returned in order to reveal information about the target's encryption systems. |
Man-in-the-middle attacks- | is an attack in which the abuser records data packets from the network, modifies them, and inserts them back into the network. |
Correlation attacks- | are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext generated by the cryptosystem |
Dictionary attack- | the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target in an attempt to locate a match between the target ciphertext and the list of encrypted words. |
Timing attack | -the attacker eavesdrops on the victim's session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. |
Replay attack- | is an attempt to resubmit a recording of the deciphered authentication to gain entry into a secure source. |