Upload
rakeshrjains
View
220
Download
0
Embed Size (px)
Citation preview
8/12/2019 CISSP Study Guide on Cryptography
1/48
CISSP Study Booklet on Cryptography
This simple study booklet is based directly on the ISC2CBKdocument.
This guide does not replace in any way the outstanding value o the CISSP
Seminar and the act that you must have been involved into the security ield orat least a ew years i you intend to take the CISSP e!am. This booklet simplyintend to make your lie easier and to provide you with a centrali"ed resource orthis particular domain o e!pertise.
This guide was created by Clement #upuis on $th %pril &'''
(%)*I*+,
%s with any security related topic- this is a living document that will and mustevolve as other people read it and technology evolves. Please eel ree to sendme comments or input to be added to this document. %ny comments- typocorrection- etc are most welcome and can be send directly to,[email protected]
#IST)IB/TI0* %+)111*T,
This document may be reely read- stored- reproduced- disseminated- translated
or 3uoted by any means and on any medium provided the ollowing conditionsare met,
1very reader or user o this document acknowledges that he his awarethat no guarantee is given regarding its contents- on any account- andspeciically concerning veracity- accuracy and itness or any purpose. #onot blame me i some o the e!am 3uestions are not covered or thecorrect answer is dierent rom the content o this document. )emember,look or the most correct answer- this document is based on the seminarcontent- standards- books- and where and when possible the source oinormation will be mentioned.
*o modiication is made other than cosmetic- change o representationormat- translation- correction o obvious syntactic errors.
Comments and other additions may be inserted- provided they clearlyappear as such. Comments and additions must be dated and theirauthor4s5 identiiable. Please orward your comments or insertion into theoriginal document.
mailto:[email protected]:[email protected]8/12/2019 CISSP Study Guide on Cryptography
2/48
)edistributing this document to a third party re3uires simultaneousredistribution o this licence- without modiication- and in particular withoutany urther condition or restriction- e!pressed or implied- related or not tothis redistribution. In particular- in case o inclusion in a database orcollection- the owner or the manager o the database or the collection
renounces any right related to this inclusion and concerning the possibleuses o the document ater e!traction rom the database or the collection-whether alone or in relation with other documents.
Cryptography
Description :The Cryptography domain addresses the principles- means- and methods osecuring inormation to ensure its integrity- conidentiality- and authenticity.
Expected Knowledge :The proessional should ully understand , Basic concepts within cryptography.
Public and private key algorithms in terms of their applications and uses.
Cryptography algorithm construction, key distribution, key management, and
methods of attack Applications, constructions, and use of digital signatures
Principles of authenticity of electronic transactions and non-repudiation
The CISSP can meet the expectations defined above by nderstanding
sch !perations Secrity "ey areas of "nowledge as : Authentication
Certificate authority
Digital ignatures!"on-#epudiation
$ncryption
$rror Detecting!Correcting features
%ash &unctions
'erberos
'ey $scrow
(essages Digest
(D)
%A %(AC
*ne-+ime cipher keys
Private 'ey Algorithms
Applications and ses
Algorithm (ethodology
'ey Distribution and (anagement
'ey eneration!Distribution
8/12/2019 CISSP Study Guide on Cryptography
3/48
'ey #ecovery
'ey torage and Destruction
'ey trenth
o Compleity
o ecrecy
o /eak keys (ethod of attack
Public key Algorithms
Application and uses
Algorithm (ethodology
'ey Distribution and (anagement
'ey Distribution and (anagement
'ey torage and Destruction
'ey #ecovery
'ey trength
Compleity
ecrecy /eak 'eys
(ethos of attack
tream Cipher
Examples of KnowledgeabilityDescribe the ancient history of CryptographyCISSP Seminar :
&irst appearance 0 $gypt 1 2333 years ago
cytale 0parta 0 233 BC
Paper wrapped on rod +et written on paper
Paper removed 0 cipher tet
Ceasar Cipher 0 4ulius Caesar 0 #ome 0 25 BC
6thCentury AD 0 Arabs
Cipher Alphabets in magic 0 7)) AD
8eon Batista Alberti9s cipher disk 0 :taly 0 ;2)5 AD
+homas 4efferson ciphering device- ;653- tack of the key? 8etters around new position >cipher tet?
#*+ ;@ 0 (any ": system
hifts letters ;@ places
"ot secured from freuency analysis
$ncrypted twice-plain tet
8/12/2019 CISSP Study Guide on Cryptography
4/48
From Cryptography FAQ :The story begins, (hen 6ulius Caesar sent messages to his trustedac3uaintances- he didn7t trust the messengers. So he replaced every % by a #-every B by a 1- and so on through the alphabet. 0nly someone who knew the88shit by 977 rule could decipher his messages.From CMEs Cryptography Timeline : (if you are really interested in no!ing it all" or else #umpo$er%
Date C or # Sorce Info
about &':: BC civ Kahn p.;&%n 1gyptian scribe used non
8/12/2019 CISSP Study Guide on Cryptography
5/48
:
8/12/2019 CISSP Study Guide on Cryptography
6/48
Islamic states and the conse3uent ailure to developa permanent civil service and to set up permanentembassies in other countries militated againstcryptography7s more widespread use.77
&22= +ovt Kahn p.&:=
88%s early as &22=- a aint political cryptography
appeared in the archives o Denice- where dots orcrosses replaced the vowels in a ew scatteredwords.77
about &2$: Civ Kahn p.':
/oger 3aconnot only described several ciphers butwrote, 88% man is cra"y who writes a secret in anyother way than one which will conceal it rom thevulgar.77
&9;' +ovtGciv Kahn p.&:;
#abrieli di 5avindeat the re3uest o Clement DII-compiled a combination substitution alphabet andsmall code
8/12/2019 CISSP Study Guide on Cryptography
7/48
&@==eintroduced the notion o changing alphabets witheach letter.
&$$9 Civ Kahn p.&9;
#iovan 3atista 3elasointroduced the notion ousing a passphrase as the key or a repeatedpolyalphabetic cipher. 4This is the standardpolyalphabetic cipher operation mise classiiedciphers as transposition- substitution and symbolsubstitution 4use o a strange alphabet5. >esuggested use o synonyms and misspellings toconuse the cryptanalyst. >e apparently introducedthe notion o a mi!ed alphabet in a polyalphabetictableau.
&$=@ CivKahnp.&@@4ootnote5
Bellaso published an autokey cipher improving onthe work o Cardanowho appears to have inventedthe idea.
&=29 Civ Bacon
Sir 0rancis 3acondescribed a cipher which now
bears his name
8/12/2019 CISSP Study Guide on Cryptography
8/48
cipherte!t letters are used or the current letter7skey5. EKahn p.&@;, both o these were orgotten andre
8/12/2019 CISSP Study Guide on Cryptography
9/48
pp.&'9
8/12/2019 CISSP Study Guide on Cryptography
10/48
incorporated as Crypto %+. The company is still inoperation- although acing controversy or havingallegedly weakened a cipher product or sale to Iran.
&'2& Civ Kahn p.@&$
Edward >gh >ebernincorporated 88>ebern1lectric Code77- a company making electroA&A 0 ;525?o "A ;5)istorical tricks includes invisible inks- tiny pin puncture on selected characters-minute dierences between handwritten characters- pencil marks on typewritten
8/12/2019 CISSP Study Guide on Cryptography
26/48
characters- grilles which cover most o the message e!cept or a ew characters-and so on. ore recently people are hiding secrets in graphic image.Describe Digital System EncryptionCISSP Seminar:
The key and message both streams o bits $ach tet character Q 7 bits
$ach key bit *#ed >eclusived-or9ed? with corresponding message bit
*# operation yields 3 if both bits the same and ; is different
1!ample,1SS%+1 ST)1% :&::&:::K1O ST)1% &&:&:::&CIP>1)T1LT ST)1% &::&&::&Define the word BCodesB as it pertains to Cryptography
CISSP Seminar:ist o wordsGphrasesG 4codes5 with corresponding random groups onumbersGletters 4code groups5
Applied Cryptography" Page ):>istorically- a code reers to a cryptosystem that deals with linguistic units,words- phrases- sentences- and so orth. Jor e!ample- the word V0C10Tmight be the cipherte!t o the entire phrase VTurn let ': degrees- the wordV0IP0P might be the cipherte!t or VTurn right ': degrees- and the wordsVB1*T 1%) might be the cipherte!t or V>0(ITM1). Codes are only useul orspeciali"ed circumstances. Ciphers are useul or any circumstance. Codes arelimited- i your code does not have an entry or a speciic word then you cant say
it- you can say anything you wish using cipher.Compare and contrast >agelin and /otor Cryptography 9achinesCISSP Seminar:
%agelin (achine
Combines plain tet >character by character? withJ
'eystream >long pseudo-random seuence?
+o produce cipher tet
#otor (achines
#otor implements cipher alphabet
#otor connected in banks ignal entering one end permuted by each of rotors before leaving at other end
'eyed by changing rotor variableso #otors!order of rotors
o "umber of stopping pieces per wheel
o Pattern of motion
8/12/2019 CISSP Study Guide on Cryptography
27/48
Describe the se and characteristics of B!ne.Time.PadB EncryptionCISSP Seminar:
nbreakable by ehaustive search >brute force?
#andom key same length as message
*nly used once
Digital system key and message both bit streams 7 bits per character
$ach key bit *#ed with corresponding message bit
Produces ciphertet bit
'ey bits *#ed with ciphertet to decrypt
Describe the history of the DES EncryptionCISSP Seminar:
:B( cryptographic research >late ;5=39s?
(odification of 8ucifer developed by :B(
"on-linear block ciphers :B( developed >about ;56
8/12/2019 CISSP Study Guide on Cryptography
28/48
8/12/2019 CISSP Study Guide on Cryptography
29/48
1ach block o cipherte!t is encrypted independently o any other block. Thereoreeach cipherte!t block corresponds to one plainte!t block Aust like in a code book.CBC < Chain Block Cipher1CB does not protect against insertion o repeated blocks because blocks aretreated independently. %nother weakness is that identical plainte!t blocks
generate identical cipherte!t blocks. To improve #1S or communication streamseach =@ bit block is 1L0)ed with the previous =@ bit cipherte!t beore enteredinto the #1S chip. In addition to a common secret key the sender and receiverneed to agree on an initial vector to be 1L0)ed with the irst block o amessages stream.CJ < Cipher Jeedback odeCJ is an alternate mode or #1S on ? bit characters. The input character is1L0)ed with the least signiicant byte o the #1S output and then transmittedover thecommunication link. In order to collect enough bits or the =@ bit encryption blockthe output characters are collected in a character based shit register. 1ach
output character advances the shit register by ? bits and triggers a new #1Sencryption. Thereby the ne!t input character will be 1L0)ed with a new #1Soutput. CJ is suitable or use on serial lines.Describe the caracteristics and sage of DobleTriple DESCISSP Seminar:
Double D$
$ffective key length ;;< bits
/ork factor about the same as single D$
"o more secure
+riple D$ $ncrypt with first key
Decrypt with second key
$ncrypt with first key
"o successfull attack reported
/SA Crypto FAQ:Jor some time it has been common practice to protect and transport a key or#1S encryption with triple
8/12/2019 CISSP Study Guide on Cryptography
30/48
%ttacks on two?&F and Dan 0orschot and (iener ED('&F- but the data re3uirements othese attacks make them impractical. Jurther inormation on tripleere are some o the degates,Criminal encryption use e!ists. 1ncryption has already been used by criminals tokeep their activities secret rom the JBI and law enorcement. Jrom &''$ to&''=- the number o cases in which the JBI was oiled by encryption more thandoubled 4$ to &25.1ncryption is not regulatable outside the /S. *on
8/12/2019 CISSP Study Guide on Cryptography
31/48
1scrow has not been thoroughly tested. There are millions o encryption usersand thousands o agents and law enorcement agencies. Key escrow has neverbeen tested in a wideshipOack?
Decrypted by special chip, uniue key and special law enforcement access field
>8$A&? transmitted with encrypted communication. #egardless of session key
Chip uniue key is *# of < components
$ach encrypted and stored in escrow with separate escrow agent
Both needed to construct chip uniue key and decrypt
#elease to authoriNed government agent for authoriNed surveillance.
hipOack Algorithm +ransform =2 bit input block into =2 bit output block
73 bit key length
ame operating modes as D$ >2 of them?
Classified to prevent implementing >in either software or hardware? without
8$A&
/SA Crypto FAQ:The Clipper chip contains an encryption algorithm called SkipAack. 1ach chipcontains a uni3ue ?:
8/12/2019 CISSP Study Guide on Cryptography
32/48
Initially the details o SkipAack were classiied and the decision not to make thedetails o the algorithm publicly available was widely critici"ed. Some peoplewere suspicious that SkipAack might not be secure- either due to an oversight byits designers- or by the deliberate introduction o a secret trapdoor. SinceSkipAack was not public- it could not be widely scrutini"ed and there was little
public conidence in the cipher.%ware o such criticism- the government invited a small group o independentcryptographers to e!amine the SkipAack algorithm. They issued a report EB#K'9Fwhich stated that although their study was too limited to reach a deinitiveconclusion- they nevertheless believed SkipAack was secure.In 6une o &''? SkipAack was declassiied by the *S%. 1arly cryptanalysis hasailed to ind any substantial weakness in the cipher.Describe the elements of the Electronic Data Secrity ,ct of &''FCISSP Seminar:To be completed
Ele&troni& 3ata Se&urity A&t -))*:The 1lectronic #ata Security %ct states its goals as,To enable the development o a key management inrastructure or publicdifficulty of taking logarithms in finite fields?
$l amal encryption scheme and signature algorithm
chnorr9s signature algorithm
"ybergrueppel9s signature algorithm
tation-to-tation protocol for key agreement >+?
Digital ignature Algorithm >DA?
$lliptic Curve Crypto >$CC?
/SA Crypto FAQ:Public
8/12/2019 CISSP Study Guide on Cryptography
33/48
can actor the modulus can decrypt messages and orge signatures. The securityo the )S% algorithm depends on the actoring problem being diicult and thepresence o no other types o attack.In general the larger the number the more time it takes to actor it. 0 course iyou have a number like 2&:: it is easier to actor than say- a number with hal
as many digits but the product o two primes o about the same length. This iswhy the si"e o the modulus in )S% determines how secure an actual use o)S% isR the larger the modulus- the longer it would take an attacker to actor- andthus the more resistant the )S% modulus is to an attack.
Define Elleptic Crve Cryptosystems ECC
CISSP Seminar: ses algebraic system defined on points of elliptic curve to provide public-key
algorithms.
Digital signature ecret key distribution
Confidential info transmission
&irst proposed by Iictor (iller >:B(!C#D? ;57) K "eal koblitN > /ashington
univ?
/SA Crypto FAQ:1lliptic curve cryptosystems were irst proposed independently by Dictor illerEil?=F and *eal Koblit" EKob?;F in the mid
8/12/2019 CISSP Study Guide on Cryptography
34/48
:deal for very small hardware implementations
mart card
$ncryption and digital signatures stages separable to simplify eport
/SA Crypto FAQ:
Presently- the methods or computing general elliptic curve discrete logs aremuch less eicient than those or actoring or computing conventional discretelogs. %s a result- shorter key si"es can be used to achieve the same security oconventional public
8/12/2019 CISSP Study Guide on Cryptography
35/48
A": AC 5
$lliptic curve key agreement and key management proposed work item
:*!:$C CD ;2777@ EDigital ignature with appendiE
Iariety of digital signature mechanisms
/SA Crypto FAQ:The I111 P&9=9 is an emerging standard that aims to provide a comprehensivecoverage o established public
8/12/2019 CISSP Study Guide on Cryptography
36/48
P+P 4Pretty +ood Privacy5 is a sotware package originally developed by PhilMimmerman that provides cryptographic routines or e
8/12/2019 CISSP Study Guide on Cryptography
37/48
1l +amal%nother popular system is the 1l +amal algorithm- which relies on the diiculty odiscrete logarithms. The algorithm is based on the problem o e!ponentiation asollows, given a modulus 3 and some b U 3- a character ! can be encrypted asinteger y is the condition by W ! mod 3. The integer y should not be easily
computable- providing security through the uneasibility o complicated discretelogarithms.The actual 1l +amal algorithm re3uires- or a secure system- that everyoneagrees on a large prime modulus- 3. % number g is chosen such that- ideally- theorder o g is 3
8/12/2019 CISSP Study Guide on Cryptography
38/48
$.Bob sends O to %lice.=.%lice computes Key 2 Q Oa mod mBoth Key & and Key 2 are e3ual to gab mod m. *o one besides %lice and Bob isable to generate this value. 0nly someone who knows a or b is able to generatethe key. Thereore #iie >ellman public key is a means or two parties who have
never met to be able to negotiate a key over a public channel.The security o #iie >ellman revolves around the choice o the publicparameters m and g. odulus m should be a prime number and 4m
8/12/2019 CISSP Study Guide on Cryptography
39/48
Identify the ,ctivities /elated to Key managementCISSP Seminar:
'ey management
'ey change
'ey disposition 'ey recovery
Control of crypto keys
/SA Crypto FAQ:Key management deals with the secure generation- distribution- and storage okeys. Secure methods o key management are e!tremely important. 0nce a keyis randomly generated 4see uestion @.&.2.25- it must remain secret to avoidunortunate mishaps 4such as impersonation5. In practice- most attacks on public;3!
Developed eportable, worldwide approach to strong encryption to enable secure
international commerce Developing modern, high-level crypto E'ey recoveryE solutions
(eet business reuirements $ase crypto import!eport restrictions worldwide
Alliance proposed reuirements for ideal key recovery system >5!;5!56?
/SA Crypto FAQ:0ne o the barriers to the widespread use o encryption in certain conte!ts is theact that when a key is somehow HlostH- any data encrypted with that keybecomes unusable. Key recovery is a general term encompassing the numerousways o permitting Hemergency accessH to encrypted data.0ne common way to perorm key recovery- called key escrow- is to split adecryption key 4typically a secret key or an )S% private key5 into several parts
and distribute these parts to escrow agents or HtrusteesH. In an emergencysituation 4e!actly what deines an Hemergency situationH is conte!t
8/12/2019 CISSP Study Guide on Cryptography
41/48
encrypted session key is sent with the encrypted communication- and so thetrustee is able to decrypt the communication when necessary. % variant o thismethod- in which the session key is split into several pieces- each encrypted witha dierent trustee7s public key- is used by TIS7 )ecoverKey.Key recovery can also be perormed on keys other than decryption keys. Jor
e!ample- a user7s private signing key might be recovered. Jrom a security pointo view- however- the rationale or recovering a signing key is generally lesscompelling than that or recovering a decryption key.Define Digital Signatre as it Pertains to CryptographyCISSP Seminar:
Authentication tool to verify a message origin and a sender identity
#esolves authentication issues
Block of data attached to message >document, file, record, etc?
Binds message to individual whose signature can be verified
o By receiver or third party
o Can9t be forged $ach user has public-private key pair.
/SA Crypto FAQ:The digital signature o a document is a piece o inormation based on both thedocument and the signer7s private key. It is typically created through the use o ahash unction and a private signing unction 4encrypting with the signer7s privatekey5- but there are other methods. %uthentication is any process through whichone proves and veriies certain inormation. Sometimes one may want to veriythe origin o a document- the identity o the sender- the time and date adocument was sent andGor signed- the identity o a computer or user- and so on.
% digital signature is a cryptographic means through which many o these may beveriied.
Describe the Digital Signatre Standard DSS
CISSP Seminar: ":+ proposed in ;55;
ses secure hash algorithm >%A?
Condenses message to ;=3 bits
(odular arithmetic eponentiations of large numbers
'ey siNe );#A?
FIPS -,6:This Standard speciies a #igital Signature %lgorithm 4#S%5 appropriate orapplications re3uiring a digital rather than written signature. The #S% digitalsignature is a pair o large numbers represented in a computer as strings o
8/12/2019 CISSP Study Guide on Cryptography
42/48
binary digits. The digital signature is computed using a set o rules 4i.e.- the #S%5and a set o parameters such that the identity o the signatory and integrity o thedata can be veriied. The #S% provides the capability to generate and veriysignatures.
Define !peration of the Digital Signatre StandardCISSP Seminar:To sign a message
ender computes digest of message
sing public hash function
Crypto signature by sender9s private key
Applied to digest creates digital signature
Digital signature sent with message
To veriy a message #eceiver computes digest of message
Ierifying functions with sender9s public key Applied to digest and signature received
Ierified if both digest match
ignature decryption identifies sender
/SA Crypto FAQ:The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set oparameters such that the identity o the signatory and integrity o the data can beveriied. The #S% provides the capability to generate and veriy signatures.Signature generation makes use o a private key to generate a digital signature.Signature veriication makes use o a public key which corresponds to- but is not
the same as- the private key. 1ach user possesses a private and public key pair.Public keys are assumed to be known to the public in general. Private keys arenever shared. %nyone can veriy the signature o a user by employing that user7spublic key. Signature generation can be perormed only by the possessor o theuser7s private key.
% hash unction is used in the signature generation process to obtain acondensed version o data- called a message digest. The message digest is theninput to the #S% to generate the digital signature. The digital signature is sent tothe intended veriier along with the signed data 4oten called the message5. Theveriier o the message and signature veriies the signature by using the sender7spublic key. The same hash unction must also be used in the veriication process.
The hash unction is speciied in a separate standard- the Secure >ash Standard4S>S5- JIPS &?:. Similar procedures may be used to generate and veriysignatures or stored as well as transmitted data.Identify the benefits of the Digital Signatre StandardCISSP Seminar:
Provides non-repudiation
sed with electronic contracts, purchase orders, etcU
8/12/2019 CISSP Study Guide on Cryptography
43/48
sed to authenticate software, data, images, users, machines.
Protect software against viruses
mart card with digital signature can verify user to computer
/SA Crypto FAQ:
The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set oparameters such that the identity o the signatory and integrity o the data can beveriied.Define %on./epdiation as it pertains to CryptographyCISSP Seminar:
Proves message sent and received
$nsures sender can9t deny sending
#ecipient can9t deny claim that they received something else or deny receiving
proper message
Define >ash fnctions as they pertain to CryptographyCISSP Seminar:
/SA Crypto FAQ:The main role o a cryptographic hash unction is in the provision o messageintegrity checks and digital signatures. Since hash unctions are generally asterthan encryption or digital signature algorithms- it is typical to compute the digitalsignature or integrity check to some document by applying cryptographicprocessing to the document7s hash value- which is small compared to the
document itsel. %dditionally- a digest can be made public without revealing thecontents o the document rom which it is derived. This is important in digitaltimestamping where- using hash unctions- one can get a document timestampedwithout revealing its contents to the timestamping service.Describe the Ase of Certification ,thorityCISSP Seminar:
Binds individuals to their public keys
Certification authrority9s digital signature
Attest binding
Certification authority certification
ser identification, public key, date )35 certification standard
":+ "ational Digital ignature Certification Authority study
/SA Crypto FAQ:Certiicates are issued by certiication authority. Certiicates are digitaldocuments attesting to the binding o a public key to an individual or other entity.They allow veriication o the claim that a speciic public key does in act belong
8/12/2019 CISSP Study Guide on Cryptography
44/48
to a speciic individual. Certiicates help prevent someone rom using a phonykey to impersonate someone else. In some cases it may be necessary to createa chain o certiicates- each one certiying the previous one until the partiesinvolved are conident in the identity in 3uestion.In their simplest orm- certiicates contain a public key and a name. %s commonly
used- a certiicate also contains an e!piration date- the name o the certiyingauthority that issued the certiicate- a serial number- and perhaps otherinormation. ost importantly- it contains the digital signature o the certiicateissuer. The most widely accepted ormat or certiicates is deined by the IT/&:(A?
Computed value derived from document
Detect accidental!intentional alteration
&orgery possible
%C +eneration Algorithm eamines bitstream
Data field output appended to bitstream
Before transmission!storage
Parity!checksum application
Bitstream and (AC (achine!communications error
/SA Crypto FAQ:% message authentication code 4%C5 is an authentication tag 4also called achecksum5 derived by appying an authentication scheme- together with a secretkey- to a message. /nlike digital signatures- %Cs are computed and veriiedwith the same key- so that they can only be veriied by the intended recipient.
8/12/2019 CISSP Study Guide on Cryptography
45/48
There are our types o %Cs, 4&5 unconditionally secure- 425 hash unction