CISSP Study Booklet on Cryptography

This simple study booklet is based directly on the ISC 2 CBKdocument. This guide does not replace in any way the outstanding value o the CISSP Seminar and the act that you must have been involved into the security ield or at least a ew years i you intend to take the CISSP e!am. This booklet simply intend to make your li e easier and to provide you with a centrali"ed resource or this particular domain o e!pertise. This guide was created by Clement #upuis on $th %pril &'''

(%)*I*+, %s with any security related topic- this is a living document that will and must evolve as other people read it and technology evolves. Please eel ree to send me comments or input to be added to this document. %ny comments- typo correction- etc. are most welcome and can be send directly to,
cdupuis@uniconseil.com

#IST)IB/TI0* %+)1121*T, This document may be reely read- stored- reproduced- disseminated- translated or 3uoted by any means and on any medium provided the ollowing conditions are met,

1very reader or user o this document acknowledges that he his aware that no guarantee is given regarding its contents- on any account- and speci ically concerning veracity- accuracy and itness or any purpose. #o not blame me i some o the e!am 3uestions are not covered or the correct answer is di erent rom the content o this document. )emember, look or the most correct answer- this document is based on the seminar content- standards- books- and where and when possible the source o in ormation will be mentioned. *o modi ication is made other than cosmetic- change o representation ormat- translation- correction o obvious syntactic errors. Comments and other additions may be inserted- provided they clearly appear as such. Comments and additions must be dated and their author4s5 identi iable. Please orward your comments or insertion into the original document.

)edistributing this document to a third party re3uires simultaneous redistribution o this licence- without modi ication- and in particular without any urther condition or restriction- e!pressed or implied- related or not to this redistribution. In particular- in case o inclusion in a database or collection- the owner or the manager o the database or the collection renounces any right related to this inclusion and concerning the possible uses o the document a ter e!traction rom the database or the collectionwhether alone or in relation with other documents. Cryptography

Description : The Cryptography domain addresses the principles- means- and methods o securing in ormation to ensure its integrity- con identiality- and authenticity. Expected Knowledge : The pro essional should ully understand , Basic concepts within cryptography. Public and private key algorithms in terms of their applications and uses. Cryptography algorithm construction, key distribution, key management, and methods of attack Applications, constructions, and use of digital signatures Principles of authenticity of electronic transactions and non-repudiation The CISSP can meet the expectations defined above by nderstanding s ch !perations Sec rity "ey areas of "nowledge as : Authentication Certificate authority Digital ignatures!"on-#epudiation $ncryption $rror Detecting!Correcting features %ash &unctions 'erberos 'ey $scrow (essages Digest (D) %A %(AC *ne-+ime cipher keys Private 'ey Algorithms Applications and ,ses Algorithm (ethodology 'ey Distribution and (anagement 'ey -eneration!Distribution

'ey #ecovery 'ey torage and Destruction 'ey trenth o Comple.ity o ecrecy o /eak keys (ethod of attack Public key Algorithms Application and uses Algorithm (ethodology 'ey Distribution and (anagement 'ey Distribution and (anagement 'ey torage and Destruction 'ey #ecovery 'ey trength Comple.ity ecrecy /eak 'eys (ethos of attack tream Cipher

Examples of Knowledgeability Describe the ancient history of Cryptography CISSP Seminar : &irst appearance 0 $gypt 1 2333 years ago cytale 0 parta 0 233 BC Paper wrapped on rod +e.t written on paper Paper removed 0 cipher te.t Ceasar Cipher 0 4ulius Caesar 0 #ome 0 25 BC 6th Century AD 0 Arabs Cipher Alphabets in magic 0 7)) AD 8eon Batista Alberti9s cipher disk 0 :taly 0 ;2)5 AD +homas 4efferson ciphering device- ;653- tack of <= disks $ach disk contained alphabet around face of edge in different order Positioning bar attached to align letters in row Created message by moving each disk to proper letter Bar rotated fi.ed amount >the key? 8etters around new position >cipher te.t? #*+ ;@ 0 (any ,":A system hifts letters ;@ places "ot secured from freBuency analysis $ncrypted twice-plain te.t

From Cryptography FAQ : The story begins, (hen 6ulius Caesar sent messages to his trusted ac3uaintances- he didn7t trust the messengers. So he replaced every % by a #every B by a 1- and so on through the alphabet. 0nly someone who knew the 88shi t by 977 rule could decipher his messages.
From CMEs Cryptography Timeline : (if you are really interested in no!ing it all" or else #ump o$er% Date C or # So rce Info %n 1gyptian scribe used non<standard hieroglyphs in an inscription. Kahn lists this as the irst documented e!ample o written cryptography. % 2esopotamian tablet contains an enciphered ormula or the making o gla"es or pottery. >ebrew scribes writing down the book o 6eremiah used a reversed<alphabet simple substitution cipher known as %TB%S>. 46eremiah started dictating to Baruch in =:$ BC but the chapters containing these bits o cipher are attributed to a source labeled 88C77 4believed not to be Baruch5 which could be an editor writing a ter the Babylonian e!ile in $?; BCsomeone contemporaneous with Baruch or even 6eremiah himsel .5 %TB%S> was one o a ew >ebrew ciphers o the time. The +reeks used a device called the 88skytale77 << a sta around which a long- thin strip o leather was wrapped and written on. The leather was taken o and worn as a belt. Presumably- the recipient would have a matching sta and the encrypting sta would be le t home. $%ote: an article in Cryptologia late in &''( ma"es the case that the cryptographic se of the s"ytale may be a myth)* + li s Caesar 4&::<@@ BC5 used a simple substitution with the normal alphabet 4Aust shi ting the letters a i!ed amount5 in government communciations. This cipher was less strong than %TB%S>- by a small amount- but in a day when ew people read in the irst place- it was good enough. >e also used tansliteration o Batin into +reek letters and a number o other simple ciphers.

about &':: BC

civ

Kahn p.;&

&$:: BC

Civ

Kahn p.;$

$::<=:: BC

Civ

Kahn p.;;

@?; BC

+ovt

Kahn p.?2

$:<=: BC

+ovt

Kahn p.?9

The Kama Sutra o Datsayana lists cryptography as the @@th and @$th o =@ arts 4yogas5 men and women should know and practice. The date o this work is unclear but is believed to be between the irst and ourth centuries- %#. E%nother e!pert- 6ohn (. Spellman- will commit only to the range between the @th century BC and the $th century %#.F Datsayana says that his Kama Sutra is a compilation o much earlier works- making the dating o the cryptography re erences even more uncertain. Part I- Chapter III lists the =@ arts and opens with, 882an should study the Kama Sutra and the arts and sciences subordinate thereto E....F 1ven young maids should study this Kama Sutra- along with its arts and sciences- be ore marriage- and a ter it they should continue to do so with the consent o their husbands.77 These arts are clearly not the province o a government or even o academics- but rather are practices o laymen. In this list o arts- the @@th and @$th read, +he art of understanding writing in cipher, and the writing of words in a peculiar way. +he art of speaking by changing the forms of words. :t is of various kinds. ome speak by changing the beginning and end of words, others by adding unnecessary letters between every syllable of a word, and so on.

:<@::C

Civ

Burton

2::7s

Civ

Kahn p.'&

88The so<called Beiden papyrus E...F employs cipher to conceal the crucial portions o important EmagicF recipes77. ,b -,bd al./ahman al.Khalil ibn ,hmad ibn -,mr ibn Tammam al 0arahidi al.1adi al 2ahmadi wrote a 4now lost5 book on cryptography- inspired by his solution o a cryptogram in +reek or the By"antine emperor. >is solution was based on known 4correctly guessed5 plainte!t at the message start << a standard cryptanalytic method- used even in ((<II against 1nigma messages. ,b 3a"r ,hmad ben -,li ben 4ahshiyya an. %abati published several cipher alphabets which were traditionally used or magic. 88% ew documents with cipherte!t survive rom the +ha"navid government o con3uered Persia- and one chronicler reports that high o icials were supplied with a personal cipher be ore setting out or new posts. But the general lack o continuity o

;2$<;':C

+ovtG4civ5

Kahn p.';

?$$ <<<

Civ +ovt

Kahn p.'9 Kahn p.'@

Islamic states and the conse3uent ailure to develop a permanent civil service and to set up permanent embassies in other countries militated against cryptography7s more widespread use.77 88%s early as &22=- a aint political cryptography appeared in the archives o Denice- where dots or crosses replaced the vowels in a ew scattered words.77 /oger 3acon not only described several ciphers but wrote, 88% man is cra"y who writes a secret in any other way than one which will conceal it rom the vulgar.77 #abrieli di 5avinde at the re3uest o Clement DIIcompiled a combination substitution alphabet and small code << the irst e!ample o the nomen&lator Kahn has ound. This class o codeGcipher was to remain in general use among diplomats and some civilians or the ne!t @$: years- in spite o the act that there were stronger ciphers being invented in the meantime- possibly because o its relative convenience. -,bd al./ahman Ibn Khald n wrote HThe 2u3addimahH- a substantial survey o history which cites the use o 88names o per umes- ruits- birds- or lowers to indicate the letters- or E...F o orms di erent rom the accepted orms o the letters77 as a cipher among ta! and army bureaus. >e also includes a re erence to cryptanalysis- noting 88(ell< known writings on the subAect are in the possession o the people.77 'p()*+ HThe 13uatorie o the PlanetisH- possibly written by #eoffrey Cha cer- contains passages in cipher. The cipher is a simple substitution with a cipher alphabet consisting o letters- digits and symbols. Shihab al.Din ab -l.-,bbas ,hmad ben -,li ben ,hmad -,bd ,llah al.6al7ashandi wrote HSubh al< a 8shaH- a &@<volume %rabic encyclopedia which included a section on cryptology. This in ormation was attributed to Ta8 ad.Din -,li ibn ad.D raihim ben 9 hammad ath.Tha-alibi al.9a sili who lived rom &9&2 to &9=& but whose writings on cryptology have been lost. The list o ciphers in this work included both substitution and transposition and- or the irst time- a cipher with multiple substitutions or each plainte!t letter. %lso traced to Ibn al<#uraihim is an e!position on and worked e!ample o cryptanalysis- including the use o tables o letter re3uencies and sets o letters which can not occur together in one word.

&22=

+ovt

Kahn p.&:=

about &2$:

Civ

Kahn p.':

&9;'

+ovtGciv

Kahn p.&:;

&9::7s

+ovt

Kahn p.'@

&9'2

Civ

Price p.&?2<;

&@&2

Civ

Kahn p.'$<=

&@==<;

Civ

Kahn p.&2;

5eon 3attista ,lberti 4a riend o 5eonardo Dato- a poti ical secretary who might have instructed %lberti in the state o the art in cryptology5 invented and published the irst polyalphabetic cipher- designing a cipher disk 4known to us as the Captain 2idnight #ecoder Badge5 to simpli y the process. This class o cipher was apparently not broken until the &?::7s. %lberti also wrote e!tensively on the state o the art in ciphers- besides his own invention. %lberti also used his disk or enciphered code. These systems were much stronger than the nomenclator in use by the diplomats o the day and or centuries to come. 88% manuscript E...F by ,rnald s de 3r xella uses ive lines o cipher to conceal the crucial part o the operation o making a philosopher7s stone.77 +ohannes Trithemi s wrote the irst printed book on cryptology. >e invented a steganographic cipher in which each letter was represented as a word taken rom a succession o columns. The resulting series o words would be a legitimate prayer. >e also described polyalphabetic ciphers in the now< standard orm o rectangular substitution tables. >e introduced the notion o changing alphabets with each letter. #iovan 3atista 3elaso introduced the notion o using a passphrase as the key or a repeated polyalphabetic cipher. 4This is the standard polyalphabetic cipher operation mis<named 88DigenIre77 by most writers to this day.5 #iovanni 3attista Porta wrote a te!t on ciphersintroducing the digraphic cipher. >e classi ied ciphers as transposition- substitution and symbol substitution 4use o a strange alphabet5. >e suggested use o synonyms and misspellings to con use the cryptanalyst. >e apparently introduced the notion o a mi!ed alphabet in a polyalphabetic tableau. Bellaso published an autokey cipher improving on the work o Cardano who appears to have invented the idea. Sir 0rancis 3acon described a cipher which now bears his name << a biliteral cipher- known today as a $<bit binary encoding. >e advanced it as a steganographic device << by using variation in type ace to carry each bit o the encoding. ESee Bacon7s writings on<line.F 3laise de :igen;re wrote a book on ciphersincluding the irst authentic plainte!t and cipherte!t autokey systems 4in which previous plainte!t or

&@;9<&@':

Civ

Kahn p.'&

&$&?

Civ

Kahn p.&9:<=

&$$9

Civ

Kahn p.&9;

&$=9

Civ

Kahn p.&9?

&$=@

Civ

Kahn p.&@@4 ootnote5

&=29

Civ

Bacon

&$?$

Civ

Kahn p.&@=

cipherte!t letters are used or the current letter7s key5. EKahn p.&@;, both o these were orgotten and re<invented late in the &'th century.F EThe autokey idea survives today in the #1S CBC and CJB modes.F Thomas +efferson- possibly aided by Dr) /obert Kahn p.&'2Patterson 4a mathematician at /. Penn.5- invented Cryptologia v.$ *o.@ his wheel cipher. This was re<invented in several pp.&'9<2:? orms later and used in ((<II by the /S *avy as the Strip Cipher- 2<&9?<%. Colonel Deci s 4adsworth produced a geared cipher disk with a di erent number o letters in the plain and cipher alphabets << resulting in a progressive cipher in which alphabets are used irregularly- depending on the plainte!t used. Charles 4heatstone invented what has become known as the Play air cipher- having been publici"ed by his riend 5yon Playfair. This cipher uses a keyed array o letters to make a digraphic cipher which is easy to use in the ield. >e also re<invented the (adsworth device and is known or that one. ,dmiral Sir 0rancis 3ea fort<s cipher 4a variant o what7s called 88DigenIre775 was published by his brother- a ter the admiral7s death in the orm o a @!$ inch card. Pliny Earle Chase published the irst description o a ractionating 4tomographic5 cipher.

&;':7s

civGgovt

&?&;

+ovt

Kahn p.&'$

&?$@

Civ

Kahn p.&'?

&?$;

Civ

Kahn p.2:2

&?$' &?$@

Civ Civ

Kahn p.2:9

Cryptologia v.$ *o.@ Charles 3abbage seems to have re<invented the pp.&'9<2:? wheel cipher.

&?=&<&'?:

Civ

#eavours

CCA study of ,nited tates patents from the issuance of the first cryptographic patent in ;7=; through ;573 identified ;,6=5 patents which are primarily related to cryptography.DD [p.1]
0riedrich 4) Kasis"i published a book giving the irst general solution o a polyalphabetic cipher with repeating passphrase- thus marking the end o several hundred years o strength or the polyalphabetic cipher. #uring the Civil (ar- possibly among other ciphersthe /nion used substitution o select words ollowed by word columnar<transposition while the Con ederacy used DigenIre 4the solution o which had Aust been published by Kasiski5.

&?=&

civG4govt5

Kahn p.2:;

&?=&<$

+ovt

Kahn p.2&$

&?'&

+ovtG4civ5

Cryptologia v.$ *o.@ 9a8or Etienne 3a=eries did his version o the wheel

pp.&'9<2:?

cipher and published the design in &':& a ter the Jrench %rmy reAected it. E1ven though he was a military cryptologist- the act that he published it leads me to rate this as 4civ5 as well as govt.F

&'&9

+ovt

Cryptologia v.$ *o.@ Captain Par"et >itt reinvented the wheel cipher- in pp.&'9<2:? strip orm- leading to the 2<&9?<% o ((<II. 9a8or +oseph !) 9a borgne put >itt7s strip cipher Cryptologia v.$ *o.@ back in wheel orm- strengthened the alphabet pp.&'9<2:? construction and produced what led to the 2<'@ cipher device. 4illiam 0rederic" 0riedman- later to be honored as the ather o /S cryptanalysis 4and the man who coined that term5- was employed as a civilian cryptanalyst 4along with his wi e 1li"ebeth5 at /iverban" 5aboratories and per ormed cryptanalysis or the /S +overnment- which had no cryptanalytic e!pertise o its own. (JJ went on to start a school or military cryptanalysts at )iverbank << later taking that work to (ashington and leaving )iverbank. #ilbert S) :ernam- working or %TKT- invented a practical polyalphabetic cipher machine capable o using a key which is totally random and never repeats << a one<time<tape. This is the only provably secure cipher- as ar as we know. This machine was o ered to the +overnment or use in ((<I but it was reAected. It was put on the commercial market in &'2:. The %#J+DL system was put into service by the +ermans near the end o ((<I. This was a cipher which per ormed a substitution 4through a keyed array5- ractionation and then transposition o the letter ractions. It was broken by the Jrench cryptanalyst- 5ie tenant #eorges Painvin. > go ,lexander Koch iled a patent in the *etherlands on a rotor based cipher machine. >e assigned these patent rights in &'2; to %rthur Scherbius who invented and had been marketing the 1nigma machine since about &'29. ,rvid #erhard Damm applied or a patent in Sweden or a mechanical rotor cipher machine. This machine grew into a amily o cipher machines under the direction o 3oris Caesar 4ilhelm >agelin who took over the business and was the only one o the commercial cryptographers o this period to make a thriving business. % ter the war- a Swedish law which enabled the government to appropriate inventions it elt important to de ense caused >agelin to move the company to Mug Swit"erland where it was

&'&=

+ovt

&'&;

Civ

Kahn p.9;&

&'&;

Civ

Kahn p.@:&

&'&?

+ovt

Kahn p.9@:<$

&'&'

Civ

Kahn p.@2:

&'&'

Civ

Kahn p.@22

incorporated as Crypto %+. The company is still in operation- although acing controversy or having allegedly weakened a cipher product or sale to Iran. Edward > gh >ebern incorporated 88>ebern 1lectric Code77- a company making electro< mechanical cipher machines based on rotors which turn- odometer style- with each character enciphered. ,rth r Scherbi s incorporated 88Chi riermaschinen %ktiengesellscha t77 to make and sell his 1nigma machine. ,lexander von Kryha produced his 88coding machine77 which was used- even by the +erman #iplomatic Corps- into the &'$:s. >owever- it was cryptographically weak N having a small period. % test cryptogram o &&9$ characters was solved by the /S cryptanalysts 0riedman? K llbac"? /owlett and Sin"ov in 2 hours and @& minutes. *evertheless- the machine continued to be sold and used << a triumph o salesmanship and a lesson to consumers o cryptographic devices. /sers o cryptography weren7t limited to legitimate bankers- lovers- e!perimenters- etc. There were also a hand ul o criminals. 88The greatest era o international smuggling << Prohibition << created the greatest era o criminal cryptology.77 'p(,-*+ To this day- the JBI runs a cryptanalytic o ice to deal with criminal cryptography. E%s o Kahn7s writing in &'=;that o ice was located at 2&$ Pennsylvania %venue S1- (ashington #C.F

&'2&

Civ

Kahn p.@&$

&'29

Civ

Kahn p.@2&

&'2@

Civ

#eavours p.&$&

&'2;<99

Civ

Kahn p.?:2

CCA retired lieutenant commander of the #oyal "avy devised the systems for Consolidated $.portersD Pacific operation, though its -ulf and Atlantic groups made up their own as needed. CC%is name was unknown but his cryptologic e.pertise was apparent. +he smugglersD systems grew increasingly more complicated. E ome of these are of a comple.ity never even attempted by any government for its most secret communications,E wrote Mrs. [Elizebeth Smith]

Friedman in a report in mid;5@3. EAt no time during the /orld /ar, when secret methods of communication reached their highest development, were there used such involved ramifications as are to be found in some of the correspondence of /est Coast rum running vessels.E DD [p.804]
&'2' Civ Kahn p.@:@ 5ester S) >ill published 88Cryptography in an %lgebraic %lphabet77 in which a block o plainte!t is enciphered by a matri! operation. The 1nigma machine was not a commercial success but it was taken over and improved upon to become the cryptographic workhorse o *a"i +ermany. EIt was broken by the Polish mathematician- 9arian /e8ews"i- based only on captured cipherte!t and one list o three months worth o daily keys obtained through a spy. Continued breaks were based on developments during the war by ,lan T ring? #ordon 4elchman and others at Bletchley Park in 1ngland.F The 6apanese Purple machine was invented in response to revelations by >erbert !) 2ardley and broken by a team headed by 4illiam 0rederic" 0riedman. The Purple machine used telephone stepping relays instead o rotors and thus had a totally di erent permutation at each step rather than the related permutations o one rotor in di erent positions. Kahn attributes the %merican SI+%B% 42<&9@<C5 to 4illiam 0) 0riedman while #eavours attributes it to an idea o 0ran" /owlett- one o Jriedman7s irst hires. It improved on the rotor inventions o >ebern and Scherbius by using pseudo<random stepping o multiple rotors on each enciphering step rather than have uni orm- odometer<like stepping o rotors as in 1nigma. It also used &$ rotors 4&: or character trans ormation- $ probably or controlling stepping5 rather than the 1nigma7s 9 or @. The British TOP1L machine was an o shoot o the commercial 1nigma purchased by the British or study in the &'2:7s. It was a $<rotor machine with the two initial rotors being stators- serving the purpose o the +erman 1nigma7s plugboard. Dr) >orst 0eistel led a research proAect at the IB2 (atson )esearch Bab in the &'=:7s which developed the Buci er cipher. This later inspired the

&'99<@$

+ovt

Kahn p.@22 4and many others5

&'9;

+ovt

Kahn p.&? .

&'9:7s

+ovt

Kahn p.$&: .#eavours p.&:-?'< '&

&'9:7s

+ovt

#eavours p.&@@

&';:

Civ

Jeistel

/S #1S 4below5 and other product ciphers- creating a amily labeled 88Jeistel ciphers77. % design by IB2- based on the Buci er cipher and with changes 4including both S<bo! improvements and reduction o key si"e5 by the /S *S%- was chosen to be the /.S. #ata 1ncryption Standard. It has since ound worldwide acceptance- largely because it has shown itsel strong against 2: years o attacks. 1ven some who believe it is past its use ul li e use it as a component << e.g.- o 9<key triple<#1S. 4hitfield Diffie and 9artin >ellman published 88*ew #irections in Cryptography77- introducing the idea o public key cryptography. They also put orth the idea o authentication by powers o a one way unction- now used in the SGKey challengeGresponse utility. They closed their paper with an observation or which this timeline web page gives detailed evidence, 88Skill in production cryptanalysis has always been heavily on the side o the pro essionalsbut innovation- particularly in the design o new types o cryptographic systems- has come primarily rom amateurs.77 Inspired by the #i ie<>ellman paper and acting as complete novices in cryptography- /onald 5) /ivest? ,di Shamir and 5eonard 9) ,dleman had been discussing how to make a practical public key system. 0ne night in %pril- )on )ivest was laid up with a massive headache and the )S% algorithm came to him. >e wrote it up or Shamir and %dleman and sent it to them the ne!t morning. It was a practical public<key cipher or both con identiality and digital signatures- based on the di iculty o actoring large numbers. They submitted this to 2artin +ardner on %pril @ or publication in Scienti ic %merican. It appeared in the September- &';; issue. The Scienti ic %merican article included an o er to send the ull technical report to anyone submitting a sel <addressed- stamped envelope. There were thousands o such re3uests- rom all over the world. Someone at *S% obAected to the distribution o this report to oreign nationals and or a while- )SK% suspended mailings << but when *S% ailed to respond to in3uiries asking or the legal basis o their re3uest- )SK% resumed mailings. %di Shamir believes this is the origin o the current policy Eas o %ugust &''$F that technical reports or papers can be reely distributed. E*ote, two international Aournals88Cryptologia77 and 88The 6ournal o Cryptology77 were ounded shortly a ter this attempt by *S% to restrain publication.F Contrary to rumor- )SK% apparently had no

&';=

civGgovt

JIPS P/B<@=

&';=

Civ

#i ie

%pril &';;

Civ

Shamir

knowledge o IT%) or patent secrecy orders. They did not publish be ore applying or international patents because they wanted to avoid such restraints on ree e!pression but rather because they were not thinking about patents or the algorithm. They Aust wanted to get the idea out. &';? Civ )S% The /S, algorithm was published in the Communications o the %C2. The rot&9 cipher was introduced into /S1*1T *ews so tware to permit the encryption o postings in order to prevent innocent eyes rom being assaulted by obAectionable te!t. This is the irst e!ample I know o in which a cipher with a key everyone knows actually was e ective. @ e8ia 5ai and +ames 9assey in Swit"erland published 88% Proposal or a *ew Block 1ncryption Standard77- a proposed International #ata 1ncryption %lgorithm 4I#1%5 << to replace #1S. I#1% uses a &2?<bit key and employs operations which are convenient or general purpose computers- there ore making so tware implementations more e icient. Charles >) 3ennett? #illes 3rassard et al. published their e!perimental results on Puantum Cryptography- which uses single photons to communicate a stream o key bits or some later Dernam encipherment o a message 4or other uses5. %ssuming the laws o 3uantum mechanics holdPuantum Cryptography provides not only secrecy but a positive indication o eavesdropping and a measurement o the ma!imum number o bits an eavesdropper might have captured. 0n the downside- PC currently re3uires a iber<optic cable between the two parties. Phil 1immermann released his irst version o P+P 4Pretty +ood Privacy5 in response to the threat by the JBI to demand access to the clearte!t o the communications o citi"ens. P+P o ered high security to the general citi"en and as such could have been seen as a competitor to commercial products like 2ailsa e rom )S%#SI. >owever- P+P is especially notable because it was released as reeware and has become a worldwide standard as a result while its competitors o the time remain e ectively unknown. Professor /on /ivest- author o the earlier )C2 and )C@ algorithms included in )S%#SI7s BS%J1 cryptographic library- published a proposed algorithm- )C$- on the Internet. This algorithm uses data<dependent rotation as its non<linear operation and is parameteri"ed so that the user can vary the

&'?@<$C

Civ

)0T&9

&'':

Civ

I%C)':

&'':

Civ

I%C)':

&''&

Civ

+ar inkel

&''@

Civ

)ivest

block si"e- number o rounds and key length. It is still too new to have been analy"ed enough to enable one to know what parameters to use or a desired strength << although an analysis by )S% Babsreported at C)OPT07'$- suggests that wQ92- rQ&2 gives strength superior to #1S. It should be remembered- however- that this is Aust a irst analysis.

So rces sed for above table :

Bacon: ir &rancis Bacon, CCDe Augmentis cientarumDD, Book =, Chapter i. Fas Buoted in C. topes, CCBacon- hakspere GuestionDD, ;775H Burton: ir #ichard &. Burton trans., CC+he 'ama utra of IatsayanaDD, Arkana!Penguin, ;55;. Deavours: Cipher A. Deavours and 8ouis 'ruh, CC(achine Cryptography and (odern CryptanalysisDD, Artech %ouse, ;57). Diffie: /hitfield Diffie and (artin %ellman, CC"ew Directions in CryptographyDD, :$$$ +ransactions on :nformation +heory, "ov ;56=. Feistel: %orst &eistel, CCCryptographic Coding for Data-Bank PrivacyDD, :B( #esearch #eport #C<7<6. Garfinkel: imson -arfinkel, CCP-PJ Pretty -ood PrivacyDD, *D#eilly K Associates, :nc., ;55). !"#$%: Proceedings, $,#*C#LP+ D53M pringer Ierlag. &ahn: David 'ahn, CC+he CodebreakersDD, (acmillan, ;5=6. 'rice: Derek 4. Price, CC+he $Buatorie of the PlanetisDD, edited from Peterhouse ( 6).:, Cambridge ,niversity Press, ;5)). #ivest: #onald 8. #ivest, CC+he #C) $ncryption AlgorithmDD, document made available by &+P and /orld /ide /eb, ;552. #()*+: teve Bellovin and (arcus #anum, individual personal communications, 4uly ;55). #S!: #ivest, hamir and Adleman, CCA method for obtaining digital signatures and public key cryptosystemsDD, Communications of the AC(, &eb. ;567, pp. ;<3-;<=. Shamir: Adi hamir, CC(yths and #ealitiesDD, invited talk at C#LP+* D5), anta Barbara, CAM August ;55).

Describe the >istory of Cryptography in the Anited State CISSP Seminar : %erbert Lardley

%eaded first crypto unit 0 ;5;6 o Black chamber &ather of crypto in america $stablished foreign crypto units o China 0 ;5@7 o Canada 0 ;52; /illiam &riedman Dean of modern American Crypto &irst Chief of ignal :ntelligence ervice 0 ;5<5 #eplaced Lardley9s cipher bureau

&ormed CB' Applied mathematics and statistical analysis 8aurance afford Developed naval communications intelligence organiNation Became Armed &orces ecurity Agency >A& A 0 ;525? o " A ;5)< Developed ,nderwood Code machine /ith ,nderwood typewriter company 2= 4apanese-$nglish keys o Copy traffic more efficiently 4oseph /enger Pioneered development of cryptanalysis machines Deputy director A& A 0 ;525 Iice director " A 0 ;5)< &rank #owlett Cryptanalysis work on machine systems /heatstone device -erman 'ryha machine +he Damm machine Iernam9s A+K+ machine +he %ebern machine igaba o (ost secure through //:: Cracked 4apanese Purple machine 0 ;523 Ierona ;52@ ProOect to analyNe and translate encrypted oviet message traffic >;7)3 translations? Public releases >;5))-5=? oviet espionage against ,. . A-bomb research '-B, "L and /ash DC J ;522-2) messages '-B, an &rancisco and (e.ico city J ;52<-2= messages -#,, "L and /ashington J ;52= messages '-B and -#,, non ,. ., non-me.ico >e.g., (ontevideo? J ;523-2= messages

Define Plaintext and Ciphertext CISSP Seminar : Plainte!t , #ata in unscrambled orm Cipherte!t , Scramble data Cryptography FAQ : The original message is &alled a plainte.t( The disguised message is called a cipherte!t.

Compare and contrast the terms Encipher and Decipher CISSP Seminar : 1ncipher , act o scrambling the data #ecipher , act o descrambling data with secret key /SA Crypto FAQ : 1ncryption 41ncipher5 is the trans ormation o data into a orm that is as close to impossible as possible to read with out the appropriate knowledge 4a key5. Its purpose is to ensure privacy by keeping in ormation hidden rom anyone or whom it is not intended- even those who have access to the encrypted data. #ecryption 4#ecipher5 is the reverse o encryptionR it is the trans ormation o encrypted data back into an intelligible orm. 1ncryption and decryption generally re3uire the use o some secret in ormationre erred to as a key. Jor some encryption mechanisms- the same key is used or both encryption and decryptionR or other mechanisms- the keys used or encryption and decryption are di erent Define Cryptanalysis CISSP Seminar : Cryptanalysis , #escrambling without secret key /SA Crypto FAQ : Cryptanalysis is the lip<side o cryptography, it is the science o cracking codesdecoding secrets- violating authentication schemes- and in general- breaking cryptographic protocols. In order to design a robust encryption algorithm or cryptographic protocol- one should use cryptanalysis to ind and correct any weaknesses. This is precisely the reason why the best 4most trusted5 encryption algorithms are ones that have been made available to public scrutiny. Jor e!ample- #1S has been e!posed to public scrutiny or years- and is there ore well<trusted- while SkipAack is secret and less well<trusted. It is a basic tenet o cryptology that the security o an algorithm should not rely on its secrecy. Inevitably- the algorithm will be discovered and its weaknesses 4i any5 will be e!ploited. The various techni3ues in cryptanalysis attempting to compromise cryptosystems are re erred to as attacks. Some attacks are general- whereas others apply only to certain types o cryptosystems. Define BKeyB as it refer to Cryptography CISSP Seminar: Key, Secret se3uence governing enGdeciphering /SA Crypto FAQ: % cryptosystem is usually a whole collection o algorithms. The algorithms are labelledR the labels are called keys. Jor instance- Caesar probably used 88shi t by n77 encryption or several di erent values o n. It7s natural to say that n is the "ey here. Define the Strength of "ey as it pertains to "ey length

CISSP Seminar: Considering that encryption is based on actoring actor- a longer key will provide better protection than a shorter key. >owever one must ensure that the algorithm being used is a strong cryptosystem. Consider the follo!ing from the Cryptography FAQ: 1very well<designed cryptosystem has such a large key space that this brute< orce search is impractical. %dvances in technology sometimes change what is considered practical. Jor e!ample- #1S- which has been in use or over &: years now- has 2S$=- or about &:S&;- possible keys. % computation with this many operations was certainly unlikely or most users in the mid<;:7s. The situation is very di erent today given the dramatic decrease in cost per processor operation. 2assively parallel machines threaten the security o #1S against brute orce search. /SA Crypto FAQ: The security o a strong system resides with the secrecy o the key rather than with the supposed secrecy o the algorithm. % strong cryptosystem has a large keyspace. It has a reasonably large unicity distance. The unicity distance is an appro!imation to that amount o cipherte!t such that the sum o the real in ormation 4entropy5 in the corresponding source te!t and encryption key e3uals the number o cipherte!t bits used. Cipherte!ts signi icantly longer than this can be shown probably to have a uni3ue decipherment. This is used to back up a claim o the validity o a cipherte!t<only cryptanalysis. Cipherte!ts signi icantly shorter than this are likely to have multiple- e3ually valid decryptions and there ore to gain security rom the opponent7s di iculty choosing the correct one. Define Ciphertext !nly ,ttac" CC!,D CISSP Seminar: 0nly statistical knowledge o plainte!t available. /SA Crypto FAQ: % cipherte!t<only attack is one in which the cryptanalyst obtains a sample o cipherte!t- without the plainte!t associated with it. This data is relatively easy to obtain in many scenarios- but a success ul cipherte!t<only attack is generally di icult- and re3uires a very large cipherte!t sample. Define "nown Plaintext ,ttact CKP,D CISSP Seminar: Some past plain te!t and matching cipherte!t known /SA Crypto FAQ: % known<plainte!t attack is one in which the cryptanalyst obtains a sample o cipherte!t and the corresponding plainte!t as well.

Define Chosen Text ,ttac" CCT,D CISSP Seminar: Crypto device loaded with hidden key provided and input o plainte!t or cipherte!t allowed to see the other. /SA Crypto FAQ: % chosen<plainte!t attack is one in which the cryptanalyst is able to choose a 3uantity o plainte!t and then obtain the corresponding encrypted cipherte!t. Describe Stream Ciphers CISSP Seminar: 0perate on continuous streams o plain te!t 4as &Ts and :Ts5 /sually implemented in hardware /SA Crypto FAQ: % stream cipher is a type o symmetric encryption algorithm. Stream ciphers can be designed to be e!ceptionally ast- much aster than any block cipher. (hile block ciphers operate on large blocks o data- stream ciphers typically operate on smaller units o plainte!t- usually bits. The encryption o any particular plainte!t with a block cipher will result in the same cipherte!t when the same key is used. (ith a stream cipher- the trans ormation o these smaller plainte!t units will varydepending on when they are encountered during the encryption process. % stream cipher generates what is called a keystream 4a se3uence o bits used as a key5. 1ncryption is accomplished by combining the keystream with the plainte!t- usually with the bitwise e!clusive<0) operation. The generation o the keystream can be independent o the plainte!t and cipherte!t 4yielding what is termed a synchronous stream cipher5 or it can depend on the data and its encryption 4in which case the stream cipher is said to be sel <synchroni"ing5. 2ost stream cipher designs are or synchronous stream ciphers. Define 3loc" Ciphers CISSP Seminar: 0perate on i!ed si"e blocks o plain te!t 2ore suitable implemented in so tware to e!ecute on general<purpose computer There is some overlap when block operated as stream. /SA Crypto FAQ: % block cipher is a type o symmetric<key encryption algorithm that trans orms a i!ed<length block o plainte!t 4unencrypted te!t5 data into a block o cipherte!t 4encrypted te!t5 data o the same length. This trans ormation takes place under the action o a user<provided secret key. #ecryption is per ormed by applying the reverse trans ormation to the cipherte!t block using the same secret key. The i!ed length is called the block si"e- and or many block ciphers- the block si"e is =@ bits. In the coming years the block si"e will increase to &2? bits as processors become more sophisticated.

Describe 0eat res of Stream Cipher ,lgorithm CISSP Seminar: Bong periods o time with no repeating Junctionally comple! Statistically unpredictable Statistically unbiased keystream %s many :Ts and &Ts Keystream not linearly related to key Identify the ,pplications of Cryptography CISSP Seminar: Data torage Prevent disclosure Password files Backup tapes Bulk +elecommunications Prevent disclosure Data transmission +, (essage authentication Detect fraudulent insertion Detect fraudulent deletion Detect fraudulent modification Detect replay Digital ignature ource Ierification "on-#epudiation
/SA Crypto FAQ :

% typical application o cryptography is a system built out o the basic techni3ues. Such systems can be o various levels o comple!ity. Some o the more simple applications are secure communication- identi ication- authentication- and secret sharing. 2ore complicated applications include systems or electronic commercecerti ication- secure electronic mail- key recovery- and secure computer access. In general- the less comple! the application- the more 3uickly it becomes a reality. Identi ication and authentication schemes e!ist widely- while electronic commerce systems are Aust beginning to be established. Secure Communication Secure communication is the most straight orward use o cryptography. Two people may communicate securely by encrypting the messages sent between them. This can be done in such a way that a third party eavesdropping may never be able to decipher the messages. (hile secure communication has e!isted or centuries- the key management problem has prevented it rom becoming commonplace. Thanks to the development o public<key cryptography-

the tools e!ist to create a large<scale network o people who can communicate securely with one another even i they had never communicated be ore. Identi ication and %uthentication Identi ication and authentication are two widely used applications o cryptography. Identi ication is the process o veri ying someone7s or something7s identity. Jor e!ample- when withdrawing money rom a bank- a teller asks to see identi ication 4e.g. a driver7s license5 to veri y the identity o the owner o the account. This same process can be done electronically using cryptography. 1very automatic teller machine 4%T25 card is associated with a HsecretH personal identi ication number 4PI*5- which binds the owner to the card and thus to the account. (hen the card is inserted into the %T2- the machine prompts the cardholder or the PI*. I the correct PI* is entered- the machine identi ies that person as the right ul owner and grants access. %nother important application o cryptography is authentication. %uthentication is similar to identi ication- in that both allow an entity access to resources 4such as an Internet account5- but authentication is broader because it does not necessarily involve identi ying a person or entity. %uthentication merely determines whether that person or entity is authori"ed or whatever is in 3uestion. Jor more in ormation on authentication and identi ication. Secret Sharing %nother application o cryptography- called secret sharing- allows the trust o a secret to be distributed among a group o people. Jor e!ample- in a 4K- *5< threshold scheme- in ormation about a secret is distributed in such a way that any K out o the * people 4KU*5 have enough in ormation to determine the secret- but any set o K<& people do not. In any secret sharing scheme- there are designated sets o people whose cumulative in ormation su ices to determine the secret. In some implementations o secret sharing schemes- each participant receives the secret a ter it has been generated. In other implementations- the actual secret is never made visible to the participants- although the purpose or which they sought the secret 4e.g. access to a building or permission to e!ecute a process5 is allowed. 1lectronic Commerce 0ver the past ew years there has been a growing amount o business conducted over the Internet < this orm o business is called electronic commerce or e< commerce. 1<commerce is comprised o online banking- online brokerage accounts- and Internet shopping- to name a ew o the many applications. 0ne can book plane tickets- make hotel reservations- rent a car- trans er money rom one account to another- buy compact disks 4C#s5- clothes- books and so on all while sitting in ront o a computer. >owever- simply entering a credit card number on the Internet leaves one open to raud. 0ne cryptographic solution to this problem is to encrypt the credit card number 4or other private in ormation5 when it is entered on<line- another is to secure the entire session. (hen a computer encrypts this in ormation and sends it out on the Internet- it is incomprehensible to a third party viewer. The web<server 4HInternet shopping centerH5 receives the encrypted in ormation- decrypts it- and proceeds with the sale without ear that the credit card number 4or other personal in ormation5

slipped into the wrong hands. %s more and more business is conducted over the Internet- the need or protection against raud- the t and corruption o vital in ormation increases. Certi ication %nother application o cryptography is certi icationR certi ication is a scheme by which trusted agents such as certi ying authorities vouch or unknown agentssuch as users. The trusted agents issue vouchers called certi icates which each have some inherent meaning. Certi ication technology was developed to make identi ication and authentication possible on a large scale. Key )ecovery Key recovery is a technology that allows a key to be revealed under certain circumstances without the owner o the key revealing it. This is use ul or two main reasons, irst o all- i a user loses or accidentally deletes their key- key recovery could prevent a disaster. Secondly- i a law en orcement agency wishes to eavesdrop on a suspected criminal without their knowledge 4akin to a wiretap5they must be able to recover the key. Key recovery techni3ues are in use in some instancesR however- the use o key recovery as a law en orcement techni3ue is somewhat controversial. )emote %ccess Secure remote access is another important application o cryptography. The basic system o passwords certainly gives a level o security or secure accessbut it may not be enough in some cases. Jor instance- passwords can be eavesdropped- orgotten- stolen- or guessed. 2any products supply cryptographic methods or remote access with a higher degree o security. 0ther %pplications Cryptography is not con ined to the world o computers. Cryptography is also used in cellular phones as a means o authenticationR that is- it can be used to veri y that a particular phone has the right to bill to a particular phone number. This prevents people rom stealing 4HcloningH5 cellular phone numbers and access codes. Identify the Ases of Cryptography CISSP Seminar: $&+ systems $-(ail Communication links /SA Crypto FAQ: Today7s cryptography is more than encryption and decryption. %uthentication is as undamentally a part o our lives as privacy. (e use authentication throughout our everyday lives <when we sign our name to some document or instance andas we move to a world where our decisions and agreements are communicated electronically- we need to have electronic techni3ues or providing authentication. Cryptography provides mechanisms or such procedures. % digital signature binds a document to the possessor o a particular key- while a digital timestamp binds a document to its creation at a particular time. These cryptographic

mechanisms can be used to control access to a shared disk drive- a high security installation- or a pay<per<view TD channel. The ield o cryptography encompasses other uses as well. (ith Aust a ew basic cryptographic tools- it is possible to build elaborate schemes and protocols that allow us to pay using electronic money- to prove we know certain in ormation without revealing the in ormation itsel - and to share a secret 3uantity in such a way that a subset o the shares can reconstruct the secret. Compare and contrast Symmetric and ,symmetric Key Cryptography CISSP Seminar: SO221T)IC K1O, Also known as private key, single key, secret key 'ey shared by originator and receiver Computational efficiency advantage ;-;33 million bits!sec. Data $ncryption tandard >D$ ? %SO221T)IC K1O, Also known as public key ,ses < asymmetric keys *ne to encrypt and one to decrypt Computationnally slow &ew thousand bits!sec. >early versions? #ivest- hamir-Adleman ># A? algorithm #elated to known mathematical problem Difficulty factoring product of < large prime numbers /SA Crypto FAQ: There are two types o cryptosystems, secret<key and public<key. In secret<key cryptography- also re erred to as symmetric cryptography- the same key is used or both encryption and decryption. The most popular secret<key cryptosystem in use today is known as #1S- the #ata 1ncryption Standard. IB2 developed #1S in the middle &';:7s and it has been a Jederal Standard ever since &';=. In public<key cryptography- each user has a public key and a private key. The public key is made public while the private key remains secret. 1ncryption is per ormed with the public key while decryption is done with the private key. The )S% public<key cryptosystem is the most popular orm o public<key cryptography. )S% stands or )ivest- Shamir- and %dleman- the inventors o the )S% cryptosystem. The #igital Signature %lgorithm 4#S%5 is also a popular public<key techni3uethough it can only be used only or signatures- not encryption. The primary advantage o public<key cryptography is increased security and convenience, private keys never need to be transmitted or revealed to anyone. In a secret<key system- by contrast- the secret keys must be transmitted 4either manually or through a communication channel5 since the same key is used or

encryption and decryption. % serious concern is that there may be a chance that an enemy can discover the secret key during transmission. %nother maAor advantage o public<key systems is they can provide digital signatures that cannot be repudiated. %uthentication via secret<key systems re3uires the sharing o some secret and sometimes re3uires trust o a third party as well. %s a result- a sender can repudiate a previously authenticated message by claiming the shared secret was somehow compromised by one o the parties sharing the secret. Jor e!ample- the Kerberos secret<key authentication system involves a central database that keeps copies o the secret keys o all usersR an attack on the database would allow widespread orgery. Public<key authentication- on the other hand- prevents this type o repudiationR each user has sole responsibility or protecting his or her private<key. This property o public<key authentication is o ten called non<repudiation. % disadvantage o using public<key cryptography or encryption is speed. There are many secret<key encryption methods that are signi icantly aster than any currently available public<key encryption method. *evertheless- public<key cryptography can be used with secret<key cryptography to get the best o both worlds. Jor encryption- the best solution is to combine public and secret<key systems in order to get both the security advantages o public<key systems and the speed advantages o secret<key systems. Such a protocol is called a digital envelope. Public<key cryptography may be vulnerable to impersonation- even i users7 private<keys are not available. % success ul attack on a certi ication authority will allow an adversary to impersonate whomever he or she chooses by using a public<key certi icate rom the compromised authority to bind a key o the adversary7s choice to the name o another user. In some situations- public<key cryptography is not necessary and secret<key cryptography alone is su icient. These include environments where secure secret key distribution can take place- or e!ample- by users meeting in private. It also includes environments where a single authority knows and manages all the keys- e.g.- a closed banking system. Since the authority knows everyone7s keys already- there is not much advantage or some to be HpublicH and others Hprivate.H %lso- public<key cryptography is usually not necessary in a single<user environment. Jor e!ample- i you want to keep your personal iles encrypted- you can do so with any secret<key encryption algorithm using- say- your personal password as the secret key. In general- public<key cryptography is best suited or an open multi<user environment. Public<key cryptography is not meant to replace secret<key cryptography- but rather to supplement it- to make it more secure. The irst use o public<key techni3ues was or secure key establishment in a secret<key system E#>;=FR this is still one o its primary unctions. Secret<key cryptography remains e!tremely important and is the subAect o much ongoing study and research. Identify Types of Encryption Systems CISSP Seminar: Classical substitution ciphers

+ransposition >permutation? ciphers Polyalphabetic Ciphers #unning key ciphers Concealment Digital ystem Codes (achines *ne-+ime pad D$ !Clipper Double!+riple D$ Public 'ey # A $lliptic curve P-P $l -amal Diffie-%ellman

Compare and contrast S bstit tion ciphers and Transposition Ciphers CISSP Seminar: %n e!ample o substitution cipher would be the VTCeasar cipherTT. In which each plainte!t character is replaced by the character three to the right o modulo 2= 4VT%TT is replaced by VT#TT- VTBTT is replaced by VT1TT- and so on. Shi t alphabet 1!ample, A B C D E F.. BAD D E F G H I EDG Scramble %lphabet 1!ample, A B C D E F.. BAD Q E Y R T M. EQR %n e!ample o transposition cipher would be as ollows, Position of letters permuted. (essage broken into )-character groups 8etters rearranged dont give up the ship (Message) 1234512345123451234512345 (Groups of 5) 3512435124351243512435124 (The key) ndtoiv egp tu shhe i p (Ciphertext) /SA Crypto FAQ: % substitution cipher is one in which each character o the plainte!t is substituted or another character o cipherte!t. The receiver inverts the substitution on the cipherte!t to recover the plainte!t. In a Transposition cipher the plainte!t remains the same- but the order o characters is shu led around.

Describe the concept of Polyalphabetic Ciphers CISSP Seminar: /ses di erent alphabets to de eat re3uency analysis. ee e.ample with ) alphabets below 1!ample, a b c d e f g h i (normal alphabet) q w e r t. (1st alphabet) d m s i k (2nd Alphabet) o h g x f (3rd Alphabet) z b n l a (4th Alphabet) y c v u p (5th Alphabet) abcde (Plaintext) qdozy (ciphertext) Applied Cryptography 0ood" Page -1: % polyalphabetic cipher is made up o multiple simple substitution cipher. Jor e!ample- there might be ive di erent simple substitution cipher usedR the particular one used changes with the position o each character o the plainte!t. Describe the concept of Concealment Ciphers CISSP Seminar: The true letters o plainte!t are hiddenGdisguised By device or algorithm $.ampleJ divide message o ,se ; word at a time o %ave it appear as every )th word in a sentence o (essage in clear te.tJ P9Buy gold99 o (essage in concealmentJ P9Product is a good B,L, it has ten percent -*8D content99 Define and describe Steganography CISSP Seminar: Stenography is the art o hiding communications Deny message e.ists Data hidden in picture files, sound files, slack space on floppies o :Je 8east significant bits of Bitmap image can be used to hide messages, usually without material change to original file. Applied Cryptography" Page ): Steganography serves to hide secret messages in other messages- such that the secretTs very e!istence is concealed. +enerally the sender writes an innocuous message and then conceals a secret message on the same piece o paper. >istorical tricks includes invisible inks- tiny pin puncture on selected charactersminute di erences between handwritten characters- pencil marks on typewritten

characters- grilles which cover most o the message e!cept or a ew charactersand so on. 2ore recently people are hiding secrets in graphic image. Describe Digital System Encryption CISSP Seminar: The key and message both streams o bits $ach te.t character Q 7 bits $ach key bit A*#ed >e.clusived-or9ed? with corresponding message bit A*# operation yields 3 if both bits the same and ; is different 1!ample, 21SS%+1 ST)1%2 :&::&::: K1O ST)1%2 &&:&:::& CIP>1)T1LT ST)1%2 &::&&::& Define the word BCodesB as it pertains to Cryptography CISSP Seminar: Bist o wordsGphrasesG 4codes5 with corresponding random groups o numbersGletters 4code groups5 Applied Cryptography" Page ): >istorically- a code re ers to a cryptosystem that deals with linguistic units, words- phrases- sentences- and so orth. Jor e!ample- the word VT0C1B0TTT might be the cipherte!t o the entire phrase VTTurn le t ': degreesTT- the word VTB0BBIP0PTT might be the cipherte!t or VTTurn right ': degreesTT- and the words VTB1*T 1%)TT might be the cipherte!t or VT>0(ITM1)TT. Codes are only use ul or speciali"ed circumstances. Ciphers are use ul or any circumstance. Codes are limited- i your code does not have an entry or a speci ic word then you canTt say it- you can say anything you wish using cipher. Compare and contrast >agelin and /otor Cryptography 9achines CISSP Seminar: %agelin (achine Combines plain te.t >character by character? withJ 'eystream >long pseudo-random seBuence? +o produce cipher te.t

#otor (achines #otor implements cipher alphabet #otor connected in banks ignal entering one end permuted by each of rotors before leaving at other end 'eyed by changing rotor variables o #otors!order of rotors o "umber of stopping pieces per wheel o Pattern of motion

Describe the se and characteristics of B!ne.Time.PadB Encryption CISSP Seminar: ,nbreakable by e.haustive search >brute force? #andom key same length as message *nly used once Digital system key and message both bit streams 7 bits per character $ach key bit A*#ed with corresponding message bit Produces cipherte.t bit 'ey bits A*#ed with cipherte.t to decrypt Describe the history of the DES Encryption CISSP Seminar: :B( cryptographic research >late ;5=39s? (odification of 8ucifer developed by :B( "on-linear block ciphers :B( developed >about ;56<? "B solucited >about ;56@ and ;562? Adopted >;566? A" : approved >;567? " A threatened decertification >;576? ": + recertified for ) years >;577, ;55@? 2et!or Computing: The most common private key encryption standard that is used is the #ata 1ncryption Standard 4#1S5 developed by IB2 in the early &';:s. It is the de acto industry standard or cryptography systems and is the worldTs most commonly used encryption mechanism. This private key system is widely deployed in inancial networks including automated teller machines and point<o < sale networks. It was adopted as a Jederal In ormation Processing Standard 4JIPS P/B @=5 in &';; and as an %merican *ational Standard 4%*SI L9.'25 in &'?&. Jurther clari ication on the modes o use o the algorithm is contained in %*SI standard L9.&:=. Describe the DES ,lgorithm CISSP Seminar: =2 bit plain and cipher te.t block siNe )= bit true key plus 7 parity bits eventy Buadrillion possible keys ingle-Chip 8 : implentation About )3R per unit ;= rounds of simple operations to encrypt +ransposition and substitution #everse to decrypt

/SA Crypto FAQ: The #1%- also called #1S- has been e!tensively studied since its publication and is the best known and widely used symmetric algorithm in the world. The #1% has a =@<bit block si"e and uses a $=<bit key during e!ecution 4? parity bits are stripped o rom the ull =@<bit key5. The #1% is a symmetric cryptosystem- speci ically a &=<round Jeistel cipher and was originally designed or implementation in hardware. (hen used or communication- both sender and receiver must know the same secret key- which can be used to encrypt and decrypt the message- or to generate and veri y a message authentication code 42%C5. The #1% can also be used or single<user encryption- such as to store iles on a hard disk in encrypted orm. In a multi<user environment- secure key distribution may be di icultR public<key cryptography provides an ideal solution to this problem. *IST has recerti ied #1S 4JIPS @=<&5 every ive yearsR #1S was last recerti ied in &''9- by de ault. *IST has indicated- however- it will not recerti y #1S again. The development o %1S- the %dvanced 1ncryption Standard is underway. %1S will replace #1S. Compare and contrast the 9odes of the DES ,lgorithm CISSP Seminar: $lectronic code book =2 bits data blocks entered directly into device =2 bits cipher blocks generated under key #estricted to protection of encrypting keys and initialiNing vectors

*utput &eedback D$ generated keystream A*#ed with message stream imulates one-time-pad 'eystream generated by D$ encrypting =2 bits initialiNation vector with secret key D$ output bits fed back as input to generate ne.t segment key bits Cipher &eedback Device generates stream of random binary bits Combined with plain te.t -enerated cipher with same number of bits as te.t Cipher te.t fed back to form a portion of ne.t input Cipher Block Chaining =2 bit plain te.t blocks loaded seBuentially A*#ed with =2 bits initialiNing vector Combination processed into cipher under key &irst cipherte.t A*#ed with ne.t te.t block Process continues until end of plainte.t chain

/SA Crypto FAQ: 1CB < 1lectronic Code Book

1ach block o cipherte!t is encrypted independently o any other block. There ore each cipherte!t block corresponds to one plainte!t block Aust like in a code book. CBC < Chain Block Cipher 1CB does not protect against insertion o repeated blocks because blocks are treated independently. %nother weakness is that identical plainte!t blocks generate identical cipherte!t blocks. To improve #1S or communication streams each =@ bit block is 1L0)ed with the previous =@ bit cipherte!t be ore entered into the #1S chip. In addition to a common secret key the sender and receiver need to agree on an initial vector to be 1L0)ed with the irst block o a messages stream. CJ2 < Cipher Jeedback 2ode CJ2 is an alternate mode or #1S on ? bit characters. The input character is 1L0)ed with the least signi icant byte o the #1S output and then transmitted over the communication link. In order to collect enough bits or the =@ bit encryption block the output characters are collected in a character based shi t register. 1ach output character advances the shi t register by ? bits and triggers a new #1S encryption. Thereby the ne!t input character will be 1L0)ed with a new #1S output. CJ2 is suitable or use on serial lines. Describe the caracteristics and sage of Do bleETriple DES CISSP Seminar: Double D$ $ffective key length ;;< bits /ork factor about the same as single D$ "o more secure

+riple D$ $ncrypt with first key Decrypt with second key $ncrypt with first key "o successfull attack reported

/SA Crypto FAQ: Jor some time it has been common practice to protect and transport a key or #1S encryption with triple<#1S. This means that the input data 4in this case the single<#1S key5 is- in e ect encrypted three times. There are o course a variety o ways o doing thisR we will e!plore these ways below. % number o modes o triple<encryption have been proposed, #1S<1119, Three #1S encryptions with three di erent keys. #1S<1#19, Three #1S operations in the se3uence encrypt<decrypt<encrypt with three di erent keys. #1S<1112 and #1S<1#12, Same as the previous ormats e!cept that the irst and third operations use the same key.

%ttacks on two<key triple<#1S have been proposed by 2erkle and >ellman E2>?&F and Dan 0orschot and (iener ED('&F- but the data re3uirements o these attacks make them impractical. Jurther in ormation on triple<#1S can be obtained rom various sources EBih'$FEK)'=F. The use o double and triple encryption does not always provide the additional security that might be e!pected. Preneel EPre'@F provides the ollowing comparisons in the security o various versions o multiple<#1S and it can be seen that the most secure orm o multiple encryption is triple<#1S with three distinct keys.
# Encryptions #Keys Computation Storage Type of attack single 1 2^56 - known plaintext single 1 2^38 2^38 chosen plaintext single 1 - 2^56 chosen plaintext double 2 2^112 - known plaintext double 2 2^56 2^56 known plaintext double 2 - 2^112 known plaintext triple 2 2S$= 2S$= 2S$= known plainte!t triple 2 2^120-t 2t 2t known plaintext triple 2 - 2^56 chosen plaintext triple 3 2^112 2^56 known plaintext triple 3 2^56 2^112 chosen plaintext

Table &, Comparison o di erent orms o #1S multiple encryption Bike all block ciphers- triple<#1S can be used in a variety o modes. The %*SI L'.$2 standard 4see Puestion $.9.&5 details the di erent ways in which triple< #1S might be used and is e!pected to be completed during &''?. Compare and Contrast the /elative 3enefits of Escrowed Encryption CISSP Seminar: To be completedCCCC Personal &omments: Key escrow is a real can o worm depending on who you are talking to. There is two side o this- a group that claim it is madatory and another group that claim it would be against their reedom o speech and civil liberties. >ere are some o the degates, Criminal encryption use e!ists. 1ncryption has already been used by criminals to keep their activities secret rom the JBI and law en orcement. Jrom &''$ to &''=- the number o cases in which the JBI was oiled by encryption more than doubled 4$ to &25. 1ncryption is not regulatable outside the /S. *on<escrowed strong encryption is already available in over 2:: other countries- and it will still be available in these countries- even i the /S +overnment decides to institute an escrowed encryption policy. Key recovery is e!pensive. % mandatory key recovery policy- i instituted by the government- would be very costly not only or the government itsel 4operational costs5- but also or so tware companies that have developed the ?:: encryption products currently on the market. These companies will have to completely re< engineer their products in order to comply with the government7s new policy.

1scrow has not been thoroughly tested. There are millions o encryption users and thousands o agents and law en orcement agencies. Key escrow has never been tested in a wide<scale environment. 2andatory escrow can be circumvented. There is no way to HscanH the Internet to detect use o non<escrowed encryption. Key recovery leaves a Hback doorH in the so tware. 0ur nation7s critical systems 4air tra ic control- de ense systems- the power grid- etc.5 would likely be protected by key recovery. There is no way to ensure that the system will be sa e rom hackers and terrorists. 1scrow involves humans. %s with any type o security system involving humansthere are vulnerabilities. The government would hold the key to everyone7s personal data. /nder current proposed legislation- keys would be released by a court subpoena- not a Audicial order. Define BClipperB and the BShip8ac"B ,lgorithm CISSP Seminar: Clipper +amper-resistant hardware chip " A-designed single-key encryption algorithm >shipOack? Decrypted by special chip, uniBue key and special law enforcement access field >8$A&? transmitted with encrypted communication. #egardless of session key Chip uniBue key is A*# of < components $ach encrypted and stored in escrow with separate escrow agent Both needed to construct chip uniBue key and decrypt #elease to authoriNed government agent for authoriNed surveillance.

hipOack Algorithm +ransform =2 bit input block into =2 bit output block 73 bit key length ame operating modes as D$ >2 of them? Classified to prevent implementing >in either software or hardware? without 8$A&

/SA Crypto FAQ: The Clipper chip contains an encryption algorithm called SkipAack. 1ach chip contains a uni3ue ?:<bit unit key /- which is escrowed in two parts at two escrow agenciesR both parts must be known in order to recover the key. %lso present is a serial number and an ?:<bit H amily keyH JR the latter is common to all Clipper chips. The chip is manu actured so that it cannot be reverse engineeredR this means that the SkipAack algorithm and the keys cannot be recovered rom the chip. SkipAack is the encryption algorithm contained in the Clipper chip- designed by the *S% 4see Puestion =.2.25. It uses an ?:<bit key to encrypt =@<bit blocks o data. SkipAack is e!pected to be more secure than #1S in the absence o any analytic attack since it uses ?:<bit keys. By contrast- #1S uses $=<bit keys.

Initially the details o SkipAack were classi ied and the decision not to make the details o the algorithm publicly available was widely critici"ed. Some people were suspicious that SkipAack might not be secure- either due to an oversight by its designers- or by the deliberate introduction o a secret trapdoor. Since SkipAack was not public- it could not be widely scrutini"ed and there was little public con idence in the cipher. %ware o such criticism- the government invited a small group o independent cryptographers to e!amine the SkipAack algorithm. They issued a report EB#K'9F which stated that although their study was too limited to reach a de initive conclusion- they nevertheless believed SkipAack was secure. In 6une o &''? SkipAack was declassi ied by the *S%. 1arly cryptanalysis has ailed to ind any substantial weakness in the cipher. Describe the elements of the Electronic Data Sec rity ,ct of &''F CISSP Seminar: To be completedCCCC Ele&troni& 3ata Se&urity A&t -))*: The 1lectronic #ata Security %ct states itTs goals as, To enable the development o a key management in rastructure or public<key< based encryption and attendant encryption products that will assure that individuals and businesses can transmit and receive in ormation electronically with con idence in the in ormation7s con identiality- integrity- availability- and authenticity- and that will promote timely law ul government access. Describe the basis of P blic.Key ,lgorithms CISSP Seminar: &actoring large prime numbers # A Discrete log problem >difficulty of taking logarithms in finite fields? $l -amal encryption scheme and signature algorithm chnorr9s signature algorithm "ybergrueppel9s signature algorithm tation-to- tation protocol for key agreement > + ? Digital ignature Algorithm >D A? $lliptic Curve Crypto >$CC? /SA Crypto FAQ: Public<key cryptosystems are based on a problem that is in some sense di icult to solve. #i icult in this case re ers more to the computational re3uirements in inding a solution than the conception o the problem. These problems are called hard problems. Some o the most well known e!amples are actoring- theorem< proving- and the Htraveling salesman problemH < inding the route through a given collection o cities which minimi"es the total length o the path. Jactoring is the underlying- presumably hard problem upon which several public< key cryptosystems are based- including the )S% algorithm. Jactoring an )S% modulus would allow an attacker to igure out the private keyR thus- anyone who

can actor the modulus can decrypt messages and orge signatures. The security o the )S% algorithm depends on the actoring problem being di icult and the presence o no other types o attack. In general the larger the number the more time it takes to actor it. 0 course i you have a number like 2S&:: it is easier to actor than say- a number with hal as many digits but the product o two primes o about the same length. This is why the si"e o the modulus in )S% determines how secure an actual use o )S% isR the larger the modulus- the longer it would take an attacker to actor- and thus the more resistant the )S% modulus is to an attack. Define Elleptic C rve Cryptosystems CECCD CISSP Seminar: ,ses algebraic system defined on points of elliptic curve to provide public-key algorithms. Digital signature ecret key distribution Confidential info transmission

&irst proposed by Iictor (iller >:B(!C#D? ;57) K "eal koblitN > /ashington univ?

/SA Crypto FAQ: 1lliptic curve cryptosystems were irst proposed independently by Dictor 2iller E2il?=F and *eal Koblit" EKob?;F in the mid<&'?:s. %t a high level- they are analogs o e!isting public<key cryptosystems in which modular arithmetic is replaced by operations de ined over elliptic curves. The elliptic curve cryptosystems that have appeared in the literature can be classi ied into two categories according to whether they are analogs to )S% or discrete logarithm based systems. Describe the advantages of Elliptic C rves Cryptosystems CECCD CISSP Seminar: %ighest strength!bit of public key systems Big saving over other public key systems Computation Bandwidth torage Bandwith reduced hort signature and certificates &ast encryption and signature speed %ardware and software

:deal for very small hardware implementations mart card $ncryption and digital signatures stages separable to simplify e.port

/SA Crypto FAQ: Presently- the methods or computing general elliptic curve discrete logs are much less e icient than those or actoring or computing conventional discrete logs. %s a result- shorter key si"es can be used to achieve the same security o conventional public<key cryptosystems- which might lead to better memory re3uirements and improved per ormance. 0ne can easily construct elliptic curve encryption- signature- and key agreement schemes by making analogs o 1l+amal- #S%- and #i ie<>ellman. These variants appear to o er certain implementation advantages over the original schemes- and they have recently drawn more and more attention rom both the academic community and the industry. The main attraction o elliptic curve cryptosystems over other public<key cryptosystems is the act that they are based on a di erent- hard problem. This may lead to smaller key si"es and better per ormance in certain public<key operations or the same level o security. Dery roughly speaking- when this J%P was published elliptic curve cryptosystems with a &=:<bit key o er the same security o )S% and discrete logarithm based systems with a &:2@<bit key. %s a result- the length o the public key and private key is much shorter in elliptic curve cryptosystems. In terms o speed- however- it is 3uite di icult to give a 3uantitative comparison- partly because o the various optimi"ation techni3ues one can apply to di erent systems. It is perhaps air to say the ollowing, 1lliptic curve cryptosystems are aster than the corresponding discrete logarithm based systems. 1lliptic curve cryptosystems are aster than )S% in signing and decryption- but slower than )S% in signature veri ication and encryption. Jor more detailed comparisons- see the survey article by 2att )obshaw and Oi3un Bisa Oin E)O';F. (ith academic advances in attacking di erent hard mathematical problems both the security estimates or various key si"es in di erent systems and the per ormance comparisons between systems are likely to change.

Identify the standards ,ctivities Involving Elliptic C rve Cryptosystems CECCD CISSP Seminar: :$$$, P;@=@ >public-key crypto? Covers main public key techniBues # A, $CC, $l -amal, Diffie-%ellman A" : A5 $lliptic curve Digital ignature Algorithm >$CD A? proposed work item

A" : A C A5 $lliptic curve key agreement and key management proposed work item : *!:$C CD ;2777@ EDigital ignature with appendi.E Iariety of digital signature mechanisms

/SA Crypto FAQ: The I111 P&9=9 is an emerging standard that aims to provide a comprehensive coverage o established public<key techni3ues. It continues to move toward completion- with balloting e!pected later this year. The proAect- begun in &''9has produced a dra t standard covering public<key techni3ues rom the discrete logarithm- elliptic curve- and integer actori"ation amilies. Contributions are currently solicited or an addendum- I111 P&9=9a- which will cover additional public<key techni3ues. The proAect is closely coordinated with emerging %*SI standards or public<key cryptography in banking- and orthcoming revisions o )S% Baboratories7 Public<Key Cryptography Standards will also be aligned with I111 P&9=9. %merican *ational Standards Institute 4%*SI5 is broken down into committeesone being %*SI L'. The committee %*SI L' develops standards or the inancial industry- more speci ically or personal identi ication number 4PI*5 managementcheck processing- electronic trans er o unds- etc. (ithin the committee o L'there are subcommitteesR urther broken down are the actual documents- such as L'.' and L'.&;. The International 0rgani"ation or Standardi"ation- 4IS05- is a non<governmental body promoting standardi"ation developments globally. %ltogether- IS0 is broken down into about 2;:: Technical Committees- subcommittees and working groups. IS0GI1C 4International 1lectrotechnical Commission5 is the Aoint technical committee developing the standards or in ormation technology. 0ne o the more important in ormation technology standards developed by IS0GI1C is IS0GI1C ';'? EIS0'2aF. This is an emerging international standard or entity authentication techni3ues. It consists o ive parts. Part & is introductory- and Parts 2 and 9 de ine protocols or entity authentication using secret<key techni3ues and public<key techni3ues. Part @ de ines protocols based on cryptographic checksums- and part $ addresses "ero<knowledge techni3ues. Describe Pretty #ood Privacy CP#PD CISSP Seminar: Created by Phil Simmerman #andom prime number T pass phrase 'ey crunching generates key Convert passphrase into bitsteam &or random key, passphrase must be long o +heoryJ number of passphrase characters Q numbers of bits in key /SA Crypto FAQ:

P+P 4Pretty +ood Privacy5 is a so tware package originally developed by Phil Mimmerman that provides cryptographic routines or e<mail- ile trans er- and ile storage applications. Mimmerman used e!isting cryptographic algorithms and protocols and developed a system that can run on multiple plat orms. It provides message encryption- digital signatures- data compression- and e<mail compatibility. The algorithms used by P+P have changed over its various versions. Dersions prior to $.: used )S% or key e!change- 2#$ or digital signatures- and I#1% or bulk encryption o messages and iles. Dersion $.: added #i ie<>ellman 41l +amal5 or key e!change- )IP12#<&=: and S>%<& or digital signatures- and 9#1S and C%ST or bulk encryption o messages and iles. %ll versions o P+P have incorporated the routines rom the reeware program MIP 4which uses routines that are comparable to the routines used in PKMip5 to compress data be ore encryption. This is done to add security to the cryptographic implementation- as well as minimi"e the transmission time o the encrypted data. 1<mail compatibility is achieved by )adi!<=@ conversion o the binary data. P+P is bound by Jederal e!port laws due to its usage o the )S%- I#1%- #i ie< >ellman- 9#1S and C%ST algorithms. The source code to P+P was legally e!ported in book orm- and is available 4along with binary distributions o the program or use outside o the /S%5 at http,GGwww.pgpi.com Define the fo r CGD types of P#P certificates CISSP Seminar: (ake up yourself Provided commercially Iouching on business relationship Authenticated individual activity /SA Crypto FAQ: Compare and contrast 1l +amal and #i ie<>ellman %lgorithms CISSP Seminar: $l -amal ,npatented, public-key algorithm used for both digital signatures and encryption ecurity stems from difficulty in calculating discrete logarithms in a finite field &irst public-key crypto algorithm suitable for encryption and digital signatures unencumbered by patents in ,. .

Diffie-%ellman :nvented in ;56= 0 &irst public key algorithm ecurity stems from difficulty in calculating discrete logarithms in a finite field ,sed for key distribution but not for message encryption!decryption Patent e.pired in ;556

4ry&e 5endri. paper on Cryptography:

1l +amal %nother popular system is the 1l +amal algorithm- which relies on the di iculty o discrete logarithms. The algorithm is based on the problem o e!ponentiation as ollows, given a modulus 3 and some b U 3- a character ! can be encrypted as integer y is the condition by W ! mod 3. The integer y should not be easily computable- providing security through the un easibility o complicated discrete logarithms. The actual 1l +amal algorithm re3uires- or a secure system- that everyone agrees on a large prime modulus- 3. % number g is chosen such that- ideally- the order o g is 3<&. The user generates a private key- y- then uses that private key to generate the public key- gyR additionally public key must be congruent to & mod 3. Jor 1l +amal to be secure- y must be di icult to compute rom gy. Suppose %lice now wishes to encrypt a message 2 or Bob using his public key. Since both g and gy are known to %lice- she then computes the kth power o each and sends Bob gk and 2gySk. Since Bob knows y- he can then reconstruct 2 by inding the inverse o gySk and multiplying 2gySk by the inverse to attain 2 E%chterF. Comparing the 1l +amal algorithm with the )S% algorithm- it is noted that both employ e!ponentiation- so they can be assumed to have comparable speed in encryption and decryption as well as key gener ation. )S%s security is based on actori"ation- which has been studied comprehensively over the past two hundred years. 1l +amal- on the other hand- relies on solving by discrete logarithms- which remains airly unstudied. By varying g and the inverse unction simultaneously an attack that has a comple!ity lower than solving by discrete logarithms or actoring- not it can be said that 1l +amal is at best no more secure than )S% and possibly much less secure E*echvatalF. It should also be pointed out that 1l +amal re3uires two values to be sent- the encrypted method and a message dependent large integer< Jor this reason- 1l +amal is said to be less space e icient than )S%- although it may present better security against some attacks- especially i k is di erent or gk and 2gySk E*echvatalF. Milgo Solution: #i ie >ellman #i ie >ellman was the irst public key algorithm ever developed. It is still e!tremely popular and highly recommended or key e!change. Its primary advantage over )S%- the most widely used public key algorithm- is that #i ie >ellman is a negotiated key generation while )S% is a masterGslave key generation. The public portions o #i ie >ellman are, 2odulus Q m Integer Q g Two parties- %lice and Bob- who want to negotiate a key that only they will knowper orm the ollowing, &.%lice generates a large random number a and computes L Q ga mod m 2.Bob generates a large random number b and computes O Q gb mod m 9.%lice sends L to Bob. @.Bob computes Key & Q Lb mod m

$.Bob sends O to %lice. =.%lice computes Key 2 Q Oa mod m Both Key & and Key 2 are e3ual to gab mod m. *o one besides %lice and Bob is able to generate this value. 0nly someone who knows a or b is able to generate the key. There ore #i ie >ellman public key is a means or two parties who have never met to be able to negotiate a key over a public channel. The security o #i ie >ellman revolves around the choice o the public parameters m and g. 2odulus m should be a prime number and 4m<&5G2 should also be a prime number. Jinally modulus m should be large because the security is related to inding the discrete logarithm in a inite ield o si"e m. Sa e#ial uses a &:2@<bit modulus- which is considered to be highly secure by most e!perts. Compare and contrast Cryptographic 9od le Config rations CISSP Seminar: There is our type o modules, inline- o line- enbedded- stand<alone :nline &ront end configuration (odule capable of accepting plainte.t from source o Performing crypto processing o Passing processed data directly to communications eBuipment o /ithout passing back to source (ay also decrypt reverse process Data cannot leave host without passing through module Comm eBuip in module or e.ternal to host

*ffline Back end configuration (odule capable of accepting data from source o Performing crypto processing o Passing processed data back to source ource responsible for storage and further transmission o (aintaining separation between protected and unprotected data :deal for local file encryption Comm boards may be internal to host $mbedded (odule physically enclosed within and interfaces with computer $ither inline or offline 8ess e.pensive Physical security >temper protection and detection? Buestionable tandalone (odule contained in own physical enclosure *utside host computer $ither inline or offline

Identify the ,ctivities /elated to Key management CISSP Seminar: 'ey management 'ey change 'ey disposition 'ey recovery Control of crypto keys /SA Crypto FAQ: Key management deals with the secure generation- distribution- and storage o keys. Secure methods o key management are e!tremely important. 0nce a key is randomly generated 4see Puestion @.&.2.25- it must remain secret to avoid un ortunate mishaps 4such as impersonation5. In practice- most attacks on public< key systems will probably be aimed at the key management level- rather than at the cryptographic algorithm itsel . /sers must be able to securely obtain a key pair suited to their e iciency and security needs. There must be a way to look up other people7s public keys and to publici"e one7s own public key. /sers must be able to legitimately obtain others7 public keysR otherwise- an intruder can either change public keys listed in a directory- or impersonate another user. Certi icates are used or this purpose. Certi icates must be un orgeable. The issuance o certi icates must proceed in a secure way- impervious to attack. In particular- the issuer must authenticate the identity and the public key o an individual be ore issuing a certi icate to that individual. I someone7s private key is lost or compromised- others must be made aware o this- so they will no longer encrypt messages under the invalid public key nor accept messages signed with the invalid private key. /sers must be able to store their private keys securely- so no intruder can obtain them- yet the keys must be readily accessible or legitimate use. Keys need to be valid only until a speci ied e!piration date but the e!piration date must be chosen properly and publici"ed in an authenticated channel. Compare and contrast the types of "ey management CISSP Seminar: 8ink encryption $nd-+o-$nd encryption 'ey Distribution Center >'DC? ,ser uniBue key distributed o Changed infreBuently A calls B Calling protocol contacts 'DC 'DC generates random session key >k? 'DC encrypts k using A9s uniBue key and sends it to A 'DC encrypts k using B9s uniBue key and sends it to B A and B uses k for session

Describe the principle of "ey management CISSP Seminar: (ust be fully automated &or key discipline and secrecy "o key in clear outside of crypto device &or secrecy and known plainte.t attack resistance Choose keys randomly from entire key space Pattern can be e.ploited by attacker to reduce work 'ey encrypting keys must be separate from data keys "othing appearing in clear is encrypted with key-encrypting-key 'eep '$' invulnerable to brute force attack Disguise all pattern in clearte.t obOect before encryption &ormat, language, alphabet, public code +o resist cipherte.t only attacks :nfreBuently use keys with long life (ore key is used, more likely a successful attack and greater the conseBuences Describe the concept of "ey recovery and "ey recovery systems CISSP Seminar: Permits recovery of lost or damaged keys without needs to store or escrow them with a third party 'ey recovery alliance of vendors formed >;3!<!5=? Developed e.portable, worldwide approach to strong encryption to enable secure international commerce Developing modern, high-level crypto E'ey recoveryE solutions (eet business reBuirements $ase crypto import!e.port restrictions worldwide Alliance proposed reBuirements for ideal key recovery system >5!;5!56? /SA Crypto FAQ: 0ne o the barriers to the widespread use o encryption in certain conte!ts is the act that when a key is somehow HlostH- any data encrypted with that key becomes unusable. Key recovery is a general term encompassing the numerous ways o permitting Hemergency accessH to encrypted data. 0ne common way to per orm key recovery- called key escrow- is to split a decryption key 4typically a secret key or an )S% private key5 into several parts and distribute these parts to escrow agents or HtrusteesH. In an emergency situation 4e!actly what de ines an Hemergency situationH is conte!t<dependent5these trustees can use their HsharesH o the keys either to reconstruct the missing key or simply to decrypt encrypted communications directly. This method is used by Security #ynamics7 )S% SecurPC product. %nother recovery method- called key encapsulation- is to encrypt data in a communication with a Hsession keyH 4which varies rom communication to communication5 and to encrypt that session key with a trustee7s public key. The

encrypted session key is sent with the encrypted communication- and so the trustee is able to decrypt the communication when necessary. % variant o this method- in which the session key is split into several pieces- each encrypted with a di erent trustee7s public key- is used by TIS7 )ecoverKey. Key recovery can also be per ormed on keys other than decryption keys. Jor e!ample- a user7s private signing key might be recovered. Jrom a security point o view- however- the rationale or recovering a signing key is generally less compelling than that or recovering a decryption key. Define Digital Signat re as it Pertains to Cryptography CISSP Seminar: Authentication tool to verify a message origin and a sender identity #esolves authentication issues Block of data attached to message >document, file, record, etc? Binds message to individual whose signature can be verified o By receiver or third party o Can9t be forged $ach user has public-private key pair. /SA Crypto FAQ: The digital signature o a document is a piece o in ormation based on both the document and the signer7s private key. It is typically created through the use o a hash unction and a private signing unction 4encrypting with the signer7s private key5- but there are other methods. %uthentication is any process through which one proves and veri ies certain in ormation. Sometimes one may want to veri y the origin o a document- the identity o the sender- the time and date a document was sent andGor signed- the identity o a computer or user- and so on. % digital signature is a cryptographic means through which many o these may be veri ied. Describe the Digital Signat re Standard CDSSD CISSP Seminar: ": + proposed in ;55; ,ses secure hash algorithm > %A? Condenses message to ;=3 bits (odular arithmetic e.ponentiations of large numbers 'ey siNe );<-;3<2 bits Difficult to invert e.ponentiations >security? $Buivalent to factoring ># A? FIPS -,6: This Standard speci ies a #igital Signature %lgorithm 4#S%5 appropriate or applications re3uiring a digital rather than written signature. The #S% digital signature is a pair o large numbers represented in a computer as strings o

binary digits. The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set o parameters such that the identity o the signatory and integrity o the data can be veri ied. The #S% provides the capability to generate and veri y signatures. Define !peration of the Digital Signat re Standard CISSP Seminar: To sign a message ender computes digest of message ,sing public hash function Crypto signature by sender9s private key Applied to digest creates digital signature Digital signature sent with message To veri y a message #eceiver computes digest of message Ierifying functions with sender9s public key Applied to digest and signature received Ierified if both digest match ignature decryption identifies sender /SA Crypto FAQ: The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set o parameters such that the identity o the signatory and integrity o the data can be veri ied. The #S% provides the capability to generate and veri y signatures. Signature generation makes use o a private key to generate a digital signature. Signature veri ication makes use o a public key which corresponds to- but is not the same as- the private key. 1ach user possesses a private and public key pair. Public keys are assumed to be known to the public in general. Private keys are never shared. %nyone can veri y the signature o a user by employing that user7s public key. Signature generation can be per ormed only by the possessor o the user7s private key. % hash unction is used in the signature generation process to obtain a condensed version o data- called a message digest. The message digest is then input to the #S% to generate the digital signature. The digital signature is sent to the intended veri ier along with the signed data 4o ten called the message5. The veri ier o the message and signature veri ies the signature by using the sender7s public key. The same hash unction must also be used in the veri ication process. The hash unction is speci ied in a separate standard- the Secure >ash Standard 4S>S5- JIPS &?:. Similar procedures may be used to generate and veri y signatures or stored as well as transmitted data. Identify the benefits of the Digital Signat re Standard CISSP Seminar: Provides non-repudiation ,sed with electronic contracts, purchase orders, etcU

,sed to authenticate software, data, images, users, machines. Protect software against viruses mart card with digital signature can verify user to computer

/SA Crypto FAQ: The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set o parameters such that the identity o the signatory and integrity o the data can be veri ied. Define %on./ep diation as it pertains to Cryptography CISSP Seminar: Proves message sent and received $nsures sender can9t deny sending #ecipient can9t deny claim that they received something else or deny receiving proper message Define >ash f nctions as they pertain to Cryptography CISSP Seminar: /SA Crypto FAQ: The main role o a cryptographic hash unction is in the provision o message integrity checks and digital signatures. Since hash unctions are generally aster than encryption or digital signature algorithms- it is typical to compute the digital signature or integrity check to some document by applying cryptographic processing to the document7s hash value- which is small compared to the document itsel . %dditionally- a digest can be made public without revealing the contents o the document rom which it is derived. This is important in digital timestamping where- using hash unctions- one can get a document timestamped without revealing its contents to the timestamping service. Describe the Ase of Certification , thority CISSP Seminar: Binds individuals to their public keys Certification authrority9s digital signature Attest binding Certification authority certification ,ser identification, public key, date A)35 certification standard ": + "ational Digital ignature Certification Authority study /SA Crypto FAQ: Certi icates are issued by certi ication authority. Certi icates are digital documents attesting to the binding o a public key to an individual or other entity. They allow veri ication o the claim that a speci ic public key does in act belong

to a speci ic individual. Certi icates help prevent someone rom using a phony key to impersonate someone else. In some cases it may be necessary to create a chain o certi icates- each one certi ying the previous one until the parties involved are con ident in the identity in 3uestion. In their simplest orm- certi icates contain a public key and a name. %s commonly used- a certi icate also contains an e!piration date- the name o the certi ying authority that issued the certi icate- a serial number- and perhaps other in ormation. 2ost importantly- it contains the digital signature o the certi icate issuer. The most widely accepted ormat or certi icates is de ined by the IT/<T L.$:' international standardR thus- certi icates can be read or written by any application complying with L.$:'. #e ine 1lectronic #ocument %uthori"ation 41#%5 CISSP Seminar: AuthoriNes certificates pecifies public key holder authority!power pend, authoriNe payments, perform business functions pecifies limits to prevent abuse Cosignature reBuirements $nalbles checks and balances Define and disting ish between message a thentication code and Code #eneration CISSP Seminar: 2essage %uthentication, imple (ACing /eakest form of authentication (AC generation standard 0 A" : A5.5 >&:(A ? Computed value derived from document Detect accidental!intentional alteration &orgery possible 2%C +eneration Algorithm e.amines bitstream Data field output appended to bitstream Before transmission!storage Parity!checksum application Bitstream and (AC (achine!communications error /SA Crypto FAQ: % message authentication code 42%C5 is an authentication tag 4also called a checksum5 derived by appying an authentication scheme- together with a secret key- to a message. /nlike digital signatures- 2%Cs are computed and veri ied with the same key- so that they can only be veri ied by the intended recipient.

There are our types o 2%Cs, 4&5 unconditionally secure- 425 hash unction< based- 495 stream cipher<based- or 4@5 block cipher<based. Simmons and Stinson ESti'$F proposed an unconditionally secure 2%C based on encryption with a one<time pad. The cipherte!t o the message authenticates itsel - as nobody else has access to the one<time pad. >owever- there has to be some redundancy in the message. %n unconditionally secure 2%C can also be obtained by use o a one<time secret key. >ash unction<based 2%Cs 4o ten called >2%Cs5 use a key or keys in conAunction with a hash unction to produce a checksum that is appended to the message. %n e!ample is the keyed<2#$ method o message authentication. Describe 3itstream , thentication CISSP Seminar: -enerate new (AC Compare with original (ac Algorithm Bualities ensitive to bit changes Creates (AC unable to be duplicated Describe br te force attac" as they pertain to Cryptography CISSP Seminar: Trying all keys /SA Crypto FAQ: 1!haustive key search- or brute< orce search- is the basic techni3ue o trying every possible key in turn until the correct key is identi ied. To identi y the correct key it may be necessary to possess a plainte!t and its corresponding cipherte!tor i the plainte!t has some recogni"able characteristic- cipherte!t alone might su ice. 1!haustive key search can be mounted on any cipher and sometimes a weakness in the key schedule o the cipher can help improve the e iciency o an e!haustive key search attack. %dvances in technology and computing per ormance will always make e!haustive key search an increasingly practical attack against keys o a i!ed length. (hen #1S was designed- it was generally considered secure against e!haustive key search without a vast inancial investment in hardware. To datethere is no public evidence that such hardware has been constructed. 0ver the years- however- this line o attack will become another increasingly attractive to a potential adversary use ul article on e!haustive key search can be ound in the (inter &''; issue o CryptoBytes available online at the ollowing /)B,
http,GGwww.rsa.comGrsalabsGpubsGcryptobytesGhtmlGarticleXinde!.html

Compare and contrast the cost and time ta"en in 3r te 0orce ,ttac"s CISSP Seminar: Cost o brute orce, Oear 2IPs Oear Cost $= bit key @: Bit key &''; Y&$.:: Y&;.:2 Y2=:.:: 2::2 Y&.$: Y&.;2 Y2=.::

2::; Y:.&$ Y&;:-::: Y2.=: Time or brute orce, Key tested per second $= bit key @: bit key &-::: 9::-:::-::: years &;.$ years &-:::-::: 9::-::: years =.2 days &-:::-:::-::: 9:: years '.: minutes &-:::-:::-:::-::: &:' days .$ seconds /SA Crypto FAQ: (hile e!haustive search o #1S7s $=<bit key space would take hundreds o years on the astest general purpose computer available today- the growth o the Internet has made it possible to utili"e thousands o such machines in a distributed search by partitioning the key space and distributing small portions to each o a large number o computers. In 6anuary &'''- the #1S Challenge III was solved in Aust 22 hours and &$ minutes by the 1lectronic Jrontier Joundation Zs 8#eep CrackZ in a combined e ort with distributed.net. (hile the $=<bit key in #1S now only o ers a ew hours o protection against e!haustive search by a modern dedicated machine E(ie'@F- the current rate o increase in computing power is such that an ?:<bit key as used by SkipAack can be e!pected to o er the same level o protection against e!haustive key search in &? years time as #1S does today EB#K'9F. %bsent a maAor breakthrough in 3uantum computing- it is unlikely that &2?<bit keys- such as those used in I#1% or )C$<92G&2G&=- will be broken by e!haustive search in the oreseeable uture. Compare and contrast 3r te 0orce? ,nalytic? Statistical? and Implementation ,ttac"s CISSP Seminar: Analytic ,sing algorithm and algebraic manipulation weakness to reduce comple.ity # A factoring attack Double D$ attack

tatistical ,sing statistical weakness in design (ore ;9s than 39s in the keystream :mplementation ,sing the specific implementation of the encryption protocol 5) attack of netscape key o deficient key randomiNation o string algorithm T ;<7 bit key

Describe the Commercial C!9SEC Endorsement Program CCCEPD CISSP Seminar: Commercial communications security endorsement program " A and industry relationship Combine government crypto knowledge with industry product-development e.pertise +ype ; or type < high-grade crypto products. +ype ; encrypt classified and ,: o +, ecure telephone unit +ype < encrypts ,: o Authentication devices, transmission security devices, secure 8A"9s The #ournal of Ameri&an 7ndergroung Computing: In the mid<?:7s- *S% introduced a program called the Commercial C02S1C 1ndorsement Program- or CC1P. CC1P was essentially Clipper in a black bo!- since the technology was not su iciently advanced to build lower<cost chips. Dendors would Aoin CC1P 4with the proper security clearances5 and be authori"ed to incorporate classi ied algorithms into communications systems. *S% had proposed that they themselves would actually provide the keys to end<users o such systems. Define the levels of Encryption as Defined in the CCEP CISSP Seminar: +ype ; or type < high-grade crypto products. +ype ; encrypt classified and ,: o +, ecure telephone unit +ype < encrypts ,: o Authentication devices, transmission security devices, secure 8A"9s Compare and contrast the differences in Export Iss es regarding Encryption CISSP Seminar: This has to be completed. /SA Crypto FAQ: Cryptography is e!port<controlled or several reasons. Strong cryptography can be used or criminal purposes or even as a weapon o war. #uring wartime- the ability to intercept and decipher enemy communications is crucial. Jor that reason- strong cryptography is usually classi ied on the /.S. 2unitions Bist as an e!port<controlled commodity- Aust like tanks and missiles. Cryptography is Aust one o many technologies which is covered by the IT%) 4International Tra ic in %rms )egulations5. In the /nited States- government agencies consider strong encryption to be systems that use )S% with key si"es over $&2<bits or symmetric algorithms 4like #1S- I#1%- or )C$5 with key si"es over @:<bits. Since government encryption

policy is heavily in luenced by the agencies responsible or gathering domestic and international intelligence 4the JBI and *S%- respectively5 the government is compelled to balance the con licting re3uirements o making strong cryptography available or commercial purposes while still making it possible or those agencies to break those codes- i need be. The /S government does- howeverallow $=<bit block ciphers to be e!ported or inancial cryptography.