Scribd Logo
Upload

Welcome to Scribd!

  • MindCert CISSP Cryptography MindMap

    Uploaded by

    cpawan_69
    75 views1 page

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    75 views1 page

    MindCert CISSP Cryptography MindMap

    Uploaded by

    cpawan_69

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    X.

    509 IDEA RSA

    S/MIME

    Motivation and Study Techniques to help you learn, remember, and pass your technical exams!

    Cisco CISSP CEH More coming soon...

    Condentiality Key Exchange

    PGP

    Visit us

    www.mindcert.com

    Web of Trust not PKI Between application and transport layers Uses digital certs Hidden to the user Browser support AH ESP WAP WTLS Uses SKIPJACK Escrow Security Layer

    SSL/TLS

    Cryptography Cryptanalysis

    Art relating to encrypting and decrypting information Art relating to converting Ciphertext into plaintext without the secret key Encrypting data on the network IPSec L2TP SSL

    IPSec

    Link Encryption

    Wireless

    Misc Security Applications Denitions

    End-to-end Encryption Repudiation

    Encryption from source to system/Client to Server Non-repudiation

    An embedded chip

    Denial of sending a message

    Key stored in two places

    Clipper

    Traffic Analysis Traffic Padding Work Factor

    Inference of information from analysis of traffic Generation of spurious data units

    For government to spy on you! Two identical pads/keys Unbreakable Pads can only be used once relies on physical storage of the pads Distribution a NIGHTMARE Hiding text in a .JPG Hiding data in another format

    Effort/Time needed to overcome a protective measure

    One time Pad Substitution Ciphers Steganography


    Issuing CA SSL For e-mail Replace one letter with another one Monoalphabetic Uses more than one method Transposes the keys Does not follow a common pattern CA Server Personal Symmetric

    History

    Transposition Ciphers

    Encryption Categories Types of Certicates


    Algorithmic

    Asymmetric Hash

    Older Secret algorithm Newer Secrecy is provided by the key Known algorithm Strength of the algorithm

    ActiveX Controls

    Software Publishers The authenticating agency CA

    Fundamentals PKI
    Terminology

    Systems
    Keyed Systems

    The end user or device listed in the subject eld of the X.509 certicate A public document containing the rules of the CA

    End Entity

    Certicate Policy Statement Certication Path RA

    CISSP
    Cryptography

    Encryption Strength

    Secrecy of the keys Length of the key

    The traceable history of parties who have vouched for this certicate

    A trusted body that can verify the authenticity of a person or host Where clients store the Certicate

    Uses the same key to encrypt and decrypt


    Encrypts data in discrete blocks Data is padded if required Block Block size usually 64 or 128 bytes long Most popular method Encrypts data bit by bit Verication

    Certificate Repository

    An answer to the symmetric Key Distribution problem Based on Public Keys and Private Key pairs
    Only receiver can decrypt it Plain text is encrypted with the receivers public key

    Ciphers
    Stream

    Condentiality Authentication

    Fastest Cannot verify stream so not considered as secure as block mode 56 bit Key Industry standard Block Cipher Diffusion and Confusion NIST

    Hash provides integrity Encryption with the Private signature provides Authentication

    Then encrypted with private key to create a Digital Signature Provided by hashing Combats MITM Attacks 160 Bits Uses SHA

    Integrity

    DSS

    Fast and simple Problems Single key distribution is problematic Can be cracked Cipher Block Chaining Operating Modes Electronic Code Book Cipher Feedback Output Feedback Confusion Spread the inuence of a plain text character P Box Conceals the statistical connection between cipher and plain texts S Box

    Uses a shared secret to combine with the hash Faster than using asymmetric with the hash SHA HMAC MD5 HMAC Faster than using the public/private key pair Provides condentiality Variants S/MIME is used for secure emails S/MIME uses session keys to encrypt the message 160 bit HASH 128 bit HASH Based on Factoring two large prime numbers Based on elliptic curve discreet logarithms Faster than RSA movianVPN Great for PDAs ECC IDEA RC4 SHA

    Hashed Message Authentication Code (HMAC)

    Asymmetric/Public Key Fundamentals

    DES

    S/MIME

    Symmetric/Private Key Fundamentals

    Symmetric Algorithms
    MD5 RSA Diffusion

    Algorithms

    3DES

    112 or 168 bit DES but with two or three keys

    128 bit Variable length 1-448 bit Up to 256 bit 128, 192, or 256 bit

    Repeated use of a key makes it easier to crack


    Both sender and receiver must have the same key Based on modular arithmetic Can use DH

    Blowsh

    Key Distribution

    Key Distribution and Management Issues

    Two Fish

    AES

    Rijndael Supports smart cards and 32, 64 bit processors NIST competition winner

    CISSP Cryptography.mmap - 15/05/2009 - Andrew Mason

    You might also like