Cryptology - Notes

Link encryption 
Advantages: Encrypts the entire packet, including routing information.
Disadvantages: Slows things down (latency), weaker than end-to-end encryption because every node is a potential failure point (if one node is compromised , all data passing through it is compromised as well)

  • Cryptosystem consists of the plaintext, algorithm, cryptovariables (keys), and the resulting ciphertext
  • Strength of a cryptosystem is based more on the keys (cryptovariables, randomness) than the algorithm itself.
  • Cryptanalysts assume the algorithm is already known (open-source algorithms are generally seen as stronger because they have gone through more scrutity than closed-house/proprietary systems) so the strength of a system relies on the keys.

Symmetric vs Asymmetric Keys

  • A symmetric key is used both to encrypt and decrypt a message, requires both sender and receiver to know the key and is generally considered weaker than asymmetric keys (requires keys to be communicated out of bnd, uses more keys by the send/er receiver and doesn't provide non-repudiation) but it is usually faster/easier, can use robust algorithms/keys and is easier to use (wider availability across organizations.)  
  • Symmetric keys use a single "shared secret key: or password - Using Winzip with a password protection is a basic symmetric key usage example.
  • Asymmetric keys use 2 keys: one for encrypting and another for decrypting.  You have to have BOTH keys to complete the crypto process: One to encode and one to decode.  Typically, a sender users a recipients "public" key to encrypt a message, send it to them and the decrypt using their "private" key.  This allows the message to be sent safely (becuse it was encrypted at the beginning) and insures only the intended recipient (owner of the private key of the keypair) can read it.  Not even the original sender can "unencrypt" the message once it is encoded with the recipient's public key.  The math is kinda fun, using primes, log and modulus ticks but it goes beyond what we need to know fo th test and as CISSP s in the real world.  Nonetheless, if you are dying to know, check out for a step-by-step walk-through as well as an overview from one the RS scientists that has been there for ethe beginning:
  • Symmetric Key Cryptography is good for bulk data encryption / larg datasets.
  • Asymmetric Key Cryptography is good for kyexchanges and digital signatures.

Message Integrity Controls

These are integrioty checks to make sure the message ddn't get modified (accidentallyor intentionally) during transmission.  A MIC is a special value that works like a checksum to ensure integrity.  Example include:

  • Accidental change detection - Checksum, parity, Hashing functions will detect accidental eror s(data flips due to bad transissions, etc.)
  • Intentional changes: HMAC, Digital Signatures, CBC-MAC.  Used to encrypt the hash of the message with a private key (to generate a dfigital signature) or generate a message hash that includes a secret key at the end (ie, HMAC) or invoke the special functions of the CBC-AC which uses DES-CBC to calculate the hash value.
    • HMAC uses a standard hash function (MD5, SHA-1, etc) and hashes the secret key
    • CBC-MAC computes the DES CBC function over the enre essage using a secret key and hen generates a 64-bit output value for integrity.