Protects Confidentiality, Integrity, Authenticity, and Non-Repudiation. Prevent unauthorized disclosure of information.
Confidentiality/Privacy
Privacy. Threats to Confidentiality: Social Engineering and Media Reuse.
Attacks to Confidentiality
Social Engineering
Spear PhishingWhaling
Media Reuse
Degauss magnetic media, destroy hard drives.
Eavesdropping
Protocol Analyzer or Packet Sniffer
Solutions
Sepration of Duties
Distinct roles. Sys Admin, Network Team, Active Directory.
Need to Know
Only the knowledge/privileges to complete you job/duties.
Authenticity
Verify the origin of the message.
Digital Signature/PKI
Protects Integrity and Authenticity. Requires PKI infrastructure.
MAC or Message Authentication Code
Protects Integrity and Authenticity. Detects Intentional Modification.
Integrity
Modification- Accidental or Intentional
Hash/Message Digest
Detect accidental modification.One way math function.
MD5
SHA-1
160 bit hash
SHA-256
MAC or Message Authentication Code
Protects Integrity and Authenticity. Detects Intentional Modification. Takes the message + symmetric key + hashing algorithm.
Digital Signature or PKI
Protects Integrity and Authenticity. Requires PKI infrastructure.
Non-Repudiation
A combination of Integrity and strong Authenticity. A sender cannot dispute the message was sent nor the contents of the message.
Digital Signature/PKI
Algorithms/Ciphers
Plain Text+Initialization Vector+Algorithm+Key=Cipher Text.An IV is not always used. Used for sudo randomness. Key (Crypto Variable)= The instructions on how the algorithm is used.Kerckhoff's Principal-He said algorithms should be open.
Symmetric
Other names = Private Key, Secret Key, Shared Key, or Session KeyPros: FastCons: No means for key distribution.Not scalableNo Authenticity, Integrity, or Non-repudiation
Block Cipher
Chunk data in to 64/128/256 bit blocks.Block ciphers are slower but more secure.Each block goes through a series of math functions.Confusion = Complex math for substitution.Diffusion = Permutation/Rounds
AES
128/192/256 bit key.More processor friendly than 3DES
3DES
48 RoundsNot very efficient.
DES
16 Rounds
CBC
ECB
Stream Cipher
Asymmetric
Two keys issued to each user: Public and Private key.Provides key exchange, scalability, and non-repudiation.Cons: slow--------------------------------------------------------Privacy/Confidentiality: Always encrypts with the receivers public key. Receiver decrypts with receivers private key which only the receiver has.Authenticity: Sender encrypts with senders private key. When the receiver is able to decrypt with senders public key, that proves it was encrypted with the senders private key which only the sender has.Integrity: Create a message digest(Hash) with a hashing algorithm (MD5, SHA-1, SHA-256). Non-repudiation: Sender encrypts hash with senders private key. Receiver decrypts hash with senders public key. Receiver hashes document-if hashes match, receiver has a guarantee that the message has not been modified. This is called a digital signature.
Discrete Logarithms
Factorization
RSA
Key/Crypto variable
Instruction on how to use the algorithm
Confidentiality
keeping secrets, secret
Integrity
The ability to detect modification within a system
Availability
providing timely access to resources