CompTIA Security+ Study Guide (SY0-501) Chapter 8: Cryptography

Chapter 8: Cryptography Compare and contrast types of attacks Compare and contrast basic concepts of cryptography Explain cryptography algorithms and their basic characteristics Given a scenario, install and configure wireless security settings Given a scenario, implement public key infrastructure

An Overview of Cryptography Cryptography is a field almost as old as humankind. Parts of: Understanding nonmathematical cryptography Substitution ciphers A type of coding or ciphering system that changes one character or symbol into another Transposition ciphers (transportation code) Involves transposing or scrambling the letters in a certain manner

Chapter 8: Cryptography Steganography The process of hiding a message in a medium such as a digital image, audio file, or other file Hybrid systems Best when two or more of these methods of nonmathematical cryptography are combined Mathematical cryptography Deals with using mathematical processes on characters or messages Hashing Refers to performing a calculation on a message and converting it into a numeric hash value

Working with Symmetric Algorithms Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Some common standards that use symmetric algorithms are the following: Data Encryption Standard (DES) Triple-DES (3DES) Advanced Encryption Standard (AES) CAST GOST

Working with Asymmetric Algorithms Asymmetric algorithms use two keys to encrypt and decrypt data. Public key Private key

Chapter 8: Cryptography Cryptographic algorithms Are used to encode a message from its unencrypted or clear-text state into an encrypted message Hashing The process of converting a message, or data, into a numeric value Secure Hash Algorithm (SHA) Message Digest Algorithm (MD) Rainbow tables and salt Key stretching

Code-Breaking Techniques Frequency analysis Involves looking at blocks of an encrypted message to determine if any common patterns exist Algorithm errors A method or set of instructions used to perform a task or instruction Brute-force attacks Can be accomplished by applying every possible combination of characters that could be the key Exploiting human error One of the major causes of encryption vulnerabilities

Chapter 8: Cryptography Cryptographic system A cryptographic system is a system, method, or process that is used to provide encryption and decryption. Confidentiality and strength Integrity Digital signatures Authentication Nonrepudiation

Origins of Encryption Standards Early cryptography standards were primarily designed to secure communications for the government and military. Government agencies play a role. National Security Agency (NSA) National Security Agency/Central Security Service National Institute of Standards and Technology National Institute of Standards and Technology (NIST)

Public-Key Infrastructure X.509/Public-Key Cryptography Standards Public-Key Infrastructure X.509 (PKIX) The working group formed by the IETF to develop standards and models for the PKI environment Public-Key Cryptography Standards (PKCS) A set of voluntary standards created by RSA and security leaders

Chapter 8: Cryptography X.509 Defines the certificate formats and fields for public keys; also defines the procedures that should be used to distribute public keys SSL and TLS Secure Sockets Layer (SSL) Used to establish a secure communication connection between two TCP-based machines Certificate Management Protocol (CMP) A messaging protocol used between PKI entities Secure Multipurpose Internet Mail Extensions (S/MIME) A standard used for encrypting e-mail

Chapter 8: Cryptography Pretty Good Privacy (PGP) A freeware e‑mail encryption system Hypertext Transport Protocol over SSL (HTTPS) Secure Hypertext Transport Protocol (S-HTTP) IP Security (IPSec)

Chapter 8: Cryptography Tunneling protocols Adds a capability to the network Common protocols used for tunneling Point-to-Point Tunneling Protocol (PPTP) Layer 2 Forwarding (L2F) Tunneling Protocol (L2TP) Federal Information Processing Standard (FIPS) A set of guidelines for the United States federal government information systems

Public Key Infrastructure Public Key Infrastructure (PKI) is intended to provide a means of providing security to messages and transactions on a grand scale. PKI is a two-key, asymmetric system with four main components. Certificate authority (CA) Registration authority (RA RSA (the encryption algorithm) Digital certificates

Chapter 8: Cryptography Certificate authority (CA) An organization that is responsible for issuing, revoking, and distributing certificates Registration authority (RA) Can distribute keys, accept registrations for the CA, and validate identities Local registration authority (LRA) Can be used to identify or establish the identity of an individual for certificate issuance

Implementing Certificates provide the primary method of identifying that a given user is valid can be used to store authorization information can verify or certify that a system is using the correct software and processes to communicate

Chapter 8: Cryptography Certificate policies Define what certificates do Certificate practice statement (CPS) A detailed statement the CA uses to issue certificates and implement its policies

Certificate Revocation The process of revoking a certificate before it expires Certificate revocation list (CRL) Online Certificate Status Protocol (OCSP) Repository A database or database server where the certificates are stored

Trust Models Four main types of trust models are used with PKI. Hierarchical Bridge Mesh Hybrid

Trust Models Hierarchical trust model Also known as a tree; a root CA at the top provides all the information Nridge trust model A peer-to-peer relationship exists between the root CAs Mesh trust model Expands the concepts of the bridge model by supporting multiple paths and multiple root CAs Hybrid trust model Can use the capabilities of any or all of the structures discussed in the previous sections