Security+ (SY0-601) Cram Notes

Previous   Contents   Next

6. Cryptography

6.1 Summarize general cryptography concepts

Non-repudiation: Non-repudiation ensures that the sender, as well as the receiver cannot refute having sent or received a message. For example, you receive an email from your perspective employer. By using an unsigned email, it might so happen that your employer later denies having sent any such email. Non-repudiation ensures that neither the sender nor the receiver can deny the transmission or the reception of a message respectively. It prevents either the sender or the receiver of messages from denying having sent or received a message

Digital Signatures and Encryption

  • Digital signature ensures that the sender cannot repudiate having sent the message at a future date.

  • Encryption ensures that the message cannot be read by any person who do not have matching key to decode the coded message

  • Hashing ensures that the message is not tampered with, during transit or storage. Note that Hashing not necessarily encode or encrypt a message.

Secret-key encryption: It is also known as single-key or symmetric encryption. It involves the use of a single key that is shared by both the sender and the receiver of the message. Typically, the sender encrypts the message with a key and transmits the message to the recipient. The recipient then decrypts it by using a copy of the same key used to encrypt it. The disadvantages of using symmetric encryption over asymmetric encryption are given below:

  • Inability to support non-repudiation: Since both the sender and receiver use the same key, it is difficult to determine who is the sender, should a dispute arise.

  • Impractical for web commerce: Imagine thousands of customers buying goods and services over the Internet. If symmetric encryption standard is used, one unique private key-pair needs to be used for each user. It is therefore, impractical.

  • Another major difficulty is with the transmission of private key. With symmetric encryption, the private key needs to be transmitted to the other party for decryption, which may pose security risk.

6.2 Use and apply appropriate cryptographic tools and products

Hash Algorithms: These algorithm produce a hash of a message and encrypt it. They use a mathematical formula for hashing, and it is extremely difficult to tamper with the message and still produce the same hash. Basically, Hashing enable a recipient to check whether a message is received intact without being tampered by a third party.

  • SHA (Secure Hashing Algorithms): There are several Secure Hashing Algorithms and they primarily differ in the hash length. They are SHA-1, SHA-256, SHA-384 and SHA-512. In SHA-1 the bit length is 160 bits, in SHA-256 it is 256 bits, for SHA-384, 384 bits and in SHA-512 it is 512 bits.

  • MD2, MD4, MD5 (Message Digest Series Algorithms): These are another type of hash algorithms. These algorithms were developed by Rivest. All three algorithms take a message of arbitrary length and produce a 128-bit message digest. MD2 is meant for 8 bit machines and MD4, MD5 are suitable for 32 bit machines. These algorithms are primarily used for digital signature applications.

  • CHAP (Challenge Handshake Authentication Protocol) works on point to point connections. It uses a three step process for authentication (excluding making the connection itself). If making the connection is also involved, it would be a 4 step process.

A cryptographic hash function is a "one-way" operation. It is practically not possible to deduce the input data that had produced the output hash. You can decrypt an encoded message using matching secret key. Similarly, Digital certificate is issued by a CA, and can be decrypted to find the contents of the certificate.

Encryption Schemes:

  • AES (Advanced Encryption Standard) is more secure than DES or 3DES.

  • AES is a symmetric block cipher that can encrypt (encipher) or decrypt (decipher) information

  • AES is based on Rijndael algorithm

  • PGP (Pretty Good Privacy) can use Diffie-Hellman or RSA algorithms, but not AES or DES.

PGP (Pretty Good Privacy): PGP uses public-key encryption for sending and receiving email messages. Diffie-Hellman and RSA algorithms are used for encryption/ decryption of PGP messages. PGP certificates differ from X.509 certificates in two ways:

  • PGP certificates are issued (signed) by normal people while the X.509 certificates must be issued by a professional CA, and

  • PGP implements a security fault tolerance mechanism, called the Web of Trust. Here an individual is allowed to sign and issue certificates to people they know

Previous   Contents   Next

Copyright © Anand Software and Training Private Limited.