CISSP Study Guide on Cryptography

8/12/2019 CISSP Study Guide on Cryptography

1/48

CISSP Study Booklet on Cryptography

This simple study booklet is based directly on the ISC2CBKdocument.

This guide does not replace in any way the outstanding value o the CISSP

Seminar and the act that you must have been involved into the security ield orat least a ew years i you intend to take the CISSP e!am. This booklet simplyintend to make your lie easier and to provide you with a centrali"ed resource orthis particular domain o e!pertise.

This guide was created by Clement #upuis on $th %pril &'''

(%)*I*+,

%s with any security related topic- this is a living document that will and mustevolve as other people read it and technology evolves. Please eel ree to sendme comments or input to be added to this document. %ny comments- typocorrection- etc are most welcome and can be send directly to,[email protected]

#IST)IB/TI0* %+)111*T,

This document may be reely read- stored- reproduced- disseminated- translated

or 3uoted by any means and on any medium provided the ollowing conditionsare met,

1very reader or user o this document acknowledges that he his awarethat no guarantee is given regarding its contents- on any account- andspeciically concerning veracity- accuracy and itness or any purpose. #onot blame me i some o the e!am 3uestions are not covered or thecorrect answer is dierent rom the content o this document. )emember,look or the most correct answer- this document is based on the seminarcontent- standards- books- and where and when possible the source oinormation will be mentioned.

*o modiication is made other than cosmetic- change o representationormat- translation- correction o obvious syntactic errors.

Comments and other additions may be inserted- provided they clearlyappear as such. Comments and additions must be dated and theirauthor4s5 identiiable. Please orward your comments or insertion into theoriginal document.
mailto:[email protected]:[email protected]


2/48

)edistributing this document to a third party re3uires simultaneousredistribution o this licence- without modiication- and in particular withoutany urther condition or restriction- e!pressed or implied- related or not tothis redistribution. In particular- in case o inclusion in a database orcollection- the owner or the manager o the database or the collection

renounces any right related to this inclusion and concerning the possibleuses o the document ater e!traction rom the database or the collection-whether alone or in relation with other documents.

Cryptography

Description :The Cryptography domain addresses the principles- means- and methods osecuring inormation to ensure its integrity- conidentiality- and authenticity.

Expected Knowledge :The proessional should ully understand , Basic concepts within cryptography.

Public and private key algorithms in terms of their applications and uses.

Cryptography algorithm construction, key distribution, key management, and

methods of attack Applications, constructions, and use of digital signatures

Principles of authenticity of electronic transactions and non-repudiation

The CISSP can meet the expectations defined above by nderstanding

sch !perations Secrity "ey areas of "nowledge as : Authentication

Certificate authority

Digital ignatures!"on-#epudiation

$ncryption

$rror Detecting!Correcting features

%ash &unctions

'erberos

'ey $scrow

(essages Digest

(D)

%A %(AC

*ne-+ime cipher keys

Private 'ey Algorithms

Applications and ses

Algorithm (ethodology

'ey Distribution and (anagement

'ey eneration!Distribution


3/48

'ey #ecovery

'ey torage and Destruction

'ey trenth

o Compleity

o ecrecy

o /eak keys (ethod of attack

Public key Algorithms

Application and uses

Algorithm (ethodology



'ey torage and Destruction

'ey #ecovery

'ey trength

Compleity

ecrecy /eak 'eys

(ethos of attack

tream Cipher

Examples of KnowledgeabilityDescribe the ancient history of CryptographyCISSP Seminar :

&irst appearance 0 $gypt 1 2333 years ago

cytale 0parta 0 233 BC

Paper wrapped on rod +et written on paper

Paper removed 0 cipher tet

Ceasar Cipher 0 4ulius Caesar 0 #ome 0 25 BC

6thCentury AD 0 Arabs

Cipher Alphabets in magic 0 7)) AD

8eon Batista Alberti9s cipher disk 0 :taly 0 ;2)5 AD

+homas 4efferson ciphering device- ;653- tack of the key? 8etters around new position >cipher tet?

#*+ ;@ 0 (any ": system

hifts letters ;@ places

"ot secured from freuency analysis

$ncrypted twice-plain tet


4/48

From Cryptography FAQ :The story begins, (hen 6ulius Caesar sent messages to his trustedac3uaintances- he didn7t trust the messengers. So he replaced every % by a #-every B by a 1- and so on through the alphabet. 0nly someone who knew the88shit by 977 rule could decipher his messages.From CMEs Cryptography Timeline : (if you are really interested in no!ing it all" or else #umpo$er%

Date C or # Sorce Info

about &':: BC civ Kahn p.;&%n 1gyptian scribe used non


5/48

:


6/48

Islamic states and the conse3uent ailure to developa permanent civil service and to set up permanentembassies in other countries militated againstcryptography7s more widespread use.77

&22= +ovt Kahn p.&:=

88%s early as &22=- a aint political cryptography

appeared in the archives o Denice- where dots orcrosses replaced the vowels in a ew scatteredwords.77

about &2$: Civ Kahn p.':

/oger 3aconnot only described several ciphers butwrote, 88% man is cra"y who writes a secret in anyother way than one which will conceal it rom thevulgar.77

&9;' +ovtGciv Kahn p.&:;

#abrieli di 5avindeat the re3uest o Clement DII-compiled a combination substitution alphabet andsmall code


7/48

&@==eintroduced the notion o changing alphabets witheach letter.

&$$9 Civ Kahn p.&9;

#iovan 3atista 3elasointroduced the notion ousing a passphrase as the key or a repeatedpolyalphabetic cipher. 4This is the standardpolyalphabetic cipher operation mise classiiedciphers as transposition- substitution and symbolsubstitution 4use o a strange alphabet5. >esuggested use o synonyms and misspellings toconuse the cryptanalyst. >e apparently introducedthe notion o a mi!ed alphabet in a polyalphabetictableau.

&$=@ CivKahnp.&@@4ootnote5

Bellaso published an autokey cipher improving onthe work o Cardanowho appears to have inventedthe idea.

&=29 Civ Bacon

Sir 0rancis 3acondescribed a cipher which now

bears his name


8/48

cipherte!t letters are used or the current letter7skey5. EKahn p.&@;, both o these were orgotten andre


9/48

pp.&'9


10/48

incorporated as Crypto %+. The company is still inoperation- although acing controversy or havingallegedly weakened a cipher product or sale to Iran.

&'2& Civ Kahn p.@&$

Edward >gh >ebernincorporated 88>ebern1lectric Code77- a company making electroA&A 0 ;525?o "A ;5)istorical tricks includes invisible inks- tiny pin puncture on selected characters-minute dierences between handwritten characters- pencil marks on typewritten


26/48

characters- grilles which cover most o the message e!cept or a ew characters-and so on. ore recently people are hiding secrets in graphic image.Describe Digital System EncryptionCISSP Seminar:

The key and message both streams o bits $ach tet character Q 7 bits

$ach key bit *#ed >eclusived-or9ed? with corresponding message bit

*# operation yields 3 if both bits the same and ; is different

1!ample,1SS%+1 ST)1% :&::&:::K1O ST)1% &&:&:::&CIP>1)T1LT ST)1% &::&&::&Define the word BCodesB as it pertains to Cryptography

CISSP Seminar:ist o wordsGphrasesG 4codes5 with corresponding random groups onumbersGletters 4code groups5

Applied Cryptography" Page ):>istorically- a code reers to a cryptosystem that deals with linguistic units,words- phrases- sentences- and so orth. Jor e!ample- the word V0C10Tmight be the cipherte!t o the entire phrase VTurn let ': degrees- the wordV0IP0P might be the cipherte!t or VTurn right ': degrees- and the wordsVB1*T 1%) might be the cipherte!t or V>0(ITM1). Codes are only useul orspeciali"ed circumstances. Ciphers are useul or any circumstance. Codes arelimited- i your code does not have an entry or a speciic word then you cant say

it- you can say anything you wish using cipher.Compare and contrast >agelin and /otor Cryptography 9achinesCISSP Seminar:

%agelin (achine

Combines plain tet >character by character? withJ

'eystream >long pseudo-random seuence?

+o produce cipher tet

#otor (achines

#otor implements cipher alphabet

#otor connected in banks ignal entering one end permuted by each of rotors before leaving at other end

'eyed by changing rotor variableso #otors!order of rotors

o "umber of stopping pieces per wheel

o Pattern of motion


27/48

Describe the se and characteristics of B!ne.Time.PadB EncryptionCISSP Seminar:

nbreakable by ehaustive search >brute force?

#andom key same length as message

*nly used once

Digital system key and message both bit streams 7 bits per character

$ach key bit *#ed with corresponding message bit

Produces ciphertet bit

'ey bits *#ed with ciphertet to decrypt

Describe the history of the DES EncryptionCISSP Seminar:

:B( cryptographic research >late ;5=39s?

(odification of 8ucifer developed by :B(

"on-linear block ciphers :B( developed >about ;56


28/48


29/48

1ach block o cipherte!t is encrypted independently o any other block. Thereoreeach cipherte!t block corresponds to one plainte!t block Aust like in a code book.CBC < Chain Block Cipher1CB does not protect against insertion o repeated blocks because blocks aretreated independently. %nother weakness is that identical plainte!t blocks

generate identical cipherte!t blocks. To improve #1S or communication streamseach =@ bit block is 1L0)ed with the previous =@ bit cipherte!t beore enteredinto the #1S chip. In addition to a common secret key the sender and receiverneed to agree on an initial vector to be 1L0)ed with the irst block o amessages stream.CJ < Cipher Jeedback odeCJ is an alternate mode or #1S on ? bit characters. The input character is1L0)ed with the least signiicant byte o the #1S output and then transmittedover thecommunication link. In order to collect enough bits or the =@ bit encryption blockthe output characters are collected in a character based shit register. 1ach

output character advances the shit register by ? bits and triggers a new #1Sencryption. Thereby the ne!t input character will be 1L0)ed with a new #1Soutput. CJ is suitable or use on serial lines.Describe the caracteristics and sage of DobleTriple DESCISSP Seminar:

Double D$

$ffective key length ;;< bits

/ork factor about the same as single D$

"o more secure

+riple D$ $ncrypt with first key

Decrypt with second key

$ncrypt with first key

"o successfull attack reported

/SA Crypto FAQ:Jor some time it has been common practice to protect and transport a key or#1S encryption with triple


30/48

%ttacks on two?&F and Dan 0orschot and (iener ED('&F- but the data re3uirements othese attacks make them impractical. Jurther inormation on tripleere are some o the degates,Criminal encryption use e!ists. 1ncryption has already been used by criminals tokeep their activities secret rom the JBI and law enorcement. Jrom &''$ to&''=- the number o cases in which the JBI was oiled by encryption more thandoubled 4$ to &25.1ncryption is not regulatable outside the /S. *on


31/48

1scrow has not been thoroughly tested. There are millions o encryption usersand thousands o agents and law enorcement agencies. Key escrow has neverbeen tested in a wideshipOack?

Decrypted by special chip, uniue key and special law enforcement access field

>8$A&? transmitted with encrypted communication. #egardless of session key

Chip uniue key is *# of < components

$ach encrypted and stored in escrow with separate escrow agent

Both needed to construct chip uniue key and decrypt

#elease to authoriNed government agent for authoriNed surveillance.

hipOack Algorithm +ransform =2 bit input block into =2 bit output block

73 bit key length

ame operating modes as D$ >2 of them?

Classified to prevent implementing >in either software or hardware? without

8$A&

/SA Crypto FAQ:The Clipper chip contains an encryption algorithm called SkipAack. 1ach chipcontains a uni3ue ?:


32/48

Initially the details o SkipAack were classiied and the decision not to make thedetails o the algorithm publicly available was widely critici"ed. Some peoplewere suspicious that SkipAack might not be secure- either due to an oversight byits designers- or by the deliberate introduction o a secret trapdoor. SinceSkipAack was not public- it could not be widely scrutini"ed and there was little

public conidence in the cipher.%ware o such criticism- the government invited a small group o independentcryptographers to e!amine the SkipAack algorithm. They issued a report EB#K'9Fwhich stated that although their study was too limited to reach a deinitiveconclusion- they nevertheless believed SkipAack was secure.In 6une o &''? SkipAack was declassiied by the *S%. 1arly cryptanalysis hasailed to ind any substantial weakness in the cipher.Describe the elements of the Electronic Data Secrity ,ct of &''FCISSP Seminar:To be completed

Ele&troni& 3ata Se&urity A&t -))*:The 1lectronic #ata Security %ct states its goals as,To enable the development o a key management inrastructure or publicdifficulty of taking logarithms in finite fields?

$l amal encryption scheme and signature algorithm

chnorr9s signature algorithm

"ybergrueppel9s signature algorithm

tation-to-tation protocol for key agreement >+?

Digital ignature Algorithm >DA?

$lliptic Curve Crypto >$CC?

/SA Crypto FAQ:Public


33/48

can actor the modulus can decrypt messages and orge signatures. The securityo the )S% algorithm depends on the actoring problem being diicult and thepresence o no other types o attack.In general the larger the number the more time it takes to actor it. 0 course iyou have a number like 2&:: it is easier to actor than say- a number with hal

as many digits but the product o two primes o about the same length. This iswhy the si"e o the modulus in )S% determines how secure an actual use o)S% isR the larger the modulus- the longer it would take an attacker to actor- andthus the more resistant the )S% modulus is to an attack.

Define Elleptic Crve Cryptosystems ECC

CISSP Seminar: ses algebraic system defined on points of elliptic curve to provide public-key

algorithms.

Digital signature ecret key distribution

Confidential info transmission

&irst proposed by Iictor (iller >:B(!C#D? ;57) K "eal koblitN > /ashington

univ?

/SA Crypto FAQ:1lliptic curve cryptosystems were irst proposed independently by Dictor illerEil?=F and *eal Koblit" EKob?;F in the mid


34/48

:deal for very small hardware implementations

mart card

$ncryption and digital signatures stages separable to simplify eport

/SA Crypto FAQ:

Presently- the methods or computing general elliptic curve discrete logs aremuch less eicient than those or actoring or computing conventional discretelogs. %s a result- shorter key si"es can be used to achieve the same security oconventional public


35/48

A": AC 5

$lliptic curve key agreement and key management proposed work item

:*!:$C CD ;2777@ EDigital ignature with appendiE

Iariety of digital signature mechanisms

/SA Crypto FAQ:The I111 P&9=9 is an emerging standard that aims to provide a comprehensivecoverage o established public


36/48

P+P 4Pretty +ood Privacy5 is a sotware package originally developed by PhilMimmerman that provides cryptographic routines or e


37/48

1l +amal%nother popular system is the 1l +amal algorithm- which relies on the diiculty odiscrete logarithms. The algorithm is based on the problem o e!ponentiation asollows, given a modulus 3 and some b U 3- a character ! can be encrypted asinteger y is the condition by W ! mod 3. The integer y should not be easily

computable- providing security through the uneasibility o complicated discretelogarithms.The actual 1l +amal algorithm re3uires- or a secure system- that everyoneagrees on a large prime modulus- 3. % number g is chosen such that- ideally- theorder o g is 3


38/48

$.Bob sends O to %lice.=.%lice computes Key 2 Q Oa mod mBoth Key & and Key 2 are e3ual to gab mod m. *o one besides %lice and Bob isable to generate this value. 0nly someone who knows a or b is able to generatethe key. Thereore #iie >ellman public key is a means or two parties who have

never met to be able to negotiate a key over a public channel.The security o #iie >ellman revolves around the choice o the publicparameters m and g. odulus m should be a prime number and 4m


39/48

Identify the ,ctivities /elated to Key managementCISSP Seminar:

'ey management

'ey change

'ey disposition 'ey recovery

Control of crypto keys

/SA Crypto FAQ:Key management deals with the secure generation- distribution- and storage okeys. Secure methods o key management are e!tremely important. 0nce a keyis randomly generated 4see uestion @.&.2.25- it must remain secret to avoidunortunate mishaps 4such as impersonation5. In practice- most attacks on public;3!

Developed eportable, worldwide approach to strong encryption to enable secure

international commerce Developing modern, high-level crypto E'ey recoveryE solutions

(eet business reuirements $ase crypto import!eport restrictions worldwide

Alliance proposed reuirements for ideal key recovery system >5!;5!56?

/SA Crypto FAQ:0ne o the barriers to the widespread use o encryption in certain conte!ts is theact that when a key is somehow HlostH- any data encrypted with that keybecomes unusable. Key recovery is a general term encompassing the numerousways o permitting Hemergency accessH to encrypted data.0ne common way to perorm key recovery- called key escrow- is to split adecryption key 4typically a secret key or an )S% private key5 into several parts

and distribute these parts to escrow agents or HtrusteesH. In an emergencysituation 4e!actly what deines an Hemergency situationH is conte!t


41/48

encrypted session key is sent with the encrypted communication- and so thetrustee is able to decrypt the communication when necessary. % variant o thismethod- in which the session key is split into several pieces- each encrypted witha dierent trustee7s public keyis used by TIS7 )ecoverKey.Key recovery can also be perormed on keys other than decryption keys. Jor

e!ample- a user7s private signing key might be recovered. Jrom a security pointo view- however- the rationale or recovering a signing key is generally lesscompelling than that or recovering a decryption key.Define Digital Signatre as it Pertains to CryptographyCISSP Seminar:

Authentication tool to verify a message origin and a sender identity

#esolves authentication issues

Block of data attached to message >document, file, record, etc?

Binds message to individual whose signature can be verified

o By receiver or third party

o Can9t be forged $ach user has public-private key pair.

/SA Crypto FAQ:The digital signature o a document is a piece o inormation based on both thedocument and the signer7s private key. It is typically created through the use o ahash unction and a private signing unction 4encrypting with the signer7s privatekey5- but there are other methods. %uthentication is any process through whichone proves and veriies certain inormation. Sometimes one may want to veriythe origin o a document- the identity o the sender- the time and date adocument was sent andGor signed- the identity o a computer or user- and so on.

% digital signature is a cryptographic means through which many o these may beveriied.

Describe the Digital Signatre Standard DSS

CISSP Seminar: ":+ proposed in ;55;

ses secure hash algorithm >%A?

Condenses message to ;=3 bits

(odular arithmetic eponentiations of large numbers

'ey siNe );#A?

FIPS -,6:This Standard speciies a #igital Signature %lgorithm 4#S%5 appropriate orapplications re3uiring a digital rather than written signature. The #S% digitalsignature is a pair o large numbers represented in a computer as strings o


42/48

binary digits. The digital signature is computed using a set o rules 4i.e.- the #S%5and a set o parameters such that the identity o the signatory and integrity o thedata can be veriied. The #S% provides the capability to generate and veriysignatures.

Define !peration of the Digital Signatre StandardCISSP Seminar:To sign a message

ender computes digest of message

sing public hash function

Crypto signature by sender9s private key

Applied to digest creates digital signature

Digital signature sent with message

To veriy a message #eceiver computes digest of message

Ierifying functions with sender9s public key Applied to digest and signature received

Ierified if both digest match

ignature decryption identifies sender

/SA Crypto FAQ:The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set oparameters such that the identity o the signatory and integrity o the data can beveriied. The #S% provides the capability to generate and veriy signatures.Signature generation makes use o a private key to generate a digital signature.Signature veriication makes use o a public key which corresponds to- but is not

the same as- the private key. 1ach user possesses a private and public key pair.Public keys are assumed to be known to the public in general. Private keys arenever shared. %nyone can veriy the signature o a user by employing that user7spublic key. Signature generation can be perormed only by the possessor o theuser7s private key.

% hash unction is used in the signature generation process to obtain acondensed version o data- called a message digest. The message digest is theninput to the #S% to generate the digital signature. The digital signature is sent tothe intended veriier along with the signed data 4oten called the message5. Theveriier o the message and signature veriies the signature by using the sender7spublic key. The same hash unction must also be used in the veriication process.

The hash unction is speciied in a separate standard- the Secure >ash Standard4S>S5- JIPS &?:. Similar procedures may be used to generate and veriysignatures or stored as well as transmitted data.Identify the benefits of the Digital Signatre StandardCISSP Seminar:

Provides non-repudiation

sed with electronic contracts, purchase orders, etcU


43/48

sed to authenticate software, data, images, users, machines.

Protect software against viruses

mart card with digital signature can verify user to computer

/SA Crypto FAQ:

The digital signature is computed using a set o rules 4i.e.- the #S%5 and a set oparameters such that the identity o the signatory and integrity o the data can beveriied.Define %on./epdiation as it pertains to CryptographyCISSP Seminar:

Proves message sent and received

$nsures sender can9t deny sending

#ecipient can9t deny claim that they received something else or deny receiving

proper message

Define >ash fnctions as they pertain to CryptographyCISSP Seminar:

/SA Crypto FAQ:The main role o a cryptographic hash unction is in the provision o messageintegrity checks and digital signatures. Since hash unctions are generally asterthan encryption or digital signature algorithms- it is typical to compute the digitalsignature or integrity check to some document by applying cryptographicprocessing to the document7s hash value- which is small compared to the

document itsel. %dditionally- a digest can be made public without revealing thecontents o the document rom which it is derived. This is important in digitaltimestamping where- using hash unctions- one can get a document timestampedwithout revealing its contents to the timestamping service.Describe the Ase of Certification ,thorityCISSP Seminar:

Binds individuals to their public keys

Certification authrority9s digital signature

Attest binding

Certification authority certification

ser identification, public key, date )35 certification standard

":+ "ational Digital ignature Certification Authority study

/SA Crypto FAQ:Certiicates are issued by certiication authority. Certiicates are digitaldocuments attesting to the binding o a public key to an individual or other entity.They allow veriication o the claim that a speciic public key does in act belong


44/48

to a speciic individual. Certiicates help prevent someone rom using a phonykey to impersonate someone else. In some cases it may be necessary to createa chain o certiicates- each one certiying the previous one until the partiesinvolved are conident in the identity in 3uestion.In their simplest orm- certiicates contain a public key and a name. %s commonly

used- a certiicate also contains an e!piration date- the name o the certiyingauthority that issued the certiicate- a serial number- and perhaps otherinormation. ost importantly- it contains the digital signature o the certiicateissuer. The most widely accepted ormat or certiicates is deined by the IT/&:(A?

Computed value derived from document

Detect accidental!intentional alteration

&orgery possible

%C +eneration Algorithm eamines bitstream

Data field output appended to bitstream

Before transmission!storage

Parity!checksum application

Bitstream and (AC (achine!communications error

/SA Crypto FAQ:% message authentication code 4%C5 is an authentication tag 4also called achecksum5 derived by appying an authentication scheme- together with a secretkey- to a message. /nlike digital signatures- %Cs are computed and veriiedwith the same key- so that they can only be veriied by the intended recipient.


45/48

There are our types o %Cs, 4&5 unconditionally secure- 425 hash unction

CISSP Study Guide on Cryptography

Documents

Transcript of CISSP Study Guide on Cryptography