CISSP - Mind Mapping for Certifications

CISSP Cryptography Motivation and Study Techniques to help you learn, remember, and pass your technical exams! Cisco CISSP CEH More coming soon... Vis...

25 downloads 639 Views 240KB Size
X.509 IDEA

Motivation and Study Techniques to help you learn, remember, and pass your technical exams!

S/MIME

CISSP CEH More coming soon...

Confidentiality

RSA

Cisco

Visit us

PGP

Key Exchange

www.mindcert.com

Web of Trust not PKI Between application and transport layers Uses digital certs

SSL/TLS

Hidden to the user Browser support AH

IPSec

ESP WAP WTLS Uses SKIPJACK Escrow

Misc Security Applications

Art relating to converting Ciphertext into plaintext without the secret key

Definitions Clipper

Two identical pads/keys

L2TP SSL

Non-repudiation

Traffic Analysis

Inference of information from analysis of traffic

Traffic Padding

Generation of spurious data units Effort/Time needed to overcome a protective measure

Work Factor

Unbreakable

IPSec

Encryption from source to system/Client to Server

Denial of sending a message

Repudiation

An embedded chip

Key stored in two places

Encrypting data on the network

End-to-end Encryption

For government to spy on you!

One time Pad

Pads can only be used once relies on physical storage of the pads

Replace one letter with another one

Substitution Ciphers

Distribution a NIGHTMARE Hiding text in a .JPG

Art relating to encrypting and decrypting information

Cryptanalysis Link Encryption

Wireless

Security Layer

Cryptography

Hiding data in another format

History

Steganography

Monoalphabetic Uses more than one method

Transposition Ciphers

Transposes the keys Does not follow a common pattern

Issuing CA

CA

SSL For e-mail ActiveX Controls

Symmetric

Encryption Categories

Server Personal

Hash Algorithmic

Software Publishers The authenticating agency

The end user or device listed in the subject field of the X.509 certificate A public document containing the rules of the CA

Fundamentals

CA

End Entity

Terminology Certification Path

A trusted body that can verify the authenticity of a person or host Where clients store the Certificate

Secret algorithm Newer

Systems

Secrecy is provided by the key

Keyed Systems

Known algorithm

CISSP

Strength of the algorithm

Encryption Strength

Cryptography

RA

Secrecy of the keys Length of the key

Uses the same key to encrypt and decrypt Encrypts data in discrete blocks

Certificate Repository

Data is padded if required Block

An answer to the symmetric Key Distribution problem

Block size usually 64 or 128 bytes long Most popular method

Ciphers

Based on Public Keys and Private Key pairs Only receiver can decrypt it

Older

PKI

Certificate Policy Statement

The traceable history of parties who have vouched for this certificate

Asymmetric

Types of Certificates

Stream

Confidentiality

Encryption with the Private signature provides Authentication

Fastest Cannot verify stream so not considered as secure as block mode

Authentication Hash provides integrity

56 bit Key

Then encrypted with private key to create a Digital Signature

Industry standard

Integrity

Provided by hashing

Block Cipher Diffusion and Confusion

Combats MITM Attacks

NIST

160 Bits

Uses SHA

DSS

Fast and simple

Uses a shared secret to combine with the hash Faster than using asymmetric with the hash SHA HMAC MD5 HMAC

Problems

Hashed Message Authentication Code (HMAC)

Variants

Asymmetric/Public Key Fundamentals

S/MIME is used for secure emails Faster than using the public/private key pair Provides confidentiality

Verification

Encrypts data bit by bit

Plain text is encrypted with the receivers public key

S/MIME uses session keys to encrypt the message 160 bit HASH 128 bit HASH

Based on Factoring two large prime numbers

S/MIME

Cipher Block Chaining

Symmetric Algorithms Diffusion

MD5 3DES

Based on elliptic curve discreet logarithms Faster than RSA movianVPN

RC4

Based on modular arithmetic

Can use DH

Key Distribution

Key Distribution and Management Issues

Two Fish

S Box

112 or 168 bit DES but with two or three keys

1-448 bit Up to 256 bit 128, 192, or 256 bit

AES

CISSP Cryptography.mmap - 15/05/2009 - Andrew Mason

P Box Conceals the statistical connection between cipher and plain texts

Variable length

Blowfish

Repeated use of a key makes it easier to crack Both sender and receiver must have the same key

Cipher Feedback

Spread the influence of a plain text character

128 bit

IDEA

ECC

Great for PDAs

Electronic Code Book Output Feedback

SHA

Algorithms

Can be cracked

Operating Modes

Symmetric/Private Key Fundamentals

Confusion

RSA

Single key distribution is problematic

DES

Rijndael Supports smart cards and 32, 64 bit processors NIST competition winner