Olá pessoal,

Esse artigo é um resumo de todas as terminologias que anotei sobre o Domínio: Enterprise Security – Cryptography. Acredito que será bastante útil para quem esta estudando para o exame do CASP.

 

IDEA (International Data Encryption Algorithm) Is a block cipher and operates on 64-bit blocks of data. The 64-bit data block is divided into 16 smaller blocks, and each has 8 round of mathematical functions performed on it.
RSA Asymmetric Key or Public Keycryptographicsystem. RSA can be used for encryption, key exchange, and digital signatures.
Kerberos Kerberos depends on Secret Keysor Symmetric Key cryptography.
DES (Data Encryption Standard) Symmetric Key or Secret Key algorithm.
DES key Sequence 8 Bytes.
DES key Effective 56 Bytes.
DES key Total 64 Bytes.
Symmetric Key Algorithm Using the same key for encryption and decryption. Symmetric Keys also called secret keys. Can provide confidentiality.
DES (Data Encryption Standard), 3DES (Triple-DES), Blowfish, Twofish, IDEA (International Data Encryption Algorithm), RC4, RC5, RC6, AES (Advanced Encryption Standard), SAFER (Secure and Fast Encryption Routine), Serpent.
Asymmetric Key Algorithm Uses both a Public Key and a Private Key. Can provide authentication and nonrepudiation.
RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptosystem), Diffie-Hellman, El Gamal, DSA (Digital Signature Algorithm), Merkle-Hellman Knapsack.
One-Time Pad Uses a keystream string of bits that is generated completely at random key of the same size as the message and is used only once.
Electronic Code Book mode of DES A givenblock of plaintextand a given key will always produce the same ciphertext.
Application Layer Determines the identity of the communication partners.
ECC (Elliptic Curve Cryptography) This type of cryptography is based on the complex mathematics of elliptic curves. These algorithms are advantageous for their speed and strength.
Digital Signature Directly addresses both confidentiality and integrity of the CIA triad. Provide Nonrepudiation, Authentication, Data Integrity.
PGP (Pretty Good Privacy) Uses an symmetric key algorithm. Uses a “Web of Trust”, where users can certify each other in a mesh model, which is best applied to smaller groups.
Diffie-Hellman Asymmetric algorithm, but is used only forkey exchange. Is used for Key agreement (key distribution) and cannot be used to encrypt and decrypt messages.
Rijndael New approved method of encrypting sensitive(AES) but unclassified information for the U.S. government.
Substitution Is not a mode of DES.
Authentication Header Is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed.
SET (Secure Electronic Transaction) Cryptographic protocol  and infrastructure developed to send encrypted credit card numbers over the Internet. SET was developed by a consortium including Visa and MasterCard.
Known-Plaintext attack The goal to this type of attack is to find the cryptographic key that was used to encrypt the message. Once the key has been found, the attacker would then be able to decrypt all messages that had been encrypted using that key.
SHA-1 (Secure Hash Algorithm) Computes a fixed length message digest from a variable length input message.
IKE (Internet Key Exchange) Protocol is a key management protocol standard that is used in conjunction with the IPSec standard.
FIPS-140 Hardware and cryptographic software modules.
PKI It supports public key exchange and it is responsible for issuing, locating, trusting, renewing, and revoking certificates. Provides confidentiality, access control, integrity, authentication and non-repudiation.
Ciphertext-only Attack The attacker has the ciphertext of several messages encrypted with the same encryption algorithm. Its goal is to discover the plaintext of the messages by figuring out the key used in the encryption process.
Message Digest To detect any alteration of the message as the message digest is calculated and included in a digital signature to prove that the message has not been altered since the time it was created by the sender.
MAC (Message Authentication Code) Used for integrity protection. Is an authentication checksum derived by applying an authentication scheme, together with a secret key, to a message. There are four  unconditionally secure, hash function based, stream cipher-based and block cipher-based.
DSS (Digital Signature Standard) Provides Integrity, digital signature and Authentication.
Link Encryption This mode does not provide protection if the nodes along the transmission path can be compromised.
Steganography Is a method of hiding data in another media.
Cesar Cipher Simple substitution cipher that involves shifting the alphabet three positions to the right.
ROT13 Cipher Substitution cipher that shifts thealphabet by 13 places.
Polyalphabetic Cipher Using multiple alphabets at a time. 
Transposition Cipher Different type of cipher.
X.509 Used in digital certificates.
X.400 Used in an e-mail as a message handling protocol.
X.25 Standard for the network and data link levels of a communication network.
X.75 standard defining ways of connecting two X.25 networks.
WTLS (Wireless Transport Layer Security) Communication protocol that allows wireless devices to send and receive encrypted information over theInternet.
OFB (Output Feedback) DES mode of operation.
Analytic Attack Refers to using the algorithm and algebraic manipulationweakness to reduce complexity.
Statistical Attack Uses a statistical weakness in the design.
Brute-force Attack Type of attack under which every possible combination of keys and passwords is tried.
Codebook Attack  Attacker attempts tocreate a codebook of all possible transformationsbetween plaintext and ciphertext under a single key.
Split Knowledge Involves encryption keys being separated into two components, each of which does not reveal the other.
Class 1/Level 1 Certificates verify electronic mail addresses.
Class 2/Level 2 Certificates verify a user’s name, address, social security number, and other information against a credit bureau database.
Class 3/Level 3 Certificates are available to companies.  This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate.
Class 4 Online business transaction between companies.
Class 5 Private organizations or governmental security.
Stream Cipher Generates what is called a keystream (a sequence of bits used as a key).
Block Ciphers Type of symmetric-key encryption algorithm that transforms a fixed-size block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.
Digital Timestamp Binds a document to its creation at a particular time.
 PPTP (Point-to-Point Tunneling Protocol) PPTP is an encapsulation protocol based on PPP that works atOSI layer 2 (Data Link) and that enables asingle point-to-point connection, usually between a client and a server.
Clipper Chip Is a NSA designed tamperproof chip for encrypting dataand it uses the SkipJack algorithm. It is based on a 80-bit key and a 16-bit checksum.
Concealment Cipher Every X number of words within a text, is apart of the real message. The message is within another message.
One-way Hash Is a function that takes a variable-length string a message, and compresses and transforms it into afixed length value referred to as a hash value. It provides integrity, but no confidentiality, availability or authentication.
RC2 Proprietary, variable-key-length block cipher.
SSL Provides security services at the Transport Layer of the OSI model.
ISAKMP (Internet Security Association Key Management Protocol) Key management protocolused by IPSec. Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.
Symmetric Cryptography When using symmetric cryptography, both parties will be using the same key for encryption and decryption. Symmetric cryptography is generally fast and can be hard to break, but it offers limited overall security in the fact that it can only provide confidentiality.
Birthday Attack Usually applied to the probability of two different messages using the same hash function producing a common message digest.
LDAP servers The primary security concerns relative to LDAP servers are availability and integrity.
ARL (Authority Revocation List) Data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer before when they were scheduled to expire.
CRL (Certificate Revocation List) Mechanism for distributing notices of certificate revocations.
Cross-certification Is the act or process by which two CAs each certify a public key of the other, issuing a public-key certificate to that other CA, enabling users that are certified under different certification hierarchies to validate each other’s certificate.
Digital watermarking Computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images, video, or audio and for detecting or extracting the marks later.
OAKLEY Key establishment protocol(proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP.
SKIP Key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.
Key Encapsulation Is one class of key recovery techniques and is defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties called “recovery agents” can perform the decryption operation to retrieve the stored key.
Chosen-Ciphertext Attack Is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems.
Hybrid Encryption Methods Use of public key encryption to secure a secret key, and message encryption using the secret key.
S/MIME-standard Encryption is realizedinPublic key based, Hybrid encryption scheme.
Certificate path validation Verification of the validity of all certificates of the certificate chain to the root certificate.
Blowfish Symmetric block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 up 448 bits, and the data blocks go through 16 rounds of cryptographic functions.
Cryptanalysis Is the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse-engineering algorithms and keys.
Confidentiality Renders the information unintelligible except by authorized entities.
Integrity Data has not been altered in an unauthorized manner since it was created, transmitted, or stored.
Authentication Verifies the identity of the user or system that created information.
Authorization Upon proving identity, the individual is then provided with the key or password that will allow access to some resource.
Nonrepudiation Ensures that the sender cannot deny sending the message.
Access Control Restricting and controllingsubject and objectaccess attempts.
Algorithm Set of mathematical rules used in encryption and decryption.
Cipher Another name for the algorithm.
Cryptography Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals.
Cryptosystem Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext.
Cryptology The study both cryptography and cryptanalysis.
Data origin authentication Proving the source of a message (system-based authentication).
Encipher Act of transforming data into an unreadable format.
Entity authentication Providing the identity of the entity that sent a message.
Decipher Act of transforming data into a readable format.
Key Secret sequence of bits and instructions that govern the act of encryption and decryption.
Key Clustering Instance when two different keys generate the same ciphertext from the same plaintext.
Keyspace A range of possible values used to construct keys.
Plaintext Data in a readable format, also referred to as cleartext.
Receipt Acknowledgment that a message has been received.
Work factor Estimated time, effort, and resources necessary to break a cryptosystem.
Secure message format Sender encrypt the data the receiver’s public key.
Open message format Receiver encrypt the data with de sender’s private key.
ECB (Electronic Code Book) ECB mode operates like a code book. A 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is produced.
CBC (Cipher Block Chaing) Each block of text, the key, and the value based on the previous block are processed in the algorithm and applied to the next block of text.
CFB (Cipher Feedback) A combination of a block cipher and a stream cipher. For the first block of 8 bits that needs to be encrypted, we do the same thing we did in CBC mode, which is to use an IV.
OFB (Output Feedback) Makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.
CTR (Counter) Turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a “counter”.
3DES (Triple-DES) Is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) block cipher, which applies the DES (Data Encryption Standard) cipher algorithm three times to each data block.
DES-EEE3 Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted.
DES-EDE3 Uses three different keys for encryption, and the data are encrypted, dencrypted and encrypted.
DES-EEE2 The same as DES-EEE3 but uses only two keys, and the first and third encryption processes use the same key.
DES-EDE2 The same as DES-EDE3 but uses only two keys, and the first and third encryption processes use the same key.
AES (Advanced Encryption Standard) Is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
10 Rounds If both the key and block size are 128 bits.
12 Rounds If both the key and block size are 192 bits.
14 Rounds If both the key and block size are 256 bits.
RC4 algorithm used for encryption and does not provide hashing functions, it is also commonly implemented Stream Ciphers.
RC5 Is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits.
RC6 Is a block cipher that was built upon RC5, so it has all the same attributes as RC5. There were some modifications of the RC5 algorithm to increase the overall speed, the result of which is RC6.
El Gamal Is a public key algorithm that can be used for digital signatures, encryption, and key exchange.
MD2 Is a on-way hash function designed by Ron Rivest that creates a 128-bit message digest value. It is much slower.
MD4 Is a one-way hash function designed by Ron Rivest. It also produces a 128-bit message digest value. It is used for high-speed computation in software implementations and is optimized for microprocessors.
MD5 Generates a 128-bit digest from a message of any length.
HTTPS Protects the communication channel between two computers. HTTPS uses SSL/TLS and HTTP to provide a protected circuit between a client and server.
S-HTTP (Secure HTTP) Is a technology that protects each message sent between two computers. Is used if an individual message needs to be encrypted.
IPSec ( Internet Protocol Security) Is a widely accepted standard for providing network layer protection. IPSec has strong encryption and authentication methods, and although it can be used to enable tunneled communication between two computers, it is usually employed to establish VPN among networks across the Internet.
Passive Attacks Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system.
Active Attacks Altering messages, modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data.
Trapdoor Is a means to bypass security by hiding an entry point into a system.
Spread Spectrum Spreads communication across differrent frequencies available for the wireless device.

 

Luciano Lima
[CISSP]-[CEH]-[CSA+]-[Security+]-[MCSA Security]-[MCSE Security]

Você gostou do artigo?
Compartilhe com seus amigos.
Receba a Newsletter por e-mail