This is probably the most disorganized introduction of a concept that anyone has ever seen. There is no rhyme or reason to it, so we’re jumping right in head first.
Encryption is the process of changing plaintext to ciphertext. Hi → #!
If we encrypt the word “example” into a string of characters such as “t$6bv^V&2L***s)@.#jzE3” this would be encryption. Remember your algebra classes? X + Y = Z. Encryption is simply following similar mathematical functions. In the example here, X would be “example”, Y would be the unknown, and Z would be the output of garbled stuff. This of course is an over-simplification. A better explanation might be this…
If we used X + Y(Z) = A, we could say that X is the message (plaintext), Y is the algorithm, and Z is the key, or the unknown piece.
The Algorithm or cipher is the formula used to encrypt the above, and the Key is the missing or hidden piece of the formula, which would be an unknown part of “Z” in the formula.
Let’s simplify this example a bit. Let’s encrypt the word “Hi” using an algorithm of
[plaintext letter] +1 in the alphabet = [ciphertext].
Thus “Hi” would become “iJ”. This is an oversimplified example and would be easy to crack, but if we changed the “+1” each time we encrypted something, this would be an example of changing the key, or cryptovariable. If we increased the number of possible digits in the “+1” part of the formula, this is an example of what a bigger key space is.
Key space is the number of potential values and combinations (possibilities) of a key. this is described as a number, such as 2^128. It differs from key size (key length) in that it doesn’t use bits.
Key space clumping or Key space clustering has to do with keys not being randomly generated or that the key randomization is not up-to-par somehow. ISC2’s materials on this are lacking, and research on the web is very technical, however, PLEASE be aware of the fact that the general cryptography term “clustering” to separate keys producing the same ciphertext for a given algorithm. You may or may not get a question on this, just something to be aware of.
Plaintext and cleartext are the same thing – human readable stuff.
Ciphertext and cryptogram are the same – the jumbled, scrambled, and illegible characters, or the output of a cryptographic function.
Decryption is the reverse of encryption, thus changing ciphertext to plaintext. #! → Hi. Encryption and decryption are forms of encoding/decoding (but encoding is not encryption)
Deterministic decryption – Note: this is not the same as “deterministic” hash property. Deterministic decryption refers to the principle that only one plain text results from the decryption of any possible ciphertext produced by the system.
Hash – the file or message is run through a mathematical function and generates a smaller digital representation. For example, the phrase “Hi, I’d like to take and pass the overly difficult CISSP exam with your help within the next year” could be reduced down to “10110001110” It’s a one-way function that can be used to detect change in files (integrity). If the file changes at all, the hash will be different. If not…
Pass the Hash – is an attack where a user’s password hash is obtained from a device and sent to the server for authentication. Since the authentication servers don’t actually see the password, the hash can be used successfully to gain what’s called “lateral access” if the account has admin rights to other devices. The following video best explains it:
Collision – when a hash function creates the same output for two different inputs. For example if we ran a hash on “Hi” and a hash on “Yup” and both created “10110001110” as the output, we would have a collision. Collisions are bad for hashing algorithms for obvious reasons.
Repudiation – the denial of doing something, thus non-repudiation is the inability to deny something. For example, if someone at work sends an offensive email to another co-worker, cryptographic services can make it impossible for the offender to deny sending the offensive email. If the cryptographic services aren’t available, the offender might be able to repudiate, or deny sending the email and get away with it.
Cryptanalysis – refers to the attacks on cryptography. More on this later…
Initialization vector – this is the random number or value that is generated by the cryptosystem to add variance and security to the transmission.
Encoding – the act of changing something from human readable to machine readable. It includes encryption, in other words, encryption is a form of encoding but they are not the same thing.
Decoding – the act of changing something from machine readable to human readable. It includes decryption.
Substitution – changes one character for another
Transposition – reorders the characters without changing them
Confusion – changing the key during different rounds of encryption
Diffusion – switching around the location of plaintext within the ciphertext
Avalanche – the principle of having a small change in plaintext resulting in a large change in ciphertext
Key clustering – when different keys generate the same ciphertext from the same message
Synchronous – encryption requests are processed instantly
Asynchronous – encryption requests are processed in queues
Symmetric – same key is used. Remember that the word “symmetry” means “the same” in mathematics. The key is established “out of band” which means it is established outside of the transmission medium that will be used for the encryption. Another issue is scalability due to the number of keys needed as the number of users increases. The formula for number of keys needed is n(n-1)/2.
Asymmetric – different keys are used, one to encrypt, and another to decrypt. Also can be called public key cryptography. The public key can be made available to anyone, as it should be. The private key should not be made available to anyone except the person it belongs to. Only two key pairs are needed per user, thus asymmetric cryptography is scalable (formula is simply n2 for the number of keys needed). The best way to understand how it works is to see the visual representation of it in our YouTube video.
It explains how the public and private keys are related, and how you can’t use one to guess the other, even though they’re mathematically related. If you’re new to this, think of the public key as a lockbox, and the private key as the key to that box. Remember that keys are just values in the algorithm, so the same can be said when you reverse it – meaning the private “key” can serve as the lockbox and the public key can be the key to that box. Here is an example of asymmetric cryptography in TLS:
- You open your browser and go to “MyBank.com”. Mybank has a public key which they send to you. Sniffers can pick up this initial transmission, including the algorithm and key, which isn’t a big deal (because it’s public).
- Your browser, in turn, uses the algorithm + public key of MyBank to encrypt a new random (symmetric) key which is then sent to the bank. At this point any eavesdroppers or sniffers can’t see any of your traffic unless they have the private key.
- Upon decrypting your message using their private key (because it’s the only thing that would work in this situation), your bank now encrypts a login page using the symmetric key you sent to them.
- You decrypt the login page and all subsequent transmission using the symmetric key you both agreed on.
- This is how the Transport Layer Security (TLS; aka HTTPS) protocol works.
Work factor – the amount of work, time, and effort it could take to break (i.e. to make useless) a cryptographic algorithm or cryptosystem
Digital signature – an encrypted hash on a message. The hash is encrypted with the private key of the signator, which means anyone can decrypt the hash, but that only the private key could have encrypted it. This is how authenticity of sender and integrity of message are achieved.
Digital certificate – a file containing public key, company information, and digital signature of the certificate authority.
Certificate authority (CA) – an authority in a public key infrastructure that issues, revokes, and manages digital certificates that validate public keys.
Public Key Infrastructure (PKI) – as the term indicates, PKI is a complete infrastructure of systems, software, protocols, and communications to publish keys, issue certificates, validate public keys (that the key is correct and that it is tied to a specific entity), and to provide all the services of cryptography (confidentiality, integrity, authenticity, non-repudiation, access control).
Registration authority (RA) – sometimes combined with CA, a server/entity that does registration of certificates on behalf of the CA.
Stream cipher – bit-by-bit encryption that uses the XOR, or exclusive-or process. The XOR process takes a keystream, which is a random set of values (functionally acting like a second key, but it is determined by the key itself), and combines them with the original message value by value. The key can be used to create a keystream to achieve pseudo-randomness. XOR performs its function by comparing values of the keystream with the original message. If the values are the same, it creates a zero (0) as ciphertext. If the values are different, the output is 1. Stream ciphers use substitution. One issue with keystreams is that they tend to repeat, so they need to be large enough to be unpredictable and unsusceptible to frequency analysis.
Block cipher – encrypts in blocks of data, typically in multiples of 64 bit.
Note: there may be questions on the differing modes and types of encryption, for example the difference between block and asymmetric, stream and symmetric, AES and asymmetric, etc. The intent obviously is to confuse you (AKA: test your knowledge of the material).
Key length – when creating keys, the longer a key is the more combinations are possible (called keyspace). The key length however, is described in bits; both terms are simply numbers, but one is described in bits and the other is just a number. The keyspace is the number of possibilities for the key that exist, so the longer the key is (i.e. if it has more bits, or a higher bit length/key length), the better defense you’ll have because you’ll have an exponentially large number of key combinations that attackers would have to choose from.
Kerckhoff’s principle – cryptosystems can still be secure if everything about the algorithm is public, as long as the key remains secret.
Transposition/permutation – moving the contents of the message around.
Monoalphabetic – using one alphabet
Polyalphabetic – using many alphabets
One-time pad – unbreakable cipher, the key is the same length as the message, which is a running-key cipher, which uses modular mathematics that include numeric representations of characters in the English alphabet.
Steganography – hiding the data rather than changing it. It conceals the message within the message. Can be used for covert channels, hiding text within a webpage (white font on a white background), hiding a message in an image, audio, or video file, and null ciphers.
Null cipher – hiding the message in the plaintext message, such as a poem where the first letter of each line makes up the content of the hidden message:
Can’t you pass the exam today?
I will pass the exam my way
Stop studying occasionally to play
Surely I can’t stay
Positively, it blew me away
As you can see, the message is “CISSP”.
Electronic Code Book (ECB)- a block cipher mode that does not use an IV which means it lacks randomness, making cryptanalysis easier. ECB is mainly useful for transmitting a key.
Cipher block chaining (CBC) – a block cipher that is stronger than ECB due to having an IV and chaining, which XOR’s the ciphertext of the prior block.
Elliptical Curve Cryptography – uses discrete logarithm and provides more security than RSA with a smaller key (RSA (uses factoring).
Bulk encryption is the same as link encryption from domain 2, which is also called “point to point”, so be sure to NOT confuse that with end-to-end encryption, which is different.
Digital envelope is basically using a public key to encrypt a symmetric key for secure transmission.
Distributed ledger: a decentralized, graph-linked register of transactions that are protected by cryptographic controls that rely heavily on asymmetric encryption techniques such as blockchain. The record of transactions is maintained on multiple, separate systems.
Blockchain: each block contains a list of chronological transactions, which is then cryptographically attached to the transaction record. The integrity of any particular transaction can be verified by all participants. Authenticity and non-repudiation can be part of the implementation as well. Obviously this is seen in cryptocurrency, but the CBK talks about how healthcare (pharmacology), and criminal justice (chain of custody) can also take advantage of an immutable transaction record.
Crypto suite management is a cloud key management solution that has two approaches:
- Remote key management service (RKMS)
- The key management server is on-prem.
- Processing and hosting is done at the cloud level.
- Client-side key management
- Key management hardware and processing is on-prem.
- Storage is in the cloud.
- Cloud Security Alliance has a publication to explain it if ours didn’t help: https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_8_Encryption_Implementation_Guidance.pdf