CISSP Study Booket on Cryptography

Ths smpe study booket s based drecty on the ISC

2
CBKdocument.
Ths gude does not repace n any way the outstandng vaue of the
CISSP Semnar and the fact that you must have been nvoved nto the
securty ed for at east a few years f you ntend to take the CISSP
exam. Ths booket smpy ntends to make your fe easer and to
provde you wth a centrazed resource for ths partcuar doman of
expertse.
Ths gude was created by Cement Dupus on 5th Apr 1999

WARNING:
As wth any securty reated topc, ths s a vng document that w
and must evove as other peope read t and technoogy evoves.
Pease fee free to send me comments or nput to be added to ths
document. Any comments, typo correcton, etc. are most wecome
and can be sendng drecty to: cdupuis@uniconseil.com

DISTRIBUTION AGREEMENT:
Ths document may be freey read, stored, reproduced, dssemnated,
transated or quoted by any means and on any medum provded the
foowng condtons are met:
Every reader or user of ths document acknowedges that he hs
aware that no guarantee s gven regardng ts contents, on any
account, and speccay concernng veracty, accuracy and
tness for any purpose. Do not bame me f some of the exam
questons are not covered or the correct answer s dherent from
the content of ths document. Remember: ook for the most
correct answer, ths document s based on the semnar content,
standards, books, and where and when possbe the source of
nformaton w be mentoned.
No modcaton s made other than cosmetc, change of
representaton format, transaton, correcton of obvous syntactc
errors.
Comments and other addtons may be nserted, provded they
ceary appear as such. Comments and addtons must be dated
and ther author(s) dentabe. Pease forward your comments
for nserton nto the orgna document.
Redstrbutng ths document to a thrd party requres
smutaneous redstrbuton of ths cense, wthout modcaton,
and n partcuar wthout any further condton or restrcton,
expressed or mped, reated or not to ths redstrbuton. In
partcuar, n case of ncuson n a database or coecton, the
owner or the manager of the database or the coecton
renounces any rght reated to ths ncuson and concernng the
possbe uses of the document after extracton from the database
or the coecton, whether aone or n reaton wth other
documents.

Cryptography

Description:
The Cryptography doman addresses the prncpes, means, and
methods of securng nformaton to ensure ts ntegrty, condentaty,
and authentcty.

Expected Knowledge:
The professona shoud fuy understand :
Basic concepts within cryptography.
Public and private key algorithms in terms of their applications and uses.
Cryptography algorithm construction, key distribution, key management, and
methods of attack
Applications, constructions, and use of digital signatures
Principles of authenticity of electronic transactions and non-repudiation

The CISSP can meet the expectations defned above by
nderstanding sch !perations Secrity "ey areas o#
"nowledge as:
Authentication
Certificate authority
Digital ignatures!"on-#epudiation
$ncryption
$rror Detecting!Correcting features
%ash &unctions
'erberos
'ey $scrow
(essages Digest
(D)
%A
%(AC
*ne-+ime cipher keys
Private 'ey Algorithms
Applications and ,ses
Algorithm (ethodology
'ey Distribution and (anagement
'ey -eneration!Distribution
'ey #ecovery
'ey torage and Destruction
'ey trenth
o Comple.ity
o ecrecy
o /eak keys
(ethod of attack
Public key Algorithms
Application and uses
Algorithm (ethodology
'ey Distribution and (anagement
'ey Distribution and (anagement
'ey torage and Destruction
'ey #ecovery
'ey trength
Comple.ity
ecrecy
/eak 'eys
(ethos of attack
tream Cipher

Examples o# Knowledgeability
Describe the ancient history o# Cryptography
CISSP Seminar :
&irst appearance 0 $gypt 1 2333 years ago
cytale 0parta 0 233 BC
Paper wrapped on rod
+e.t written on paper
Paper removed 0 cipher te.t
Ceasar Cipher 0 4ulius Caesar 0 #ome 0 25 BC
6
th
Century AD 0 Arabs
Cipher Alphabets in magic 0 7)) AD
8eon Batista Alberti9s cipher disk 0 :taly 0 ;2)5 AD
+homas 4efferson ciphering device- ;653- tack of <= disks
$ach disk contained alphabet around face of edge in different order
Positioning bar attached to align letters in row
Created message by moving each disk to proper letter
Bar rotated fi.ed amount >the key?
8etters around new position >cipher te.t?
#*+ ;@ 0 (any ,":A system
hifts letters ;@ places
"ot secured from freBuency analysis
$ncrypted twice-plain te.t
From Cryptography FAQ :
The story begns: When |uus Caesar sent messages to hs trusted
acquantances, he ddn't trust the messengers. So he repaced every A
by a D, every B by a E, and so on through the aphabet. Ony someone
who knew the ``shft by 3'' rue coud decpher hs messages.
From CMEs Cryptography Timeline : (if you are really interested in no!ing it all" or
else #ump o$er%
Date C or $ Sorce In#o
about 1900 BC cv Kahn p.71
An Egyptan scrbe used non-standard
herogyphs n an nscrpton. Kahn sts ths as
the rst documented exampe of wrtten
cryptography.
1500 BC Cv Kahn p.75
A Mesopotaman tabet contans an
encphered formua for the makng of gazes
for pottery.
500-600 BC Cv Kahn p.77
Hebrew scrbes wrtng down the book of
|eremah used a reversed-aphabet smpe
substtuton cpher known as ATBASH.
(|eremah started dctatng to Baruch n 605
BC but the chapters contanng these bts of
cpher are attrbuted to a source abeed ``C''
(beeved not to be Baruch) whch coud be an
edtor wrtng after the Babyonan exe n 587
BC, someone contemporaneous wth Baruch
or even |eremah hmsef.) ATBASH was one of
a few Hebrew cphers of the tme.
487 BC Govt Kahn p.82
The Greeks used a devce caed the
``skytae'' -- a stah around whch a ong, thn
strp of eather was wrapped and wrtten on.
The eather was taken oh and worn as a bet.
Presumaby, the recpent woud have a
matchng stah and the encryptng stah woud
be eft home.
%&ote: an article in Cryptologia late in
'(() ma"es the case that the
cryptographic se o# the s"ytale may be
a myth*+
50-60 BC Govt Kahn p.83
,lis Caesar (100-44 BC) used a smpe
substtuton wth the norma aphabet (|ust
shftng the etters a xed amount) n
government communcatons. Ths cpher was
ess strong than ATBASH, by a sma amount,
but n a day when few peope read n the rst
pace, t was good enough. He aso used
tansteraton of Latn nto Greek etters and a
number of other smpe cphers.
0-400? Cv Burton
The Kama Sutra of Vatsayana sts
cryptography as the 44th and 45th of 64 arts
(yogas) men and women shoud know and
practce. The date of ths work s uncear but
s beeved to be between the rst and fourth
centures, AD. |Another expert, |ohn W.
Speman, w commt ony to the range
between the 4th century BC and the 5th
century AD.| Vatsayana says that hs Kama
Sutra s a compaton of much earer works,
makng the datng of the cryptography
references even more uncertan.
Part I, Chapter III sts the 64 arts and opens
wth: ``Man shoud study the Kama Sutra and
the arts and scences subordnate thereto |....|
Even young mads shoud study ths Kama
Sutra, aong wth ts arts and scences, before
marrage, and after t they shoud contnue to
do so wth the consent of ther husbands.''
These arts are ceary not the provnce of a
government or even of academcs, but rather
are practces of aymen.
In ths st of arts, the 44th and 45th read:
+he art of understanding writing in cipher, and
the writing of words in a peculiar way.
+he art of speaking by changing the forms of
words. :t is of various kinds. ome speak by
changing the beginning and end of words, others
by adding unnecessary letters between every
syllable of a word, and so on.
200's Cv Kahn p.91
``The so-caed Leden papyrus |...| empoys
cpher to concea the cruca portons of
mportant |magc| recpes''.
725-790? Govt/(cv) Kahn p.97
-b .-bd al/0ahman al/Khalil ibn -hmad
ibn .-mr ibn Tammam al 1arahidi al/2adi
al 3ahmadi wrote a (now ost) book on
cryptography, nspred by hs souton of a
cryptogram n Greek for the Byzantne
emperor. Hs souton was based on known
(correcty guessed) pantext at the message
start -- a standard cryptanaytc method, used
even n WW-II aganst Engma messages.
855 Cv Kahn p.93
-b 4a"r -hmad ben .-li ben 5ahshiyya
an/&abati pubshed severa cpher aphabets
whch were tradtonay used for magc.
--- Govt Kahn p.94
``A few documents wth cphertext survve
from the Ghaznavd government of conquered
Persa, and one chroncer reports that hgh
omcas were supped wth a persona cpher
before settng out for new posts. But the
genera ack of contnuty of Isamc states and
the consequent faure to deveop a
permanent cv servce and to set up
permanent embasses n other countres
mtated aganst cryptography's more
wdespread use.''
1226 Govt Kahn p.106
``As eary as 1226, a fant potca
cryptography appeared n the archves of
Vence, where dots or crosses repaced the
vowes n a few scattered words.''
about 1250 Cv Kahn p.90
0oger 4acon not ony descrbed severa
cphers but wrote: ``A man s crazy who
wrtes a secret n any other way than one
whch w concea t from the vugar.''
1379 Govt/cv Kahn p.107
$abrieli di 6avinde at the request of
Cement VII, comped a combnaton
substtuton aphabet and sma code -- the
rst exampe of the nomen&lator Kahn has
found. Ths cass of code/cpher was to reman
n genera use among dpomats and some
cvans for the next 450 years, n spte of the
fact that there were stronger cphers beng
nvented n the meantme, possby because
of ts reatve convenence.
1300's Govt Kahn p.94 .-bd al/0ahman Ibn Khaldn wrote "The
Muqaddmah", a substanta survey of hstory
whch ctes the use of ``names of perfumes,
fruts, brds, or owers to ndcate the etters,
or |...| of forms dherent from the accepted
forms of the etters'' as a cpher among tax
and army bureaus. He aso ncudes a
reference to cryptanayss, notng ``We-
known wrtngs on the sub|ect are n the
possesson of the peope.'' 'p()*+
1392 Cv Prce p.182-7
"The Equatore of the Panets", possby
wrtten by $eo7rey Chacer, contans
passages n cpher. The cpher s a smpe
substtuton wth a cpher aphabet consstng
of etters, dgts and symbos.
1412 Cv Kahn p.95-6
Shihab al/Din ab .l/.-bbas -hmad ben
.-li ben -hmad .-bd -llah al/
8al9ashandi wrote "Subh a-a `sha", a 14-
voume Arabc encycopeda whch ncuded a
secton on cryptoogy. Ths nformaton was
attrbuted to Ta: ad/Din .-li ibn ad/
Draihim ben ;hammad ath/Tha.alibi
al/;asili who ved from 1312 to 1361 but
whose wrtngs on cryptoogy have been ost.
The st of cphers n ths work ncuded both
substtuton and transposton and, for the rst
tme, a cpher wth mutpe substtutons for
each pantext etter. Aso traced to Ibn a-
Durahm s an exposton on and worked
exampe of cryptanayss, ncudng the use of
tabes of etter frequences and sets of etters
whch can not occur together n one word.
1466-7 Cv Kahn p.127
6eon 4attista -lberti (a frend of 6eonardo
Dato, a potca secretary who mght have
nstructed Abert n the state of the art n
cryptoogy) nvented and pubshed the rst
poyaphabetc cpher, desgnng a cpher dsk
(known to us as the Captan Mdnght Decoder
Badge) to smpfy the process. Ths cass of
cpher was apparenty not broken unt the
1800's. Abert aso wrote extensvey on the
state of the art n cphers, besdes hs own
nventon. Abert aso used hs dsk for
encphered code. These systems were much
stronger than the nomencator n use by the
dpomats of the day and for centures to
come.
1473-1490 Cv Kahn p.91
``A manuscrpt |...| by -rnalds de 4rxella
uses ve nes of cpher to concea the cruca
part of the operaton of makng a
phosopher's stone.''
1518 Cv Kahn p.130-6 ,ohannes Trithemis wrote the rst prnted
book on cryptoogy. He nvented a
steganographc cpher n whch each etter
was represented as a word taken from a
successon of coumns. The resutng seres of
words woud be a egtmate prayer. He aso
descrbed poyaphabetc cphers n the now-
standard form of rectanguar substtuton
tabes. He ntroduced the noton of changng
aphabets wth each etter.
1553 Cv Kahn p.137
$iovan 4atista 4elaso ntroduced the noton
of usng a passphrase as the key for a
repeated poyaphabetc cpher. (Ths s the
standard poyaphabetc cpher operaton ms-
named ``Vgenre'' by most wrters to ths
day.)
1563 Cv Kahn p.138
$iovanni 4attista Porta wrote a text on
cphers, ntroducng the dgraphc cpher. He
cassed cphers as transposton, substtuton
and symbo substtuton (use of a strange
aphabet). He suggested use of synonyms and
msspengs to confuse the cryptanayst. He
apparenty ntroduced the noton of a mxed
aphabet n a poyaphabetc tabeau.
1564 Cv
Kahn
p.144(footnote)
Beaso pubshed an autokey cpher mprovng
on the work of Cardano who appears to have
nvented the dea.
1623 Cv Bacon
Sir 1rancis 4acon descrbed a cpher whch
now bears hs name -- a btera cpher,
known today as a 5-bt bnary encodng. He
advanced t as a steganographc devce -- by
usng varaton n type face to carry each bt
of the encodng. |See Bacon's wrtngs on-
ne.|
1585 Cv Kahn p.146
4laise de <igen=re wrote a book on cphers,
ncudng the rst authentc pantext and
cphertext autokey systems (n whch prevous
pantext or cphertext etters are used for the
current etter's key). |Kahn p.147: both of
these were forgotten and re-nvented ate n
the 19th century.| |The autokey dea survves
today n the DES CBC and CFB modes.|
1790's cv/govt
Kahn p.192,
Cryptooga v.5
No.4 pp.193-208
Thomas ,e7erson, possby aded by Dr*
0obert Patterson (a mathematcan at U.
Penn.), nvented hs whee cpher. Ths was re-
nvented n severa forms ater and used n
WW-II by the US Navy as the Strp Cpher, M-
138-A.
1817 Govt Kahn p.195 Colonel Decis 5adsworth produced a
geared cpher dsk wth a dherent number of
etters n the pan and cpher aphabets --
resutng n a progressve cpher n whch
aphabets are used rreguary, dependng on
the pantext used.
1854 Cv Kahn p.198
Charles 5heatstone nvented what has
become known as the Payfar cpher, havng
been pubczed by hs frend 6yon Play#air.
Ths cpher uses a keyed array of etters to
make a dgraphc cpher whch s easy to use
n the ed. He aso re-nvented the
Wadsworth devce and s known for that one.
1857 Cv Kahn p.202
-dmiral Sir 1rancis 4ea#ort>s cpher (a
varant of what's caed ``Vgenre'') was
pubshed by hs brother, after the admra's
death n the form of a 4x5 nch card.
1859 Cv Kahn p.203
Pliny Earle Chase pubshed the rst
descrpton of a fractonatng (tomographc)
cpher.
1854 Cv
Cryptooga v.5
No.4 pp.193-208
Charles 4abbage seems to have re-nvented
the whee cpher.
1861-1980 Cv Deavours
CCA study of ,nited tates patents
from the issuance of the first
cryptographic patent in ;7=;
through ;573 identified ;,6=5
patents which are primarily
related to cryptography.DD [p.1]
1861 cv/(govt) Kahn p.207
1riedrich 5* Kasis"i pubshed a book gvng
the rst genera souton of a poyaphabetc
cpher wth repeatng passphrase, thus
markng the end of severa hundred years of
strength for the poyaphabetc cpher.
1861-5 Govt Kahn p.215
Durng the Cv War, possby among other
cphers, the Unon used substtuton of seect
words foowed by word coumnar-
transposton whe the Confederacy used
Vgenre (the souton of whch had |ust been
pubshed by Kassk).
1891 Govt/(cv)
Cryptooga v.5
No.4 pp.193-208
;a:or Etienne 4a?eries dd hs verson of
the whee cpher and pubshed the desgn n
1901 after the French Army re|ected t. |Even
though he was a mtary cryptoogst, the fact
that he pubshed t eads me to rate ths as
(cv) as we as govt.|
1913 Govt
Cryptooga v.5
No.4 pp.193-208
Captain Par"et @itt renvented the whee
cpher, n strp form, eadng to the M-138-A of
WW-II.
1916 Govt Cryptooga v.5
No.4 pp.193-208
;a:or ,oseph !* ;aborgne put Htt's strp
cpher back n whee form, strengthened the
aphabet constructon and produced what ed
to the M-94 cpher devce.
1917 Cv Kahn p.371
5illiam 1rederic" 1riedman, ater to be
honored as the father of US cryptanayss (and
the man who coned that term), was
empoyed as a cvan cryptanayst (aong
wth hs wfe Ezebeth) at 0iverban"
6aboratories and performed cryptanayss
for the US Government, whch had no
cryptanaytc expertse of ts own. WFF went
on to start a schoo for mtary cryptanaysts
at Rverbank -- ater takng that work to
Washngton and eavng Rverbank.
1917 Cv Kahn p.401
$ilbert S* <ernam, workng for AT&T,
nvented a practca poyaphabetc cpher
machne capabe of usng a key whch s
totay random and never repeats -- a one-
tme-tape. Ths s the ony provaby secure
cpher, as far as we know. Ths machne was
ohered to the Government for use n WW-I but
t was re|ected. It was put on the commerca
market n 1920.
1918 Govt Kahn p.340-5
The ADFGVX system was put nto servce by
the Germans near the end of WW-I. Ths was a
cpher whch performed a substtuton
(through a keyed array), fractonaton and
then transposton of the etter fractons. It
was broken by the French cryptanayst,
6ietenant $eorges Painvin.
1919 Cv Kahn p.420
@go -lexander Koch ed a patent n the
Netherands on a rotor based cpher machne.
He assgned these patent rghts n 1927 to
Arthur Scherbus who nvented and had been
marketng the Engma machne snce about
1923.
1919 Cv Kahn p.422 -rvid $erhard Damm apped for a patent n
Sweden for a mechanca rotor cpher
machne. Ths machne grew nto a famy of
cpher machnes under the drecton of 4oris
Caesar 5ilhelm @agelin who took over the
busness and was the ony one of the
commerca cryptographers of ths perod to
make a thrvng busness. After the war, a
Swedsh aw whch enabed the government to
approprate nventons t fet mportant to
defense caused Hagen to move the company
to Zug Swtzerand where t was ncorporated
as Crypto AG. The company s st n
operaton, athough facng controversy for
havng aegedy weakened a cpher product
for sae to Iran.
1921 Cv Kahn p.415
Edward @gh @ebern ncorporated
``Hebern Eectrc Code'', a company makng
eectro-mechanca cpher machnes based on
rotors whch turn, odometer stye, wth each
character encphered.
1923 Cv Kahn p.421
-rthr Scherbis ncorporated
``Chhrermaschnen Aktengeseschaft'' to
make and se hs Engma machne.
1924 Cv Deavours p.151
-lexander von Kryha produced hs ``codng
machne'' whch was used, even by the
German Dpomatc Corps, nto the 1950s.
However, t was cryptographcay weak -
havng a sma perod. A test cryptogram of
1135 characters was soved by the US
cryptanaysts 1riedmanA Kllbac"A 0owlett
and Sin"ov n 2 hours and 41 mnutes.
Nevertheess, the machne contnued to be
sod and used -- a trumph of saesmanshp
and a esson to consumers of cryptographc
devces.
1927-33 Cv Kahn p.802h Users of cryptography weren't mted to
egtmate bankers, overs, expermenters, etc.
There were aso a handfu of crmnas. ``The
greatest era of nternatona smuggng --
Prohbton -- created the greatest era of
crmna cryptoogy.'' 'p(,-*+ To ths day, the
FBI runs a cryptanaytc omce to dea wth
crmna cryptography. |As of Kahn's wrtng n
1967, that omce was ocated at 215
Pennsyvana Avenue SE, Washngton DC.|
CCA retired lieutenant commander
of the #oyal "avy devised the
systems for Consolidated
$.portersD Pacific operation,
though its -ulf and Atlantic
groups made up their own as
needed.
CC%is name was unknown but his
cryptologic e.pertise was
apparent. +he smugglersD systems
grew increasingly more
complicated. Eome of these are
of a comple.ity never even
attempted by any government for
its most secret communications,E
wrote Mrs. [Elizebeth Smith]
Friedman in a report in mid-
;5@3. EAt no time during the
/orld /ar, when secret methods
of communication reached their
highest development, were there
used such involved ramifications
as are to be found in some of the
correspondence of /est Coast
rum running vessels.E DD [p.804]
1929 Cv Kahn p.404
6ester S* @ill pubshed ``Cryptography n an
Agebrac Aphabet'' n whch a bock of
pantext s encphered by a matrx operaton.
1933-45 Govt
Kahn p.422 (and
many others)
The Engma machne was not a commerca
success but t was taken over and mproved
upon to become the cryptographc workhorse
of Naz Germany. |It was broken by the Posh
mathematcan, ;arian 0e:ews"i, based
ony on captured cphertext and one st of
three months worth of day keys obtaned
through a spy. Contnued breaks were based
on deveopments durng the war by -lan
TringA $ordon 5elchman and others at
Betchey Park n Engand.|
1937 Govt Kahn p.18h.
The |apanese Purpe machne was nvented n
response to reveatons by @erbert !*
3ardley and broken by a team headed by
5illiam 1rederic" 1riedman. The Purpe
machne used teephone steppng reays
nstead of rotors and thus had a totay
dherent permutaton at each step rather than
the reated permutatons of one rotor n
dherent postons.
1930's Govt
Kahn p.510h.,
Deavours
p.10,89-91
Kahn attrbutes the Amercan SIGABA (M-134-
C) to 5illiam 1* 1riedman whe Deavours
attrbutes t to an dea of 1ran" 0owlett, one
of Fredman's rst hres. It mproved on the
rotor nventons of Hebern and Scherbus by
usng pseudo-random steppng of mutpe
rotors on each encpherng step rather than
have unform, odometer-ke steppng of rotors
as n Engma. It aso used 15 rotors (10 for
character transformaton, 5 probaby for
controng steppng) rather than the Engma's
3 or 4.
1930's Govt Deavours p.144 The Brtsh TYPEX machne was an ohshoot of
the commerca Engma purchased by the
Brtsh for study n the 1920's. It was a 5-rotor
machne wth the two nta rotors beng
stators, servng the purpose of the German
Engma's pugboard.
1970 Cv Feste
Dr* @orst 1eistel ed a research pro|ect at
the IBM Watson Research Lab n the 1960's
whch deveoped the Lucfer cpher. Ths ater
nspred the US DES (beow) and other product
cphers, creatng a famy abeed ``Feste
cphers''.
1976 cv/govt FIPS PUB-46
A desgn by IBM, based on the Lucfer cpher
and wth changes (ncudng both S-box
mprovements and reducton of key sze) by
the US NSA, was chosen to be the U.S. Data
Encrypton Standard. It has snce found
wordwde acceptance, argey because t has
shown tsef strong aganst 20 years of
attacks. Even some who beeve t s past ts
usefu fe use t as a component -- e.g., of 3-
key trpe-DES.
1976 Cv Dme
5hitfeld DiBe and ;artin @ellman
pubshed ``New Drectons n Cryptography'',
ntroducng the dea of pubc key
cryptography. They aso put forth the dea of
authentcaton by powers of a one way
functon, now used n the S/Key
chaenge/response utty. They cosed ther
paper wth an observaton for whch ths
tmene web page gves detaed evdence:
``Sk n producton cryptanayss has aways
been heavy on the sde of the professonas,
but nnovaton, partcuary n the desgn of
new types of cryptographc systems, has
come prmary from amateurs.''
Apr 1977 Cv Shamr Inspred by the Dme-Heman paper and
actng as compete novces n cryptography,
0onald 6* 0ivestA -di Shamir and 6eonard
;* -dleman had been dscussng how to
make a practca pubc key system. One nght
n Apr, Ron Rvest was ad up wth a massve
headache and the RSA agorthm came to
hm. He wrote t up for Shamr and Ademan
and sent t to them the next mornng. It was a
practca pubc-key cpher for both
condentaty and dgta sgnatures, based
on the dmcuty of factorng arge numbers.
They submtted ths to Martn Gardner on Apr
4 for pubcaton n Scentc Amercan. It
appeared n the September, 1977 ssue. The
Scentc Amercan artce ncuded an oher to
send the fu technca report to anyone
submttng a sef-addressed, stamped
enveope. There were thousands of such
requests, from a over the word.
Someone at NSA ob|ected to the dstrbuton
of ths report to foregn natonas and for a
whe, RS&A suspended mangs -- but when
NSA faed to respond to nqures askng for
the ega bass of ther request, RS&A resumed
mangs. Ad Shamr beeves ths s the orgn
of the current pocy |as of August 1995| that
technca reports or papers can be freey
dstrbuted. |Note: two nternatona |ournas,
``Cryptooga'' and ``The |ourna of
Cryptoogy'' were founded shorty after ths
attempt by NSA to restran pubcaton.|
Contrary to rumor, RS&A apparenty had no
knowedge of ITAR or patent secrecy orders.
They dd not pubsh before appyng for
nternatona patents because they wanted to
avod such restrants on free expresson but
rather because they were not thnkng about
patents for the agorthm. They |ust wanted to
get the dea out.
1978 Cv RSA
The 0S- agorthm was pubshed n the
Communcatons of the ACM.
1984-5? Cv ROT13
The rot13 cpher was ntroduced nto USENET
News software to permt the encrypton of
postngs n order to prevent nnocent eyes
from beng assauted by ob|ectonabe text.
Ths s the rst exampe I know of n whch a
cpher wth a key everyone knows actuay
was ehectve.
1990 Cv IACR90
Ce:ia 6ai and ,ames ;assey n Swtzerand
pubshed ``A Proposa for a New Bock
Encrypton Standard'', a proposed
Internatona Data Encrypton Agorthm
(IDEA) -- to repace DES. IDEA uses a 128-bt
key and empoys operatons whch are
convenent for genera purpose computers,
therefore makng software mpementatons
more emcent.
1990 Cv IACR90 Charles @* 4ennettA $illes 4rassard et a.
pubshed ther expermenta resuts on
Ouantum Cryptography, whch uses snge
photons to communcate a stream of key bts
for some ater Vernam encpherment of a
message (or other uses). Assumng the aws
of quantum mechancs hod, Ouantum
Cryptography provdes not ony secrecy but a
postve ndcaton of eavesdroppng and a
measurement of the maxmum number of bts
an eavesdropper mght have captured. On the
downsde, OC currenty requres a ber-optc
cabe between the two partes.
1991 Cv Garnke
Phil 2immermann reeased hs rst verson
of PGP (Pretty Good Prvacy) n response to
the threat by the FBI to demand access to the
ceartext of the communcatons of ctzens.
PGP ohered hgh securty to the genera
ctzen and as such coud have been seen as a
compettor to commerca products ke
Masafe from RSADSI. However, PGP s
especay notabe because t was reeased as
freeware and has become a wordwde
standard as a resut whe ts compettors of
the tme reman ehectvey unknown.
1994 Cv Rvest
Pro#essor 0on 0ivest, author of the earer
RC2 and RC4 agorthms ncuded n RSADSI's
BSAFE cryptographc brary, pubshed a
proposed agorthm, RC5, on the Internet. Ths
agorthm uses data-dependent rotaton as ts
non-near operaton and s parameterzed so
that the user can vary the bock sze, number
of rounds and key ength. It s st too new to
have been anayzed enough to enabe one to
know what parameters to use for a desred
strength -- athough an anayss by RSA Labs,
reported at CRYPTO'95, suggests that w=32,
r=12 gves strength superor to DES. It shoud
be remembered, however, that ths s |ust a
rst anayss.
Sorces sed #or above table :
Bacon: ir &rancis Bacon, CCDe Augmentis cientarumDD, Book =, Chapter i. Fas Buoted in C.
topes, CCBacon-hakspere GuestionDD, ;775H
Burton: ir #ichard &. Burton trans., CC+he 'ama utra of IatsayanaDD, Arkana!Penguin, ;55;.
Deavours: Cipher A. Deavours and 8ouis 'ruh, CC(achine Cryptography and (odern
CryptanalysisDD, Artech %ouse, ;57).
Diffie: /hitfield Diffie and (artin %ellman, CC"ew Directions in CryptographyDD, :$$$
+ransactions on :nformation +heory, "ov ;56=.
Feistel: %orst &eistel, CCCryptographic Coding for Data-Bank PrivacyDD, :B( #esearch #eport
#C<7<6.
Garfinkel: imson -arfinkel, CCP-PJ Pretty -ood PrivacyDD, *D#eilly K Associates, :nc., ;55).
!"#$%: Proceedings, $,#*C#LP+ D53M pringer Ierlag.
&ahn: David 'ahn, CC+he CodebreakersDD, (acmillan, ;5=6.
'rice: Derek 4. Price, CC+he $Buatorie of the PlanetisDD, edited from Peterhouse ( 6).:,
Cambridge ,niversity Press, ;5)).
#ivest: #onald 8. #ivest, CC+he #C) $ncryption AlgorithmDD, document made available by &+P
and /orld /ide /eb, ;552.
#()*+: teve Bellovin and (arcus #anum, individual personal communications, 4uly ;55).
#S!: #ivest, hamir and Adleman, CCA method for obtaining digital signatures and public key
cryptosystemsDD, Communications of the AC(, &eb. ;567, pp. ;<3-;<=.
Shamir: Adi hamir, CC(yths and #ealitiesDD, invited talk at C#LP+* D5), anta Barbara, CAM
August ;55).
Describe the @istory o# Cryptography in the Dnited State
CISSP Seminar :
%erbert Lardley
%eaded first crypto unit 0 ;5;6
o Black chamber
&ather of crypto in america
$stablished foreign crypto units
o China 0 ;5@7
o Canada 0 ;52;
/illiam &riedman
Dean of modern American Crypto
&irst Chief of ignal :ntelligence ervice 0 ;5<5
#eplaced Lardley9s cipher bureau
&ormed CB'
Applied mathematics and statistical analysis
8aurance afford
Developed naval communications intelligence organiNation
Became Armed &orces ecurity Agency >A&A 0 ;525?
o "A ;5)<
Developed ,nderwood Code machine
/ith ,nderwood typewriter company
2= 4apanese-$nglish keys
o Copy traffic more efficiently
4oseph /enger
Pioneered development of cryptanalysis machines
Deputy director A&A 0 ;525
Iice director "A 0 ;5)<
&rank #owlett
Cryptanalysis work on machine systems
/heatstone device
-erman 'ryha machine
+he Damm machine
Iernam9s A+K+ machine
+he %ebern machine
igaba
o (ost secure through //::
Cracked 4apanese Purple machine 0 ;523
Ierona ;52@
ProOect to analyNe and translate encrypted oviet message traffic >;7)3
translations?
Public releases >;5))-5=?
oviet espionage against ,.. A-bomb research
'-B, "L and /ash DC J ;522-2) messages
'-B, an &rancisco and (e.ico city J ;52<-2= messages
-#,, "L and /ashington J ;52= messages
'-B and -#,, non ,.., non-me.ico >e.g., (ontevideo? J ;523-2= messages

Defne Plaintext and Ciphertext
CISSP Seminar :
Pantext : Data n unscrambed form
Cphertext : Scrambe data
Cryptography FAQ :
The original message is &alled a plainte.t(
The dsgused message s caed a cphertext.


Compare and contrast the terms Encipher and Decipher
CISSP Seminar :
Encpher : act of scrambng the data
Decpher : act of descrambng data wth secret key
/SA Crypto FAQ :
Encrypton (Encpher) s the transformaton of data nto a form that s
as cose to mpossbe as possbe to read wth out the approprate
knowedge (a key). Its purpose s to ensure prvacy by keepng
nformaton hdden from anyone for whom t s not ntended, even
those who have access to the encrypted data.
Decrypton (Decpher) s the reverse of encrypton; t s the
transformaton of encrypted data back nto an ntegbe form.
Encrypton and decrypton generay requre the use of some secret
nformaton, referred to as a key. For some encrypton mechansms, the
same key s used for both encrypton and decrypton; for other
mechansms, the keys used for encrypton and decrypton are dherent

Defne Cryptanalysis
CISSP Seminar :
Cryptanayss : Descrambng wthout secret key
/SA Crypto FAQ :
Cryptanayss s the p-sde of cryptography: t s the scence of
crackng codes, decodng secrets, voatng authentcaton schemes,
and n genera, breakng cryptographc protocos.
In order to desgn a robust encrypton agorthm or cryptographc
protoco, one shoud use cryptanayss to nd and correct any
weaknesses. Ths s precsey the reason why the best (most trusted)
encrypton agorthms are ones that have been made avaabe to
pubc scrutny. For exampe, DES has been exposed to pubc scrutny
for years, and s therefore we-trusted, whe Skp|ack s secret and ess
we-trusted. It s a basc tenet of cryptoogy that the securty of an
agorthm shoud not rey on ts secrecy. Inevtaby, the agorthm w
be dscovered and ts weaknesses (f any) w be expoted.
The varous technques n cryptanayss attemptng to compromse
cryptosystems are referred to as attacks. Some attacks are genera,
whereas others appy ony to certan types of cryptosystems.
Defne EKeyE as it re#er to Cryptography
CISSP Seminar:
Key: Secret sequence governng en/decpherng
/SA Crypto FAQ:
A cryptosystem s usuay a whoe coecton of agorthms. The
agorthms are abeed; the abes are caed keys. For nstance, Caesar
probaby used ``shft by n'' encrypton for severa dherent vaues of n.
It's natura to say that n s the "ey here.

Defne the Strength o# "ey as it pertains to "ey length
CISSP Seminar:
Consderng that encrypton s based on factorng factor, a onger key
w provde better protecton than a shorter key. However one must
ensure that the agorthm beng used s a strong cryptosystem.
Consider the follo!ing from the Cryptography FAQ:
Every we-desgned cryptosystem has such a arge key space that ths
brute-force search s mpractca.
Advances n technoogy sometmes change what s consdered
practca. For exampe, DES, whch has been n use for over 10 years
now, has 256, or about 1017, possbe keys. A computaton wth ths
many operatons was certany unkey for most users n the md-70's.
The stuaton s very dherent today gven the dramatc decrease n
cost per processor operaton. Massvey parae machnes threaten the
securty of DES aganst brute force search.
/SA Crypto FAQ:
The securty of a strong system resdes wth the secrecy of the key
rather than wth the supposed secrecy of the agorthm.
A strong cryptosystem has a arge keyspace. It has a reasonaby arge
uncty dstance.
The uncty dstance s an approxmaton to that amount of cphertext
such that the sum of the rea nformaton (entropy) n the
correspondng source text and encrypton key equas the number of
cphertext bts used. Cphertexts sgncanty onger than ths can be
shown probaby to have a unque decpherment. Ths s used to back
up a cam of the vadty of a cphertext-ony cryptanayss. Cphertexts
sgncanty shorter than ths are key to have mutpe, equay vad
decryptons and therefore to gan securty from the opponent's
dmcuty choosng the correct one.

Defne Ciphertext !nly -ttac" FC!-G
CISSP Seminar:
Ony statstca knowedge of pantext avaabe.
/SA Crypto FAQ:
A cphertext-ony attack s one n whch the cryptanayst obtans a
sampe of cphertext, wthout the pantext assocated wth t. Ths data
s reatvey easy to obtan n many scenaros, but a successfu
cphertext-ony attack s generay dmcut, and requres a very arge
cphertext sampe.

Defne "nown Plaintext -ttact FKP-G
CISSP Seminar:
Some past pan text and matchng cphertext known
/SA Crypto FAQ:
A known-pantext attack s one n whch the cryptanayst obtans a
sampe of cphertext and the correspondng pantext as we.

Defne Chosen Text -ttac" FCT-G
CISSP Seminar:
Crypto devce oaded wth hdden key provded and nput of pantext
or cphertext aowed to see the other.
/SA Crypto FAQ:
A chosen-pantext attack s one n whch the cryptanayst s abe to
choose a quantty of pantext and then obtan the correspondng
encrypted cphertext.

Describe Stream Ciphers
CISSP Seminar:
Operate on contnuous streams of pan text (as 1s and 0s)
Usuay mpemented n hardware
/SA Crypto FAQ:
A stream cpher s a type of symmetrc encrypton agorthm. Stream
cphers can be desgned to be exceptonay fast, much faster than any
bock cpher. Whe bock cphers operate on arge bocks of data,
stream cphers typcay operate on smaer unts of pantext, usuay
bts. The encrypton of any partcuar pantext wth a bock cpher w
resut n the same cphertext when the same key s used. Wth a
stream cpher, the transformaton of these smaer pantext unts w
vary, dependng on when they are encountered durng the encrypton
process.
A stream cpher generates what s caed a keystream (a sequence of
bts used as a key). Encrypton s accompshed by combnng the
keystream wth the pantext, usuay wth the btwse excusve-OR
operaton. The generaton of the keystream can be ndependent of the
pantext and cphertext (yedng what s termed a synchronous stream
cpher) or t can depend on the data and ts encrypton (n whch case
the stream cpher s sad to be sef-synchronzng). Most stream cpher
desgns are for synchronous stream cphers.

Defne 4loc" Ciphers
CISSP Seminar:
Operate on xed sze bocks of pan text
More sutabe mpemented n software to execute on genera-purpose
computer
There s some overap when bock operated as stream.
/SA Crypto FAQ:
A bock cpher s a type of symmetrc-key encrypton agorthm that
transforms a xed-ength bock of pantext (unencrypted text) data
nto a bock of cphertext (encrypted text) data of the same ength.
Ths transformaton takes pace under the acton of a user-provded
secret key. Decrypton s performed by appyng the reverse
transformaton to the cphertext bock usng the same secret key. The
xed ength s caed the bock sze, and for many bock cphers, the
bock sze s 64 bts. In the comng years the bock sze w ncrease to
128 bts as processors become more sophstcated.

Describe 1eatres o# Stream Cipher -lgorithm
CISSP Seminar:
Long perods of tme wth no repeatng
Functonay compex
Statstcay unpredctabe
Statstcay unbased keystream
As many 0s and 1s
Keystream not neary reated to key

Identi#y the -pplications o# Cryptography
CISSP Seminar:
Data torage
Prevent disclosure
Password files
Backup tapes
Bulk
+elecommunications
Prevent disclosure
Data transmission
+,
(essage authentication
Detect fraudulent insertion
Detect fraudulent deletion
Detect fraudulent modification
Detect replay
Digital ignature
ource Ierification
"on-#epudiation
/SA Crypto FAQ :
A typca appcaton of cryptography s a system but out of the basc
technques. Such systems can be of varous eves of compexty. Some
of the more smpe appcatons are secure communcaton,
dentcaton, authentcaton, and secret sharng. More compcated
appcatons ncude systems for eectronc commerce, certcaton,
secure eectronc ma, key recovery, and secure computer access. In
genera, the ess compex the appcaton, the more qucky t becomes
a reaty. Identcaton and authentcaton schemes exst wdey, whe
eectronc commerce systems are |ust begnnng to be estabshed.
Secure Communcaton
Secure communcaton s the most straghtforward use of cryptography.
Two peope may communcate securey by encryptng the messages
sent between them. Ths can be done n such a way that a thrd party
eavesdroppng may never be abe to decpher the messages. Whe
secure communcaton has exsted for centures, the key management
probem has prevented t from becomng commonpace. Thanks to the
deveopment of pubc-key cryptography, the toos exst to create a
arge-scae network of peope who can communcate securey wth one
another even f they had never communcated before.
Identcaton and Authentcaton
Identcaton and authentcaton are two wdey used appcatons of
cryptography. Identcaton s the process of verfyng someone's or
somethng's dentty. For exampe, when wthdrawng money from a
bank, a teer asks to see dentcaton (e.g. a drver's cense) to verfy
the dentty of the owner of the account. Ths same process can be
done eectroncay usng cryptography. Every automatc teer machne
(ATM) card s assocated wth a "secret" persona dentcaton number
(PIN), whch bnds the owner to the card and thus to the account. When
the card s nserted nto the ATM, the machne prompts the cardhoder
for the PIN. If the correct PIN s entered, the machne dentes that
person as the rghtfu owner and grants access. Another mportant
appcaton of cryptography s authentcaton. Authentcaton s smar
to dentcaton, n that both aow an entty access to resources (such
as an Internet account), but authentcaton s broader because t does
not necessary nvove dentfyng a person or entty. Authentcaton
merey determnes whether that person or entty s authorzed for
whatever s n queston. For more nformaton on authentcaton and
dentcaton.
Secret Sharng
Another appcaton of cryptography, caed secret sharng, aows the
trust of a secret to be dstrbuted among a group of peope. For
exampe, n a (K, N)-threshod scheme, nformaton about a secret s
dstrbuted n such a way that any K out of the N peope (K<N) have
enough nformaton to determne the secret, but any set of K-1 peope
do not. In any secret sharng scheme, there are desgnated sets of
peope whose cumuatve nformaton sumces to determne the secret.
In some mpementatons of secret sharng schemes, each partcpant
receves the secret after t has been generated. In other
mpementatons, the actua secret s never made vsbe to the
partcpants, athough the purpose for whch they sought the secret
(e.g. access to a budng or permsson to execute a process) s
aowed.
Eectronc Commerce
Over the past few years there has been a growng amount of busness
conducted over the Internet - ths form of busness s caed eectronc
commerce or e-commerce. E-commerce s comprsed of onne
bankng, onne brokerage accounts, and Internet shoppng, to name a
few of the many appcatons. One can book pane tckets, make hote
reservatons, rent a car, transfer money from one account to another,
buy compact dsks (CDs), cothes, books and so on a whe sttng n
front of a computer. However, smpy enterng a credt card number on
the Internet eaves one open to fraud. One cryptographc souton to
ths probem s to encrypt the credt card number (or other prvate
nformaton) when t s entered on-ne, another s to secure the entre
sesson. When a computer encrypts ths nformaton and sends t out
on the Internet, t s ncomprehensbe to a thrd party vewer. The web-
server ("Internet shoppng center") receves the encrypted nformaton,
decrypts t, and proceeds wth the sae wthout fear that the credt card
number (or other persona nformaton) spped nto the wrong hands.
As more and more busness s conducted over the Internet, the need
for protecton aganst fraud, theft and corrupton of vta nformaton
ncreases.
Certcaton
Another appcaton of cryptography s certcaton; certcaton s a
scheme by whch trusted agents such as certfyng authortes vouch
for unknown agents, such as users. The trusted agents ssue vouchers
caed certcates whch each have some nherent meanng.
Certcaton technoogy was deveoped to make dentcaton and
authentcaton possbe on a arge scae.
Key Recovery
Key recovery s a technoogy that aows a key to be reveaed under
certan crcumstances wthout the owner of the key reveang t. Ths s
usefu for two man reasons: rst of a, f a user oses or accdentay
deetes ther key, key recovery coud prevent a dsaster. Secondy, f a
aw enforcement agency wshes to eavesdrop on a suspected crmna
wthout ther knowedge (akn to a wretap), they must be abe to
recover the key. Key recovery technques are n use n some nstances;
however, the use of key recovery as a aw enforcement technque s
somewhat controversa.
Remote Access
Secure remote access s another mportant appcaton of cryptography.
The basc system of passwords certany gves a eve of securty for
secure access, but t may not be enough n some cases. For nstance,
passwords can be eavesdropped, forgotten, stoen, or guessed. Many
products suppy cryptographc methods for remote access wth a
hgher degree of securty.
Other Appcatons
Cryptography s not conned to the word of computers. Cryptography
s aso used n ceuar phones as a means of authentcaton; that s, t
can be used to verfy that a partcuar phone has the rght to b to a
partcuar phone number. Ths prevents peope from steang
("conng") ceuar phone numbers and access codes.
Identi#y the Dses o# Cryptography
CISSP Seminar:
$&+ systems
$-(ail
Communication links
/SA Crypto FAQ:
Today's cryptography s more than encrypton and decrypton.
Authentcaton s as fundamentay a part of our ves as prvacy. We
use authentcaton throughout our everyday ves -when we sgn our
name to some document for nstance and, as we move to a word
where our decsons and agreements are communcated eectroncay,
we need to have eectronc technques for provdng authentcaton.
Cryptography provdes mechansms for such procedures. A dgta
sgnature bnds a document to the possessor of a partcuar key, whe
a dgta tmestamp bnds a document to ts creaton at a partcuar
tme. These cryptographc mechansms can be used to contro access
to a shared dsk drve, a hgh securty nstaaton, or a pay-per-vew TV
channe.
The ed of cryptography encompasses other uses as we. Wth |ust a
few basc cryptographc toos, t s possbe to bud eaborate schemes
and protocos that aow us to pay usng eectronc money, to prove we
know certan nformaton wthout reveang the nformaton tsef, and
to share a secret quantty n such a way that a subset of the shares can
reconstruct the secret.

Compare and contrast Symmetric and -symmetric Key
Cryptography
CISSP Seminar:
SYMMETRIC KEY:
Also known as private key, single key, secret key
'ey shared by originator and receiver
Computational efficiency advantage
;-;33 million bits!sec.
Data $ncryption tandard >D$?
ASYMMETRIC KEY:
Also known as public key
,ses < asymmetric keys
*ne to encrypt and one to decrypt
Computationnally slow
&ew thousand bits!sec. >early versions?
#ivest-hamir-Adleman >#A? algorithm
#elated to known mathematical problem
Difficulty factoring product of < large prime numbers
/SA Crypto FAQ:
There are two types of cryptosystems: secret-key and pubc-key.
In secret-key cryptography, aso referred to as symmetrc
cryptography, the same key s used for both encrypton and
decrypton. The most popuar secret-key cryptosystem n use today s
known as DES, the Data Encrypton Standard. IBM deveoped DES n
the mdde 1970's and t has been a Federa Standard ever snce 1976.
In pubc-key cryptography, each user has a pubc key and a prvate
key. The pubc key s made pubc whe the prvate key remans secret.
Encrypton s performed wth the pubc key whe decrypton s done
wth the prvate key.
The RSA pubc-key cryptosystem s the most popuar form of pubc-
key cryptography. RSA stands for Rvest, Shamr, and Ademan, the
nventors of the RSA cryptosystem.
The Dgta Sgnature Agorthm (DSA) s aso a popuar pubc-key
technque, though t can ony be used ony for sgnatures, not
encrypton.
The prmary advantage of pubc-key cryptography s ncreased
securty and convenence: prvate keys never need to be transmtted
or reveaed to anyone. In a secret-key system, by contrast, the secret
keys must be transmtted (ether manuay or through a
communcaton channe) snce the same key s used for encrypton and
decrypton. A serous concern s that there may be a chance that an
enemy can dscover the secret key durng transmsson.
Another ma|or advantage of pubc-key systems s they can provde
dgta sgnatures that cannot be repudated. Authentcaton va secret-
key systems requres the sharng of some secret and sometmes
requres trust of a thrd party as we. As a resut, a sender can
repudate a prevousy authentcated message by camng the shared
secret was somehow compromsed by one of the partes sharng the
secret. For exampe, the Kerberos secret-key authentcaton system
nvoves a centra database that keeps copes of the secret keys of a
users; an attack on the database woud aow wdespread forgery.
Pubc-key authentcaton, on the other hand, prevents ths type of
repudaton; each user has soe responsbty for protectng hs or her
prvate-key. Ths property of pubc-key authentcaton s often caed
non-repudaton.
A dsadvantage of usng pubc-key cryptography for encrypton s
speed. There are many secret-key encrypton methods that are
sgncanty faster than any currenty avaabe pubc-key encrypton
method. Nevertheess, pubc-key cryptography can be used wth
secret-key cryptography to get the best of both words. For encrypton,
the best souton s to combne pubc and secret-key systems n order
to get both the securty advantages of pubc-key systems and the
speed advantages of secret-key systems. Such a protoco s caed a
dgta enveope.
Pubc-key cryptography may be vunerabe to mpersonaton, even f
users' prvate-keys are not avaabe. A successfu attack on a
certcaton authorty w aow an adversary to mpersonate
whomever he or she chooses by usng a pubc-key certcate from the
compromsed authorty to bnd a key of the adversary's choce to the
name of another user.
In some stuatons, pubc-key cryptography s not necessary and
secret-key cryptography aone s sumcent. These ncude
envronments where secure secret key dstrbuton can take pace, for
exampe, by users meetng n prvate. It aso ncudes envronments
where a snge authorty knows and manages a the keys, e.g., a
cosed bankng system. Snce the authorty knows everyone's keys
aready, there s not much advantage for some to be "pubc" and
others "prvate." Aso, pubc-key cryptography s usuay not necessary
n a snge-user envronment. For exampe, f you want to keep your
persona es encrypted, you can do so wth any secret-key encrypton
agorthm usng, say, your persona password as the secret key. In
genera, pubc-key cryptography s best suted for an open mut-user
envronment.
Pubc-key cryptography s not meant to repace secret-key
cryptography, but rather to suppement t, to make t more secure. The
rst use of pubc-key technques was for secure key estabshment n a
secret-key system |DH76|; ths s st one of ts prmary functons.
Secret-key cryptography remans extremey mportant and s the
sub|ect of much ongong study and research.

Identi#y Types o# Encryption Systems
CISSP Seminar:
Classical substitution ciphers
+ransposition >permutation? ciphers
Polyalphabetic Ciphers
#unning key ciphers
Concealment
Digital ystem
Codes
(achines
*ne-+ime pad
D$!Clipper
Double!+riple D$
Public 'ey
#A
$lliptic curve
P-P
$l -amal
Diffie-%ellman

Compare and contrast Sbstittion ciphers and Transposition
Ciphers
CISSP Seminar:
An exampe of substtuton cpher woud be the Ceasar cpher. In
whch each pantext character s repaced by the character three to
the rght of moduo 26 (A s repaced by D, B s repaced by
E, and so on.
Shft aphabet Exampe:
A B C D E F.. BAD
D E F G H I EDG
Scrambe Aphabet Exampe:
A B C D E F.. BAD
Q E Y R T M. EQR
An exampe of transposton cpher woud be as foows:
Position of letters permuted.
(essage broken into )-character groups
8etters rearranged
dont give up the ship (Message)
1234512345123451234512345 (Groups of 5)
3512435124351243512435124 (The key)
ndtoiv egp tu shhe i p (Ciphertext)

/SA Crypto FAQ:
A substtuton cpher s one n whch each character of the pantext s
substtuted for another character of cphertext. The recever nverts the
substtuton on the cphertext to recover the pantext.
In a Transposton cpher the pantext remans the same, but the order
of characters s shumed around.

Describe the concept o# Polyalphabetic Ciphers
CISSP Seminar:
Uses dherent aphabets to defeat frequency anayss.
ee e.ample with ) alphabets below
Exampe:
a b c d e f g h i (normal alphabet)
q w e r t. (1
st
alphabet)
d m s i k (2
nd
Alphabet)
o h g x f (3
rd
Alphabet)
z b n l a (4
th
Alphabet)
y c v u p (5
th
Alphabet)
abcde (Plaintext)
qdozy (ciphertext)
Applied Cryptography 0ood" Page -1:
A poyaphabetc cpher s made up of mutpe smpe substtuton
cpher. For exampe, there mght be ve dherent smpe substtuton
cpher used; the partcuar one used changes wth the poston of each
character of the pantext.

Describe the concept o# Concealment Ciphers
CISSP Seminar:
The true etters of pantext are hdden/dsgused
By device or algorithm
$.ampleJ divide message
o ,se ; word at a time
o %ave it appear as every )
th
word in a sentence
o (essage in clear te.tJ P9Buy gold99
o (essage in concealmentJ
P9Product is a good B,L, it has ten percent -*8D content99

Defne and describe Steganography
CISSP Seminar:
Stenography s the art of hdng communcatons
Deny message e.ists
Data hidden in picture files, sound files, slack space on floppies
o :Je 8east significant bits of Bitmap image can be used to hide messages,
usually without material change to original file.
Applied Cryptography" Page ):
Steganography serves to hde secret messages n other messages,
such that the secrets very exstence s conceaed. Generay the
sender wrtes an nnocuous message and then conceas a secret
message on the same pece of paper. Hstorca trcks ncudes nvsbe
nks, tny pn puncture on seected characters, mnute dherences
between handwrtten characters, penc marks on typewrtten
characters, gres whch cover most of the message except for a few
characters, and so on. More recenty peope are hdng secrets n
graphc mage.

Describe Digital System Encryption
CISSP Seminar:
The key and message both streams of bts
$ach te.t character Q 7 bits
$ach key bit A*#ed >e.clusived-or9ed? with corresponding message bit
A*# operation yields 3 if both bits the same and ; is different
Exampe:
MESSAGE STREAM 01001000
KEY STREAM 11010001
CIPHERTEXT STREAM 10011001

Defne the word ECodesE as it pertains to Cryptography
CISSP Seminar:
Lst of words/phrases/ (codes) wth correspondng random groups of
numbers/etters (code groups)
Applied Cryptography" Page ):
Hstorcay, a code refers to a cryptosystem that deas wth ngustc
unts: words, phrases, sentences, and so forth. For exampe, the word
OCELOT mght be the cphertext of the entre phrase Turn eft 90
degrees, the word LOLLIPOP mght be the cphertext for Turn rght
90 degrees, and the words BENT EAR mght be the cphertext for
HOWITZER. Codes are ony usefu for specazed crcumstances.
Cphers are usefu for any crcumstance. Codes are mted, f your code
does not have an entry for a specc word then you cant say t, you
can say anythng you wsh usng cpher.

Compare and contrast @agelin and 0otor Cryptography
;achines
CISSP Seminar:
%agelin (achine
Combines plain te.t >character by character? withJ
'eystream >long pseudo-random seBuence?
+o produce cipher te.t
#otor (achines
#otor implements cipher alphabet
#otor connected in banks
ignal entering one end permuted by each of rotors before leaving at other end
'eyed by changing rotor variables
o #otors!order of rotors
o "umber of stopping pieces per wheel
o Pattern of motion

Describe the se and characteristics o# E!ne/Time/PadE
Encryption
CISSP Seminar:
,nbreakable by e.haustive search >brute force?
#andom key same length as message
*nly used once
Digital system key and message both bit streams
7 bits per character
$ach key bit A*#ed with corresponding message bit
Produces cipherte.t bit
'ey bits A*#ed with cipherte.t to decrypt

Describe the history o# the DES Encryption
CISSP Seminar:
:B( cryptographic research >late ;5=39s?
(odification of 8ucifer developed by :B(
"on-linear block ciphers
:B( developed >about ;56<?
"B solucited >about ;56@ and ;562?
Adopted >;566?
A": approved >;567?
"A threatened decertification >;576?
":+ recertified for ) years >;577, ;55@?
2et!or Computing:
The most common prvate key encrypton standard that s used s the
Data Encrypton Standard (DES) deveoped by IBM n the eary 1970s.
It s the de facto ndustry standard for cryptography systems and s the
words most commony used encrypton mechansm. Ths prvate key
system s wdey depoyed n nanca networks ncudng automated
teer machnes and pont-of-sae networks. It was adopted as a Federa
Informaton Processng Standard (FIPS PUB 46) n 1977 and as an
Amercan Natona Standard (ANSI X3.92) n 1981. Further carcaton
on the modes of use of the agorthm s contaned n ANSI standard
X3.106.

Describe the DES -lgorithm
CISSP Seminar:
=2 bit plain and cipher te.t block siNe
)= bit true key plus 7 parity bits
eventy Buadrillion possible keys
ingle-Chip 8: implentation
About )3R per unit
;= rounds of simple operations to encrypt
+ransposition and substitution
#everse to decrypt
/SA Crypto FAQ:
The DEA, aso caed DES, has been extensvey studed snce ts
pubcaton and s the best known and wdey used symmetrc
agorthm n the word.
The DEA has a 64-bt bock sze and uses a 56-bt key durng executon
(8 party bts are strpped oh from the fu 64-bt key). The DEA s a
symmetrc cryptosystem, speccay a 16-round Feste cpher and was
orgnay desgned for mpementaton n hardware. When used for
communcaton, both sender and recever must know the same secret
key, whch can be used to encrypt and decrypt the message, or to
generate and verfy a message authentcaton code (MAC). The DEA
can aso be used for snge-user encrypton, such as to store es on a
hard dsk n encrypted form. In a mut-user envronment, secure key
dstrbuton may be dmcut; pubc-key cryptography provdes an dea
souton to ths probem.
NIST has recerted DES (FIPS 46-1) every ve years; DES was ast
recerted n 1993, by defaut. NIST has ndcated, however, t w not
recertfy DES agan. The deveopment of AES, the Advanced Encrypton
Standard s underway. AES w repace DES.
Compare and contrast the ;odes o# the DES -lgorithm
CISSP Seminar:
$lectronic code book
=2 bits data blocks entered directly into device
=2 bits cipher blocks generated under key
#estricted to protection of encrypting keys and initialiNing vectors
*utput &eedback
D$ generated keystream A*#ed with message stream
imulates one-time-pad
'eystream generated by D$ encrypting =2 bits
initialiNation vector with secret key
D$ output bits fed back as input to generate ne.t segment key bits
Cipher &eedback
Device generates stream of random binary bits
Combined with plain te.t
-enerated cipher with same number of bits as te.t
Cipher te.t fed back to form a portion of ne.t input
Cipher Block Chaining
=2 bit plain te.t blocks loaded seBuentially
A*#ed with =2 bits initialiNing vector
Combination processed into cipher under key
&irst cipherte.t A*#ed with ne.t te.t block
Process continues until end of plainte.t chain
/SA Crypto FAQ:
ECB - Eectronc Code Book
Each bock of cphertext s encrypted ndependenty of any other bock.
Therefore each cphertext bock corresponds to one pantext bock |ust
ke n a code book.
CBC - Chan Bock Cpher
ECB does not protect aganst nserton of repeated bocks because
bocks are treated ndependenty. Another weakness s that dentca
pantext bocks generate dentca cphertext bocks. To mprove DES
for communcaton streams each 64 bt bock s EXORed wth the
prevous 64 bt cphertext before entered nto the DES chp. In addton
to a common secret key the sender and recever need to agree on an
nta vector to be EXORed wth the rst bock of a messages stream.
CFM - Cpher Feedback Mode
CFM s an aternate mode for DES on 8 bt characters. The nput
character s EXORed wth the east sgncant byte of the DES output
and then transmtted over the
communcaton nk. In order to coect enough bts for the 64 bt
encrypton bock the output characters are coected n a character
based shft regster. Each output character advances the shft regster
by 8 bts and trggers a new DES encrypton. Thereby the next nput
character w be EXORed wth a new DES output. CFM s sutabe for
use on sera nes.

Describe the caracteristics and sage o# DobleHTriple DES
CISSP Seminar:
Double D$
$ffective key length ;;< bits
/ork factor about the same as single D$
"o more secure
+riple D$
$ncrypt with first key
Decrypt with second key
$ncrypt with first key
"o successfull attack reported
/SA Crypto FAQ:
For some tme t has been common practce to protect and transport a
key for DES encrypton wth trpe-DES. Ths means that the nput data
(n ths case the snge-DES key) s, n ehect encrypted three tmes.
There are of course a varety of ways of dong ths; we w expore
these ways beow.
A number of modes of trpe-encrypton have been proposed:
DES-EEE3: Three DES encryptons wth three dherent keys.
DES-EDE3:
Three DES operatons n the sequence encrypt-decrypt-encrypt wth
three dherent keys.
DES-EEE2 and DES-EDE2:
Same as the prevous formats except that the rst and thrd operatons
use the same key.
Attacks on two-key trpe-DES have been proposed by Merke and
Heman |MH81| and Van Oorschot and Wener |VW91|, but the data
requrements of these attacks make them mpractca. Further
nformaton on trpe-DES can be obtaned from varous sources |Bh95|
|KR96|.
The use of doube and trpe encrypton does not aways provde the
addtona securty that mght be expected. Prenee |Pre94| provdes
the foowng comparsons n the securty of varous versons of
mutpe-DES and t can be seen that the most secure form of mutpe
encrypton s trpe-DES wth three dstnct keys.
# Encryptions #Keys Computation Storage Type of attack
single 1 2^56 - known plaintext
single 1 2^38 2^38 chosen plaintext
single 1 - 2^56 chosen plaintext
double 2 2^112 - known plaintext
double 2 2^56 2^56 known plaintext
double 2 - 2^112 known plaintext
trpe 2 256 256 256 known pantext
triple 2 2^120-t 2t 2t known plaintext
triple 2 - 2^56 chosen plaintext
triple 3 2^112 2^56 known plaintext
triple 3 2^56 2^112 chosen plaintext

Tabe 1: Comparson of dherent forms of DES mutpe encrypton
Lke a bock cphers, trpe-DES can be used n a varety of modes. The
ANSI X9.52 standard (see Oueston 5.3.1) detas the dherent ways n
whch trpe-DES mght be used and s expected to be competed
durng 1998.

Compare and Contrast the 0elative 4enefts o# Escrowed
Encryption
CISSP Seminar:
To be competed????
Personal &omments:
Key escrow s a rea can of worm dependng on who you are takng to.
There s two sde of ths, a group that cam t s madatory and another
group that cam t woud be aganst ther freedom of speech and cv
bertes.
Here are some of the degates:
Crmna encrypton use exsts. Encrypton has aready been used by
crmnas to keep ther actvtes secret from the FBI and aw
enforcement. From 1995 to 1996, the number of cases n whch the FBI
was foed by encrypton more than doubed (5 to 12).
Encrypton s not reguatabe outsde the US. Non-escrowed strong
encrypton s aready avaabe n over 200 other countres, and t w
st be avaabe n these countres, even f the US Government decdes
to nsttute an escrowed encrypton pocy.
Key recovery s expensve. A mandatory key recovery pocy, f
nsttuted by the government, woud be very costy not ony for the
government tsef (operatona costs), but aso for software companes
that have deveoped the 800 encrypton products currenty on the
market. These companes w have to competey re-engneer ther
products n order to compy wth the government's new pocy.
Escrow has not been thoroughy tested. There are mons of
encrypton users and thousands of agents and aw enforcement
agences. Key escrow has never been tested n a wde-scae
envronment.
Mandatory escrow can be crcumvented. There s no way to "scan" the
Internet to detect use of non-escrowed encrypton. Key recovery eaves
a "back door" n the software. Our naton's crtca systems (ar tramc
contro, defense systems, the power grd, etc.) woud key be
protected by key recovery. There s no way to ensure that the system
w be safe from hackers and terrorsts.
Escrow nvoves humans. As wth any type of securty system nvovng
humans, there are vunerabtes.
The government woud hod the key to everyone's persona data.
Under current proposed egsaton, keys woud be reeased by a court
subpoena, not a |udca order.

Defne EClipperE and the EShip:ac"E -lgorithm
CISSP Seminar:
Clipper
+amper-resistant hardware chip
"A-designed single-key encryption algorithm >shipOack?
Decrypted by special chip, uniBue key and special law enforcement access field
>8$A&? transmitted with encrypted communication.
#egardless of session key
Chip uniBue key is A*# of < components
$ach encrypted and stored in escrow with separate escrow agent
Both needed to construct chip uniBue key and decrypt
#elease to authoriNed government agent for authoriNed surveillance.
hipOack Algorithm
+ransform =2 bit input block into =2 bit output block
73 bit key length
ame operating modes as D$ >2 of them?
Classified to prevent implementing >in either software or hardware? without
8$A&
/SA Crypto FAQ:
The Cpper chp contans an encrypton agorthm caed Skp|ack. Each
chp contans a unque 80-bt unt key U, whch s escrowed n two parts
at two escrow agences; both parts must be known n order to recover
the key. Aso present s a sera number and an 80-bt "famy key" F;
the atter s common to a Cpper chps. The chp s manufactured so
that t cannot be reverse engneered; ths means that the Skp|ack
agorthm and the keys cannot be recovered from the chp.
Skp|ack s the encrypton agorthm contaned n the Cpper chp,
desgned by the NSA (see Oueston 6.2.2). It uses an 80-bt key to
encrypt 64-bt bocks of data. Skp|ack s expected to be more secure
than DES n the absence of any anaytc attack snce t uses 80-bt
keys. By contrast, DES uses 56-bt keys.
Intay the detas of Skp|ack were cassed and the decson not to
make the detas of the agorthm pubcy avaabe was wdey
crtczed. Some peope were suspcous that Skp|ack mght not be
secure, ether due to an oversght by ts desgners, or by the deberate
ntroducton of a secret trapdoor. Snce Skp|ack was not pubc, t coud
not be wdey scrutnzed and there was tte pubc condence n the
cpher.
Aware of such crtcsm, the government nvted a sma group of
ndependent cryptographers to examne the Skp|ack agorthm. They
ssued a report |BDK93| whch stated that athough ther study was too
mted to reach a dentve concuson, they nevertheess beeved
Skp|ack was secure.
In |une of 1998 Skp|ack was decassed by the NSA. Eary
cryptanayss has faed to nd any substanta weakness n the cpher.

Describe the elements o# the Electronic Data Secrity -ct o#
'((I
CISSP Seminar:
To be competed????
Ele&troni& 3ata Se&urity A&t -))*:
The Eectronc Data Securty Act states ts goas as:
To enabe the deveopment of a key management nfrastructure for
pubc-key-based encrypton and attendant encrypton products that
w assure that ndvduas and busnesses can transmt and receve
nformaton eectroncay wth condence n the nformaton's
condentaty, ntegrty, avaabty, and authentcty, and that w
promote tmey awfu government access.

Describe the basis o# Pblic/Key -lgorithms
CISSP Seminar:
&actoring large prime numbers
#A
Discrete log problem >difficulty of taking logarithms in finite fields?
$l -amal encryption scheme and signature algorithm
chnorr9s signature algorithm
"ybergrueppel9s signature algorithm
tation-to-tation protocol for key agreement >+?
Digital ignature Algorithm >DA?
$lliptic Curve Crypto >$CC?
/SA Crypto FAQ:
Pubc-key cryptosystems are based on a probem that s n some sense
dmcut to sove. Dmcut n ths case refers more to the computatona
requrements n ndng a souton than the concepton of the probem.
These probems are caed hard probems. Some of the most we
known exampes are factorng, theorem-provng, and the "traveng
saesman probem" - ndng the route through a gven coecton of
ctes whch mnmzes the tota ength of the path.
Factorng s the underyng, presumaby hard probem upon whch
severa pubc-key cryptosystems are based, ncudng the RSA
agorthm. Factorng an RSA moduus woud aow an attacker to gure
out the prvate key; thus, anyone who can factor the moduus can
decrypt messages and forge sgnatures. The securty of the RSA
agorthm depends on the factorng probem beng dmcut and the
presence of no other types of attack.
In genera the arger the number the more tme t takes to factor t. Of
course f you have a number ke 2100 t s easer to factor than say,
a number wth haf as many dgts but the product of two prmes of
about the same ength. Ths s why the sze of the moduus n RSA
determnes how secure an actua use of RSA s; the arger the moduus,
the onger t woud take an attacker to factor, and thus the more
resstant the RSA moduus s to an attack.

Defne Elleptic Crve Cryptosystems FECCG
CISSP Seminar:
,ses algebraic system defined on points of elliptic curve to provide public-key
algorithms.
Digital signature
ecret key distribution
Confidential info transmission
&irst proposed by Iictor (iller >:B(!C#D? ;57) K "eal koblitN > /ashington
univ?

/SA Crypto FAQ:
Eptc curve cryptosystems were rst proposed ndependenty by
Vctor Mer |M86| and Nea Kobtz |Kob87| n the md-1980s. At a
hgh eve, they are anaogs of exstng pubc-key cryptosystems n
whch moduar arthmetc s repaced by operatons dened over
eptc curves. The eptc curve cryptosystems that have appeared n
the terature can be cassed nto two categores accordng to
whether they are anaogs to RSA or dscrete ogarthm based systems.

Describe the advantages o# Elliptic Crves Cryptosystems
FECCG
CISSP Seminar:
%ighest strength!bit of public key systems
Big saving over other public key systems
Computation
Bandwidth
torage
Bandwith reduced
hort signature and certificates
&ast encryption and signature speed
%ardware and software
:deal for very small hardware implementations
mart card
$ncryption and digital signatures stages separable to simplify e.port
/SA Crypto FAQ:
Presenty, the methods for computng genera eptc curve dscrete
ogs are much ess emcent than those for factorng or computng
conventona dscrete ogs. As a resut, shorter key szes can be used to
acheve the same securty of conventona pubc-key cryptosystems,
whch mght ead to better memory requrements and mproved
performance. One can easy construct eptc curve encrypton,
sgnature, and key agreement schemes by makng anaogs of EGama,
DSA, and Dme-Heman. These varants appear to oher certan
mpementaton advantages over the orgna schemes, and they have
recenty drawn more and more attenton from both the academc
communty and the ndustry.
The man attracton of eptc curve cryptosystems over other pubc-
key cryptosystems s the fact that they are based on a dherent, hard
probem. Ths may ead to smaer key szes and better performance n
certan pubc-key operatons for the same eve of securty.
Very roughy speakng, when ths FAO was pubshed eptc curve
cryptosystems wth a 160-bt key oher the same securty of RSA and
dscrete ogarthm based systems wth a 1024-bt key. As a resut, the
ength of the pubc key and prvate key s much shorter n eptc
curve cryptosystems. In terms of speed, however, t s qute dmcut to
gve a quanttatve comparson, party because of the varous
optmzaton technques one can appy to dherent systems. It s
perhaps far to say the foowng: Eptc curve cryptosystems are
faster than the correspondng dscrete ogarthm based systems.
Eptc curve cryptosystems are faster than RSA n sgnng and
decrypton, but sower than RSA n sgnature vercaton and
encrypton. For more detaed comparsons, see the survey artce by
Matt Robshaw and Yqun Lsa Yn |RY97|.
Wth academc advances n attackng dherent hard mathematca
probems both the securty estmates for varous key szes n dherent
systems and the performance comparsons between systems are key
to change.

Identi#y the standards -ctivities Involving Elliptic Crve
Cryptosystems FECCG
CISSP Seminar:
:$$$, P;@=@ >public-key crypto?
Covers main public key techniBues
#A, $CC, $l -amal, Diffie-%ellman
A": A5
$lliptic curve Digital ignature Algorithm
>$CDA? proposed work item
A": AC A5
$lliptic curve key agreement and key management proposed work item
:*!:$C CD ;2777@ EDigital ignature with appendi.E
Iariety of digital signature mechanisms
/SA Crypto FAQ:
The IEEE P1363 s an emergng standard that ams to provde a
comprehensve coverage of estabshed pubc-key technques. It
contnues to move toward competon, wth baotng expected ater
ths year. The pro|ect, begun n 1993, has produced a draft standard
coverng pubc-key technques from the dscrete ogarthm, eptc
curve, and nteger factorzaton fames. Contrbutons are currenty
socted for an addendum, IEEE P1363a, whch w cover addtona
pubc-key technques. The pro|ect s cosey coordnated wth emergng
ANSI standards for pubc-key cryptography n bankng, and
forthcomng revsons of RSA Laboratores' Pubc-Key Cryptography
Standards w aso be agned wth IEEE P1363.
Amercan Natona Standards Insttute (ANSI) s broken down nto
commttees, one beng ANSI X9. The commttee ANSI X9 deveops
standards for the nanca ndustry, more speccay for persona
dentcaton number (PIN) management, check processng, eectronc
transfer of funds, etc. Wthn the commttee of X9, there are
subcommttees; further broken down are the actua documents, such
as X9.9 and X9.17.
The Internatona Organzaton for Standardzaton, (ISO), s a non-
governmenta body promotng standardzaton deveopments gobay.
Atogether, ISO s broken down nto about 2700 Technca Commttees,
subcommttees and workng groups. ISO/IEC (Internatona
Eectrotechnca Commsson) s the |ont technca commttee
deveopng the standards for nformaton technoogy. One of the more
mportant nformaton technoogy standards deveoped by ISO/IEC s
ISO/IEC 9798 |ISO92a|. Ths s an emergng nternatona standard for
entty authentcaton technques. It conssts of ve parts. Part 1 s
ntroductory, and Parts 2 and 3 dene protocos for entty
authentcaton usng secret-key technques and pubc-key technques.
Part 4 denes protocos based on cryptographc checksums, and part 5
addresses zero-knowedge technques.

Describe Pretty $ood Privacy FP$PG
CISSP Seminar:
Created by Phil Simmerman
#andom prime number T pass phrase
'ey crunching generates key
Convert passphrase into bitsteam
&or random key, passphrase must be long
o +heoryJ number of passphrase characters Q numbers of bits in key
/SA Crypto FAQ:
PGP (Pretty Good Prvacy) s a software package orgnay deveoped
by Ph Zmmerman that provdes cryptographc routnes for e-ma, e
transfer, and e storage appcatons. Zmmerman used exstng
cryptographc agorthms and protocos and deveoped a system that
can run on mutpe patforms. It provdes message encrypton, dgta
sgnatures, data compresson, and e-ma compatbty.
The agorthms used by PGP have changed over ts varous versons.
Versons pror to 5.0 used RSA for key exchange, MD5 for dgta
sgnatures, and IDEA for buk encrypton of messages and es. Verson
5.0 added Dme-Heman (E Gama) for key exchange, RIPEMD-160 and
SHA-1for dgta sgnatures, and 3DES and CAST for buk encrypton of
messages and es.
A versons of PGP have ncorporated the routnes from the freeware
program ZIP (whch uses routnes that are comparabe to the routnes
used n PKZp) to compress data before encrypton. Ths s done to add
securty to the cryptographc mpementaton, as we as mnmze the
transmsson tme of the encrypted data. E-ma compatbty s
acheved by Radx-64 converson of the bnary data.
PGP s bound by Federa export aws due to ts usage of the RSA, IDEA,
Dme-Heman, 3DES and CAST agorthms. The source code to PGP
was egay exported n book form, and s avaabe (aong wth bnary
dstrbutons of the program for use outsde of the USA) at
http://www.pgp.com

Defne the #or FJG types o# P$P certifcates
CISSP Seminar:
(ake up yourself
Provided commercially
Iouching on business relationship
Authenticated individual activity
/SA Crypto FAQ:

Compare and contrast E Gama and Dme-Heman Agorthms
CISSP Seminar:
$l -amal
,npatented, public-key algorithm used for both digital signatures and encryption
ecurity stems from difficulty in calculating discrete logarithms in a finite field
&irst public-key crypto algorithm suitable for encryption and digital signatures
unencumbered by patents in ,..
Diffie-%ellman
:nvented in ;56= 0 &irst public key algorithm
ecurity stems from difficulty in calculating discrete logarithms in a finite field
,sed for key distribution but not for message encryption!decryption
Patent e.pired in ;556
4ry&e 5endri. paper on Cryptography:
E Gama
Another popuar system s the E Gama agorthm, whch rees on the
dmcuty of dscrete ogarthms. The agorthm s based on the probem
of exponentaton as foows: gven a moduus q and some b < q, a
character x can be encrypted as nteger y s the condton by x mod
q. The nteger y shoud not be easy computabe, provdng securty
through the unfeasbty of compcated dscrete ogarthms.
The actua E Gama agorthm requres, for a secure system, that
everyone agrees on a arge prme moduus, q. A number g s chosen
such that, deay, the order of g s q-1. The user generates a prvate
key, y, then uses that prvate key to generate the pubc key, gy;
addtonay pubc key must be congruent to 1 mod q. For E Gama to
be secure, y must be dmcut to compute from gy. Suppose Ace now
wshes to encrypt a message M for Bob usng hs pubc key. Snce both
g and gy are known to Ace, she then computes the kth power of each
and sends Bob gk and Mgyk. Snce Bob knows y, he can then
reconstruct M by ndng the nverse of gyk and mutpyng Mgyk by
the nverse to attan M |Achter|.
Comparng the E Gama agorthm wth the RSA agorthm, t s noted
that both empoy exponentaton, so they can be assumed to have
comparabe speed n encrypton and decrypton as we as key gener
aton. RSAs securty s based on factorzaton, whch has been studed
comprehensvey over the past two hundred years. E Gama, on the
other hand, rees on sovng by dscrete ogarthms, whch remans
fary unstuded. By varyng g and the nverse functon smutaneousy
an attack that has a compexty ower than sovng by dscrete
ogarthms or factorng, not t can be sad that E Gama s at best no
more secure than RSA and possby much ess secure |Nechvata|. It
shoud aso be ponted out that E Gama requres two vaues to be
sent, the encrypted method and a message dependent arge nteger-
For ths reason, E Gama s sad to be ess space emcent than RSA,
athough t may present better securty aganst some attacks,
especay f k s dherent for gk and Mgyk |Nechvata|.
Milgo Solution:
Dme Heman
Dme Heman was the rst pubc key agorthm ever deveoped. It s
st extremey popuar and hghy recommended for key exchange. Its
prmary advantage over RSA, the most wdey used pubc key
agorthm, s that Dme Heman s a negotated key generaton whe
RSA s a master/save key generaton.
The pubc portons of Dme Heman are:
Moduus = m
Integer = g
Two partes, Ace and Bob, who want to negotate a key that ony they
w know, perform the foowng:
1.Ace generates a arge random number a and computes X = ga mod
m
2.Bob generates a arge random number b and computes Y = gb mod
m
3.Ace sends X to Bob.
4.Bob computes Key 1 = Xb mod m
5.Bob sends Y to Ace.
6.Ace computes Key 2 = Ya mod m
Both Key 1 and Key 2 are equa to gab mod m. No one besdes Ace
and Bob s abe to generate ths vaue. Ony someone who knows a or b
s abe to generate the key. Therefore Dme Heman pubc key s a
means for two partes who have never met to be abe to negotate a
key over a pubc channe.
The securty of Dme Heman revoves around the choce of the pubc
parameters m and g. Moduus m shoud be a prme number and (m-
1)/2 shoud aso be a prme number. Fnay moduus m shoud be arge
because the securty s reated to ndng the dscrete ogarthm n a
nte ed of sze m. SafeDa uses a 1024-bt moduus, whch s
consdered to be hghy secure by most experts.

Compare and contrast Cryptographic ;odle Confgrations
CISSP Seminar:
There s four type of modues: nne, omne, enbedded, stand-aone
:nline
&ront end configuration
(odule capable of accepting plainte.t from source
o Performing crypto processing
o Passing processed data directly to communications eBuipment
o /ithout passing back to source
(ay also decrypt reverse process
Data cannot leave host without passing through module
Comm eBuip in module or e.ternal to host
*ffline
Back end configuration
(odule capable of accepting data from source
o Performing crypto processing
o Passing processed data back to source
ource responsible for storage and further transmission
o (aintaining separation between protected and unprotected data
:deal for local file encryption
Comm boards may be internal to host
$mbedded
(odule physically enclosed within and interfaces with computer
$ither inline or offline
8ess e.pensive
Physical security >temper protection and detection? Buestionable
tandalone
(odule contained in own physical enclosure
*utside host computer
$ither inline or offline

Identi#y the -ctivities 0elated to Key management
CISSP Seminar:
'ey management
'ey change
'ey disposition
'ey recovery
Control of crypto keys
/SA Crypto FAQ:
Key management deas wth the secure generaton, dstrbuton, and
storage of keys. Secure methods of key management are extremey
mportant. Once a key s randomy generated (see Oueston 4.1.2.2), t
must reman secret to avod unfortunate mshaps (such as
mpersonaton). In practce, most attacks on pubc-key systems w
probaby be amed at the key management eve, rather than at the
cryptographc agorthm tsef.
Users must be abe to securey obtan a key par suted to ther
emcency and securty needs. There must be a way to ook up other
peope's pubc keys and to pubcze one's own pubc key. Users must
be abe to egtmatey obtan others' pubc keys; otherwse, an
ntruder can ether change pubc keys sted n a drectory, or
mpersonate another user. Certcates are used for ths purpose.
Certcates must be unforgeabe. The ssuance of certcates must
proceed n a secure way, mpervous to attack. In partcuar, the ssuer
must authentcate the dentty and the pubc key of an ndvdua
before ssung a certcate to that ndvdua.
If someone's prvate key s ost or compromsed, others must be made
aware of ths, so they w no onger encrypt messages under the
nvad pubc key nor accept messages sgned wth the nvad prvate
key. Users must be abe to store ther prvate keys securey, so no
ntruder can obtan them, yet the keys must be ready accessbe for
egtmate use. Keys need to be vad ony unt a speced expraton
date but the expraton date must be chosen propery and pubczed n
an authentcated channe.

Compare and contrast the types o# "ey management
CISSP Seminar:
8ink encryption
$nd-+o-$nd encryption
'ey Distribution Center >'DC?
,ser uniBue key distributed
o Changed infreBuently
A calls B
Calling protocol contacts 'DC
'DC generates random session key >k?
'DC encrypts k using A9s uniBue key and sends it to A
'DC encrypts k using B9s uniBue key and sends it to B
A and B uses k for session

Describe the principle o# "ey management
CISSP Seminar:
(ust be fully automated
&or key discipline and secrecy
"o key in clear outside of crypto device
&or secrecy and known plainte.t attack resistance
Choose keys randomly from entire key space
Pattern can be e.ploited by attacker to reduce work
'ey encrypting keys must be separate from data keys
"othing appearing in clear is encrypted with key-encrypting-key
'eep '$' invulnerable to brute force attack
Disguise all pattern in clearte.t obOect before encryption
&ormat, language, alphabet, public code
+o resist cipherte.t only attacks
:nfreBuently use keys with long life
(ore key is used, more likely a successful attack and greater the conseBuences

Describe the concept o# "ey recovery and "ey recovery
systems
CISSP Seminar:
Permits recovery of lost or damaged keys without needs to store or escrow them
with a third party
'ey recovery alliance of vendors formed >;3!<!5=?
Developed e.portable, worldwide approach to strong encryption to enable secure
international commerce
Developing modern, high-level crypto E'ey recoveryE solutions
(eet business reBuirements
$ase crypto import!e.port restrictions worldwide
Alliance proposed reBuirements for ideal key recovery system >5!;5!56?
/SA Crypto FAQ:
One of the barrers to the wdespread use of encrypton n certan
contexts s the fact that when a key s somehow "ost", any data
encrypted wth that key becomes unusabe. Key recovery s a genera
term encompassng the numerous ways of permttng "emergency
access" to encrypted data.
One common way to perform key recovery, caed key escrow, s to
spt a decrypton key (typcay a secret key or an RSA prvate key) nto
severa parts and dstrbute these parts to escrow agents or "trustees".
In an emergency stuaton (exacty what denes an "emergency
stuaton" s context-dependent), these trustees can use ther "shares"
of the keys ether to reconstruct the mssng key or smpy to decrypt
encrypted communcatons drecty. Ths method s used by Securty
Dynamcs' RSA SecurPC product.
Another recovery method, caed key encapsuaton, s to encrypt data
n a communcaton wth a "sesson key" (whch vares from
communcaton to communcaton) and to encrypt that sesson key
wth a trustee's pubc key. The encrypted sesson key s sent wth the
encrypted communcaton, and so the trustee s abe to decrypt the
communcaton when necessary. A varant of ths method, n whch the
sesson key s spt nto severa peces, each encrypted wth a dherent
trustee's pubc key, s used by TIS' RecoverKey.
Key recovery can aso be performed on keys other than decrypton
keys. For exampe, a user's prvate sgnng key mght be recovered.
From a securty pont of vew, however, the ratonae for recoverng a
sgnng key s generay ess compeng than that for recoverng a
decrypton key.

Defne Digital Signatre as it Pertains to Cryptography
CISSP Seminar:
Authentication tool to verify a message origin and a sender identity
#esolves authentication issues
Block of data attached to message >document, file, record, etc?
Binds message to individual whose signature can be verified
o By receiver or third party
o Can9t be forged
$ach user has public-private key pair.
/SA Crypto FAQ:
The dgta sgnature of a document s a pece of nformaton based on
both the document and the sgner's prvate key. It s typcay created
through the use of a hash functon and a prvate sgnng functon
(encryptng wth the sgner's prvate key), but there are other methods.
Authentcaton s any process through whch one proves and veres
certan nformaton. Sometmes one may want to verfy the orgn of a
document, the dentty of the sender, the tme and date a document
was sent and/or sgned, the dentty of a computer or user, and so on.
A dgta sgnature s a cryptographc means through whch many of
these may be vered.

Describe the Digital Signatre Standard FDSSG
CISSP Seminar:
":+ proposed in ;55;
,ses secure hash algorithm >%A?
Condenses message to ;=3 bits
(odular arithmetic e.ponentiations of large numbers
'ey siNe );<-;3<2 bits
Difficult to invert e.ponentiations >security?
$Buivalent to factoring >#A?
FIPS -,6:
Ths Standard speces a Dgta Sgnature Agorthm (DSA) approprate
for appcatons requrng a dgta rather than wrtten sgnature. The
DSA dgta sgnature s a par of arge numbers represented n a
computer as strngs of bnary dgts. The dgta sgnature s computed
usng a set of rues (.e., the DSA) and a set of parameters such that
the dentty of the sgnatory and ntegrty of the data can be vered.
The DSA provdes the capabty to generate and verfy sgnatures.

Defne !peration o# the Digital Signatre Standard
CISSP Seminar:
To sgn a message
ender computes digest of message
,sing public hash function
Crypto signature by sender9s private key
Applied to digest creates digital signature
Digital signature sent with message
To verfy a message
#eceiver computes digest of message
Ierifying functions with sender9s public key
Applied to digest and signature received
Ierified if both digest match
ignature decryption identifies sender
/SA Crypto FAQ:
The dgta sgnature s computed usng a set of rues (.e., the DSA)
and a set of parameters such that the dentty of the sgnatory and
ntegrty of the data can be vered. The DSA provdes the capabty to
generate and verfy sgnatures. Sgnature generaton makes use of a
prvate key to generate a dgta sgnature. Sgnature vercaton
makes use of a pubc key whch corresponds to, but s not the same
as, the prvate key. Each user possesses a prvate and pubc key par.
Pubc keys are assumed to be known to the pubc n genera. Prvate
keys are never shared. Anyone can verfy the sgnature of a user by
empoyng that user's pubc key. Sgnature generaton can be
performed ony by the possessor of the
user's prvate key.
A hash functon s used n the sgnature generaton process to obtan a
condensed verson of data, caed a message dgest. The message
dgest s then nput to the DSA to generate the dgta sgnature. The
dgta sgnature s sent to the ntended verer aong wth the sgned
data (often caed the message). The verer of the message and
sgnature veres the sgnature by usng the sender's pubc key. The
same hash functon must aso be used n the vercaton process. The
hash functon s speced n a separate standard, the Secure Hash
Standard (SHS), FIPS 180. Smar procedures may be used to generate
and verfy sgnatures for stored as we as transmtted data.

Identi#y the benefts o# the Digital Signatre Standard
CISSP Seminar:
Provides non-repudiation
,sed with electronic contracts, purchase orders, etcU
,sed to authenticate software, data, images, users, machines.
Protect software against viruses
mart card with digital signature can verify user to computer
/SA Crypto FAQ:
The dgta sgnature s computed usng a set of rues (.e., the DSA)
and a set of parameters such that the dentty of the sgnatory and
ntegrty of the data can be vered.

Defne &on/0epdiation as it pertains to Cryptography
CISSP Seminar:
Proves message sent and received
$nsures sender can9t deny sending
#ecipient can9t deny claim that they received something else or deny receiving
proper message

Defne @ash #nctions as they pertain to Cryptography
CISSP Seminar:


/SA Crypto FAQ:
The man roe of a cryptographc hash functon s n the provson of
message ntegrty checks and dgta sgnatures. Snce hash functons
are generay faster than encrypton or dgta sgnature agorthms, t s
typca to compute the dgta sgnature or ntegrty check to some
document by appyng cryptographc processng to the document's
hash vaue, whch s sma compared to the document tsef.
Addtonay, a dgest can be made pubc wthout reveang the
contents of the document from whch t s derved. Ths s mportant n
dgta tmestampng where, usng hash functons, one can get a
document tmestamped wthout reveang ts contents to the
tmestampng servce.

Describe the Dse o# Certifcation -thority
CISSP Seminar:
Binds individuals to their public keys
Certification authrority9s digital signature
Attest binding
Certification authority certification
,ser identification, public key, date
A)35 certification standard
":+ "ational Digital ignature Certification Authority study
/SA Crypto FAQ:
Certcates are ssued by certcaton authorty. Certcates are dgta
documents attestng to the bndng of a pubc key to an ndvdua or
other entty. They aow vercaton of the cam that a specc pubc
key does n fact beong to a specc ndvdua. Certcates hep
prevent someone from usng a phony key to mpersonate someone
ese. In some cases t may be necessary to create a chan of
certcates, each one certfyng the prevous one unt the partes
nvoved are condent n the dentty n queston.
In ther smpest form, certcates contan a pubc key and a name. As
commony used, a certcate aso contans an expraton date, the
name of the certfyng authorty that ssued the certcate, a sera
number, and perhaps other nformaton. Most mportanty, t contans
the dgta sgnature of the certcate ssuer. The most wdey accepted
format for certcates s dened by the ITU-T X.509 nternatona
standard; thus, certcates
can be read or wrtten by any appcaton compyng wth X.509.

Dene Eectronc Document Authorzaton (EDA)
CISSP Seminar:
AuthoriNes certificates
pecifies public key holder authority!power
pend, authoriNe payments, perform business functions
pecifies limits to prevent abuse
Cosignature reBuirements
$nalbles checks and balances

Defne and distingish between message athentication code
and Code $eneration
CISSP Seminar:
Message Authentcaton:
imple (ACing
/eakest form of authentication
(AC generation standard 0 A": A5.5 >&:(A?
Computed value derived from document
Detect accidental!intentional alteration
&orgery possible
MAC Generaton
Algorithm e.amines bitstream
Data field output appended to bitstream
Before transmission!storage
Parity!checksum application
Bitstream and (AC
(achine!communications error
/SA Crypto FAQ:
A message authentcaton code (MAC) s an authentcaton tag (aso
caed a checksum) derved by appyng an authentcaton scheme,
together wth a secret key, to a message. Unke dgta sgnatures,
MACs are computed and vered wth the same key, so that they can
ony be vered by the ntended recpent.
There are four types of MACs: (1) uncondtonay secure, (2) hash
functon-based, (3) stream cpher-based, or (4) bock cpher-based.
Smmons and Stnson |St95| proposed an uncondtonay secure MAC
based on encrypton wth a one-tme pad. The cphertext of the
message authentcates tsef, as nobody ese has access to the one-
tme pad. However, there has to be some redundancy n the message.
An uncondtonay secure MAC can aso be obtaned by use of a one-
tme secret key.
Hash functon-based MACs (often caed HMACs) use a key or keys n
con|uncton wth a hash functon to produce a checksum that s
appended to the message. An exampe s the keyed-MD5 method of
message authentcaton.
Describe 4itstream -thentication
CISSP Seminar:
-enerate new (AC
Compare with original
(ac Algorithm Bualities
ensitive to bit changes
Creates (AC unable to be duplicated

Describe brte #orce attac" as they pertain to Cryptography
CISSP Seminar:
Tryng a keys
/SA Crypto FAQ:
Exhaustve key search, or brute-force search, s the basc technque of
tryng every possbe key n turn unt the correct key s dented. To
dentfy the correct key t may be necessary to possess a pantext and
ts correspondng cphertext, or f the pantext has some recognzabe
characterstc, cphertext aone mght sumce. Exhaustve key search
can be mounted on any cpher and sometmes a weakness n the key
schedue of the cpher can hep mprove the emcency of an exhaustve
key search attack.
Advances n technoogy and computng performance w aways make
exhaustve key search an ncreasngy practca attack aganst keys of a
xed ength. When DES was desgned, t was generay consdered
secure aganst exhaustve key search wthout a vast nanca
nvestment n hardware. To date, there s no pubc evdence that such
hardware has been constructed. Over the years, however, ths ne of
attack w become another ncreasngy attractve to a potenta
adversary usefu artce on exhaustve key search can be found n the
Wnter 1997 ssue of CryptoBytes avaabe onne at the foowng URL:
http://www.rsa.com/rsaabs/pubs/cryptobytes/htm/artce_ndex.htm

Compare and contrast the cost and time ta"en in 4rte 1orce
-ttac"s
CISSP Seminar:
Cost of brute force:
Year MIPs Year Cost 56 bt key 40 Bt key
1997 $15.00 $17.0M $260.00
2002 $1.50 $1.7M $26.00
2007 $0.15 $170,000 $2.60
Tme for brute force:
Key tested per second 56 bt key 40 bt key
1,000 300,000,000 years 17.5 years
1,000,000 300,000 years 6.2 days
1,000,000,000 300 years 9.0 mnutes
1,000,000,000,000 109 days .5 seconds

/SA Crypto FAQ:
Whe exhaustve search of DES's 56-bt key space woud take
hundreds of years on the fastest genera purpose computer avaabe
today, the growth of the Internet has made t possbe to utze
thousands of such machnes n a dstrbuted search by parttonng the
key space and dstrbutng sma portons to each of a arge number of
computers. In |anuary 1999, the DES Chaenge III was soved n |ust 22
hours and 15 mnutes by the Eectronc Fronter Foundatons `Deep
Crack n a combned ehort wth dstrbuted.net.
Whe the 56-bt key n DES now ony ohers a few hours of protecton
aganst exhaustve search by a modern dedcated machne |We94|,
the current rate of ncrease n computng power s such that an 80-bt
key as used by Skp|ack can be expected to oher the same eve of
protecton aganst exhaustve key search n 18 years tme as DES does
today |BDK93|. Absent a ma|or breakthrough n quantum computng, t
s unkey that 128-bt keys, such as those used n IDEA or RC5-
32/12/16, w be broken by exhaustve search n the foreseeabe
future.

Compare and contrast 4rte 1orceA -nalyticA StatisticalA and
Implementation -ttac"s
CISSP Seminar:
Analytic
,sing algorithm and algebraic manipulation weakness to reduce comple.ity
#A factoring attack
Double D$ attack
tatistical
,sing statistical weakness in design
(ore ;9s than 39s in the keystream
:mplementation
,sing the specific implementation of the encryption protocol
5) attack of netscape key
o deficient key randomiNation
o string algorithm T ;<7 bit key

Describe the Commercial C!;SEC Endorsement Program
FCCEPG
CISSP Seminar:
Commerca communcatons securty endorsement program
"A and industry relationship
Combine government crypto knowledge with industry product-development
e.pertise
+ype ; or type < high-grade crypto products.
+ype ; encrypt classified and ,:
o +, ecure telephone unit
+ype < encrypts ,:
o Authentication devices, transmission security devices, secure 8A"9s
The #ournal of Ameri&an 7ndergroung Computing:
In the md-80's, NSA ntroduced a program caed the Commerca
COMSEC Endorsement Program, or CCEP.
CCEP was essentay Cpper n a back box, snce the technoogy was
not sumcenty advanced to bud ower-cost chps. Vendors woud |on
CCEP (wth the proper securty cearances) and be authorzed to
ncorporate cassed agorthms nto communcatons systems. NSA
had proposed that they themseves woud actuay provde the keys to
end-users of such systems.

Defne the levels o# Encryption as Defned in the CCEP
CISSP Seminar:
+ype ; or type < high-grade crypto products.
+ype ; encrypt classified and ,:
o +, ecure telephone unit
+ype < encrypts ,:
o Authentication devices, transmission security devices, secure 8A"9s

Compare and contrast the di7erences in Export Isses
regarding Encryption
CISSP Seminar:
Ths has to be competed.
/SA Crypto FAQ:
Cryptography s export-controed for severa reasons. Strong
cryptography can be used for crmna purposes or even as a weapon
of war. Durng wartme, the abty to ntercept and decpher enemy
communcatons s cruca. For that reason, strong cryptography s
usuay cassed on the U.S. Muntons Lst as an export-controed
commodty, |ust ke tanks and msses.
Cryptography s |ust one of many technooges whch s covered by the
ITAR (Internatona Tramc n Arms Reguatons).
In the Unted States, government agences consder strong encrypton
to be systems that use RSA wth key szes over 512-bts or symmetrc
agorthms (ke DES, IDEA, or RC5) wth key szes over 40-bts. Snce
government encrypton pocy s heavy nuenced by the agences
responsbe for gatherng domestc and nternatona ntegence (the
FBI and NSA, respectvey) the government s compeed to baance the
conctng requrements of makng strong cryptography avaabe for
commerca purposes whe st makng t possbe for those agences
to break those codes, f need be. The US government does, however,
aow 56-bt bock cphers to be exported for nanca cryptography.