search

A physical courier delivering an asymmetric key is an example of in-band key exchange.

1 Jahrs vor
Kommentare: 0
Ansichten: 10

The keys used in cryptography may consist of many different characteristics. In this video, you’ll learn about key strength, the key exchange process, and real-time encryption and decryption.

Show

<< Previous Video: Weak Encryption Next: Steganography >>

Cryptography doesn’t rely on security through obscurity. With cryptography, you know practically everything about the cryptographic process. The entire algorithm is usually public and known to everyone.

The one piece of information that isn’t known is the key. And that’s why the cryptographic key is so important. It’s going to determine what type of encrypted data you’re going to create, it will determine the hash value that’s created. And that key will determine what type of digital signature is created. That’s why we constantly say that your key must always be private because that’s the only thing protecting your data.

The size of the key is also important for security. The larger keys tend to be more secure, because the larger keys means there are more possible key combinations if somebody had to go through and brute force every single one of those. Of course, as our computing power grows and it becomes much more easy to perform many more calculations, we have to keep making these kids larger and larger.

For symmetric encryption, it’s common to see 128-bit keys. But we’re going to see larger and larger symmetric keys as it becomes easier to do brute force attacks. Asymmetric encryption, though, uses very complex calculations of very large prime numbers. And that means that the keys involved with asymmetric encryption are going to be quite a bit larger. It’s common to see asymmetric keys that are 3,072 bits or even larger to be able to prevent any brute force attacks.

So now that we understand how important this key is, how do we get a key exchanged with someone else over an insecure medium like the internet, but still maintain the confidentiality of that key? One way to do this would be to send the key out of band or without using the internet. We might telephone someone. We could provide a courier to send that key from one person to the other. Or we could visit them and hand the key over in person.

And out-of-band key exchange isn’t practical for most people. Instead, most of us use an in-band key exchange, where we’re transferring keys across the network. We would generally protect a symmetric key, then, by adding additional encryption. And it’s common to use asymmetric encryption, in order to protect our symmetric key.

Unfortunately, asymmetric encryption requires so much overhead that it’s not practical to use for real time encryption and decryption. For that reason, we commonly use symmetric encryption. But how would I get a symmetric key to use for encryption from a web server, if our only way of communicating is across the internet?

Well one way to do that is to share the symmetric key by using asymmetric encryption. I would have the server send me its public key. And then I would encrypt a random key with that public key and send it to the server. The server receives that encrypted message. It decrypts it with its private asymmetric key and then ultimately has the symmetric key that will be used for this conversation.

An important best practice when you’re using session keys is to change these keys often– once a day or multiple times a day. We call these temporary keys, ephemeral keys. And they also need to be unpredictable values. We don’t want our session keys to simply increment by one each time it’s changed, because there needs to be randomization to prevent any type of brute force attack.

NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.

Introduction

Cryptography falls into the sixth and last domain of CompTIA’s Security+ exam (SYO-401) and contributes 12% to the exam score. The Security+ exam tests the candidate’s knowledge of cryptography and how it relates to the security of networked and stand-alone systems in organizations. To pass the Security+ exam, the candidates must understand both symmetric and asymmetric cryptography, as well as in-band vs. out-of-band key exchange, encryption methods and their differences, and cryptography attacks.

Cryptography Concepts

IT security experts employ cryptographic systems to meet various fundamental goals, including:

  • Confidentiality: It’s the act of ensuring that the message is unavailable to unauthorized users.
  • Integrity: Integrity ensures that a message isn’t manipulated or altered during the transit.
  • Authentication: It verifies the claimed identity of users and has paramount importance in cryptosystems.

Symmetric vs. Asymmetric

Symmetric cryptography, also called secret-key or private-key cryptography, is an encryption scheme in which both parties (sender and receiver) use the same key for encryption and decryption of the message (see Figure 1). The sender utilizes the private key to encrypt the message and transmits it to the receiver. The receiver, who is in possession of the same private key, employs it to decrypt the message successfully.

A physical courier delivering an asymmetric key is an example of in-band key exchange.

Symmetric cryptography is very fast compared to asymmetric cryptography. Its speed is due to straightforward and efficient algorithms and the fact that a single shared key is used to encrypt and decrypt the message. Symmetric cryptography is secure only as long as the shared key is kept private. If a shared key is stolen or compromised, true protection cannot be ensured. To make the key secure, the communicating parties should implement a preferred method, which is a public key infrastructure (PKI) solution. Some other solutions include advanced encryption standard (AES), triple data encryption standard (3DES), blowfish, twofish, and Rivest Cipher 6 (RC6). Another good approach for symmetric cryptography is to use the larger key.

Asymmetric cryptography, also called public-key cryptography, is an encryption scheme in which the communicating parties use a different, but mathematically related, pair of keys to encrypt and decrypt the message (see Figure 2).

A physical courier delivering an asymmetric key is an example of in-band key exchange.

Although the keys are mathematically similar, they cannot be derived from each other. The key pairs consist of a public key and a private key. The use of the key pairs makes asymmetric cryptography much more scalable than symmetric cryptography. The public key is known and open. On the other hand, the private key must be kept private and secure, and only the recipient can possess it. The sender encrypts the message with the intended recipient’s public key and then the receiver decrypts the message with a private key that only he/she owns.

Because asymmetric cryptography is much slower than symmetric cryptography, it isn’t fit for the encryption of a large amount of data. In that case, symmetric cryptography will be the best fit. The common solutions for asymmetric encryption include the Rivest, Shamir, and Adelman (RSA), Diffie-Hellman, ElGamal, and elliptic curve cryptography (ECC).

Session Keys

Session keys are encryption keys used for a communication session. Session keys can be either symmetric or asymmetric and are randomly generated for a single session.

In-Band vs. Out-Band Key Exchange

An in-band key exchange is an exchange by two or more parties of a public key over the Internet or through an existing communication channel. The In-band is less secure because man-in-the-middle attack could intercept the data.

On the other hand, an out-of-band key exchange is an exchange by two or more parties of a private key outside the Internet and outside of the current communication channel. For example, smart cards, ExpressCard/PC Card technology, and USB drives can store the private keys for authentication and, when these keys are delivered outside of a network, the out-of-band key exchange takes place. It’s more secure than in-band exchange key because any attack trying to access the initial channel is less likely to have access to the alternate communications path.

Fundamental Differences and Encryption Methods

Block vs. Stream

Block and stream are two sub-forms of symmetric cryptography. A block cipher breaks the plain text into fixed-length segments called blocks and operates on each block separately. Encryption algorithms are also applied at the same time.

A stream cipher encrypts data one bit at a time, unlike block cipher, which works on blocks of plain text. Stream ciphers, in terms of design, are faster than block ciphers.

A block cipher uses the same key to encrypt each of the blocks, while a stream cipher uses different keys to encrypt each bit.

Hashing

Hashing is used to protect the integrity of a message by preventing it from being improperly accessed during transmits over a network. Hashing produces a unique identifier, which can be a hash, hash value, checksum, or fingerprint. A hash function is used to generate the identifier. The common hash algorithms include Message Digest 5 (MD5), MD4, MD2, and Secure Hash Algorithm (SHA-1). Hashing attacks are done by using reverse engineering. Furthermore, the hackers mostly use hashing attacks to crack the passwords.

Steganography

Steganography is a process of hiding a message in a communication medium, such as a digital audio file, video file, or image file. Steganography uses the least significant bit (LSB) method to hide the message. Another common form is to hide the text inside the graphics. If an attack occurs, the entire message can instantly be compromised. Brute-force attacks, in which the hackers try to extract the hidden message from the communication channel, are often used.

Digital Signatures

Digital signatures are used to prove that a message was sent from a particular user and that the message was not altered while in transit. A digital signature uses either an asymmetric or symmetric encryption solution and involves a hashing algorithm as well.

What Type of Cryptographic Attacks Do You Need to Know for Security+ Exam?

There are some common cryptographic attacks, including:

Birthday Attacks

Birthday attacks are examples of attacks targeted at the keys. A birthday attack takes place on a simple premise. For example, if there are 30 people in a house, there is some probability that three of them will have the same birthday. The probability would increase if the additional people enter the house. Probability doesn’t ensure the occurrence of something. Instead, it only guesses that something is more likely to take place. If the key is hashed, there is a possibility that, given enough time, the hacker can create another value that would give the same hash value. The birthday attack is so dangerous that even an MD5 hash is vulnerable to it.

Man-in-the-Middle Attack

A man-in-the-middle attack is an eavesdropping attack in which an attacker positions himself in the communication channel between a client and server or any two communicating entities. With this attack, the attackers can secretly modify the communication channel.

To prevent man-in-the-middle attacks, security experts can take some countermeasures, including secure encryption techniques, such as IPsec, and the use of the strong authentication methods, such as multifactor authentication, mutual authentication, certificates, and Kerberos.

Side-Channel Attacks

Side-channel attacks are based on data obtained from the physical infrastructure of cryptosystems, rather than theoretical deficiencies in the algorithms. For instance, power consumption, timing information, electromagnetic leaks, or even sound can provide useful information that can be exploited to break down the system.

A side-channel attack can be further classified as:

  • Electromagnetic attack
  • Timing attack
  • Power-monitoring attack
  • Cache attack
  • Software-initiated fault attack

Mathematical Attack

A mathematical attack focuses on an encryption algorithm or any weak area in it, and the key mechanism. Mathematical attacks use statistical analysis and mathematical modeling to determine how the systems operate.

Security+ Boot Camp

The InfoSec Institute offers a Security+ Boot Camp that teaches you information theory and reinforces theory with hands-on exercises that help you learn by doing.

InfoSec also offers thousands of articles on all manner of security topics.

When carrying out asymmetric encryption Which of the following users would keep the private key?

Asymmetric encryption is also called public key encryption, but it actually relies on a key pair. Two mathematically related keys, one called the public key and another called the private key, are generated to be used together. The private key is never shared; it is kept secret and is used only by its owner.

Which algorithm can they use to exchange a secret key?

The Diffie-Hellman algorithm will be used to establish a secure communication channel. This channel is used by the systems to exchange a private key. This private key is then used to do symmetric encryption between the two systems.

What is not a symmetric encryption algorithm?

Unlike symmetric encryption, which uses the same secret key to encrypt and decrypt sensitive information, asymmetric encryption, also known as public-key cryptography or public-key encryption, uses mathematically linked public- and private-key pairs to encrypt and decrypt senders' and recipients' sensitive data.

What is the only unbreakable cipher when it is used properly?

A One Time Pad (OTP) is the only potentially unbreakable encryption method. Plain text encrypted using an OTP cannot be retrieved without the encrypting key. However, there are several key conditions that must be met by the user of a one time pad cipher, or the cipher can be compromised.

physical courier delivering asymmetric key in-band key exchange

zusammenhängende Posts

What signs and symptoms should the nurse expect to find during the physical assessment of a client who has a history of rheumatoid arthritis?
What signs and symptoms should the nurse expect to find during the physical assessment of a client who has a history of rheumatoid arthritis?

When hypochondriasis is accompanied by significant physical symptoms, the dsm-5 diagnosis will be
When hypochondriasis is accompanied by significant physical symptoms, the dsm-5 diagnosis will be

What is the effect of identifying certain physical traits as socially significant?
What is the effect of identifying certain physical traits as socially significant?

In which order from the first technique to the last would the nurse perform a physical assessment?
In which order from the first technique to the last would the nurse perform a physical assessment?

Which nursing intervention indicate client care that supports physical functioning?
Which nursing intervention indicate client care that supports physical functioning?

How much exercise is recommended per day?
How much exercise is recommended per day?

Which duties are performed by the medical assistant during a physical exam quizlet?
Which duties are performed by the medical assistant during a physical exam quizlet?

A company can extend a private cloud by adding its own physical servers to the public cloud
A company can extend a private cloud by adding its own physical servers to the public cloud

Which of the risk factors should be well observed to prevent any harm to your health before doing any physical activity?
Which of the risk factors should be well observed to prevent any harm to your health before doing any physical activity?

What factors should you consider when choosing safety equipment for physical activity?
What factors should you consider when choosing safety equipment for physical activity?

Werbung

NEUESTEN NACHRICHTEN

What delivers applications over the cloud using a pay-per-use revenue model?
1 Jahrs vor . durch AsceticTranslation
What processes convert data into information and information into knowledge?
1 Jahrs vor . durch CorruptSolicitation
Fuß umgeknickt keine Schwellung aber Schmerzen was tun
1 Jahrs vor . durch TraceableMeasurement
What can decrease the effectiveness of an mbo (management by objectives) system?
1 Jahrs vor . durch HomesickDumps
Wie viel kostet ein normales Ohrloch stechen?
1 Jahrs vor . durch PitchedContents
Ein Colt für alle Fälle Klingelton Android
1 Jahrs vor . durch MonumentalShaving
Gemeinschaft entwässerung wer ist für zuständig
1 Jahrs vor . durch BarbaricCorrelation
Was ist der unterschied zwischen einem boot und einem schiff
1 Jahrs vor . durch HelluvaNuisance
Wann geht es weiter mit Outpost?
1 Jahrs vor . durch TumblingVariation
Wer ist bei lets danz faisal
1 Jahrs vor . durch SkilledStoryteller

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrkoptzhitthjphi
Urheberrechte © © 2024 nguoilontuoi Inc.