Security Policy Data format

SHA-256 SHA-384 SHA-512

The Domain of Cryptography SHA-1
Procedures Communication
Protocols
160bit hash
Version 1.0 (no longer considered secure)
Applications
Map created by: Henry Jiang, CISO | CISSP MD4
128bit hash
SHA-2 Family Public Key Cryptography
Components (aka Asymmetric algorithms)
Oppenheimer & Co., Inc.
Authorization Authentication
MD5
128bit hash Hashing Algorithms
(oneway encryption) Public Key Infrastructure (PKI) (X.509 standard) Certificate Authority (CA)
Confidentiality Integrity Hybrid - Both Asymmetric and Symmetric
Provides service for:
Weaknesses confidentiality, authentication
Nonrepudiation Digital Certificate
- Key management (need to secure the key etc.) Message Integrity integrity, and nonrepudiation (used to confirm a key is genuine)
- Provide confidentiality only, not
authentication nor nonrepudiation Crypto services
Crypto Operation Concepts
Cryptosystem
E(m,k)=C The Domain of Cryptography
Cipher Block M=D(c,k) Plaintext Ciphertext Encryption Decryption Plaintext
Electronic Code
Chaining (CBC) PKI IPSec
Book (ECB) --------------
E(Encryption) (if use PKI)
M(Message) Key Management
Private Keys SSL / TLS
Strengths C(Ciphertext) - client uses server's public key to encrypt a random number
SSH
- Faster K(Key) - server uses its private key to decrypt the random number
Modes of Operation - difficult to break with large keysize D(Decryption) - symmetric session key derived from the random number
(common) Hybrid Systems - use hash function to perform integrity check

Stream Ciphers HMAC (Hashed Message

Authentication Code)
Block Ciphers Symmetric Encryption Asymmetric Encryption Digital Signature (Asymmetric + HASH) Symmetric + HASH
(common key sizes: 112, 128, 192, 256) ("Intractable Problems") (A digital signature is a hash value i.e. HMAC+MD5
Data Encryption that has been encrypted with sender's private key)
Common Algorithms
Standard (DES) i.e. RSA + SHA256
Common use cases
56bit key size
Year 1975
RC4/RC5/RC6
No longer considered secure Common use cases
Private Key exchanges:
SSH, IPSec, SSL/TLS
Triple-DES (3DES) Advanced Encryption
Encrypt messages with (3) Standard (AES) PKI Strengths Common Algorithms
iterations of DES key sizes: 128, 192, 256 bits - Better key distribution mechanism
El Gamal
56, 112, 168 bit key sizes NIST initiated, become official standard - More scalable
Year 1998 for FIPS in Dec. 2001 - Provides authentication and nonrepudiation
Session Encryption
Diffie-Hellman Key Exchange

Disk or file encryption

- FireValut (Mac) IPSec Elliptic curve crypto system
- BitLocker (Windows) (if use pre-shared key) (ECC)
- TrueCrypt (File and folder) key sizes: 224-255, 256-383, 384-511, 512+
- Supported by all major storage solutions: Low on CPU consumption
EMC, NetApp, etc.
Mobile devices: Apple iOS, Android, Blackberry, etc. Rivest-Shamir-Adleman
(RSA)
Key sizes: 2048, 3072, 7680, 15360
factorization of prime numbers (CPU intensive)