3.1 Describe the uses of a hash algorithm
Hash algorithms are a one way function that produces a unique mapping from a piece of a data to a string. This string can then be used to verify that the data has not been altered. Security software also uses hashes to compare a file to a list of known good or bad files.
Hashed Message Authentication Code (HMAC) uses hashing with a secret key to allow for a message to be validated. This is then used for digital signature.
3.2 Describe the uses of encryption algorithms
Encryption algorithms are used to protect the confidentiality of data. It can be used to encrypt a file like in an encrypted zip file. Alternatively encryption can be applied to a stream like in TLS(or SSL) or in an IPSec VPN. Either way the goal is the same to keep the data from being read by someone without the proper key.
3.3 Compare and contrast symmetric and asymmetric encryption algorithms
Symmetric encryption algorithms include DES, 3DES, AES, IDEA and Blowfish. Most data in VPNs are protected with symmetric algorithms because they are faster and use less CPU. The longer the key used with symmetric algorithms, the higher level of encryption is achieved.
Asymmetric encryption is generally associated with public key infrastructure. One key, the private key, is used for encryption and the other public key is used for decryption. Examples are RSA, DH, ElGamal, DSA and ECC.
3.4 Describe the processes of digital signature creation and verification
A digital signature is created by using a public/private key pair generated by a trusted CA. The public key is used to sign the message and the person on the other end uses their private key to validate the signature. Digital signatures provide non-repudiation for messages.
3.5 Describe the operation of a Private Key Infrastructure (PKI)
PKI requires there be a certificate authority to sign certificates and validate them. These CAs can be public or private. They can also have a chain of CAs with a root and intermediate CAs. The public keys are presented in the form of a signed certificate that allows things like web browsers to trust and decrypt the traffic signed with the private key.
There are several public key cryptography standards (PKCS):
- PKCS #1: RSA
- PKCS #3: DH
- PKCS #7: CA response to PKCS #10
- PKCS #10: Certificate request
- PKCS #12: Storage for public and private key with a password.
Revocation of certificates can be done by a certificate revocation list (CRL), Online Certificate Status Protocol (OCSP) or by AAA.
3.6 Describe the security impact of these commonly used hash algorithms
MD5 hashing should no longer be used for security applications. It is easily defeated.
SHA-1 is better than MD5, but has also been deprecated due to security issues and should not be used.
SHA-256 (SHA-2) is still considered secure and can be used for security applications.
SHA-3 has the longest key length and is considered currently to be the most secure hashing algorithm.
3.7 Describe the security impact of these commonly used encryption algorithms and secure communications protocols
DES is a symmetric encryption algorithm that uses 56-bit keys. It is easily cracked and is no longer used.
3DES is a symmetric encryption algorithm that uses 168-bit keys. It is easily cracked and is no longer recommended.
AES is a symmetric encryption algorithm that uses 128/256/512-bit keys. It is a block cipher.
AES256-CTR is an adaptation of AES for use with streaming data.
RSA is an asymmetric encryption algorithm that uses a key pair for encryption and decryption.
Digital Signature Algorithm is used for digital signatures using a key pair.
Secure SHell (SSH) is used to encrypt the stream of data between a client and a server. It is the secure alternative to telnet.
Secure Sockets Layer(SSL) and Transport Layer Security (TLS) are used by HTTPS, FTP/S and other similar protocols to encrypt traffic using private/public key pairs.
3.8 Describe how
the success or failure of a cryptographic exchange impacts security investigation
If the key exchanges are secure and successful there is no problem; however, if the key exchange is compromised, the encryption done can also be compromised. Any security investigation that finds issues with PKI or the key exchanges must suspect any data may have been compromised as well.
3.9 Describe these items in regards to SSL/TLS
- Cipher-suite: The cipher-suite defines what encryption algorithms are used.
- X.509 Certificates: Format for digital certificates issued by the CA
- Key exchange: process of exchanging the keys needed for encryption
- Protocol Version: SSL versions are all deprecated along with TLS 1.0 and 1.1. 1.2 and soon 1.3 are secure