CISSP Domain 3 Security Engineering – Part 2 – Cryptographic Concepts Cheat Sheet

CISSP Domain 3 security engineering, cryptograhic concepts

Cornerstone Cryptographic Concepts

  • Cryptology – Science of secure communications. Encompasses both cryptography and cryptoanalysis
  • Cryptography – Creates messages whose meaning is hidden
  • Cryptoanalysis – Science of breaking encrypted messages
  • Cipher – A cryptographic algorithm
  • Plaintext – unencrypted message
  • Encryption – converts plaintext to cyphertext
  • Decryption – turns ciphertext back into plaintext

Confidentiality, Integrity, Authentication and Non-repudiation

Cryptography can provide confidentiality, integrity but no Availability. It can provide authentication and non-repudiation.

Confusion, Diffusion, Substitution and Permutation

  • Diffusion – means the order of the plaintext should be diffused (or dispersed) in the ciphertext
  • Confusion – means that the relationship between the plaintext and cipher text should be as confused (or random) as possible
  • Substitution – replaces one character for another; this provides confusion
  • Permutation – (transposition) provides diffusion by rearranging the characters of the plaintext, anagram-style.

These methods though historical care still used in combination in modern ciphers such as the advanced Encryption Standard AES.

Cryptographic Strength

Good encryption is strong, it should be very difficult to convert ciphertext back to plaintext without the key. The “workfactor” describes how long it will take to break a cryptosystem (decrypt ciphertext without a key). Strong crypto relies on math and not secrecy. Ciphers that have stood the test of time are public algorithms such as 3DES and AES.

Monoalphabetic and Polyalphabetic Ciphers

  • Monoalphabetic cipher – uses one alphabet: a specific letter is substituted for another. Susceptible to frequency analysis.
  • Polyalphabetic cipher – uses multiple alphabets, a specific letter maybe used in one round and another the next round – addresses frequency analysis

Modular Math

Modular math lies behind much of cryptography: simply put, modular math shows you what remains (the remainder) after division. It is sometimes called clock math because we use it to tell time: assuming 12 hour clock, 6 hours past 9:00pm is 3:00am. In other words, 9:6 is 15, divided 12 leaves remainder 3.

Exclusive Or (XOR)

Combining a key with plaintext via XOR creates a ciphertext. XOR-ing the same key to the ciphertext restores the original plaintext.

xor-ciphertext-truth-table

Data at rest and Data in motion

Cryptography is able to protect data at rest and data in motion. Full disk encryption can protect data at rest and SSL or IPSEC VPN can protect data in motion.

Protocol Governance

Describes the process of selecting the right method (cipher) and implementation for the right job, typically at an organization-wide scale. Organizations must understand the requirements of a specific control, select the proper cryptographic solution and ensure factors such as speed, strength, cost, complexity (and others) are properly weighed.

Related Posts with Thumbnails

About the Author

Alfred Tong
Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV