All ISC CISSP certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the CISSP Certified Information Systems Security Professional practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Domain

21. Triple DES (3DES)

The speed of exhaustive key searches against Des after 1990 began to cause discomfort amongst users of the program. However, users did not want to replace Des as.It takes an enormous amount of time and money to change encryption algorithms that are widely adopted and embedded in large software architectures.

The pragmatic approach was not to abandon Des completely but to change the manner in which it is used. This led to the modified schemes of triple Des, sometimes known as three Dess. Incidentally, there are two variants of triple Des known as three-key triple Des and two-key triple Des. tripled as it was developed in 1998 and derived from Des. It applies the Des cypher algorithm three times to each of the data blocks. Triple-DES encryption is a computerised cryptography method where blocked cypher algorithms are applied three times to each data block.

The key size is increased to three bits to ensure additional security through encryption capabilities. Each block contains 64 bits of data. Three keys are referred to as "bundle keys," with 56 bits per key. There are three keying options in data encryption standards: all keys being independent, keyone and key being independent keys, and all three keys being identical. Before using three-key triple Des, a user first generates and distributes a three-key triple Des key, which consists of three different Deskeys: k-1, k-2, and K three. This means that the actual three TDEs key has a length of three times 56, or 168 bits. The encryption scheme is illustrated as follows:

The encryption and decryption process is as follows: First, you encrypt the plaintext blocks using the single DSA key one. Now you decrypt the output of step one using the single desk with key two. Finally, you encrypt the output of step two using a single desk with key three. The output of step three is the ciphertext. The decryption of a ciphertext is the reverse process of what we just described. The user first decrypts using key three, then encrypts with key two, and finally decrypts with key one. Due to the design of triple-DES as an encrypt-decrypt-encrypt process, it is possible to use a three-TDE hardware implementation for single-DES by setting K1, K2, and K3 to the same value.

This provides backwards compatibility with Des. The second variant of triple Des, also known as two TDEs, is identical to three TDEs, except that K 3 is replaced by K 1. In other words, the user encrypts plaintext blocks with key K 1, then decrypts with key K 2, and finally encrypts with key K 1 again. Therefore, 2D Des has a key length of 112 bits. While triple-D systems are significantly more secure than single-D systems, These are clearly much slower processes than encryption using single Des.Now, let's compare and contrast the data encryption standard with triple Des.The keylamp for Des is 56 bits with a two-tipped blade. The keylamp is 112 bits. Three TDEs are 168 bits. They are both symmetric and block ciphers. The number of keys required is one for does and two or three, depending on which one you're using for triple does.

22. AES, Blowfish, and Twofish

In this lesson, we will be learning about three symmetric encryption algorithms. Specifically, we will discuss the advanced encryption standard, or AES "blowfish and two fish." The more popular and widely adopted symmetric encryption algorithm is likely to be encountered nowadays. As the Advanced Encryption Standard, or AES, it is found to be at least six times faster than triple Des.Recall that a replacement for Des was needed because its key size was too small. With increasing computing power, it was considered vulnerable to a source of key search attack. Therefore, triple Des was designed to overcome this drawback, but it was found to be slow. So the features of AES are as follows: It has a symmetric key, a symmetric block typer, and 128 bit data, 128, 192, or 256 bit keys.

It's stronger and faster than triple Des. It provides full specifications and design details, and the software is implementable in C and Java. AES is an iterative rather than a fierce cipher. It's based on a substitution permutation network. It comprises a series of blank operations, some of which involve replacing inputs with specific outputs, or substitutions, and others involve shuffling bits around, or permutations. Interestingly, AES performs all its computations in bytes rather than bits. Hence, AES treats the 128 bits of a plain text block as 16 bytes. These 16 bites are arranged in four columns and four rows for processing as a matrix. Unlike Des, the number of rounds in AES is variable and depends on the length of the key.

AES uses ten rounds for 128-bit keys, twelve rounds for 192-bit keys, and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit roundkey, which is calculated from the original AES key. The schematic of the AES structure is given in the following illustration. Here we restrict the description of a typical round of AES encryption. Each round comprises four sub processes. The first round of the process is depicted in this illustration. Let's begin by discussing bite-substitution, or sub-bytes. The 16 input bytes are substituted by looking up a fixed table or S box given in the design. The result is a matrix of four rows and four columns. Next, let's discuss shift rows. Each of the four rows of the matrix is shifted to the left. Any entries that fall off are reinserted on the right side of the row. A shift is carried out as follows: the first row is not shifted. The second row is shifted one bite position to the left. The third row is shifted two positions to the left.

The fourth row is shifted three positions to the left, and the result is a new matrix consisting of the same 16 bytes but shifted with respect to each other. Let's discuss mixed columns. Each column of four bytes is now transformed using a special mathematical function. This function takes as input the four bytes of one column and outputs completely new bytes that replace the original column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step was not performed in the last round. Finally, let's discuss adding a round key. The 16 bits of the matrix are now considered 128 bits and are XORed with the 128 bits of the round key. If this is the last round, then the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes, and we begin another similar round. The process of decrypting an AES ciphertext is similar to the encryption process in reverse order. Each round consists of the four processes conducted in reverse order: add round key, mix columns, shift rows, and byte substitution since subprocesses in each round are in reverse order.

Unlike for a Feistyle cipher, the encryption and decryption algorithms need to be separately implemented. Although they are very closely related in present-day cryptography, AES is widely adopted and supported in both hardware and software. To date, no practical cryptanalytic attacks against AES have been discovered. Additionally, AES has built-in flexibility in keylamp, which allows a degree of future proofing against progress and the ability to perform exhaustive key searches. However, just as with debts, the AES's security is assured only if it is correctly implemented and good key management is employed. In this lesson, we will be discussing blowfish. Blowfish is a keyed symmetric cryptographic blockcipher designed by Bruce Schneier in 1993 and placed in the public domain. Blowfish is included in a large number of cypher suites and encryption products. Blowfish's security has been extensively tested and proven as a public-domain cipher.

Blowfish has been subject to a significant amount of cryptanalysis, and full Blowfish encryption has never been broken. Blowfish is also one of the fastest block cyphers in public use. Schneider has designed Blowfish as a general-purpose algorithm intended as a replacement for the ageing DESK and free of the problems associated with the other algorithms. Notable features of the design include key-dependent Xboxes and a highly complex key schedule. Let's take a closer look at how Blowfish works exactly. Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits. It is a 16-round fiscal cypher and uses large key-dependent S boxes. It is similar to Structure for Cast128, which uses fixed S boxes. This diagram shows the blowfish's s function.

The function splits the 32-bit input into four eight-bit quarters and uses the quarters as input to the S boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output. Let's quickly summarise blowfish. Blowfish is a public-domain algorithm that was originally designed as a DS replacement. It uses a Feistyl network and combines substitution and transposition. Blowfish is one of the fastest block cyphers in widespread use, except when changing keys. Each new key requires free processing equivalent to encrypting about 4 texts, which is very slow compared to other block ciphers. This prevents its use in certain applications, but it is not a problem in others. Blowfish is not subject to any patents and is therefore freely available for anyone to use. This has contributed to its popularity in cryptographic software.

Another symmetric algorithm is too fishy. Too. Fish was derived from blowfish by Bruce Schneier in 1998. It is freely available in the public domain as it has not been patented. It is a symmetric key block cypher with key sizes of 128, 192, and 256 bits used to encrypt 128-bit block-size data in 16 rounds. The algorithm making use of S boxes makes the key generation process very complex and secure. So in summary, Twofish was designed as a BS replacement. It was placed in the public domain, uses a Feisty network, combines substitution and transposition, and some of the key facts are that it's symmetric, it's a block cipher, and a key length of 128, 192, or 256 bits is what you'll need to remember. Here is a summary of the algorithms we've discussed. I would strongly encourage you to pause the video now and review the method and key size of each as a quick refresher. We've covered a lot of information, and this summarises most of it.

23. RC4

The RC4 encryption algorithm developed by Ronald Rives of RSA requires a secure exchange of a shared key. RC4 is no longer considered secure, and careful consideration should be taken regarding its use. The symmetric key algorithm is used identically for encryption and decryption. Such an extreme data set is simply XLR with the generated key sequence. The algorithm is serial, as it requires successive exchanges of state entries based on the key sequence. Hence, implementations can be very computationally intensive. The RC4 encryption algorithm is used by standards such as IEEE 800 and 211 with wireless encryption protocols using 40 and 128-bit keys.

Published procedures exist for cracking the security measures as implemented on the Web. Here are some quick facts on RC Four: It is the most widely used stream cipher. It was developed by Ron Rivet and invented in 1987. The RC stands for Ron's Code, and it's a variable key size. It's a byte-oriented stream cipher. It's widely used for Web Secure Socket Layer (SSL) and TLS wireless equivalents of wired privacy (WP).

And it normally uses 64-bit and 128-bit keys. It consists of two parts: the key scheduling algorithm (KSA) and the pseudo-random generation algorithm. RC4 generates a pseudo-random stream of bits, or a key stream. As with any stream cipher, these can be used for encryption by combining them with the plaintext using bitwise. Exclusive or decryption is performed the same way. Since exclusive OR is a symmetric operation to generate the keystream, the cypher makes use of a secret internal state that consists of two parts. One is a permutation of all 256 possible bytes, denoted as S in this illustration. Second, it uses two eight-bit index pointers denoted as I and J. In this illustration, the permutation is initialized with a variable-length key, typically between 40 and 256 bits, using the key scheduling algorithm.

Then the stream of bits is generated by a pseudorandom generation algorithm. Let's quickly recap the advantages and disadvantages of RC Four. The first advantage is that RC Four is faster than Des. Secondly, it offers enormous key space. Third, it is very popular and is used in the secure socket layer. The disadvantages include having a large number of weak keys (from one to 56), whereby weak keys can be detected and exploited with a high probability. Again, I must emphasize that RCF4 is no longer considered secure.

24. RSA Cryptography

In this lesson, we will discuss RSA cryptography. RSA Encryption is a public-key encryption technology developed by RSA Data Security. The RSA algorithm is based on the difficulty of factoring very large numbers. Based on this principle, the RSA encryption algorithm uses prime factorization as the trapdoor for encryption. Deducing an RSA key therefore takes a huge amount of time and processing power. RSA is the standard encryption method for important data, especially data that's transmitted over the Internet. RSA is a public key cryptosystem that MIT Professors Ron River Addie Shamir and Leonard Adelman invented in 1977.

The system is based on several mathematical principles in number theory. Before we dive deeper into our essay, I should note here that several math principles are required to fully understand RSA cryptography. Those mathematical ideas include prime numbers, multiplication versus factorization, and the greatest comment advisor. Euclidean algorithm, relatively prime numbers, modular arithmetic, modular inverse Euler's theorem, and multiplicative functions If you are not completely familiar with these concepts, it's okay.

You're not the only one. The math behind RSA is really beyond the scope of this course, but I thought I should share this information so you have a frame of reference if you want to do some further research on your own. The RSA algorithm requires key generation, encryption, and decryption. Let's look at some of the math for each. In key generation, we select numbers P and Q, where P and Q are both prime numbers. We calculate n by multiplying p and Q. Also note that in encryption ciphertech, capital C equals capital M to the E multiplied by modulo n, and in decryption, the plaintext capital M equals capital C to the D multiplied by modulo n. RSA derives its security from the difficulty of factoring large integers that are the products of two large prime numbers. Multiplying these two numbers is easy, but determining the original prime numbers from the total factoring is considered infeasible due to the time it would take even using today's supercomputers.

The public and private key generation algorithms are the most complex parts of RSA cryptography. Two large prime numbers, P and q, are generated using the Raven Miller primality test algorithm. A modulus n is calculated by multiplying p and q. This number is used by both the public and private keys and provides a link between them. Its lamp, usually expressed in bits, is called the key lamp. The public key consists of the modulus n and the public exponent E. The E figure doesn't have to be a secretly selected prime number, as the public key is shared with everyone. The private key consists of the modulus n and the private exponent D, which are calculated using the Extended Euclidean algorithm to find the multiplicative inverse with respect to the torsion of N. While the math may sound complicated, an example can really simplify things.

Let's look at a simple example. Alice generates her RSA keys by selecting two primes, where P equals 11 and q equals 13. The modulus therefore equals p times q, which is 143, and therefore N equals 143. The totems of n fi n therefore equal p minus one times q minus one, which equals 120. Next, she chooses seven for her RSA public key and calculates her RSA private key using the Extended Euclidean algorithm, which gives her 103. Next, Bob wants to send Alice an encrypted message, so he obtains her RSA public key, which in this example is 143 and 7. His plaintext message is just the number nine and is encrypted into cypher text. capital C as follows: capital M to the E modulo Nequals nine to the seventh modulo 143, which equals 48. which equals a capital C. Next. when Alice receives Bob's message.

She decrypts it by using her RSA private key smallD in small N as follows: capital C to the D modulo N equals 48 to the 103 modulo 143. which equals nine. which equals M. to use RSA keys to digitally sign a message. Alice would create a hash or message digest of her message to Bob. Encrypt the hash value with her RSA private key and add it to the message. Bob can then verify that the message has been sent by Alice and has not been altered by decrypting the hash value with her public key. If this value matches the hash of the original message, then only Alice could have sent it, implying authentication and nonrepudiation, and the message is exactly as she wrote it, which implies integrity.

Alice could, of course, encrypt her message with Bob's RSA public key before sending it to him. As discussed earlier, the security of RSA relies on the computational difficulty of factoring large integers. As computing power increases and more efficient factoring algorithms are discovered, the ability to factor larger and larger numbers also increases. Encryption strength is directly tied to the key side, and doubling the key length delivers an exceptional increase in strength. although it doesn't pay our performance. RSA keys are typically 1024 or 2048 bits long, but experts believe that 1024-bit keys could be broken in the near future, which is why government and industry are moving to a minimum key length of 2048 bits.

Barring an unforeseen breakthrough in quantum computing, it should be many years before longer keys are required. But elliptic curve cryptography is gaining favour with many security experts. As an alternative to RSA for implementing public-key cryptography, it can create faster, smaller, and more efficient cryptographic keys. Much of today's hardware and software is elliptic curve cryptography ready, and its popularity is likely to grow as it can deliver equivalent security with lower computing power and battery resource usage, making it more suitable for mobile apps than RSA. Finally, a team of researchers, which included Eddie Schmier, the co-inventor of RSA, has successfully determined a 4096-bit RSA key using acoustic crypt analysis. However, any encryption algorithm is vulnerable to this type of attack. So to summarize, here are the RSA key facts: RSA is an asymmetric encryption algorithm with a variable-length key between 1024 and 4096 bits. and it is considered secure.

25. Elliptic-Curve and Quantum Cryptography

Elliptic curve cryptography and quantum cryptography are two more encryption technologies, but these are less commonly used. The foundation of asymmetric cryptography is based on the difficulty of solving complex math problems. For example, the RSA algorithm is based on the math of solving large, complex prime numbers. A prime number is a number that is divisible by itself and one. Let's say, for example, that I told you I was going to multiply two prime numbers and give you the answer. For instance, 15 would be the answer to the multiplication of two prime numbers, and I told you to tell me what those two numbers are.

You would be able to easily tell me that those two numbers are three and five. As three and five are both prime numbers that multiply to 15, Similarly, if I told you that I multiplied two numbers to get 21, you would tell me those two prime numbers are seven and three because those are the two numbers that are prime and multiplied to 21. However, if I give you a number like 33,878,633 and ask you to provide me the two prime numbers that multiplied to that, you would probably have a little bit of a challenge.

This is what a cryptographic algorithm like RSA is founded upon, and the challenge of prime factorization for very large numbers is what makes it so successful. Now, if an efficient method of solving prime factorization was discovered, modern cryptography utilising prime factorization as we know it would be rendered completely useless. Enter the equation of elliptic curve cryptography. Elliptic curve cryptography does not depend on prime factorization. Instead, it uses the elliptic-curve discrete logarithmic problem. Elliptic curve cryptography is a public encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. Elliptic curve cryptography generates keys through the properties of the elliptic curve equation. Instead of the traditional method of generation as the product of very large prime numbers, the technology can be used in conjunction with most public key encryption methods such as RSA and Defy Hellman.

According to some researchers, ECC can yield a level of security with a 164-bit key that other systems require a 1024-bit key to achieve. Because ECC helps establish equivalent security with lower computing power and battery resource usage is becoming widely used for mobile applications, The equation of an elliptic curve is given as y squared equals x cubed plus axe plus b, and the graph to the right is a graphical representation of this equation. In recent years, quantum computing has become very popular. Quantum computing utilises quantum mechanics to perform computing tasks. Quantum computing is still in the early stages and is heavily theory-based, but it is significant because advanced quantum computing may be able to defeat cryptographic algorithms that depend on factoring large prime numbers. It's also important to note that elliptic curve cryptography cannot protect against quantum attacks, and elliptic curve cryptography is even more vulnerable to quantum attacks compared to prime factorization. On the positive side, however, quantum computing may provide superior algorithms.

ISC CISSP practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass CISSP Certified Information Systems Security Professional certification exam dumps & practice test questions and answers are to help students.