Please enable JavaScript.
Coggle requires JavaScript to display documents.
2 - Symmetric Cryptography - Coggle Diagram
2 - Symmetric Cryptography
Block Cipher Modes of Operation
Electronic Codebook (ECB)
It simply encrypts the block using the chosen secret key
Cipher Block Chaining (CBC)
Each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted
Cipher Feedback (CFB)
Streaming cipher version of CBC
Output Feedback (OFB)
Like CFB, but takes the direct output as a feedback instead of the XOR output that CFB does
Counter (CTR)
Similar to CFB, but uses a simple counter which is increased after each operation
Galois Counter Mode (GCM)
Adds data authenticity to CTR with authentication tags
Counter with Cipher BLock Chaining Message Authentication Code (CCM)
Similar to GCM but with CBC-MAC for data authenticity
Algorithms
Data Encryption Standard (DES)
64-bit blocks
Five modes: ECB, CBC, CFB, OFB, CTR
16 rounds of encryption
key length = 56 bits
Triple DES (3DES)
DES-EEE3
DES-EDE3
International Data Encryption Algorithm (IDEA)
Five modes: ECB, CBC, CFB, OFB, CTR
64-bit blocks
key length = 128 bits
Used for Pretty Good Privacy (PGP)
Blowfish
key length = 32 to 448 bits
Used for Secure Shell (SSH) connections
64-bit blocks
SKIPJACK
key length = 80 bits
The Clipper system that used SKIPJACK was designed for key escrow.
64-bit blocks
Rivest Ciphers
Rivest Cipher 4 (RC4)
key length = 40 to 2048 bits
Used in WEP, WPA, SSL, TLS
Rivest Cipher 5 (RC5)
Block size = 32, 64 or 128 bits
key length = 0 to 2040 bits
RC5 is an evolution of RC2
Rivest Cipher 6 (RC6)
128-bit blocks
key length = 128, 192 or 256 bits
Advanced Encryption Standard (AES)
block size = 128, 192, 256 bits
key length = 128, 192, 256 bits
encryption rounds = 10, 12, 14
Carlisle Adams and Stafford Tavares (CAST)
CAST-128
block size = 64
key length = 40 to 128 bits
encryption rounds = 12 or 16
CAST-256
block size = 128
key length = 128, 160, 192, 224, 256 bits
encryption rounds = 48
Distribution of secret keys
Offline distribution
Public key encryption
Diffie-Hellman
Storage and destruction of symmetric keys
Never store an encryption keys on the same system where encrypted data resides
Split knowledge = For sensitive keys, provide two different individuals with half of the key
Three major options
Software-based storage mechanism
Hardware-based storage mechanisms
Flash drives, smart cards, Hardware Security Modules (HSM)
Cloud-based storage mechanisms
Cloud HSM solutions
Key escrow and Recovery
Recovery agents (RA)
M-of-N where M=3 and N=12 => 12 authorized recovery agents, of whom 3 must collaborate to retrieve an encryption key