Sec+ preparation #7 (Cryptography)

Jonas SatkauskasJonas Satkauskas
4 min read

Table of contents

Intro

Let’s jump into next day of preparing for SEC+.

Before beginning I just want to give credit to Master OTW at Hackers-Arise. I really enjoy how he describes data of various topics. Real professional.

You can purchase Security+ SY0-701 boot camp here

Buffer overflows

  • A buffer is a data storage area inside computer memory

  • A predefined amount of data can be inserted

  • If you give too much data it creates a buffer overflow.

  • The overflow data can even be executable code.

  • You kind of fool the machine to execute your code.

  • One of the most malicious attack.

Cryptography

This topic is one of the key element of the Security+ exam.

Cryptography at a glance

  • Explain general cryptographic concepts

  • Explain basic hashing concept

  • Map algorithm to applications

  • Explain and implement security protocols

  • Explain core concepts of public key cryptography

  • Look at trust models

Concepts that you must understand for the exam:

  • Key management

  • Steganography

  • Symmetric key

  • Asymmetric key

  • Confidentiality, Integrity, Availability (CIA triad)

    • These are the goals of cybersecurity. We can’t optimize them simultaneously .

  • Non-repudiation

  • Comparative strength of algorithms

  • Digital signatures

  • Whole disk encryption

  • Trusted Platform Module (TPM)

  • Single vs. Dual sided certificates

  • Use of proven technologies

  • Kerckhoffs’s Principle

Cryptography i the science of hiding the meaning of information. Looking in history, it comes from the Greek word Kryptos which means hiding.

People working in this field are Cryptographers. It’s mathematics. Most of the people who work in cryptography field have Phd in mathematics.

Goals of Cryptography

  • Confidentiality

  • Integrity

    • The information cannot be altered in storage or transit

    • Addition, Deletion, Modification are detected.

  • Authentication

    • Sender and Receiver confirm each other’s identity

  • Access Control

Cryptosystem

  • A set of rules, steps, and processes

  • It is the same concept as using common door lock

  • Each of the users have a different physical key.

    • Key can be asymmetric which means that every user has different key.

    • Key can also be symmetric which means a single key for every user.

      • It is a lot simpler and faster. About 1000 times faster.

      • In the internet, encryption is usually symmetric.

  • The key is the only secret. Algorithm is known.

Compare Strength of Ciphers

  • Algorithm

    • AES is a strong algorithm.

      • If the key is very short, then it does not have a good effect,

    • AES512 is stronger than AES256. The number after AES represents the length of the key.

  • Secrecy of the key

  • Length of the key

  • Use only as strong as needed

Steganography

It’s kin of hiding a message inside a file. Audio record or picture or other filetypes.

  • Comes from the Greek word steganos which means hidden and a word graphein which means to write.

  • Hiding is plain sight

  • Hiding a message within another medium

  • You cannot even claim there is a message

  • Invisible and hard to detect without tools.

  • Example of steganography:

It’s a good option to store important or secret information in mp3 files inside a separate USB drive or CD.

Cryptography Symmetric and Asymmetric (will be tested in exam)

  • Symmetric means one key.

    • Shared key encryption.

    • One key shared between receiver and sender

    • Key must be securely exchanged. (This is the problem which asymmetric encryption solves)

    • Has the advantage to be very fast

    • Provides only confidentiality service

    • Message Authentication Code (MAC)

    • SCADA also uses AES.

  • Asymmetric means TWO KEYS.

    • One public and one private key.

    • Public key can be given to anyone

    • Private key should never be shared.

    • Here’s where Diffie Hellman exchange comes in:

    • No prior relationship required to communicate securely.

    • 100 to 1000 times slower than Symmetric Ciphers.

Asymmetric Ciphers (important for exam):

Used for exchanging keys securely across public networks:

Used for encryption and for digital signatures:

  • RSA (Rivest–Shamir–Adleman)

    • There’s also a company RSA. They’ve got hacked in 2014. They had to change keys which was very expensive.

  • ECC (Elliptical Curve Cryptography)

    • It is simple and does not require lots of computing power, not like RSA.

Digital Signatures

Message digest (MD) - a synonym for the word hash.

Question that was in exam:

  • How many bits does SHA1 use?

    • 160 bits is the answer

    • SHA1 was developed by NSA

Whole disk encryption

Good software for that is Veracrypt.

  • It’s a must have for mobile devices for a good security layer.

  • Must provide pre-boot authentication

Trusted Platform Module

  • AKA TPM Chip

  • A secure Crypto Processor

  • Can store Cryptographic Keys

  • Can validate the ID of a system

Will add more

.

.

.

.

.

0
Subscribe to my newsletter

Read articles from Jonas Satkauskas directly inside your inbox. Subscribe to the newsletter, and don't miss out.

learningLearning JourneyLinux#cybersecuritycybersecuritycybrCyberSeccomptia security+comptiaCryptography

Written by

Jonas Satkauskas
Jonas Satkauskas