2 cissp ® Official Study Guide Eighth Edition

268
Chapter 7 
■
PKI and Cryptographic Applications
a different message that produces the same message digest, thereby maintaining the validity 
of the original digital signature. 
Don’t forget that social engineering techniques can also be used in 
cryptanalysis. If you’re able to obtain a decryption key by simply ask-
ing the sender for it, that’s much easier than attempting to crack the 
cryptosystem!
Replay
The replay attack is used against cryptographic algorithms that don’t incorporate 
temporal protections. In this attack, the malicious individual intercepts an encrypted mes-
sage between two parties (often a request for authentication) and then later “replays” the 
captured message to open a new session. This attack can be defeated by incorporating a 
time stamp and expiration period into each message.
Summary 
Asymmetric key cryptography, or public key encryption, provides an extremely fl exible 
infrastructure, facilitating simple, secure communication between parties that do not nec-
essarily know each other prior to initiating the communication. It also provides the frame-
work for the digital signing of messages to ensure nonrepudiation and message integrity. 
This chapter explored public key encryption, which provides a scalable cryptographic 
architecture for use by large numbers of users. We also described some popular cryp-
tographic algorithms, such as link encryption and end-to-end encryption. Finally, we 
introduced you to the public key infrastructure, which uses certifi cate authorities (CAs) 
to generate digital certifi cates containing the public keys of system users and digital signa-
tures, which rely on a combination of public key cryptography and hashing functions. 
We also looked at some of the common applications of cryptographic technology in solv-
ing everyday problems. You learned how cryptography can be used to secure email (using 
PGP and S/MIME), web communications (using SSL and TLS), and both peer-to-peer and 
gateway-to-gateway networking (using IPsec and ISAKMP) as well as wireless communica-
tions (using WPA and WPA2). 
Finally, we covered some of the more common attacks used by malicious individuals 
attempting to interfere with or intercept encrypted communications between two parties. 
Such attacks include birthday, cryptanalytic, replay, brute-force, known plaintext, chosen 
plaintext, chosen ciphertext, meet-in-the-middle, man-in-the-middle, and birthday attacks. 
It’s important for you to understand these attacks in order to provide adequate security 
against them.

Exam Essentials 

Download 19,3 Mb.

Do'stlaringiz bilan baham: