03. Cryptography (299)

Question 1

Cryptography

• Cryptography is the practice of hiding information in plain sight.
• Encryption is the application of cryptography that converts data into code

299

Question 2

Cryptography

Original, unencrypted message or file

300

Answer 2

PLAINTEXT

Question 3

Cryptography

A message or file that has been transformed by encryption algorithm

300

Answer 3

CIPHERTEXT

Question 4

Cryptography

Process of transforming plaintext into ciphertext

300

Answer 4

ENCRYPTION

Question 5

Cryptography

Cyptographic operation on a block of data that returns a fixed-length string of characters.
Verifies the integrity of a message

301

Answer 5

HASH FUNCTION

Question 6

Cryptography

The output from a cryptographic hash function

301

Answer 6

MESSAGE DIGEST

Question 7

Cryptography

The result of encrypting the hash of a message with the originators private encryption key
Used to prove authenticity and integrity of a message

301

Answer 7

DIGITAL SIGNATURE

Question 8

Cryptography

Mathematical formula used to perform encryption, decryptiong, message digests, and digital signatures

302

Answer 8

ALGORITHM

Question 9

Cryptography

Process of transforming ciphertext into plaintext

302

Answer 9

DECRYPTION

Question 10

Cryptography

An attack on a cryptosystem where the attack is attempting to determine the encryptiong key used to encrypt messages

302

Answer 10

CRYPTANALYSIS

Question 11

Cryptography

Block of characters used with an encryption algorithm to encrypt and decrypt a block of data

302

Answer 11

ENCRYPTION KEY

Question 12

Cryptography

An encryption key used to encrypt another encryption key

302

Answer 12

KEY-ENCRYPTING KEY

Question 13

Cryptography

The size of an encryption key measured in bits

302

Answer 13

ENCRYPTION LENGTH

Question 14

Cryptography

An encryption algorithm that operates on blocks of data

302

Answer 14

BLOCK CIPHER

Question 15

Cryptography

A type of encryption algorithm that operates on a continuous stream of data i.e. video stream

302

Answer 15

STREAM CIPHER

Question 16

Cryptography

Random number required by some encryption algorithms to being the encryptiong process

302

Answer 16

INITIALIZATION VECTOR (IV)

Question 17

Cryptography

A method of encryption and decryption where sender and received must posess the same encryption key

302

Answer 17

SYMMETRIC ENCRYPTION

Question 18

Cryptography

A use of public key and private key to encrypt and decrypt messages and digital signatures

Answer 18

ASYMMETRIC ENCRYPTION
aka
PUBLIC KEY CRYPTOGRAPHY

Question 19

Cryptography

A technique used by two parties to establish a symmetric encryptiong key when there is no secure channel available

Answer 19

KEY EXCHANGE

Question 20

Cryptography

The property of encryption and digital signatures that make it difficult/impossible for a sender to deny having sent a digitally signed message

Answer 20

NON-REPUDIATION

Question 21

Private Key Cryptosystem

• Based on symmetric cryptographic algorithm
• Neccessary for both parties to possess a common encryption key
• 2 main challenges associated with this cryptosystem;

Key Exchange
Requires an out of band method i.e. telephone, fax, any means that is not over the same media you are transmitting message on
Scalability
Each sender-receiver pair exchange an encryption key
Communities of 1000+ users would require thousands of keys

303

Question 22

Private Key Algorithms

• Advanced Encryptiong Standard (AES)
• Blowfish
• Data Encryption Standard (DES)
• Triple DES
• Serpent
• Twofish

303

Question 23

Secure Key Exchange

• Secure Key Exchange - method used by 2 parties to establish a symmetric encryption key securely without transmitting the key over a channel
• Algorithms used for secure key exchange utilize information known by each parties but not transmitted between them

Example
* 2 routers using encryption on routing protocols will both have the key in their configurtaion so both ends known the key

303

Question 24

Secure Key Exchange

The most popular secure key exchange algorithm is Diffie-Hellman key exchange protocol

303

Question 25

# Public Key Cryptosystem * **Public Key Cryptosystems** are based on **asymmetric**, or **public key** cryptographic algorithms * Two-part encryption keys, **public key** and **private key** * Ideal cryptography for **securing message i.e. email** ## Footnote 304

Question 26

# Public Key Cryptosystem - Key Pair * Encryption keys used in public key cryptography are known as Public key and Private key * **Public key** - can openly be **distributed** * **Private key** - must be kept secure and **private** ## Footnote [Public Key Cryptography](https://drive.google.com/file/d/172hwJi4JQmt6xqhAMcvG-CETvKlxmA3B/view?usp=drive_link) 304

Question 27

# Public Key Cryptography Encryption of message, but not verifying authenticity; 1. User B publishes their public key 2. User A retrieves User B's public key 3. User A creates a message and encrypts it with user B's public key and sends the encrypted message to User NB 4. User B decrypts the message with their private key ## Footnote 304

Question 28

# Public Key Cryptography Very authenticity and integrity, but message not encrypted; 1. User A publishes their public key 2. User B retrieves User A's public key 3. User A creates a message and digitally signs it with their private key and sends message to User B 4. User B verifies the digitial signature using User A's public key ## Footnote 305

Question 29

# Public Key Cryptography Encrypt and digitally sign a message; 1. User A and User B publish their public encryption keys 2. User A and User B retrieve each others public keys 3. User A creates a message, signs it with their private key and encrypts the message with User B's public key and sends message 4. User B decrypts message with their private key and verifies the digitial signature with User A's public key ## Footnote 305

Question 30

# Verifying Public Keys 4 methods of verifying public keys **Certificate Authority (CA)** Public key obtained from a trusted, reputable CA is considered genuine **E-mail address** Public keys for email can include the users email address. Considered a weak method **Directory Infrastructure** Directory services infrastructure i.e. AD, Light Weight Directory Access Protocol (LDAP) can be used to verify users public key **Key Fingerprint** User retrieves a public key and calculates the key's fingerprint. The owner of the public key can verify the calculation by checking the calculations match ## Footnote 306

Question 31

# Hashing and Message Digests * **Hashing** is the process of **applying** a **cryptographic algorithm** on a block of information that **results in a fixed length digest** * Provides a unique and compact "**fingerprint**" for the message * Can be used to **verify** the **integrity** of a **large file** ## Footnote 306

Question 32

# Digital Signature * Cryptographic operation where sender applies their **digital identity** to a message or file * Purpose is to **authenticate** a message and its **integrity** * **Does not** protect **confidentiality** of the message, as **encryption** is **not performed** ## Footnote 307

Answer 32

1. Sender publishes public key 2. Recipient retrieves public key 3. Sender creates message and computes message digest (hash) and encrypts with their private key 4. Sender sends file plus encrytped hash 5. Recipient computes a message digest (hash) then decrypts the senders hash using the public key. 6. Hashes are both compared, if they match, recipient knows the message is the same as the one sent by the sender

Question 33

# Digital Envelopes **Digital envelope** utilizes the **convenience of public key cryptography** with the** lower overhead of private key cryptography**, known as "**hybrid cryptography**" ## Footnote 307

Answer 33

1. Sender agrees with recipient to send a large message 2. Sender creates a symmetric encryption key known as a **session key** 3. Session key is encrypted with the recipients public key 4. Sender encrypts the message with the session key 5. Sender sends encrypted message and encrypted session key 6. Receipient decrypts session key with their private key 7. Recipient decrypts message with the session key

Question 34

# Public Key Infrastructure (PKI) A **PKI** is a **centralised function** used to store and **publish public keys** ## Footnote 308

Question 35

# Public Key Infrastructure (PKI) Services provided by a PKI; **Digital Certificates** Digital credential conssiting of public key and block of information to idetnify the owner of the certificate **Certificate Authority (CA)** Business entity that issues digital certificates and publishes them in the PKI. The CA vouches for the identity of each digital certificate in a PKI **Registration Authority (RA)** Operates to vet requests to verify authenticity of person making request **Certificate Revocation List (CRL)** An electronic list of digital certificates that have been revoked prior to expiration date **Certificate Practice Statement (CPS)** Published statement describes the practices used by the CA ## Footnote 308

Question 36

# Key Management **Key managment** is the various **processes** and **procedures** used by an organisation to **generate, protect, use, and dispose** of **encryption keys** throughout their lifetime ## Footnote 308

Question 37

# Key Management Associated practices with key management; **Key Generation** Encryption key lifecycle starts with key generation. The process must take place in a highly protected system. A compromised system means keys can be compromised from point of creation **Key Protection** Private keys used in public key cryptosystems and keys used in symmetric cryptosystems must be continuously protected. Keys must be accessible only to the parties that are authorised to use them **Key-Encrypting Keys** The process of encrypting an encryption key to provide it additional protection. **Key Custody** Policies, processes, and procedures regarding management of keys. Focuses on who manages keys and where they are kept **Key Rotation** Process of issuing a new encryption key and re-encrypting data protected with the new key **Key Disposal** Process of decommissioning encryption keys ## Footnote 308-310

Answer 37

Key rotation will typically occur under the following 3 circumstances; 1. Key Compromise 2. Key Expiration 3. Rotation of Staff

Question 38

# Secure Socket Layer and Transport Layer Security (SSL/TLS) * **SSL and TLS** are **encryption protocols** used to **encrypt web pages** requested in **HTTPS** protocol * Provide **cryptographic functions**; Public Key encryptiong, Private Key Encryption, hash functions ## Footnote 310

Question 39

# Secure Multipurpose Internet Mail Extensions (S/MIME) **Secure Multipurpose Internet Mail Extensions (S/MIME)** is an **email security protocol** that provides sender and reipient **authentication** and **encryption** of message content and attachments. ## Footnote 310

Question 40

# Secure Shell **Secure Shell** is used to create a **secure channel** between **2 systems**. ## Footnote 310

Question 41

# Internet protocol Security (IPSec) * IPSec is a protocol used to create a **secure, authenticated channel** between **2 systems**. * Operates at the **internet layer** in the **TCP/IP protocol suite** * Operates in 1 of **2 modes**; **Encapsulating Security Payload (ESP)** All encapsulated traffic is encrypted **Authentication Header (AH)** Only IPSec authentication feature is used ## Footnote 311