2.8 Encryption Flashcards

1
Q

Cryptography concepts: what is cryptography for ?

A

To provide :
- confidentiality,
- integrity (with tamper-proof),
- non-repudiation
- authentication and access control (we know it’s really you)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cryptography concepts: what is plaintext?

A

An unencrypted message (in clear)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cryptography concepts: what is ciphertext?

A

An encrypted message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cryptography concepts: what is cipher?

A

The algorithm used to encrypt and/or decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cryptography concepts: what is cryptanalysis?

A

The art of cracking encryption. Researchers are constantly trying to find weaknesses in ciphers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cryptography concepts: what is keys?

A

Cryptographic key is informations that is added to the cypher to encrypt the plaintext. Larger keys are generally more secure.

Some encryption methods use one key and some use multiple key to add another layer of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cryptography concepts: how to strenghten a key?

A
  • Use encryption methods that use the larger possible keys
  • If you cannot use the 1st option, make a weak encryption key stronger by performing multiple processes: hash a password, hash the hash of the password etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cryptography concepts: what are the consequences of strenghten a key?

A

Brute force attacks would requiring reversing each of the hashes so the attacker has to spend much more time (even though the key is small)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cryptography concepts: what is key stretching libraries?

A

Key stretching libraries are libraries that already exist for streching keys.
For ex bcrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cryptography concepts: what is bcrypt and how it works ?

A

It is a key streching library.
Bcrypt generates hashes from passwords, and is an extension to the UNIX crypt library. Bcrypt uses blowfish cypher to perform multiple rounds of hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cryptography concepts: what is PBKDF2 and how it works ?

A

Password-Based Key Derivation Function 2 (PBKDF2) is a key stretching library and can be use to make application much secure. It is part of RSA public key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cryptography concepts: what is lightweight cryptography?

A

An encryption method that features a small footprint and/or low computational complexity (use less CPU).
Usually used for IoT devices and was created by NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cryptography concepts: what is homomorphic encryption (HE)?

A

It is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cryptography concepts: what are the advantage of homomorphic encryption (HE)?

A
  • Secyrely store data in the cloud
  • Perform research on data without viewing the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Symmetric & Asymetric cryptography: what is symmetric encryption?

A

Encryption where you use a single key to encrypt and decrypt the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Symmetric & Asymetric cryptography: what is the security issue w/ symmetric encryption?

A

If the key does become available for others to see, you will have to redo all of the encryption because everyone has copy of the key that can be used to decrypt this data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Symmetric & Asymetric cryptography: what is one of the challenge w/ symmetric encryption?

A

It doesn’t scale very well: It can be difficult to distribute the key across the network without first encrypting it.
And since the key hasn’t been sent across the network, there is no way to have a known key on both sides that you can use for the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Symmetric & Asymetric cryptography: what is asymetric encryption?

A

The key use to encrypt and decrypt the message are different

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Symmetric & Asymetric cryptography: what is public key cryptography?

A

It is just another name for asymetric encryption because there are multiple keys (2 or more): a public key and a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Symmetric & Asymetric cryptography: what is private key ?

A

It’s a key that only the user have access. It’s private key because nobody else know what that key is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Symmetric & Asymetric cryptography: what is public key ?

A

Public key is mathematically related to the private key and this is the key that you give to everybody. If someone wants to send an encrypted message to you, he needs to have the public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Symmetric & Asymetric cryptography: how public & private keys are related ?

A

The 2 keys are mathematically related:
- Once somebody encrypts data with a public key, the only way to decrypt that information is by using the corresponding private key (the key that only the user have access).
- You can also encrypt info with your private key and the only people able to decrypt it would be those w/ the public key. It is used in digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Symmetric & Asymetric cryptography: how key pair (public & private) are generated?

A

Key generation are:
- Build both the public & private key at the same time using a key generation program
- The generation program use a large range of number and randomization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Symmetric & Asymetric cryptography: what is the process for encrypting and decrypting information in asymetric cryptography?

A

Bob want to send an encrypted message to Alice. To encrypt the message he needs Alice’s public key to created the ciphertext. Once Alice the ciphertext message, she decrypt it using her private key and can see the message send by Bob.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Symmetric & Asymetric cryptography: how to fix the scale problem of symmetric key ?

A

By using asymmetric encryption to create a symmetric key on both sides without having to send that symmetric key across the network.

Identical symmetric keys are generated on both Bob and Alice side using:
- For Bob: Bob private key + Alice public key = symmetric key
- For Alice: Alice private key + Bob public key = symmetric key
So those 2 symmetrics key are the same but have never been send across the network. This process is used for Diffie-Hellman key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Symmetric & Asymetric cryptography: how asymmetric encryption work from a system pov ?

A

Asymmetric encryption need large integers of very large prime factors nb and that calculation requires CPU overhead and resources on the machine to be able to encrypt and decrypt the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Symmetric & Asymetric cryptography: what Elliptic Curve Cryptography (ECC) ?

A

ECC uses curves (des courbes) instead of very large number (consumming CPU etc) to be able to create the asymetric keys that is use for public & private key encryption & decryption.
ECC can use smaller key to maintain the same security as non-ECC algorithms and require smaller amount of storage & data that would need to be transmitted across the network.
This allow to have access to the powerful features available with asymmetric encryption, while using mobile devices and IoT devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Hashing & Digital Signatures: what is hashes and what is it used for?

A
  • It represent data as short string of text (refer to message digest or a fingerprint)
  • One way trip: impossible to recover the original message from the digest so perfect solution for password storage
  • Use to verify integrity
  • Can be a digital signature that provide authentication, non repudiation and integrity
  • Each hash should be unique
29
Q

Hashing & Digital Signatures: give the most common hash example?

A
  • SHA256: 256 bits which is 64 hexadecimal characters
  • MD5
30
Q

Hashing & Digital Signatures: what is collision?

A

When hashes algorithms create the same hash for different types of inputs. This occurs with MD5 so don’t use it

31
Q

Hashing & Digital Signatures: are password stored ?

A

Yes, they are stored as salted hash. The hash is compared during the authentication process.

32
Q

Hashing & Digital Signatures: what “adding some salt” means ?

A

“Salt” are random data added to a password when hashing.
Each user gets their own random salt and the salt is commonly stored with the password. Hence rainbow tables won’t work with salted hashes but if an attacker find the salt he can bruteforce the process.

33
Q

Hashing & Digital Signatures: what is digital signatures ?

A
  • It allow a user to send information to another party and have that person confirm that what they received is exactly the information that the user originally sent (integrity)
  • It prove the source of the message (authentication)
  • Also verufy that the signature is not fake (non-repudiation)
  • Digital signatures is made with the private key from the original user and verify with the public key
34
Q

Hashing & Digital Signatures: how to create a digital signatures ?

A

1/ Alice wants to send a message to Bob but she wants to make sure that Bob is able to verify that this message is legitimate and that it really came from Alice. Alice is going to hash the message. Then Alice will encrypt that hash using her private key wich will create the digital signature. The DS is then attached to the plaintext message.
2/ Once Bob receive the message, he’ll use Alice public key to decrypt the digital signature that she sent (which is en encrypted version of the hash). Then he will use the same hashing function as Alice on the plaintext message and then compre those hashes to ensure they the same. If the hashes match, the message is legitimate.

35
Q

Cryptographic keys: what is cryptoraphic keys for?

A

Cryptographic keys make encryption and decryption possible.

36
Q

Cryptographic keys: is it better if the key is smaller or larger ?

A
  • Larger keys tend to be more secure (prevent bruteforce attack)
37
Q

Cryptographic keys: what are the min key lenght for symmetric & asymmetric encryption?

A
  • Symmetric encryption: 128 bit or larger
  • Asymmetric encryption: larger than symmetric keys and use a complex calculation of prime nb, common to see key lenghts of 3072 bits or larger
38
Q

Cryptographic keys: how key exchange can be done securely ?

A

Using an in-band key exchange which protect the key with additonal encryption: use asymmetric encryption to deliver a symmetric key

39
Q

Cryptographic keys: what is a key session?

A

An ephemeral key that is used in only 1 session

40
Q

Cryptographic keys: what is Diffie-Hellman key exchange?

A

It use public and private key cryptography to create an identical symmetric key on both side.

41
Q

Cryptographic keys: what is the traditional web server encryption ?

A

SSL/TLS uses encryption keys to protect web server (that has a public & private key) communication.

42
Q

Cryptographic keys: how to hack web server encryption ?

A

If you find the server’s private key, you can decrypt all of the data.

43
Q

Cryptographic keys: why SSL/TLS is not enough for web server encryption ?

A

Because it is single point for all of the encryption so there needs to be other way to provide encryption to the server to prevent someone to decrypt it.

44
Q

Cryptographic keys: how to prevent SSL/TLS lack of security for web server encryption ?

A

We can use a Perfect Forward Secrecy (PFS) which change the encryption process so the same private key is not used every time to be able to transfer the symmetric key across the network.
The key is changed at each session using ECDHE hence requiring more computing power. The browser should also support PFS

45
Q

Cryptographic keys: what is Elliptic curve or Diffie-Hellman ephemeral (ECDHE) ?

A

Same as PFS: a way to prevent the lack of security for SSL/TLS encryption by changing the private key for each session (1 key = 1 session).

46
Q

Steganography: what is steganography?

A

Type of obfuscation which hide data into an image, video or audio file.

47
Q

Steganography: what are the different way to hide information using steganography?

A
  • Network base: embed messages in TCP packets
  • Use an image
  • Invisible watermark
48
Q

Quantum computing: what is quantum computing?

A

Computing based on quantum physics rqther than being based on classical physics that uses bits (1 and 0).
In Quantum computing they use qubits instead of bits

49
Q

Quantum computing: what is qubits ?

A

Qubits (quantum bits) are smaller form or information meaning it can store more information than binary system due to its bits.
Qubits are 0, 1 and any combinaison between 0 & 1 simutanously makint the piece of info smaller

50
Q

Quantum computing: what is the advantage of quantum computing?

A
  • Search quickly through large DB in a short period of time
  • Help in simulation: weather prediction, medical advances, astrophysics
51
Q

Quantum computing: is quantum computing be an issue to cryptography and why?

A

Yes, it breaks our existing encryption mechanisms because today’s encryption use very large prime nb to be able to create the complexity required to keep all of our data encrypted. But quantum computer are able to perform these very large calculation in a very short period of time. So it make our encryption useless because quantum computers would be able to brute force all the encrypted data quickly

52
Q

Quantum computing: what is NTRU?

A

A new way of performing encryption with quantum computing that use closet vector problem instead of very large prime nb

53
Q

Stream & block ciphers: what is a stream cipher ?

A

It is used in symmetric encryption and is an encryption technique that works byte by byte to transform plain text into code that’s unreadable to anyone without the proper key.

54
Q

Stream & block ciphers: what is the advantage of stream cipher ?

A

High speed, low hardware compexity

55
Q

Stream & block ciphers: what is a block cipher ?

A

It is used in symmetric encryption and take a block of bytes and encrypt that entire block (often 64-bit or 128-bit blocks) . There are different block cipher operation

56
Q

Stream & block ciphers:
what are the different block cipher operation?

A
  • ECB: each block is encrypted with the same encryption key
  • CBC: different set of input and output is perfmor to the data to add some randomization (XORed)
  • CTR: encrypt succesive values of a “counter”
  • GCM: encyrption with authentication, commonly used in packetized data (network security, SSH, TLS)
57
Q

Blockchain: what is a blockchain?

A

A distributed ledger distributed across multiple devices and a way to keep track of transactions

58
Q

Blockchain: what is the blockchain process?

A

1/ A transaction is requested (transferring bitcoins, medical records, data backup)
2/ The transaction is sent to every computer (or node) in a decentralized network to be verified
3/ Once the transaction is verified, it is added to a new block of data containing other recently verified transactions
4/ The hash is added to the new block of verified transactions
5/ Once the hash is completed, the block is added to the end of the blockchain which then pdated to all nodes in the network for security maintening the distributed ledger

59
Q

Blockchain: what is the constrainst with maintaining a distributed ledger in blockchain process ?

A

If any blocks are altered, its hash and all following hashes in the chain are automatically recalculated.
The altered chain will not longer match the chains stored by the rest of the network and will be rejected.

60
Q

Cryptography limitations: what is the consequences of bad cryptography implementation?

A
  • Bad implementation (platform, cryptographic options etc) can lead to security issues. Ex: use hashing to store password without a salt
61
Q

Cryptography limitations: what are the cryptography limitations?

A
  • Speed
  • Size
  • Weak keys
  • Time
  • Longevity
  • Key reuse
  • Resources vs security constrainst
62
Q

Cryptography limitations: what is key reuse?

A

Reusing the same key reduces the complexity (less cost, administrative overhead and effort to recertify). However if the key is compromised everything using that key is at risk

63
Q

Cryptography limitations: what is resources vs security constrainst?

A

Some devices (like IoT) have limited CPU, memory and power which is a security constrainst because it’s difficult to maintain and update security components.

64
Q

Cryptography limitations: what is speed limitation ?

A

cryptography needs CPU, CPU needs power

65
Q

Cryptography limitations: what is size limitation ?

A

block cipher encrypt 16 bytes/128 bits, if we decide to encrypt 8 bytes it will double the storage size

66
Q

Cryptography limitations: what is weak key limitation ?

A

large key are more difficult to bruteforce

67
Q

Cryptography limitations: what is time limitation ?

A

encryption take time, asymmetric is slower than symmetric

68
Q

Cryptography limitations: what is longevity limitation ?

A

some cryptographic technology can becomes less secure