3. Encryption

Question 1

Use of encryption

Answer 1

Beyond protecting confidentiality, encryption can be used to certify documents with digital signatures, making it possible for an unaffiliated third party to determine the identity of the person or organization that signed the document and to verify that the document has not been modified since signing.
Encryption is also used for both identification and authentication in the digital world. For identification, encryption can establish identities that are linked to legal identities, such as the name of a person or corporation, or that are unrevealing pseudonyms. And unlike a name, Social Security number or other identifier, cryptographic identities can be mathematically authenticated by a relying party, greatly reducing the chance that the identity is being fraudulent asserted—for example, by a criminal engaged in identity theft. As a result, encryption has long been used by organizations to identify their websites and internet servers, and it is increasingly used by individuals to prove their identity to remote computers over the internet.

Question 2

Homomorphic encryption

Answer 2

Homomorphic encryption has been developed that allows encrypted information to be manipulated without decrypting it first (data in use).
A related technology called secure multiparty computation allows two or more computers to participate in a computation and compute a mathematical result without otherwise revealing private information. For example, with multiparty computation, five people can get together and compute their average salary without revealing their individual salaries to anyone—not to each other, and not to a trusted third party.

Question 3

Cryptographic system

Answer 3

A cryptographic system is the collection of cryptographic algorithms, protocols, software and other items that use cryptography to achieve information security goals.

Question 4

Randomness/entropy

Answer 4

Merely encrypting with an algorithm and a key is not sufficient to ensure security. It is also necessary to use randomness, also called entropy, so that an attacker observing the output of an encryption system cannot determine if the same message is encrypted a second time. The need to obtain a sequence of numbers that is truly random is one of the defining characteristics of modern cryptography.

Question 5

Public Key Algorithms

Answer 5

Public key algorithms, also called asymmetric algorithms, are designed so that the plaintext can be encrypted using only public information, but decrypting the ciphertext requires the use of private information. A variety of asymmetric algorithms have been proposed. Most are based on some kind of deep mathematical or algorithmic property. One of the most common algorithms is RSA, named after its inventors Rivest, Shamir and Adleman. However, many other public key systems have been created: Digital Signature Algorithm & Elliptic Curve Cryptography, TLS

Question 6

Symmetric Algorithms

Answer 6

Secret key algorithms, also called symmetric algorithms, use the same key to encrypt and decrypt the plaintext. The most common symmetric algorithm in use today, the AES, is typically used with keys that are either 128 bits or 256 bits in size. Ciphers are based on two mathematical operations: substitution, which substitutes one pattern for another according to a code book; and transposition, which scrambles the bits within a set of bytes. DES and triple-DES are also a type of symmetric encryption.

Question 7

Brute Force Attack

Answer 7

One way to forcibly decrypt an encrypted message without knowing the key is to try every possible key, because the correct key, when tried, will decrypt the message. Such attack is called a brute force attack or a key search attack, and it is infeasible with 128-bit AES.
The most basic form of cryptanalysis is the brute force attack, in which an attacker tries to decrypt a single message by systematically trying all possible keys. It is important to understand this kind of key search attack because there is fundamentally no way to protect against it—an attacker that gets an encrypted message can always try to decrypt it by trying all possible keys. In practice, more sophisticated approaches are used.

Question 8

Cryptography

Answer 8

Cryptographic approaches typically provide stronger confidentiality assurances when compared to password-only approaches—but cryptography is more susceptible to catastrophic data loss. In practice cryptographic approaches offer less flexibility, because access control policies need to be implemented in the rather restrictive language of cryptography. For example, a password system can rather trivially be programmed with time-based access controls, so that even authorized individuals don’t have access to data when they are on vacation. It is currently not be possible to implement such a restriction solely with cryptography in a manner that cannot be readily subverted.

Question 9

TLS

Answer 9

SSL (Secure Socket Layer) protocol was revised several times, renamed transport layer security (TLS) and adopted as an internet standard in 1999. Today TLS (sometimes called SSL/TLS) is one of the most widely used forms of encryption in the world. TLS protects virtually all of the information sent over the internet, from Google searches and Facebook status updates to stock purchases worth hundreds of millions of dollars and streaming video.
TLS is what’s known as a pluggable cryptographic protocol, meaning that the single protocol supports the use of multiple hash functions and ciphers. When a TLS client connects to a TLS server, the two negotiate the most secure version of each algorithm from the set of algorithms that each implement. This means that TLS can be configured so that it offers strong authentication and integrity, but poor confidentiality—a configuration that has been required by some governments in the past. Thus, simply using TLS is no guarantee of security—it depends on the specific algorithms that are in use.
There are many things that TLS encryption does not protect, such as information about the amount of the data exchanged, the location of the endpoints, or the very fact that data is being exchanged at all. Analyzing this kind of information is called traffic analysis, and it can be very easy to do. We explain this by saying that TLS provides neither anonymity nor stealth.
A primary vulnerability of TLS is that a TLS proxy can intercept a TLS connection, decrypt it and then open a new connection to the destination.

Question 10

Anonymity

Answer 10

To achieve anonymity, it is necessary to hide one’s traffic within a crowd, something that is done by systems such as proxies and mix networks, also called onion routing networks. These systems work by combining traffic from multiple computers into a single channel that is sent between multiple computers and then separating out the traffic again. Simple mix networks might involve a single node where traffic is combined: that’s how most commercial mix networks work. The onion router (Tor) uses a more sophisticated system that relies on multiple layers of encryption and sends every users’ traffic to at least three different computers in sequence, so that not even the nodes of the mix network know with whom the users are communicating.

Question 11

Data at rest encryption

Answer 11

Application level and device level encryption

Question 12

Approaches to work with encrypted data

Answer 12

1) Secure enclaves like Intel SGX (microprocessor modifications - not too safe)
2) Homomorphic encryption
3) Multiparty computation

Question 13

AES

Answer 13

Advanced Encryption Standard, AES is currently regarded as containing no significant algorithmic weaknesses. The only way to forcibly decrypt a message encrypted with AES is to try all possible keys, one by one, until the correct decryption key is found. Although some theoretical attacks on AES have been published, none of them can be performed in practice—at least, not yet.
AES is actually a family of algorithms. The basic version of AES uses a 128-bit key and is called (not surprisingly) AES-128. The algorithm can also be run with a 192-bit or 256-bit key, and is correspondingly named AES-192 and AES-256. The AES algorithm itself consists of an inner mathematical operation that is repeated. AES-128 repeats this function ten times and is therefore said to have ten “rounds.” AES-192 has 12 rounds and AES-256 has 14 rounds. Additional rounds make messages encrypted with AES harder to decrypt without knowing the key.
“AES-256 has a real cost: Those additional rounds mean that it takes more computer time (and thus more electricity) to encrypt a message with AES-256 than with AES-128. For many applications, such as encrypting commercial videos downloaded from streaming video services, the extra security may not be cost effective. Privacy professionals should not assume that because AES-128 is good, AES-256 must be better. For many applications, there is no need to encrypt data so well that it can’t be decrypted ten years hence.
There are other symmetric encryption algorithms, and many may be just as strong as AES.

Question 14

Lightweight Encryption

Answer 14

There is increasing interest in so-called lightweight encryption algorithms that are designed to encrypt small amounts of data—just a few bytes—or that must run in low-power environments. Two such algorithms are SIMON and SPECK, both developed by NSA.

Question 15

DES

Answer 15

Data Encryption Standard: Some organizations continue to use triple DES, for example, on the grounds that DES is more thoroughly understood than AES. The government of China has developed its own suite of cryptographic algorithms so that its networks will not be dependent upon algorithms developed elsewhere. One of these algorithms is SM4, which has been standardized in China for protecting wireless networks.

Question 16

Cryptographic modes of operations

Answer 16

Cryptographic modes of operations are techniques for combining repeated invocations of block algorithms so that they can be used on more data (AES, DES & 3DES can be applied to small blocks of data).
Types: Electronic Codebook, Cipher block Chaining, Counter Mode.
One of the problems with the three modes discussed above is that there is no way to validate the authenticity of encrypted data: Any ciphertext can be decrypted with any key. There is no way, in principle, to look at decrypted information and determine if that information is correct or not.

Question 17

Cryptanalysis

Answer 17

Cryptanalysis is the process of trying to decipher an encrypted message without knowing the key in advance.

Question 18

Electronic codebook

Answer 18

Electronic codebook (ECB) is the simplest symmetric cryptographic mode of operation to implement, but it’s also the least secure. This mode uses the same key to encrypt each block of data. The problem with this mode is that blocks that have the same content will encrypt to yield the same output. In practice, this makes it possible for an attacker to learn a great deal of information about the plaintext merely by observing the repeated portions of ciphertext. For most applications, this mode should not be used.

Question 19

Cipher block chaining

Answer 19

Cipher block chaining (CBC) is the symmetric cryptography mode of operation that overcomes the problem of ECB by encrypting each block as a function of the block’s plaintext and the previously block’s ciphertext. As a result of this chaining, the same block of plaintext will be encrypted differently each time. Because the first block of the message doesn’t have a previous block, it is encrypted by combining the plaintext and a randomly generated block of data called the initialization vector (IV). The IV does not need to be kept secret, but it does need to be different for every message that is encrypted. Because the IV is needed to decrypt the message, it is usually attached to the ciphertext. Disclosing the IV does not jeopardize the security of the ciphertext. This is used in AES.

Question 20

Counter mode cryptographic mode

Answer 20

Counter mode symmetric cryptographic mode (CTR) is similar to CBC, except that the IV is replaced with a counter. This mode shares the advantage with CBC mode that long blocks of data that repeat are encrypted differently. CTR further has the advantage that it is possible to start decrypting at any point in the encrypted data, making this mode a popular choice for disk encryption algorithms. This is in contrast to the CBC mode, which must begin decrypting from the first block in the sequence. CTR further has the advantages that errors in the cipher text do not propagate, and CTR encryption and decryption can be parallelized. Despite these advantages, CTR is not widely used.

Question 21

Authenticated encryption

Answer 21

Authenticated encryption (AE) is a family of modes that provide for both confidentiality and authentication. These modes rely on additional information that is injected into the ciphertext so that the decrypting program can verify that decryption was performed using the correct key and that the decrypted plaintext was not modified after it was encrypted. Unfortunately, some of the authenticated encryption modes have been patented and, as a result, they are not widely used.

Question 22

Entropy pool

Answer 22

Most systems collect randomness from many different sources and use that randomness to scramble the bits in a mathematical structure called an entropy pool.

Question 23

Cryptographic nonce

Answer 23

A nonce is a random or semi-random number that is generated for a specific use. It is related to cryptographic communication and information technology (IT). The term stands for “number used once” or “number once” and is commonly referred to as a cryptographic nonce.

Question 24

Applications of hash functions

Answer 24

Converting pass phrases to cryptographic keys
Identifying versions of documents
Digitally signing documents

Question 25

Digital Signatures

Answer 25

Digital signatures combine two mathematical techniques, cryptographic hash functions and public key cryptography (see Figure 3-4):
To sign a document, a program first computes the hash value of that document. Next, the program encrypts the hash value with the asymmetric signing key.
To verify the signature, the signature is decrypted with the verification key, which has been widely distributed. (For example, it may be on an organization’s web page, it may be downloadable from a public directory, or it may be built into software such as a web browser.). This produces the claimed hash value of the document.
Finally, the document is re-hashed to see if the hash values match. If the two hashes match, the verifier knows two things: (1) The document has not been modified since it was signed and (2) the document was signed by the signing key that matches the verification key.

Question 26

Relying party

Answer 26

A person or program that verifies a digital signature is called the relying party (RP).

Question 27

Public Key Infrastructure

Answer 27

Properly implemented, PKI provides tools for obtaining and verifying public keys that belong to individuals, web servers, organizations and most other kinds of entities that require some form of digital identification. PKI also contains schemes for revoking keys after they have been abandoned or in the event that they are compromised.

Question 28

Cryptographic modes of operations

Answer 28

Cryptographic modes of operations are techniques for combining repeated invocations of block algorithms so that they can be used on more data. There are many, but very few are widely used Electronic codebook (ECB), Cipher Block Chaining (CBC), Counter mode (CT)

Question 29

Application of symmetric cryptography

Answer 29

• Documents with passwords.
• Block level disk encryption
• Persistent VPNs (If two networks are going to be connected for a long period of time using a VPN, it may be advantageous to connect them with a static encryption key. In this case, the system administrator would create a random encryption key and program it into all systems that require access to the VPN.)
• TLS (After a cryptographic session is established using asymmetric cryptography, symmetric encryption algorithms are used for bulk data encryption for data sent over the world wide web using TLS.)
• Wireless networks. Symmetric encryption can also be used on wireless networks. For example, the typical use of the WPA2 encryption system requires that all units be programmed with the same passphrase or key. This passphrase or key is then used to derive a specific symmetric encryption key used to secure data sent over the wireless network.
• Encrypted databases. Instead of storing encrypted data in a file, the data can be stored in a database. There are many strategies for database encryption. The entire database file can be encrypted with a single key; individual rows or columns can be encrypted; rows, columns or cells can be encrypted with keys stored in other rows, columns or cells; the database can be encrypted but the index left unencrypted to allow for rapid searching; and so on. Each strategy has different trade-offs regarding security, performance and recoverability. There is no one right way to encrypt databases, as different schemes are designed to address different threats and satisfy different performance requirements.
• Cryptographic erasure and retention rules. Taking advantage of the fact that encrypted data cannot be decrypted without the key, there are a number of schemes for ensuring complete erasure of a storage media by simply erasing the key. For example, it typically takes two to three hours to overwrite all of the sectors of a hard drive and another two to three hours to verify that they have been overwritten. If the drive is encrypted with a key, the entire contents of the hard drive can be rendered indecipherable by erasing the key.
• Secret sharing. A single document can be encrypted with a single key that is then split into multiple shares using a mathematical approach called secret sharing. These schemes are quite flexible, allowing a key to be split into any number of shares and allowing it to be recovered with any number of those shares. For example, if an organization has seven auditors, the key could be split so that any three auditors, working together, can recover the encrypted data.

Question 30

Hash algorithms

Answer 30

Hash algorithms are fast mathematical functions that take an input of any length and produce a small output (typically 16 to 64 characters) that looks random, but that is in fact completely determined by the input. Strong hash functions have the property that the output cannot be predicted from the input without running the algorithm, and changing any bit in the input will change, on average, half of the bits in the output. Hash functions that do not have this property should not be used.
Examples of hash algorithms: Message Digest 5 (MD5), Secure Hash Algorithm (SHA).
Applications of hash functions:
1. Converting pass phrases into encryption keys
2. Identifying versions of documents
3. Digitally signing the document

Question 31

Digital Signature

Answer 31

Digital signatures combine hash functions with public key cryptography in a way that makes it possible to certify that a document has not been changed since it was digitally signed (see below). Cryptographic hash functions are also a key building block for bitcoin and other cryptographic currencies.

Question 32

Nonce

Answer 32

A nonce is a random or semi-random number that is generated for a specific use. They are used in proof-of-work systems to vary the input to a cryptographic hash function.
Hash functions are easy to use, but like most things in cryptography, it is easy to use them in a way that is not secure. For example, although it’s common to derive an encryption key by simply taking a person’s passphrase and hashing it, this is not secure, because attackers have compiled lists of billions of hashes of popular passwords and passphrases. Instead, it is now regarded as best practice to combine the provided passphrase and a random number, called a nonce, and to hash the two together many thousands of times. The system then stores the random nonce along with the encrypted document. This approach both eliminates the usefulness of those hashed passphrase lists and significantly slows down brute force attacks that try many different passwords and passphrases.

Question 33

Certificate

Answer 33

PKI is based on the principle of certification. An entity called a certificate authority (CA) asserts (or certifies) that a particular public key belongs to a particular entity. These assertions are stored in small electronic documents that are called certificates. There are multiple CAs and there’re no aligned standards and security procedures amongst them. “Organizations can publish Certification Authority Authorization (CAA) records with their DNS to inform web browsers to only trust certificates from a specific authority. CAA is specified in RFC 6859 and implemented by some web browsers.

Question 34

Client-side PKI systems

Answer 34

In addition to verifying the identity of websites, PKI can also verify the identity of users. This process is similar to the way websites are validated, except the certificate is issued to an individual, not to an organization.
Client-side PKI systems require a means for the individual to securely maintain their private key and to use it to prove their identity with the key when this proof is required. Currently, there are two ways individuals can maintain their private keys:
The private key can be stored inside a smart card or another kind of physical token. This is the most secure means for an individual to maintain a private key. The private key never leaves the smart card. Instead, when the individual needs to sign something, the cryptographic hash is provided to the smart card. Most smart cards also require that the individual have a personal identification number (PIN), which is typically four to eight digits long. The user inserts their smart card into a reader, provides the PIN, and the identity is proven. Most smart cards will lock if the wrong PIN is provided three times in a row.
The private key can be stored in an encrypted file on the user’s computer. In order to use the private key, the user provides a password that is used to decrypt the key.
There are two reasons smart cards are significantly more secure than storing the private key in an encrypted file. First, the private key does not leave the smart card under normal circumstances. This makes the key more resistant to malware, since malware cannot directly access the key and copy it to another system. The second is that the user normally removes their smart card from the reader when the smart card is not in use. This significantly reduces the chances that the key can be used without the user’s knowledge.
Currently, there are four common uses for client-side PKI:
1. Using a web browser, users can provide their identity to a remote website. Here PKI is a useful alternatively to a system of usernames and passwords.
2. With client-side PKI, a user can add a signed name to a digital document. Adobe Acrobat provides this functionality.
3. Client-side PKI can also be used to certify the contents of the digital document. Both Microsoft Word and Adobe Acrobat provide this functionality.
4. Users can digitally sign software, asserting that they are the author and that it has not been modified since it was created. Digital signatures on software are available on Microsoft Windows, MacOS, iOS and Android. Sometimes the signatures are created on behalf of organizations, rather than individuals, but even these signatures are created with client-side PKI.

Question 35

Certificate Revocation

Answer 35

Certificate revocation allows the certificate’s owner or issuer to indicate that a certificate should no longer be used or trusted.
There are three approaches for certificate revocation:
When a certificate is issued, the certificate’s owner can also obtain a revocation certificate. This revocation certificate can then be kept in a secure place and published if the private key is compromised.
Alternatively, most CAs operate a certificate revocation list (CRL), which is a list of all of the certificates they have issued that have subsequently been revoked. These lists can become quite large, as certificates that have been revoked remain on the CRL until they expire.
Finally, most CAs operate an online certificate revocation service. Most of these services are based on the Online Certificate Status Protocol (OCSP) standard.

Question 36

Time with PKI

Answer 36

Because certificates have validity periods, it is necessary for computers that use PKI to know the current time. And they must know it securely: If a computer can be forced to have the wrong time, then it can be convinced that a certificate is valid when it has, in fact, already expired. Time is also used by computers to determine if updates can be applied, and for a whole host of other functions. As a result, it is necessary for modern computers to know the correct time.
There are many ways for computers to reliably learn the correct time, including:
Using the internet Network Time Protocol (NTP)
Using a global positioning system (GPS) receiver
Learning the time from a cellular network
Using the Windows Time Service
Currently, none of these protocols use cryptography to assure that the time provided is correct. Fortunately, attacks on network time are rare.

Question 37

RFC

Answer 37

A Request for Comments (RFC) is a formal document drafted by the Internet Engineering Task Force (IETF) that describes the specifications for a particular technology. When an RFC is ratified, it becomes a formal standards document. RFCs were first used during the creation of the ARPANET protocols that came to establish what became today’s Internet. They continue to be issued on an ongoing basis as the technology underlying the Internet evolves.

Question 38

IETF

Answer 38

The Internet Engineering Task Force (IETF) is an open standards organization that deals with Internet standards and cooperates with International Electrotechnical Commission (IEC) and International Organization for Standardization (ISO) standards. IETF deals particularly with TCP/IP standards and the IP suite.
IETF is an open organization that does not have any formal membership. All employees and management personnel are volunteers. Annual, bi-annual and quarterly meetings are arranged to discuss previous and future developments regarding different projects and Internet standards.

Question 39

Extended Valuation Certificates (EV)

Answer 39

Extended Valuation (EV) certificates were an attempt to create a high-quality certificate. EV certificates look different in the web browser, and CAs are supposed to demand higher levels of assurance that they are dealing with the actual entity requesting the certificate. Unlike traditional TLS certificates, EV certificates also contain more information about the provider. Not surprisingly, EV certificates were also more expensive.
Some security professionals disputed the effectiveness of EV certificates. They argued against the very premise of EV certificates, saying that the rigorous checking of identity and liability protection were supposed to be part of the original certificates and should not be reserved only for EV certificates. What’s more, as the price of EV certificates dropped, CAs automated the detailed identity checking and certification that the EV brand required. Today, EV certificates are used to provide additional branding, but they do not appear to provide the additional security hoped for by their creators (see Figure 3-6).23

Question 40

Benefits and drawbacks of asymmetric encryption

Answer 40

What Are the Benefits of Asymmetric Encryption?
In-Transit Security: Symmetric encryption only works with a single key used for encryption and decryption. With the right strategy, this is a perfectly stable and secure way to manage database or server encryption. Having a single key, however, is a liability when sending data between multiple parties. Asymmetric encryption is much more suitable for public internet data sharing.
Document Authentication: Public and private key pairs are necessary for creating security signatures that allow users to authenticate documents. This additional layer of security assures that the sender is who they say they are and that the message has not been tampered with.
What Are the Drawbacks of Asymmetric Encryption?
Speed: Asymmetric encryption is complex and, therefore, slow. It’s not the best solution for bulk encryption–which means it isn’t the best solution for encrypting servers, hard drives, databases, etc.
Complexity and Adoption: To be useful, all parties must use the same form of encryption to share messages. In many cases, this isn’t a problem. For example, all the major internet browsers and providers utilize HTTPS, which means that they have adopted certificate authorities and tools to ensure that HTTPS is seamlessly integrated such that users never have to do a thing. The same is true for email–almost all email providers will use some form of TLS.
The problem comes when organizations need to implement end-to-end encryption solutions like PGP. Because all parties must use the same solution, it’s not feasible for a hospital to send emails in a HIPAA-compliant fashion, counting on E2E to maintain data confidentiality.

Question 41

PGP

Answer 41

The challenge of an asymmetric encryption plan is providing a secure and accessible way to manage and share public and private keys.
Pretty Good Privacy, or PGP, accomplishes this more straightforwardly and facilitates strong end-to-end encryption. An application using PGP will generate keys for a user and manage them through the application, such that a user has a centralized location to collect, manage, and use public keys to send encrypted messages to trusted recipients. However, this strategy isn’t scalable enough to work at enterprise levels. The sheer endeavor of managing a key infrastructure of that size would swamp even the best app while creating problematic honeypots.
Additionally, protocols like PGP present hurdles to widespread communication between organizations and the public because, to function properly, all parties must use the same protocol–and most email providers do not support PGP out of the box.
The more common form of public-key encryption is the use of SSL certificates. This approach is familiar to anyone using the Internet. Any website that uses the secure HTTPS protocol will include proof of legitimacy through a publicly-maintained certificate, secured by a certificate authority, that guarantees the certificate holder’s identity and facilitates encrypted communications.
“PGP using an alternative model for PKI called the Web of Trust. Instead of relying on CAs to certify an individual’s public key, individuals create their own PGP pubic keys and then publish those keys either on a web page or by uploading the key to the PGP key server. “PGP’s bottom-up approach to trust made it easier for the technology to take hold in highly technical communities, but the lack of tools for distributing keys to large numbers of people at the same time has limited its scalability. While millions of people use S/MIME on a daily basis, PGP is still largely restricted to small groups of technologists, although the protocol has also been used by some civil liberties activists throughout the world.

Question 42

TLS Decrypting Proxy

Answer 42

Here is one way that a TLS decrypting proxy can eavesdrop on TLS communications. (The changes specific to the decrypting proxy are presented in bold):
The web browser issues a Domain Name System (DNS) request to convert the name www.company.com into an IP address.
The web browser opens a TLS connection to the web server—but the communication is intercepted and goes to the TLS proxy.
Now, instead of receiving the authentic server’s TLS certificate, it receives a certificate that has the legitimate company’s name but the public key belonging to the proxy.
The proxy opens a TLS connection to the www.company.com web server.
The web browser establishes a TLS connection with the proxy.
The proxy establishes a TLS connection with the remote web server.
All three computers, the client, the proxy and the remote web server, are now communicating with encryption, but the connection’s contents are being decrypted by the proxy using one key and then re-encrypted by the proxy using another. Both the browser and the server observe that the communications are secure, but they are in fact being systematically monitored.
Decrypting TLS proxies is controversial. They are widely deployed by organizations that wish to monitor their users’ access of the internet, but they are also used by governments that wish to monitor the web use of their citizens. Proxies can be detected by web browsers because the certificate they receive is that of the proxy, not of the remote web server. To help address this potential vulnerability, web browsers can alert users or even be configured to stop operation if a remote website’s public key changes. Google’s Chrome web browser implements certificate pinning and will refuse to connect to www.google.com.

Question 43

S/MIME

Answer 43

Secure/Multipurpose Internet Mail Extensions, or S/MIME, is an internet standard to digitally sign and encrypt email messages. It ensures the integrity of email messages remains intact while being received.
By using digital signatures, S/MIME provides for authentication, message integrity, and non-repudiation of origin. In addition, S/MIME includes encryption that strengthens privacy and data security for electronic messaging. S/MIME uses asymmetric encryption.

Question 44

Digital Rights Management

Answer 44

Digital rights management (DRM) systems are another cryptography application that has been widely deployed. Documents, movies and other kinds of digital media are distributed in encrypted form. These systems then use public key technology to identify the computers belonging to specific individuals. If an individual is authorized to access the content, the individual’s computer is provided with an appropriate decryption key. Some of these systems perform the decryption in hardware—for example, in a graphics coprocessor—so that the decrypted content can be viewed on a screen or played through a speaker but is less susceptible to being captured in decrypted form and used for other, unauthorized purposes.
Many DRM systems use cryptographic erasure to block access to a document after a time period as expired. The software does this by automatically wiping the decryption key at a predetermined time.

Question 45

ORAM (Oblivious Random-Access Memory)

Answer 45

Oblivious Random-Access Memory (Oblivious RAM, or simply ORAM) describes a system that has the property that monitoring reads or writes between the user, and the database reveals no side channel information. ORAM operates by encrypting the data that is written with a key only accessible to the user. This prevents an observer (or the memory system itself) from decoding the data that is stored. To prevent an observer from learning about the access patterns, ORAM systems typically perform additional read-and-write operations to different parts of memory whenever any information is read or written. Perfect security is obtained by reading and writing every bit of the remote memory system for every read or write operation, but this is highly inefficient and is not done in practice. Instead, work has focused on building systems that trade off increased efficiency by providing less than perfect security. (These systems use the word memory to describe the part of the ORAM system that stores information; mathematically, there is no difference between a memory bank and a database.)

Question 46

PIR (Private Information Retrieval)

Answer 46

Private information retrieval (PIR) describes a range of protocols in which data can be retrieved from a database without revealing to the database or another observer the information that is retrieved. PIR systems are a subset of ORAM systems, in that they provide for data access but not necessarily for data modification. Some PIR systems allow for the database to perform sophisticated operations, such as searching for documents that match a particular keyword, or for retrieving encrypted documents in sorted order, all without knowing the underlying data that is being operated upon.
Although ORAM and PIR systems have been the subject of academic curiosity since the 1980s, recent advances in cryptography are making these systems practical. In particular, developments in homomorphic encryption aid the development of practical ORAM and PIR systems. It is thought that some of the vulnerabilities that have been discovered in Intel’s SGX system can be overcome through the use of ORAM or PIR.

Question 47

Record encryption

Answer 47

Record level encryption protects data by encrypting individual records within a database or other collection of data. This means that each record is encrypted using a unique encryption key. The unique aspect of record level encryption involves the way it allows for fine-grained control over selecting records for encryption. This can be useful in situations where only certain records contain sensitive information, or where it is necessary to comply with specific data protection regulations.

Question 48

Benefits of record level encryption

Answer 48

There are several benefits to using record level encryption to protect data:

Increased security: Record level encryption helps to ensure the confidentiality of sensitive data by encrypting individual records within a database. This makes it more difficult for unauthorized users to access the data, even if the database as a whole is compromised.
Compliance with data protection regulations: In many cases, record level encryption is necessary to comply with strict data protection regulations. By encrypting individual records, organizations can demonstrate that they are taking appropriate measures to protect sensitive data.
Fine-grained control: Organizations can decide which records to encrypt on a finer level with record level encryption. This can be useful in cases where only certain records contain sensitive information, or where it is necessary to comply with specific data protection regulations.
By encrypting individual records within a database, organizations can ensure the confidentiality of the data, even if the database as a whole is compromised. This can be especially important in industries that are subject to strict data protection regulations, such as healthcare and finance. For example, record level encryption in the healthcare industry is often used to protect sensitive patient information, such as medical records and personal identification information (PII). By encrypting individual records within a database, healthcare organizations can help ensure this data’s confidentiality and comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Financial institutions often use record level encryption to secure customer data, such as account information and transaction records. Organizations that encrypt individual records within a database, help to prevent unauthorized access to this data. Record level encryption also ensures compliance with regulations such as the Payment Card Industry Data Security Standard (PCI DSS).

Question 49

Limitations of record encryption

Answer 49

Key management: Record level encryption requires the use of unique encryption keys for each record. This can be challenging to manage, as it requires the creation, storage, and distribution of a large number of keys. If keys are not properly managed, it can compromise the security of the encrypted data.
Performance: Encrypting and decrypting data can impact the performance of a database or other system. In some cases, record level encryption can slow down the processing of data, especially if the system is not optimized for encryption.
Cost: Implementing record level encryption can be expensive, as it requires the purchase of encryption software and the creation of key management infrastructure.
Compatibility: Record level encryption may not be compatible with all types of databases or systems. In some cases, it may be necessary to modify the database or system to support record level encryption.