4472 - Security Midterm

Question 1

How does the Cesar cipher work?

Answer 1

Encrypt - shift 3 letters forward

Decrypt - shift 3 letters backward

Question 2

How does the Vigenere cipher work?

Answer 2

Add a pass phrase to message mod 26

Question 3

What is Kerckhoff’s principle?

Answer 3

Secrecy of message should be maintained even with knowledge of cipher - secrecy should depend on the key

Question 4

What is plaintext?

Answer 4

the message being encrypted

Question 5

what is ciphertext?

Answer 5

the encrypted message

Question 6

what is a key?

Answer 6

the secret that is used to transform plaintext in to ciphertext

Question 7

what is the keyspace?

Answer 7

the set of all possible keys

Question 8

What are the 3 goals of cryptosystem designers?

Answer 8

1. key space is exponential in length
2. infeasible to brute force
3. brute force = adversary’s best strategy

Question 9

Define the passive adversarial mode

Answer 9

The adversary passively observes ciphertexts

Question 10

Define the active adversarial mode

Answer 10

Adversary can modify or replace cipher text - man in the middle

Question 11

What is the CIA triad of security goals?

Answer 11

confidentiality, integrity, authentication

Question 12

How does Enigma leak information?

Answer 12

Since a plaintext character can never be itself in the ciphertext version, it leaks info regarding what the plaintext isn’t

Question 13

What does IND-EAV secure mean?

Answer 13

It means that a passive adversary cannot win a security game more than 50% of the time

Question 14

What is a CPA game?

Answer 14

chosen plain text attack

Question 15

What is deterministic encryption?

Answer 15

When encrypting the plaintext twice with the same key you get the exact same cipher text

Question 16

Can a deterministic cipher be IND-CPA secure?

Answer 16

No

Question 17

What is a chosen ciphertext attack?

Answer 17

adversary is allowed to make encryption queries

Question 18

What is CCA1?

Answer 18

non-adaptive chosen cipher text attack, adversary can make decryption queries until the challenge cipher text is issued

Question 19

What is CCA2?

Answer 19

adaptive chosen cipher text, adversary can continue to make decryption queries after the challenge cipher text

Question 20

What are the idea properties for a block cipher to have?

Answer 20

they should be reversible, easy to encrypt/decrypt with the key but hard otherwise, computing the mapping should be computationally efficient

Question 21

Encryption in block ciphers should always be what?

Answer 21

a bijection (one to one mapping)

Question 22

What is the permutation property?

Answer 22

a set of strings will map one to one to itself

Question 23

how many plaintexts are there in block cipher?

Answer 23

2^b

Question 24

how many palintext permutations are there in a block cipher?

Answer 24

2^b !

Question 25

how many possible keys are there in block cipher?

Answer 25

2^k

Question 26

what is a sudo-random permutation?

Answer 26

a random looking permutation defined by a key that is efficient to compute

Question 27

What is the difference between pseudo random permutation and pseudo random functions?

Answer 27

pseudo random function do not require a one to one mapping

Question 28

How many fiestal rounds do you need at a minimum?

Answer 28

4

Question 29

how many feistal rounds does DES use?

Answer 29

16

Question 30

why is DES no longer used today?

Answer 30

weak key length (56bits), issues with the PRF

Question 31

what is the main flaw with electronic codebook mode?

Answer 31

repeating blocks with identical values will result in a repeating pattern of random values

Question 32

how does CBC mode solve the problems associated with ECB mode?

Answer 32

it breaks up repetition in plaintext by XOR’ing each block with a random looking value, first block an initialization vector is used, all subsequent blocks are XOR’ed with the previous block

Question 33

what are the differences between CBC and CTR mode?

Answer 33

CBC

• computed in series
• has both an encryption function and decryption function
• can be used safely with small block length ciphers
• no random access

CTR

• computed in parallel
• only has the encryption function
• cannot be used safely with small block length ciphers
• random access

Question 34

What are CFB and OFB modes?

Answer 34

similar modes to CBC but without needing decryption function

Question 35

what is XTS used for?

Answer 35

random access applications

Question 36

how any rounds are used in AES 128 bit and 256 bit?

Answer 36

10 and 14

Question 37

what is the key difference between feistel and AES?

Answer 37

feistal used PRF and AES uses PRP

Question 38

why are galois fields used in AES?

Answer 38

since addition is just an XOR and multiplication is a simple sequence of operations

Question 39

why do we need a hash?

Answer 39

whenever we need to create a short fixed-length string of some arbitrary length string

Question 40

what are some applications of hash functions?

Answer 40

MAC authentication, digital signatures, key derivation functions

Question 41

what is the random oracle model?

Answer 41

input –> arbitrary length strings
output –> random unique fixed length string

each query is independent and if you repeat a query you get the same answer

Question 42

why can’t a random oracle exist?

Answer 42

infinite memory would be required

Question 43

what are the properties of a good hash?

Answer 43

pre image resistantce

• given a hash it should be hard to find the string that produces that hash
• given a message it should be hard to find another message that produces the same hash

collision resistance
- it should be hard to find any two messages that produce the same hash (collision)

Question 44

why is MD5 not a good hash to use?

Answer 44

pre image attacks at 2^123 bits work, not collision resistant, collisions at 2^64 work and can actually be much sooner

Question 45

what cipher modes preserve linear modification attacks?

Answer 45

CTR, CBC, Stream Cipher

Question 46

Define IND-EAV secure

Answer 46

there exists no PPT-bounded adversary
with a non-negligible advantage of winning the EAV
game