7 Cryptography and the PKI Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three main goals of cryptography?

A
  • Confidentiality
  • Integrity
  • Authentication
  • Nonrepudiation

The CIA triad consists of Confidentiality, Integrity, and Availability, but Authentication is a goal specific to cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define cryptography.

A

The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the two main operations of cryptography?

A
  • Encryption
  • Decryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does encryption do?

A

Transforms plain-text information into ciphertext using an encryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does decryption do?

A

Transforms ciphertext back into plain text using a decryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the goal of confidentiality in cryptography?

A

To protect sensitive information from prying eyes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the goal of integrity in cryptography?

A

To ensure that data is not maliciously or unintentionally altered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the goal of authentication in cryptography?

A

To validate the identity of individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is nonrepudiation in the context of cryptography?

A

Ensures that individuals can prove to a third party that a message came from its purported sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False: The terms cryptography and cryptology are always used interchangeably.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the significance of modern cryptography in real-world security?

A

It is used regularly by security practitioners to keep data confidential.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Public Key Infrastructure (PKI)?

A

A framework that includes public key, private key, and key escrow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List types of encryption levels.

A
  • Full-disk
  • Partition
  • File
  • Volume
  • Database
  • Record
  • Transport/communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define obfuscation in the context of cryptography.

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is hashing?

A

A process of converting data into a fixed-size string of characters, which is typically a hash value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is salting in cryptography?

A

The practice of adding random data to passwords before hashing them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are digital signatures?

A

Cryptographic values that validate the authenticity and integrity of a message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does key stretching do?

A

Enhances the security of weak passwords by increasing their length.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is blockchain?

A

A distributed ledger technology that records transactions across many computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does an open public ledger do?

A

Records transactions in a way that is accessible to anyone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are certificates in cryptography?

A
  • Certificate authorities
  • Certificate revocation lists (CRLs)
  • Online Certificate Status Protocol (OCSP)
  • Self-signed
  • Third-party
  • Root of trust
  • Certificate signing request (CSR) generation
  • Wildcard
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a cryptographic attack?

A

An attempt to breach the security of cryptographic systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

List types of cryptographic attacks.

A
  • Downgrade
  • Collision
  • Birthday
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is cryptography?
A field focused on securing communication through techniques for confidentiality, dating back 4,000 years.
26
What is the main goal of early cryptographic efforts?
Achieving confidentiality.
27
How does modern cryptography differ from historical methods?
Modern cryptography employs sophisticated techniques that are much harder to break.
28
What is a cipher?
A method used to scramble or obfuscate characters to hide their value.
29
What are the two primary types of nonmathematical cryptography?
* Substitution ciphers * Transposition ciphers
30
Define a substitution cipher.
A coding system that changes one character or symbol into another.
31
What is the Caesar cipher?
A substitution cipher that shifts letters a certain number of spaces in the alphabet.
32
How does the Caesar cipher work?
Shifts each letter by a fixed number of places in the alphabet.
33
What is ROT13?
A substitution cipher that rotates every letter 13 places in the alphabet.
34
Why are the Caesar cipher and ROT13 considered too simplistic?
They can be easily broken by modern cryptologists.
35
What are polyalphabetic substitution ciphers?
Ciphers that use multiple substitution alphabets for the same message.
36
What is the Vigenère cipher?
A historical polyalphabetic substitution cipher using a keyword to encrypt messages.
37
How does the Vigenère cipher encrypt a message?
It uses a keyword to match letters in a table to generate ciphertext.
38
What is a transposition cipher?
A cipher that scrambles the letters of a message by changing their order.
39
Describe columnar transposition.
A method where a message is written in rows and read across to create ciphertext.
40
What was the purpose of the Enigma machine?
To provide secure communications for the German military during World War II.
41
Who led the efforts to decipher the Enigma machine?
Alan Turing.
42
What is steganography?
The art of embedding secret messages within another file.
43
How do steganographic algorithms typically work?
By altering the least significant bits of file data, such as images.
44
What are common applications of steganography?
* Hiding messages in images * Digital watermarking * Espionage
45
What is a legitimate use of steganography?
Adding digital watermarks to protect intellectual property.
46
True or False: Steganography can only be used for illegal activities.
False.
47
Fill in the blank: The Caesar cipher shifts letters by _____ spaces.
[a fixed number of]
48
What are the four fundamental goals of cryptography?
Confidentiality, Integrity, Authentication, Non-repudiation
49
Define confidentiality in the context of cryptography.
Ensures that data remains private in three situations: at rest, in transit, and in use.
50
What are the two main types of cryptosystems that enforce confidentiality?
* Symmetric cryptosystems * Asymmetric cryptosystems
51
What is data at rest?
Stored data residing in a permanent location awaiting access.
52
What is data in transit?
Data being transmitted across a network between two systems.
53
What is data in use?
Data stored in the active memory of a computer system.
54
What is obfuscation in cryptography?
The practice of making it intentionally difficult for humans to understand how code works.
55
What is full-disk encryption (FDE)?
Encryption where all data on a hard drive is automatically encrypted.
56
What is partition encryption?
Encryption targeting a specific partition of a hard drive.
57
What is file-level encryption?
Encryption focusing on individual files rather than entire drives or partitions.
58
What is volume encryption?
Encryption of a set 'volume' on a storage device containing several folders and files.
59
What is database encryption?
Protection of sensitive information stored in a database from unauthorized access.
60
What are the two primary types of database encryption?
* Transparent Data Encryption (TDE) * Column-level Encryption (CLE)
61
What is record-level encryption?
Encryption allowing individual records within a database to be encrypted.
62
Define integrity in the context of cryptography.
Ensures that data is not altered without authorization.
63
What is message integrity?
Enforcement through encrypted message digests, known as digital signatures.
64
What is the purpose of authentication in cryptography?
Verifies the claimed identity of system users.
65
What is non-repudiation?
Assurance that a message was originated by the sender and prevents denial of sending.
66
True or False: Secret key cryptosystems provide non-repudiation.
False
67
What type of cryptosystem provides non-repudiation?
Public key, or asymmetric, cryptosystems.
68
Fill in the blank: Data in transit is also commonly called _______.
data on the wire
69
What are the four cryptographic goals of modern cryptosystems?
Confidentiality, integrity, authentication, and nonrepudiation
70
What is the principle of 'security through obscurity' in early cryptography?
Keeping the details of an encryption algorithm secret from outsiders
71
How do modern cryptosystems ensure security?
By relying on the secrecy of cryptographic keys rather than the secrecy of algorithms
72
What is the significance of the length of a cryptographic key?
It determines the strength of the cryptosystem and its resistance to cryptanalysis
73
What is the minimum key length recommended for modern cryptographic systems?
At least a 128-bit key
74
What are symmetric key algorithms based on?
A shared secret encryption key distributed to all communication participants
75
What is a major weakness of symmetric key cryptography?
Key exchange is a major problem
76
True or False: Symmetric key cryptography implements non-repudiation.
False
77
What is the speed advantage of symmetric key cryptography compared to asymmetric algorithms?
1,000 to 10,000 times faster
78
What do asymmetric key algorithms provide a solution for?
The weaknesses of symmetric key encryption
79
In asymmetric key cryptography, what are the two types of keys each user has?
Public key and private key
80
How is a message encrypted and decrypted in public key cryptography?
Public key encrypts, private key decrypts
81
What is the formula for calculating the number of symmetric keys required for n parties?
Number of Keys = n(n–1) / 2
82
What are the major strengths of asymmetric key cryptography?
* Scalability * Easier user removal * Key regeneration only when private key is compromised * Provides integrity, authentication, and non-repudiation * Simple key exchange * No preexisting communication link needed
83
What is a major weakness of public key cryptography?
Slow speed of operation
84
What is the relationship between symmetric and asymmetric cryptography in data transmission?
Public key cryptography is often used to establish a connection and exchange a symmetric key for subsequent data transfer
85
What are message digests produced by?
Hashing algorithms
86
Fill in the blank: Cases where a hash function produces the same value for two different messages are known as _______.
collisions
87
What happens to hashing algorithms when collisions are found?
They are typically deprecated
88
What types of data do symmetric and asymmetric cryptography systems handle?
* Symmetric: Bulk encryption * Asymmetric: Small blocks of data, digital signatures, digital certificates
89
What are the key services provided by symmetric and asymmetric cryptography?
* Symmetric: Confidentiality, integrity * Asymmetric: Confidentiality, integrity, authentication, non-repudiation
90
What is symmetric key cryptography?
A type of encryption where the same key is used for both encryption and decryption
91
Name three common symmetric cryptosystems.
* Data Encryption Standard (DES) * Triple DES (3DES) * Advanced Encryption Standard (AES)
92
In what year was the Data Encryption Standard (DES) published?
1977
93
Why is DES no longer considered secure?
Due to flaws in the algorithm, and it is believed intelligence agencies can decrypt it
94
What cryptosystem superseded DES?
Advanced Encryption Standard (AES)
95
What does Triple DES (3DES) do to enhance security?
Uses the DES algorithm three times with three different keys
96
Is 3DES still considered secure?
No, it is scheduled to be deprecated in December 2023
97
What block cipher was chosen as the replacement for DES?
Rijndael
98
What is the Federal Information Processing Standard (FIPS) 197?
Mandates the use of AES/Rijndael for U.S. government encryption of sensitive but unclassified data
99
What are the key strengths supported by AES?
* 128 bits * 192 bits * 256 bits
100
How many rounds of encryption does a 128-bit key require in AES?
10 rounds
101
How many rounds of encryption does a 192-bit key require in AES?
12 rounds
102
How many rounds of encryption does a 256-bit key require in AES?
14 rounds
103
What role does AES play in modern cryptography?
It is widely used in wireless network security, TLS protocol, and file/disk encryption
104
What are key management practices?
Safeguards for the creation, distribution, storage, destruction, recovery, and escrow of secret keys
105
What is key exchange in symmetric encryption?
The secure distribution of the secret keys required to operate the algorithms
106
What is one major problem with symmetric encryption algorithms?
Key exchange
107
What is offline distribution in key exchange?
Physical exchange of key material between parties
108
What is public key encryption used for in key exchange?
To establish a secure communications link for exchanging secret keys
109
What is the Diffie–Hellman key exchange algorithm?
A method for securely exchanging keys over a public channel
110
True or False: The Diffie–Hellman algorithm was released in 1976.
True
111
What must both parties agree on in the Diffie–Hellman algorithm?
Two large numbers: a prime number (p) and an integer (g)
112
What is the principle of split knowledge in key storage?
Two individuals hold halves of a key and must collaborate to recreate it
113
What happens when a user with knowledge of a secret key leaves an organization?
Keys must be changed and encrypted materials re-encrypted with new keys
114
What is key escrow?
A system where a third party stores a protected copy of a key for emergency use
115
What problem does key escrow address?
Access to encrypted data if the decryption key is lost or if a user leaves unexpectedly
116
What is a key requirement when selecting an encryption system?
Choose an encryption system with an algorithm in the public domain that has been thoroughly vetted by industry experts ## Footnote Avoid systems that use a 'black-box' approach where the secrecy of the algorithm is claimed to be critical.
117
What should be considered when selecting key length?
Balance security requirements with performance considerations ## Footnote Additionally, ensure that the key is truly random, having sufficient entropy.
118
Why is it important for a key to be truly random?
Any predictability within the key increases the likelihood that an attacker will be able to break your encryption ## Footnote This degradation affects the security of your cryptosystem.
119
What should you do with your private key?
Keep your private key secret ## Footnote Allowing anyone else access to your private key compromises all communications using that key.
120
What happens if someone gains access to your private key?
It permanently compromises all communications (past, present, or future) using that key ## Footnote This also allows the third party to impersonate you successfully.
121
When should you retire encryption keys?
Retire keys when they’ve served a useful life ## Footnote Many organizations have mandatory key rotation requirements to prevent undetected key compromise.
122
What is the recommendation for key rotation frequency?
Change your key pair every few months, if practical ## Footnote Continued reuse of a key increases the risk of cryptographic attacks.
123
What should you do if you lose your private key?
Back up your key ## Footnote Use a key escrow service or create your own backup, ensuring it is handled securely.
124
What are hardware security modules (HSMs) used for?
HSMs store and manage encryption keys securely ## Footnote They prevent humans from needing to work directly with the keys.
125
What range do hardware security modules (HSMs) cover?
HSMs range from simple devices like YubiKey to complex enterprise products ## Footnote Cloud providers offer cloud-based HSMs for secure key management.
126
True or False: Using a 'black-box' encryption system is a recommended practice.
False ## Footnote Security through obscurity is not an appropriate approach.
127
What is a brute force attack?
A method that involves trying every possible key to decrypt a message. ## Footnote It is guaranteed to work but can take an impractically long time for complex keys.
128
How many possible keys does the DES encryption have?
72,057,594,037,927,936 possible keys. ## Footnote Trying 1 million keys per second would take over 46 million years.
129
What does frequency analysis involve?
Looking for common patterns in the blocks of an encrypted message. ## Footnote It is effective on historical ciphers but not on modern algorithms.
130
What is a known plain text attack?
An attack that relies on having pairs of known plain text and corresponding ciphertext. ## Footnote Successful in cracking the German Naval Enigma during WWII.
131
What is a chosen plain text attack?
An attack where the attacker obtains ciphertexts for a set of plain texts of their choosing. ## Footnote This can help derive the key used for encryption.
132
Define a related key attack.
An attack where the attacker obtains ciphertexts encrypted under two different keys. ## Footnote Useful if plain text and matching ciphertext are available.
133
What is a birthday attack?
An attack on cryptographic hashes based on the birthday theorem, aiming to find two inputs that produce the same output. ## Footnote Requires significantly fewer inputs than brute-force methods to find a collision.
134
How many people need to be in a room to have a 51% chance of sharing a birthday?
23 people. ## Footnote This demonstrates the birthday paradox in probability.
135
What is a downgrade attack?
An attack that tricks users into shifting to less secure cryptographic modes. ## Footnote Often targets secure communications like TLS.
136
What is a rainbow table attack?
An attack that attempts to reverse hashed password values by precomputing hashes of common passwords. ## Footnote Prevented by salting passwords before hashing.
137
What is salting in cryptography?
Adding a randomly generated value to each password before hashing. ## Footnote This helps prevent rainbow table attacks.
138
What is key stretching?
A method used to create strong encryption keys from passwords using multiple iterations of salting and hashing. ## Footnote PBKDF2 is an example of a key stretching algorithm.
139
What is a significant vulnerability in the WEP protocol?
Uses an improper implementation of the RC4 encryption algorithm. ## Footnote This leads to significant security vulnerabilities, making WEP unsuitable for modern networks.
140
What is a common cause of encryption vulnerabilities?
Human error. ## Footnote Examples include sending unencrypted messages or mishandling cryptographic keys.
141
What can happen when a preamble is sent in clear text?
It may provide cryptanalysts with key insights into the message contents. ## Footnote This can compromise an otherwise secure system.
142
Why is DES considered a poor choice for modern cryptography?
Its key length is too short due to advances in computer power. ## Footnote Although the algorithm itself is sound, it has been deprecated.
143
What is Tor?
A mechanism for anonymously routing traffic across the Internet using encryption and relay nodes ## Footnote Tor stands for The Onion Router and uses perfect forward secrecy.
144
What is perfect forward secrecy?
A technology that prevents nodes in the relay chain from reading anything other than the specific information they need ## Footnote This is utilized by Tor to enhance anonymity.
145
What does the blockchain represent?
A distributed and immutable open public ledger ## Footnote It prevents tampering with records stored across different systems.
146
What was the first major application of blockchain technology?
Cryptocurrency ## Footnote Bitcoin was the original cryptocurrency that utilized blockchain.
147
How does blockchain allow for decentralized currency?
Authority for transactions is distributed among all participants in the blockchain ## Footnote There is no central regulator in cryptocurrencies like Bitcoin.
148
Name two potential applications of blockchain technology beyond cryptocurrency.
* Property ownership records * Supply chain tracking
149
What is lightweight cryptography?
Cryptography designed for environments with limited computing power and energy ## Footnote Examples include satellites and remote sensors.
150
Why is specialized hardware used in lightweight cryptography?
To minimize power consumption while implementing cryptographic algorithms ## Footnote This is critical in low power environments.
151
What is low latency in cryptography?
The requirement for encryption and decryption processes to be completed quickly ## Footnote Common in encrypting network links.
152
What is homomorphic encryption?
Encryption that allows computations to be performed on encrypted data without decrypting it ## Footnote The result matches what would be obtained from plain-text data.
153
What is the significance of quantum computing in cryptography?
It may defeat cryptographic algorithms based on factoring large prime numbers ## Footnote Quantum computing is still largely theoretical but holds promise.
154
What could quantum computing potentially develop?
Stronger cryptographic algorithms that are more secure than current methods ## Footnote This would usher in a post-quantum era of communication.
155
Fill in the blank: The blockchain creates a data store that nobody can _______.
tamper with or destroy
156
True or False: Lightweight cryptography is only applicable to high-power devices.
False ## Footnote It is designed for low-power and energy-conserving environments.
157
What is an example of a device that requires low latency cryptography?
Dedicated VPN hardware ## Footnote This hardware implements encryption and decryption efficiently to maximize speed.
158
What is a key requirement in high resiliency cryptography?
Data must be preserved and not destroyed accidentally during encryption ## Footnote Retaining a data copy until successful receipt by the recipient is a common approach.
159
What is cryptography primarily used for?
Providing confidentiality, integrity, authentication, and non-repudiation ## Footnote Cryptography is essential across various security domains, including networking and software development.
160
What type of encryption uses shared secret keys?
Symmetric encryption ## Footnote Symmetric encryption is effective for both data at rest and data in motion.
161
What are the benefits of symmetric encryption?
Fast and efficient ## Footnote Users must manage key exchange and maintenance for effective use.
162
What does asymmetric cryptography utilize?
Public key infrastructure (PKI) ## Footnote Asymmetric cryptography allows secure communication without prior relationships between parties.
163
True or False: Cryptography only applies to networking security.
False ## Footnote Cryptography impacts various areas of security beyond just networking.
164
Fill in the blank: Cryptography is one of the most important _______ in use today.
security controls ## Footnote It plays a crucial role in enhancing overall security across multiple domains.