7 Cryptography and the PKI Flashcards
What are the three main goals of cryptography?
- Confidentiality
- Integrity
- Authentication
- Nonrepudiation
The CIA triad consists of Confidentiality, Integrity, and Availability, but Authentication is a goal specific to cryptography.
Define cryptography.
The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.
What are the two main operations of cryptography?
- Encryption
- Decryption
What does encryption do?
Transforms plain-text information into ciphertext using an encryption key.
What does decryption do?
Transforms ciphertext back into plain text using a decryption key.
What is the goal of confidentiality in cryptography?
To protect sensitive information from prying eyes.
What is the goal of integrity in cryptography?
To ensure that data is not maliciously or unintentionally altered.
What is the goal of authentication in cryptography?
To validate the identity of individuals.
What is nonrepudiation in the context of cryptography?
Ensures that individuals can prove to a third party that a message came from its purported sender.
True or False: The terms cryptography and cryptology are always used interchangeably.
False
What is the significance of modern cryptography in real-world security?
It is used regularly by security practitioners to keep data confidential.
What is Public Key Infrastructure (PKI)?
A framework that includes public key, private key, and key escrow.
List types of encryption levels.
- Full-disk
- Partition
- File
- Volume
- Database
- Record
- Transport/communication
Define obfuscation in the context of cryptography.
Steganography
What is hashing?
A process of converting data into a fixed-size string of characters, which is typically a hash value.
What is salting in cryptography?
The practice of adding random data to passwords before hashing them.
What are digital signatures?
Cryptographic values that validate the authenticity and integrity of a message.
What does key stretching do?
Enhances the security of weak passwords by increasing their length.
What is blockchain?
A distributed ledger technology that records transactions across many computers.
What does an open public ledger do?
Records transactions in a way that is accessible to anyone.
What are certificates in cryptography?
- Certificate authorities
- Certificate revocation lists (CRLs)
- Online Certificate Status Protocol (OCSP)
- Self-signed
- Third-party
- Root of trust
- Certificate signing request (CSR) generation
- Wildcard
What is a cryptographic attack?
An attempt to breach the security of cryptographic systems.
List types of cryptographic attacks.
- Downgrade
- Collision
- Birthday
What is cryptography?
A field focused on securing communication through techniques for confidentiality, dating back 4,000 years.
What is the main goal of early cryptographic efforts?
Achieving confidentiality.
How does modern cryptography differ from historical methods?
Modern cryptography employs sophisticated techniques that are much harder to break.
What is a cipher?
A method used to scramble or obfuscate characters to hide their value.
What are the two primary types of nonmathematical cryptography?
- Substitution ciphers
- Transposition ciphers
Define a substitution cipher.
A coding system that changes one character or symbol into another.
What is the Caesar cipher?
A substitution cipher that shifts letters a certain number of spaces in the alphabet.
How does the Caesar cipher work?
Shifts each letter by a fixed number of places in the alphabet.
What is ROT13?
A substitution cipher that rotates every letter 13 places in the alphabet.
Why are the Caesar cipher and ROT13 considered too simplistic?
They can be easily broken by modern cryptologists.
What are polyalphabetic substitution ciphers?
Ciphers that use multiple substitution alphabets for the same message.
What is the Vigenère cipher?
A historical polyalphabetic substitution cipher using a keyword to encrypt messages.
How does the Vigenère cipher encrypt a message?
It uses a keyword to match letters in a table to generate ciphertext.
What is a transposition cipher?
A cipher that scrambles the letters of a message by changing their order.
Describe columnar transposition.
A method where a message is written in rows and read across to create ciphertext.
What was the purpose of the Enigma machine?
To provide secure communications for the German military during World War II.
Who led the efforts to decipher the Enigma machine?
Alan Turing.
What is steganography?
The art of embedding secret messages within another file.
How do steganographic algorithms typically work?
By altering the least significant bits of file data, such as images.
What are common applications of steganography?
- Hiding messages in images
- Digital watermarking
- Espionage
What is a legitimate use of steganography?
Adding digital watermarks to protect intellectual property.
True or False: Steganography can only be used for illegal activities.
False.
Fill in the blank: The Caesar cipher shifts letters by _____ spaces.
[a fixed number of]
What are the four fundamental goals of cryptography?
Confidentiality, Integrity, Authentication, Non-repudiation
Define confidentiality in the context of cryptography.
Ensures that data remains private in three situations: at rest, in transit, and in use.
What are the two main types of cryptosystems that enforce confidentiality?
- Symmetric cryptosystems
- Asymmetric cryptosystems
What is data at rest?
Stored data residing in a permanent location awaiting access.
What is data in transit?
Data being transmitted across a network between two systems.
What is data in use?
Data stored in the active memory of a computer system.
What is obfuscation in cryptography?
The practice of making it intentionally difficult for humans to understand how code works.
What is full-disk encryption (FDE)?
Encryption where all data on a hard drive is automatically encrypted.
What is partition encryption?
Encryption targeting a specific partition of a hard drive.
What is file-level encryption?
Encryption focusing on individual files rather than entire drives or partitions.
What is volume encryption?
Encryption of a set ‘volume’ on a storage device containing several folders and files.
What is database encryption?
Protection of sensitive information stored in a database from unauthorized access.
What are the two primary types of database encryption?
- Transparent Data Encryption (TDE)
- Column-level Encryption (CLE)
What is record-level encryption?
Encryption allowing individual records within a database to be encrypted.
Define integrity in the context of cryptography.
Ensures that data is not altered without authorization.
What is message integrity?
Enforcement through encrypted message digests, known as digital signatures.
What is the purpose of authentication in cryptography?
Verifies the claimed identity of system users.
What is non-repudiation?
Assurance that a message was originated by the sender and prevents denial of sending.
True or False: Secret key cryptosystems provide non-repudiation.
False
What type of cryptosystem provides non-repudiation?
Public key, or asymmetric, cryptosystems.
Fill in the blank: Data in transit is also commonly called _______.
data on the wire
What are the four cryptographic goals of modern cryptosystems?
Confidentiality, integrity, authentication, and nonrepudiation
What is the principle of ‘security through obscurity’ in early cryptography?
Keeping the details of an encryption algorithm secret from outsiders
How do modern cryptosystems ensure security?
By relying on the secrecy of cryptographic keys rather than the secrecy of algorithms
What is the significance of the length of a cryptographic key?
It determines the strength of the cryptosystem and its resistance to cryptanalysis
What is the minimum key length recommended for modern cryptographic systems?
At least a 128-bit key
What are symmetric key algorithms based on?
A shared secret encryption key distributed to all communication participants
What is a major weakness of symmetric key cryptography?
Key exchange is a major problem
True or False: Symmetric key cryptography implements non-repudiation.
False
What is the speed advantage of symmetric key cryptography compared to asymmetric algorithms?
1,000 to 10,000 times faster
What do asymmetric key algorithms provide a solution for?
The weaknesses of symmetric key encryption
In asymmetric key cryptography, what are the two types of keys each user has?
Public key and private key
How is a message encrypted and decrypted in public key cryptography?
Public key encrypts, private key decrypts
What is the formula for calculating the number of symmetric keys required for n parties?
Number of Keys = n(n–1) / 2
What are the major strengths of asymmetric key cryptography?
- Scalability
- Easier user removal
- Key regeneration only when private key is compromised
- Provides integrity, authentication, and non-repudiation
- Simple key exchange
- No preexisting communication link needed
What is a major weakness of public key cryptography?
Slow speed of operation
What is the relationship between symmetric and asymmetric cryptography in data transmission?
Public key cryptography is often used to establish a connection and exchange a symmetric key for subsequent data transfer
What are message digests produced by?
Hashing algorithms
Fill in the blank: Cases where a hash function produces the same value for two different messages are known as _______.
collisions
What happens to hashing algorithms when collisions are found?
They are typically deprecated
What types of data do symmetric and asymmetric cryptography systems handle?
- Symmetric: Bulk encryption
- Asymmetric: Small blocks of data, digital signatures, digital certificates
What are the key services provided by symmetric and asymmetric cryptography?
- Symmetric: Confidentiality, integrity
- Asymmetric: Confidentiality, integrity, authentication, non-repudiation
What is symmetric key cryptography?
A type of encryption where the same key is used for both encryption and decryption
Name three common symmetric cryptosystems.
- Data Encryption Standard (DES)
- Triple DES (3DES)
- Advanced Encryption Standard (AES)
In what year was the Data Encryption Standard (DES) published?
1977
Why is DES no longer considered secure?
Due to flaws in the algorithm, and it is believed intelligence agencies can decrypt it
What cryptosystem superseded DES?
Advanced Encryption Standard (AES)
What does Triple DES (3DES) do to enhance security?
Uses the DES algorithm three times with three different keys
Is 3DES still considered secure?
No, it is scheduled to be deprecated in December 2023
What block cipher was chosen as the replacement for DES?
Rijndael
What is the Federal Information Processing Standard (FIPS) 197?
Mandates the use of AES/Rijndael for U.S. government encryption of sensitive but unclassified data
What are the key strengths supported by AES?
- 128 bits
- 192 bits
- 256 bits
How many rounds of encryption does a 128-bit key require in AES?
10 rounds
How many rounds of encryption does a 192-bit key require in AES?
12 rounds
How many rounds of encryption does a 256-bit key require in AES?
14 rounds
What role does AES play in modern cryptography?
It is widely used in wireless network security, TLS protocol, and file/disk encryption
What are key management practices?
Safeguards for the creation, distribution, storage, destruction, recovery, and escrow of secret keys
What is key exchange in symmetric encryption?
The secure distribution of the secret keys required to operate the algorithms
What is one major problem with symmetric encryption algorithms?
Key exchange
What is offline distribution in key exchange?
Physical exchange of key material between parties
What is public key encryption used for in key exchange?
To establish a secure communications link for exchanging secret keys
What is the Diffie–Hellman key exchange algorithm?
A method for securely exchanging keys over a public channel
True or False: The Diffie–Hellman algorithm was released in 1976.
True
What must both parties agree on in the Diffie–Hellman algorithm?
Two large numbers: a prime number (p) and an integer (g)
What is the principle of split knowledge in key storage?
Two individuals hold halves of a key and must collaborate to recreate it
What happens when a user with knowledge of a secret key leaves an organization?
Keys must be changed and encrypted materials re-encrypted with new keys
What is key escrow?
A system where a third party stores a protected copy of a key for emergency use
What problem does key escrow address?
Access to encrypted data if the decryption key is lost or if a user leaves unexpectedly
What is a key requirement when selecting an encryption system?
Choose an encryption system with an algorithm in the public domain that has been thoroughly vetted by industry experts
Avoid systems that use a ‘black-box’ approach where the secrecy of the algorithm is claimed to be critical.
What should be considered when selecting key length?
Balance security requirements with performance considerations
Additionally, ensure that the key is truly random, having sufficient entropy.
Why is it important for a key to be truly random?
Any predictability within the key increases the likelihood that an attacker will be able to break your encryption
This degradation affects the security of your cryptosystem.
What should you do with your private key?
Keep your private key secret
Allowing anyone else access to your private key compromises all communications using that key.
What happens if someone gains access to your private key?
It permanently compromises all communications (past, present, or future) using that key
This also allows the third party to impersonate you successfully.
When should you retire encryption keys?
Retire keys when they’ve served a useful life
Many organizations have mandatory key rotation requirements to prevent undetected key compromise.
What is the recommendation for key rotation frequency?
Change your key pair every few months, if practical
Continued reuse of a key increases the risk of cryptographic attacks.
What should you do if you lose your private key?
Back up your key
Use a key escrow service or create your own backup, ensuring it is handled securely.
What are hardware security modules (HSMs) used for?
HSMs store and manage encryption keys securely
They prevent humans from needing to work directly with the keys.
What range do hardware security modules (HSMs) cover?
HSMs range from simple devices like YubiKey to complex enterprise products
Cloud providers offer cloud-based HSMs for secure key management.
True or False: Using a ‘black-box’ encryption system is a recommended practice.
False
Security through obscurity is not an appropriate approach.
What is a brute force attack?
A method that involves trying every possible key to decrypt a message.
It is guaranteed to work but can take an impractically long time for complex keys.
How many possible keys does the DES encryption have?
72,057,594,037,927,936 possible keys.
Trying 1 million keys per second would take over 46 million years.
What does frequency analysis involve?
Looking for common patterns in the blocks of an encrypted message.
It is effective on historical ciphers but not on modern algorithms.
What is a known plain text attack?
An attack that relies on having pairs of known plain text and corresponding ciphertext.
Successful in cracking the German Naval Enigma during WWII.
What is a chosen plain text attack?
An attack where the attacker obtains ciphertexts for a set of plain texts of their choosing.
This can help derive the key used for encryption.
Define a related key attack.
An attack where the attacker obtains ciphertexts encrypted under two different keys.
Useful if plain text and matching ciphertext are available.
What is a birthday attack?
An attack on cryptographic hashes based on the birthday theorem, aiming to find two inputs that produce the same output.
Requires significantly fewer inputs than brute-force methods to find a collision.
How many people need to be in a room to have a 51% chance of sharing a birthday?
23 people.
This demonstrates the birthday paradox in probability.
What is a downgrade attack?
An attack that tricks users into shifting to less secure cryptographic modes.
Often targets secure communications like TLS.
What is a rainbow table attack?
An attack that attempts to reverse hashed password values by precomputing hashes of common passwords.
Prevented by salting passwords before hashing.
What is salting in cryptography?
Adding a randomly generated value to each password before hashing.
This helps prevent rainbow table attacks.
What is key stretching?
A method used to create strong encryption keys from passwords using multiple iterations of salting and hashing.
PBKDF2 is an example of a key stretching algorithm.
What is a significant vulnerability in the WEP protocol?
Uses an improper implementation of the RC4 encryption algorithm.
This leads to significant security vulnerabilities, making WEP unsuitable for modern networks.
What is a common cause of encryption vulnerabilities?
Human error.
Examples include sending unencrypted messages or mishandling cryptographic keys.
What can happen when a preamble is sent in clear text?
It may provide cryptanalysts with key insights into the message contents.
This can compromise an otherwise secure system.
Why is DES considered a poor choice for modern cryptography?
Its key length is too short due to advances in computer power.
Although the algorithm itself is sound, it has been deprecated.
What is Tor?
A mechanism for anonymously routing traffic across the Internet using encryption and relay nodes
Tor stands for The Onion Router and uses perfect forward secrecy.
What is perfect forward secrecy?
A technology that prevents nodes in the relay chain from reading anything other than the specific information they need
This is utilized by Tor to enhance anonymity.
What does the blockchain represent?
A distributed and immutable open public ledger
It prevents tampering with records stored across different systems.
What was the first major application of blockchain technology?
Cryptocurrency
Bitcoin was the original cryptocurrency that utilized blockchain.
How does blockchain allow for decentralized currency?
Authority for transactions is distributed among all participants in the blockchain
There is no central regulator in cryptocurrencies like Bitcoin.
Name two potential applications of blockchain technology beyond cryptocurrency.
- Property ownership records
- Supply chain tracking
What is lightweight cryptography?
Cryptography designed for environments with limited computing power and energy
Examples include satellites and remote sensors.
Why is specialized hardware used in lightweight cryptography?
To minimize power consumption while implementing cryptographic algorithms
This is critical in low power environments.
What is low latency in cryptography?
The requirement for encryption and decryption processes to be completed quickly
Common in encrypting network links.
What is homomorphic encryption?
Encryption that allows computations to be performed on encrypted data without decrypting it
The result matches what would be obtained from plain-text data.
What is the significance of quantum computing in cryptography?
It may defeat cryptographic algorithms based on factoring large prime numbers
Quantum computing is still largely theoretical but holds promise.
What could quantum computing potentially develop?
Stronger cryptographic algorithms that are more secure than current methods
This would usher in a post-quantum era of communication.
Fill in the blank: The blockchain creates a data store that nobody can _______.
tamper with or destroy
True or False: Lightweight cryptography is only applicable to high-power devices.
False
It is designed for low-power and energy-conserving environments.
What is an example of a device that requires low latency cryptography?
Dedicated VPN hardware
This hardware implements encryption and decryption efficiently to maximize speed.
What is a key requirement in high resiliency cryptography?
Data must be preserved and not destroyed accidentally during encryption
Retaining a data copy until successful receipt by the recipient is a common approach.
What is cryptography primarily used for?
Providing confidentiality, integrity, authentication, and non-repudiation
Cryptography is essential across various security domains, including networking and software development.
What type of encryption uses shared secret keys?
Symmetric encryption
Symmetric encryption is effective for both data at rest and data in motion.
What are the benefits of symmetric encryption?
Fast and efficient
Users must manage key exchange and maintenance for effective use.
What does asymmetric cryptography utilize?
Public key infrastructure (PKI)
Asymmetric cryptography allows secure communication without prior relationships between parties.
True or False: Cryptography only applies to networking security.
False
Cryptography impacts various areas of security beyond just networking.
Fill in the blank: Cryptography is one of the most important _______ in use today.
security controls
It plays a crucial role in enhancing overall security across multiple domains.
