Asymmetric Cryptography Principles Flashcards

1
Q

What is the Diffie-Hellman (DH) key exchange?

A

The Diffie-Hellman (DH) key exchange is a cryptographic protocol that allows two parties to securely share a secret key over an insecure communication channel. The key generated through this exchange can then be used for symmetric encryption to securely transmit data.

Here’s how it works:

  1. Public Parameters: Both parties agree on a large prime number (p) and a base (g), which are publicly known.
  2. Private Keys: Each party generates a private key. These private keys are kept secret and are not shared with anyone.
  3. Public Keys: Using their private key, each party calculates a public key by raising the base (g) to the power of their private key, then taking the remainder when divided by the prime number (p). They then exchange these public keys.
  4. Shared Secret: Each party uses the other party’s public key and their own private key to compute the shared secret. Despite the public keys being exchanged openly, only the parties involved can compute the same shared secret, due to the properties of the mathematical operation used.
  5. Symmetric Key: The shared secret can now be used as the symmetric key for encryption, allowing secure communication.

The DH key exchange is secure because, even though the public keys and the parameters (p and g) are known, it is computationally infeasible for an attacker to derive the private keys or the shared secret. This is due to the difficulty of solving the discrete logarithm problem, which underpins the security of the Diffie-Hellman exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the Diffie-Hellman (DH) key exchange applications?

A

DH is used for key generation in the following:

  • Virtual Private Network (VPN) with Internet Protocol Security (Psec)
  • in Transport Layer Security (TLS)
  • in Secure Shell (SSH) communications.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When assessing its security, what are the 4 security levels/categories for encryption algorithms?

A

The 4 categories are:
- Avoid
- Legacy
- Acceptable
- Next generation encryption (NGE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What algorithms should be avoided due to being too weak in the face of quantum computing and better processing power in general?

A

the following algorithms should be avoided:
• DES
• RC4
• DH, RSA and DSA with key lengths less than 1024 bits
• MD5.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What algorithms are currently safe from the threat of quantum computing?

A

The following algorithms should be safe from quantum computers:
• AES-CBC and AES-GCM
• SHA-384 and SHA-512
• HMAC-SHA-256.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the three ingredients required for hack proof encryption?

A

The three ingredients for a ‘hackproof encryption method are:
• an algorithm to encode the plaintext
• random numbers
• a secure delivery method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three methods of providing freshness to a communication or message?

A

In the context of cybersecurity, freshness refers to the property of data or communication ensuring that it is recent, and not a replay of old messages. This concept is crucial in preventing replay attacks, where an attacker intercepts a valid data transmission and maliciously reuses it to gain unauthorised access or cause other harm.

To ensure freshness, protocols often use techniques such as:

  • Timestamps: Including a timestamp in a message to show when it was created. The recipient can verify that the message is recent.
  • Nonces: A nonce is a random or unique number that is used only once in a session. Including a nonce in a communication helps to ensure that the message is fresh and hasn’t been replayed.
  • Serial Numbers: Using sequential serial numbers in communications can help verify the order and ensure that each message is unique and has not been reused.

These techniques help ensure that each communication or transaction is unique and current, thereby maintaining the security and integrity of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Hybrid Crypto-System?

A

All of these protocols employ a public/private key mechanism to generate a new secret key that is shared between the communicating parties and is used exclusively for the current session. They combine both asymmetric and symmetric encryption methods to establish a secure connection, a setup known as a hybrid cryptosystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does IPsec work?

A

IPsec (Internet Protocol Security) is a suite of protocols designed to secure IP communications by authenticating and encrypting each IP packet in a communication session. It operates at the network layer, providing end-to-end security for data transmitted over an IP network, such as the internet or private networks.

Here’s how IPsec works:

  1. Protocols: IPsec consists of two main protocols:
    • Authentication Header (AH): AH provides data integrity, data origin authentication, and protection against replay attacks by adding a header to the packet that contains a cryptographic checksum.
    • Encapsulating Security Payload (ESP): ESP provides data confidentiality through encryption, as well as data integrity and authentication. It can be used alone or in combination with AH.
  2. Modes of Operation:
    • Transport Mode: In transport mode, only the payload of the IP packet (the data) is encrypted and/or authenticated. The original IP headers remain intact, so this mode is typically used for end-to-end communication between two hosts.
    • Tunnel Mode: In tunnel mode, the entire IP packet (including headers) is encrypted and/or authenticated. The encrypted packet is then encapsulated within a new IP packet with a new header. Tunnel mode is commonly used for VPNs (Virtual Private Networks) to secure communication between networks.
  3. Key Exchange:
    • IPsec uses the Internet Key Exchange (IKE) protocol to negotiate, establish, and manage the security associations (SAs) between communicating parties. IKE automates the process of creating and exchanging cryptographic keys, ensuring that both parties have a shared secret key for encryption and authentication.
  4. Security Associations (SAs):
    • SAs are the agreements between two IPsec endpoints about which protocols, algorithms, and keys to use. Each SA is unidirectional, meaning there are typically two SAs (one for each direction) for a full-duplex connection.
  5. Packet Processing:
    • When sending data, IPsec applies the negotiated security protocols (AH or ESP) according to the established SAs. This involves encrypting and/or authenticating the data, adding the necessary headers, and sending the secured packet.
    • Upon receiving data, the recipient uses the SA to decrypt and/or authenticate the packet, ensuring its integrity and confidentiality before passing it to the application layer.

IPsec is widely used for securing data in VPNs, ensuring that the data transmitted over the network is protected against eavesdropping, tampering, and impersonation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly