Basics

Question 1

Passive setting/attack

Answer 1

unauthorised access to data

Question 2

Active attack

Answer 2

unauthorised alteration, deletion, transmission, access prevention

Question 3

Security services

Answer 3

confidentiality
data integrity
data origin authentication
entity authentication
non-repudiation

Question 4

(C) Confidentiality

Answer 4

assurance data cannot be viewed by an unauthorised viewer

Question 5

(DI) Data integrity

Answer 5

assurance that data hasn’t been altered in an unauthorised manner (detection)

Question 6

(DOA) Data origin authentication

Answer 6

assurance that given entity was the original source of data

Question 7

(EA) Entity authentication

Answer 7

assurance that a given entity is involved and currently active in a session
(~identification - who am I communicating with?)

Question 8

(NR) Non-repudiation

Answer 8

assurance that an entity cannot deny its commitment or action (to a third party)

Question 9

Relationships b/w services

Answer 9

DOA > DI (DOA requires DI)
NR > DOA (NR requires DOA)
DOA =/= EA
DOA + Freshness = EA
C =/> DOA

Question 10

DOA > DI (DOA requires DI)

Answer 10

If data was altered, receiver cannot be sure the source is who it claims to be

Question 11

NR > DOA (NR requires DOA)

Answer 11

If the source denies its action, we can challange this claim only if we are sure that the action was performed by the source

Question 12

DOA =/= EA

Answer 12

DOA - emails
EA - systems

Question 13

DOA + Freshness = EA

Answer 13

DOA - certifies the sources is who it claims to be
Freshness - certifies the source is present at the moment of communication

Question 14

C =/> DOA

Answer 14

a hacker can violate DI without breaking encryption

Question 15

Cryptography

Answer 15

design and analysis of mechanisms that provide security services based using mathematical thechniques

Question 16

Cryptographic primitive

Answer 16

cryptographic process that provides a number of specified security services

Question 17

Cryptographic algorithm

Answer 17

specification of a cryptographic primitive

Question 18

Cryptographic protocol

Answer 18

sequence of message exchanges and operations between parties aimed at achieving a security goal

Question 19

Cryptosystem

Answer 19

implementation of primitives and accompanying infrastructure

Question 20

Plaintext

Answer 20

raw data to be transmitted

Question 21

Ciphertext

Answer 21

plaintext after encryption algorithm is applied to it

Question 22

Encryption algorithm

Answer 22

set of rules that determines ciphertext for given plaintext and encryption key

Question 23

Decryption algorithm

Answer 23

set of rules that determines plaintext for given ciphertext and decryption key

Question 24

Encryption key

Answer 24

value put in the e. algorithm to compute ciphertext

Question 25

Decryption key

Answer 25

input for a decryption algorithm to compute plaintext from ciphertext

Question 26

Keyspace

Answer 26

collection of all possible decryption keys

Question 27

Interceptor

Answer 27

(adversary, atttacker)
knows ciphertext and may know decryption algorithm, but does not know the key

Question 28

Mechanisms other than encryption

Answer 28

• steganography
• access control
• watermarking
• honeypots

Question 29

Symmetric cryptosystems

Answer 29

Encryption key = Decryption key

Question 30

Public-key cryptosystems (asymmetric)

Answer 30

Impossible to determine decryption key from encryption key
Everyone knows encryption key

Question 31

Motivation for public e. algos

Answer 31

Negative:
1) device can be “reverse engineered” to extract the algo
2) algo can be leaked
Positive:
1) scrutiny - algos are researched
2) interoperability - easier to adopt to devices and ecosystems
3) transparency - easier to convince a partner the system is secure

Question 32

Kerckhoff principle

Answer 32

crypto algorithm shouldn’t required to be a secret

Question 33

Attacker’s knowledge

Answer 33

1. All ciphertexts
2. Some ptext-ctext pairs:
   - failure to keep decrypted ctexts secret
   - predictable plaintexts (headers)
   - attacker influenced choice of ptext
   - temporary access to encryption/decryption device or interface
   - asymmetric cryptosystem: attacker can generate ctexts using open key
3. details of encryption algorithm

Question 34

Types of ctext attacks

Answer 34

1- ctext only attacks:
=e.algo + ctext
2- known ptext attacks
=some ptext-ctext pairs
3- chosen ptext attacks
=p/ctext pairs corresponding to ptext chosen by the attacker

Question 35

Ways to break e.algos

Answer 35

1) determine d.key directly
2) deducing ptext from ctext (not knowing the key)

Question 36

Exhaustive key search

Answer 36

= brute-force attack
attempts to decrypt with different d.keys from the key space

Question 37

Ways to find candidate d.keys for exhaustive search (3)

Answer 37

1) known c/ptext pairs
2) statistical properties of ptext language
3) contextual info (ex - headers of a receipt)

Question 38

Generic cryptoattacks (3)

Answer 38

1- dictionary
2- time memory trade-off
3- side-channel

Question 39

Dictionary attack

Answer 39

compiling a dictionary
- fixed key syss: c/ptext pairs dictionary
- syss with derivation of key from pw:
pws/keys dictionary

Question 40

Time memory trade-off attack

Answer 40

dictionary + exhaustive search
(optimised exhaustive search)

Question 41

Side-channel attacks (4)

Answer 41

attack against implementation of a primitive (not its theoretical design)
- timing attack: different time of computation depending on the value of the key
- power analysis: diff electric power depending on the value of the key
- fault analysis: inputting errors and finding useful info in the response
- padding attacks: manipulate padding process and monitor error messages

Question 42

Features of historical cryptosystems

Answer 42

• symmetric
• C only
• based on alphabet
• outdated

Question 43

Ceasar cipher

Answer 43

change each letter by a fixed number of positions in the alphabet

Question 44

Substitution cipher

Answer 44

permutation of letters in the alphabet

Question 45

Substitution cipher key space

Answer 45

26!

Question 46

Substitution cipher weakness

Answer 46

statistical properties of a language (frequency analysis)

Question 47

Ways to improve substitution cipher (3)

Answer 47

• increase the size of alphabet (bigrams, trigrams)
• allow the same ptext letter to be encrypted with different ctext letters
• positional dependency

Question 48

Vigener cipher

Answer 48

uses keyword for substitution

Question 49

Breaking vigenere cipher

Answer 49

1) know length of keyword => break up ctext into groups, apply frequency analysis
2) derive length of kword with statistical properties of the language

Question 50

Ways to improve ciphers (2)

Answer 50

• ptext letter encrypted by number of ctext letters (destroy statistics)
• positional dependency

Question 51

Destroying statistics of a language (2)

Answer 51

1) confusion: each bit of ctext depends on several parts of the key
2) changing one bit of ptext changes half of ctext