Chapter 10 - Cryptography 101

Question 1

Confidentiality

Answer 1

encryption helps provide confidentiality because only those with the key can view it

Question 2

Integrity

Answer 2

Hashes ensure that message hasn’t been altered

Question 3

Nonrepudiation

Answer 3

way for recipient to ensure the identity of the sender and neither party can deny having sent or received the message

Question 4

substitution

transposition

Answer 4

substitution replaces bits with other bits

transposition doesn’t replace anything, it changes their order

Question 5

Stream Ciphers

Answer 5

data is encrypted as a continuous stream

readable bits in their regular pattern are fed into the cipher and encrypted one at a time, usually by an Exclusive Or (XOR).

Very fast

Question 6

Block Ciphers

Answer 6

data bits are split into blocks and fed into the cipher

each block (usually 64 bits) is encrypted with the key and algorithm, using methods like substitution and transposition.

Considered simpler and slower than stream ciphers

Question 7

Exclusive Or (XOR)

Answer 7

at the core of a lot of computing

requires 2 inputs. For encryption algorithms they are the data bits and key bits.

each bit is fed into the operation, one from data, one from key and then XOR makes determination:

if bits match the output is 0
if bits don’t match output is 1

see table pg 342

0 0 0
0 1 1
1 0 1
1 1 1

Question 8

how important is key length to pure XOR ciphers?

Answer 8

very.

if key is smaller than the data, the cipher will be vulnerable to frequency attacks.

Since key is used repeatedly, its frequency makes guessing it easier

Question 9

Symmetric Encryption Benefits

aka

Single Key / Shared Key

Answer 9

one key is used to encrypt and decrypt
Simplicity is its greatest asset
Great for for bulk encryption

Question 10

Formula for calculating how many key pairs needed for symmetric key encryption

N(N - 1) / 2

N=number of nodes in network

Answer 10

if you have 2 people to communicate with, there are 3 lines of communication.

Add a person and now there are 6 lines

Question 11

Symmetric Algorithms

DES
3DES
AES
IDEA
Twofish
Blowfish
RC (Rivest Cipher)

Answer 11

DES
3DES
AES
IDEA
Twofish
Blowfish
RC (Rivest Cipher)

Question 12

DES

Answer 12

block cipher. uses 56 bit key with 8 reserved for parity

outdated

Question 13

3DES

Answer 13

block cipher. uses 168 bit key. Can use 3 keys in multiple encryption method.

Question 14

AES (Advanced Encryption Standard)

Answer 14

block cipher. uses 128, 192 or 256 bit key. Much faster than DES or 3DES

Question 15

IDEA (International Data Encryption Algorithm)

Answer 15

block cipher. uses 128 bit key. designed to replace DES. Originally used in PGP. Was patented and used mainly in Europe

Question 16

Twofish

Answer 16

block cipher. uses up to 256 bits

Question 17

Blowfish

Answer 17

fast block cipher, largely replaced by AES.

uses 64 bit block size and a key from 32 to 448 bits.

Public domain

Question 18

RC (Rivest Cipher)

several versions from RC2 to RC6

Answer 18

block cipher that uses variable key length up to 2040 bits.

RC6 uses 128 bit blocks and 4 bit registers
RC5 uses variable block sizes (32, 64 or 128) and 2 bit registers

Question 19

Symmetric Key Cons

Answer 19

doesn’t help with nonrepudiation

Key distribution and management is difficult.

Scaling out number of users means number of keys needed presents a problem

Question 20

Asymmetric Encryption

Answer 20

Built to make sharing keys efficient

Encryption Key is the Public Key. Can be sent anywhere

Decryption Key is the Private Key. Kept secure

Fixes key distribution, management, scalability and nonrepudiation problems from symmetric encryption

Question 21

Asymmetric Algorithms

Diffie-Helman

Elliptic Curve Cryptosystem (ECC)

El Gamal

RSA

Answer 21

Diffie-Helman
developed as a key exchange protocol. Used in SSL and IPSEC. Can be vulnerable to MITM if not using digital signatures.

Elliptic Curve Cryptosystem (ECC)
Uses less processing power than other methods, so good for mobile devices.

El Gamal
Doesn’t use prime number factoring, instead solves logarithm problems.

RSA
strong encryption through using 2 large prime numbers. Factoring them creates keys up to 4096 bits. Modern de factor standard

Question 22

What’s the downside to asymmetric encryption?

Answer 22

performance is slower than symmetric

processing power is higher, more suitable for smaller amounts of data

Question 23

Hash algorithms

Answer 23

one-way function that takes input and produces a fixed-length string (hash)

Purpose is to verify the integrity of a piece of data

Question 24

4 Hash algorithms

MD5 (Message Digest)

SHA-1

SHA-2

SHA-3

Answer 24

MD5 - produces 128bit hash value as a 32 bit hex number
flaws made it obsolete in 2010, but still in some use

SHA1 - produces 160 bit output. Flaws made it obsolete in 2005. US Govt recommends replacing with SHA2.

SHA2 - produces 224, 256, 384, 512 bit outputs. Still not as popular as SHA1

SHA3 - uses “sponge construction” where data is absorbed into sponge by XOR and squeezed out

Question 25

Collission Attack

Answer 25

Successful if two or more files created the same output

If attacker can get a file to look the same as the original, many possibilities for harm exist. ex password hashes

Possible with all algorithms

Question 26

Collision Attack

Answer 26

Successful if two or more files created the same output

If attacker can get a file to look the same as the original, many possibilities for harm exist. ex password hashes

Possible with all algorithms

Question 27

Salt

Answer 27

collection of random bits that are used as a key in addition to the hashing algorithm. Each bit adds a power of 2 to the complexity of computation

A good salt makes a collision attack more difficult

Question 28

Steganography

Answer 28

concealing a message inside another medium, so only the sender and recipient are aware of its exisitence

Question 29

Exam Tip

3 ways tell if a file contains steganography

Answer 29

Text File - look at character positions, patterns, unusual blank spaces, language anomalies

Image file - weird color pallet faults, larger file size

audio and video files - require statistical analysis, specific tools

Question 30

3 Image Steganography Techniques

least significant bit insertion
masking and filtering
algorithmic transformation

Answer 30

masking and filtering is done on grayscale images. Masking hides data similarly as a watermark but it modifies the luminescence

Algo Tranformation hides data in the mathematical functions of image compression

Question 31

Audio steganography

Answer 31

uses frequencies that the human ear can’t pick up, phase encoding, tone insertion

Question 32

Public Key Infrastructure (PKI)

Answer 32

Structure designed to verify and authenticate identity of individuals in an organization taking part in a data exchange

Consists of hardware, software and policies that create, manage, store distribute and revoke keys and digital certificates.

Question 33

Registration Authorities (RAs)

Answer 33

subordinate Certificate Authorities that handle things internally.

Most Root CAs are removed from network access to protect integrity

Question 34

Certificate Authority (CA)

Answer 34

Acts as a 3rd party to the organization, like a notary public when it signs something valid that you can trust

Creates and issues digital certificates that can verify identity

Tracks all certificates in the system using a Certificate Management System

Maintains a Certificate Revocation List (CRL)

Question 35

Validation Authority

Answer 35

in many PKI systems, a VA is used to validate certificates usually via Online Certificate Status Protocol (OCSP)

Question 36

PKI Trust Model

Answer 36

how an entity deals with keys, signatures and certificates

3 basic models

Question 37

PKI Trust Model

Web of Trust

Answer 37

multiple entities sign certificates for each other.

Users trust each other based on certificates they get from other users

Question 38

PKI Trust Model

Single Authority System

Answer 38

Has a CA at the top that creates and issues certificates.

Users trust each other based on the CA

Question 39

PKI Trust Model

Hierarchical trust system

Answer 39

Has a CA at the top (root CA) and uses one or more Registration Authorities (Subordinate CAs)

this is the most secure because users can track the certificate back to the root to ensure authenticity without a single point of failure

Question 40

Digital certificate

Answer 40

electronic file used to verify a user’s identity providing nonrepudiation throughout the system

Question 41

9 Contents of a digital certificate (know for exam)

Version
Serial Number
Subject
Algorithm ID
Issuer
Valid From, Valid To
Key Usage
Subject's Public Key
Optional Fields

Answer 41

Version - identifies certificate format. Most common is 1

Serial Number - unique ID for the cert

Subject - who or what is identified by the cert

Algorithm ID - algorithm used to create digital signature

Issuer - entity that verifies authenticity of the cert

Valid From, Valid To - dates the cert is good through

Key Usage - purpose that cert was created

Subject’s Public Key - copy of subject’s public key

Optional Fields - issuer unique ID, subject alternate name, extensions

Question 42

Self-Signed vs Signed Certificates

Answer 42

Self Signed - created internally to an organization, not used in any other situation. Save money and complexity since no need for external authority. Easy to set up.

Signed - indicate that a CA is involved and signature validating the identity is confirmed from an external source

Question 43

Digital Signature

Answer 43

algorithmic output designed to ensure the authenticity and integrity of the sender. Basically a hash algorithm

Question 44

Digital Signature / Encrypted message process

Answer 44

Bob creates message to send to Joe

Bob runs it through hash and generates an outcome

Bob encrypts outcome of that hash with his private key and sends the message plus the encrypted hash to Joe

Joe gets message, tries to decrypt with Bob’s public key. If it works, he kknows message came from Bob, since Bob’s public key could only decrypt output of his private key

Question 45

Data at Rest (DAR)

Answer 45

data that is in a stored state an not currently accessible

Data in a powered-on networked, accessible server’s folder is not at rest, regardless of whether it’s being used or not.

Data on a powers-off laptop is DAR

Data on a backup drive off the network is DAR

Question 46

Full Disk Encryption

Answer 46

software or hardware based

software can provide central management for key management and recovery actions, like Bitlocker or McAfee Endpoint Protection, Symanentc Drive Encryption

Doesn’t protect the data once the drive is unlocked.

Once computer is running, use another product if necessary to encrypt data

Question 47

Ways to encrypt communications

SSH (Secure Shell)
SSL (Secure Sockets Layer)
TLS (Transport Layer Security)
IPSEC
PGP

Answer 47

SSH - TCP port 22. Uses public key crypto. SSH2 is the latest version, includes SFTP

SSL - encrypts at transport layer and up. Uses RSA and digital certificates. Uses a 6 step process for securing a channel.

TLS - Replaced SSL. Uses RSA 1024 or 2048 bits. Handshake portion allows client and server to authenticate to each other. RLS Record Protocol provides secure communication channel

IPSEC - tunnel or transport mode. AH verifies integrity. ESP encrypts each packet

PGP - hybrid cryptosystem, uses features from conventional and public key crypto

Question 48

Crypto Attacks 1-3

Known plaintext attack

Chosen plaintext attack

Adaptive chosen plaintext attack

Answer 48

Known plaintext attack
attacker has both plaintext and cypher text messages. Plaintext copies are scanned for repeatable sequences that are compared to ciphertext versions. Over time, this can be used to decipher key

Chosen plaintext attack
attacker encrypts multiple plaintext messages in order to gain the key

Adaptive chosen plaintext attack
Attacker sends series of cipher texts to be decrypted, uses results of them to select different, closely related cipher texts

Question 49

Crypto Attacks 4-6

ciphertext only attack

replay attack

chosen cipher attack

Answer 49

ciphertext only attack
attacker gains copies of messages encrypted with the same algorithm. Statistical analysis can be used to reveal repeating code which can be used to decode messages later

replay attack
usually performed in MITM scenario. Attacker replays portion of crypto exchange to try and fool the system into setting up a communications channel. Attacker doesn’t have to know data (password), just get the timing righting copying and replaying the bit stream. Mitigate by using session tokens

chosen cipher attack
attacker chooses a ciphertext message and tries to learn the key through a comparative analysis with multiple keys and a plaintext version. RSA is vulnerable to this