Chapter 2 - Cryptography

Question 1

What does Cryptography help ensure? (4)

Answer 1

Ensures
1. Confidentiality: only authorized people can read information
2. Authentication: Verifies sender’s identity
3. Integrity: Protect data from unauthorized modification
4. Anonymity: Hides user identities during communication

Question 2

What are the two basic operations in cryptography?

Answer 2

1. Encryption: Convert plaintext into ciphertext
2. Decryption: Convert ciphertext back to plaintext

Question 3

What is a cipher?

Answer 3

Algorithm used to encrypt and decrypt data.

Question 4

What is a key in cryptography?

Answer 4

A piece of information that works with the cipher to encrypt and decrypt messages

Question 5

What is the Caesar Cipher?

Answer 5

Substitution cipher where each letter is shifted by a fixed number of positions

Ex: A becomes D (shift of 3)

Question 6

How can the Caesar Cipher be attacked?

Answer 6

1. Brute Force: Trying all possible keys until intelligible plaintext is obtained
2. Cryptoanalysis: Using letter frequency analysis

Question 7

What is symmetric key encryption?

Answer 7

Encryption where the same key is used for both encrypting and decrypting data

Question 8

What is the key distribution problem?

Answer 8

If both sender and reciever use the same key then how do you share the key without someone intercepting it?

Question 9

What are the requirements for secure symmetric encryption?

Answer 9

1. A strong encryption algorithm
2. Secure key exchange and storage

Can’t deciper ciphertext even if opponent knows it and has access to one or more ciphertexts

Question 10

What are common attacks on symmetric encryption?

Answer 10

Brute Force and Cryptoanalysis (exploit algorithm weaknesses)

Question 11

Examples of symmetric encryption algorithms

Answer 11

1. DES: Weak and outdated (56-bit key)
2. 3DES: Encrypt 3 times with DES (stronger but slower)
3. AES: Fast and secure (128, 192 or 256 bit keys)

Question 12

What is the difference between block and stream ciphers?

Answer 12

Block: Encrypt data in fixed-size blocks (AES) (can resuse keys)
Stream: Encrypt byte by byte, faster and lightweight (use less code)

Question 13

When to use block vs stream ciphers

Answer 13

stream for data communications channel

block for file transfer, email and database

Question 14

Why is encryption alone not good enough for authentication? Give an example

Answer 14

An attacker can reorder blocks

Time

Question 15

When might we authenticate messages but not encrypt them?

Answer 15

• Broadcast messages (alarm)
• One side is overloaded and can’t afford to decrypt all incoming messages
• Computer programs that don’t want to decrypt evey time they need to execute

Question 16

What is a Message Authentication Code (MAC)?

Answer 16

Short piece of data that verifies the authenticity (who) and integrity (unchanged) of a message

Uses a key and a MAC algorithm

message + key as inputs, MAC as ouput that gets added to end of message

both message and MAC transmitted in clear on network, recipient verifies with key that they also have and message as inputs

Question 17

HMAC

Answer 17

Standard approach for a keyed hash mac

Question 18

One-Way Hash Function Role

Answer 18

Alternative to the message authentication code that does not take a secret key as input for the function

Disclaimer: You can encrypt/decrypt the hashed message for authentication, as we see in diagrams a and b (as authentication method that benefits from using much smaller value than entire message), but the actual hash function just recieves message as input

Question 19

3 ways a message can be authenticated using a hash function

Answer 19

a) symmetric encryption
b) public key encryption
c) secret value (keyed hash mac)

Question 20

Steps in keyed hashed MAC

Answer 20

1. Concatenate key before and after message
2. Hash this and add to end of message
3. Send both in clear
4. Recipient who knows key concatenates (prefix and suffix), hashes it, and compares

Question 21

Example of MAC use

Answer 21

When you make a payment online, the bank can use HMAC to verify that the payment details weren’t altered during transmission.

Question 22

One-way hash vs MAC

Answer 22

An alternative to message authentication code (MAC) that DOES NOT take a secret key as input

Question 23

Why are hash values efficient?

Answer 23

Instead of comparing large amounts of data for verification, systems compare smaller fixed size hash values

Question 24

What are the 6 properties of secure hash functions?

Answer 24

1. Any size input
2. Fixed-size output
3. Easy to compute
4. One-way (preimage resistant) Starting with hash, can’t find it’s input
5. Second preimage resistant Starting with known input and hash, can’t find another input with the same hash
6. Collision resistant can’t find two inputs with same hash

second preimage like collision with headstart-at u least know one input

Question 25

What is public-key encryption?

Answer 25

Encryption method using two keys:
1. Public Key: Available to everyone
2. Private Key: Kept secret
Encryption with one key can only be decrypted with the other

Question 26

Why is public-key available to everyone?

Answer 26

So anyone can send an encrypted message for the key owner. (secure communication for parties who have never met)

Let others know how to encrypt a message for YOU specifically… the public key is the customization of an already used algorithm (RSA, ECC)

The cipher is the algorithm, and the** key** is the specific variable used to customize it. (Should be random and long enough). We can know how a combination lock works, but we will keep the numbers secret. We can understand the concept of shifting letters, but not tell how many to shift by. It allows the public to determine how robust the algorithm is and think hmmm maybe I won’t use this

Question 27

What are digital signatures used for?

Answer 27

To authenticate the sender and ensure data integrity

Question 28

What is a public-key certificate?

Answer 28

Verifies ownership of public key, issued by a trusted Certificate Authority (CA).

Question 29

What is a digital envelope?

Answer 29

A hybrid method combining symmetric encryption for data and public-key encryption for the symmetric key

Question 30

Why are random numbers important in cryptography?

Answer 30

Used for generating keys, session keys, and preventing replay attacks.

Question 31

Replay Attack

Answer 31

Attacker intercepts a legitimate message and resends it to trick the recipient into believing it’s valid.

Question 32

What is the difference between true random and pseudo-random numbers?

Answer 32

True Random (TRNG): Produce randomness by measuring unpredictable natural processes (nondeterministic source)
Pseudo-random: Deterministic but passes statistical randomness tests

EX: radiation, gas discharge, leaky capacitors

TRNG increasingly provided with modern processors

Question 33

Where are random numbers used?

Answer 33

1. generationg of keys (public-key algorithms)
2. Stream key (symmetric stream cipher)
3. Symmetric key (temporary session key or for digital envelope)
4. Handshaking to prevent replay attacks

Question 34

2 criteria for randomness

Answer 34

1. Uniform distribution (frequency occurence of each number almost the same)
2. Independence (can’t infer one value from others)

Unpredictability

Question 35

What Happens When You Visit an HTTPS Website:

Answer 35

You request https://example.com.
The website sends you its digital certificate (which contains its public key and the CA’s signature).
Your browser:
Checks the CA’s digital signature (by using the CA’s public key, which your browser already trusts).
If the signature is valid, the website’s public key is trusted.
Now, your browser generates a random session key, encrypts it with the website’s public key, and sends it to the site.
Only the website (with its private key) can decrypt the session key, enabling secure communication.