Chapter 3: Cryptography

Question 1

What is the synonymous term for Cipher

Answer 1

Algorithm

Question 2

what are the two major types of ciphers?

Answer 2

A substitution cipher (uses a key to determine how the substitution should be carried out (eg key is the instruction to shift up 3 places)

Transposition Cipher r(Message is scrambled or put in different order)

Question 3

What are the components of a cryptosystem

Answer 3

• Encryption algorithm (which determines how simple or complex the process will be)
• Keys (known as cryptovariable, key is a large sequence of random bits)
• Software components
• Protocols

Question 4

What is a keyspace?

Answer 4

A keyspace is the total number of values of keys possible e.g a 256 bit key has a keyspace of 2^256

It is a range of values that can be used to construct keys (2^512 is higher than 2^128 and so on)

The larger the keyspace, the more difficult for the attacker to back calculate it

Question 5

algorithms vs keys

Answer 5

Most algorithms are complex mathematical formulas that are applied in a specific sequence to the plain text. The key indicates the sequence in which these functions take place

Question 6

What is Kerchoffs principle

Answer 6

algorithms should be publicly known. Only key should be private

Question 7

what is menat by strength of a cryptosystem

Answer 7

strength refers to how hard it is to figure out the algorightm or the key whichever is not made public

another name for cryptography strength is work factor

Question 8

What does the Strength of a cryptosystem depends on

Answer 8

• Algorithm used
• Length of keys
• Secrecy of keys
• Initialisation vectors

Question 9

what is work factor in asymmetric cryptography

Answer 9

the difference in time and effort required to carry out the one way function in the easy direction compared to one way function in the hard direction

Question 10

What services are offered by cryptosystems

Answer 10

• Confidentiality
• Integrity
• Authentication
• Authorisation
• Non repudiation

Question 11

What are the features of one time pad

Answer 11

generally considered unbreakable if implemented correctly

• XORs the value of text with the one time pad
• Should be of same or greater length than plain text
• Should not be used more than once
• Pad must be securely distributed and protected at its destination
• Pad must be made up of truly random values
• Pad must be secured at senders and receivers sites

Question 12

Why are random numbers generated by computers called pseudo random

Answer 12

they Use Initialisation vectors which could be aligned to some state of the system

Computer system states are not fully random and hence can be possibly calculated. Consequently number is pseudorandom

Question 13

What are running Ciphers

Answer 13

refer to external stuff (such as books) to get real message

no mathematical computation on plain text

Question 14

Concealment Ciphers (Null Ciphers)

Answer 14

message within a message.

The key determines how to extract the message from the message (e.g every third word from punctuation

Concealment cipher is a type of steganography method

Question 15

how do symmetric algorithms work

Answer 15

use long sequences of substitution and transposition

The algorithm provides the many possible ways the substitution and transposition can happen (represented in mathematical formulas)

Key is used as the instructions for the algorithm, dictating exactly how these processes will happen and in what order

Question 16

how many number of keys are required for symmetric encryption

Answer 16

N*(N-1)/2

Question 17

What is secure message format

Answer 17

sender encrypts message with receivers public key

ensures confidentiality

Question 18

what is open message format

Answer 18

sender encrypts message with his own private key

Ensures authenticity

Question 19

What are the strengths of symmetric key cryptography

Answer 19

Faster

harder to break

provide confidentiality

used in bulk encryption eg files and communication paths

Question 20

What are the weaknesses of symmetric key cryptography

Answer 20

secure mechanism required for key delivery

unmanageable keys with more participants

no authenticity and non repudiation

Question 21

What are the examples of symmetric key cryptography

Answer 21

DES, 3DES, AES, RC4, RC5, RC6

International Data Encryption Algorithm (IDEA), Blowfish

Question 22

What are the strengths of asymmetric cryptography

Answer 22

Better key distribution

Better scalability

Authenticity, non-repudiation, confidentiality

used in key distribution and digital signatures

Question 23

what are the disadvantages or weaknesses of asymmetric cryptography

Answer 23

Works slowly

mathematically intensive

Question 24

what are some of the examples of asymmetric key cryptography

Answer 24

Rivest –Shamir-Aldeman (RSA)

Elliptic curve cryptosystem (ECC)

Diffie-Hellman,

El Gamal,

Digital Signature algorithm (DSA)

Question 25

what is the other name for asymmetric algorithms?

Answer 25

Public Key Cryptography

Question 26

What are block ciphers

Answer 26

• Message is divided into blocks of bits
• Each block is encrypted
• do not require processing power and can be implemented in software

Question 27

what should a strong cipher contain

Answer 27

confusion and diffusion

Question 28

differentiate between confusion and diffusion in cipher

Answer 28

Confusion is substitution

Diffusion is transposition

Question 29

what is the key point to note about diffusion

Answer 29

Single plaintext bit has influence over several ciphertext bits

similar to avalance effect ((small change to the key or plaintext should cause drastic change to ciphertext))

Question 30

What are stream ciphers

Answer 30

Keystream generator generates bitstream based on the key (which provides randomness)

Each bit is XORed with this bit stream generated

Better Implemented at hardware level

Question 31

what should be the key features of stream ciphers?

Answer 31

• Long periods of no repeating values within keystream
• keystream is not linearly related to key (and hence cannot be deduced)
• statistically unbiased keystream (as many zeros as ones)

Question 32

Differentiate between stream and block ciphers

Answer 32

STREAM :: BLOCK

More processing :: Less processing

Less secure (pseudo random) :: more secure

propagtes single error :: error affects only one or few blocks

Question 33

What are initialisation vectors and why are they used

Answer 33

two identical plain text should not generate same cipher text when same key is used

create more randomness along with the key

Question 34

Apart from confusion and diffusion what are the Other cryptographic transformation techniques

Answer 34

• Compression (reduce redundancy)
• Expansion (add duplicate values to meet key sizes)
• Padding
• Key mixing

Question 35

Explain the process of hybrid encryption

Answer 35

• symmetric key is used to encrypt message
• Symmetric key is encrypted using receivers public key
• Symmetric key is decrypted using receivers private key
• symmetric key is then used to decrypt message

Question 36

what are alternative names for symmetric cryptography

Answer 36

• secret key cryptography
• session key cryptography

(keys good for only one session but in all sense similar to secret key. This way, attacker has a small window to try and decrypt it))

• private key cryptography (different from private key of asymmetric encry)

- shared key cryptography

Question 37

DES/AES vs DEA/Rijndael

Answer 37

DES/AES are standards

DEA/Rijndael are algorithms in those standards

exam can refer to algorithm by either of DES / DEA

Question 38

What type of data is encrypted by DES

Answer 38

Sensitive but unclassified

Question 39

What was the replacement of DES

Answer 39

DES was later replaced by Rijndael algorithm as the Adavanced Encryption Standard (AES) for sensitive but unclassified documents

Question 40

What are the key points of DES

Answer 40

• Symmetric Block encryption
• 64 bit key – 54 is key 8 are parity
• Blocks are put through 16 rounds of substitution and transposition
• Order of substitution and transposition depends on key used
• Output is 64bit

Question 41

What are the different modes of DES

Answer 41

• Electronic Code Book (ECB)
• Cipher block chaining
• Cipher Feedback mode
• Output Feedback mode
• Counter mode (CTR)

Question 42

Explain the electronic code book (ECB) mode of DES

Answer 42

Key = instructions to use code book

Code book dictates how text will be encrypted and decrypted

used for short messages such as pins, keys, challenge-response values etc

not dependent on previous block for encryption– good for databases , not for files

Question 43

What are the shortcomings of ECB

Answer 43

Same key and code book are used – hence not enough randomness

not suitable for large amount of data where pattern could emerge

Cannot carry out preprocessing before receiving plaintext

Question 44

Explain Cipher Block Chaining

Answer 44

• Each block of plaintext is modified using XOR before being encrypted
• Results of one block are XORed with the next block before it is encrypted
• First block is XORed using Initialisation vector
• If new IV is used every time, will result in a unique ciphertext everytime
• Chaining adds the necessary randomness that allows to encrypt large files

Question 45

What is Cipher Feedback Mode

Answer 45

It is block cipher working in stream mode

Question 46

How does Cipher Feedback Mode (CFB) work?

Answer 46

• Key and IV are used to create keystream
• Keystream is XORed with first block
• Ciphertext sent to destination , also key+ciphertext=keystream for next block
• IV has to be different for each message to avoid patterns

Question 47

What is the constraint in CFB

Answer 47

Size of the ciphertext needs to be of the same size as the block of plaintext being encrypted. Otherwise values will get repeated which will introduce patterns

Question 48

What is the use case for CFB of DES

Answer 48

Better for smaller sized blocks (such as 8 bit data from terminal to server)

Question 49

What is difference between CBC and CFB

Answer 49

In CBC, encryption is carried out on block using the key (XOR is for preprocessing of block)

In CFB, block is only XORed

Question 50

how does output feedback mode (OFB) work

Answer 50

• similar to CFB
• instead of last blocks ciphertext, it is last blocks keystream that is used along with key to create new keystream
• is used to avoid errors in ciphertext propagating forward (for digitised voice and video)

Question 51

How does counter mode (CTR) work

Answer 51

• similar in working to CFB and OFB
• new IV for each block
• IV + Key = keystream
• since there is no chaining, the encryption can happen in parallel and hence better performance

Question 52

What is the use case for CTR mode of DES

Answer 52

Used in ATM cells or IPSEC tunnels where the bits may arrive out of sequence

So CTR mode means that receiver does not have to wait for entire message before starting the decryption

Question 53

What is the difference between Synchronous cryptosystem and Asynchronous cryptosystem

Answer 53

Synchronous: Keystream values are in-sync with plaintext values

Asynchronous: Uses previously generated output to encrypt the plaintext values

Question 54

what are different options in 3DES

Answer 54

uses 48 rounds in computation

1. DES-EEE3 – 3 separate keys, encryption, encryption , encryption
2. DES-EDE3 – 3 separate keys, encryption, decryption, encryption
3. DES-EEE2 – 2 separate keys, encryption , encryption, encryption (same key for first and third)
4. DES-EDE2 – 2 separate keys, encryption, decryption, encryption (same key for first and third)

Here decryption refers to decrypting with a different key which results in more jumbling up rather than plaintext.

Question 55

How many bits are supported by Rijndael

Answer 55

128 (10 rounds)

192 (12 rounds)

256 (14 rounds)

(both key and block size should be same for above rounds)

Question 56

International Data Encryption Algorithm (IDEA)

Answer 56

• Block Cipher
• 64 bits block
• 64 bit data block is divided into 16 smaller blocks
• each has 8 rounds of mathematical functions performed on it

Question 57

what is the key length in IDEA

Answer 57

128

Question 58

who is developer of blowfish

Answer 58

Developed by bruce schneier and has kept it open and unpatented

Question 59

what are the key sizes and rounds of computation in blowfish

Answer 59

Key from 32 bits to 448 bits

16 rounds of cryptographic functions

Block cipher working on 64 bit blocks

Question 60

What is RC4

Answer 60

most commonly implmeneted stream ciphers

is used in ssl protocol

has a variable key size

Stolen version is referred to as ARC4 at times

Question 61

What is RC5

Answer 61

Block Cipher

Question 62

what is the cryptographic notation for RC5

Answer 62

W | R | B

W = word size in bits

R = number of rounds from 0 to 255

B =key size in bytes

Question 63

what does RC5-32/12/16 mean

Answer 63

32 bit words , which means it encrypts 64 bit blocks

Using 12 rounds

With a 16 byte (128 bit) key

Question 64

List the key sizes and rounds of computation for block ciphers

Answer 64

algorithm | key size | Rounds of computation

DES | 64 | 16

3DES | 64 | 48

Rjindael | 128/192/256 | 10/12/14

IDEA 128 / 8

Blowfish | 32 to 448 | 16

RC4 | Variable

RC 5/RC6 | upto 2048 | 255

Question 65

what is the difference between key agreement and key exchange

Answer 65

Key agreement - use of DH type algorithm for generating and agreeing on public/private key pair

Key exchange - encrypting key before sending it to other party

(typically key is encrypted with senders public key)

Question 66

What does Diffie Hellman provide for and not provide for

Answer 66

allows : key distribution

does not allow : encryption and digital signature

Question 67

How can DH algorithm be attacked and what countermeasure can be taken

Answer 67

Man in the middle while public key exchange can create a conduit where receiver speaks to the MITM and sender speaks to the MITM

Countermeasure to this attack is to have authentication done before public key exchange.

Exchanging digital certificates can thwart man in the middle type of attacks

Question 68

What authentication key agreement function can prevent MITM attack on DH

Answer 68

MQV

Question 69

What are key features of RSA

Answer 69

Defacto standard for

1. Digital signatures
2. Key exchange
3. Encryption

Question 70

What is a digital signature

Answer 70

Hash value encrypted with private key

Question 71

What does one way function of RSA provide

Answer 71

Encryption

&

Digital Signature Verification

Question 72

What does inverse function of RSA provide

Answer 72

Decryption

&

Digital Signature Creation

Question 73

what are the symmetric algorithms with which RSA has been used

Answer 73

DES and AES

Used as key exchange, RSA encrypts the secret key created by the DES or AES algorithm with the receivers public key and sends across to receiver. The receiver decrypts it with his private key.

Question 74

What is work factor in asymmetric key cryptography

Answer 74

mathematical equations are easy to perform in one direction and next to impossible to perform in other direction

(hard direction is based on a hard mathematical problem)

Question 75

Which assymetric encryption can be used where computing power is limited and why

Answer 75

Elliptic Curve

• provides higher encryption with small key sizes and hence requires less mathematical computation

Question 76

What is the challenge with parity bits, CRC and one way hash values

Answer 76

Message can be modified and revised parity, CRC and hash values can be inserted to make message genuine

Question 77

What are Hash algorithms used for

Answer 77

detect intentional and unintentional unauthorized modifications to data

Question 78

What is the secrecy in one-way hash

Answer 78

the hash value cannot be recompiled into message

Question 79

what are key points of one-way hash

Answer 79

1. Variable string converted to a fixed length hash
2. hashing algorithm is public
3. one way hash takes place without any keys

Question 80

how can MITM attack on Hash values be avoided

Answer 80

by using MAC functions

Question 81

what benefit does MAC function offer over Hash

Answer 81

MAC can identify intentional, accidental and unauthroised changes

Hash can identify only accidental changes

Question 82

What are the different MAC functions

Answer 82

1. Hash MAC (HMAC)
2. CBC-MAC (Cipher block chaining MAC)
3. CMAC (Cipher based MAC)

Question 83

How does Hash MAC (HMAC) work

Answer 83

1. Private Symmetric key is concatenated with the message and then the complete text is hashed
2. Works against MITM attacks since MITM will not have access to the private symmetric key
3. Symmetric key in this case does not do encryption

Question 84

how does CBC-MAC (Cipher block chaining MAC) work

Answer 84

1. Message is put through CBC encryption using the symmetric key
2. Final block of output is considered as the integrity check ie MAC value
3. Receiver carries out similar encryption and verifies the final output
4. Symmetric key ensures that the only person who can verify integrity is the one who has access to the symmetric key

Note: the same key should not be used for authentication and encryption

Question 85

What kind of authentication does MAC provide

Answer 85

MAC provides data origin authentication , also known as system authentication

Question 86

how does CMAC (Cipher based MAC) work

Answer 86

1. Similar to CBC-MAC but with more complex mathematical functions and logic
2. Symmetric key is used to create sub-keys. Each sub-key is used individually to encrypt the blocks of message

Question 87

How does CCM MAC work

Answer 87

1. Combines CBC-MAC and CTR mode
2. Provides data origin authentication and encryption using same key

Question 88

What is difference between private key and symmetric key

Answer 88

A private key is bound to an individual, a symmetric key is not . Symmetric key is bound to computer or device.

Hence MAC authentication provides the weakest form of authentication

Question 89

how many hash values are required to be checked to see if two messages hash to the same value

Answer 89

2^(n/2) hash values where n is the length of the hash (e.g in 160 bit hash may required around 2^80 computations to break)

Question 90

What are the different Hashing algorithms

Answer 90

MD4

MD5

SHA

SHA 1 /2 /3

Question 91

How does MD4 hashing work

Answer 91

its a one way hash

Produces a 128 bit message digest value

No longer considered secure

Question 92

How does MD5 work

Answer 92

1. Similar to MD4 but more stronger, using more complex mathematical functions and additional fourth round of operations during hashing
   2.

Question 93

What can MD5 be use for and avoided for

Answer 93

It is Secure but not resistant to collisions

not used in digital signatures and ssl certificates

Mostly used for file integrity checksums

Question 94

SHA / SHA1

Answer 94

Similar to MD4 but 160 bit value and extra mathematical functions

Was improved and renamed as SHA1

it is a federal government algorithm

Question 95

Why was SHA2 and 3 developed

Answer 95

SHA and SHA 1 are not resistant to collision attacks hence developed SHA2 and 3

Question 96

What are part of the SHA 2 and 3 families

Answer 96

2 and 3 families include SHA256, SHA384 and SHA512.

The SHA 2 and 3 families are considered secure for all uses

Question 97

what is a birthday attack

Answer 97

It is more probable to find two people with same birthday than to find a person who matches a particular birthday

A hashing algorithm that has a larger bit output is less vulnerable to brute force attacks such as birthday attacks

Question 98

which are the two algorithms widely used for digital signing

Answer 98

RSA and DSA

Question 99

What is the difference between RSA and DSA

Answer 99

DSA can be used only for digital signatures

DSA is slower in signature verification

Question 100

what is the standard used to create digital signatures

Answer 100

DSS

outlines the digitial signature algorithms that can be used with SHA: RSA, DSA, Elliptic curve DSA (ECDSA)

Question 101

Matrix of encryption / use case

Answer 101

Message is :

Confidentiality

Integrity

Authentication

Non-repudiation

Encrypted

Yes

-

-

-

Hashed

-

Yes

-

-

Digitally Signed

-

Yes

Yes

Yes

Encrypted and Digitally signed

Yes

Yes

Yes

Yes

Question 102

What services does PKI offer

Answer 102

1. Confidentiality
2. Integrity
3. Authentication
4. Non repudiation
5. Access control

Question 103

What is a certificate authority CA

Answer 103

A CA is a trusted organisation (or server) that maintains and issues digital certificates

Question 104

what does digital certificate contain

Answer 104

A digital certificate contains public key for that individual along with other identifying information

Question 105

What is the relation between registration authority and certificate authority

Answer 105

Registration authority verifies the individuals identity and passes off the certificate request to the CA

CA constructs the certificate, signs it and send it to the receiver. Also maintains it over lifetime

Question 106

what is CA cross certification

Answer 106

CA cross certification is required when two CAs do not have a root CA above them. It establishes a trust relationship in which they rely upon each others digital certificates and public keys as it they had issued it themselves

Question 107

CRL is cumbersome. what is the alternative

Answer 107

CRL is cumbersome, so OCSP is used, online certificate status protocol that automatically checks with the CRL in the background

Question 108

what is the standard for certificates

Answer 108

X.509v3

Question 109

what does a certificate typically include

Answer 109

1. Serial number
2. Version number
3. Identity information
4. Algorithm information
5. Lifetime dates
6. Signature of issuing authority

Question 110

what is role of registration authority

Answer 110

1. Acts as broker between user and CA
2. Identifies the user
3. New certificate requests are made to the RA and not to the CA

Question 111

if CA creates public key, how is the private key created and distributed to the customer?

Answer 111

CA creates certificate with the users public key and identity information embedded.

The private/public key is either created by CA OR

as is the usual case , created by the user on his machine and then sends in the public key during the registration process

Question 112

What are the Steps in communicating during PKI

Answer 112

1. John requests Dianes public key from a directory (also called repository)
2. The directory sends Dianes digital certificate
3. John verifies the digital certificate and extracts her public key
4. John encrypts a session key with Dianes public key
5. Along with encrypted session key, John sends his digital certificate
6. Dianes browser checks Johns digital certificate to identify the CA who issued it as well as validate rest of the pieces of the identity
7. Diane extracts the session key using her own private key

Question 113

What are the entities and functions in PKI

Answer 113

1. Certification authority
2. Registration authority
3. Certificate repository
4. Certificate revocation system
5. Key backup and recovery system
6. Automatic key update
7. Management of key histories
8. Time stamping
9. Client side software

Question 114

What is a trusted platform module?

Answer 114

• securely designed microcontroller with added modules to perform cryptographic functions
• These modules allow for accelerated and storage processing of cryptographic keys, hash values, and pseudonumber sequences

*

Question 115

what are common use cases for TPM

Answer 115

bind a hard disk to a system

seal a systems state to a particular hardware and software configuration

Question 116

What are components of TPM

Answer 116

1. Endorsement Key (persistent memory)
2. Storage Key (persistent memory)
3. Attestation Identity key (versatile memory)
4. Platform configuration registers (versatile memory)
5. Storage keys (versatile memory)

Question 117

What is the Endorsement Key of TPM

Answer 117

Public/private key pair.

Private key permanently stored in the module.

Used to verify the TPM platform itself

Question 118

What is Storage Key (persistent memory) in TPM

Answer 118

Master wrapping key used to secure the keys stored in the TPM

Question 119

What is Attestation Identity key in TPM

Answer 119

• Used for attestation of TPM to tservice providers
• AIK linked to EK
• AIK ensures integrity of EK

Question 120

What are Platform configuration registers in TPM

Answer 120

Used to store Cryptographic hashes of data used for TPMs “sealing” use case

Question 121

What are storage key (versatile memory) in TPM

Answer 121

Used to encrypt the storage media of the computer system

Question 122

What are the Attacks on Cryptography

Answer 122

Passive attacks – reading off the wires

Active attacks – altering messages / system files, masquerading as another user

Question 123

What are the active attack types in cryptography

Answer 123

1. Cipher-text only
2. Known plain-text
3. Chosen plain-text
4. Chosen cipher-text
5. Differential crypanalysis
6. Linear crypt analysis
7. Replay attacks
8. Side channel attacks
9. Algebraic attacks
10. Analytic attacks
11. Social engineering attacks
12. Statistical attacks
13. Meet in the middle

Question 124

What is Cipher-text only attack

Answer 124

multiple encrypted messages are analysed

Question 125

What are Known plain-text and Chosen plain-text attacks

Answer 125

Known plain-text: the plain-text and its encrypted form are known to attacker

Chosen plain-text: attacker choses the plain text and then observes corresponding ciphertext

Question 126

What is Chosen cipher-text attack

Answer 126

attacker choses cipher-text and has access to resulting plain-text

Question 127

Differential crypanalysis

Answer 127

Type of chosen plain text attack

ooks at pairs of cipher-text for corresponding pairs of known and chosen plain-text with specific differences engineered in the plain-text

Question 128

Linear crypt analysis

Answer 128

known plain-text attack on several different messages to identify the highest probability of specific key employed during encryption

Question 129

Replay attacks on cyrptography

Answer 129

resubmitting information caught on wire while masquerading as different entity

Question 130

Side channel attacks

Answer 130

identify the behavior of the system and infer the encryption process/keys

Question 131

Algebraic attacks

Answer 131

exploit weakness in the mathematics of the algorithm

Question 132

Analytic attacks

Answer 132

exploit weakness in the structure of the algorithm

Question 133

Social engineering attacks on cryptography

Answer 133

get a user to divulge information related to keys etc

Question 134

Statistical attacks on cryptography

Answer 134

identify statistical patterns e.g more 1s than 0s can indicate a biased random number generator and consequently towards a biased key set

Question 135

Meet in the middle attacks on cryptography

Answer 135

encryption from one side and decryption from other side

Question 136

What is a zero knowledge proof

Answer 136

interactive method for one party to prove to another that a (usually mathematical) statement is true without revealing anything sensitive

e.g marge uses her private key to create a digitial signature on a message she is sending to george but does not show or send her private key with george