Chapter 3: Cryptography Flashcards
What is the synonymous term for Cipher
Algorithm
what are the two major types of ciphers?
A substitution cipher (uses a key to determine how the substitution should be carried out (eg key is the instruction to shift up 3 places)
Transposition Cipher r(Message is scrambled or put in different order)
What are the components of a cryptosystem
- Encryption algorithm (which determines how simple or complex the process will be)
- Keys (known as cryptovariable, key is a large sequence of random bits)
- Software components
- Protocols
What is a keyspace?
A keyspace is the total number of values of keys possible e.g a 256 bit key has a keyspace of 2^256
It is a range of values that can be used to construct keys (2^512 is higher than 2^128 and so on)
The larger the keyspace, the more difficult for the attacker to back calculate it
algorithms vs keys
Most algorithms are complex mathematical formulas that are applied in a specific sequence to the plain text. The key indicates the sequence in which these functions take place
What is Kerchoffs principle
algorithms should be publicly known. Only key should be private
what is menat by strength of a cryptosystem
strength refers to how hard it is to figure out the algorightm or the key whichever is not made public
another name for cryptography strength is work factor
What does the Strength of a cryptosystem depends on
- Algorithm used
- Length of keys
- Secrecy of keys
- Initialisation vectors
what is work factor in asymmetric cryptography
the difference in time and effort required to carry out the one way function in the easy direction compared to one way function in the hard direction
What services are offered by cryptosystems
- Confidentiality
- Integrity
- Authentication
- Authorisation
- Non repudiation
What are the features of one time pad
generally considered unbreakable if implemented correctly
- XORs the value of text with the one time pad
- Should be of same or greater length than plain text
- Should not be used more than once
- Pad must be securely distributed and protected at its destination
- Pad must be made up of truly random values
- Pad must be secured at senders and receivers sites
Why are random numbers generated by computers called pseudo random
they Use Initialisation vectors which could be aligned to some state of the system
Computer system states are not fully random and hence can be possibly calculated. Consequently number is pseudorandom
What are running Ciphers
refer to external stuff (such as books) to get real message
no mathematical computation on plain text
Concealment Ciphers (Null Ciphers)
message within a message.
The key determines how to extract the message from the message (e.g every third word from punctuation
Concealment cipher is a type of steganography method
how do symmetric algorithms work
use long sequences of substitution and transposition
The algorithm provides the many possible ways the substitution and transposition can happen (represented in mathematical formulas)
Key is used as the instructions for the algorithm, dictating exactly how these processes will happen and in what order
how many number of keys are required for symmetric encryption
N*(N-1)/2
What is secure message format
sender encrypts message with receivers public key
ensures confidentiality
what is open message format
sender encrypts message with his own private key
Ensures authenticity
What are the strengths of symmetric key cryptography
Faster
harder to break
provide confidentiality
used in bulk encryption eg files and communication paths
What are the weaknesses of symmetric key cryptography
secure mechanism required for key delivery
unmanageable keys with more participants
no authenticity and non repudiation
What are the examples of symmetric key cryptography
DES, 3DES, AES, RC4, RC5, RC6
International Data Encryption Algorithm (IDEA), Blowfish
What are the strengths of asymmetric cryptography
Better key distribution
Better scalability
Authenticity, non-repudiation, confidentiality
used in key distribution and digital signatures
what are the disadvantages or weaknesses of asymmetric cryptography
Works slowly
mathematically intensive
what are some of the examples of asymmetric key cryptography
Rivest –Shamir-Aldeman (RSA)
Elliptic curve cryptosystem (ECC)
Diffie-Hellman,
El Gamal,
Digital Signature algorithm (DSA)
what is the other name for asymmetric algorithms?
Public Key Cryptography
What are block ciphers
- Message is divided into blocks of bits
- Each block is encrypted
- do not require processing power and can be implemented in software
what should a strong cipher contain
confusion and diffusion
differentiate between confusion and diffusion in cipher
Confusion is substitution
Diffusion is transposition
what is the key point to note about diffusion
Single plaintext bit has influence over several ciphertext bits
similar to avalance effect ((small change to the key or plaintext should cause drastic change to ciphertext))
What are stream ciphers
Keystream generator generates bitstream based on the key (which provides randomness)
Each bit is XORed with this bit stream generated
Better Implemented at hardware level
what should be the key features of stream ciphers?
- Long periods of no repeating values within keystream
- keystream is not linearly related to key (and hence cannot be deduced)
- statistically unbiased keystream (as many zeros as ones)
Differentiate between stream and block ciphers
STREAM :: BLOCK
More processing :: Less processing
Less secure (pseudo random) :: more secure
propagtes single error :: error affects only one or few blocks
What are initialisation vectors and why are they used
two identical plain text should not generate same cipher text when same key is used
create more randomness along with the key
Apart from confusion and diffusion what are the Other cryptographic transformation techniques
- Compression (reduce redundancy)
- Expansion (add duplicate values to meet key sizes)
- Padding
- Key mixing
Explain the process of hybrid encryption
- symmetric key is used to encrypt message
- Symmetric key is encrypted using receivers public key
- Symmetric key is decrypted using receivers private key
- symmetric key is then used to decrypt message
what are alternative names for symmetric cryptography
- secret key cryptography
- session key cryptography
(keys good for only one session but in all sense similar to secret key. This way, attacker has a small window to try and decrypt it))
- private key cryptography (different from private key of asymmetric encry)
- shared key cryptography
DES/AES vs DEA/Rijndael
DES/AES are standards
DEA/Rijndael are algorithms in those standards
exam can refer to algorithm by either of DES / DEA
What type of data is encrypted by DES
Sensitive but unclassified
What was the replacement of DES
DES was later replaced by Rijndael algorithm as the Adavanced Encryption Standard (AES) for sensitive but unclassified documents
What are the key points of DES
- Symmetric Block encryption
- 64 bit key – 54 is key 8 are parity
- Blocks are put through 16 rounds of substitution and transposition
- Order of substitution and transposition depends on key used
- Output is 64bit
What are the different modes of DES
- Electronic Code Book (ECB)
- Cipher block chaining
- Cipher Feedback mode
- Output Feedback mode
- Counter mode (CTR)
Explain the electronic code book (ECB) mode of DES
Key = instructions to use code book
Code book dictates how text will be encrypted and decrypted
used for short messages such as pins, keys, challenge-response values etc
not dependent on previous block for encryption– good for databases , not for files
What are the shortcomings of ECB
Same key and code book are used – hence not enough randomness
not suitable for large amount of data where pattern could emerge
Cannot carry out preprocessing before receiving plaintext
Explain Cipher Block Chaining
- Each block of plaintext is modified using XOR before being encrypted
- Results of one block are XORed with the next block before it is encrypted
- First block is XORed using Initialisation vector
- If new IV is used every time, will result in a unique ciphertext everytime
- Chaining adds the necessary randomness that allows to encrypt large files
What is Cipher Feedback Mode
It is block cipher working in stream mode
How does Cipher Feedback Mode (CFB) work?
- Key and IV are used to create keystream
- Keystream is XORed with first block
- Ciphertext sent to destination , also key+ciphertext=keystream for next block
- IV has to be different for each message to avoid patterns
What is the constraint in CFB
Size of the ciphertext needs to be of the same size as the block of plaintext being encrypted. Otherwise values will get repeated which will introduce patterns
What is the use case for CFB of DES
Better for smaller sized blocks (such as 8 bit data from terminal to server)
What is difference between CBC and CFB
In CBC, encryption is carried out on block using the key (XOR is for preprocessing of block)
In CFB, block is only XORed
how does output feedback mode (OFB) work
- similar to CFB
- instead of last blocks ciphertext, it is last blocks keystream that is used along with key to create new keystream
- is used to avoid errors in ciphertext propagating forward (for digitised voice and video)
How does counter mode (CTR) work
- similar in working to CFB and OFB
- new IV for each block
- IV + Key = keystream
- since there is no chaining, the encryption can happen in parallel and hence better performance
What is the use case for CTR mode of DES
Used in ATM cells or IPSEC tunnels where the bits may arrive out of sequence
So CTR mode means that receiver does not have to wait for entire message before starting the decryption
What is the difference between Synchronous cryptosystem and Asynchronous cryptosystem
Synchronous: Keystream values are in-sync with plaintext values
Asynchronous: Uses previously generated output to encrypt the plaintext values
what are different options in 3DES
uses 48 rounds in computation
- DES-EEE3 – 3 separate keys, encryption, encryption , encryption
- DES-EDE3 – 3 separate keys, encryption, decryption, encryption
- DES-EEE2 – 2 separate keys, encryption , encryption, encryption (same key for first and third)
- DES-EDE2 – 2 separate keys, encryption, decryption, encryption (same key for first and third)
Here decryption refers to decrypting with a different key which results in more jumbling up rather than plaintext.