Chapter 5 - Cryptography Flashcards
1
Q
Quantum crytopgraphy
A
quantum key distribution - uses physics (not math, as was used in traditional cyrtography) to secure data. It is not used to encrypt, transfer of store encrypted data. it allows the exchange of a cryptography key between two remote parties by the laws of physics. - Uses single-photon light pulses. Increased speed of quantum computers comes from forming a superposition of numbers.
2
Q
availability
A
cryptography doesn’t completely support it but denying attacker access helps not damaging the system for the authorized users.
3
Q
hashed password files
A
not encrypted therefore no keys to decrypt
4
Q
link encryption
A
provided by service providers - encrypts all data along a communication path - communication nodes need to decrypt the data to continue routing. Also encrypts routing information so provides better traffic confidentiality than end-to-end.
5
Q
end to end
A
usually performed by end user at start of communications channel, remains encrypted until it is decrypted at remote end. Possible to combine both types. Routing information remains visible
6
Q
key custering
A
different encryption keys generate the same ciphertext from the same plaintext message
7
Q
synchronous
A
each encryption or decryption request is performed immediately
8
Q
asynchronous
A
encrypt/decrypt requests are processed in queues.
9
Q
a hash function
A
one-way mathematical operation that reduces a message into a smaller fixed length - hash value
10
Q
digital signatures
A
provide authentication of a sender and integrity of a sender’s message. Hash value encrypted using private key of sender. Receiver decrypts the hash value using the signer’s public key, then performs the same hash computation over the message. if hash values are the same then signature is valid
11
Q
asymmetric
A
one key to encrypt and another to decrypt - most commonly used with PKI - Public Key Infrastructure
12
Q
digital certificate
A
electronic document with name of organization or individual, business address, digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date.
13
Q
certificate authority
A
entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates
14
Q
registration authority
A
performs certificate registration services on behalf of a CA
15
Q
Ciphertext of Crytpogram
A
altered form of plaintext message
16
Q
cryptosystem
A
entire operation - algorithm, the key and the management functions
17
Q
encryption
A
same as enciphering - process of converting message from its plaintext to ciphertext
18
Q
decryption
A
decipher, reverse process of encryption
19
Q
key or cyrptovariable
A
the input that controls the behavior of the algorithm (mathematical function)
20
Q
nonrepudiation
A
security service - evidence maintained so that the sender and the recipient cannot deny having participated in the communication.
21
Q
cryptoanalysis/cryptogolgy
A
study to defeat cryptographic techniques/science that deals with hidden,disguised or encrypted communications
22
Q
collision
A
hash function generates the same output for different inputs
23
Q
key space
A
total number of possible values in an algorithm
24
Q
work factor
A
time and effort to break a protective measure
25
initialization vector (IV)
nonsecret binary vector used as the initializing input algorithm - to increase security by introducing additional cyrptographic variance
26
encoding
changing a message into another format, decoding is the reverse
27
transposition or permutation
reordering plaintext to hide the message
28
substitution
exchanging one letter for another
29
SP-network
Claude Shannon - used in block ciphers to increase their strength. SP (Substitution and permutation)
30
Confusion
mixing key values in repeated rounds
31
diffusion
mixing up location of plaintext throughout ciphertext
32
avalanche effect
minor change in key or plaintext has significant impact in resulting ciphertext, fature of a strong hashing algorithm
33
two methods of encrypting data
stream and block methods
34
stream based ciphers
on bit by bit basis - most commonly associated with streaming applications such as voice or video transmission - mix plaintext with a keystream - Exclusive-or (XOR) operation - a very fast mathematical operation. Relies primarily on subsitution of bit for another. Keystream should be long enough to not be easily guessed or predictable. Many implemented in hardware
35
block ciphers
operates on blocks or chunks of data into a preset size. most use combination of substitution and tranposition - makes it realitvely stronger than stream based - more expensive to implement - many implemented in software
36
Electronic Code Book
each block encrypted separately - same plain text will encrypt to same ciphertext - revelas patterns in the code - for very short messages \<64 bits e.g. transmission of a DES key
37
Cipher Block Chaining
each block is XORed with the previous ciphertext block before being encrypted - hides patterns. each initialization vector randonly generated will prevent patterns
38
DES
Data encryption standard work of Harst Feistal - 64 bits in length - every 8th bit ignored for parity. Effective length is 56 bits - 2 to the 56 power. 16 identical stages. - strong and fast but not suitable for very confidential data due to the increase incomputing power - suspetible to brute force attack
39
Blais de Vigenere
developed the polyalphabetic cioher using a keyword and 26 alphabets
40
one time pads
asserted as unbreakable - Gilbert Vernam - running key cipher
41
Asymmetric algorithms
RSA, EL Gamel and ECC have message authentication and digital signature functionality. Whit Diffie/Martin Hellman - two keys private and public. Sneder encrypts the the message with the public key of the receiver. The receiver decrypts with the private key. (Confidential Message). Open message is the reverse. By the sender doing both public and private there is confidential and proof of origin. Slower than symmetric.
42
symmetric
single key used for both encryption and decryption - shared key - Caesar copher, Spartan Scytale, and Enigma
43
ECB
electronic Codebook Mode - 64bit - only used for short messages
44
CBC
Cipher block chaining mode stronger than ECB
45
CFB
Cipher feedback mode - individual segments - 1 bit, 8 bit, 64 bit and 128 bit - IV loaded into shift register
46
OFB
Open feedback mode - feeds encrypted stream back into itself
47
Counter mode
used in high-speed applications such as IPSec and ATM - 64 bit random data block used as the first IV
48
Triple DES
2 o 112 power - slow
49
AES
Advanced encryption (128) standard Rijndael algorithm (Daemon/Rijmen) - block cipher CCMP is th actual encryption protocol. - 128, 192 ro 256 bits
50
IDEA
International Data Encryption Algorithm - 128 bit key and 64 bit blocks - 8 rounds
51
CAST
Carlisle Adams and Stafford Tavares keys betwee 40 and 128
52
blowfish
symmetrical algorithm - extremely fast - divides input blocks into two halves - twofish adapted version
53
rc5
ron rivest 0 to 2040 bit keys
54
rc4
stream based cipher - most widely used
55
RSA
factoring the product of two large prime numbers - most widely used public alogorithm
56
diffie/hellman algorithm
tow users negotiate a secret symmetric key - usesful in PKI
57
El Gamel
provides message confidentaility and digital signatures services
58
ECC
Elliptic Curve Cryptography - speed and strength - beneficial in smart cards
59
Message Authentication COde
small block of data generated using a secret key and then appended to the message.
60
HMAC
hashed MACing system
61
5 properties of HASH function
uniformly distributed - output not predictable; weak collision resistant - secound input value doesn't hash to same values a aonother input ; difficult to invert - one way; storage collision resistant - two inputs don't produce the same value; deterministic - given x always produces y
62
MD5 Message Digest Algorithm
Ron RIvest - most widely used hasing algorithm - generates a 128 bit digets and process the message in 512 bit blocks - 16 steps in a round - 4 rounds
63
SHA-1
512 bit blocks - ouput is 160 bits - 4 rounds 20 steps
64
HAVAL
variable length output and vairable # of rounds on 1024 input blocks - output 128, 160, 192, 224 or 256 - rounds 3-5
65
Asymmetric key cryptography is used for the following A. Encryption of data, Access Control, Steganography B. Steganography, Access Control, Non repudiation C. Nonrepudiation, Steganography, Encryption of Data D. Encryption of Data, Nonrepudiation, Access Control
D. Encryption of Data, Nonrepudiation, Access Control
66
Which of the following supports asymmetric key crytpography? A. Diffie-Hellman B. Rijndael C. Blowfish D. SHA-256
A. Diffie-Hellman
67
What is an important disadvantage of using a public key algorithm compared to symmetric algorithm? A. A symmetric algortihm provides better access control B. A symmetric algortihm is a faster process C. A symmetric algortihm provides nonrepudiation of delivery D. A symmetric algortihm is more difficult to implement
B. A symmetric algortihm is a faster process
68
When a user needs to provide message integrity, what option is BEST? A. Send a digitial signature of the message to the recipient B. Encrypt the message with a symmetric algorithm and send it C. Encrypt the message with a private key so the receipient can decrypt with the corresponding public key D. Create a checksum, append it to the message, encrypt the message, then send to recipient
D. Create a checksum, append it to the message, encrypt the message, then send to recipient
69
A CA provides which benefits to a user? A. Protection of public keys of all users B. History of symmetric keys C. Proof of nonrepudiation of origin D. Validation that a public key is associated with a particular user
D. Validation that a public key is associated with a particular user
70
What is the output length of a RIPEMD-160 hash output length? A. 160 bits B. 150 bits C. 128 bits D. 104 bits
A. 160 bits
71
ANSI X9.17 is concerned primarily with A. Protection and secrecy of keys B. Financial Records and retentionof encrypted data C. Formalizing a key hierarchy D. The lifespan of key-encrypting keys
A. Protection and secrecy of keys
72
Whena certificate is revoked, what is the proper procedure? A. Setting new key expiry dates B. Updating the key certificate revocation list C. Removal of the private key from all directories D. Notification to all employees of revoked keys
B. Updating the key certificate revocation list
73
Which is true about link encryption? A. Link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information B. Link encryption is often used for Frame Relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality D. Link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality
C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality
74
Which is the sequence that controls the operation of the cryptographic algortihm? A. Encoder B. Decoder wheel C. Cryptovariable D. Crytpographic routine
C. Cryptovariable
75
The process used in most block ciphers to increase their strength is A. Diffusion B. Confusion C. Step function D. SP-Network
D. SP-Network
76
which of the following best describes fundamental methods of encrypting data A. Substitution and tranposition B. 3DES and PGP C. Symmetric and Asymmetric D. DES and AES
C. Symmetric and Asymmetric
77
crytographysupports all of the core principles of information security except A. Availability B. Confidentiality C. Integrity D. Authenticity
D. Authenticity
78
A way to defeat frequency analysis as a method to determine the key is to use A. Subsitution ciphers B. Transposition ciphers C. Polyalphabetic ciphers D. Inversion ciphers
C. Polyalphabetic ciphers
79
The running key cipher is based on A. Modular artihmetic B. XOR mathematics C. Factoring D. Exponentiation
A. Modular artihmetic
80
The only cipher that is said to be unbreakable cipher by brute force is A. AES B. DES C. One-time Pad D. Triple DES
C. One-time Pad
81
A message protected by steganography would most likely be found in a A. Public Key B. Algorithm C. Private Key D. Picture File
D. Picture File
82
Which is the best choice for implementing encryption on a smart card? A. Blowfish B. Elliptic Curve Cryptography C. Twofish D. Quantum Cryptography
B. Elliptic Curve Cryptography
83
An e-mail with a document attachment from a known individual is received with a digital signature. The e-mail client is unable to validate signature. What is the best course of action? A. Open the attachment to determine if the signature is valid B. Determine why the signature can't be validated prior to opening the attachment C. Delete the e-mail D. Forward the e-mail to another address with a new signature
B. Determine why the signature can't be validated prior to opening the attachment
84
The vast majority of VPNS use A. SSL/TLS and IPSec B. El Gamal and DES C. 3DES and Blowfish D. Twofish and Idea
A. SSL/TLS and IPSec
85
Symmetric alogrithms
desinged to have security equla to their key length
86
Block ciphers
produce a fixed length block of cipher test - incomplete blocks are padded
87
Concealment Cipher
inlcude plaintext within ciphertext
88
substitution cipher
substitute one letter for another
89
transposition cipher
interchanging the order of the letters - suscpetible to frequencey analysis
90
Caeser cipher
simple substitution shifted plain text over three place monoalphabetic
91
Polyalphabetic cipher
using several alphabets for substitution plaintext
92
Blai de Vignere
Top row palintext - subsitute alphabet, Column Key ABCDEF A B C D E F
93
Modular mathematics
cipher text = plain text + key A=0 N =13 Q=16 N+Q = 29(-26)=3=D
94
Running key cipher
key is repeated to match length of plain text
95
One time pads
unbreakable - Gilbert Vernam
96
Message Integrity COntrol
assurance message ahs not been modified
97
Symmetric Cryptography
single key used for both encryption and decryption, aka single, same or shared key encryption. Key is known as secret or private. Key management is a difficult challenge. key not sent with data - using different channel (out of band). Very fast, secure and cheap -provides confientiality but not non-repudiation, message integirty and access control
98
Symmetric alogrithms
Caesar, Spartan & Enigma, DES (Feistal) 64 bit, 56 bit usable replaced by AES (based on Rijndael), IDEA, Blowfish, twofish, RC5 -Rivest, RC4 - most widel used
99
ECB
basic block cipher
100
Cipher block chaining
stronger than ECB
101
Cipher feedback mode
input separate into individual segments, putput feedback similar
102
DES
suspetbile to brute force
103
Triple DES
used two keys, encrypt with key 1, then key 2, then key 1
104
AES
Rijndael alogorithm used with block sizes of 128, 192 or 256 , key same sizes
105
stream based cipher
used in WEB and SSL/TLS
106
Assymmetric algortihms
Diffie Hellman use 2 keys linked mathematically, private key/public key. It is a key exchange - does not provide message confidentiality Encrypting with private key - confidential and proof of origin
107
RSA - Rivest-Shamir-Adleman
factoring product of two large prime numbers - attack using brute force, mathematical attacks; timing attacks
108
El GAmel
provides message confidentiality
109
ECC - Eliptic Curve Cryptiography
speed and strength
110
Hybrid
asymmetric for bulk data, encryption and distribution, symmetric -key
111
Message digest
small representation of a larger message - for authentication and integrity - Message Authentication COde (MAC)
112
HMACS
add secret key value to hash input function
113
Hashing
accepts message of any length, generates through a one-way operation, a fixed length ouput - hash code/message digest
114
MD5-Rivest
most widely used hasing algortihm output 128 bit, 4 rounds, 16 steps
115
SHA - Secure Hash Algorithm
output 160 bits, 4 rounds, 20 steps
116
Haval
variable length output
117
Rainbow tables
lists used in cracking password hashes
118
key
size and secrecy are the two most important elements
119
Dual control
requires two or more persons to come together and collude to complete a process
120
Split knowledge
what each must bring
121
Randomness
lacking predictability
122
key length
security of an alogrithm cannot exceed its key length
123
Assymmetric key length
must be longer for equivalent resistance since problem solving is faster than brute force
124
Digital signature
mathematical prepresentation include date and time as well as method to verify for a third party, encrypted with sender's private key
125
DSS
create signatrue before encrypting message so signature authenticates message and not cipher text
126
Non-repudiation
sender cannot deny a message - accomplished with digital signatures and PKI
127
Certificate Authority
association between private key and sender
128
Attacks - chosen plain text
knows algortihm - modify chose input
129
Differential (side channel) attack
know execution times and power required - find key and algorithm
130
Linear attack
known plaintext - describe behavior of block text
131
Rainbow table
look at sorted hash outputs
132
Cipher test attack only
look for trends or statistical data
133
Know plain text
access to both cipher text and plain text versions - find link
134
Frequency analysis
works well with substitution cipher
135
Chosen cipher text
access to decryption device - trying to discover key
136
VPNs
provide confidentilaity and data integrity. IPSec and SSL dominant protocols
