Chapter 5 - Cryptography Flashcards

1
Q

Quantum crytopgraphy

A

quantum key distribution - uses physics (not math, as was used in traditional cyrtography) to secure data. It is not used to encrypt, transfer of store encrypted data. it allows the exchange of a cryptography key between two remote parties by the laws of physics. - Uses single-photon light pulses. Increased speed of quantum computers comes from forming a superposition of numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

availability

A

cryptography doesn’t completely support it but denying attacker access helps not damaging the system for the authorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

hashed password files

A

not encrypted therefore no keys to decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

link encryption

A

provided by service providers - encrypts all data along a communication path - communication nodes need to decrypt the data to continue routing. Also encrypts routing information so provides better traffic confidentiality than end-to-end.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

end to end

A

usually performed by end user at start of communications channel, remains encrypted until it is decrypted at remote end. Possible to combine both types. Routing information remains visible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

key custering

A

different encryption keys generate the same ciphertext from the same plaintext message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

synchronous

A

each encryption or decryption request is performed immediately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

asynchronous

A

encrypt/decrypt requests are processed in queues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

a hash function

A

one-way mathematical operation that reduces a message into a smaller fixed length - hash value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

digital signatures

A

provide authentication of a sender and integrity of a sender’s message. Hash value encrypted using private key of sender. Receiver decrypts the hash value using the signer’s public key, then performs the same hash computation over the message. if hash values are the same then signature is valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

asymmetric

A

one key to encrypt and another to decrypt - most commonly used with PKI - Public Key Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

digital certificate

A

electronic document with name of organization or individual, business address, digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

certificate authority

A

entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

registration authority

A

performs certificate registration services on behalf of a CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ciphertext of Crytpogram

A

altered form of plaintext message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

cryptosystem

A

entire operation - algorithm, the key and the management functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

encryption

A

same as enciphering - process of converting message from its plaintext to ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

decryption

A

decipher, reverse process of encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

key or cyrptovariable

A

the input that controls the behavior of the algorithm (mathematical function)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

nonrepudiation

A

security service - evidence maintained so that the sender and the recipient cannot deny having participated in the communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

cryptoanalysis/cryptogolgy

A

study to defeat cryptographic techniques/science that deals with hidden,disguised or encrypted communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

collision

A

hash function generates the same output for different inputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

key space

A

total number of possible values in an algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

work factor

A

time and effort to break a protective measure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

initialization vector (IV)

A

nonsecret binary vector used as the initializing input algorithm - to increase security by introducing additional cyrptographic variance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

encoding

A

changing a message into another format, decoding is the reverse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

transposition or permutation

A

reordering plaintext to hide the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

substitution

A

exchanging one letter for another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SP-network

A

Claude Shannon - used in block ciphers to increase their strength. SP (Substitution and permutation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Confusion

A

mixing key values in repeated rounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

diffusion

A

mixing up location of plaintext throughout ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

avalanche effect

A

minor change in key or plaintext has significant impact in resulting ciphertext, fature of a strong hashing algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

two methods of encrypting data

A

stream and block methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

stream based ciphers

A

on bit by bit basis - most commonly associated with streaming applications such as voice or video transmission - mix plaintext with a keystream - Exclusive-or (XOR) operation - a very fast mathematical operation. Relies primarily on subsitution of bit for another. Keystream should be long enough to not be easily guessed or predictable. Many implemented in hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

block ciphers

A

operates on blocks or chunks of data into a preset size. most use combination of substitution and tranposition - makes it realitvely stronger than stream based - more expensive to implement - many implemented in software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Electronic Code Book

A

each block encrypted separately - same plain text will encrypt to same ciphertext - revelas patterns in the code - for very short messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Cipher Block Chaining

A

each block is XORed with the previous ciphertext block before being encrypted - hides patterns. each initialization vector randonly generated will prevent patterns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

DES

A

Data encryption standard work of Harst Feistal - 64 bits in length - every 8th bit ignored for parity. Effective length is 56 bits - 2 to the 56 power. 16 identical stages. - strong and fast but not suitable for very confidential data due to the increase incomputing power - suspetible to brute force attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Blais de Vigenere

A

developed the polyalphabetic cioher using a keyword and 26 alphabets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

one time pads

A

asserted as unbreakable - Gilbert Vernam - running key cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Asymmetric algorithms

A

RSA, EL Gamel and ECC have message authentication and digital signature functionality. Whit Diffie/Martin Hellman - two keys private and public. Sneder encrypts the the message with the public key of the receiver. The receiver decrypts with the private key. (Confidential Message). Open message is the reverse. By the sender doing both public and private there is confidential and proof of origin. Slower than symmetric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

symmetric

A

single key used for both encryption and decryption - shared key - Caesar copher, Spartan Scytale, and Enigma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

ECB

A

electronic Codebook Mode - 64bit - only used for short messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

CBC

A

Cipher block chaining mode stronger than ECB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

CFB

A

Cipher feedback mode - individual segments - 1 bit, 8 bit, 64 bit and 128 bit - IV loaded into shift register

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

OFB

A

Open feedback mode - feeds encrypted stream back into itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Counter mode

A

used in high-speed applications such as IPSec and ATM - 64 bit random data block used as the first IV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Triple DES

A

2 o 112 power - slow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

AES

A

Advanced encryption (128) standard Rijndael algorithm (Daemon/Rijmen) - block cipher CCMP is th actual encryption protocol. - 128, 192 ro 256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

IDEA

A

International Data Encryption Algorithm - 128 bit key and 64 bit blocks - 8 rounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

CAST

A

Carlisle Adams and Stafford Tavares keys betwee 40 and 128

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

blowfish

A

symmetrical algorithm - extremely fast - divides input blocks into two halves - twofish adapted version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

rc5

A

ron rivest 0 to 2040 bit keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

rc4

A

stream based cipher - most widely used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

RSA

A

factoring the product of two large prime numbers - most widely used public alogorithm

56
Q

diffie/hellman algorithm

A

tow users negotiate a secret symmetric key - usesful in PKI

57
Q

El Gamel

A

provides message confidentaility and digital signatures services

58
Q

ECC

A

Elliptic Curve Cryptography - speed and strength - beneficial in smart cards

59
Q

Message Authentication COde

A

small block of data generated using a secret key and then appended to the message.

60
Q

HMAC

A

hashed MACing system

61
Q

5 properties of HASH function

A

uniformly distributed - output not predictable; weak collision resistant - secound input value doesn’t hash to same values a aonother input ; difficult to invert - one way; storage collision resistant - two inputs don’t produce the same value; deterministic - given x always produces y

62
Q

MD5 Message Digest Algorithm

A

Ron RIvest - most widely used hasing algorithm - generates a 128 bit digets and process the message in 512 bit blocks - 16 steps in a round - 4 rounds

63
Q

SHA-1

A

512 bit blocks - ouput is 160 bits - 4 rounds 20 steps

64
Q

HAVAL

A

variable length output and vairable # of rounds on 1024 input blocks - output 128, 160, 192, 224 or 256 - rounds 3-5

65
Q

Asymmetric key cryptography is used for the following A. Encryption of data, Access Control, Steganography B. Steganography, Access Control, Non repudiation C. Nonrepudiation, Steganography, Encryption of Data D. Encryption of Data, Nonrepudiation, Access Control

A

D. Encryption of Data, Nonrepudiation, Access Control

66
Q

Which of the following supports asymmetric key crytpography? A. Diffie-Hellman B. Rijndael C. Blowfish D. SHA-256

A

A. Diffie-Hellman

67
Q

What is an important disadvantage of using a public key algorithm compared to symmetric algorithm? A. A symmetric algortihm provides better access control B. A symmetric algortihm is a faster process C. A symmetric algortihm provides nonrepudiation of delivery D. A symmetric algortihm is more difficult to implement

A

B. A symmetric algortihm is a faster process

68
Q

When a user needs to provide message integrity, what option is BEST? A. Send a digitial signature of the message to the recipient B. Encrypt the message with a symmetric algorithm and send it C. Encrypt the message with a private key so the receipient can decrypt with the corresponding public key D. Create a checksum, append it to the message, encrypt the message, then send to recipient

A

D. Create a checksum, append it to the message, encrypt the message, then send to recipient

69
Q

A CA provides which benefits to a user? A. Protection of public keys of all users B. History of symmetric keys C. Proof of nonrepudiation of origin D. Validation that a public key is associated with a particular user

A

D. Validation that a public key is associated with a particular user

70
Q

What is the output length of a RIPEMD-160 hash output length? A. 160 bits B. 150 bits C. 128 bits D. 104 bits

A

A. 160 bits

71
Q

ANSI X9.17 is concerned primarily with A. Protection and secrecy of keys B. Financial Records and retentionof encrypted data C. Formalizing a key hierarchy D. The lifespan of key-encrypting keys

A

A. Protection and secrecy of keys

72
Q

Whena certificate is revoked, what is the proper procedure? A. Setting new key expiry dates B. Updating the key certificate revocation list C. Removal of the private key from all directories D. Notification to all employees of revoked keys

A

B. Updating the key certificate revocation list

73
Q

Which is true about link encryption? A. Link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information B. Link encryption is often used for Frame Relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality D. Link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality

A

C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality

74
Q

Which is the sequence that controls the operation of the cryptographic algortihm? A. Encoder B. Decoder wheel C. Cryptovariable D. Crytpographic routine

A

C. Cryptovariable

75
Q

The process used in most block ciphers to increase their strength is A. Diffusion B. Confusion C. Step function D. SP-Network

A

D. SP-Network

76
Q

which of the following best describes fundamental methods of encrypting data A. Substitution and tranposition B. 3DES and PGP C. Symmetric and Asymmetric D. DES and AES

A

C. Symmetric and Asymmetric

77
Q

crytographysupports all of the core principles of information security except A. Availability B. Confidentiality C. Integrity D. Authenticity

A

D. Authenticity

78
Q

A way to defeat frequency analysis as a method to determine the key is to use A. Subsitution ciphers B. Transposition ciphers C. Polyalphabetic ciphers D. Inversion ciphers

A

C. Polyalphabetic ciphers

79
Q

The running key cipher is based on A. Modular artihmetic B. XOR mathematics C. Factoring D. Exponentiation

A

A. Modular artihmetic

80
Q

The only cipher that is said to be unbreakable cipher by brute force is A. AES B. DES C. One-time Pad D. Triple DES

A

C. One-time Pad

81
Q

A message protected by steganography would most likely be found in a A. Public Key B. Algorithm C. Private Key D. Picture File

A

D. Picture File

82
Q

Which is the best choice for implementing encryption on a smart card? A. Blowfish B. Elliptic Curve Cryptography C. Twofish D. Quantum Cryptography

A

B. Elliptic Curve Cryptography

83
Q

An e-mail with a document attachment from a known individual is received with a digital signature. The e-mail client is unable to validate signature. What is the best course of action? A. Open the attachment to determine if the signature is valid B. Determine why the signature can’t be validated prior to opening the attachment C. Delete the e-mail D. Forward the e-mail to another address with a new signature

A

B. Determine why the signature can’t be validated prior to opening the attachment

84
Q

The vast majority of VPNS use A. SSL/TLS and IPSec B. El Gamal and DES C. 3DES and Blowfish D. Twofish and Idea

A

A. SSL/TLS and IPSec

85
Q

Symmetric alogrithms

A

desinged to have security equla to their key length

86
Q

Block ciphers

A

produce a fixed length block of cipher test - incomplete blocks are padded

87
Q

Concealment Cipher

A

inlcude plaintext within ciphertext

88
Q

substitution cipher

A

substitute one letter for another

89
Q

transposition cipher

A

interchanging the order of the letters - suscpetible to frequencey analysis

90
Q

Caeser cipher

A

simple substitution shifted plain text over three place monoalphabetic

91
Q

Polyalphabetic cipher

A

using several alphabets for substitution plaintext

92
Q

Blai de Vignere

A

Top row palintext - subsitute alphabet, Column Key ABCDEF A B C D E F

93
Q

Modular mathematics

A

cipher text = plain text + key A=0 N =13 Q=16 N+Q = 29(-26)=3=D

94
Q

Running key cipher

A

key is repeated to match length of plain text

95
Q

One time pads

A

unbreakable - Gilbert Vernam

96
Q

Message Integrity COntrol

A

assurance message ahs not been modified

97
Q

Symmetric Cryptography

A

single key used for both encryption and decryption, aka single, same or shared key encryption. Key is known as secret or private. Key management is a difficult challenge. key not sent with data - using different channel (out of band). Very fast, secure and cheap -provides confientiality but not non-repudiation, message integirty and access control

98
Q

Symmetric alogrithms

A

Caesar, Spartan & Enigma, DES (Feistal) 64 bit, 56 bit usable replaced by AES (based on Rijndael), IDEA, Blowfish, twofish, RC5 -Rivest, RC4 - most widel used

99
Q

ECB

A

basic block cipher

100
Q

Cipher block chaining

A

stronger than ECB

101
Q

Cipher feedback mode

A

input separate into individual segments, putput feedback similar

102
Q

DES

A

suspetbile to brute force

103
Q

Triple DES

A

used two keys, encrypt with key 1, then key 2, then key 1

104
Q

AES

A

Rijndael alogorithm used with block sizes of 128, 192 or 256 , key same sizes

105
Q

stream based cipher

A

used in WEB and SSL/TLS

106
Q

Assymmetric algortihms

A

Diffie Hellman use 2 keys linked mathematically, private key/public key. It is a key exchange - does not provide message confidentiality Encrypting with private key - confidential and proof of origin

107
Q

RSA - Rivest-Shamir-Adleman

A

factoring product of two large prime numbers - attack using brute force, mathematical attacks; timing attacks

108
Q

El GAmel

A

provides message confidentiality

109
Q

ECC - Eliptic Curve Cryptiography

A

speed and strength

110
Q

Hybrid

A

asymmetric for bulk data, encryption and distribution, symmetric -key

111
Q

Message digest

A

small representation of a larger message - for authentication and integrity - Message Authentication COde (MAC)

112
Q

HMACS

A

add secret key value to hash input function

113
Q

Hashing

A

accepts message of any length, generates through a one-way operation, a fixed length ouput - hash code/message digest

114
Q

MD5-Rivest

A

most widely used hasing algortihm output 128 bit, 4 rounds, 16 steps

115
Q

SHA - Secure Hash Algorithm

A

output 160 bits, 4 rounds, 20 steps

116
Q

Haval

A

variable length output

117
Q

Rainbow tables

A

lists used in cracking password hashes

118
Q

key

A

size and secrecy are the two most important elements

119
Q

Dual control

A

requires two or more persons to come together and collude to complete a process

120
Q

Split knowledge

A

what each must bring

121
Q

Randomness

A

lacking predictability

122
Q

key length

A

security of an alogrithm cannot exceed its key length

123
Q

Assymmetric key length

A

must be longer for equivalent resistance since problem solving is faster than brute force

124
Q

Digital signature

A

mathematical prepresentation include date and time as well as method to verify for a third party, encrypted with sender’s private key

125
Q

DSS

A

create signatrue before encrypting message so signature authenticates message and not cipher text

126
Q

Non-repudiation

A

sender cannot deny a message - accomplished with digital signatures and PKI

127
Q

Certificate Authority

A

association between private key and sender

128
Q

Attacks - chosen plain text

A

knows algortihm - modify chose input

129
Q

Differential (side channel) attack

A

know execution times and power required - find key and algorithm

130
Q

Linear attack

A

known plaintext - describe behavior of block text

131
Q

Rainbow table

A

look at sorted hash outputs

132
Q

Cipher test attack only

A

look for trends or statistical data

133
Q

Know plain text

A

access to both cipher text and plain text versions - find link

134
Q

Frequency analysis

A

works well with substitution cipher

135
Q

Chosen cipher text

A

access to decryption device - trying to discover key

136
Q

VPNs

A

provide confidentilaity and data integrity. IPSec and SSL dominant protocols