Chapter 5 - Cryptography

Question 1

Quantum crytopgraphy

Answer 1

quantum key distribution - uses physics (not math, as was used in traditional cyrtography) to secure data. It is not used to encrypt, transfer of store encrypted data. it allows the exchange of a cryptography key between two remote parties by the laws of physics. - Uses single-photon light pulses. Increased speed of quantum computers comes from forming a superposition of numbers.

Question 2

availability

Answer 2

cryptography doesn’t completely support it but denying attacker access helps not damaging the system for the authorized users.

Question 3

hashed password files

Answer 3

not encrypted therefore no keys to decrypt

Question 4

link encryption

Answer 4

provided by service providers - encrypts all data along a communication path - communication nodes need to decrypt the data to continue routing. Also encrypts routing information so provides better traffic confidentiality than end-to-end.

Question 5

end to end

Answer 5

usually performed by end user at start of communications channel, remains encrypted until it is decrypted at remote end. Possible to combine both types. Routing information remains visible

Question 6

key custering

Answer 6

different encryption keys generate the same ciphertext from the same plaintext message

Question 7

synchronous

Answer 7

each encryption or decryption request is performed immediately

Question 8

asynchronous

Answer 8

encrypt/decrypt requests are processed in queues.

Question 9

a hash function

Answer 9

one-way mathematical operation that reduces a message into a smaller fixed length - hash value

Question 10

digital signatures

Answer 10

provide authentication of a sender and integrity of a sender’s message. Hash value encrypted using private key of sender. Receiver decrypts the hash value using the signer’s public key, then performs the same hash computation over the message. if hash values are the same then signature is valid

Question 11

asymmetric

Answer 11

one key to encrypt and another to decrypt - most commonly used with PKI - Public Key Infrastructure

Question 12

digital certificate

Answer 12

electronic document with name of organization or individual, business address, digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date.

Question 13

certificate authority

Answer 13

entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates

Question 14

registration authority

Answer 14

performs certificate registration services on behalf of a CA

Question 15

Ciphertext of Crytpogram

Answer 15

altered form of plaintext message

Question 16

cryptosystem

Answer 16

entire operation - algorithm, the key and the management functions

Question 17

encryption

Answer 17

same as enciphering - process of converting message from its plaintext to ciphertext

Question 18

decryption

Answer 18

decipher, reverse process of encryption

Question 19

key or cyrptovariable

Answer 19

the input that controls the behavior of the algorithm (mathematical function)

Question 20

nonrepudiation

Answer 20

security service - evidence maintained so that the sender and the recipient cannot deny having participated in the communication.

Question 21

cryptoanalysis/cryptogolgy

Answer 21

study to defeat cryptographic techniques/science that deals with hidden,disguised or encrypted communications

Question 22

collision

Answer 22

hash function generates the same output for different inputs

Question 23

key space

Answer 23

total number of possible values in an algorithm

Question 24

work factor

Answer 24

time and effort to break a protective measure

Question 25

initialization vector (IV)

Answer 25

nonsecret binary vector used as the initializing input algorithm - to increase security by introducing additional cyrptographic variance

Question 26

encoding

Answer 26

changing a message into another format, decoding is the reverse

Question 27

transposition or permutation

Answer 27

reordering plaintext to hide the message

Question 28

substitution

Answer 28

exchanging one letter for another

Question 29

SP-network

Answer 29

Claude Shannon - used in block ciphers to increase their strength. SP (Substitution and permutation)

Question 30

Confusion

Answer 30

mixing key values in repeated rounds

Question 31

diffusion

Answer 31

mixing up location of plaintext throughout ciphertext

Question 32

avalanche effect

Answer 32

minor change in key or plaintext has significant impact in resulting ciphertext, fature of a strong hashing algorithm

Question 33

two methods of encrypting data

Answer 33

stream and block methods

Question 34

stream based ciphers

Answer 34

on bit by bit basis - most commonly associated with streaming applications such as voice or video transmission - mix plaintext with a keystream - Exclusive-or (XOR) operation - a very fast mathematical operation. Relies primarily on subsitution of bit for another. Keystream should be long enough to not be easily guessed or predictable. Many implemented in hardware

Question 35

block ciphers

Answer 35

operates on blocks or chunks of data into a preset size. most use combination of substitution and tranposition - makes it realitvely stronger than stream based - more expensive to implement - many implemented in software

Question 36

Electronic Code Book

Answer 36

each block encrypted separately - same plain text will encrypt to same ciphertext - revelas patterns in the code - for very short messages

Question 37

Cipher Block Chaining

Answer 37

each block is XORed with the previous ciphertext block before being encrypted - hides patterns. each initialization vector randonly generated will prevent patterns

Question 38

DES

Answer 38

Data encryption standard work of Harst Feistal - 64 bits in length - every 8th bit ignored for parity. Effective length is 56 bits - 2 to the 56 power. 16 identical stages. - strong and fast but not suitable for very confidential data due to the increase incomputing power - suspetible to brute force attack

Question 39

Blais de Vigenere

Answer 39

developed the polyalphabetic cioher using a keyword and 26 alphabets

Question 40

one time pads

Answer 40

asserted as unbreakable - Gilbert Vernam - running key cipher

Question 41

Asymmetric algorithms

Answer 41

RSA, EL Gamel and ECC have message authentication and digital signature functionality. Whit Diffie/Martin Hellman - two keys private and public. Sneder encrypts the the message with the public key of the receiver. The receiver decrypts with the private key. (Confidential Message). Open message is the reverse. By the sender doing both public and private there is confidential and proof of origin. Slower than symmetric.

Question 42

symmetric

Answer 42

single key used for both encryption and decryption - shared key - Caesar copher, Spartan Scytale, and Enigma

Question 43

ECB

Answer 43

electronic Codebook Mode - 64bit - only used for short messages

Question 44

CBC

Answer 44

Cipher block chaining mode stronger than ECB

Question 45

CFB

Answer 45

Cipher feedback mode - individual segments - 1 bit, 8 bit, 64 bit and 128 bit - IV loaded into shift register

Question 46

OFB

Answer 46

Open feedback mode - feeds encrypted stream back into itself

Question 47

Counter mode

Answer 47

used in high-speed applications such as IPSec and ATM - 64 bit random data block used as the first IV

Question 48

Triple DES

Answer 48

2 o 112 power - slow

Question 49

AES

Answer 49

Advanced encryption (128) standard Rijndael algorithm (Daemon/Rijmen) - block cipher CCMP is th actual encryption protocol. - 128, 192 ro 256 bits

Question 50

IDEA

Answer 50

International Data Encryption Algorithm - 128 bit key and 64 bit blocks - 8 rounds

Question 51

CAST

Answer 51

Carlisle Adams and Stafford Tavares keys betwee 40 and 128

Question 52

blowfish

Answer 52

symmetrical algorithm - extremely fast - divides input blocks into two halves - twofish adapted version

Question 53

rc5

Answer 53

ron rivest 0 to 2040 bit keys

Question 54

rc4

Answer 54

stream based cipher - most widely used

Question 55

RSA

Answer 55

factoring the product of two large prime numbers - most widely used public alogorithm

Question 56

diffie/hellman algorithm

Answer 56

tow users negotiate a secret symmetric key - usesful in PKI

Question 57

El Gamel

Answer 57

provides message confidentaility and digital signatures services

Question 58

ECC

Answer 58

Elliptic Curve Cryptography - speed and strength - beneficial in smart cards

Question 59

Message Authentication COde

Answer 59

small block of data generated using a secret key and then appended to the message.

Question 60

HMAC

Answer 60

hashed MACing system

Question 61

5 properties of HASH function

Answer 61

uniformly distributed - output not predictable; weak collision resistant - secound input value doesn’t hash to same values a aonother input ; difficult to invert - one way; storage collision resistant - two inputs don’t produce the same value; deterministic - given x always produces y

Question 62

MD5 Message Digest Algorithm

Answer 62

Ron RIvest - most widely used hasing algorithm - generates a 128 bit digets and process the message in 512 bit blocks - 16 steps in a round - 4 rounds

Question 63

SHA-1

Answer 63

512 bit blocks - ouput is 160 bits - 4 rounds 20 steps

Question 64

HAVAL

Answer 64

variable length output and vairable # of rounds on 1024 input blocks - output 128, 160, 192, 224 or 256 - rounds 3-5

Question 65

Asymmetric key cryptography is used for the following A. Encryption of data, Access Control, Steganography B. Steganography, Access Control, Non repudiation C. Nonrepudiation, Steganography, Encryption of Data D. Encryption of Data, Nonrepudiation, Access Control

Answer 65

D. Encryption of Data, Nonrepudiation, Access Control

Question 66

Which of the following supports asymmetric key crytpography? A. Diffie-Hellman B. Rijndael C. Blowfish D. SHA-256

Answer 66

A. Diffie-Hellman

Question 67

What is an important disadvantage of using a public key algorithm compared to symmetric algorithm? A. A symmetric algortihm provides better access control B. A symmetric algortihm is a faster process C. A symmetric algortihm provides nonrepudiation of delivery D. A symmetric algortihm is more difficult to implement

Answer 67

B. A symmetric algortihm is a faster process

Question 68

When a user needs to provide message integrity, what option is BEST? A. Send a digitial signature of the message to the recipient B. Encrypt the message with a symmetric algorithm and send it C. Encrypt the message with a private key so the receipient can decrypt with the corresponding public key D. Create a checksum, append it to the message, encrypt the message, then send to recipient

Answer 68

D. Create a checksum, append it to the message, encrypt the message, then send to recipient

Question 69

A CA provides which benefits to a user? A. Protection of public keys of all users B. History of symmetric keys C. Proof of nonrepudiation of origin D. Validation that a public key is associated with a particular user

Answer 69

D. Validation that a public key is associated with a particular user

Question 70

What is the output length of a RIPEMD-160 hash output length? A. 160 bits B. 150 bits C. 128 bits D. 104 bits

Answer 70

A. 160 bits

Question 71

ANSI X9.17 is concerned primarily with A. Protection and secrecy of keys B. Financial Records and retentionof encrypted data C. Formalizing a key hierarchy D. The lifespan of key-encrypting keys

Answer 71

A. Protection and secrecy of keys

Question 72

Whena certificate is revoked, what is the proper procedure? A. Setting new key expiry dates B. Updating the key certificate revocation list C. Removal of the private key from all directories D. Notification to all employees of revoked keys

Answer 72

B. Updating the key certificate revocation list

Question 73

Which is true about link encryption? A. Link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information B. Link encryption is often used for Frame Relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality D. Link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality

Answer 73

C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality

Question 74

Which is the sequence that controls the operation of the cryptographic algortihm? A. Encoder B. Decoder wheel C. Cryptovariable D. Crytpographic routine

Answer 74

C. Cryptovariable

Question 75

The process used in most block ciphers to increase their strength is A. Diffusion B. Confusion C. Step function D. SP-Network

Answer 75

D. SP-Network

Question 76

which of the following best describes fundamental methods of encrypting data A. Substitution and tranposition B. 3DES and PGP C. Symmetric and Asymmetric D. DES and AES

Answer 76

C. Symmetric and Asymmetric

Question 77

crytographysupports all of the core principles of information security except A. Availability B. Confidentiality C. Integrity D. Authenticity

Answer 77

D. Authenticity

Question 78

A way to defeat frequency analysis as a method to determine the key is to use A. Subsitution ciphers B. Transposition ciphers C. Polyalphabetic ciphers D. Inversion ciphers

Answer 78

C. Polyalphabetic ciphers

Question 79

The running key cipher is based on A. Modular artihmetic B. XOR mathematics C. Factoring D. Exponentiation

Answer 79

A. Modular artihmetic

Question 80

The only cipher that is said to be unbreakable cipher by brute force is A. AES B. DES C. One-time Pad D. Triple DES

Answer 80

C. One-time Pad

Question 81

A message protected by steganography would most likely be found in a A. Public Key B. Algorithm C. Private Key D. Picture File

Answer 81

D. Picture File

Question 82

Which is the best choice for implementing encryption on a smart card? A. Blowfish B. Elliptic Curve Cryptography C. Twofish D. Quantum Cryptography

Answer 82

B. Elliptic Curve Cryptography

Question 83

An e-mail with a document attachment from a known individual is received with a digital signature. The e-mail client is unable to validate signature. What is the best course of action? A. Open the attachment to determine if the signature is valid B. Determine why the signature can’t be validated prior to opening the attachment C. Delete the e-mail D. Forward the e-mail to another address with a new signature

Answer 83

B. Determine why the signature can’t be validated prior to opening the attachment

Question 84

The vast majority of VPNS use A. SSL/TLS and IPSec B. El Gamal and DES C. 3DES and Blowfish D. Twofish and Idea

Answer 84

A. SSL/TLS and IPSec

Question 85

Symmetric alogrithms

Answer 85

desinged to have security equla to their key length

Question 86

Block ciphers

Answer 86

produce a fixed length block of cipher test - incomplete blocks are padded

Question 87

Concealment Cipher

Answer 87

inlcude plaintext within ciphertext

Question 88

substitution cipher

Answer 88

substitute one letter for another

Question 89

transposition cipher

Answer 89

interchanging the order of the letters - suscpetible to frequencey analysis

Question 90

Caeser cipher

Answer 90

simple substitution shifted plain text over three place monoalphabetic

Question 91

Polyalphabetic cipher

Answer 91

using several alphabets for substitution plaintext

Question 92

Blai de Vignere

Answer 92

Top row palintext - subsitute alphabet, Column Key ABCDEF A B C D E F

Question 93

Modular mathematics

Answer 93

cipher text = plain text + key A=0 N =13 Q=16 N+Q = 29(-26)=3=D

Question 94

Running key cipher

Answer 94

key is repeated to match length of plain text

Question 95

One time pads

Answer 95

unbreakable - Gilbert Vernam

Question 96

Message Integrity COntrol

Answer 96

assurance message ahs not been modified

Question 97

Symmetric Cryptography

Answer 97

single key used for both encryption and decryption, aka single, same or shared key encryption. Key is known as secret or private. Key management is a difficult challenge. key not sent with data - using different channel (out of band). Very fast, secure and cheap -provides confientiality but not non-repudiation, message integirty and access control

Question 98

Symmetric alogrithms

Answer 98

Caesar, Spartan & Enigma, DES (Feistal) 64 bit, 56 bit usable replaced by AES (based on Rijndael), IDEA, Blowfish, twofish, RC5 -Rivest, RC4 - most widel used

Question 99

ECB

Answer 99

basic block cipher

Question 100

Cipher block chaining

Answer 100

stronger than ECB

Question 101

Cipher feedback mode

Answer 101

input separate into individual segments, putput feedback similar

Question 102

DES

Answer 102

suspetbile to brute force

Question 103

Triple DES

Answer 103

used two keys, encrypt with key 1, then key 2, then key 1

Question 104

AES

Answer 104

Rijndael alogorithm used with block sizes of 128, 192 or 256 , key same sizes

Question 105

stream based cipher

Answer 105

used in WEB and SSL/TLS

Question 106

Assymmetric algortihms

Answer 106

Diffie Hellman use 2 keys linked mathematically, private key/public key. It is a key exchange - does not provide message confidentiality Encrypting with private key - confidential and proof of origin

Question 107

RSA - Rivest-Shamir-Adleman

Answer 107

factoring product of two large prime numbers - attack using brute force, mathematical attacks; timing attacks

Question 108

El GAmel

Answer 108

provides message confidentiality

Question 109

ECC - Eliptic Curve Cryptiography

Answer 109

speed and strength

Question 110

Hybrid

Answer 110

asymmetric for bulk data, encryption and distribution, symmetric -key

Question 111

Message digest

Answer 111

small representation of a larger message - for authentication and integrity - Message Authentication COde (MAC)

Question 112

HMACS

Answer 112

add secret key value to hash input function

Question 113

Hashing

Answer 113

accepts message of any length, generates through a one-way operation, a fixed length ouput - hash code/message digest

Question 114

MD5-Rivest

Answer 114

most widely used hasing algortihm output 128 bit, 4 rounds, 16 steps

Question 115

SHA - Secure Hash Algorithm

Answer 115

output 160 bits, 4 rounds, 20 steps

Question 116

Haval

Answer 116

variable length output

Question 117

Rainbow tables

Answer 117

lists used in cracking password hashes

Question 118

key

Answer 118

size and secrecy are the two most important elements

Question 119

Dual control

Answer 119

requires two or more persons to come together and collude to complete a process

Question 120

Split knowledge

Answer 120

what each must bring

Question 121

Randomness

Answer 121

lacking predictability

Question 122

key length

Answer 122

security of an alogrithm cannot exceed its key length

Question 123

Assymmetric key length

Answer 123

must be longer for equivalent resistance since problem solving is faster than brute force

Question 124

Digital signature

Answer 124

mathematical prepresentation include date and time as well as method to verify for a third party, encrypted with sender’s private key

Question 125

DSS

Answer 125

create signatrue before encrypting message so signature authenticates message and not cipher text

Question 126

Non-repudiation

Answer 126

sender cannot deny a message - accomplished with digital signatures and PKI

Question 127

Certificate Authority

Answer 127

association between private key and sender

Question 128

Attacks - chosen plain text

Answer 128

knows algortihm - modify chose input

Question 129

Differential (side channel) attack

Answer 129

know execution times and power required - find key and algorithm

Question 130

Linear attack

Answer 130

known plaintext - describe behavior of block text

Question 131

Rainbow table

Answer 131

look at sorted hash outputs

Question 132

Cipher test attack only

Answer 132

look for trends or statistical data

Question 133

Know plain text

Answer 133

access to both cipher text and plain text versions - find link

Question 134

Frequency analysis

Answer 134

works well with substitution cipher

Question 135

Chosen cipher text

Answer 135

access to decryption device - trying to discover key

Question 136

VPNs

Answer 136

provide confidentilaity and data integrity. IPSec and SSL dominant protocols