Chapter 5 - Cryptography Flashcards
Quantum crytopgraphy
quantum key distribution - uses physics (not math, as was used in traditional cyrtography) to secure data. It is not used to encrypt, transfer of store encrypted data. it allows the exchange of a cryptography key between two remote parties by the laws of physics. - Uses single-photon light pulses. Increased speed of quantum computers comes from forming a superposition of numbers.
availability
cryptography doesn’t completely support it but denying attacker access helps not damaging the system for the authorized users.
hashed password files
not encrypted therefore no keys to decrypt
link encryption
provided by service providers - encrypts all data along a communication path - communication nodes need to decrypt the data to continue routing. Also encrypts routing information so provides better traffic confidentiality than end-to-end.
end to end
usually performed by end user at start of communications channel, remains encrypted until it is decrypted at remote end. Possible to combine both types. Routing information remains visible
key custering
different encryption keys generate the same ciphertext from the same plaintext message
synchronous
each encryption or decryption request is performed immediately
asynchronous
encrypt/decrypt requests are processed in queues.
a hash function
one-way mathematical operation that reduces a message into a smaller fixed length - hash value
digital signatures
provide authentication of a sender and integrity of a sender’s message. Hash value encrypted using private key of sender. Receiver decrypts the hash value using the signer’s public key, then performs the same hash computation over the message. if hash values are the same then signature is valid
asymmetric
one key to encrypt and another to decrypt - most commonly used with PKI - Public Key Infrastructure
digital certificate
electronic document with name of organization or individual, business address, digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date.
certificate authority
entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates
registration authority
performs certificate registration services on behalf of a CA
Ciphertext of Crytpogram
altered form of plaintext message
cryptosystem
entire operation - algorithm, the key and the management functions
encryption
same as enciphering - process of converting message from its plaintext to ciphertext
decryption
decipher, reverse process of encryption
key or cyrptovariable
the input that controls the behavior of the algorithm (mathematical function)
nonrepudiation
security service - evidence maintained so that the sender and the recipient cannot deny having participated in the communication.
cryptoanalysis/cryptogolgy
study to defeat cryptographic techniques/science that deals with hidden,disguised or encrypted communications
collision
hash function generates the same output for different inputs
key space
total number of possible values in an algorithm
work factor
time and effort to break a protective measure
initialization vector (IV)
nonsecret binary vector used as the initializing input algorithm - to increase security by introducing additional cyrptographic variance
encoding
changing a message into another format, decoding is the reverse
transposition or permutation
reordering plaintext to hide the message
substitution
exchanging one letter for another
SP-network
Claude Shannon - used in block ciphers to increase their strength. SP (Substitution and permutation)
Confusion
mixing key values in repeated rounds
diffusion
mixing up location of plaintext throughout ciphertext
avalanche effect
minor change in key or plaintext has significant impact in resulting ciphertext, fature of a strong hashing algorithm
two methods of encrypting data
stream and block methods
stream based ciphers
on bit by bit basis - most commonly associated with streaming applications such as voice or video transmission - mix plaintext with a keystream - Exclusive-or (XOR) operation - a very fast mathematical operation. Relies primarily on subsitution of bit for another. Keystream should be long enough to not be easily guessed or predictable. Many implemented in hardware
block ciphers
operates on blocks or chunks of data into a preset size. most use combination of substitution and tranposition - makes it realitvely stronger than stream based - more expensive to implement - many implemented in software
Electronic Code Book
each block encrypted separately - same plain text will encrypt to same ciphertext - revelas patterns in the code - for very short messages
Cipher Block Chaining
each block is XORed with the previous ciphertext block before being encrypted - hides patterns. each initialization vector randonly generated will prevent patterns
DES
Data encryption standard work of Harst Feistal - 64 bits in length - every 8th bit ignored for parity. Effective length is 56 bits - 2 to the 56 power. 16 identical stages. - strong and fast but not suitable for very confidential data due to the increase incomputing power - suspetible to brute force attack
Blais de Vigenere
developed the polyalphabetic cioher using a keyword and 26 alphabets
one time pads
asserted as unbreakable - Gilbert Vernam - running key cipher
Asymmetric algorithms
RSA, EL Gamel and ECC have message authentication and digital signature functionality. Whit Diffie/Martin Hellman - two keys private and public. Sneder encrypts the the message with the public key of the receiver. The receiver decrypts with the private key. (Confidential Message). Open message is the reverse. By the sender doing both public and private there is confidential and proof of origin. Slower than symmetric.
symmetric
single key used for both encryption and decryption - shared key - Caesar copher, Spartan Scytale, and Enigma
ECB
electronic Codebook Mode - 64bit - only used for short messages
CBC
Cipher block chaining mode stronger than ECB
CFB
Cipher feedback mode - individual segments - 1 bit, 8 bit, 64 bit and 128 bit - IV loaded into shift register
OFB
Open feedback mode - feeds encrypted stream back into itself
Counter mode
used in high-speed applications such as IPSec and ATM - 64 bit random data block used as the first IV
Triple DES
2 o 112 power - slow
AES
Advanced encryption (128) standard Rijndael algorithm (Daemon/Rijmen) - block cipher CCMP is th actual encryption protocol. - 128, 192 ro 256 bits
IDEA
International Data Encryption Algorithm - 128 bit key and 64 bit blocks - 8 rounds
CAST
Carlisle Adams and Stafford Tavares keys betwee 40 and 128
blowfish
symmetrical algorithm - extremely fast - divides input blocks into two halves - twofish adapted version
rc5
ron rivest 0 to 2040 bit keys
rc4
stream based cipher - most widely used
RSA
factoring the product of two large prime numbers - most widely used public alogorithm
diffie/hellman algorithm
tow users negotiate a secret symmetric key - usesful in PKI
El Gamel
provides message confidentaility and digital signatures services
ECC
Elliptic Curve Cryptography - speed and strength - beneficial in smart cards
Message Authentication COde
small block of data generated using a secret key and then appended to the message.
HMAC
hashed MACing system
5 properties of HASH function
uniformly distributed - output not predictable; weak collision resistant - secound input value doesn’t hash to same values a aonother input ; difficult to invert - one way; storage collision resistant - two inputs don’t produce the same value; deterministic - given x always produces y
MD5 Message Digest Algorithm
Ron RIvest - most widely used hasing algorithm - generates a 128 bit digets and process the message in 512 bit blocks - 16 steps in a round - 4 rounds
SHA-1
512 bit blocks - ouput is 160 bits - 4 rounds 20 steps
HAVAL
variable length output and vairable # of rounds on 1024 input blocks - output 128, 160, 192, 224 or 256 - rounds 3-5
Asymmetric key cryptography is used for the following A. Encryption of data, Access Control, Steganography B. Steganography, Access Control, Non repudiation C. Nonrepudiation, Steganography, Encryption of Data D. Encryption of Data, Nonrepudiation, Access Control
D. Encryption of Data, Nonrepudiation, Access Control
Which of the following supports asymmetric key crytpography? A. Diffie-Hellman B. Rijndael C. Blowfish D. SHA-256
A. Diffie-Hellman
What is an important disadvantage of using a public key algorithm compared to symmetric algorithm? A. A symmetric algortihm provides better access control B. A symmetric algortihm is a faster process C. A symmetric algortihm provides nonrepudiation of delivery D. A symmetric algortihm is more difficult to implement
B. A symmetric algortihm is a faster process
When a user needs to provide message integrity, what option is BEST? A. Send a digitial signature of the message to the recipient B. Encrypt the message with a symmetric algorithm and send it C. Encrypt the message with a private key so the receipient can decrypt with the corresponding public key D. Create a checksum, append it to the message, encrypt the message, then send to recipient
D. Create a checksum, append it to the message, encrypt the message, then send to recipient
A CA provides which benefits to a user? A. Protection of public keys of all users B. History of symmetric keys C. Proof of nonrepudiation of origin D. Validation that a public key is associated with a particular user
D. Validation that a public key is associated with a particular user
What is the output length of a RIPEMD-160 hash output length? A. 160 bits B. 150 bits C. 128 bits D. 104 bits
A. 160 bits
ANSI X9.17 is concerned primarily with A. Protection and secrecy of keys B. Financial Records and retentionof encrypted data C. Formalizing a key hierarchy D. The lifespan of key-encrypting keys
A. Protection and secrecy of keys
Whena certificate is revoked, what is the proper procedure? A. Setting new key expiry dates B. Updating the key certificate revocation list C. Removal of the private key from all directories D. Notification to all employees of revoked keys
B. Updating the key certificate revocation list
Which is true about link encryption? A. Link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information B. Link encryption is often used for Frame Relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality D. Link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality
C. Link encryption encrypts routing infomraiotn, is often used for Frame Relay or satllite links, and provides traffic flow confidentiality
Which is the sequence that controls the operation of the cryptographic algortihm? A. Encoder B. Decoder wheel C. Cryptovariable D. Crytpographic routine
C. Cryptovariable
The process used in most block ciphers to increase their strength is A. Diffusion B. Confusion C. Step function D. SP-Network
D. SP-Network
which of the following best describes fundamental methods of encrypting data A. Substitution and tranposition B. 3DES and PGP C. Symmetric and Asymmetric D. DES and AES
C. Symmetric and Asymmetric
crytographysupports all of the core principles of information security except A. Availability B. Confidentiality C. Integrity D. Authenticity
D. Authenticity
A way to defeat frequency analysis as a method to determine the key is to use A. Subsitution ciphers B. Transposition ciphers C. Polyalphabetic ciphers D. Inversion ciphers
C. Polyalphabetic ciphers
The running key cipher is based on A. Modular artihmetic B. XOR mathematics C. Factoring D. Exponentiation
A. Modular artihmetic
The only cipher that is said to be unbreakable cipher by brute force is A. AES B. DES C. One-time Pad D. Triple DES
C. One-time Pad
A message protected by steganography would most likely be found in a A. Public Key B. Algorithm C. Private Key D. Picture File
D. Picture File
Which is the best choice for implementing encryption on a smart card? A. Blowfish B. Elliptic Curve Cryptography C. Twofish D. Quantum Cryptography
B. Elliptic Curve Cryptography
An e-mail with a document attachment from a known individual is received with a digital signature. The e-mail client is unable to validate signature. What is the best course of action? A. Open the attachment to determine if the signature is valid B. Determine why the signature can’t be validated prior to opening the attachment C. Delete the e-mail D. Forward the e-mail to another address with a new signature
B. Determine why the signature can’t be validated prior to opening the attachment
The vast majority of VPNS use A. SSL/TLS and IPSec B. El Gamal and DES C. 3DES and Blowfish D. Twofish and Idea
A. SSL/TLS and IPSec
Symmetric alogrithms
desinged to have security equla to their key length
Block ciphers
produce a fixed length block of cipher test - incomplete blocks are padded
Concealment Cipher
inlcude plaintext within ciphertext
substitution cipher
substitute one letter for another
transposition cipher
interchanging the order of the letters - suscpetible to frequencey analysis
Caeser cipher
simple substitution shifted plain text over three place monoalphabetic
Polyalphabetic cipher
using several alphabets for substitution plaintext
Blai de Vignere
Top row palintext - subsitute alphabet, Column Key ABCDEF A B C D E F
Modular mathematics
cipher text = plain text + key A=0 N =13 Q=16 N+Q = 29(-26)=3=D
Running key cipher
key is repeated to match length of plain text
One time pads
unbreakable - Gilbert Vernam
Message Integrity COntrol
assurance message ahs not been modified
Symmetric Cryptography
single key used for both encryption and decryption, aka single, same or shared key encryption. Key is known as secret or private. Key management is a difficult challenge. key not sent with data - using different channel (out of band). Very fast, secure and cheap -provides confientiality but not non-repudiation, message integirty and access control
Symmetric alogrithms
Caesar, Spartan & Enigma, DES (Feistal) 64 bit, 56 bit usable replaced by AES (based on Rijndael), IDEA, Blowfish, twofish, RC5 -Rivest, RC4 - most widel used
ECB
basic block cipher
Cipher block chaining
stronger than ECB
Cipher feedback mode
input separate into individual segments, putput feedback similar
DES
suspetbile to brute force
Triple DES
used two keys, encrypt with key 1, then key 2, then key 1
AES
Rijndael alogorithm used with block sizes of 128, 192 or 256 , key same sizes
stream based cipher
used in WEB and SSL/TLS
Assymmetric algortihms
Diffie Hellman use 2 keys linked mathematically, private key/public key. It is a key exchange - does not provide message confidentiality Encrypting with private key - confidential and proof of origin
RSA - Rivest-Shamir-Adleman
factoring product of two large prime numbers - attack using brute force, mathematical attacks; timing attacks
El GAmel
provides message confidentiality
ECC - Eliptic Curve Cryptiography
speed and strength
Hybrid
asymmetric for bulk data, encryption and distribution, symmetric -key
Message digest
small representation of a larger message - for authentication and integrity - Message Authentication COde (MAC)
HMACS
add secret key value to hash input function
Hashing
accepts message of any length, generates through a one-way operation, a fixed length ouput - hash code/message digest
MD5-Rivest
most widely used hasing algortihm output 128 bit, 4 rounds, 16 steps
SHA - Secure Hash Algorithm
output 160 bits, 4 rounds, 20 steps
Haval
variable length output
Rainbow tables
lists used in cracking password hashes
key
size and secrecy are the two most important elements
Dual control
requires two or more persons to come together and collude to complete a process
Split knowledge
what each must bring
Randomness
lacking predictability
key length
security of an alogrithm cannot exceed its key length
Assymmetric key length
must be longer for equivalent resistance since problem solving is faster than brute force
Digital signature
mathematical prepresentation include date and time as well as method to verify for a third party, encrypted with sender’s private key
DSS
create signatrue before encrypting message so signature authenticates message and not cipher text
Non-repudiation
sender cannot deny a message - accomplished with digital signatures and PKI
Certificate Authority
association between private key and sender
Attacks - chosen plain text
knows algortihm - modify chose input
Differential (side channel) attack
know execution times and power required - find key and algorithm
Linear attack
known plaintext - describe behavior of block text
Rainbow table
look at sorted hash outputs
Cipher test attack only
look for trends or statistical data
Know plain text
access to both cipher text and plain text versions - find link
Frequency analysis
works well with substitution cipher
Chosen cipher text
access to decryption device - trying to discover key
VPNs
provide confidentilaity and data integrity. IPSec and SSL dominant protocols
