Chapter 6- Cryptography and Symmetric Key Algorithms

Question 1

List the goals of cryptography

Answer 1

1. Confidentiality
2. Integrity
3. Authentication
4. Non-Repudiation

Question 2

3 states at which data must remain private

Answer 2

1. Rest
2. Transit
3. Use

Question 3

Most common goal of cryptosystems

Answer 3

Confidentiality

Question 4

List the cryptosystems that enforce confidentiality

Answer 4

1. Symmetric Cryptosystems

2. Asymmetric Cryptosystems

Question 5

When developing cryptographic systems. Which types of data must you think about

Answer 5

1. Data at rest
2. Data in motion
3. Data in use

Question 6

Define:

a. Data at rest
b. Data in Motion
c. Data in Use

Answer 6

Data at Rest: this is data that resides in a permanent location awaiting access. It is also known as stored data.

Data in Motion: this is data that is been transmitted on a network between 2 systems. It is also known as data on the wire.

Data in use: this is data that is stored on the active memory of a computer system where it may be accessed by a process running on that system.

Question 7

Example of data in motion, rest and use

Threats to data in motion, rest and use

Answer 7

Data in Motion: Data on a wireless network, company network. Threat-Eavesdropping attacks.

Data at Rest: data on hard drives. cloud, USB devices. Threat- theft.

Data in Use:

Question 8

Define Integrity

Answer 8

Integrity ensures that data is not altered without authorization.

Question 9

How is message integrity kept

Answer 9

Message integrity is enforced by the use of encrypted message digests, known as digital signatures.

or through secret keys sometimes.

Question 10

Define Authentication

Answer 10

This is a major function of cryptosystems that verifies the claimed identity of system users.

Question 11

What is Nonrepudiation

Answer 11

Nonrepudiation provides assurance to the recipient that the message originated from the sender.

It prevents an impostor from pretending to be the sender.

It also prevents the sender from claiming that they never sent the message.

Question 12

The following do not guarantee non-repudiation

Answer 12

secret key, symmetric key, cryptosystems (i.e. simple substitution ciphers.

Question 13

Define Algorithms

Answer 13

Set of rules, usually mathematical that dictates how enciphering and deciphering processes are to take place

Question 14

What term can be summed up as “the enemy knows the system”

Answer 14

Kerckhoffs’s Principle (or assumption)

Question 15

State Kerckhoffs’s Assumption

Answer 15

Kerckhoffs’s principles is that cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

Question 16

What do you understand by cryptology

Answer 16

this is a mixture of cryptography and cryptanalysis.

Question 17

What is one-way function?

Answer 17

This is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

Question 18

What is a nonce?

Answer 18

This is is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at the moment of processing for one-time use. e.g. Initialization Vector (IV)

Question 19

What is a nonce?

Answer 19

This is is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at the moment of processing for one-time use. e.g. Initialization Vector (IV)

Question 20

Explain Zero Knowledge of proof

Answer 20

This involves proving your knowledge of a fact to a third party without revealing the fact to the third party.

Question 21

Split Knowledge involves

Answer 21

dividing the information or privilege required to perform an operation among multiple users, so that no single user has sufficient privileges to compromise the security of an environment. e.g. concept of key escrow.

Question 22

M of N Control

Answer 22

This requires that a minimum number of agents (M) out of a total number of agents (N) work together to perform high-security tasks.

Question 23

What is Work Function?

Answer 23

This involves measuring the strength of a cryptography system by measuring the effort in terms of cost and time using a work function.

For example the time and effort required to perform a complete brute force attack.

Question 24

Codes vs Ciphers

Answer 24

Codes represent words or phrases. They are sometimes secret. They are not necessarily meant to provide confidentiality.

Ciphers are ALWAYS meant to hide the true meaning of a message. They use a variety of techniques to alter or rearrange the characters or bits of a message to achieve confidentiality.

Question 25

Explain how ciphers convert messages

Answer 25

Ciphers convert messages from plaintext to cipher text on a bit basis, character basis, or block basis.

Question 26

Codes

Answer 26

Codes work on phrases and words

Question 27

What are Ciphers?

Answer 27

Ciphers work on individual characters and bits

Question 28

Explain Transposition Ciphers and substitution ciphers

Answer 28

Transposition cipher uses encryption algorithm to rearrange the letters of a plaintext message e.g. from apple to elppa

Substitution cipher uses encryption to replace each character or bit of the plaintext message with a different character.

Question 29

Example of Substitution Cipher

Answer 29

One-Time Pad (Vernam Cipher)

It uses different substitution alphabets for each letter of plaintext message.

Question 30

Advantage of one-time pads

Answer 30

They are unbreakable encryption scheme. No repeating of alphabets

Question 31

One-time pads vs Vigenere cipher vs Caesar

Answer 31

The only difference is in the key length.

Caesar shift cipher- uses a key of length one.
Vigenere: uses word or sentence
One-time pad: uses a key that is as long as the message itself.

Question 32

Disadvantages of one time pads

Answer 32

1. Difficulty in generating, distributing and safeguarding the lengthy keys required
2. it can realistically be used only for short messages

Question 33

What is running key cipher

Answer 33

This involves encryption keys that are as long as the message itself and is often chosen from a common book

Question 34

Block ciphers

Answer 34

Block ciphers operate on chunks or blocks of a message and apply encryption algorithms to an entire message block at a time. e.g. transposition ciphers

Question 35

Stream ciphers

Answer 35

Stream ciphers operate on a character or a bit of message at a time. e.g. Caesar cipher and one-time pad.

Question 36

Confusion and Diffusion

Answer 36

Confusion occurs when the relationship btw plaintext and key is complicated that an attacker cant merely continue altering the plaintext and analysing the resulting ciphertext to determine the key.

Diffusion this occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Question 37

What are Symmetric Key Algorithms

Answer 37

This key is used by all parties to encrypt and decrypt messages. The sender and receiver both possess a copy of the shared key.

Question 38

Symmetric Key Cryptography is also known as

Answer 38

1. Secret Key Cryptography

2. Private Key Cryptography

Question 39

Disadvantages of Symmetric Keys

Answer 39

1. key distribution
2. Does not implement nonrepudiation
3. algorithm is not scalable
   4 keys must be generated often

Question 40

What are Asymmetric Key Algorithms

Answer 40

This is also known as public key algorithms

User has 2 keys, a public key that is shared with all users and a private key, which is kept secret and known to only the user.

If a public key encrypts a message, only a corresponding a private key can decrypt it

EXAM NOTE:
The number of keys required to connect N parties using symmetric cryptography is given by the formula: (N * (N-1)) / 2. I like to write it (N²-N)/2 because seeing the square helps me remember it’s the formula for symmetric algorithms. Asymmetric is simply 2N.

Question 41

Advantages of Asymmetric key

Answer 41

It provides integrity, authentication and nonrepudiation

Question 42

Compare Symmetric and Asymmetric Keys

Answer 42

Symmetric: Single shared key
Out of band exchange
Not Scalable
Fast
Bulk Encryption
Confidentiality

Asymmetric: Key pair sets
In band exchange
Scalable
Slow
Small blocks of data, digital signatures, digital envelopes, digital certificates
Confidentiality. integrity, authenticity, nonrepudiation

Question 43

What is collision

Answer 43

This occurs when a hash function produces the same value for 2 different methods.

Question 44

List Some Common Symmetric Cryptosystems

Answer 44

1. Data Encryption Standard (DES)
2. Triple DES (3DES)
3. International Data Encryption Algorithm (IDEA)
4. Blowfish
5. Skipjack
6. Advanced Encryption Standard (AES)

Question 45

Explain DES

Answer 45

DES is a 64 bit block cipher. It uses 56 bit key to drive the encryption and decryption process. the remaining 8 bits contain parity information to ensure the 56 bit is accurate.

it uses a long series of XOR to generate ciphertext.

Question 46

List DES 5 modes of operation

Answer 46

1. Electronic Code Book (ECB): this is the simplest and least secure. Encrypts block using the chosen secret key.
2. Cipher Block Chaining (CBC): each block of unencrypted text is XORed with block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. CBC implements an IV and XORs it with the first block of the message.
3. Output Feedback Mode (OFB):
   OFB is an AES block cipher mode similar to the CFB mode. What mainly differs from CFB is that the OFB mode relies on XOR-ing plaintext and ciphertext blocks with expanded versions of the initialization vector.
4. Counter (CTR) mode: uses a stream cipher similar to OFB and CFB modes. It uses a simple counter that increments for each operation
   5: Cipher Feedback Mode (CFB):Operates against data produced in real time. It uses memory buffers of the same block size. As buffer is full it is encrypted and sent out to recipients. It uses Initializing vector (IV) and chaining

Question 47

List some Symmetric Cryptosystems

Answer 47

DTIBS

1. Data Encryption Standard (DES)
2. Triple DES (3DES)
3. International Data Encryption Algorithm
4. Blowfish
5. Skipjack
6. Advanced Encryption Standard (AES)

Question 48

Explain 3DES

Answer 48

There are 4 versions of 3DES.

1. DES-EEE3: Encrypts plaintext 3 times using 3 different keys. i.e. E(K1, E(K2, E(K3,P))). It has an effective key length of 168 bits.
2. DES-EDE3: It uses 3 keys but replaces the second operation with a decryption operation. i.e. E(K1,D(K2,E(K3,P))) It has an effective key length of 168 bits.
3. DES-EEE2: This uses only 2 keys. i.e. E(K1,E(K2,E(K1,P))). Uses 112 bits effective key lengths.
4. DES-EDE2: This uses 2 keys and it uses one decryption key. i.e. E(K1,D(K2,E(K1,P))). Uses 112 bits effective key lengths.

Question 49

Explain IDEA

Answer 49

International Data Encryption Algorithm (IDEA) begins its operation with 128bit keys. This is broken up in a series of operations into 52 16bits subkeys.

IDEA is capable of operating in 5modes like DES and they are CTR,OFB,CFB,ECB,CBC. e.g. PGP

Question 50

Explain Blowfish

Answer 50

Blowfish cipher operates on 64 bits blocks of text. It uses variable key lengths from 32bits to 448 bits.

Blowfish’s algorithm is faster than DES and IDEA, it is built into commercial systems and algorithms.

Question 51

Explain Skipjack

Answer 51

Skipjack was approved for used by the US government FIPS 187 and Escrowed Encryption Service (EEE)

It is a block cipher that operates on 64 bit blocks of text with 80bit key size

For Key escrow, NIST and Dept. of Treasury hold a portion of the hold a portion of the information needed to reconstruct the Skipjack key.

Skipjack and Clipper are not embraced widely because of their links to the US government.

Question 52

Explain Rivest Cipher 5 (RC5)

Answer 52

This is a symmetric Algorithm patented by Rivest-Shamir-Andleman (RSA).

RC5 is a block cipher of variable block sizes 32, 64, or 128 bits. It uses key sizes between 0 and 2040bits. It is subject to brute force attacks.

Question 53

Explain Advanced Encryption Standard (AES)

Answer 53

AES allows processing of 128 bit blocks. AES ciphers allows 128, 192 and 256 bits blocks.

Question 54

Explain Twofish

Answer 54

Two operates on 128 bit blocks. It uses cryptographic of up to 256 bit lengths.

It uses 2 techniques:

Pre-whitening: XORing plaintext with with separate subkey before first round of encryption

Post-whitening: uses similar operation after 16th round of encryption.

Question 55

a

Answer 55

a

Question 56

b

Answer 56

b

Question 57

c

Answer 57

c

Question 58

d

Answer 58

d

Question 59

e

Answer 59

e

Question 60

List 3 main ways to exchange secret keys (symmetric)

Answer 60

1. Offline distribution
2. Diffie Hellman key exchange algorithm
3. Public key encryption

Question 61

What is Secure RPC

Answer 61

Secure RPC uses Diffie Hellman for key exchange