Chapter 6- Cryptography and Symmetric Key Algorithms Flashcards

1
Q

List the goals of cryptography

A
  1. Confidentiality
  2. Integrity
  3. Authentication
  4. Non-Repudiation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 states at which data must remain private

A
  1. Rest
  2. Transit
  3. Use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Most common goal of cryptosystems

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

List the cryptosystems that enforce confidentiality

A
  1. Symmetric Cryptosystems

2. Asymmetric Cryptosystems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When developing cryptographic systems. Which types of data must you think about

A
  1. Data at rest
  2. Data in motion
  3. Data in use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define:

a. Data at rest
b. Data in Motion
c. Data in Use

A

Data at Rest: this is data that resides in a permanent location awaiting access. It is also known as stored data.

Data in Motion: this is data that is been transmitted on a network between 2 systems. It is also known as data on the wire.

Data in use: this is data that is stored on the active memory of a computer system where it may be accessed by a process running on that system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Example of data in motion, rest and use

Threats to data in motion, rest and use

A

Data in Motion: Data on a wireless network, company network. Threat-Eavesdropping attacks.

Data at Rest: data on hard drives. cloud, USB devices. Threat- theft.

Data in Use:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Integrity

A

Integrity ensures that data is not altered without authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How is message integrity kept

A

Message integrity is enforced by the use of encrypted message digests, known as digital signatures.

or through secret keys sometimes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Authentication

A

This is a major function of cryptosystems that verifies the claimed identity of system users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Nonrepudiation

A

Nonrepudiation provides assurance to the recipient that the message originated from the sender.

It prevents an impostor from pretending to be the sender.

It also prevents the sender from claiming that they never sent the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The following do not guarantee non-repudiation

A

secret key, symmetric key, cryptosystems (i.e. simple substitution ciphers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Algorithms

A

Set of rules, usually mathematical that dictates how enciphering and deciphering processes are to take place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What term can be summed up as “the enemy knows the system”

A

Kerckhoffs’s Principle (or assumption)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

State Kerckhoffs’s Assumption

A

Kerckhoffs’s principles is that cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do you understand by cryptology

A

this is a mixture of cryptography and cryptanalysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is one-way function?

A

This is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a nonce?

A

This is is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at the moment of processing for one-time use. e.g. Initialization Vector (IV)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a nonce?

A

This is is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at the moment of processing for one-time use. e.g. Initialization Vector (IV)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Explain Zero Knowledge of proof

A

This involves proving your knowledge of a fact to a third party without revealing the fact to the third party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Split Knowledge involves

A

dividing the information or privilege required to perform an operation among multiple users, so that no single user has sufficient privileges to compromise the security of an environment. e.g. concept of key escrow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

M of N Control

A

This requires that a minimum number of agents (M) out of a total number of agents (N) work together to perform high-security tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Work Function?

A

This involves measuring the strength of a cryptography system by measuring the effort in terms of cost and time using a work function.

For example the time and effort required to perform a complete brute force attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Codes vs Ciphers

A

Codes represent words or phrases. They are sometimes secret. They are not necessarily meant to provide confidentiality.

Ciphers are ALWAYS meant to hide the true meaning of a message. They use a variety of techniques to alter or rearrange the characters or bits of a message to achieve confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Explain how ciphers convert messages

A

Ciphers convert messages from plaintext to cipher text on a bit basis, character basis, or block basis.

26
Q

Codes

A

Codes work on phrases and words

27
Q

What are Ciphers?

A

Ciphers work on individual characters and bits

28
Q

Explain Transposition Ciphers and substitution ciphers

A

Transposition cipher uses encryption algorithm to rearrange the letters of a plaintext message e.g. from apple to elppa

Substitution cipher uses encryption to replace each character or bit of the plaintext message with a different character.

29
Q

Example of Substitution Cipher

A

One-Time Pad (Vernam Cipher)

It uses different substitution alphabets for each letter of plaintext message.

30
Q

Advantage of one-time pads

A

They are unbreakable encryption scheme. No repeating of alphabets

31
Q

One-time pads vs Vigenere cipher vs Caesar

A

The only difference is in the key length.

Caesar shift cipher- uses a key of length one.
Vigenere: uses word or sentence
One-time pad: uses a key that is as long as the message itself.

32
Q

Disadvantages of one time pads

A
  1. Difficulty in generating, distributing and safeguarding the lengthy keys required
  2. it can realistically be used only for short messages
33
Q

What is running key cipher

A

This involves encryption keys that are as long as the message itself and is often chosen from a common book

34
Q

Block ciphers

A

Block ciphers operate on chunks or blocks of a message and apply encryption algorithms to an entire message block at a time. e.g. transposition ciphers

35
Q

Stream ciphers

A

Stream ciphers operate on a character or a bit of message at a time. e.g. Caesar cipher and one-time pad.

36
Q

Confusion and Diffusion

A

Confusion occurs when the relationship btw plaintext and key is complicated that an attacker cant merely continue altering the plaintext and analysing the resulting ciphertext to determine the key.

Diffusion this occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

37
Q

What are Symmetric Key Algorithms

A

This key is used by all parties to encrypt and decrypt messages. The sender and receiver both possess a copy of the shared key.

38
Q

Symmetric Key Cryptography is also known as

A
  1. Secret Key Cryptography

2. Private Key Cryptography

39
Q

Disadvantages of Symmetric Keys

A
  1. key distribution
  2. Does not implement nonrepudiation
  3. algorithm is not scalable
    4 keys must be generated often
40
Q

What are Asymmetric Key Algorithms

A

This is also known as public key algorithms

User has 2 keys, a public key that is shared with all users and a private key, which is kept secret and known to only the user.

If a public key encrypts a message, only a corresponding a private key can decrypt it

EXAM NOTE:
The number of keys required to connect N parties using symmetric cryptography is given by the formula: (N * (N-1)) / 2. I like to write it (N²-N)/2 because seeing the square helps me remember it’s the formula for symmetric algorithms. Asymmetric is simply 2N.

41
Q

Advantages of Asymmetric key

A

It provides integrity, authentication and nonrepudiation

42
Q

Compare Symmetric and Asymmetric Keys

A
Symmetric: Single shared key
Out of band exchange
Not Scalable
Fast
Bulk Encryption
Confidentiality

Asymmetric: Key pair sets
In band exchange
Scalable
Slow
Small blocks of data, digital signatures, digital envelopes, digital certificates
Confidentiality. integrity, authenticity, nonrepudiation

43
Q

What is collision

A

This occurs when a hash function produces the same value for 2 different methods.

44
Q

List Some Common Symmetric Cryptosystems

A
  1. Data Encryption Standard (DES)
  2. Triple DES (3DES)
  3. International Data Encryption Algorithm (IDEA)
  4. Blowfish
  5. Skipjack
  6. Advanced Encryption Standard (AES)
45
Q

Explain DES

A

DES is a 64 bit block cipher. It uses 56 bit key to drive the encryption and decryption process. the remaining 8 bits contain parity information to ensure the 56 bit is accurate.

it uses a long series of XOR to generate ciphertext.

46
Q

List DES 5 modes of operation

A
  1. Electronic Code Book (ECB): this is the simplest and least secure. Encrypts block using the chosen secret key.
  2. Cipher Block Chaining (CBC): each block of unencrypted text is XORed with block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. CBC implements an IV and XORs it with the first block of the message.
  3. Output Feedback Mode (OFB):
    OFB is an AES block cipher mode similar to the CFB mode. What mainly differs from CFB is that the OFB mode relies on XOR-ing plaintext and ciphertext blocks with expanded versions of the initialization vector.
  4. Counter (CTR) mode: uses a stream cipher similar to OFB and CFB modes. It uses a simple counter that increments for each operation
    5: Cipher Feedback Mode (CFB):Operates against data produced in real time. It uses memory buffers of the same block size. As buffer is full it is encrypted and sent out to recipients. It uses Initializing vector (IV) and chaining
47
Q

List some Symmetric Cryptosystems

A

DTIBS

  1. Data Encryption Standard (DES)
  2. Triple DES (3DES)
  3. International Data Encryption Algorithm
  4. Blowfish
  5. Skipjack
  6. Advanced Encryption Standard (AES)
48
Q

Explain 3DES

A

There are 4 versions of 3DES.

  1. DES-EEE3: Encrypts plaintext 3 times using 3 different keys. i.e. E(K1, E(K2, E(K3,P))). It has an effective key length of 168 bits.
  2. DES-EDE3: It uses 3 keys but replaces the second operation with a decryption operation. i.e. E(K1,D(K2,E(K3,P))) It has an effective key length of 168 bits.
  3. DES-EEE2: This uses only 2 keys. i.e. E(K1,E(K2,E(K1,P))). Uses 112 bits effective key lengths.
  4. DES-EDE2: This uses 2 keys and it uses one decryption key. i.e. E(K1,D(K2,E(K1,P))). Uses 112 bits effective key lengths.
49
Q

Explain IDEA

A

International Data Encryption Algorithm (IDEA) begins its operation with 128bit keys. This is broken up in a series of operations into 52 16bits subkeys.

IDEA is capable of operating in 5modes like DES and they are CTR,OFB,CFB,ECB,CBC. e.g. PGP

50
Q

Explain Blowfish

A

Blowfish cipher operates on 64 bits blocks of text. It uses variable key lengths from 32bits to 448 bits.

Blowfish’s algorithm is faster than DES and IDEA, it is built into commercial systems and algorithms.

51
Q

Explain Skipjack

A

Skipjack was approved for used by the US government FIPS 187 and Escrowed Encryption Service (EEE)

It is a block cipher that operates on 64 bit blocks of text with 80bit key size

For Key escrow, NIST and Dept. of Treasury hold a portion of the hold a portion of the information needed to reconstruct the Skipjack key.

Skipjack and Clipper are not embraced widely because of their links to the US government.

52
Q

Explain Rivest Cipher 5 (RC5)

A

This is a symmetric Algorithm patented by Rivest-Shamir-Andleman (RSA).

RC5 is a block cipher of variable block sizes 32, 64, or 128 bits. It uses key sizes between 0 and 2040bits. It is subject to brute force attacks.

53
Q

Explain Advanced Encryption Standard (AES)

A

AES allows processing of 128 bit blocks. AES ciphers allows 128, 192 and 256 bits blocks.

54
Q

Explain Twofish

A

Two operates on 128 bit blocks. It uses cryptographic of up to 256 bit lengths.

It uses 2 techniques:

Pre-whitening: XORing plaintext with with separate subkey before first round of encryption

Post-whitening: uses similar operation after 16th round of encryption.

55
Q

a

A

a

56
Q

b

A

b

57
Q

c

A

c

58
Q

d

A

d

59
Q

e

A

e

60
Q

List 3 main ways to exchange secret keys (symmetric)

A
  1. Offline distribution
  2. Diffie Hellman key exchange algorithm
  3. Public key encryption
61
Q

What is Secure RPC

A

Secure RPC uses Diffie Hellman for key exchange