Chapter 7

Question 1

HSM (Hardware Security Module)

Answer 1

Provides security management for crypto keys and is used to provide crypto keys for activities such as encryption, decryption, and authentication.

Question 2

RADIUS (Remote Authentication Dial In User Service)

Answer 2

A remote server used for authenticating network users for WPA2-Enterprise wireless networks.

Question 3

Cryptography

Answer 3

The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.

Question 4

Cipher

Answer 4

A method used to scramble or obfuscate characters to hide their value

Question 5

Substitution Cipher

Answer 5

A type of coding or ciphering system that changes one character or symbol into another.

Question 6

Polyalphabetic Substitution Cipher

Answer 6

Using multiple alphabets as a substitution cipher for the same message

Question 7

Transposition Cipher

Answer 7

Transposing or scrambling the letters in a certain manner.

Question 8

Steganography

Answer 8

The art of using cryptographic techniques to embed secret messages withing another file.

Question 9

Nonrepudiation

Answer 9

Provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender.

Question 10

Symmetric Key Weaknesses

Answer 10

Key distribution
No nonrepudiation
Not scalable
Keys must be regenerated often

Question 11

Symmetric Key Algorithms

Answer 11

Use a shared secret key that is distributed to all members who participate in the communications.

Question 12

Asymmetric Key Algorithms

Answer 12

Each user has two keys: a public key, which is shared with all users, and a private key which is kept secret and known only to the owner of the keypair.

Question 13

Asymmetric Key Strengths

Answer 13

Addition of new users only require a generation of one public-private key pair.
Users can be easily removed.
Key regeneration is only necessary when private key is compromised.
Distribution is simple.
Ensures integrity, authentication, and nonrepudiation.
No preexisting communication link needs to exist.

Question 14

DES (Data Encryption Standard)

Answer 14

A proposed standard cryptosystem for all government communications.

Question 15

ECB (Electronic Cookbook) Mode

Answer 15

Each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key.

Question 16

CBC (Cipher Block Chaining) Mode

Answer 16

Each block of unencrypted text is combined with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm.

Question 17

CFB (Cipher Feedback) Mode

Answer 17

Uses CBC to encrypt data produced in real time.

Question 18

OBF (Output Feedback) Mode

Answer 18

Operates the same as CFB but instead of XOR’ing the encrypted version of the previous block of ciphertext, it XOR’s the plain text with a seed value.

Question 19

CTR (Counter) Mode

Answer 19

Instead of using a seed value for each encryption/decryption, it uses a simple counter that increments for each operation.

Question 20

Offline Distribution of Secret Keys

Answer 20

Involves the physical exchange of secret keys.

Question 21

Public Key Encryption

Answer 21

Involves the use of public key encryption between two parties to ensure authentication, once that is done an exchange of secret keys is done before switching back to the secret key algorithm.

Question 22

Diffie-Hellman

Answer 22

A secret key is calculated using randomly chosen values by two parties. Using the Diffie-Hellman Algorithm both parties will reach the same value which can then be used as the secret key.

Question 23

5 Requirements for Cryptographic Hash Function

Answer 23

Accept any input of length.
Produce an output of a fixed length, regardless of input length.
Hash value is relatively easy to compute.
The has function is one way.
The has function is collision free.

Question 24

SHA (Secure Hash Algorithm)

Answer 24

Government standard hash functions promoted by NIST (National Institute of Standards and Technology)

Question 25

Digital Signature System

Answer 25

Assure the recipient that the message truly came from the sender.
Assure the recipient that the message was not altered.

Question 26

HMAC (Hashed Message Authentication Code)

Answer 26

Implements a partial digital signature that guarantees the integrity but does not provide nonrepudiation.

Question 27

PKI (Public Key Infrastructure)

Answer 27

A system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity.

Question 28

Digital Certificates

Answer 28

Provide communicating parties with the assurance that the people they are communicating with are truly who they claim to be.

Question 29

CA (Certificate Authorities)

Answer 29

These organizations offer notarization services for digital certificates.

Question 30

RA (Registration Authorities)

Answer 30

Assist CA’s with verifying users’ identities prior to issuing digital certificates but do not issue the certificates themselves.