Chapter 7 - PKI And Cryptographic Applications Flashcards

1
Q

Hash Algorithm memorization Chart

A

Name Hash value length
HAVAL 128, 160, 192, 224, and 256 bits
HMAC Variable
MD2/4/5 128
Secure Hash Algorithm (SHA-1) 160
SHA-224. 224
SHA-256. 256
SHA-384. 384
SHA-512. 512

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

4 simple rules of public key cryptography and digital signatures

A
  • If you want to encrypt a message, use the recipient’s public key.
  • If you want to decrypt a message sent to you, use your private key.
  • If you want to digitally sign a message you are sending to someone else, use your private key.
  • If you want to verify the signature on a message sent by someone else, use sender’s public key.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Link encryption vs End-to-end encryption

A

The critical differences between link and end-to -end encryption is that in link encryption, all the data, including the header, trailer, address, and routing data is also encrypted. Therefore, each packet has to be decrypted at each hop so it can be properly routed to next hop and then re-encrypted before it can be sent sling its way.

When encryption happens at higher OSI layers, it is usually end-to-end encryption,and if encryption is done at the lower layers of OSI model, it usually link encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AH vs ESP

A

AH: provides assurances of message integrity and non repudiation. AH also provides authentication and access control and prevents replay attacks.

ESP: provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

4 basic requirement for ISAKMP

A
  • Authenticate communicating peers
  • Create and manage security associations
  • Provide key generation mechanism
  • Protect against threats (for example, replay and denial-of-service attacks)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Disadvantage of WPA

A

WPA does not provide an end-to-end security solution. It encrypts traffic only between a mobile computer and the nearest wireless access point. Once traffic hits the wired network, it’s in the clear again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Link encryption vs End-to-end encryption

A

The critical differences between link and end-to -end encryption is that in link encryption, all the data, including the header, trailer, address, and routing data is also encrypted. Therefore, each packet has to be decrypted at each hop so it can be properly routed to next hop and then re-encrypted before it can be sent sling its way.

When encryption happens at higher OSI layers, it is usually end-to-end encryption,and if encryption is done at the lower layers of OSI model, it usually link encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AH vs ESP

A

AH: provides assurances of message integrity and non repudiation. AH also provides authentication and access control and prevents replay attacks.

ESP: provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4 basic requirement for ISAKMP

A
  • Authenticate communicating peers
  • Create and manage security associations
  • Provide key generation mechanism
  • Protect against threats (for example, replay and denial-of-service attacks)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Disadvantage of WPA

A

WPA does not provide an end-to-end security solution. It encrypts traffic only between a mobile computer and the nearest wireless access point. Once traffic hits the wired network, it’s in the clear again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which cryptographic algorithm forms the basis of the EI Gamal cryptosystems?

A

The EI Gamal cryptosystems extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The disadvantage of EI Gamal

A

It doubles the length of any messages it encrypts. Therefore, a 2048 bit plain text message would yield a 4096 bit cipher text message when EI Gamal is used for the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Benefit of elliptic curve cryptosystems

A

It requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024 bit RSA key is cryptographically equivalent to a 160- bit elliptic curve cryptosystems key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Approved standard encryption algorithms

A

DSA
RSA
ELliptic Curve DSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

meet in the middle attack

A

Meet in the middle defects encryption algorithms that use two rounds of encryption. This attack is the reason that double DES was quickly discarded as a viable enhancement to the DES encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does The “Infrastructure “ of PKI methodology ensures?

A

The recipient’s identity can be positively verified by the sender because only the recipient with the proper matching key will be able to decrypt the message and get access.

Through the use of Public Key Infrastructure (PKI) the recipient’s identity can be positively verified by the sender.

The sender of the message knows he’s using a Public Key that belongs to a specific user. He can validate through the Certification Authority (CA) that a public key is in fact the valid public key of the receiver and the receiver is really who he claims to be. By using the public key of the recipient, only the recipient using the matching private key will be able to decrypt the message. When you wish to achieve confidentiality, you encrypt the message with the recipient public key.

If the sender would wish to prove to the recipient that he is really who he claims to be then the sender would apply a digital signature on the message before encrypting it with the public key of the receiver. This would provide Confidentiality and Authenticity of the message.

A PKI (Public Key Infrastructure) enables users of an insecure public network, such as the Internet, to securely and privately exchange data through the use of public key-pairs that are obtained and shared through a trusted authority, usually referred to as a Certificate Authority.

The PKI provides for digital certificates that can vouch for the identity of individuals or organizations, and for directory services that can store, and when necessary, revoke those digital certificates. A PKI is the underlying technology that addresses the issue of trust in a normally untrusted environment.

17
Q

A Ticket Granting Service is a part of kerberos and not PKI.

A

A Ticket Granting Service is a part of kerberos and not PKI.

18
Q

Explains how digital signature works?

A

The digital signature is used to achieve integrity, authenticity and non-repudiation. In a digital signature, the sender’s private key is used to encrypt the message digest of the message. Encrypting the message digest is the act of Signing the message. The receiver will use the matching public key of the sender to decrypt the Digital Signature using the sender’s public key.

A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures cannot be forged by someone else who does not possess the private key, it can also be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real and has not been modified since the day it was issued.

19
Q

Which of the following services is NOT provided by the digital signature standard (DSS)?

A

DSS provides Integrity, digital signature and Authentication, but does not provide Encryption.

20
Q

What does NOT concern itself with key management?

A

Cryptology is the science that includes both cryptography and cryptanalysis and is not directly concerned with key management.

Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.

21
Q

Differences between ciphertext-only attack, known-plaintext attack, and chosen-cipher text attack

A

In a ciphertext-only attack, the attacker has the ciphertext of several messages encrypted with the same encryption algorithm. Its goal is to discover the plaintext of the messages by figuring out the key used in the encryption process. In a known-plaintext attack, the attacker has the plaintext and the ciphertext of one or more messages. In a chosen-ciphertext attack, the attacker can chose the ciphertext to be decrypted and has access to the resulting plaintext.

22
Q

message can be encrypted and digitally signed, which provides _______________

A

The correct answer is: Confidentiality, Authentication, Non-repudiation, and Integrity.

For the purpose of the exam, one needs to be very clear on all the available choices within cryptography, because different steps and algorithms provide different types of security services:

A message can be encrypted, which provides confidentiality.
A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
A message can be hashed, which provides integrity.
A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity.

23
Q

Digital Envelope

A

A Digital Envelope is used to send encrypted information using symmetric keys, and the relevant session key along with it. It is a secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.

24
Q

PKI components

A

A public key infrastructure consists of:

1) A certificate authority (CA) that issues and verifies digital certificate.
2) A certificate includes the public key or information about the public key
3) A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requester
4) A Subscriber is the end user who wish to get digital certificate from certificate authority.

25
Q

Digital signature

A

Digital signatures provide authentication and integrity, which forms nonrepudiation. They do not provide confidentiality: the plaintext remains unencrypted.

26
Q

most secure form of triple-DES encryption

A

Triple DES with three distinct keys is the most secure form of triple-DES encryption. It can either be DES-EEE3 (encrypt-encrypt-encrypt) or DES-EDE3 (encrypt-decrypt-encrypt). DES-EDE1 is not defined and would mean using a single key to encrypt, decrypt and encrypt again, equivalent to single DES. DES-EEE4 is not defined and DES-EDE2 uses only 2 keys (encrypt with first key, decrypt with second key, encrypt with first key again).

27
Q

What can use RC4 for encryption?

A

SSL can use a wide variety of key algorithms including RC4, RC2, DES, 3DES, Idea, Fortezza, AES and others.

WEP uses the RC4 encryption algorithm

28
Q

What is the size of the key that was used in the Clipper Chip?

A

80 bits