Chapter 9: Cryptography and Symmetric Key Algorithms Flashcards
What are the goals of cryptography?
Confidentiality, integrity, authentication, and nonrepudiation.
What is the purpose of confidentiality?
It insures that data remains private while at rest or in transit.
What is the purpose of integrity?
It ensures that data is not altered without authorization.
What is the purpose of authentication?
It verifies that the claimed identity of system users is accurate.
What is the purpose of nonrepudiation?
It provides assurance t the recipient that a message was actually originated by the sender and not by someone masquerading as them.
What is “key space”?
The range of values that are valid as a key for a specific algorithm.
What is the Kerchoff Principle?
The principle that a cryptographic system should be secure even if everything is known about the system except the key.
What is a private key cryptosystem?
One in which all participants use a shared secret key.
What is a public key cryptosystem?
Each participant has their own pair of keys.
What is a cryptovariable?
Another name for a key.
What is cryptography?
The art and practice of implementing secret codes and cyphers.
What does FIPS 140-2 define?
Hardware and software requirements for cryptographic modules that the government uses.
What defines hardware and software requirements for cryptographic modules for government use?
FIPS 140-2
What is boolean mathematics?
The definition of rules for bits and bytes that form the nervous system of a computer. AND, OR, NOT, XOR, etc.
What is a one way function?
A mathematical operation that easily produces output values for each possible combination of inputs, but makes it impossible to retrieve the input values.
What kind of function are all public key cryptosystems based on?
A one way function.
What is a nonce?
A random number that acts as a placeholder in mathematical functions. A “number used once”.
What is a zero-knowledge proof?
A proof that shows that a party has a particular piece of information without revealing that piece of information.
What is split knowledge?
Separation of duties over two or more persons, such as giving n parts of a key to n people and requiring a certain number of them to work together to access an object.
What is a work function or work factor?
A measure of the effort or time required to circumvent a cryptographic system. It should be greater than the value of the asset to be effective.
What is a code?
A cryptographic system of symbols that represents words or phrases. Not usually intended to provide confidentiality. Example: the 10-system used by law enforcement.
What is a cipher?
Always intended to hide the meaning of a message. Generally alter or rearrange the bits of a message.
What is a transposition cipher?
An encryption algorithm that rearranges the leters of a plaintext message.
What is a substitution cipher?
An encryption algorithm that replaces each character of the plaintext with a different character.
What is a one-time pad?
A substitution cipher that uses a different substitution alphabet for each letter of the message.
What are the requirements for a one time pad?
It must be randomly generated
It must be physically protected against disclosure.
It must be used only once.
The key must be at least as long as the message.
What is a running key cipher?
An encryption key is chosen from something like a book beginning at a certain place in the text.
What is a block cipher?
A cipher that operates on a message in chunks, applying the algorithm to the entire chunk at once.
What is a stream cipher?
A cipher that operates on one character or bit of a message at a time.
Describe confusion and diffusion in cryptographic terms
Confusion occurs when the relationship betwen the plaintext and the key is so complicated that the attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key.
Diffusion occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.
How do modern cryptosystems work?
they use computationally complex algorithms and long cryptanalytic keys.
How should you select key length?
With consideration to the procesing power available to your adversaries now and in the future. If you want something to stay secret for 20 years, it has to be proof against the computing power that could be brought to bear agsint it over the next 20 years.
What is a symmetric key algorithm?
One that relies on a shared secret encryption key that all members of the communication must have.
What are the weaknesses of symmetric key algorithms?
Key distribution
No nonrepudiation
It’s not scalable unless each pair of users has their own shared key (and that’s ugly)
Keys have to be regenerated if any member of the group leaves
What is an asymmetric key algorithm?
AKA public key. Everyone has a public key, which can be publicly known, and a private key.
What are the strengths of asymmetric key algorithms?
Adding a user requires only generating one new public/private pair
It’s easy to remove a user (key revocation)
Key regeneration is only required if someone’s private key is compromised
Provides for integrity, authentication, and non-repudiation
Key distribution is easy
No need for preexisting communcation links.
What is the major weakness of public key crypto?
It’s slow.
How do you overcome the major weakness of public key crypto?
Use public key crypto to set up symmetric crypto, then do the heavy lifting with that.
What is a hashing algorithm?
A one way function that provides a difficult to forge signature
What are common hashing algorithms?
MD2, MD5, SHA-0, SHA-1, SHA-2, HMAC
What is the block size of DES?
64 bits
What is the key size of DES?
56 bits
What are the five modes of operation of DES?
Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR)
What is Electronic Code Book
Each block is simply encrypted with the key.
What is Cipher Block Chaining?
Each block of unencrypted text is XORed with the block of ciphertext preceding it before encryption. This mode propagates errors.
What is Cipher Feedback mode?
The streaming version of Cipher Block Chaining.
What is Output Feedback mode?
Instead of XORing with the prior encrypted text, we XOR with a seed value. Each subsequent block is XORed with the encrypted value of the prior seed. As a result, errors do not propagate.
What is Counter mode?
The seed value simply increments. Errors do not propagate.
What is Triple-DES?
An adapted version of DES that uses the same algorithm to produce a more secure encryption.
What is blowfish?
Developed by Bruce Schneier. 64-bit block cipher. Keys 32-448 bits. Faster than IDEA and DES. Free for public use.
What is Skipjack?
Approved for US government use by FPS 185. 64-bit block cipher. 80-bit key. Supports key escrow. Used in the Clipper and Capstone chips.
What is AES?
Advanced Encryption Standard. Rijndael. Key: 128, 192, or 256 bits. 128-bit key requires 10 rounds, 192-bit key requires 12, 256-bit requires 14.
What is the block size for AES?
128.
What are the four versions of 3DES?
DES-EEE3: simply encrypt the plaintext 3 times using three different keys
DES-EDE3: also uses three keys, but the second operation is a decrypt instead of encrypt
DES-EEE2: 3 encryption steps using 2 keys. The second and first encryption steps use the same key.
DES-EDE2: encrypt using K1, decrypt using K2, encrypt using K1.
What is IDEA?
International Data Encryption Algorithm.
64-bit block cipher
128-bit key, which is broken up into 52 16-bit keys
What is the key size for AES?
128, 192, or 256.
What is the block size for Rijndael?
Variable
What is the key size for Rijndael?
128, 192, or 256 (same as AES)
What is the block size for blowfish?
Variable.
What is the key size for blowfish?
1-448
What is the block size for DES?
64
What is the key size for DES?
56
What is the block size for IDEA?
64
What is the key size for IDEA?
128
What is IDEA used in?
PGP
What cipher is known for being used in PGP?
IDEA
What is the block size of RC2?
64
What is the key size for RC2?
128
What is the block size for RC4?
None, it’s a stream cipher.
What is the key size for RC4?
128
What is the block size for RC5?
32, 64, 128
What is the key size for RC5?
0-2,048
What is the block size for Skipjack?
64
What is the key size for Skipjack?
80
What is the block size for Triple DES (3DES)?
64
What is the key size for Triple DES (3DES)?
112 or 168
What is the block size for Twofish?
128
What is the key size for Twofish?
1-256
Describe offline key distribution.
Most technically simple mechanisms. Risks: mail can be intercepted, phone calls can be tapped, papers containing keys can be thrown away or lost.
Descfibe public key encryption key management
Use public key exchange to set up an encrypted session, than share a symmetric encryption key over that protected, but slower, link.
What are the recommendations for storage and destruction of symmetric keys?
Never store a key on the same system where encrypted data resides
For sensitive keys, consider giving half the key to different individuals. (aka split knowledge)
What are the major approaches to key escrow?
Fair cryptosystem: Secret keys are broken into n pieces and given to n independent third parties who provide the pieces when court-ordered to do so.
Escrowed encryption standard: Provides the government with a technical means to decrypt ciphertext.
Describe the cryptographic life cycle.
1) Specify cryptographic algorithms acceptible for use in the oganization
2) Identify acceptable key lengths based on the sensitivity of the information
3) Enumerate secure transaction protocols that may be used
