CISSP Cryptography - Domain 5 Flashcards

Question 1

Q

Question 2

Q

Cryptography goals - Confidentiality

Answer

A

Unauthorized parties cannot access information.

Question 3

Q

Cryptography goals - Authenticity

Answer

A

Validating the source of the message to ensure the sender is properly identified.

Question 4

Q

Cryptography goals - Integrity

Answer

A

Assurance that the message was not modified during transmission, accidentally or intentionally.

Question 5

Q

Cryptography goals - Non-repudiation

Answer

A

A sender cannot deny sending the message at a later date.

Question 6

Q

Binary operations and Key components -Key

Answer

A

Just a string of bits: 1. May be a single large number or group of numbers. 2. Possible length 2N.

Question 7

Q

Binary operations and Key components - Plain text

Answer

A

Digital representation of data - ASCII, MS Word, Excel, Email, etc.

Question 8

Q

Binary operations and Key components - Encryption and Decryption operations

Answer

A

Bit-wise operations-XOR, shift left/right, substitutions or permeations. 2. Mod N arithmetic using numerical values - add, sub, mult, div, raise to the power.

Question 9

Q

Keyspace

Answer

A

Range of possible values that can be used to construct a key. 2. The larger the keycap, the more possible key values, and the more random the whole process, which increases the cryptosystem’s strength.

Question 10

Q

Symmetric Keyspace

Answer

A

For a small 16-bit key, the key is 2 to the power of 16 or 65536 keys. 2. For DES (56 bits) it is 2 to the power of 56 or 72 quadrillion keys.

Question 11

Q

Strength of a Cryptosystem

Answer

A

Algorithm, secrecy of key, length of key. 2. Strength of the protection mechanism should be used in correlation to the sensitivity of the data being encrypted. 3. Even if the algorithm is very complex and thorough, there are other issues within encryption that can weaken the strength of encryption methods.

Question 12

Q

Symmetric Ciphers (Algorithms)

Answer

A

Stream Ciphers - Exclusive OR (XOR). 2. Block Ciphers - a. Substitution ciphers - replacing one value for another b. Transposition/permutation ciphers - change in relative position.

Question 13

Q

Asymmetric Ciphers

Answer

A

Public Key Cryptography - public/private key pairs.

Question 14

Q

Cryptosystem solutions

Answer

A

Confusion - hiding patterns in the plaintext by substitution. 2. Diffusion - transposing the plain text through cipher text. 3. Avalanche - a change in one bit of the plaintext causes a change in half the resultant ciphertext.

Question 15

Q

History of Cryptography - Hieroglyphics

Answer

A

2000 B.C.. 2. First known cryptographic method. 3. Not really for secrecy. 4. Use of “non-standard” hierglyphics.

Question 16

Q

History of Cryptography - Scythe Cipher

Answer

A

Spartans wrapped papyrus around a rod to encrypt and decrypt a message: 1. 400 B.C. 2. Used to convey military directives.

Question 17

Q

History of Cryptography - Substitution Cipher

Answer

A

One character is replaced with another. 2. When only one set of characters is used for substitution it is a mono-alphabetic algorithm. 3. Caesar also used a similar algorithm that sifted characters three places.

Question 18

Q

History of Cryptography - Vigenere Cipher (Polyalphabetic)

Answer

A

Vigenere Cipher - proposed by Blaise de Vigenere from the court of Henry III of France in the 16th century. 2. Polyalphabetic is using two or more cipher alphabets.

Question 19

Q

History of Cryptography - Cryptography in War

Answer

A

Enigma: 1. Used in WWII to encrypt telegraphic comms. 2. Rotor cipher machine that used polyalphabetic substitution. 3. Key was the orignal setting of the rotors and the sequence of advancement for each rotor. 4. Individual rotors are connected in a bank. 5. Character entered and substituted by each rotor for encryption.

Question 20

Q

Cryptography Definitions - Cryptography

Answer

A

Science of hiding meaning in communications.

Question 21

Q

Cryptography Definitions - Cryptanalysis

Answer

A

Science of studying and breaking the secrecy of encryption algorithms and their necessary pieces.

Question 22

Q

Cryptography Definitions - Cryptosystem

Answer

A

Mechanism that carries out the encryption process.

Question 23

Q

Cryptography Definitions - Work Factor

Answer

A

The amount of time and resources needed to overcome protective measures of a crypto system: “breaking” is decreasing the work factor to a reasonable level.

Question 24

Q

Cryptography Definitions - Cryptographic Algorithm (Cipher)

Answer

A

Procedure to encrypt plaintext into ciphertext and vice versa.

Question 25

Q

Cryptography Definitions - Cryptovariable (key)

Answer

A

A variable used in conjunction with an algorithm to encrypt and decrypt data.

Question 26

Q

Cryptography Definitions - Key Space

Answer

A

The range of available key values to be used by an algorithm..

Question 27

Q

Encryption

Answer

A

The process of turning plain text into ciphertext.

Question 28

Q

Decryption

Answer

A

The process of turning cipher text into plain text.

Question 29

Q

Encryption/Decryption process requires:

Answer

A

An algorithm. 2 A key.

Question 30

Q

Two types of encryption operations:

Answer

A

Symmetric and 2. Asymmetric.

Question 31

Q

Cryptography Definitions - Vernam Cipher (aka One-time pad)

Answer

A

Devised by Vernam in 1917 - uses a one-time random “pad” that is at least as long as the message to be encrypted. 1. One-time pads are used in pairs - a. one copy is used by sender and the other is used by the recipient b. should only be used once.

Question 32

Q

Binary Mathematics - Exclusive OR

Answer

A

Binary mathematical operation that is applied to two bits. 2. Two rules; a. If both bits are the same, the result is zero -or- b. if both bits are different the result is one. 3. Logical “either/or”: a. output is true if either, but not both inputs, are true. b. output is false, if both inputs are false or bot inputs are true.

Question 33

Q

Running Key Cipher aka Book Cipher

Answer

A

Uses a key that does not require an electronic algorithm and bit alterations, but clever steps in the physical world. 2. Book number, page number, line number, and word number. 3. Example - 3rd book, page 112, line 4, 6th word is “informative”.

Question 34

Q

Symmetric Stream Cipher

Answer

A

Can be much faster than a block cipher. 2. Operates on smaller units of plaintext, while block ciphers work on much larger. 3. More suited for hardware implementation than a block cipher.

Question 35

Q

Strength of a stream cipher depends on:

Answer

A

Long periods of no repeating patterns within key stream values. 2. Statistically unpredictable. 3. The key stream is not linearly related to the key. 4. Statistically unbiased key stream ( as many 0’s as 1’s). 5. Used for secure wireless communications: RC4 cipher (WEP and WPA) Bluetooth “E0” cipher.

Question 36

Q

Symmetric Block Cipher

Answer

A

Message is divided into blocks and put through mathematical functions called Substitution Boxes (S-Boxes). 2. Algorithm dictates all possible functions, and the key determines which of these possibilities will be used and in what order. 3. Each function performs a different mathematical operation. 4. Cipher should contain confusion and diffusion.

Question 37

Q

Clipper Chip

Answer

A

Protects private communications. 2. Agents can obtain the “keys” upon “legal authorization”. 3. Keys are held by two government “escrow agents”. 4. Developed by NSA. 5. Skipjack algorithm was classified as secret. 6. Precluded any public scrutiny. 7. 80 bit key. 8. 16 bit checksum. 9. Several deficiencies. 10. Mainly a backdoor into your private data. 11. Started in ’93. Dead in ’96.

Question 38

Q

Data Encryption Standard (DES)

Answer

A

IBM submitted Lucifer algorithm for the NSA DES standard in 1974. 2. Original Lucifer algorithm used 48 to 128 bit keys and NSA implemented the 64-bit key-56 bits for the key and 8 for parity. 3. Lucifer was altered and called Data Encryption Algorithm (DEA).

Question 39

Q

Data Encryption Standard (DES) Technical

Answer

A

Block symmetric Algorithm. 2. Blocks of 64 bits are put through 16 rounds of transposition and substitution functions - order and type of functions is dictated by the key value. 3. For GOV agencies. 4. Double DES. 5. Triple DES.

Question 40

Q

Modes of Block Cipher - Electronic Code Book (ECB)

Answer

A

Same cypher text is always produced for the same plaintext. 2. Easier to identify patterns. 3. It is best used on small amounts of data. 4. Each key indicates a different code book. 5. Uses MAC for integrity and authentication. DES has 5 modes.

Question 41

Q

Modes of Block Cipher - Cipher block chaining (CBC)

Answer

A

Encryption is dependent on values from the previously encrypted block. 2. First block will be XORed against the IV as no previous cipher text exist for the first block. 3. Each block of encrypted cipher text is XOR’ed with the next plaintext block to be encrypted.

Question 42

Q

Modes of Block Cipher - Cipher Feedback mode (CFB)

Answer

A

Previous cipher text is used to encrypt the next block of data. 2. Often used to encrypt individual characters (terminals).

Question 43

Q

Modes of Block Cipher - Output Feedback Mode (OFB)

Answer

A

The entire output of the previous blocks calculation is used as input for the next block’s encryption. 2. Often used to encrypt satellite comms.

Question 44

Q

Modes of Block Cipher - Counter Mode (CTR)

Answer

A

Similar to OFB, but IV’s are successive values of a “counter”. 2. CTR mode is well suited to operation on a multiprocessor machine because the encryption of each block can be performed in parallel. 3. Note the the nonce in this graph is the same thing as the IV in other graphs and is concatenated, added, or XORed with the counter value.

Question 45

Q

Triple DES

Answer

A

As processing power increased DES was “broken”. 2. Encrypts messages 3 times with multiple keys: a.DES-EEE3 uses three keys for encryption b. DES-EDE3 uses 3 keys, encrypt decrypt, encrypt. c. DES-EEE2 or EDE2 are the same as EDE3 but first and third operation use the same key. 3. Performance hit.

Question 46

Q

Advanced Encrypted Standard

Answer

A

Rijndael Algorithm. 2. U.S. Official standard for sensitive but unclassified data encryption. 3. Block Symmetric encryption algorithm. 4. Key sizes of 128, 192 and 256.

Question 47

Q

Public Key Ciphers

Answer

A

Diffie-Helman. 2. RSA. 3. ECC 4. El Gamal 5. DSA.

Question 48

Q

Asymmetric Algorithms - RSA

Answer

A

Developed by Rivest, Shamir, and Adleman. 2. Digital Signatures, Key Distribution Encryption. 3. Difficulty of factoring large prime numbers*. 4. Key sizes: 512, 1024, 2048, 4096, 8192.

Question 49

Q

Asymmetric Algorithms - El Gamal

Answer

A

Digital Signatures, encryption, and key exchange. 2. Based on calculation discreet logarithms in a finite field.

Question 50

Q

Asymmetric Algorithms - Elliptic Curve Cryptography

Answer

A

Digital Signatures, encryption, and key distribution. 2. More efficient than other assym algorithms.

Question 51

Q

Public Key Cryptography Advantages

Answer

A

Allows parties to communicate securely without previously sharing secret information. 2. Scales well- 1 user 2 keys. 3. Enables digital signatures.

Question 52

Q

Public Key Cryptography DisAdvantages

Answer

A

Very slow compared to symmetric cryptography. 2. Size of encrypted data limited by performance considerations. 3. Asymmetric Algorithms: Diffie-Hellman, RSA, ECC, El Gamal, DSA.

Question 53

Q

Symmetric vs Asym Key Systems - Keys

Answer

A

Sym-One key is shared between two or more entities Asym-One entity has a public key and the other has a private key

Question 54

Q

Symmetric vs Asym Key Systems - Key Exchange

Answer

A

Sym-Out-of-band Asym-Symmetric key is encrypted and sent with message;thus, the key is distributed by in-band methods.

Question 55

Q

Symmetric vs Asym Key Systems - Speed

Answer

A

Sym-Algorithm is less complex and faster Asym-Algorith is more complex and slower.

Question 56

Q

Symmetric vs Asym Key Systems - Number of Keys

Answer

A

Sym-Grows as number of users grow Asym-Does not grow exponentially.

Question 57

Q

Symmetric vs Asym Key Systems - Speed

Answer

A

Sym - Algorith is less complex and faster. Asm-Algorithm is more complex and slower.

Question 58

Q

Symmetric vs Asym Key Systems - Use

Answer

A

Sym-Bulk encryption Asm-Key encryption and distributing keys

Question 59

Q

Symmetric vs Asym Key Systems - Security Service Provided

Answer

A

Sym-Confidentiality ASym-Confidentiality, authentication and non-repudiation

Question 60

Q

Addressing Cryptographic Weakness

Answer

A

Solution to symmetric and public key-combine both techniques in a hybrid approach. 2. Sym Algorithms-a. sym is used to encrypt the bulk of the data usng a session key. b. session keys are randomly generated. 3. Asym Algorithms-a. asylum provides the public and private keys to each party b. recipients public key is used to encrypt the session key to be transmitted with the encrypted message.

Question 61

Q

Data Integrity - Hashing Alogorithms

Answer

A

MD2, 4, 5-128 bit digest (5 Rivest-RFC 1321) 2. SHA-1 160 bit digest - NIST also 256, 384 and 512. 3. HAVAL - variation of MD5 (variable length digest). 4. Other hash’s: RIPEMD, Tiger, WHIRLPOOL

Question 62

Q

Secret Key Authentication

Answer

A

The message is concatenated with the secret key and the hash function is applied to this concatenation called MAC (Message Authentication Code). 1. Waek 2. Receiver computes own MAC to verify. 3. MAC can be based on DES-CBC mode. 4,. Symmetric key is required. 5. Does not provide non-repudiation.

Question 63

Q

Quantum Cryptography

Answer

A

Set of protocols, systems, and procedures that can be used to create and distribute secret keys. 2. Secret keys can be used in traditional crypto systems. 3. It is not used encryption, transferring encrypted data, or to store encrypted data. 4. Allow secure key exchange with complete security. 5. Solve the key exchange problem. 6. It can detect an attacker trying to gain knowledge of the keys exchanged. 7. It is called Quantum Key Cryptography.

Question 64

Q

Protocols Exchanging Keys

Answer

A

A key exchange protocol uses a series of steps to agree upon a shared secret key. 2. This does not require a previous relationship between the two parties. 3. Key exchange can be done in a secure manner. 4. Diffie-Hellman - first sym algorithm. (Agreeing upon a secret key.)

Answer 64

A

First asym protocol. 2. Allow users to agree on sum key over nonsecure medium. 3. Does not provide data encryption or digital signatures. 4. Security based on calculating discrete logarithms in a finite field. 5. Vulnerable to MITM attacks.

Answer 65

A

Secret sym key used to encrypt messages. 2. Only good for one session then destroyed. If same key is used again could be compromised.

Answer 66

A

A copy is encrypted with the public key of a pair for recovery. 2. Copy kept somewhere secure and decrypted when needed. 3. Private key can be broken down into several pieces and given to different people in the company.

Answer 67

A

Administrator configures each system with keying material and security association information.

Answer 68

A

Negotiation of service is automatic. 2. Hybrid of Internet Security Association and Key Managment Protocol (ISAKMP) and Oakley key exchange-a. phase one: IKE peers establish a secure, authenticated channel so that the IPsec negotiation can take place. b. phase 2: SA’s are negotiated for keying material and parameter negotiation.

Answer 69

A

The TPM offers facilities for the secure generation of cryptographic keys and limitations of their use in addition to a hardware pseudo-random number generator. It includes capabilities such as remote attestation and sealed storage.

Answer 70

A

Software can use a TPM to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. It can be used to verify that a system seeking access is the expected system.

Answer 71

A

Authentication tool used to verify sender of message. 2. Message digest is created - input into a digital signature algorithm. 3. Encrypting a hash value with a private key performs signing. 4. Public key verifies signature.

Answer 72

A

Developed by NIST for digital signatures to be used within GOV facilities-SHA used for message digest-integrity. 2. Digital Signature Algorithm (DSA) to sign message digest - auth and non-repudiation. 3. Private key is used for signing, and public key is used for signature verification. 4. DSS can now use DSA, RSA, and ECDSA (ECDSA-elliptic curve digital signature algorithm - used with SHA-1).

Answer 73

A

Some government documentation requires more secure digital signatures. 2. NIST and NSA developed SHA to be used in their DSS. 3. SHA computes a 160-bit hash value, which is then inout into the DSA.

Answer 74

A

If the cryptographic algorithm is strong, the only way of deafening it is through brute force. 2. The attacker attempts all possible combinations of a given keycap to derive the key. 3. Most systems are created so that even identifying half of the possibilities is impossible with todays processing power.

Answer 75

A

Calculating the frequency characteristics in a particular language helps to break substitution and transposition crypto systems. 2. Common pattern of messages, sentences, words, and characters helps attackers calculate plaintext from ciphertext.

Answer 76

A

How many people must be in the room to have the same birthday as you? 253. 2. How many people must be in the room to have the same birthday? 23.

Answer 77

A

Captured cipher text only. 2. Most common attack.

Answer 78

A

Captured ciphertext and plaintext.

Answer 79

A

Captured ciphertext and plaintext and can choose what plain text gets encrypted. 2. Attacker sends a message they think the victim will encrypt and send out to others.

Answer 80

A

Attacker can choose the ciphertext to be decrypted and has access to the resulting decrypting plain text.

Answer 81

A

Attacker obtains a set of credentials and sends them to an authentication service - capture username, password, token, ticket. 2. Timestamps and sequence numbers are used to protect against this attack.

Answer 82

A

Attacker injects itself between two users and reds messages going back and forth or manipulates the message. 2. Sequence numbers and digital signatures are used as countermeasures to this attack.

Answer 83

A

An attack designed to compose algorithms that use multiple keys, such as 3DES.

Answer 84

A

Payload, headers, and trailers are encrypted-all data along comm path (T1). 2. Usully provided by service providers. 3. Each hop has to decrypt headers - if a node is compromised, all traffic going through that node can be comprimised.

Answer 85

A

Only payload is encrypted. 2. Headers and trailers are not encrypted. 3. Hops do not need to decrypt headers.

Answer 86

A

Client initiates connection to server. 2. Server sends client the servers cert. 3. Client checks to see if signing CA is in trusted list in browser. 4. Client commutes hash of cert and compares message digest of cert by decrypting with CA’s public key (CA signed the certificate). 5. Client checks validity dates in certificate. 6. Client wil check URL in certificate compared to the URL it is communicating. 7. Client extracts servers public key for certificate. 8. Client createds a session key (symmetric). 9. Client encrypts session key with servers pubic key and sends it over. 10 Server decrypts with private key.

Answer 87

A

Domain Name Service Security (DNSSEC). 2. DNS Server distributes public keys. 2. Secure distributed name services.

Answer 88

A

Generic Security Services API. 2. Key exchange, generic authentication, provides encryption interface for different authentication methods and systems.

Answer 89

A

Secure Remote Procedure Call for computer to computer communications. 2. Security protocol that uses DES to encrypt messages. 3. Uses Diffe-Hellman to create key pair.

Answer 90

A

Secure terminal sessions. 2. Functions like a tunneling protocol. 3. Provides terminal like access to remote systems. 4. Should be used instead of telnet, UNIX r-utilities.

Answer 91

A

Framework of open standards for ensuring secure communications over IP networks. 2. Network layer security. 3. Security between two nodes instead of two applications, as seen in SSL. 4. Uses public key cryptography. 6. Transport mode-payload is protected. 7. Tunnel mode - entire packet is protected..8. Can provide host to host, host to subnet and subnet to subnet links.

Answer 92

A

Security Association (SA) defines parameters for one specific active connection.* 2. Security Parameter Index (SPI) - points to the correct SA. 3. SPI holds SA information and is put into header so both sides know what parameters to use to communicate.

Answer 93

A

Computes an Integrity Check Value (ICV) over entire IP packet except header field value that might change: a. integrity through ICV b. data origin through MAC. c. Relay protection through sequence numbers.

Answer 94

A

Similar function to AH but adds encryption - adds confidentiality service.

Answer 95

A

Actual format depends on type of encryption and mode being used. 2. Encryption algorithms (3DES, RC5, IDEA, CAST, Blowfish, and AES). 3. Transport mode - protects upper protocols, but not IP header. 4. Tunnel mode - All of packet including IP heders protected - new IP header made.

Answer 96

A

Developed by Visa and Mastercard to allow for more secure monetary transactions over the Internt. 2. Cryptographic protocol that encrypts and sends credit card numbers over the Internet. 3. Uses public key crypto. 4. Protects payment cards and cardholders data. 5. Was developed to replace SSL, but adoption has been slow. 6. Confidentiality through DES. Digital signatures through RSA.

Answer 97

A

Internet email standard. 2. Framework that will allow different algorithms to be plugged in.

Answer 98

A

Military’s PEM. 2. Developed by NSA to provide secure email xchange.

Answer 99

A

Free email security program. 2. Developed by Phil Zimmerman. 3. Uses pass phrases instead of pass words. 4. Web of trust instead of hierarchy of CA’s. 5. Keys are kept in a key ring file.

Answer 100

A

Secure multipurpose Internet Mail Extension. 2. Application layer protocol. 3. Standard for encrypting and digitally signing email containing attachments. 4. Developed to countermeasure message interception and forgery. 5. Provides data integrity, confidentiality, and authentication.

Answer 101

A

Protects each message - not communication channel.

Answer 102

A

HTTP plus SSL - protects entire communications channel.

Answer 103

A

Developed by Netscape. 2. Uses public key cryptography to protect communications channel. 3. Server authenticates to client, optionally client can authenticate to server. 4. Used for WWW comms. 5. Works at transport layer.

Answer 104

A

Systems can generate their own kept pairs and exchange them. 2. If a public key is stored in a base a hacker can swap it out with theirs and sign and encrypt with hi private key masquerading as the original person. 3. Need a trusted third party to vouch for the identity of the owner of the public key.

Answer 105

A

CA 2. RA. 3 Certifcate repository 4. Certificate Revocation System 5. Key backup and recovery 6. Automatic key update 7. Management of key history 8. Time Stamping 8. Client side software

Answer 106

A

Confidentiality 2. Access Control 3. Integrity 4. Authentication 5. Non-repudiation

Answer 107

A

X.509 Rev. 3

Answer 108

A

CA delegates authority to subsidiary CA’s 2. Root CA - 3. Sub CA

Answer 109

A

Initiates all trust paths 2. All certificate holders and relying parties are given self signed root CA certs 3. Verisign Entrust

Answer 110

A

Does not begin trust path. 2. May have Sub CA’s to issue certs to.

Answer 111

A

Two PKI’s are established between organizations. 2. Nonhierarchical trust path-mutual trust. 3. Develop a cross certification agreement.

Answer 112

A

Storage of certificates. 2. No required directory standard. Notes vs MS. X.500 and stored with other network data. 3. Clients can locate and access directories via LDAP.

Answer 113

A

CRL is a signed data structure containing a time-stamp list of revoked certificates 2. If a cert has been revoked it will be listed in the CRL . 3. When a users identity is verified through a CA, the CRL is checked to make sure it is valid.

Answer 114

A

A certain level of trust is required to complete transactions reliably.

Answer 115

A

The CA 2. The steps the CA goes through to identify the individual. 3. Use of the digital cert. 4. Protection and security of private keys.

Answer 116

A

True letters are hidden or disguised by device or algorithm.

Answer 117

A

Hiding the very existence of data within another message or media. 2. Digital watermark to detect illegal copies of digital images. 3. No algorithm or key; just placing data in a place where people would not look.

Brainscape's Knowledge GenomeTM

CISSP Cryptography - Domain 5 Flashcards

Brainscape's Knowledge Genome^TM