Cryptographic Tools

Question 1

a means to allow two parties, customarily called Alice and Bob, to establish confidential communication over an insecure channel that is subject to eavesdropping.

Answer 1

Encryption

Question 2

• Also called: single-key encryption
• Historically, the only type of encryption until public-key methods introduced in late 1970s
• Still, universally used for providing confidentiality for transmitted or stored data
• Basic idea: the same key is used by sender and receiver

Answer 2

Symmetric Encription

Question 3

• plaintext
• encryption algorithm
• secret key
• ciphertext
• decryption algorithm

These are the components of…

Answer 3

Symmetric Encription

Question 4

even if an opponent knows the algorithm and has the ciphertext, he/she cannot decipher the ciphertext or figure out the key.

Answer 4

Strong encryption algorithm

Question 5

1. Strong encryption algorithm
2. Sender and receiver have obtained copies of the same secret key in a
   secure manner

These are the requirements for secure use of …

Answer 5

Symmetric Encription

Question 6

• Attacker knows the algorithm
• Attacker has some knowledge of the general characteristics of the plaintext, or even some plaintext-ciphertext pairs
• Exploits the characteristics of the algorithm to attempt to recover the plaintext or deduce the key that was used
• If key deduced, effect is catastrophic: all past and future messages encrypted with that key are compromised

Answer 6

Cryptanalysis

Question 7

• Attacker tries all possible keys on some ciphertext until an intelligible translation into plaintext is obtained
• On average, half of all possible keys must be tried to achieve success

Answer 7

Brute-force attack

Question 8

• processes plaintext input in fixed-size blocks
• a long plaintext message is processed as a series of plaintext blocks
• for each plaintext block, produces a ciphertext block of the same size
• most important algorithms: DES, Triple DES, and AES

Answer 8

Block cipher

Question 9

Using the same key to encrypt each block in symmetric block ciphers is known as the ___ mode of operation

Answer 9

electronic codebook (ECB)

Question 10

• processes the input elements continuously
• produces output one element at a time
• uses a key stream generated pseudo-randomly from an input key
• good for streaming data over a communications channel or browser/Web link

Answer 10

Stream cipher

Question 11

generally runs faster than a block cipher

Answer 11

Stream cipher

Question 12

___ ciphers are better for file transfer, email, databases

Answer 12

block

Question 13

assures confidentiality in data exchange

Answer 13

Encryption

Question 14

___ assures data integrity
• contents have not been altered
• from authentic source
• timely and in correct sequence

Answer 14

Message/data authentication

Question 15

Message/data ___ can be performed either with or without encryption

Answer 15

authentication

Question 16

• one authentication technique
• uses a shared secret key and a ___ algorithm
• ___ is appended to message before transmission
• ___ is computed separately by recipient and compared with received ___

Answer 16

Message authentication code (MAC)

Question 17

Three most important types of block ciphers

Answer 17

DES, Triple DES, and AES

Question 18

Type of block cypher used to compute MAC

Answer 18

DES

Question 19

MAC

Answer 19

Message Authentication Code

Question 20

If received and computed ___ match, the recipient is assured

1. the message has not been altered
2. the message came from the alleged sender (since used the shared key K)
3. if the message includes a sequence number, then sequence assured since attacker couldn’t modify it without affecting the calculation

Answer 20

MACs

Question 21

• Another method for message authentication
• Uses an algorithm that sender and receiver both know (and maybe attacker, too)
• Result is a fixed-length code
• can be encrypted by symmetric or public-key encryption
• used as a digital signature

Answer 21

Hash Function

Question 22

• can be applied to an entire message or file of any size
• produces a fixed-length output
• computationally easy to compute

Answer 22

Hash Function

Question 23

• must be one-way
  
  • infeasible to find x from H( x ), i.e., to find message given hash value
• must be collision resistant
  
  • for a given message, infeasible to find another message that generates the same value

Answer 23

Secure Hash Function

Question 24

Used for MACs, digital signatures, and integrity checking

Answer 24

Secure Hash Function

Question 25

• use a different key for decryption than for encryption

* the keys are related mathematically to make this possible

Answer 25

Public-Key Encryption

Question 26

Each person has two keys: a ___ that only he/she knows, and a ___ that is broadcast widely; other components are the same as for symmetric systems

Answer 26

private key, public key

Question 27

In public-key encryption, the sender encrypts the message using ___

Answer 27

the recipient’s public key

Question 28

On receipt, the recipient uses ___ key to decrypt the message.

Answer 28

his private

Question 29

Solves key distribution and digital signature issues, but runs much slower than symmetric algorithms.

Answer 29

Public-Key Encryption

Question 30

• uses public-key encryption to compute a shared secret key

* the shared secret key is thereafter used for symmetric data encryption

Answer 30

Diffie-Hellman key exchange

Question 31

• Sender encrypts using his private key
• Recipients can decrypt using sender’s public key, which they all know
• Since only sender has the corresponding private key, authenticity is assured

Answer 31

Authentication using public-key

Question 32

Encryption (not often), Diffie-Hellman key exchange, Authentication, Digital signature, Key management and distribution are applications of…

Answer 32

Public-Key Algorithms

Question 33

Key management and distribution

• used with ___ to assure recipients that alleged public key is genuine

Answer 33

certificate authorities (CAs)

Question 34

address the question: How can Alice know that the public key she is using for Bob is really his public key?

Answer 34

Digital certificates (DCs)

Question 35

Digital certificates (DCs) are issued by trusted entities called…

Answer 35

certificate authorities (CAs)

Question 36

A ___ vouches for an entity (e.g., Bob) and contains Bob’s public key

Answer 36

digital certificate

Question 37

The DC is ___ by the CA using its private key; Alice uses the CA’s public key to verify the CA’s signature

Answer 37

digitally signed

Question 38

DCs

Answer 38

Digital Certificates

Question 39

CAs

Answer 39

Certificate Authorities

Question 40

• Another way to use public-key encryption to protect a symmetric key
• Does not need for sender and recipient to negotiate a shared secret key
• Uses a one-time symmetric key
• Key is encrypted using recipient’s public key and sent to recipient

Answer 40

Digital Envelopes

Question 41

Used for:
• generation of keys for public-key algorithms
• generation of stream keys for symmetric stream ciphers
• generation of one-time symmetric keys for use in digital envelopes
• session key generation by key distribution centers or parties to communication
• also used in handshake protocols to prevent replay attacks

Answer 41

Random Numbers

Question 42

• uniform distribution – each value is equally likely

* independence – cannot infer any value from other values

Answer 42

Randomness

Question 43

opponent should not be able to predict future element of sequence on basis of earlier elements (similar to statistical independence)

Answer 43

Unpredictability

Question 44

• Cryptographic applications (and programming languages) typically use algorithms to generate “random” numbers
  
  • algorithms are deterministic
  • therefore, sequences produced are not truly random

Answer 44

Pseudorandom Numbers

Question 45

• use algorithms that produce sequences that satisfy statistical randomness
tests (uniformity, independence)
• nevertheless, can be predictable

Answer 45

Pseudorandom number generators (PRNGs)

Question 46

• typically measure unpredictable natural processes
  
  • e.g., radiation events, gas discharge, leaky capacitors, lava lamps
• increasingly provided on modern processors
  
  • e.g., Intel chip that samples thermal noise across undriven resistors

Answer 46

True random number generators (TRNGs)