Cryptography

Question 1

When do we have secure communication?

Answer 1

When there is no tampering (integrity) or eavesdropping (confidentiality)

Question 2

When do we have secure data storage?

Answer 2

No information leakage (confidentiality) or tampering (integrity)

Question 3

What are the 2 steps of secure communications?

Answer 3

1. Establish a secret key (face-to-face, trusted courier, handshake algorithms)
2. Transmit data using the shared secret key

Question 4

Name 6 ciphers that provides confidentiality

Answer 4

Polybios
shift cipher
Vigenére method
One time pad
Stream cipher
Block cipher

Question 5

What ciphers provide integrity?

Answer 5

ECB
HMAC

Question 6

Describe the Polybios cipher

Answer 6

Partition the alphabet in a grid.

Each plaintext letter is represented by 2 number (row, col)

Question 7

What is the shift cipher?

Answer 7

Each letter is a number: A-0, E-4

K: Encryption key

Enc:
C = (M + K) mod 26

Dec:
M = (C - K) mod 26

Question 8

Why is the shift cipher insecure?

Answer 8

Only 26 keys

Monoalphabetic - one plaintext alphabet to ciphertext alphabet mapping.

Plaintext is easily recognizable during brute force

Question 9

Describe the Vigenére cipher

Answer 9

Key is a string

Shifts each plaintext character with the amount dictated by the character of the key

Question 10

Compare Vigenére and shift

Answer 10

Vigenére: Larger key space
Key length n: Keyspace = 26^n
Brute force is expensive

Question 11

When is Vigenére insecure?

Answer 11

Given a long ciphertext.

If key length is n, then every n character is encrypted using the same character.

This can be used to break the cipher

Question 12

How can the period of the Vigenére cipher be broken?

Answer 12

Make a guess for n, and divide the ciphertext into sub-block containing letters encrypted using the same key.

Run a frequency analysis on the sub-blocks. When the period value is correct, the requency distribution should mirror the frequency distribution og the english language.

For each sub-block, calculate the similarities of the frequencies in the sub-blocks and in the english language

Calculate the avarage value of the similarities of all sub-blocks.

Of the guessed period, choose the period with the highest avarage similarity.

Question 13

How can Vigenére be broken, when we know the period?

Answer 13

Extract the sub-blocks of the ciphertext, using the period n.

Run a frequency analysis on each block. Compare it to the english language to figure out what ciphertext letters represent which english letter. Use this to find the ciphertext representation of the most common letter in the english alphabet (such as E).
When this is done, we know the Key for the block.

Do this for each block to put together the whole key

Question 14

What is the one time pad?

Answer 14

Enc:
C = P XOR Key

Dec:
P = C XOR Key

Perfect security

Question 15

What is perfect secrecy?

Answer 15

Observing the ciphertext should not change the attacker’s knowledge about the distribution of the plaintext.

Question 16

What are some limitations of the one time pad?

Answer 16

Key must be atleast as long as the plaintext

New key for each message

Question 17

How can the OTP be misused?

Answer 17

Use the same key to encrypt 2 or more messages. The cipher is then no longer perfectly secure.

Question 18

How can OTP be broken when two ciphertext are encrypted using the same key?

Answer 18

C1 = m1 XOR k
C2 = m2 XOR k

C1 XOR C2
= m1 XOR k XOR m2 XOR k
= m1 XOR m2 XOR (k XOR k)
= m1 XOR m2

m1 XOR m2 reveals information about m1 and m2

Info:
- All letters in binary begins with 01
- XOR-ing 2 letters will there for being with 00
- Space begins with 00
- XOR letter with space gives 01

Question 19

Does OTP provide integrity?

Answer 19

No

Question 20

What is quantum key distribution

Answer 20

utilizes the unique properties of quantum mechanical systems to generate and distribute cryptographic keying material using special purpose technology

Question 21

What issue does stream ciphers address?

Answer 21

OTP key is as long as the message

Question 22

What is the idea behind stream ciphers?

Answer 22

Use a short key k as a seed

Generate a pseudo ransom key k’

k’ is as long as the message

Use k’ for OTP enc and dec (XOR)

Question 23

What is the flow of stream ciphers from the sender?

Answer 23

key -> PRG -> k’ XOR P -> C

Question 24

What is the flow of stream ciphers from the receiver?

Answer 24

key -> PRG -> k’ XOR C -> P

Question 25

What issue does block ciphers also try to be a solution for?

Answer 25

OTP long key issue

Question 26

How does block ciphers work

Answer 26

Split P into similar sized blocks

Enc/Dec each block using a short key

Question 27

How does DES work?

Answer 27

Feistel cipher

56 bit key

Key expansion: 48 bit round key for each block

One plaintext block of 64 bits passes through 16 rounds of the round functions

The result is a 64 bit ciphertext block

Question 28

What is 3DES?

Answer 28

Block: 64 bits
K = 168 / 112 / 56 bits
48 rounds

Question 29

What is the round function of DES?

Answer 29

Apply 48 bit key to the 32 rightmost bits to produce a 32 bit output

Then, the rightmost 32 bits are swapped with the leftmost 32 bits.

Flow:
- 32 bit input block is expanded to 48 bit (P-box)
- Block is XORed with 48 bit key
- 48 bit output is split into 8 6-bit blocks
- The 6-bit blocks is sent trough an S-box, which provides a 4 bit output
- The resulting 32 bits are sent to a Straight P-box which outputs 32 bits

Question 30

What is used to split plaintext into blocks, and chain the blocks?

Answer 30

Mode of operation

Question 31

Describe the ECB mode of operation?

Answer 31

P is split into blocks of size n, add padding if necessary.

All blocks uses the same encryption key sets generated from identical key and key expansion function

Round function is identical for each block

Question 32

Describe the CBC mode of operation

Answer 32

IV
Padding

Round 1:
Enc(IV XOR P, K)

Round 2:
Enc(Ci-1 XOR P, K)

Dec:
Dec(C, K) XOR Ci-1
Dec(C, K) XOR IV

Question 33

Describe AES

Answer 33

Block: 128
Key: 128, 192, 256
Rounds: 10, 12, 14

Question 34

What are some tips when using block ciphers?

Answer 34

Choose right cipher (DES, 3DES, AES)

Choose right mode of operation (do not use ECB)

Question 35

Compare stream vs. block ciphers

Answer 35

Stream: fast
Block: slow

Stream: Good for cases when we don’t know the size of data, or it is continuous (e.g. network streams)
Block: Godd when we know data-size (e.g. file, data fields, request/response protocols)

Stream: Cannot provide integrity
Block: Can provide integrity

Question 36

What is MAC

Answer 36

Message Auth code
provides Integrity

Hash message before transmission creating a tag.
Send message and tag.
Receiver verifies tag.

A:
Tag: G(K, m)

B:
Verify Tag: V(K, m, tag) = ‘yes’?

Question 37

What is enhanced CBC?

Answer 37

Generate tag:
G(K, K1, m, IV)

Verify:
V(K, K1, m, tag, IV) = ‘yes’

Question 38

Describe hash functions

Answer 38

Various sized input -> fixed size output

Properties:
- Collision resistant
- Pre-image resistant
- Second preimage resistant

Question 39

What is coliision resistance?

Answer 39

Hard to find M1 and M2 such that h(M1) = h(M2)

Question 40

What is preimage resistance?

Answer 40

Given h, hard to find a M such that h(M) = h

Question 41

What is HMAC?

Answer 41

Hash-MAC

Uses hash functions to generate a tag.

Generate:
G(K, m)

Verify:
V(K, m, tag)

Question 42

What is the format of HMAC?

Answer 42

T = H((k XOR opad) || H((k XOR ipad), M))

ipad: inner pad
opad: Outer pad

Question 43

What are 3 strategies to compine confidentiality and integrity?

Answer 43

MAC-then-Encrypt (TLS)

Encrypt-and-MAC (SSH)

Encrypt-then-MAC (IPSec)

Question 44

What is encrypt-then-mac?

Answer 44

Encrypt message, then create a mac from the encrypted message.

Question 45

What are the building blocks of Public key encryption?

Answer 45

KeyGen: Output PK and SK

One-way trapdoor function F(PK, x)

Inverse function F^-1(SK, y)

Question 46

What is a one-way function?

Answer 46

Computing y = f(x, k) is easy

Computing x = f^-1(y) is difficult

Question 47

What is a trapdoor function?

Answer 47

When we have a secret key, computing the inverse of the function becomes easy

Question 48

How does digital signatures work?

Answer 48

B hashes M
B signs h(M) using B’s secret key and F^-1
Sends M and signature

Signature: F^-1(SK, H(m))

A has M, signature and PK
Check if F(PK, Sig) = H(m)

Question 49

When an entity receives a public key, how can they know that it is the public key of a certain other entity and not a public key issued by an attacker?

Answer 49

Certificates issued by a CA

Question 50

What must a certificate include?

Answer 50

A public key

The CA’s signature

Identity of issuer and subject

Question 51

Describe the TLS handshake

Answer 51

Before handshake:
Client A has:
PKca

Server B has:
PKca, PKb, SKb, Cert

Handshake:
1. Client Hello
2. Server Hello: Cert
Now A has PKb from Cert
3. A generates a secret key C and encrypt using PKb, sends c
4. ClientKeyExcange: c
5. B decrypts c using SKb to get K

A and B now have the same key K

Question 52

What is a known attack on TLS 1.2?

Answer 52

Raccoon attack

Question 53

Compare RSA and ECDSA

Answer 53

RSA:
- Simple, effective
- Widely used (SSL, TLS)
- Prime factorization

ECDSA:
- Higher complexity, faster
- Shorter keys (+ elliptic curve)
- limited support
- y^2 = x^3 + ax + b

Question 54

What is Kerchoff’s principle?

Answer 54

The only secret is the key, and must be chosen at random

It is easier to change key than change algorithm

Makes standardization and public validation possible