Cryptography

Question 1

What does CIA mean in relation to Cryptography?

Answer 1

Confidentiality, Integrity and Authentication

Question 2

What is non-repudiation?

Answer 2

An action that cannot be denied

Question 3

Non-repudiation can be used to provide what 3 things?

Answer 3

Identification, Authentication and Accountability

Question 4

What is a mono-alphabetic substitution?

Answer 4

A system that uses only a single alphabet to encrypt and decrypt a message

Question 5

What is a practitioner of cryptography known as?

Answer 5

Cryptographer

Question 6

What term is used to describe the science of deciphering cipher text without the cryptographic key?

Answer 6

Cryptanalysis

Question 7

What is Cryptology?

Answer 7

The science of cryptography and cryptanalysis

Question 8

What is a practitioner of Cryptology called?

Answer 8

Cryptologist

Question 9

What is a plaintext message?

Answer 9

A message in its original readable format

Question 10

What is a ciphertext message?

Answer 10

A plaintext message that’s been encrypted

Question 11

What other term can be used to describe decryption?

Answer 11

Deciphering

Question 12

What are two methods of encrypting traffic on a network?

Answer 12

End-to-End encryption

Link encryption

Question 13

What type of encryption is used where a packets are encrypted at the original source and then decrypted once they reach the final destination?

Answer 13

End-to-End encryption

Question 14

What are the two advantages of end-to-end encryption?

Answer 14

Speed

Overall security

Question 15

What is the downside to end-to-end encryption?

Answer 15

Only data in encrypted, not routing information

Question 16

What is Link encryption?

Answer 16

requires that each node (ie router) has separate key pairs for its upstream and downstream neighbours. Packets are encrypted and decrypted at each node along the network path

Question 17

What is the advantage of link encryption?

Answer 17

Entire packet including routing information is encrypted

Question 18

What are the two disadvantages of link encryption?

Answer 18

• Latency
• Inherent vulnerability: If a node is compromised or a packets decrypted contents are cached on the router then the data can be compromised

Question 19

What is the hardware or software implementation that transfers plaintext into ciphertext known as?

Answer 19

A cryptosystem

Question 20

What 3 properties must an effective cryptosystem have?

Answer 20

• efficient method of encrypting and decrypting keys on the system
• cryptosystem is easy to use
• strength of the cryptosystem depends on the secrecy of the keys

Question 21

What is a keyspace in relation to a cryptosystem?

Answer 21

A range of all possible values for a key within a cryptosystem

Question 22

What is a keyspace in relation to a cryptosystem?

Answer 22

A range of all possible values for a key within a cryptosystem

Question 23

What is a restricted algorithm?

Answer 23

refers to an algorithm that must be kept secret in order to provide security.

Question 24

What is the disadvantage of a restricted algorithm?

Answer 24

relies on secrecy of the keys rather than complexity of the algorithm used

Question 25

What are the two basic elements of a cryptosystem?

Answer 25

• Cryptographic algorithm

- Cryptovariable

Question 26

What is another term for a cryptographic algorithm?

Answer 26

Cipher

Question 27

What is another term for a cryptovariable?

Answer 27

Key

Question 28

What is key clustering?

Answer 28

Clustering occurs when identical ciphertetx messages are generated form a plaintext message by using the same encryption algorithm but different encryption keys

Question 29

What is a weakness of key clustering?

Answer 29

reduces the number of key combinations that must be attempted in a brute force attack due to a weakness in the cryptographic algorithm

Question 30

What are the two main classes of ciphers used in symmetric key algorithms?

Answer 30

block and stream

Question 31

What are the advantages of block ciphers over stream ciphers?

Answer 31

• Re-usable keys: Key management is easier

- Interoperability: More widely supported

Question 32

What are the advantages of block ciphers over stream ciphers?

Answer 32

• Re-usable keys

- Interoperability

Question 33

Which type of cipher is normally implemented in software?

Block or stream?

Answer 33

Block

Question 34

What is a stream cipher?

Answer 34

They operate in real time on a continuous stream of data, typically bit by bit. using a stream cipher, the same plaintext bit or byte will produce a different ciphertext bit or byte every time it is encrypted.

Question 35

What is a stream cipher?

Answer 35

They operate in real time on a continuous stream of data, typically bit by bit

Question 36

What are the advantages of a stream cipher?

Answer 36

faster than block ciphers

require less code to implement

Question 37

What are the disadvantages of a stream cipher?

Answer 37

Key management as keys in a stream cipher are generally only used once.

Question 38

A one time pad uses which type of cipher? Stream or Block?

Answer 38

Stream

Question 39

What is the disadvantage of a one time pad?

Answer 39

Impractical for longer messages as it contains a pad the same length as the message that it is applied to.

Question 40

What are the two basic types of ciphers?

Answer 40

substitution and transposition

Question 41

What is the method that most common cryptosystems use to achieve encryption?

Answer 41

Substitution and permutation

Question 42

What is a substitution cipher?

Answer 42

Replaces bits, characters or character blocks in plaintext with alternate bits, characters or character blocks to produce ciphertext

Question 43

A substitution cipher may be monoalphabetic or Polyalphabetic. True or False?

Answer 43

True

Question 44

What is monoalphabetic?

Answer 44

A single alphabet used to encrypt a message

Question 45

What is polyalphabetic?

Answer 45

different alphabet used to encrypt each bit, character or character block

Question 46

What is a modern example of a substitution cipher?

Answer 46

S-boxes (Substitution boxes) employed in DES

Question 47

Which type of substitution does DES use?

Linear or non-linear?

Answer 47

non-Linear

Question 48

What is a transposition cipher?

Answer 48

rearranges bits characters or character blocks in a plaintext message to produce ciphertext

Question 49

What is a coded cipher?

Answer 49

Words and phrases to communicate a secret message

Question 50

What is a Running (or book) cipher?

Answer 50

the key is page 13 of a book and text on that page is added modulo 26 to perform the encryption/decryption

Question 51

What is Modulo 26?

Answer 51

Example
plaintext = EMI
numeric value = 5 13 9
substitution value + 3
modulo 26 result = 8 16 12
ciphertext = HPL

Question 52

What is a vernam cipher?

Answer 52

A one time pad

Question 53

What is a concealment cipher?

Answer 53

Steganography

Question 54

What is steganography?

Answer 54

The art of hiding a message

Question 55

What can be used to verify the authenticity of an image or data?

Answer 55

Watermark

Question 56

What is symmetric key cryptography?

Answer 56

Uses a single key to both and encrypt and decrypt information

Question 57

What are the 3 disadvantages of a symmetric key system?

Answer 57

• Distribution: Secure distribution of keys is required
• Scalability: Different key required for each pair of communicating parties
• Limited functionality: can’t provide authentication or non-repudiation

Question 58

What are the 3 advantages of a symmetric key system?

Answer 58

• Speed: Faster than asymmetric systems
• Strength: Strength is gained when used with a large key (128 bit, 256 bit or larger)
• Availability: There are many algorithms available for organisations to use.

Question 59

Name 5 types of symmetric key algorithms

Answer 59

• Data Encryption Standard (DES)
• Triple DES (3DES)
• Advanced Encryption Standards (AES)
• International Data Encryption Algorithm (IDEA)
• Rivest Cipher 5 (RC5)

Question 60

Which types of encryption is a block cipher and uses a 56 bit key?

Answer 60

DES

Question 61

What is the DES algorithm consist of?

Answer 61

64 bit block cipher based on a 56 bit symmetric key (56 key bits plus 8 parity bits or 8 bytes with each byte containing 7 key bits and 1 parity bit)

Question 62

What are the steps in DES encryption?

Answer 62

1. Original message is divided into 64 bit blocks
2. Operating on a single block at a time, each 64-bit plain-text block is split into 2 32-bit blocks.
3. Under control of the 56-bit symmetric key, 16 rounds of transpositions and substitutions are performed on each individual character to produce the resulting ciphertext output

Question 63

What is a parity bit used for?

Answer 63

To detect errors in a bit pattern

Question 64

A transformation (substitutions and permutations) that an encryption algorithm performs on a block of plain text to convert into ciphertext is known as what?

Answer 64

A round

Question 65

What are the 4 distinct modes of operation in DES?

Answer 65

• Electronic Code Book
• Cipher Block Chaining
• Cipher Feedback
• Output Feedback

Question 66

Which two operational modes of DES are used the most?

Answer 66

Electronic Code Book and Cipher Block Chaining

Question 67

What are 4 characteristics of Electronic Code Book (ECB) in DES?

Answer 67

• Native operational mode in DES
• Normally produces the highest throughput?
• Best used for encrypting keys or small amounts of data
• Operates on 64-bit blocks of plaintext independently to produce 64-bit blocks of ciphertext

Question 68

What is a disadvantage of using ECB in DES?

Answer 68

The same plaintext, encrypted with the same key always produces the same ciphertext. Susceptible to Chosen Text attacks (CTA) as certain patterns may be revealed.

Question 69

What are 4 characteristics of Cipher Block Chaining (CBC) in DES?

Answer 69

• Most common mode of DES operation
• Operates on 64-bit blocks of plaintext to produce 64 bit blocks of ciphertext
• Each block is XORed with the ciphertext of the preceeding block to create a dependency, or chain, therefore producing a more random ciphertext result.
• first block is encrypted with a random block known as an Initialisation Vector (IV)

Question 70

What is a disadvantage of CBC in DES?

Answer 70

Errors propagate, however problem is only limited to block in which the problem occurs and the block that immediately follows after which the encryption re-synchronises.

Question 71

What is the Exclusive Or (XOR) function?

Answer 71

a binary option applied to two input bits, ie:

• if two bits are equal result is 0
• if two bits are odd result is 1

Question 72

Which are 4 characteristics of Cipher Feedback (CFB) in DES?

Answer 72

• is a stream cipher
• most often used to encrypt individual characters
• previously generated ciphertext is used as feedback for key generation in the next keystream
• resulting ciphertext is chained together

Question 73

What is a disadvantage of CFB in DES?

Answer 73

errors are multiplied throughout the encryption process

Question 74

Which are 4 characteristics of Output Feedback (OFB) in DES?

Answer 74

• is a stream cipher
• often used to encrypt satellite communications
• previous plaintext is used as feedback for key generation in the next keystream
• resulting ciphertext is not chained together

Question 75

What advantage does OFB have over CFB in DES?

Answer 75

Ciphertext isn’t chained together so errors don’t spread throughout the encryption process.

Question 76

How does Triple DES differ from normal DES?

Answer 76

triple DES encrypts a message using 3 separate encryption keys. key 1, then key 2 then either the first key again or a new third key.

Question 77

What are the 4 variations of Triple DES?

Answer 77

DES-EEE2 (Encrypt-Encrypt-Encrypt) 1st key, 2nd key, 1st key
DES-EDE2 (Encrypt-Decrypt-Encrypt) 1st key, 2nd key, 1st key
DES-EEE3 (Encrypt-Encrypt-Encrypt) 1st key, 2nd key, 3rd key
DES-EDE3 (Encrypt-Decrypt-Encrypt) 1st key, 2nd key, 3rd key

Question 78

Which variation of DES was developed for backwards compatibility with single DES systems? EEE or EDE?

Answer 78

EDE

Question 79

Which version of DES is susceptible to a “Meet in the Middle” attack?

Answer 79

Double DES

Question 80

What are 2 problems with Triple DES?

Answer 80

• performance cost so doesn’t work with many applications that require high speed throughput for high volumes of data
• brute force attack can reduce the key size to 108 bits

Question 81

Which encryption standard is approved for encrypting US Government Top Secret data?

Answer 81

AES (192 or 256 bit)

Question 82

The Rijndael Block Cipher is used for which encryptions standard?

Answer 82

AES

Question 83

What are the 3 key lengths of AES?

Answer 83

128, 192, 256

Question 84

How many “rounds” can be used in AES?

Answer 84

10 to 14

Question 85

What is the only successful attack that has been used against AES?

Answer 85

Side Channel Attack

Question 86

Which type of side channel attack is the most common against AES?

Answer 86

cache timing

Question 87

Do side channel attacks attack the encryption algorithm or the system in which the encryption algorithm is implemented?

Answer 87

System in which it is implemented

Question 88

What are the 4 common RSA ciphers?

Answer 88

RC2, 4, 5, 6

Question 89

Which RSA cipher uses a block mode cipher that encrypts 64-bit blocks of data by using a variable length key? RC2, 4, 5, 6?

Answer 89

RC2

Question 90

Which RSA cipher uses a stream cipher (data encrypted in real time) that uses a variable length key? (128 bit is standard) RC2, 4, 5, 6?

Answer 90

RC4

Question 91

Which RSA cipher uses a block mode cipher that encrypts 64-bit blocks of data by using a variable length key (0 to 2048 bits), variable block size (32, 64, 128 bits) and variable number of processing rounds (0 to 255)? RC2, 4, 5, 6?

Answer 91

RC5

Question 92

Which RSA cipher is derived from RC5 and is a finalist in the AES selection process? Uses 128 bit block size and variable length keys of 128, 192 or 256 bits? RC2, 4, 5, 6?

Answer 92

RC6

Question 93

What is the difference between the Blowfish and Twofish algorithms?

Answer 93

• Blowfish operates on 64 bit blocks, employs 16 rounds and uses variable key lengths of up to 448 bits.
• Twofish, a finalist in the AES selection process is a symmetric block cipher that operates on 128-bit blocks, employing 16 rounds with variable key lengths up to 256 bits

Question 94

Which two encryption algorithms are openly available in the public domain?

Answer 94

Blowfish and Twofish

Question 95

Which are 4 characteristics of International Data Encryption Algorithm (IDEA)?

Answer 95

• is a block cipher
• operates on 64-bit plaintext blocks by using a 128 bit key
• performs 8 rounds on 16 bit sub blocks and can operate in 4 distinct modes similar to DES.
• Uses stronger encryption than RC4 and Triple DES.

Question 96

Why is IDEA not widely used?

Answer 96

Because it is patented although is used by PGP

Question 97

name 3 encryption algorithms that have had no formal successful attacks?

Answer 97

IDEA
Blowfish
Twofish

Question 98

What is asymmetric cryptography?

Answer 98

Uses a private and public key pair. one key to encrypt and one key to decrypt

Question 99

What is the 3 step process is asymmetric cryptography?

Answer 99

1. The sender (Thomas) encrypts the plaintext message with the intended recipient’s (Richard) public key.
2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard)
3. The recipient (Richard) then decrypts the message with his private key, known only to him.

Question 100

What term is used to describe an asymmetric key system?

Answer 100

secure message

Question 101

What is the 3 step process in signing a message to guarantee authenticity?

Answer 101

1. The sender (thomas) encrypts the plaintext message with his own private key.
2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard)
3. To verify that the message is from the purported sender (Thomas), the recipient (Richard) applies the senders (Thomas) public key

Question 102

Purely signing a message is otherwise known as what?

Answer 102

Open message format

Question 103

Does signing a message only provide confidentiality?

Answer 103

No

Question 104

Which message format should be used to provide both confidentiality and authenticity?

Answer 104

the secure and signed message format

Question 105

What are the 3 steps in guaranteeing confidentiality and authenticity of a message?

Answer 105

1. the sender (thomas) encrypts the message first with the intended recipients (Richard) public key and then with his own private key.
2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard).
3. the recipient (Richard) uses the senders (thomas) public key to verify the authenticity of the message and then uses his own private key to decrypt the message

Question 106

theoretically can a private key be derived form a public key?

Answer 106

No

Question 107

What is a one way function?

Answer 107

A problem that you can easily compute in one direction but not the reverse.

Question 108

In asymmetric key systems what is used to reverse the one way function?

Answer 108

A trapdoor (private key)

Question 109

What are asymmetric keys commonly used for?

Answer 109

key management and digital signatures

Question 110

What is a hybrid system in relation to symmetric and asymmetric key encryption?

Answer 110

asymmetric system used to securely distribute the secret keys of a symmetric key system that’s used to encrypt the data.

Question 111

What is the main disadvantage of an asymmetric key system?

Answer 111

Lower speed. Because of the types of algorithms that are used to create the one way hash function, large keys are required

Question 112

What are the two main advantages of asymmetric key systems?

Answer 112

• Extended functionality: can provide confidentiality and authenticity whereas symmetric can only provide confidentiality.
• Scalability: do not require secret key exchanges with all communicating parties like symmetric does. resolves key management issues.

Question 113

Name 5 types of asymmetric key algorithms?

Answer 113

RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve

Question 114

how can RSA be used to securely transport symmetric keys? 2 step process

Answer 114

1. Thomas creates a symmetric key, encrypts it with Richards public key and then transmits it to Richard.
2. Richard decrypts the symmetric key by using his own private key.

Question 115

What is the RSA algorithm based on?

Answer 115

Factoring prime numbers

Question 116

Which algorithm is an asymmetric key algorithm based on discrete logarithms?
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve

Answer 116

Diffie-Hellman

Question 117

Diffie-Hellman can be used to exchange symmetric keys. How this is achieved? 2 steps

Answer 117

1. Thomas and Richard obtain each other’s public keys.
2. Thomas and Richard then combine their own private keys with the public key of the other person, producing a symmetric key that only the two users involved in the exchange know.

Question 118

Which asymmetric key algorithm is susceptible to man in the middle attacks?
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve

Answer 118

Diffie-Hellman

Question 119

How is a man in the middle attack performed with Diffie Hellman?

Answer 119

harold (attacker) intercepts the public keys during the initial exchange and substitutes his own private key to create a session key that can decrypt the session

Question 120

Which asymmetric algorithm extends the functinality of Diffie-Hellman to include encryption and digital signatures? 
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve

Answer 120

El Gamal

Question 121

Which asymmetric algorithm is based on the problem of determining what items, in a set of items tha have fixed weights, can be combined in order to obtain a total given weight?
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve

Answer 121

Merkle-Hellman (Trapdoor) Knapsack

Question 122

Merkle-Hellman (Trapdoor) Knapsack has been broken already. true or False?

Answer 122

True

Question 123

What is the benefit of the Eliptic Curve Algorithm?

Answer 123

More efficient than other asymmetric key systems and many symmetric key systems as it uses smaller keys.

Question 124

Eliptic Curve can typically be implemented in which type of hardware?

Answer 124

Wireless devices and Smart cards

Question 125

Which method of the CIA triad does authenticity provide?

Answer 125

Integrity

Question 126

What 4 things can message authentication provide?

Answer 126

• The message hasn’t been altered.
• The message isn’t a replay of a previous message
• The message was sent from the origin stated
• the message is sent to the intended recipient

Question 127

Checksums, CRC values and parity checks are all basic types of what?

Answer 127

Message authentication

Question 128

Digital Signatures and Message digests are all advances types of what?

Answer 128

Message authentication

Question 129

What does FIPS stand for?

Answer 129

Federal Information Processing Standard

Question 130

What are the 2 acceptable algorithms for digital signatures as published by the national Institute of Standards and Technology (NIST) and specified by FIPS 186-1?

Answer 130

• RSA Digital Signature Algorithm

- Digital Signature Algorithm (DSA) - based on El Gamal

Question 131

Both RSA Digital Signature Algorithm and the Digital Signature Algorithm use which Secure Hash Algorithm?

Answer 131

SHA-1

Question 132

What is the 2 step process with regards encryption for digital signatures?

Answer 132

1. Sender encrypts message with his private key.

2. The sender’s public key then decrypts the message, authenticating the originator of the message.

Question 133

What term is used to describe the use of digital signatures?

Answer 133

open message format in asymmetric key systems

Question 134

What is the 4 step process in a message digest?

Answer 134

1. Message is encrypted with the recipient’s public key.
2. A representation of the encrypted message is then encrypted with the sender private key to produce a digital signature.
3. The recipient decrypts this representation using the sender’s public key and then independently calculates the expected results of the decrypted representation by using the same, known, one-way hashing algorithm.
4. If the results are the same, the integrity of the original message is assured.

Question 135

To reduce or condense something is called what?

Answer 135

A digest

Question 136

What are the 4 properties of a message digest?

Answer 136

• The original message can’t be re-created by the message digest
• Finding a message that produces a particular digest shouldn’t be computationally feasible.
• No two messages should produce the same message digest
• The message digest should be calculated by using the entire contents of the original message

Question 137

What term is used when two messages produce the same message digest or when a message produces the same digest of a different message?

Answer 137

A Collision

Question 138

How are message digests produced?

Answer 138

Using a one-way hash function

Question 139

A one-way hashing algorithm is otherwise known as what?

Answer 139

A digest algorithm

Question 140

What are 3 common types of one-way hashing algorithms?

Answer 140

MD5
SHA-1
HMAC

Question 141

What assurance does a one-way function provide?

Answer 141

that the same key can’t encrypt and decrypt a message in an asymmetric key system

Question 142

Which element of the CIA triad does the one way function address?

Answer 142

Confidentiality

Question 143

What word describes the reversal of a one way function?

Answer 143

A trapdoor

Question 144

A one way hashing algorithm produces a hashing value (message digest) that cannot be reversed? ie cannot be decrypted. True or False?

Answer 144

True

Question 145

The purpose of a one-way hashing algorithm is to ensure what?

Answer 145

integrity and authentication

Question 146

MD (Message Digest) is a family of what?

Answer 146

one way hashing algorithms

Question 147

What are the 4 common versions of the MD one way hashing algorithm?

Answer 147

MD2
MD4
MD5
MD6

Question 148

Which of the MD family takes a variable size input (message) and produces a fixed size output (128-bit message digest)

Answer 148

MD2

Question 149

What are two disadvantages of MD2?

Answer 149

• Slow

- highly susceptible to collisions

Question 150

Which of the MD family produces a 128-bit digest and is used to compute NT password hashes for various Microsoft Windows Operating systems inlcuding NT, XP and Vista? It is also typically represented as a 3 digit hexadecimal number?

Answer 150

MD4

Question 151

What is a weakness of MD4?

Answer 151

Susceptible to collision attacks

Question 152

Which of the MD family is commonly used to store passwords and check the integrity of files? It also has the following characteristics:

• produces a 128-bit digest
• messages are process in 512-bit blocks and use 4 rounds of transformation
• resulting hash is typically represented as a 32-bit hexadecimal number

Answer 152

MD5

Question 153

What are two weaknesses of MD5?

Answer 153

• susceptible to collisions

- considered “cryptographically” broken by the US Department of Homeland Security

Question 154

Which of the MD family uses very large input message blocks (up to 512 bytes) and produces variable length digests (up to 512-bits)?

Answer 154

MD6

Question 155

What are the 3 versions of the SHA (Secure Hash Algorithm) are there?

Answer 155

SHA-1
SHA-2
SHA-3

Question 156

Which family of one way hash functions was designed by the NSA?

Answer 156

SHA

Question 157

Which version of SHA takes a variable size input (message) and produces a fixed size output (160-bit message digest vs MD’s 128-bit message digest). It also produces messages in 512-bit blocks and adds padding to a message length, if necessary to produce a total message length that’s a multiple of 512?

Answer 157

SHA-1

Question 158

Which version of SHA has the following characteristics?

• consists of 4 hash functions which are: SHA-224, SHA-256, SHA-384, SHA-512
• has digest lengths of 224, 256, 384 and 512 bits respectively
• processes messages in 512-bit blocks and adds padding to a message length if necessary, to produce a total message length that is a multiple of 512?

Answer 158

SHA-2

Question 159

SHA-3 is scheduled to be published in 2012

Answer 159

Note

Question 160

What does HMAC stand for?

Answer 160

Hashed Message Authentication Code (or checksum)

Question 161

What is the purposed of HMAC?

Answer 161

Extends the security of the MD5 and SHA-1 algorithms through a concept of key digest by incorporating a previously shared secret key and original message into a single message digest.

Question 162

What is the main advantage of HMAC?

Answer 162

If an attacker intercepts a message, modifies its contents and calculates a new message digest, the result won’t match the receivers hash calculation because the modified messages hash doesn’t contain the secret key.

Question 163

What is PKI (Public Key Infrastructure)?

Answer 163

a central authority that stores encryption keys or certificates associated with users and systems

Question 164

What is a certificate in relation to cryptography?

Answer 164

An electronic document that uses the public key of an organisation or individual to establish identity and a digital signature to establish authenticity.

Question 165

What 5 things does PKI provide?

Answer 165

• confidentiality
• integrity
• authentication
• non-repudiation
• access control

Question 166

What are the 4 basic components of a PKI?

Answer 166

certificate authority
registration authority
repository
archive

Question 167

What is a Certificate Authority in relation to PKI?

Answer 167

• comprises hardware, software and personnel administering the PKI
• issues certificates
• maintains and publishes status information and Certificate Revocation Lists (CRL’s)
• Maintains Archives

Question 168

What is a Registration Authority in relation to PKI?

Answer 168

• registration authority also comprises of hardware, software and personnel administering the PKI.
• responsible for verifying certificate contents for the CA

Question 169

What is a Repository in relation to PKI?

Answer 169

A system that accepts certificates and CRL’s from a CA and distributes them to authorised parties.

Question 170

What is an archive in relation to PKI?

Answer 170

offers long term storage of archived information from the CA

Question 171

What are the 7 main functions in key management?

Answer 171

• Key generation
• Key distribution
• Key installation
• Key storage
• Key change
• Key control
• Key disposal

Question 172

What is the purpose of a key management system?

Answer 172

To safeguard keys

Question 173

What are the 3 main requirements for key generation?

Answer 173

• keys must be generate randomly on a secure system
• generation sequence shouldn’t provide potential clues regarding the contents of the keyspace
• generated keys shouldn’t be displayed in the clear

Question 174

What is the main requirement for key distribution?

Answer 174

must be distributed securely, ie using something like an asymmetric system to securely distribute the keys

Question 175

What is the main requirement for key installation?

Answer 175

manual process that should ensure the key isn’t compromised during installation, incorrectly entered or too difficult to be used readily.

Question 176

What are the two ways of maintaining secure key storage?

Answer 176

• stored on encrypted media

- stored on an application with safeguards that prevent keys from being extracted.

Question 177

Why does key change need to occur regularly?

Answer 177

Keys used frequently are more likely to be compromised through interception and statistical analysis.

Question 178

What is the main purpose of key control?

Answer 178

Addresses the proper use of keys. different keys have different functions and may only be approved for certain levels of classification.

Question 179

What is the purpose of key disposal?

Answer 179

To ensure keys are securely disposed, erased, etc.

Question 180

What is the purpose of the Escrowed Encryption Standard (EES)?

Answer 180

the purpose is to divide a key into two parts and place those two parts into escrow with two separate trusted organisations

Question 181

With EES, how can the divided keys be recovered?

Answer 181

Via a court order by law enforcement officials

Question 182

name 4 common Email Security Applications?

Answer 182

Secure Multi-purpose Internet Mail Extensions (S/MIME)
MIME Object Security Services (MOSS)
Privacy Enhanced Mail (PEM)
Pretty Good Privacy (PGP)

Question 183

What are the key characteristics of S/MIME?

Answer 183

• secure method of sending email incorporated into browsers and email applications.
• provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures and X.509 digital certificates
• complies with the Public Key Cryptography Standard (PKCS) #7
• has been proposed as a standard to the Internet Engineering Task Force (IETF)

Question 184

What are the key characteristics of MOSS (MIME Object Security Services)?

Answer 184

• provides confidentiality, integrity, identification, authentication and non-repudiation by using MD2 or MD5, RSA asymmetric keys and DES
• has never been widely implemented

Question 185

What are the key characteristics of PEM (Privacy Enhanced Mail)?

Answer 185

• proposed as a PKCS-compliant standard by the IETF, but never widely implemented or used.
• provides confidentiality and authentication by using 3DES for encryption, MD2, or MD5 message digests, X/509 certificates and the RSA asymmetric system for digital signatures and secure key distribution.

Question 186

What are the key characteristics of PGP (Pretty Good Privacy)?

Answer 186

• Email encryption application
• provides confidentiality and authentication using the IDEA cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution.
• Instead of a CA it uses a Trust Model in which the communicating parties implicitly trust each other
• ideally suited to smaller groups

Question 187

What 3 versions of PGP are available today?

Answer 187

• Freeware version from PGP International (free for individuals, not organisations)
• commercial version from symantec
• Open source version called GPG

Question 188

What are the 6 common protocols used to secure Internet Communications and Transactions?

Answer 188

SSL/TLS
S-HTTP
SSH
IPSec
MPLS
WTLS

Question 189

What are the key characteristics of SSL/TLS?

Answer 189

• provides session based encryption and authentication for secure communications between clients and servers on the internet.
• operates at transport layer
• Uses the RSA asymmetric key system
• IDEA, DES and 3DES symmetric key systems
• Uses the MD5 hash function

Question 190

What is SET (Secure Electronic Transaction)?

Answer 190

• developed by Mastercard and VISA to provide secure e-commerce transactions
• utilises dual signatures by allowing 2 pieces of data to be linked and sent to 2 different entities
• not widely used

Question 191

What are the 5 main features of SET?

Answer 191

• Confidentiality using DES
• Integrity using digital signatures and the RSA asymmetric system
• Cardholder authentication using digital signatures and X.509 digital certificates
• Merchant authentication using digital signatures and X.509 digital certificates
• Interoperability between different hardware and software manufacturers

Question 192

What are the key characteristics of the Secure Hypertext Transfer Protocol (S-HTTP)?

Answer 192

• provides a method for secure communications with a web server
• connectionless oriented protocol that encapsulates data after security properties for the session have been successfully negotiated
• uses symmetric encryption for confidentiality
• message digests for integrity
• public key encryption for client-server authentication and non-repudiation
• instead of encrypting an entire session as in SSL, S-HTTP can be applied to individual web documents

Question 193

What is IPSec?

Answer 193

• An IETF open standard for secure communications over public IP networks such as the internet.
• Ensures confidentiality, integrity and authentication by using Network layer encryption and authentication to provide an end to end solution

Question 194

What two modes does IPSec operate in?

Answer 194

Transport Mode: Only the data is encrypted

Tunnel Mode: Entire packet is encrypted

Question 195

What are the two made protocols used in IPSec?

Answer 195

• Authentication Header (AH): Provides integrity, authentication and non-repudiation
• Encapsulating Security Payload (ESP): provides confidentiality (encryption) and limited authentication

Question 196

What must each pair of communicating hosts establish in an IPSec session?

Answer 196

A security Association (SA)

Question 197

What is a Security Association?

Answer 197

• A one-way connection between two communicating parties.
• Two SAs are required for each pair of communicating hosts
• Each SA can only support a single protocol (AH or ESP). If AH and ESP are used between a pair of communicating hosts, 4 SA’s are required.

Question 198

An SA has 3 parameters that uniquely identify it in an IPSec session. What are they?

Answer 198

• Security Parameter Index (SPI): a 32-bit string used by the receiving station to differentiate between SA’s terminating on that station. SPI is located within the AH or ESP header.
• Destination IP Address: end station, intermediate gateway, firewall, but must be a unicast address.
• Security Protocol ID: Either an AH or ESP association

Question 199

how is key management provided in IPSec?

Answer 199

Internet Key Exchange (IKE)

Question 200

IKE is combination of 3 complimentary protocols. What are they?

Answer 200

• The Internet Security Association and Key Management Protocol (ISAKMP)
• The Secure Key Exchange Mechanism (SKEME)
• The Oakley Key Determination Protocol

Question 201

What 3 modes does IKE operate in?

Answer 201

• Main Mode
• Aggressive Mode
• Quick Mode

Question 202

What is Multi-Protocol Label Switching (MPLS)?

Answer 202

• A fast method for forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in a packet.
• Is protocol independent and highly scalable.
• Provides Quality of Service (QOS) with multiple classes of Service (COS)
• Provides Secure Layer 3 VPN tunneling

Question 203

What is Secure Shell (SSH-2)?

Answer 203

• used for secure remote access as an alternative to Telnet
• can be used to provide confidentiality, integrity and authentication
• establishes an encrypted tunnel between the SSH client and SSH server and can also authenticate the client to the server

Question 204

What is Wireless Transport Layer Security (WTLS)?

Answer 204

-provides security services for the Wireless Application Protocol (WAP) commonly used for internet connectivity by mobile devices.

Question 205

What 3 classes of security does WTLS provide?

Answer 205

Class 1: Anonymous authentication
Class 2: Server Authentication Only
Class 3: Client-Server Authentication: Additional Security is provided in WAP using Service Set Identifiers (SSID) and Wired Equivalent Privacy Keys (WEP). A significant improvement in Wireless Security incorporates the Extensible Authentication Protocol (EAP) which uses RADIUS for authentication

Question 206

When should WEP be used?

Answer 206

Only when other security protocols are unavailable

Question 207

What are the 4 classes of attack methods used to crack a cryptosystem?

Answer 207

• Analytic Attacks
• Brute force Attacks
• implementation Attacks
• Statistical Attacks

Question 208

Which crypto attack uses algebraic manipulation in an attempt to reduce the complexity of the algorithm?

• Analytic Attacks
• Brute force Attacks
• implementation Attacks
• Statistical Attacks

Answer 208

• Analytic Attacks

Question 209

Which crypto attack attempts every possible combination of key patterns, sometimes utilising rainbow tables, and specialised or scalable computer architectures?

• Analytic Attacks
• Brute force Attacks
• implementation Attacks
• Statistical Attacks

Answer 209

• Brute force Attacks (is very time intensive!)

Question 210

Which crypto attack attempts to exploit some weakness in the cryptosystem such as a vulnerability in an algorithm or a protocol?

• Analytic Attacks
• Brute force Attacks
• implementation Attacks
• Statistical Attacks

Answer 210

• implementation Attacks

Question 211

Which crypto attack attempts to exploit some statistical weakness in the cryptosystem such as a lack of randomness in key generation?

• Analytic Attacks
• Brute force Attacks
• implementation Attacks
• Statistical Attacks

Answer 211

• Statistical Attacks

Question 212

What is a rainbow table?

Answer 212

A precomputed table used to reverse cryptographic hash functions in a specific algorithm

Question 213

What are two examples of password cracking programs that use rainbow tables?

Answer 213

Ophcrack

Rainbowcrack

Question 214

What is a Birthday Attack?

Answer 214

• attempts to exploit the probability of two messages producing the same message digest by producing the same hash function.
• is based on statistical probability (greater than 50%)

Question 215

What term describes the expenditure required, in terms of time, effort and resources - to break a cryptosystem?

Answer 215

Work Factor

Question 216

What is Moore’s Law?

Answer 216

based on an observation that processing power doubles every 18 months.

Question 217

What is a Ciphertext Only Attack? (COA)

Answer 217

• Requires someone to obtain the ciphertext of several messages, all encrypted by using the same encryption algorithm. Attempt is then made to decrypt the data by searching for repeating patterns and using statistical analysis.
• requires a large sample of ciphertext and is generally difficult

Question 218

What is a Chosen Text Attack? (CTA)

Answer 218

Someone obtains a sample of plaintext and the corresponding ciphertext.

Question 219

4 types of Chosen text Attacks exist. What are they?

Answer 219

• Chosen Plaintext Attack (CPA): chooses plaintext to be encrypted and the corresponding ciphertext is obtained.
• Adaptive Chosen Plaintext Attack (ACPA): choose plaintext to be encrypted, then based on the resulting ciphertext, chooses another example to be encrypted
• Chosen Ciphertext Attack (CCA): chooses ciphertext t be decrypted and the corresponding plaintext is obtained
• Adaptive Chosen Ciphertext Attack (ACCA): choose ciphertext to be decrypted then based on the ciphertext, chooses another sample to be decrypted.

Question 220

What is a known plaintext attack? (KPA)

Answer 220

Attacker obtains the ciphertext and corresponding plaintext of several past messages, which he or she uses to decipher new messages

Question 221

What is a man in the middle attack?

Answer 221

involves an attacker intercepting messages between two parties on a network and potentially modifying the original.

Question 222

What is a meet in the middle attack?

Answer 222

• attacker encrypts known plaintext with each possible key on one end, decrypting the corresponding ciphertext with each possible key, and then comparing the results in the middle.
• commonly considered a brute force attack but can be considered an analytical attack due to the differential analysis involved

Question 223

What is a replay attack?

Answer 223

occurs when a session key is intercepted and used against a later encrypted session between two parties

Question 224

How can a replay attack be countered?

Answer 224

incorporating a timestamp in the session key

Question 225

What are the characteristics of quantum cryptography (QKD)?

Answer 225

• using physics instead of maths
• more concerned with secure key distribution
• has two unique channels, one for transmission of quantum key material via single photon light pulses and another carries the message traffic inlcuding cryptographic protocols and encrypted user traffic.
• laws of quantum physics define that once a photon has been observed, it’s state is changed meaning eavesdropping can easily be identified.
• still theoretical

Question 226

Cryptographic system lifecycle phases are generally described using which 3 terms?

Answer 226

Strong, Weakened, Compromised

Question 227

NIST covers encryption lifecycle in which publication?

Answer 227

800-131A

Question 228

What are the 4 terms that NIST 800-131A uses to describe algorithms and key lengths?

Answer 228

Acceptable: safe to use, no security risk known
Deprecated: allowed, but user must accept some risk
Restricted: additional restrictions required
Legacy-Use: may only be used to process already protected information.

Question 229

Note regarding diffusion:

Answer 229

Similar to transposition and permutation

Question 230

What is the avalanche effect in relation to cryptography?

Answer 230

a minor change in the key or plaintext can have a significant change in the resulting ciphertext.

Question 231

What is a Null Cipher?

Answer 231

• used in cases where the use of encryption is not necessary, but yet the fact that no encryption is needed must be configured in order for the system to work.
• used during testing/debugging or when low security is required.

Question 232

What is a concealment cipher?

Answer 232

include plaintext without ciphertext

Question 233

What is a playfair cipher?

Answer 233

• used during second world war
• sender and receiver agree on keyword
• table constructed were the word is hidden

Question 234

What is the “Rail Fence” transposition cipher?

Answer 234

message is written and read in two or more lines. simple version.

Question 235

What is a “Rectangular” Substitution table?

Answer 235

Keyword re-arrange within a rectangle

Question 236

What is a running key cipher?

Answer 236

the key is repeated for the same length as the plaintext input

Question 237

What is a Shift Row Transformation?

Answer 237

provides blockwide transposition of the input data by shifting rows of data.

Question 238

What is the MixColumn Transformation?

Answer 238

performed by multiplying and XORing each byte in a column together

Question 239

What is CAST 128?

Answer 239

• can use keys between 40 and 128 bit length and will do between 12 and 16 rounds of operation.
• is a feistal type block cipher with 64-bit blocks

Question 240

Is CAST a symmetric or asymmetric algorithm?

Answer 240

symmetric

Question 241

What is CAST-256?

Answer 241

• submitted as an unsuccessful candidate for the new AES algorithm.
• operates on 128 bit blocks with keys of 128, 192, 160, 224, 256 bits.
• performs 48 rounds

Question 242

What is Secure and Fast Encryption Routine (SAFER)?

Answer 242

• patent free
• work on either 64bit or 128bit input blocks
• used in Bluetooth

Question 243

What are the characteristics of the HAVAL encryption algorithm?

Answer 243

• combines variable length output with a variable number of rounds of operation on 1024 input blocks.
• output may be 128, 160, 192, 224 or 256 bits and number of rounds may vary from 3 to 5.

Question 244

What are the characteristics of the RIPEMD-160 encryption algorithm?

Answer 244

-developed in response to vulnerabilities found in MD4 and MD5

Question 245

What is the preferred key management system used in e-commerce and securing web transactions?

Answer 245

XML Key Management Specification 2.0 (XKMS)

Question 246

What are the two parts of the XML Key management Specification 2.0?

Answer 246

• XML Key Information Service Specification (X-KISS): describes a syntax that allows a client to delegate part or all of the tasks required to process an XML signature
• XML Key Registration Service Specification (X-KRSS): describes a protocol for registration of public key information

Question 247

XKMS service shields the client app from the complexities of the underlying PKI such as:

Answer 247

• handling of complex syntax, e.g. X.509v3
• retrieval of information from directory
• Revocation status verification
• Construction and processing of trust chains.

Question 248

What is X.509?

Answer 248

A digital certificate

Question 249

What is the ANSI X9.17 standard used for?

Answer 249

addresses the needs of financial organisations to transmit securities and funds securely using an electronic medium. describes the means ensure the secrecy of keys. relies on hierarchy of keys

Question 250

What is Dual Control in a key management system?

Answer 250

Requires two or more persons to come together and collude to complete a process.

Question 251

What is Split Knowledge in a key management system?

Answer 251

What two people must bring and join together when implementing dual control.

Question 252

What is ISO 18031?

Answer 252

An international standard for random number generation in key management systems.

Question 253

What is Differential Cryptanalysis?

Answer 253

• a side channel attack

Question 254

What is Linear Cryptanalysis?

Answer 254

• plain-text attack

Question 255

What is an algebraic attack?

Answer 255

rely on their success of block ciphers a high degree of mathematical structure.

Question 256

What is a Frequency Analysis attack?

Answer 256

useful when attacking a substitution cipher where the statistics of the plain-text language are known, ie allowing an attacker to assume an E might be an S

Question 257

What are 3 common types of implementation attacks? (all relate to the cryptographic system, not the algorithm.

Answer 257

• Side channel analysis
• Fault Analysis
• Probing Attacks

Question 258

What is X500?

Answer 258

A directory service