Cryptography Flashcards

1
Q

PAIN

A

PAIN – Privacy, Authenticity, Integrity, Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cryptography

A

Cryptography: Science of protecting information by encoding it into an unreadable form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cryptoanalysis

A

Cryptoanalysis: The science of breaking the secrecy of encryption algorithms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cryptology

A

Cryptology: The study of both cryptography and cryptoanalysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ciphertext

A

Ciphertext: Data that has been encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Plaintext

A

Plaintext: Data in readable format, also referred to as cleartext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Encipher

A

Encipher: Act of transforming data into an unreadable format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Decipher

A

Decipher: Act of transforming data into a readable format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Key

A

Key: Secret sequence of bits and instructions that governs the act of encryption and decryption. Also called a cryptovariable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

cryptovariable

A

Secret sequence of bits and instructions that governs the act of encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Key Clustering

A

Key Clustering: Instance when two different keys generate the same ciphertext from the same plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Key Zeroization

A

Key Zeroization: The process of properly destroying keys at the end of their useful life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Keyspace

A

Keyspace: A large set of possible values used to construct keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Work factor

A

Work factor: Estimated time, effort, and resources necessary to break a cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Nonrepudiation

A

Nonrepudiation: A principle can not deny an action they have done

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Substitution Cipher

A

Substitution Cipher: Replaces bits, characters or character blocks with different values. An early version of this was the Julius Caesar substitution cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Transposition Cipher

A

Transposition Cipher: Rearranges the bits, characters or character blocks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Frequency Analysis

A

Frequency Analysis: Looks for patterns in the ciphertext to try and discover the key. Originally based on the concept that certain letters, words and phrases occur more frequently than others in a language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

XOR

A

Exclusively ORed (XOR): An operation in binary mathematics that is applied to two bits. If the bits are the same (both 1s or both 0s) then a “0” bit is generated and if they are different a “1” bit is generated. This process is commonly used in Stream Ciphers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Block Ciphers

A

Block Ciphers: Operates on fixed blocks (e.g. 64 bits) of plaintext to produce the corresponding ciphertext. The Key determines what S-boxes (math functions) are used for encryption. Typically implemented in software solutions. Generally stronger that Stream Ciphers. E.g. AES, 3DES, RC5, RC6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Stream Ciphers

A

Stream Ciphers: Operates in real-time on a continuous stream of data, typically bit-by-bit.
Stream ciphers are faster than block ciphers but not as strong. Typically implemented in hardware solutions. E.g. RC4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Clipper Chip

A

Clipper Chip: An NSA designed chip that was to be placed in all US made communication devices to support public encryption. The government maintained keys that would allow it to decrypt any messages encrypted with this device. The Clipper Chip was never deployed, due to public push back.
• Used the classified SkipJack algorithm, which had an 80 bit key
• Used Key Escrow to split the government’s key into two pieces that were managed by two different organizations. Law enforcement could obtain both pieces if required. The concept of Key Escrow is often used by businesses to maintain keys for recovery purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Symmetric Key Cryptography

A

Symmetric Key Cryptography: Both parties will be using the same key for encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Symmetric Algorithms

A

Symmetric Algorithms Include:
• Advanced Encryption Standard – AES (Use Rijndael algorithm), most popular
• Data Encryption Standard – DES, 3DES
• International Data Encryption Algorithm – IDEA
• Blowfish
• RC4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Symmetric Key Pros/Cons

A

Strengths:
• Faster than Asymmetric Algorithms.
• Stronger encryption than Asymmetric Algorithms, for the same sized keys
Weaknesses:
• Scalability/key management. The number of keys required is (n x (n-1))/2 where n is the number of users. For example if you had 10 users it would requires (10 x (10-1))/2 or 45 keys.
• Key distribution
• Can not provide Authentication, Integrity or Nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Asymmetric Key Cryptography

A

Asymmetric Key Cryptography: Uses two different keys that are mathematically related. One key is used to encrypt and the other to decrypt information. These two keys are usually referred to as Private (secret key) and Public (shared key)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Asymmetric Key Pros/Cons

A

Weaknesses:
• Requires longer key lengths
• Much slower than Symmetric systems
Strengths:
• Better key distribution
• Better scalability. Number of keys required is equal to (2 x n), where “n” is the number of users.
• Can provide confidentiality, authentication, integrity and Nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Asymmetric Key Algorithms

A
  • RSA (most popular)
  • Diffie-Hellman
  • El Gamal
  • Elliptical Curve Cryptosystem (ECC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Hybrid Key Cryptography

A

Hybrid Key Cryptography: Combines the strengths of both asymmetric and symmetric systems. It uses Symmetric keys to encrypt the bulk of the data and uses Asymmetric keys to distribute the symmetric keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

DES

A

Data Encryption Standard – DES:
o Key type = Symmetric, Block (with Stream)
o Key length = 56 bit
o Process = 16 rounds of transposition and substitution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

5 Modes of DES

A

o Electronic Code Book - ECB: The WEAKEST. This is the native mode for DES. The exact same key is applied to each block. The is a weakness because two identical Plaintext blocks will encrypt into two identical Ciphertext blocks. Usually used for encrypting small amounts of data, like keys.
o Cipher Block Chaining - CBC: The first Plaintext block is XORed with a randomly generated block of bits called an “Initialization Vector” to produce Ciphertext. This Ciphertext is then XORed with the second Plaintext block and so on.
o Cipher Feedback - CFB: operates like a stream cipher; works on individual bits to encrypt individual characters. Feedback is using previous cyphertext.
o Output feedback - OFB: Like CFB but feedback is using previous plaintext.
o Counter- CTR: like CFB/OFB but uses a counter as feedback.

32
Q

3DES

A

o Key type = Symmetric, Block (with Stream)
o Key length = 3 * 56 bit = 168 bits
o Process = 48 rounds of transposition and substitution

33
Q

AES

A

Advanced Encryption Standard ( AES ) – Rijndael:
o Key type = Symmetric, Block
o Key length = variable 128, 192 or 256 bits
o Process = variable 10 - 14 rounds of transposition and substitution

Selected by the National Institute of Standards and Technology (NIST) as the new standard to replace DES.

34
Q

IDEA

A

IDEA:
o Key type = Symmetric, Block
o Key length = variable 128 bits
o Process = 8 rounds of transposition and substitution

A patented algorithm used in the Pretty Good Protection (PGP) email encryption system

35
Q

RC5

A

RC5:
o Key type = Symmetric, Block
o Key length = variable up to 2,048 bits
o Process = 8 rounds of transposition and substitution
Developed and patented by RSA Data Security

36
Q

Diffie-Hellman

A

Diffie-Hellman:
o Key type = Asymmetric
o Key length = 768 or 1024 bits
This was the first public key algorithm and was design to facilitate symmetric key exchange. Uses a process call “Key Agreement Procedure”.
**Vulnerability – Subject to Man-in-the-middle attacks

37
Q

ElGamal

A

El Gammal is based on Diffie-Hellman, but extends its capabilities with digital signatures:
o Key type = Asymmetric
o Key length = 768 or 1024 bits

38
Q

RSA

A

RSA:
o Key type = Asymmetric
o Key length = 768 or 1024 bits
Designed to facilitate symmetric key exchange. The letters RSA come from the first initials of the three inventors. It is based on the difficulty of factoring a number that is the product of two large prime numbers. Used for symmetric key exchange, encryption and digital signatures.

39
Q

Elliptic Curve

A

Elliptic Curve:
Uses properties of elliptical curves for encrypting data. This method is much more efficient than other asymmetric algorithms and can use much smaller keys. Because it is fast and has low overhead it is often used to support wireless devices encryption

40
Q

Message Digest

A

The results of a hashing algorithms taking the entire contents of the original message and condensing it into a fixed length variable that acts like a finger print of the original message

41
Q

Hashing Collisions

A

When two different messages result in the same Message Digest.

42
Q

MAC

A

Message Authentication Code (MAC): Provides message authenticity by combining the original text with a symmetric key and then hashing the result. Does not provide non-repudiation like digital signatures.

43
Q

MD5

A

MD5: Hashing produces a 128 bit digest. Performs 4 rounds of calculations on 512 bit blocks

44
Q

SHA-1

A

Secure Hash Algorithm (SHA-1): Produces 160 bit digest. Processes text in 512 bit blocks

45
Q

SHA-2

A

SHA 256, Digest sizes: 224, 256, 384, or 512 bits

46
Q

CA

A

Certificate Authority – do the following:
o Digitally sign certificates
o Deliver certificates
o Maintain certificates and the Certificate Revocation Lists

47
Q

RA

A

Registration Authority – RA: Assists the CA and takes some of the workload.
o Receives the certification request
o Verify an individual’s identity for the CA prior to forwarding the request.

48
Q

CRL

A

CRL (Certificate Revocation List): CA publishes CRL. Client is responsible for downloading to see if a certificate has been revoked

49
Q

OCSP

A

OCSP (Online Certificate Status Protocol) Streamlines the process of verifying whether or not a certificate has been revoked

50
Q

Seven Key Management Functions

A

There are Seven Key Management Functions:

  1. Generation
  2. Distribution
  3. Installation
  4. Storage
  5. Change
  6. Control
  7. Disposal
51
Q

PEM

A

Privacy-Enhanced Mail (PEM):
Provided authentication, message integrity, encryption and key management.
Used DES, MD5 for hashing, & PKI infrastructure.

Not widely adopted due to PKI requirements and abandoned for PGP and S/MIME

Legacy is X.509 certs

52
Q

PGP

A

Pretty Good Privacy (PGP):
PGP is an email encryption application that was originally distributed as freeware. It has the following features.
• Uses a “Web of Trust” model instead of a central certification authority.
• Uses asymmetric RSA algorithm for key distribution and digital signatures.
• Uses the symmetric IDEA algorithm to and “Session Keys” for message encryption.

53
Q

SET

A

Secure Electronic Transaction (SET): A specification developed by MasterCard and Visa to support secure e-commerce. Uses a combination of DES, RSA and x.509 certificates.

54
Q

SSL

A

Secure Socket Layer (SSL): A protocol developed by Netscape to provide session based encryption and authentication to secure communications between clients and servers on the internet. Both the server and browser must be SSL enabled. SSL is used by HTTPS to encrypt all communications during a session

55
Q

S-HTTP

A

Secure Hypertext Transfer Protocol (S-HTTP): A protocol developed to support secure communication with a web server. It is unique in that it encrypts individual messages instead of the entire session.

56
Q

IPSec

A

Internet Protocol Security (IPSec): Is a method of setting up a secure channel for protected data exchange between two devices. It is usually used to establish a VPN.

57
Q

IPSec’s two protocols

A

IPSec has two basic security protocols:
• Authentication Header (AH): Is an authenticating protocol.
• Encapsulating Security Payload (ESP): Is an authenticating and encrypting protocol.

58
Q

IPSec’s two modes

A
  • Transport Mode: only the payload (message) is encrypted

* Tunnel Mode: The payload, routing and header information are all encrypted; used commonly security gateways

59
Q

SA

A

Security Association (SA): Is a one way connection between two parties (e.g. IPSec). A minimum of two SAs are required for a two way communication. An SA describes how services are to be deployed to secure communication between the two nodes. ISAKMP manages the SA creation.

60
Q

SPI

A

Security Parameter Index (SPI): Used in IPSec to keep track of the different SAs terminating at the same destination.

61
Q

IKE

A

Internet Key Exchange (IKE):
• Creates the tunnel between the two nodes.
• Negotiates an SA for the IPSec services

62
Q

WDE

A

Whole Disk Encryption (WDE): Protect Hard Drive in the event the disk is stolen. Uses encryption within the operating system, ex: EFS, TPM

63
Q

EFS

A

EFS (Encrypted File System): Windows environment; encrypts personal files and folders one-by-one and doesn’t encrypt the entire contents of a drive; encrypts files based on the user account associated with it. does not require or use any special hardware.

64
Q

TPM

A

TPM (Trusted Platform Module)- Bitlocker; encrypts all personal and system files on the operating system drive, fixed data drives, and removable data drives; TPM microchip that supports advanced security features to encrypt the operating system drive

65
Q

Caesar Cipher

A

Caesar Cipher- Simple Substitution e.g. shift characters 3 spaces (A=D, B=E, C=F, etc). Substitution Ciphers are subject to pattern analysis

66
Q

Scytale

A

Scytale- Spartans used this cipher to communicate messages to generals in the field. Wrapped tape around a rod; the diameter of the rod is the pre-agreed upon secret (key)

67
Q

Vignere

A

Vignere- First polyalphabetic cipher. Key word is agreed upon ahead of time and each letter of the key is matched up against each letter of the message on a vignere table.

68
Q

Enigma (Purple) Machine

A

Enigma Machine/Purple Machine- Used by the Germans/Japanese in WWII. Breaking the cryptography of these devices is credited with reducing the length of the war.

69
Q

Vernam Cipher

A

Vernam Cipher- uses One Time Pad and is the only mathematically unbreakable form of cryptography.
• Key must be used only once;
• Pad must be at least as long as the message;
• Key pad is statistically unpredictable;
• Key Pad must be delivered and stored securely

70
Q

S/MIME

A

Secure/Multipurpose Internet Mail Extensions leverages PKI to encrypt and authenticate MIME-encoded email.

71
Q

Diffusion

A

the order of the plaintext is diffused or dispersed in the cyphertext

72
Q

Confusion

A

relationship between plaintext and ciphertext is as random as possible

73
Q

Permutation

A

Aka transposition provides diffusion by rearranging the characters of the text (e.g. anagram- ATTACKATDAWN => CAAKDTANTATW)

74
Q

Wassenaar Arrangement

A

1996 munitions (including cryptography) law that followed COCOM (Committee for Multilateral Export Controls)

75
Q

Differential cryptanalysis

A

Differential cryptanalysis seeks to find the difference between related plaintexts that
are encrypted. The plaintexts may differ by a few bits. It is usually launched as an
adaptive chosen plaintext attack; the attacker chooses the plaintext to be encrypted (but does not know the key) and then encrypts related plaintexts.

76
Q

Linear cryptanalysis

A

Linear cryptanalysis is a known plaintext attack where the cryptanalyst finds ‘large
amounts’ of plaintext/ciphertext pairs created with the same key. The pairs are studied to derive information about the key used to create them.