Cryptography & Encryption II

Question 1

A random or pseudo-random value used in cryptographic algorithms to ensure that the same plaintext encrypted multiple times with the same key will result in different ciphertexts. It enhances security by preventing pattern recognition in the encrypted data.

In AES encryption, this is used alongside the encryption key to protect the data from predictable patterns, ensuring the ciphertext is different each time.

Answer 1

Initialization Vector (IV)

Question 2

A mode of encryption that uses an IV (Initialization Vector) and combines each plaintext block with the previous ciphertext block before encrypting it. This makes the ciphertext dependent on all previous blocks, ensuring patterns are not easily discernible.

Each block of plaintext is XORed with the previous ciphertext block before being encrypted, making it more secure against certain attacks.

Answer 2

CBC (Cipher Block Chaining)

Question 3

An encryption mode that combines the features of counter mode (CTR) and authentication, providing both data confidentiality and integrity. It uses an IV and generates a unique “authentication tag” to protect against tampering.

widely used in protocols like TLS (Transport Layer Security) to securely transmit data over the internet, as it ensures both encryption and message authenticity.

Answer 3

GCM (Galois/Counter Mode)

Question 4

A mode of encryption that turns a block cipher into a self-synchronizing stream cipher by using feedback from the previous ciphertext block to encrypt the next block of plaintext.

Answer 4

CFB (Cipher Feedback)

Question 5

A binary operation that outputs true (1) when the two input bits are different, and false (0) when they are the same. It is widely used in cryptography and error detection because it is reversible—applying this binary operation twice with the same key restores the original data.

In encryption, it is used to combine plaintext with a key to produce ciphertext.

Answer 5

XOR (Exclusive OR)

Question 6

An encryption mode that uses a counter (a value that is incremented with each block) in combination with a key to generate a stream of “keystream” blocks, which are then XORed with the plaintext to produce ciphertext. It turns a block cipher into a stream cipher.

Answer 6

CTR (Counter Mode)

Question 7

A mode that combines Counter Mode (CTR) for encryption with CBC-MAC (Cipher Block Chaining Message Authentication Code) for integrity and authentication. It provides both confidentiality and message integrity in a single operation.

Used in secure communication protocols like IPsec to both encrypt the data and verify its integrity.

Answer 7

CTM (Counter with CBC-MAC)

Question 8

A simple encryption mode in which each block of plaintext is encrypted independently using the same encryption key. While easy to implement, this encryption has significant security weaknesses because identical plaintext blocks produce identical ciphertext blocks, potentially exposing patterns in the data.

If a message contains repetitive data (like a string of “AAAA”), the encrypted ciphertext will also have repeating patterns, making it vulnerable to analysis by attackers.

Answer 8

ECB (Electronic Codebook)

Question 9

Refers to the length of the cryptographic key used in encryption algorithms, typically measured in bits. A larger key size generally provides stronger security, as it increases the number of possible key combinations, making brute-force attacks more difficult.

In AES (Advanced Encryption Standard), these can range from 128, 192, or 256 bits are commonly used.

Answer 9

Key Size (or Key Length)

Question 10

An integrated circuit that combines all the components of a computer or electronic system on a single chip, including the CPU, memory, input/output ports, and often a graphics processor (GPU). It is commonly used in mobile devices, embedded systems, and IoT devices.

A smartphone uses this to combine its processor, graphics, and memory into a single chip

Answer 10

SoC (System on a Chip)

Question 11

A modern type of firmware that initializes hardware during the boot process and provides a user interface to configure system settings. It replaces the older BIOS (Basic Input/Output System) and supports larger storage devices, faster boot times, and better security features.

Includes security features like Secure Boot, which prevents the loading of unauthorized operating systems or bootloaders

Answer 11

UEFI (Unified Extensible Firmware Interface)

Question 12

A feature in Microsoft Windows that allows users to encrypt individual files or folders to protect sensitive data on a file system. It uses public key cryptography to ensure that only authorized users can decrypt and access the files.

Used by businesses to secure sensitive information stored on company devices,

Answer 12

EFS (Encrypting File System)

Question 13

A physical device that generates, stores, and manages cryptographic keys. It is used to provide a high level of security for cryptographic operations, including key generation, encryption, and decryption, often used in industries that require secure data handling and compliance.

Secure the private keys used in digital signatures

Answer 13

HSM (Hardware Security Module)

Question 14

A tool in Microsoft Windows that scans and repairs corrupted or missing system files that could cause system instability or performance issues. It uses a specific command to verify the integrity of protected system files and replace incorrect versions.

Answer 14

SFC (System File Checker)

Question 15

A hardware-based security solution embedded into a computer’s motherboard that securely stores cryptographic keys, passwords, and certificates. It is used to protect sensitive information and enhance the security of the system by supporting functions like full disk encryption, secure boot, and hardware-based authentication.

used to store encryption keys for BitLocker, enabling full disk encryption in Windows.

Answer 15

TPM (Trusted Platform Module)

Question 16

Manages keys and certificates for secure communications.
Example: Used to encrypt emails with public and private keys.

Answer 16

PKI (Public Key Infrastructure)

Question 17

Enables remote connections to a network or system.
Example: A VPN that allows employees to securely access the corporate network from home.

Answer 17

RAS (Remote Access Service)

Question 18

Manages authentication and distributes encryption keys in Kerberos.
Example: This issues tickets to users to access services in a Kerberos setup.

Answer 18

KDC (Key Distribution Center)

Question 19

Provides centralized file storage accessible over a network.
Example: A company uses this to store and share files across multiple departments.

Answer 19

NAS (Network Attached Storage)

Question 20

A temporary, single-use password valid for only one login session or transaction, improving security by preventing reuse.

Answer 20

OTP - One-Time Password

Question 21

Used in the Kerberos authentication protocol, it’s granted by the Authentication Server after login and used to request access to services.

Answer 21

TGT - Ticket Granting Ticket

Question 22

Validates user credentials and issues the Ticket Granting Ticket (TGT) to the user in the Kerberos protocol.

Answer 22

AS - Authentication Server

Question 23

Issues service tickets based on the TGT from the Authentication Server, used to access specific network resources.

Answer 23

TGS - Ticket Granting Server

Question 24

A dedicated, isolated environment within a device’s hardware designed to protect sensitive data and operations. It provides encryption and security measures, even if the rest of the system is compromised.

Used in Apple devices to protect biometric data, like fingerprints, during Touch ID authentication.

Answer 24

Secure Enclave

Question 25

A technique used to hide or obscure sensitive data to make it unreadable or less useful to unauthorized users. It is often used to protect data while allowing it to be processed or analyzed.

Example: Replacing a person’s real name with a pseudonym in a dataset to protect their privacy.

Answer 25

Data Obfuscation

Question 26

The practice of concealing information within other non-suspicious data, such as embedding a hidden message within an image or audio file, to avoid detection.

Example: Hiding a secret message inside the pixels of an image file

Answer 26

Steganography

Question 27

The process of replacing sensitive data (like credit card numbers) with non-sensitive tokens that can be used in place of the original data while preventing exposure.

Example: Replacing a customer’s real credit card number with a randomly generated token for processing payments securely.

Answer 27

Tokenization

Question 28

The process of removing or altering personally identifiable information (PII) from data so that individuals cannot be identified, even if the data is exposed.

Example: Removing names and addresses from a dataset of survey responses to protect privacy.

Answer 28

Anonymization

Question 29

The process of replacing identifiable data with pseudonyms, allowing for re-identification through additional information kept separately, often used for data processing and analysis.

Example: Replacing a person’s name with a code that can be mapped back to the original name using a separate database.

Answer 29

Pseudo-anonymization

Question 30

The process of modifying data to make it unrecognizable or obfuscated, typically for testing or development purposes, while preserving its structure and format.

Example: Replacing real employee salaries with random values in a copy of the payroll data for testing purposes.

Answer 30

Data Masking

Question 31

A function that takes an input (or message) and produces a fixed-size string of characters, which is typically a hash value or digest. It is a one-way process, meaning the original input cannot be easily recovered from the hash.

Example: Storing passwords as hashes in a database so that even if the database is compromised, the original passwords are not exposed.

Answer 31

Hash Function

Question 32

A measure of randomness or unpredictability in data, commonly used in cryptography to ensure strong, unpredictable keys. The higher this is, the harder it is for attackers to guess or predict the key.

Answer 32

Entropy

Question 33

A security protocol used in WPA2 to provide data confidentiality, integrity, and authenticity for wireless communications, based on AES encryption in counter mode and CBC-MAC for message authentication.

Answer 33

AES-CCMP (Advanced Encryption Standard - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

Question 34

A method of generating a message authentication code (MAC) using a block cipher in CBC mode, providing data integrity and authenticity by ensuring that the message hasn’t been tampered with.

Answer 34

CBC-MAC (Cipher Block Chaining Message Authentication Code)

Question 35

A security protocol using AES in Galois/Counter Mode (GCM) for encryption and authentication, providing high performance and strong security for wireless communication.

Answer 35

AES-GCMP (Advanced Encryption Standard - Galois/Counter Mode Protocol)