Domain 3 Flashcards
_____, are always meant to hide the true meaning of a message.
Cyphers
Cryptographic systems of symbols that operate on words or phrases and are sometimes secret but don’t always provide confidentiality
Code
is a symmetric key cipher where plaintext digits are combined wit pseudorandom cipher digit stream(keystream). In a _____ _____, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cipher text stream.
Stream Cypher
is a method of encrypting text (to produce ciphe rtext) in which a cryptographic key and algorithm are applied to a block of data(for example, 64 contiguous bits) at once as a group rather than to one bit at a time
Block Cypher
is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth.
Substitution
uses an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.
Transposition
is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. ___ are used to create a unique cipher text every time the same message is encrypted with the same key.
Initialization Vector (IV)
This stream cypher uses a key of length one
Ceasar
This stream cypher uses a longer key (Usually a word or sentence)
Vigenere
This stream cypher uses a key that is as long as the message itself
One-time pad
One Time Pad Success Factors (4)
The key must be generated randomly without any known pattern.
At least as long as the message to be encrypted.
The pads must be protected against physical disclosure
Each pad must be used only one time and then discarded
____________ is a communication concept. A specific type of information is exchanged, but no real data is transferred, as with digital signatures and digital certificates.
Zero-knowledge proof
A concept that enabled one to prove knowledge of a fact to another individual without revealing the fact it itself.
Zero-knowledge proof
Which concept ensures that no single person has sufficient privileges to compromise the security of the environment
Split knowledge
_____ ______ means that the information or privilege required to perform an operation is divided among multiple users.
Split knowledge
is a way to measure the strength of a cryptography system by measuring the effort in terms of cost and/ or time to decrypt messages.
Also know as the time and effort required to break a protective measure
Work function or work factor
Modern cryptosystems utilize keys that are at least ____ bits long to provide adequate security
128
Relies on the use of a shared secret key. Lacks support for scalability, easy key distribution, and nonrepudiation
Symmetric Encryption
Public-private key pairs for communication between parties. Supports scalability, easy key distribution, and nonrepudiation
Asymmetric Encryption
Which DES or 3DES mode is the Simplest & least secure mode. Processes 64-bit blocks, encrypts block with the chosen key. If same block encountered multiple times, same encrypted block is produced, making it easy to break
Electronic Codebook Mode (ECB)
Using this DES or 3DES mode, Each block of unencrypted text is XORed with the block of ciphertext immediately preceding. Decryption process simply decrypts ciphertext and reverses the XOR operation.
Cipher Block Chaining (CBC)
This DES or 3DES mode is the streaming version of CBC. Works on data in real time, using memory buffers of same block size. When buffer is full, data is encrypted and transmitted. Uses chaining, so errors propagate.
Cipher Feedback (CFB)
This DES or 3DES mode operates similar to CFB, but XORs the plain text with a seed value. No chaining function, so errors do not propagate.
Output Feeback (OFB)
This DES or 3DES mode uses an incrementing counter instead of a seed. Errors do not propagate.
Counter (CTR)
A Weakness in cryptography where a plain-text message generates identical ciphertext messages using the same algorithm but using different keys.
Key Clustering
Good hash functions have five requirements:
- They must allow input of any length.
- Provide fixed-length output.
- Make it relatively easy to compute the hash function for any input.
- Provide one-way functionality.
- Must be collision free.
Adding salts to the passwords before hashing them reduces the effectiveness of _____ _____ attacks.
Rainbow tables
Digital Signature standards or DSS work in conjuction with which 3 encryption algorithms ?
Digital Signature ALgorithm (DSA)
Rivest Shamir ALderman (RSA)
Elliptic curve DSA (ECDSA)
Certificate authorities (CAs) generate digital certificates containing the public keys of system users.
Users then distribute certificates to people with whom they want to communicate.
Certificate recipients verify a certificate using the ___ _____ ____.
CA’s public key
Which IPSEC mode encrypts the whole packet?
Tunnel mode
Protocols used by IPSEC
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Which type of cryptographic attack attempts to randomly find the correct cryptographic key. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext.
Brute-force attack
____________ attack exploits protocols that use two rounds of encryption.
Meet in the middle attack
__________ attack fools both parties into communicating with the attacker instead of directly with each other
Man in the middle attack
__________ attack is an attempt to find collisions in hash functions.
Birthday attack
_________ attack is an attempt to reuse authentication requests.
Replay
Which symmetric algorithms have a 128 bit block size
AES, RC5, Two Fish
Which symmetric algorithm is a stream cypher
RC4
Which algorithms have a 64 bit block size?
Blowfish, DES, 3DES, IDEA, RC2, RC5, Skypjack
Key Size(s) of AES
128, 192, 256
Key Size(s) of Blowfish
32-448 key bit
Key Size of DES
56 bit
Key size of 3DES
112 or 168 bit
Key size of IDEA, RC2 and RC4
128 bit
Key size of RC5
0-2040 bit
Key size of Twofish
1-256 bit
Which hash algorithm has a variable hash value length?
HMAC
What is are the possible hash value length of HAVAL hash algorithm?
128, 160, 192, 224, 256
What is the hash value length of MD2, MD4, and MD5
128
SHA-1 Hash value length
160
What are the possible hash value length of SHA-2?
224, 256, 384, 512
is the most famous public key cryptosystem; it was developed by ________ in 1977. It depends on the difficulty of factoring the product of prime numbers.
RSA
is an extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic.
El Gamal
Algorithm depends on the ______ _____ discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length.
Elliptic curve
Digital Signatures Rely on public key cryptography and hashing functions. DS algorithms suitable for use in FIPS 186-4 (the Digital Signature Standard) must use ____ hashing functions
SHA-2
What are the 3 approved digital signature encryption algorithms?
DSA, RSA and Elliptic Curve DSA (ECDSA)
Rank the following algorithms in terms of strength: El Gamal, Diffie-Hellman, ECC and RSA
Diffie Hellman, RSA, El Gamal, ECC
This asymmetric algorithm replaced Diffie Hellman
El Gamal
Security models focused on integrity
Biba
Clark-Wilson (Access control triple)
Goguen- Meseguer (Non interference model)
Sutherland (Preventing interference)
Security models focused on confidentiality
Bell-Lapadula (no read up no write down)
Brewer and Nash (aka chinese wall)
Take Grant
Which security model uses a lattice
Biba Model
Which security model is used by the government?
Bell-Lapadula
Which model is “No read up, no write down”
Bell Lapadula
What property describes “ no read up”?
Simple security property
What property describes “ no write down” ?
Star * security property
What property describes “ no read down”?
Simple integrity property
What property describes “ no write up” ?
star * integrity property
also called the”Chinese Wall model”. It was developed to prevent conflict of interest (COI) problems.(confidentiality-based)
Brewer and Nash Model
another confidentiality-based model that supports four basic operations: take, grant, create, and revoke.
Take Grant Model
This model uses a formal set of protection rules for which each object has an owner and a controller. It is focused on the secure creation and deletion of both subjects and objects. A collection of eight primary protection rules or actions that define the boundaries of certain secure actions.
Graham-Denning
What is Zachman an example of?
Enterprise security model
What is Sabsa an example of?
Enterprise security model
What is TOGAF an example of?
Enterprise security model
What security includes confidentiality and integrity?
Lipner security model
Defines 3 goals of integrity? Access Triple
Clark-Wilson
What is NIST 800-53?
Security and privacy controls us federal agencies
What is COSO primarily focused on?
Financial Controls
What is NIST 800-37?
Risk Management Framework
What is knows as the Orange Book?
TCSEC
Which level of the Common Criteria is
“Formally verified, designed and tested”
EAL7
Which level of the Common Criteria is
“Functionality tested”
EAL1
Which level of the Common Criteria is
“Structurally tested”
EAL2
Which level of the Common Criteria is
“Methodically tested and checked”
EAL3
Which level of the Common Criteria is
“Methodically designed, tested and reviewed”
EAL4
Which level of the Common Criteria is
“Semi formally designed and tested”
EAL5
Which level of the Common Criteria is
“Semi formally verified, designed and tested”
EAL6
Which level of the Common Criteria is
“Formally verified, designed and tested”
EAL7
What design principle is the combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy
TCB (Trusted Computing Base)
