Domain 3

Question 1

Algorithm

Answer 1

A mathematical function that is used in the encryption and decryption processes. It may be quite simple or extremely complex. Also defined as the set of instructions by which encryption and decryption is done.

Question 2

Asymmetric Encryption

Answer 2

Process that uses different keys for encryption than it does for decryption, and in which the decryption key is computationally infeasible to determine given the encryption key itself, from plaintext and corresponding ciphertext, or from knowledge of the key generation or encryption algorithm.

Question 3

Block Mode Encryption

Answer 3

Using fixed-length sequences of input plaintext symbols as the unit of encryption.

Question 4

Ciphertext

Answer 4

The altered form of a plaintext message so as to be unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.

Question 5

Collision

Answer 5

This occurs when a hash function generates the same output for different inputs. In other words, two different messages produce the same message digest.

Question 6

Crime Prevention Through Environmental Design (CPTED)

Answer 6

An architectural approach to the design of buildings and spaces, which emphasizes passive features to reduce the likelihood of criminal activity.

Question 7

Cryptanalysis

Answer 7

The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.

Question 8

Cryptographic Hash, Cryptographic Hash Function

Answer 8

A process or function that transforms an input plaintext into a unique value called a hash (or hash value). These do not use cryptographic algorithms; the term “cryptographic” refers to the assertion that strong hash algorithms are one-way functions, that is, it is computationally infeasible to example of the use of a cryptographic hash. determine the input plaintext from the hash value and knowledge of the algorithm alone. Message digests are an example of the use of a cryptographic hash.

Question 9

Cryptography

Answer 9

The study or applications of methods to secure or protect the meaning and content of messages, files or other information, usually by disguise, obscuration or other transformations of that content and meaning .

Question 10

Cryptosystem

Answer 10

The complete set of hardware, software, communications elements and procedures that allows parties to communicate, store information or use information that is protected by cryptographic means. The system includes the algorithm, key and key management functions, together with other services that can be provided through cryptography.

Question 11

Cryptovariable(s)

Answer 11

One or more parameters that are inherent to a particular cryptographic algorithm and its implementation in a cryptosystem. Block size, key length and number of iterations (or rounds) are examples of cryptovariables.

Question 12

Decoding

Answer 12

The reverse process from encoding, converting the encoded message back into its plaintext format.

Question 13

Decryption

Answer 13

The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with “deciphering.”

Question 14

Encoding

Answer 14

The action of changing a message or other set of information into another format through the use of a code. Unlike encryption, which obscures or hides the meaning, encoded information can still be read by anyone with knowledge of the encoding process.

Question 15

Encryption

Answer 15

The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.

Question 16

Encryption System

Answer 16

The total set of algorithms, processes, hardware, software and procedures that taken together provide an encryption and decryption capability.

Question 17

Frequency Analysis

Answer 17

A form of cryptanalysis that uses the frequency of occurrence of letters, words or symbols in the plaintext alphabet as a way of reducing the search space.

Question 18

Hybrid Encryption System

Answer 18

A system that uses both symmetric and asymmetric encryption processes.

Question 19

In Band

Answer 19

Refers to transmitting or sharing control information, such as encryption keys and cryptovariables, over the same communications path, channel or system controlled or protected by that information.

Question 20

Key

Answer 20

The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message.

Question 21

Key Escrow

Answer 21

A process by which keys (asymmetric or symmetric) are placed in a trusted storage agent’s custody, for later retrieval. The trustworthiness of the encryption system(s) being used is thus completely placed in the escrow agent’s control.

Question 22

Key Generation

Answer 22

The process of creating a new encryption (or decryption) key.

Question 23

Key Management

Answer 23

All processes used to create, store, distribute and provide expiration and revocation of encryption and decryption keys, for all users of a particular encryption system.

Question 24

Key Pair (Asymmetric Encryption)

Answer 24

A matching set of one public and one private key, generally associated with only one person, organization or identity.

Question 25

Key Recovery

Answer 25

A process of reconstructing an encryption key from the ciphertext alone, such as when the original key has been corrupted, lost or forgotten. Requires a known way of reverse-engineering the algorithm (i.e., a successful means of conducting a ciphertext-based attack). By definition, a workable key recovery process for an algorithm means that the algorithm is not secure.

Question 26

Key Space

Answer 26

Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.

Question 27

Message Digest

Answer 27

A small representation of a message, file or other data, usually generated by a cryptographic hash. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

Question 28

Modulo, Modular Arithmetic, Modulus

Answer 28

A system of arithmetic in which a number can range from 0 up to a certain value called the modulus; this is done by integer division of the number by the modulus, with the remainder being the result used in subsequent operations. For example, 15 modulo 4 is 3. Programming and logic languages will represent this as an operator (15 modulo 4, for example) or as a function: f(x) = mod(15,4).

Question 29

Non-repudiation

Answer 29

The inability to deny. In cryptography, it is a security service by which evidence is maintained so that the sender and the recipient of data cannot deny having participated in the communication. There are two kinds of non-repudiation: “non- repudiation of origin” means the sender cannot deny having sent a particular message, and “non-repudiation of delivery” is when the receiver cannot say that they have received a different message than the one that they actually did receive.

Question 30

One-time Pad

Answer 30

A series of randomly generated symmetric encryption keys, each one to be used only once by sender and recipient.

Question 31

Out-of-Band

Answer 31

Refers to transmitting or sharing control information, such as encryption keys and crypto variables, by means of a separate and distinct communications path, channel or system from which the control information is used to operate and keep secure.

Question 32

Plaintext

Answer 32

The message or data in its natural format and in readable form. Plaintext is human readable and is extremely vulnerable from a confidentiality perspective. Plaintext is the message or data that has not been turned into a secret. Plaintext should not be confused with cleartext, which is data or to send the packets to or what to do with them upon receipt. a message in its natural format, but which its originator has no intention or need to protect via encryption. For example, SSH and TLS protect the contents of a packet by replacing their plaintext forms with ciphertext while leaving the packet headers, preambles and postambles in their unencrypted cleartext forms; if these fields were encrypted, the transport and network protocols wouldn’t know where to send the packets to or what to do with them upon receipt.

Question 33

Private Key

Answer 33

One part of a matching key pair generated via asymmetric encryption processes, which is kept secret by its possessor. Secrecy and integrity of an asymmetric encryption process are entirely dependent upon protecting the value of the private key.

Question 34

Public Key

Answer 34

One part of a matching key pair generated via asymmetric encryption processes, which can then be shared or published. Secrecy and integrity of a public-key encryption process does not depend upon protecting the value of a public key.

Question 35

Random and Pseudorandom Number Generators

Answer 35

System elements that are used to provide a value chosen over a key space, such that on successive uses of the function the values returned will have as close to a near-perfect random distribution over that key space as possible. Truly random number generators do not exist in software; they Pseudorandom number generators, quite common in software systems, generally demonstrate clumpiness or other exploitable weaknesses in their distribution of returned (generated) values. Need hardware to observe physical activities such as thermal noise to work properly. Pseudorandom number generators, quite common in software systems, generally demonstrate clumpiness or other exploitable weaknesses in their distribution of returned (generated) values.

Question 36

Session Key

Answer 36

A symmetric encryption key generated for one-time use, such as during a specific internet connection session. Usually requires a key encapsulation approach to eliminate key management issues.

Question 37

Stream Mode Encryption System

Answer 37

A system using a process that treats the input plaintext as a continuous flow of symbols and encrypts one symbol at a time. Most stream mode (or streaming) systems also use a streaming key, which uses part of the key as a one-time key for each symbol’s encryption.

Question 38

Substitution Cipher

Answer 38

An encryption or decryption process using substitution.

Question 39

Symmetric Encryption

Answer 39

A process which uses the same key, or a simple transformation of it, for both encryption and decryption.

Question 40

Transposition Cipher

Answer 40

An encryption or decryption process using transposition.

Question 41

Very Early Smoke Detection Apparatus (VESDA)

Answer 41

A brand name for an air sampling sensor device that continually breathes in a small amount of the air surrounding it, which can be placed anywhere in a room or its HVAC ducts and plenum spaces.

Question 42

Work Factor

Answer 42

The amount of effort necessary to break a cryptographic system, usually measured in total elapsed time.