Domain 3 - Cryptographic concepts | Crypto Attacks | PKI Infrastructure

Question 1

Symmetric Encryption - Strengths

Answer 1

Speed, and strength per bit of key

Question 2

Symmetric Encryption - Weakness

Answer 2

Key must be shared securely

Question 3

Symmetric Encryption - Stream Cipher

Answer 3

Each bit is independently encrypted

Question 4

Symmetric Encryption - Block cipher

Answer 4

Blocks of data are encrypted

Question 5

Initialization Vector

Answer 5

Symmetric EncryptionEncryption step. Used on Symmetric ciphers to ensure that the first block of data is random

Question 6

DES Encryption type

Answer 6

Symmetric

Question 7

DES

Answer 7

Data Encryption Standard

Question 8

DES Encryption dates

Answer 8

1976 US Fed standard

Question 9

DES Encryption, who designed

Answer 9

IBM, based on older lucifer symmetric cipher

Question 10

DES Encryption, block size

Answer 10

64 bit

Question 11

DES Encryption, key size

Answer 11

56 bit

Question 12

DES Modes

Answer 12

5 modes

Question 13

Double DES

Answer 13

The DES encryption algorithm with two rounds, with two keys. Rendered unusable due to being susceptible to meet in the middle attacks.

Question 14

Triple DES

Answer 14

Expands the size of the key by running the algorithm in succession with three different keys. It makes 48 passes through the algorithm, and the resulting key is 168 bits.

Question 15

IDEA Encryption/Cipher Type

Answer 15

International Data Encryption Algorithm.Symmetric Block Cipher

Question 16

IDEA - good or bad?

Answer 16

Held up to cryptanalysis

Question 17

IDEA - drawback

Answer 17

Patent encumbrance (no longer an issue, not sure if tested as an issue or not) and slow speed

Question 18

AES Acroynym and encryption type

Answer 18

Advanced Encryption Standard - Symmetric

Question 19

AES Block and Key Size

Answer 19

128 bit block

Key - 128 bit to 256 bit.

128 with 10 rounds of encryption192 bit with 12 rounds of encryption 256 bit with 14 rounds of encryption

Question 20

Blowfish cipher type

Answer 20

symmetric

Question 21

RC5 and RC6 designed by

Answer 21

RSA Labs

Question 22

Asymmetric Encryption Pros

Answer 22

Solves issues around preshared keys

Question 23

Asymmetric key how many

Answer 23

two. Public/private key pair

Question 24

hashing/one-way functions

Answer 24

easy to compute one way. VERY difficult to reverse

Question 25

Asymmetric, factoring prime numbers. factorization.

Answer 25

Relies on strength of composite number. Example: 6269 x 7883 = 49418527.To crack, you must factor 49418527 to find which two prime numbers are factors.

Question 26

Discrete logarithm

Answer 26

Basis of the Diffie-hellman and El Gamal asymmetric algs

Uses in Asymmetric algorithms. Way to ensure encryption.

More advanced than factorization and considered more secure.

Question 27

Diffie-Hellman Key agreement protocol, and encryption type.

Answer 27

Asymmetric encryption algorithm.

Allows two parties to securely agree on a symmetric key via a public channel

Type of key exchange that is secure. If an attacker sniffs the whole conversation, they still can’t obtain the key.

Question 28

Elliptic Curve Cryptography

Answer 28

Type of encryption. Uses discrete logarithms. Asymmetric encryption.

Stronger than factorization based encryption methods. Uses less computational power, and smaller key for equal strength.

Question 29

Asymmetric and Symmetric tradeoffs

Answer 29

Asymmetric - slower, weaker on equal sized keys. Pro no need for preshared key

Both types are often used together Symmetric - faster, weak due to pre-shared keys.

Question 30

Hash Functions

Answer 30

Encryption using algorithm, does not have a key. One Way. Impossible to reverse. Variable length plaintext is hashed into a fixed length hash

Question 31

Collisions

Answer 31

This is what happens if two separate, and non-identical inputs to a hash algorithm result in identical hashes.

Question 32

MD5 Acronym and type

Answer 32

Message Digest 5, hashing algorithm.

Question 33

SHA-1 Acronym and type

Answer 33

Secure Hash Algorithm, hash

Question 34

SHA2-224/SHA3-224SHA2-256/SHA3-256SHA2-384/SHA3-384SHA2-512/SHA3-512 lengths

Answer 34

Length of hash value is in the name.

Question 35

HAVAL acronym and type

Answer 35

Hash of variable length. Hash

Question 36

Brute force

Answer 36

attempts every possible valid combination for a key or password.

Question 37

Known Plaintext

Answer 37

In the known plaintext attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy).

If I know an input and output. I can potentially guess a key.

Question 38

Chosen Plaintext and adaptive chosen plaintext

Answer 38

In this attack, the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key.

analyst chooses plaintext to be encrypted.Analyst then changes further rounds of encryption based on previous round

Question 39

Chosen Ciphertext

Answer 39

In a chosen ciphertext attack, the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.

Question 40

meet in the middle attack

Answer 40

Used to attack algorithms that use only two rounds of encryption.

the attacker uses a known plaintext message. They then encrypt using all possible keys, and decrypt using all possible keys. In this way they can find all possible key pairs, AND all possible cipher texts for the plaintext.

Only takes twice as long as breaking a single round of encryption.

Question 41

Known Key

Answer 41

Analyst knows something about the key, and can use that to reduce efforts used to attack it.

Question 42

Side Channel Attacks

Answer 42

Use physical data to break cryptosystem. Monitoring CPU cycles or power consumption used while encrypting/decrypting.

Question 43

Birthday Attack

Answer 43

Create hash collisions and break the key

Question 44

Key clustering

Answer 44

When two different symmetric keys run on same plaintext and algorithm produce same ciphertext.

Analogous to collisions in hashing, but in relation to symmetric encryption.

Question 45

Digital signatures

Answer 45

Method of authentication and non-repudiation.

Process:

1. Sender hashes their message, and appends hash to email
2. Sender then encrypts entire email using their private key.
3. Receiver decrypts message using public key (they now know the sender is authentic - only the sender could have encrypted).
4. Receiver then hashes the message on their own - if the hash is the same as appended to the email they know that integrity has been preserved.

Question 46

HMAC Acronym and length

Answer 46

Hash Message Authentication Code - Variable length hash value

Used to implement a partial digitial signature. Combines hashing and symmetric encryption (full digital signature uses asymmetric).

Question 47

PKI Public Key Infrastructure Process of key exchange.

Answer 47

leverages all three forms of encryption. Symmetric, asymmetric, and hashing.

1. Certificate requestor opens an asymmetric channel w/server to verify identity, and to share symmetric key.
2. server accept asymmetric channel. Agree on an ephemeral key.
3. Server hashes and encrypt the certificate.
4. Recipient decrpypts cert, and checks hash for integrity.
5. Recipient checks certificate against the CA.

Question 48

Cert Authorities

Answer 48

Digitals certs are signed by CAs. They authenticate identity of orgs before issuing a certsMay be private, or public

Question 49

Cert Revocation lists

Answer 49

Lists revoked certs. Maintained by CAs

Question 50

IPSec

Answer 50

Suite of protocols to provide cryptographic IPV4 and v6. Used to build VPNs

Question 51

IPSec primary components of SA’s

Answer 51

Security Associations:

AH - Authentication Header
ESP - Encapsulating Security Payload

Question 52

ISAKMP

Answer 52

Sub component of IKE. Used to organize and manage the encryption keys that have been generated and exchanged by OAKLYEY AND SKEME. Manages SAs.

Question 53

IKE

Answer 53

Mechanism of IPsec that manages cryptography keys. Internet key exchange.

IKE Consists of three elements. OAKLEY, SKEME, AND ISAKMP.

Question 54

AH

Answer 54

Authentication header provides authentication and integrity for each packet of net data. NO CONFIDENTIALITY

Question 55

ESP

Answer 55

provides confidentiality and integrity by encrypting packet data. Does not provide strong authentication.

Question 56

IPSec Security Association (ISAKMP)

Answer 56

Security Associations are managed by ISAKMP.

Each SA is a one way/simplex connection used to negotiate ESP or AH Parameters. Each side of the IPSec session transmits and receives using different keys. So, this results in up to 4 SAs in use for a two way communication. Each side has a SA for outgoing and incoming traffic.

Question 57

SA Identification index

Answer 57

Identifies the SA. 32 bits

Question 58

ESP Tunnel mode

Answer 58

Encrypts everything

Question 59

ESP Transport mode

Answer 59

only encrypts data, not IP headers. May use AH to authenticate the un-encrypted headers.

Question 60

IKE vs ISAKMP

Answer 60

IKE - Encryption algorithm negotiation protocol. Allows both sided to select and agree upon the best encryption that both sides support.ISAKMP - Manages Security Associations.

Question 61

IKE

Answer 61

Another way to manage key exchanges. Both sides will use IKE to negotiate fastest and highest sec level.

Question 62

SSL and TLS

Answer 62

TSL succeeds SSL. Commonly used for HTTPS. Encrypted out of the gate. Uses Asymmetric encryption to exchange a key, for a subsequent symmetrically encrypted data session.

Question 63

PGP

Answer 63

pretty good privacy.

Question 64

PGP year

Answer 64

1991

Question 65

PGP

Answer 65

uses web-of-trust instead of cert authority.

Question 66

S/MIME

Answer 66

Email encryption and authentication

Question 67

Escrowed Encryption

Answer 67

splits private key into two or more parts. Will only release their part of the key on a court order.

Question 68

Clipper Chip

Answer 68

Name of tech used in the Escrowed Encryption Standard. Allows backdoor to govt while encrypting voice.

Question 69

Steganography

Answer 69

Science of hidden communication. Hiding information into other media.

Question 70

Digital watermaks

Answer 70

encode data in a file. Watermark is probably hidden

Question 71

Mantrap

Answer 71

Two doors requireing separate authentication to open

Question 72

Bollard

Answer 72

Post designed to stop a car

Question 73

Smart card

Answer 73

physical access card containing integrated circuit

Question 74

tailgating

Answer 74

following an auth person into building w/o providing creds

Question 75

Perimeter defenses

Answer 75

fence doors, walls, locks

Question 76

Class 1 gate

Answer 76

residential

Question 77

class 2 gate

Answer 77

Commercial, general access

Question 78

Class 3 gate

Answer 78

industrial limited access - loading dock for 18 wheeler

Question 79

Class 4 gate

Answer 79

restricted access. Prison or airport

Question 80

Lights

Answer 80

detective and/or deterrant

Question 81

vigenere cipher

Answer 81

• Vigenère ciphero Polyalphabetico Repeated 26 times to form a matrix

Question 82

Jefferson disks

Answer 82

o Tommy Jo 36 wooden disks

Question 83

Caesar cipher

Answer 83

• Caesar ciphero Monoalphabetico Simple substitutiono Rotated 3 times

Question 84

book cipher and running key cipher

Answer 84

• Book cipher and running key ciphero Use well known texts as the basis for keys

Question 85

Codebooks

Answer 85

assign codeword for important people/locations/terms

Question 86

one time pad

Answer 86

o one time pad uses identical paird pads one page is used to encrypte same page to decrypt pages are then discarded, never reused only one mathematically proven to be secure

Question 87

project VERONA

Answer 87

o Broke KGB encryption in 1940s o KGB used one time padso KGB violated one of the three rules thougho Reused pads.

Question 88

Hebern Machines and PURPLE

Answer 88

o Class of cryptographic deviceso Large manual typewriter looking devices electrified with rotorso Used through WWII

Question 89

ENIGMA

Answer 89

doi

Question 90

SIGABA

Answer 90

o Rotor machine used by US through 1950so More complex and covered weaknesses of the Enigmao Large complex and heavyo Never known to be broken

Question 91

PURPLE

Answer 91

japanese version of enigma

Question 92

COCOM

Answer 92

o Coordinating comeittee for multilateral export controls Designed to control export of critical technologies to iron curtain countries

Question 93

Wassenaar arrangement

Answer 93

o After COCOM endedo Created in 1996o Many iron curtain countries includedo Relaxed restriction on exporting cryptography.

Question 94

DEA

Answer 94

Data Encryption Algorithm described by DES (Data Encryption Standard)

Question 95

PKI standard

Answer 95

X.509

Question 96

CAs and ORAs

Answer 96

Certificate Authority (Issues Certs)Organizational Registration Authority (authenticates client certs)

Question 97

OCSP

Answer 97

Online Certificate Status Protocol - Replacement for CRL (Cert Revocation Lists). Scales beeter than CRL

Question 98

CRL

Answer 98

Certificate Revocation Lists

Question 99

PGP encryption type

Answer 99

Symmetric

Question 100

RC4, RC5, RC6 encryption type

Answer 100

Symmetric

Question 101

Rijndael Encryption type

Answer 101

Symmetric

Question 102

Skipjack Encryption Type

Answer 102

Symmetric

Question 103

CAST-128 Encryption type

Answer 103

Symmetric

Question 104

CAST-256 Encryption type

Answer 104

Symmetric

Question 105

RIPEMD-128
RIPEMD-160
RIPEMD-256
RIPEMD-320
Type and key length

Answer 105

Hashing algorithms. Key length is in the name.

Question 106

RSA Type

Answer 106

Asymmetric. Used for encrypting and signing data.

Question 107

ElGamal type

Answer 107

Asymmetrc. Used for transmitting digital signatures, and key exchanges.

Question 108

IDEA and PGP relationship

Answer 108

PGP (pretty good privacy) uses IDEA (international data encryption algorithm) for symmetric encryption.

Question 109

Work function/work factor

Answer 109

Way to measure the strength of a cryptography system. Measures the effort in terms of time and/or cost of brute forcing a crypto system.

Question 110

one-time pad/Vernam cipher

Answer 110

Uses a different substitution alphabet for each letter of the plaintext message.

Question 111

Implementation Attack

Answer 111

exploits weaknesses in the implementation of a cryptography system. It focuses on exploiting the software code, not just errors and flaws but the methodology employed to program the encryption system

Question 112

Statistical Attack

Answer 112

A statistical attack exploits statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers. Statistical attacks attempt to find a vulnerability in the hardware or operating system hosting the cryptography application.

Question 113

Fault Injection Attack

Answer 113

the attacker attempts to compromise the integrity of a cryptographic device by causing some type of external fault. For example, they might use high-voltage electricity, high or low temperature, or other factors to cause a malfunction that undermines the security of the device.

Question 114

Side-Channel Attack

Answer 114

Computer systems generate characteristic footprints of activity, such as changes in processor utilization, power consumption, or electromagnetic radiation. Side-channel attacks seek to use this information to monitor system activity and retrieve information that is actively being encrypted.

Question 115

Timing Attack

Answer 115

Timing attacks are an example of a side-channel attack where the attacker measures precisely how long cryptographic operations take to complete, gaining information about the cryptographic process that may be used to undermine its security.

Question 116

Man in the middle

Answer 116

a malicious individual sits between two communicating parties and intercepts all communications. They set up two separate encrypted sessions, posing as the legitimate endpoints. Can then see all communications.

Question 117

Birthday Attack

Answer 117

a malicious individual sits between two communicating parties and intercepts all communications

Question 118

Replay attack

Answer 118

The replay attack is used against cryptographic algorithms that don’t incorporate temporal protections. In this attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session