Domain 3: Security Architecture and Engineering - Cryptography Flashcards

1
Q

Caesar Cipher

A

Simple substitution
Shift Characters, etc. (Caesar was a 3 character shift)
Subject to pattern analysis to crack the cipher
Current example: Rot-13, move characters 13 spaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Scytale Cipher

A

Spartans used this cipher to communicate messages to general in the field
Wrapped tape around a rod, then wrote on the tape
Diameter of the rod is the pre-agreed upon secret (key)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Symmetric Cryptography

A

Same secret is used on both ends

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vignere Cipher

A

First polyalphabetic cipher
Key word is agreed upon ahead of time
First letter of the key is matched up against first letter of the message and so on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Enigma Machine

A

Used by Germans in WWII; Japanese had Purple machine

Used a rotor configuration to create a cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vernam Cipher

A

AkA One Time Pad
Mathematically unbreakable
pad must be as long as the message
pad must be securely distributed and only used once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Services provided by cryptography

A

PAIN
Privacy: prevents unauthorized disclosure
Authenticity: verifies claimed identity
Integrity: detects modification or corruption
Non-Repudiation: combines authentication and integrity. Sender can’t dispute having sent a message, or contents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cipher Text Algorithm

A

Plain Text + Initialization vector + Algorithm (Cipher) + Key = Cipher Text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Initialization Vector

A

Provides randomness by changing the starting point randomly

Similar to Salt for a password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cryptographic Algorithms

A

For data, it is broken into blocks (S-Blocks) and then complex and strong math to substitute the blocks.
Collection of math functions that should be open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cryptographic Keys

A

Provide instructions on how to use the math
Should be random
Should be protected
Should be long “enough”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Symmetric Process

A

single key is shared by both parties and is used to encrypt and decrypt. aka Secret, private, shared, or session key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Symmetric Pro’s

A

Provides fast data transfer

Good strong privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Symmetric Cons

A

Out of band key distribution
Doesn’t scale well
Doesn’t provide non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Asymmetric Cryptography

A

Every user has a key pair which consists of a public and private key
Anything encrypted with one key can only be decrypted by the other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Symmetric Cipher types

A

Stream - one bit at a time, uses transposition, substitution, XOR. fast and efficient, not as secure, RC-4
Block - Chunks data and each chunk goes through a series of math functions called S-boxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Common Symmetric Algorithms

A
DES
3DES
AES
RC-4 (Stream)
RC-5
Two Fish
Blowfish
IDEA
CAST
MARS
Skipjack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Private key

A

Used to encrypt, can prove authenticity because only the public key pair can decrypt it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Public Key

A

Used to decrypt, shared with other systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Integrity with Cryptography

A

Hashing/Checksums is a fixed length representation of the contents of the file. hashing performed on both ends of file transfer to ensure no changes have been made
One way math, cannot be reversed, once it is it is considered cracked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Hashing Algorithms

A

MD-5 128 bit
SHA-1 160 bit
Sha-2 256, 384, 512, etc
HAVAL, TIGER, RIPEMD are lesser known algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Collision

A

When two different documents produce the same hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Birthday attack

A

Attempt to cause collisions. based on the idea that it is easier to find two hashes that happen to match than to produce a specific hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Non-Repudiation with cryptography

A

Encrypting the hash with private key allows for non repudiation. Hash is created, showing integrity. Encrypted with private key. Decrypted with public key. hash is generated for decrypted file, compared to prove who and what.
Digital signatures are a way to do this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Common Asymmetric Algorithms

A

DSA and RSA
ECC (Elliptical Curve Cryptography) and El Gamal
Diffie Hellman (DH) and Knapsack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

RSA (Rivest, Shamir, Adleman)

A

Standard for Digital Signatures, replacing DSA
Uses Factorization; Uses the idea that there is no efficient way to factor the product of large prime numbers
Trap-door math

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Diffie-Hellman

A

First Asymmetric algorithm
Secure key-algorithm without pre-shared secrets
Based on discrete logarithms in a finite field
Asymmetric to agree on key, then symmetric for communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

ECC (Elliptical Curve Cryptography)

A

Based upon plottings points along a curve
Very efficient but only for applicable key agreement, digital signatures, pseudo-random generators and small tasks
Frequently used for handheld devices due to their limited processing capability

29
Q

Defacto standard for encryption

A

AES

Exception: PGP for email uses IDEA (Internet Data Exchange Algorithm)

30
Q

Number of keys in Symmetric Algorithms

A

N*(N-1)/2

31
Q

Number of keys in Asymmetric Algorithms

A

2N

32
Q

Key sharing for symmetric algorithms

A

out of band

33
Q

Key sharing for asymmetric algorithms

A

public key is shared

34
Q

Hybrid Cryptography

A

Goal is to achieve all of PAIN plus Speed

SSL/TLS a good example. Asymmetric Key exchange with goal of creating a Symmetric Session Key for further communication

35
Q

How SSL/TLS uses Hybrid Cryptography

A

Message to website
Website responds with public key (Asymmetric)
Client Browser creates a symmetric session key and sends it to the server (Hybrid/Asymmetric)
Server uses its private key to decrypt the symmetric key. Now both parties know the symmetric key and use that to communicate (Symmetric)

36
Q

Public Key Infrastructure (PKI)

A

System for web servers to obtain Digital Certificates from trusted Certificate Authorities to generate public/private key pairs to ensure server identity

37
Q

Certificates

A

Provides authenticity of a server’s public key
Necessary to avoid MITM attacks
Digitally signed by Certificate Authority

38
Q

Certificates

A

Provides authenticity of a server’s public key
Necessary to avoid MITM attacks
Digitally signed by Certificate Authority

39
Q

Certificate Authority (CA)

A

entity that stores, signs, and issues digital certificates

40
Q

Registration Authority (RA)

A

responsible for accepting requests for digital certificates and authenticating the entity making the request.

41
Q

Certificate Repository

A

Where certificate is stored on web server

42
Q

Certificate Revocation List (CRL)

A

A list published by the CA. Client is responsible for downloading to see if a certificate is revoked

43
Q

Online Certificate Status Protocol (OCSP )

A

Streamlines the process of verifying whether or not a certificate has been revoked

44
Q

Message Authentication Codes (MAC)

A

Provides reasonable authenticity and integrity not strong enough to be non-repudiation (because it uses a symmetric key)
Between hashing and digital signatures

45
Q

How MAC Works

A

Message + Symmetric Number + Hashing Algorithm to produce an HMAC

46
Q

How it all Fits together (Web Browsing)

A

(Application) Web Browser requests web traffic
(Protocol) HTTP/HTTPS specifies rules for communication
(Cryptosystem) HTTPS mandates a cryptosystem, SSL/TLS is the framework to provide protection for data
(Algorithm) Provides the math for the actual encryption

47
Q

How it all fits together (e-Mail)

A

(Application) Mail Client and Server
(Protocol) Specifies rules for communication - SMTP POP3 or IMAP
(Cryptosystem) Framework to protect data - S/MIME or PGP
(Algorithm) Provides the math for encryption - AES is most popular, IDEA for PGP

48
Q

IPSec

A

Integrated with IPv6, backwards compatible with IPv4
Provides framework for services such as encryption, authentication, integrity
Provides encapsulation, not encryption
What is encapsulated can be protected through the protocols within IPSec

49
Q

Encapsulation

A

Data is not encrypted, but is wrapped in such a way that the data is protected in transit

50
Q

Tunnel Mode

A

Whole packet is encapsulated (IP Header, IP Payload, IP Trailer)

51
Q

Transport Mode

A

Only the payload is encapsulated (IP Payload)

52
Q

IPv4 IPSec packet

A

IPSec Header -> IP Header -> IP Payload -> IP Trailer -> IPSec Trailer

53
Q

Authentication Header (AH)

A

IPSec Sub Protocol
Provides integrity, authenticity, and non-repudiation through the use of an Integrity check Value (ICV)
Not compatible with NAT (Network Access Tunnels)

54
Q

Encapsulating Security Payload (ESP)

A

Provides authenticity and integrity through a MAC
Provides Encryption, ICV is run on payload only
Compatible with NAT

55
Q

Internet Key Exchange (IKE)

A

No security services

Management for a secure connection

56
Q

Integrity Check Value (ICV)

A

Part of Authentication Header (AH)
Hash run on the entire packet (Header, data, trailer) except for particular fields in the header that are dynamic (TTL, Etc).
No Confidentiality

57
Q

Oakley

A

IKE service, Uses Diffie Helman to agree upon a key

58
Q

Internet Security Association and Key Management Protocol (ISAKMP)

A

Manages Keys and Security Associations

59
Q

Security Association

A

Unique identifier for each secure session

Contains Dest Address, Security Parameter Index (SPI), IPSec Transform, Key, Additional SA Attributes (lifetime, etc)

60
Q

Security parameter Index (SPI)

A

Way to identify difference of multiple sessions with same destination

61
Q

Pretty Good Privacy (PGP)

A

Proprietary protocol for email cryptosystems
Uses web of trust
Passphrases instead of passwords
Learned keys are stored in a key ring

62
Q

Secure/Multipurpose internet Mail Extensions (S/MIME)

A

Provides PAIN for email systems, Asymmetric key exchange for Symmetric Message key
Privacy - Receiver’s Public Key
Authenticity - Senders Private Key
Integrity - Hash/Checksum - neither symmetric or asymmetric
Non-Repudiation - Hash encrypted by sender’s private key

63
Q

S/MIME Process (Digital Envelope)

A

Message encrypted with Symmetric Key
Symmetric Key added to Message
Symmetric Key encrypted with Receiver’s Public Key
Document gets hashed
Hash gets encrypted with Sender’s Private Key

64
Q

Ciphertext Only Attack

A

Attacker has captured encrypted text on the network. Usually means all the attacker can do is brute force the encrypted text

65
Q

Known Plain Text Attack

A

Attacker has captured cipher text, but also knows what a portion of the message is in plain text (like automatic signature)
How Allies cracked Enigma machine

66
Q

Chosen Plaintext Attack

A

Attacker can see the full text encrypted and decrypted. Attacker has initiated the message (usually)

67
Q

Chosen Ciphertext Attack

A

Attacker can see whatever they want in plain or ciphertext. They have compromised a workstation. Sometimes called a lunchtime or midnight attack

68
Q

Meet in the Middle Attack

A

Attacks are targeted towards algorithms like 3DES where there are multiple keys. An attacker tries to learn what each key does individually

69
Q

Highest level of AES

A

256