Domain 3B: Cryptography

Question 1

What is crypography?

Answer 1

Cryptography is secret writing, a type of secure communication understood by the sender and intended recipient only.

Question 2

What is cryptology?

Answer 2

Cryptology is the science of secure communications. Cryptography creates messages with hidden meaning; cryptanalysis is the science of breaking those encrypted messages to recover their meaning.

Question 3

What is a cipher?

Answer 3

A cipher is a cryptographic algorithm. A plaintext is an unencrypted message. Encryption converts a plaintext to a ciphertext. Decryption turns a ciphertext back into a plaintext.

Question 4

What is confusion?

Answer 4

Confusion is the relationship between the plaintext and ciphertext; it should be as random (confusing) as possible

Question 5

What is diffusion?

Answer 5

Diffusion means the order of the plaintext should be “diffused” or dispersed in the ciphertext. Confusion means that the relationship between the plaintext and ciphertext should be as confused or random as possible.

Question 6

What is permutation?

Answer 6

Permutation (transposition) provides confusion by rearranging the characters of the plaintext

Question 7

What is the difference between asymmetric encryption, symmetric encryption, and hybrid encryption?

Answer 7

Asymmetric
Pros: It does not need a pre-shared key, only 2x users = total keys.
Cons: It is much slower, it is weaker per bit.
Symmetric:
Pros: Much faster, stronger per bit.
Cons: Needs a pre-shared key, n(n-1)/2 users, becomes unmanageable with many users.
Hybrid Encryption:
Uses Asymmetric encryption to share a Symmetric Key (session key).
We use the security over an unsecure media from Asymmetric for the initial exchange and we use the speed and higher security of the Symmetric for the
actual data transfer.
The Asymmetric Encryption may send a new session key every so often to ensure security.

Question 8

How does symmetric encryption work?

Answer 8

Symmetric encryption uses a single key to encrypt and decrypt. If you encrypt a zip file, then decrypt with the same key, you are using symmetric encryption. Symmetric encryption is also called “secret key” encryption because the key must be kept secret from third parties. Strengths of this method include speed and cryptographic strengthning bit of key; however, the major weakness is that the key must be securely shared before two parties may communicate securely

Question 9

What is DES?

Answer 9

DES is the data encryption standard, which describes the data encryption algorithm (DEA). IBM designed DES, based on their older Lucifer symmetric cipher, which uses a 64-bit block size (ie, it encrypts 64 bits each round) and a 56-bit key.

Question 10

What is triple DES?

Answer 10

Triple DES applies single DES encryption three times per block. Formally called the “triple data encryption algorithm (TDEA) and commonly called TDES,” it became a recommended standard in 1999.

Question 11

What is AES?

Answer 11

The advanced encryption standard (AES) is the current US standard in symmetric block ciphers. AES uses 128-bit (with 10 rounds of encryption), 192-bit (with 12 rounds of encryption), or 256-bit (with 14 rounds of encryption) keys to encrypt 128-bit blocks of data.

Question 12

How does asymmetric encryption work?

Answer 12

Asymmetric encryption uses two keys, one for encryption and the other for decryption. The public key, as its name indicates, is made public, and asymmetric encryption is also called public key encryption for this reason. Anyone who wants to communicate with you may simply download your posted public key and use it to encrypt their plaintext. Once encrypted, your public key cannot decrypt the plaintext, but your private key can do so. As the name implies, your private key must be kept private and secure.

Question 13

What is the purpose of a key agreement?

Answer 13

Key agreement allows two parties the security with which to agree on a symmetric key via a public channel, such as the Internet, with no prior key exchange. An attacker who is able to sniff the entire conversation is unable to derive the exchanged key. Whitfield Diffie and Martin Hellman created the Diffie-Hellman Key Agreement Protocol (also called the Diffie-Hellman Key Exchange) in 1976. Diffie-Hellman uses discrete logarithms to provide security.

Question 14

How does ECC work? Why is it used?

Answer 14

ECC leverages a one-way function that uses discrete logarithms as applied to elliptic curves. Solving this problem is harder than solving discrete logarithms, so algorithms based on elliptic curve cryptography (ECC) are much stronger per bit than systems using discrete logarithms (and also stronger than factoring prime numbers). ECC requires less computational resources because it uses shorter keys comparison to other asymmetric methods. Lower-power devices often use ECC for this reason.

Question 15

What is the purpose of hashing?

Answer 15

Hash functions are primarily used to provide integrity: if the hash of a plaintext changes, the plaintext itself has changed. Common older hash functions include secure hash algorithm 1 (SHA-1), which creates a 160-bit hash and Message Digest 5 (MD5), which creates a 128-bit hash. There are weaknesses in both MD5 and SHA-1, so newer alternatives such as SHA-2 are recommended.

Question 16

Why are hashes not unique like their plaintext counterparts?

Answer 16

Hashes are not unique because the number of possible plaintexts is far larger than the number of possible hashes

Question 17

What is it called when more than one document has the same hash?

Answer 17

More than one document could have the same hash’. This is called a collision.

Question 18

What is the purpose of differential cryptanalysis?

Answer 18

Differential cryptanalysis seeks to find the difference between related plaintexts that are encrypted. The plaintexts may differ by a few bits. It launches as an adaptive chosen plaintext attack; the attacker chooses the plaintext to be encrypted though he or she does not know the key and then encrypts related plaintexts

Question 19

What is the purpose of linear crypanalysis?

Answer 19

Linear cryptanalysis is a known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key. The pairs are studied to derive information about the key used to create them. Both differential and linear analysis can be combined as differential linear analysis.

Question 20

What is a side channel attack?

Answer 20

Side-channel attacks use physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting

Question 21

What is the purpose of digital signatures?

Answer 21

Digital signatures are used to cryptographically sign documents. Digital signatures provide nonrepudiation, which includes authentication of the identity of the signer, and proof of the document’s integrity (proving the document did not change). This means the sender cannot later deny or repudiate signing the document.

Question 22

What is a digital certificate?

Answer 22

A digital certificate is a public key signed with a digital signature. Digital certificates may be server-based or client-based. If client and server certificates are used together, they provide mutual authentication and encryption.

Question 23

What is the purpose of SSL and TLS?

Answer 23

Secure Sockets Layer (SSL) brought the power of PKI to the web. SSL authenticates and provides confidentiality to web traffic. Transport Layer Security (TLS) is the successor to SSL. Both are commonly used as part of HTTPS

Question 24

What is IPSec?

Answer 24

Internet Protocol Security (IPsec) is a suite of protocols that provide a cryptographic layer to both IPv4 and IPv6. It is one of the methods used to provide virtual private networks (VPN), which allow you to send private data over an insecure network, such as the Internet; the data crosses a public network, but is “virtually private.”

Question 25

What are the two primary protocols of IPSec?

Answer 25

IPsec includes two primary protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP). AH and ESP provide different and sometimes overlapping functionality.

Question 26

What are the two secondary protocols of IPSec?

Answer 26

Supporting IPsec protocols include Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE).

Question 27

What does AH provide and what does it protect against?

Answer 27

Authentication header (AH) provides authentication and integrity for each packet of network data. AH provides no confidentiality; it acts as a digital signature (non-repudiation) for the data. AH also protects against replay attacks, where data is sniffed off a network and resent, often in an attempt to fraudulently reuse encrypted authentication credentials.

Question 28

What is a security association?

Answer 28

An IPsec Security Association (SA) is a simplex (one-way) connection that may be used to negotiate ESP or AH parameters. AH and ESP may be used separately or in combination. If two systems communicate via ESP, they use two SAs, one for each direction. If the systems leverage AH in addition to ESP, they use two more SAs for a total of four. The internet security association and key management protocol (ISAKMP) manages the SA creation process.

Question 29

What is the difference between tunnel mode and transport mode?

Answer 29

IPsec is used in tunnel mode or transport mode. Security gateways use tunnel mode because they can provide point-to-point IPsec tunnels. ESP tunnel mode encrypts the entire packet, including the original packet headers. ESP transport mode only encrypts the data, not the original headers; this is commonly used when the sending and receiving system can “speak” IPsec natively.

Question 30

How are AH and ESP used in IPSec?

Answer 30

AH authenticates the original IP headers, so it is often used (along with ESP) in transport mode because the original headers are not encrypted. Tunnel mode typically uses ESP alone, as the original headers are encrypted and thus protected by ESP

Question 31

What encryption algorithms are used by IPSec? What is used for the algorithm selection process?

Answer 31

IPsec can use a variety of encryption algorithms, such as MD5 or SHA-1 for integrity, and Triple DES or AES for confidentiality. The IKE negotiates the algorithm
selection process. Two sides of an IPsec tunnel will typically use IKE to negotiate to the highest and fastest level of security, selecting AES over single DES for confidentiality if both sides support AES, for example.

Question 32

What is PGP?

Answer 32

Pretty Good Privacy (PGP), created by Phil Zimmerman in 1991, brought asymmetric encryption to the masses. PGP provides the modern suite of cryptography:
confidentiality, integrity, authentication, and nonrepudiation. PGP can encrypt emails, documents, or an entire disk drive. PGP uses a web of trust model to authenticate digital certificates, instead of relying on a central CA.

Question 33

What is MIME?

Answer 33

MIME (multipurpose Internet mail extensions) provides a standard way to format email, including characters, sets, and attachments. Secure MIME (S/MIME) leverages PKI to encrypt and authenticate MIME-encoded email. The client or client’s email server, called an S/MIME gateway, may perform the encryption

Question 34

What is the purpose of the public key infrastructure?

Answer 34

Public Key Infrastructure (PKI) leverages all three forms of encryption to provide and manage digital certificates.

Question 35

What is the standard digital certificate format?

Answer 35

The standard digital certificate format is X.509.

Question 36

What does ESP provide?

Answer 36

ESP primarily provides confidentiality by encrypting packet data. It may also optionally provide authentication and integrity.

Question 37

A historical type of encryption that was based on a set of disks with random letters; the sender and receiver would agree on the disk order. What is it called?

Answer 37

The Jefferson Disk (Bazeries Cylinder) - is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around the edge. Jefferson (US president) invented it, and Bazeries improved it. The order of the letters is different for each disk and is usually scrambled in some random way.

Question 38

What protocol natively supports IPSec?

Answer 38

IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic; for IPv4, it is bolted on. For IPv6, it is designed into the protocol.

Question 39

What is RC4?

Answer 39

RC4: Used by WEP/WPA/SSL/TLS. Pseudorandom keystream. No longer considered secure. Symmetric, Stream cipher, 40-2048 bit key length.

Question 40

What historical encryption was written on a thin piece of parchment that was wrapped around a round stick of a certain diameter?

Answer 40

Spartan Scytale - Message written lengthwise on a long thin piece of parchment wrapped around a certain size round stick. By itself it would make no sense, but if rewrapped around a stick of the same diameter it would be decipherable.

Question 41

Which of these encryption methods is truly unbreakable if it is implemented right?

Answer 41

One-Time Pad: Cryptographic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. While it is unbreakable it is also very impractical. It has ONE use per pad; they should never be reused. Characters on the pad have to be truly random. The pads are kept secure.

Question 42

What is hybrid encryption?

Answer 42

Hybrid Encryption: Uses Asymmetric encryption to share a Symmetric Key (session key). We use the security over an unsecure media from Asymmetric for the initial exchange and we use the speed and higher security of the Symmetric for the actual data transfer. The Asymmetric Encryption may send a new session key ever so often to ensure security.

Question 43

What types of encryption are symmetric? What types are asymmetric?

Answer 43

Twofish, Blowfish, AES, DES, IDEA and RC4/5/6 are types of symmetric encryption.

DH, ElGamal, ECC, and DSA, RSA are asymmetric types of encryption.

Question 44

What is IDEA?

Answer 44

IDEA (International Data Encryption Algorithm): Designed to replace DES. Symmetric, 128 bit key, 64 bit block size, considered safe. Not widely used now, since it is patented and slower than AES.

Question 45

If an attacker is using a digraph attack, what is the attacker looking for? ​

Answer 45

How often pairs of letters are used.

Question 46

When we are using frequency analysis, what are we looking at?

Answer 46

Frequency Analysis (analyzing the frequency of a certain character) – In English “E” is used 12.7% of the time. Given enough encrypted substitution text, you can break it just with that.

Question 47

If we have 5 users and they all need to communicate with each other securely, would we use the MOST encryption keys if we used asymmetric or symmetric encryption​?

Answer 47

Symmetric would use 10 keys (5x(5-1))/2, asymmetric uses 2 keys per person also 10 keys.

Question 48

What is a replay attack?

Answer 48

A cryptographic attack used against algorithms that don’t incorporate temporal protections.

Question 49

What are the three encryption algorithms supported by the Digital Signature Standard?

Answer 49

DSA, RSA, and ECDSA

Question 50

What is the Kerchoff priciple?

Answer 50

An assumption that all algorithms should be public but all keys should be private.

Question 51

What is the process by which you are issue a digital certificate?

Answer 51

Enrollment

Question 52

What is cryptanalysis?

Answer 52

Cryptanalysis is the science of breaking encrypted communication

Question 53

What is a digraph attack?

Answer 53

Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER)