Domain 5 - Cryptography Flashcards
An encrypted message
Ciphertext
An unencrypted message
Plaintext
The science of secure communication
Cryptology
Encryption that uses one key to encrypt and decrypt
Symmetric encryption
Encryption that uses two keys: if you encrypt with one, you may decrypt with other
Asymmetric encryption
One way encryption using algorithm but no key
Hash function
This creates messages whose meaning is hidden
Cryptography
The science of breaking encrypted messages ( recovering their meaning)
Cryptanalysis
—– is a cryptographic algorithm
Cipher
Converts the plaintext into a ciphertext
Encryption
Turns a cipher-text to a plaintext
Decryption
True or false. Cryptography can provide confidentiality and integrity and does not directly provide availability
True
True or false. Cryptography can also provide authentication and non repudiation
True
This means the order of the plaintext should be dispersed in the cipher text
Diffusion (transposition or permutation)
This means that the relationship between the plaintext and cipher-text should be confused (as random) as possible
Confusion (substitution)
It describes how long it will take to break a crypto systems ( decrypt a cipher-text without a key)
Work Factor
Is a cipher that uses one alphabet
Mono alphabetic cipher
It’s a cipher that uses multiple alphabets
Poly alphabetic cipher
Mono alphabetic ciphers are susceptible to frequency analysis. True or false
True
Three primary types of modern encryption
Symmetric
Asymmetric
Hashing
Describes the process of selecting the right method(cipher) and implementation for the right job, typically at an organisation wide scale
Cryptographic protocol governance
These are stylised pictorial writing used in ancient Egypt
Hieroglyphics
An ancient cryptography that uses strip of parchment that was wrapped around a rod
Spartan scytale
Is a mono alphabetic rotation cipher used by Julius Ceasar
Caesar cipher
This uses mono alphabetic cypher rotated 13 characters
Rot-13
Is a poly alphabetic cypher that is related 26 times to form a matrix
Vigenere cipher
These have two concentric disks, each with an alphabet around the periphery. They allow both mono-alphabetic and poly alphabetic encryption
Cipher disks
Also called wheel cypher. It had 36 wooden disks, each with 26 letters in random order
Jefferson disks
Is a cipher that uses whole words from a well known text such as a dictionary. To encode, agree on a text source, and note the page number, line, and word offset of each word you would like to encode
Book cipher
Is a cipher that uses well known texts as the basis for their keys but instead of using whole words, they use modulus math to add letters to each other
Running key cipher
This cipher assigns a code word for important people, locations , and terms
Code books
This uses identical paired pads of random characters, with a set amount of characters per page. It is the only encryption that is mathematically proven to be secure
One time pad
One time pad should meet the following three conditions to be secure
- The characters on the pad are truly random
- The pads are kept secure
- No page is ever used
The first known use of one time pad
Vernam cipher
Is a class of cryptographic devices known as rotor machines
Hebert machines
This looks like a large typewriter and finger wheels added use in the World War Two for cryptanalysis
Enigma
Is a cryptography law that was designed to control the export of critical technologies to iron curtain countries during the Cold War
Coordinating committee for Multilateral Exports Control (COCOM)
This law was initiated in 1996 when COCOM ended. It involves many more countries including Soviet Union countries. It also relaxed many of the restrictions on exporting cryptography
Wassenaar Arrangement
Is a mode of symmetric encryption where each bit is independently encrypted
Stream cipher
Is a mode of symmetric encryption where blocks of data each round is encrypted
Block cipher
Is used in some symmetric cipher to ensure that the first encrypted block of data is random
Initialisation vector (IV)
This seeds the previous encrypted block into the next block to be encrypted. It destroys the patterns in the resulting ciphertext
Chaining (also called feedback in stream mode)
Is a form of encryption that uses a 64 bit block size ( meaning it encrypts 64 bits each round) and a 56 bit key
DES Data Encryption Algorithm - DEA
What are the five modes of DES?
- Electronic Code Book - ECB
- Cipher Block Chaining - CBC
- Cipher Feedback - CFB
- Output Feedback - OFB
- Counter Mode - CTR
It is the simplest and weakest form of DES. It does not use IV or chaining. Identical plain text encrypted with identical keys produces identical cipher-text. It is the original mode of DES
Electronic Code Book (ECB)
Is a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted. It’s limitation is that encryption errors will propagate as its cascade through subsequent blocks
Cipher Block Chaining
Is a DES stream mode that uses IV and feedback to destroy patterns and errors propagate
Cipher Feedback
Is a DES stream mode where it uses the subkey before it is XORed to the plaintext. Because the subkey is not affected by encryption errors, errors will not propagate
Output feedback
Is a DES stream mode that uses counter as a feedback. It destroys patterns and errors do not propagate
Counter mode
Is the original implementation of DES , encrypting 64 bit blocks of data with 56 bit key, using 16 rounds of encryption
Single DES
Is a single DES that is encrypted 3 times. It’s primary weakness is it too slow and complex
Triple DES
3 forms of Triple DES Encryption
1TDES EDE
2 TDES EDE
3 TDES EDE
Is the strongest form of DES with 168 bits of key length
3TDES EDE (three different keys)
Is a symmetric block cipher designed as an international replacement for DES. It uses 128 bit key and 64 block size. It primary drawbacks are patent encumbrance and slow speed
International Data Encryption Algorithm (IDEA)
Is the current US standard symmetric block cipher. It’s uses 128, 192, or 256 bit keys. It is an open algorithm, free to use and free of any intellectual restriction.
Advanced Encryption Standard - AES
Five AES Finalist
MARS RC6 Rijndael Serpent Twofish
Four functions of AES
ShiftRows
MixColumns
SubBytes
AddRoundKey
Is an AES function that provides diffusion by shifting rows of the state
ShiftRows
An AES function that provides diffusion by mixing the columns of the state via finite field mathematics
MixColumns
An AES function that provides confusion by substituting the bytes of the state
SubBytes
Is the final function applied in each round of AES. It XORs the state of the subkey
AddRoundKey
Is a symmetric block cipher created by teams lead by Bruce Schneier. It was an AES finalist. It uses from 32 to 448 bit keys to encrypt 64 bits of data.
Blowfish
Is a symmetric block cipher created by teams lead by Bruce Schneier. It was an AES finalist encrypting 128 bit blocks using 128 to 256 bit keys.
Twofish
An example of asymmetric one way function is factoring a composite numbers into its primes.
Factoring Prime Numbers
An example of asymmetric algorithm one way function which is the basis of Diffie-Hellman and ElGamal asymmetric algorithm
Discrete Logarithm
This allows two parties to securely agree on a symmetric key via public channel such as internet, with no prior key exchange.
Diffie-Hellman Key agreement protocol
Another asymmetric encryption that leverages a one way function that uses discrete logarithms as applied to elliptic curves. It requires less computational resources because shorter keys can be used. It is often used in low power devices for this reason
Elliptic Curve Cryptography
True or False. Asymmetric encryption is slower and weaker than per bit of key length than symmetric .
True
True or False. The strength of asymmetric algorithm is its ability to securely communicate without pre-sharing a key
True
This happens when two hashes are the same from different plaintext.
Collision
This creates a 128 bit hash value based on any input
MD5
Is the newest version of the MD hash family algorithm
MD6
Is a hash algorithm that creates 160 bit hash value and was also found to be weak collision avoidance
SHA-1
Is Secure Hash Algorithm -SHA that includes 224, 256, 384 and 512 bit hash value
SHA-2
Is a hash algorithm that creates message digests of 128, 160, 192,224 or 256 bit key lengths using 3, 4 or 5 rounds. It’s faster than MD5
Hash of Variable Length (HAVAL)
Is a cryptographic attack that generates the entire keys pace which is every possible key
Brute force attack
Is a cryptographic attack that uses the human mind to bypass security controls. It maybe use to recover a key by tricking the key holder into revealing the key
Social engineering
Is pre computed compilation of plaintexts and matching cipher texts
Rainbow Tables
Is an cryptographic attack that relies on recovering and analysing a matching plaintext and ciphertext pair. The goal is to derive the key that was used
Known Plaintext
Is a cryptographic attack that chooses the plaintext to be encrypted ; the goal is to derive the key.
Chosen Plaintext
It’s a cryptographic attack that mirrors chosen plaintext attacks; the difference is that the cryptanalyst ciphertext to be decrypted
Chosen Ciphertext
Cryptographic attack that attack encrypts on one side, decrypts on the other side and meet in the middle
Meet in the middle attack
Is a cryptographic attack where cryptanalyst knows something about the key to reduce the efforts used to attack it
Known Key
This seeks to find the difference between related plaintexts that are encrypted. Using statistical analysis to search for signs of randomness in the ciphertext.
Differential cryptanalysis
Is a known plaintext attack where cryptanalyst finds large amount of plaintext/ciphertext pairs created with the same key. The pairs are studied to derive information about the key used to create them
Linear cryptanalysis
This uses physical data to break crypto system such as monitoring CPU cycle or power consumption while encrypting of decrypting.
Side Channel attacks
This attack exploits a mistake (vulnerability) made while implementing an application,service or a system.
Implementation attacks
This occurs when two symmetric keys applied to the same plaintext produce the same ciphertext.
Key Clustering
These are use to cryptographically sign documents. It provide non repudiation which includes authentication of the identity of the signer and proof of the document’s integrity
Digital Signatures
True or false. Digital signatures provide authentication and integrity which forms non repudiation. They do not provide confidentiality as the plaintext remains unencrypted
True
Is a hash function that uses a key
Message Authentication Code - MAC
This combines a shared key with hashing. Two parties must pre-share a secret key (Symmetric). XOR the plaintext with the key then hashes the output and then the hash is combine again with the key.
Hashed Message Authentication Code (HMAC)
These leverages all the three forms of encryption to provide and managed digital certificate. A digital certificate is a public key signed with a digital signature
PKI - Public Key Infrastructure
5 Components of PKI
CA - the issue and revoke of certificates
Organisational Registration Authority -ORA - vouch for the binding between public keys and certificate holder identities
Certificate holders - that are issued certificate and can sign digital documents
Clients - that validate the digital signatures and their certification paths from a know public key of a trusted CA
Repositories that store and make available certificates and CRLs
This means the organisation that issued the public/private key pairs retains a copy.
Key Storage
True or false. A retired key may not be used for new transactions but may be used to decrypt previously encrypted plaintext.
True
Is a suite of protocols that provide a cryptographic layer to both IPv4 and IPv6. It is one of the methods used to establish VPNs which allow you to send private data over insecure network
IPSec
Is one IPSec protocols that provide authentication and integrity for each packet of network data. It does not provide confidentiality; it acts as a digital signature for data. It also protects against replay attacks
Authentication Header - AH
One IPSec primary protocol that provides the confidentiality by encrypting the packet data
Encapsulating Security Payload
In IPSec, this is a simple or one way connection that may be used to negotiate ESP or AH parameters
Security Association - SA
Is an IPSec mode used by security gateways which can provide point to point IPSec tunnels. It encrypts the entire packet, including original packet headers
ESP Tunnel Mode
This is an IPSec mode that only encrypts the data(not the original headers); this Is commonly used when the sending and receiving system can speak IPSec natively
Transport Mode
This negotiates the algorithm selection process in IPSec
Internet Key Exchange - IKE
This brought the asymmetric encryption to the masses. It provides the modern suite of cryptography: confidentiality, integrity, authentication, and non repudiation. It can be used to encrypt emails, documents, or the entire disk drive
Pretty Good Privacy (PGP)
This provides a standard way to format email, including characters, sets and attachments. It leverages PKI to encrypt and authenticate MIMe encoded email
S/MIME
This means a 3rd party organisation holds a copy of a public/private key pair
Escrowed Encryption
The name of the technology used in the Escrowed Encryption Standard, an effort by the US government to deploy escrowed encryption in telecommunications devices.
Clipper Chip
This encode data into a file. It maybe hidden using steganography. It is often used to fingerprint files.
Digital Watermarks
