ECM 1407 Encryption

Question 1

What can modern cryptography be defined as?

Answer 1

The study of mathematical techniques for securing digital data

Question 2

How does Caesar’s Cipher work?

Answer 2

Shifts each letter by a set amount

e.g. A -> E, B ->F

Question 3

What are the two principles of cryptography?

Answer 3

Security by obscurity
Kerckhoff’s principle

Question 4

What is security by obscurity?

Answer 4

Improving security by keeping the algorithm secret

Question 5

What is Kerckhoff’s principle?

Answer 5

The cipher method must not be required to be secret, and the message must be able to fall into the hands of the enemy

Everything except the keys are public knowledge

Question 6

What is the mono-alphabetic substitution?

Answer 6

Defines a map from each letter to some letter of the alphabet, where the map is arbitrary, instead of a fixed shift.

Question 7

What is the difference between symmetric and asymmetric encryption?

Answer 7

Symmetric uses one key for encryption and decryption

Asymmetric makes use of a public key for encryption and a private key for decryption

Question 8

What is a stream cipher?

Answer 8

an encryption technique that works byte by byte to transform plain text into code that’s unreadable to anyone without the proper key.
Stream ciphers are linear, so the same key both encrypts and decrypts messages. And while cracking them can be difficult, hackers have managed to do it.

Question 9

What is a block cipher?

Answer 9

a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
The block cipher processes fixed-size blocks simultaneously, as opposed to a stream cipher, which encrypts data one byte at a time.

Question 10

What are the origins of RSA?

Answer 10

A public-key cryptosystem, one of the oldest, that is widely used for secure data transmission. The acronym “RSA” comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977

Question 11

How does RSA work?

Answer 11

1) Choose 2 large prime numbers p and q

2) Calculate n = p * q

3) z = (p - 1) * (q - 1)

4) Choose e to be relatively prime (no other common factors than 1) to z

5) Choose d such that (d*e) mod z = 1

Question 12

What are the RSA equations?

Answer 12

M = plaintext block
C = encrypted block
C = M^e mod n
M = C^d mod n

Question 13

What are 3 examples of digital signatures?

Answer 13

Private keys
Hashing
Tarballs

Question 14

What is an example of an awry software implementation? What was the issue?

Answer 14

The heartbleed bug

When a word with more characters than specified, the word is promptly returned as expected, but with random spare data that often reveals sensitive data about the machine and its user.

Question 15

What websites were affected by the heartbleed bug?

Answer 15

• Yahoo!, Imgur, Stack Overflow, Slate, DuckDuckGo
• These sites asked users to promptly change their passwords

Question 16

What information is not picked up on by intruders through HTTPS as opposed to HTTP?

Answer 16

The User
The Data

Question 17

What is information is transmitted from a system to a site that can be used by intruders?

Answer 17

The url
The User
The Data
The machine’s location

Question 17

Who can intercept the connection between 2 ISPs?

Answer 17

The National Security Agency (NSA)

Question 17

What is Tor?

Answer 17

A free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays. Using Tor makes it more difficult to trace a user’s Internet activity.

It uses multiple router keys that act as protective layers that the interceptors will reach as opposed to the core connection

Question 17

What are 3 kinds of parties that have access to your Internet Service Provider (ISP)?

Answer 17

Lawyers
Police
System Administrators

Question 18

What can external parties receive from an Internet user’s ISP who is using Tor?

Answer 18

Only the location. Tor encrypts the rest

Question 19

What is the double edged sword in Tor?

Answer 19

+ It allows good people to do what they want to do without the government controlling them
- It allows bad people to do what they want to do without the government controlling them

Question 20

What are some symmetric encryption programs?

Answer 20

AES
Blowfish
Twofish

Question 21

What are some asymmetric encryption programs?

Answer 21

ECC
ELGamal
RSA

Question 22

What surveillance tech was leaked by Edward Snowden?

Answer 22

RAMPART-A

Question 23

What does the Online Safety Bill say to encryption?

Answer 23

An offence is committed if the participant submits data to OFCOM that cannot be decrypted.

Question 24

What must participants under the OSB do?

Answer 24

It provides a legal duty for social media companies to put in place systems and processes that tackle child sexual abuse on their services irrespective of the technology they use
Companies failing to comply with such systems and processes face Ofcom, which is able to impose fines of up to £18 million or 10% of the company’s global annual turnover - depending on which is higher.