OSG-CH7

Question 1

public ledger/data store that nobody can tamper with or destroy.

Answer 1

blockchain

Question 2

specialized hardware can minimize power consumption, specialized hardware can minimize power consumption solving many low-latency requirements.

Answer 2

Lightweight Cryptography

Question 3

encrypting data in a way that preserves the ability to perform computation on that data, result you would have received if you had performed the computation on the plaintext data in the first place.

Answer 3

Homomorphic encryption

Question 4

an algebraic manipulation that attempts to reduce the complexity of the algorithm. attacks focus on the logic of the algorithm itself.

Answer 4

Analytic Attack

Question 5

an attack that exploits weaknesses in the implementation of a cryptography system. It focuses on exploiting the software code, not just errors and flaws but the methodology employed to program the encryption system.

Answer 5

Implementation Attack

Question 6

the attack exploits statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers. These attacks attempt to find a vulnerability in the hardware or operating system hosting the cryptography application.

Answer 6

Statistical Attack

Question 7

attacks are quite straightforward. Such an attack attempts every possible valid combination for a key or password. They involve using massive amounts of processing power to methodically guess the key used to secure cryptographic communications.

Answer 7

Brute-Force Attack

Question 8

In these attacks, the attacker attempts to compromise the integrity of a cryptographic device by causing some type of external fault

Answer 8

Fault Injection Attack

Question 9

Computer systems generate characteristic footprints of activity, such as changes in processor utilization, power consumption, or electromagnetic radiation. These attacks seek to use this information to monitor system activity and retrieve information that is actively being encrypted.

Answer 9

Side-Channel Attack

Question 10

an example of a side-channel attack where the attacker measures precisely how long cryptographic operations take to complete, gaining information about the cryptographic process that may be used to undermine its security

Answer 10

Timing Attack

Question 11

a random value that is added to the end of the password before the operating system hashes the password. This is then stored in the password file along with the hash.

Answer 11

cryptographic salt

Question 12

the only information you have at your disposal is the encrypted ciphertext message

Answer 12

ciphertext-only attack.

Question 13

counting the number of times each letter appears in the ciphertext.

Answer 13

frequency analysis

Question 14

the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy)

Answer 14

Known Plaintext

Question 15

the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key.

Answer 15

Chosen Plaintext

Question 16

the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.

Answer 16

Chosen Ciphertext

Question 17

defeat encryption algorithms that use two rounds of encryption. This attack is the reason that Double DES (2DES) was quickly discarded as a viable enhancement to the DES encryption

Answer 17

Meet in the Middle

Question 18

a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session). The attacker responds to the originator’s initialization requests and sets up a secure session with the originator. The attacker then establishes a second secure session with the intended recipient using a different key and posing as the originator.

Answer 18

Man in the Middle (“on-path attacks”)

Question 19

the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.

Answer 19

birthday attack

Question 20

the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session.

Answer 20

Replay