quiz2-week 3 content Flashcards
what is cryptography
Scrambling information so it cannot be read
* Transforms information into secure form so unauthorized persons cannot access it
what is Steganography
- Hides the existence of data
where can data be hidden in image, video and audio files
header fields and metadata
what is encryption
is the process of changing original text into a secret message using
cryptography
what is plaintext
s unencrypted data to be encrypted or is the output of decryption
ciphertext is
is the scrambled and unreadable output of encryption
cleartext data is
is data stored or transmitted without encryption
plaintext data is input into a
is input into a cryptographic algorithm (also called a cipher)
A key is a ___ ___ entered into the algorithm to produce ____
* The reverse process uses the key to decrypt the message
mathematical value
ciphertext
A substitution cipher substitutes one ___ for ____
one character for another
ROT13 meaning
rotate alphabet 13 steps clockwise
xor cipher compares two ___,
if they are different, __ is returned
bits
1
Cryptography can provide several basic protections
___
___
___
___
___
Confidentiality ensures only authorized parties can view it
- Integrity ensures information is correct and unaltered
- Authentication ensures sender can be verified through cryptography
- Nonrepudiation proves that a user performed an action
- Obfuscation is making something obscure or unclear
security through obscurity
definition
example
An approach in security where virtually any system can be made secure as long as
outsiders are unaware of it or how it functions
using port 70 instead of port 80
Cryptography can provide protection to data as that data resides in any of three states:
* Data in ____ (also called data in use) is data actions being performed by “endpoint
devices”
* Data in _____ are actions that transmit the data across a network
* Data at ____ is data that is stored on electronic media
processing
transit
rest
___ vs ___ constraint is a limitation in providing strong cryptography due to the
tug-of-war between available resources (time and energy) and the security provided by
cryptography
resource vs security
It is important that there be___ ___in cryptography
* is the ability to quickly recover from these resource vs. security
constraints
high resiliency
Which of the following is a term that proves that a user performed an action with a computer or
on data?
a. Confidentiality
b. Nonrepudiation
c. Obfuscation
d. Authentication
b
Three categories of cryptographic algorithms
* ___algorithms
* ____cryptographic algorithms
* ____cryptographic algorithms
Three categories of cryptographic algorithms
* Hash algorithms
* Symmetric cryptographic algorithms
* Asymmetric cryptographic algorithms
A fundamental difference in cryptographic algorithms is the ___ of __ __ at a
time
* ____ cipher - takes one character and replaces it with another
* ___ cipher - manipulates an entire block of plaintext at one time
* ___ function - takes as input a string of any length and returns a string of any
requested variable length
amount of data processed
stream
block
sponge
Hash algorithm creates a unique “___ ___” of a set of data and is commonly called
hashing
* This fingerprint, called a ___ (sometimes called a message ____ or hash), represents
the contents
digital fingerprint
digest
Hashing is intended to be __ ___in that its digest cannot be reversed to reveal the original
set of data
one way
Secure hashing algorithm characteristics:
- ___ ___ - short and long data sets have the same size hash
- ___ - two different data sets cannot produce the same hash
*___ - data set cannot be created to have a predefined hash
- ___ - resulting hash cannot be reversed to determine original plaintext
fixed size
unique
original
secure
SHA-____ is currently considered to be a secure hash
* SHA-____ was announced as a new standard in 2015 and may be suitable for low-power
devices
SHA-2 is currently considered to be a secure hash
* SHA-3 was announced as a new standard in 2015 and may be suitable for low-power
devices
____ cryptographic algorithms use the same single key to encrypt and decrypt a
document
Symmetric
________ cryptographic algorithms use two mathematically related keys
types of keys
Asymmetric
public
private
Digital Signature Algorithm (DSA)
* Creates a _____ ___ - an electronic verification of the sender
Digital Signature Algorithm (DSA)
* Creates a digital signature - an electronic verification of the sender
Which of the following is a function of a digital signature?
a. Provides authorization
b. Encrypts transmitted data
c. Decrypts transmitted data
d. Proves message integrity
d
A digital signature can verify the sender of data, prevent a sender from disowning a
message, and prove message integrity.
Two of the most common cryptography attacks are ____ attacks and ____ attacks
Two of the most common cryptography attacks are algorithm attacks and collision attacks
types of algorithm attacks(2)
___ Statistical tools can be used to attempt to discover a pattern in the ciphertexts, which
can then be used to reveal the plaintext or key
___ A threat actor forces the system to abandon the current higher security mode of
operation and instead “fall back” to implementing an older and less secure mode
known cipher attacks
downgrade attacks
collision attacks
When two files have the same ___ this is known as a collision
digest
Which type of cryptography attack attempts to find tow input strings of a hash function that
produce the same hash result?
a. Downgrade attack
b. Birthday attack
c. Ciphertext attack
d. Algorithm attack
Answer: b. Birthday attack
A birthday attack is a type of collision attack based on the birthday paradox which
states that there is a 50% chance of any two people sharing a birthday if there are
only 23 people in the room.
___ protects all data on a hard drive
FDE
Cryptography can be embedded in ____
hardware
Hardware encryption options include:
___ ___ module
*___ ___module
Hardware encryption options include:
* Trusted platform module
* Hardware security module
___ is a removable external cryptographic device
* It includes an onboard key generator and key storage facility
* Performs accelerated symmetric and asymmetric encryption
* Malware cannot compromise i
Hardware Security Module HSM is a removable external cryptographic device
* It includes an onboard key generator and key storage facility
* Performs accelerated symmetric and asymmetric encryption
* Malware cannot compromise i
____ is a chip on a computer’s motherboard that provides cryptographic services
* Includes a true random number generator
* Entirely done in hardware so it cannot be subject to software attack
* Prevents computer from booting if files or data have been altered
* Prompts for password if hard drive moved to a new computer
Trusted Platform Module (TPM)
* TPM is a chip on a computer’s motherboard that provides cryptographic services
* Includes a true random number generator
* Entirely done in hardware so it cannot be subject to software attack
* Prevents computer from booting if files or data have been altered
* Prompts for password if hard drive moved to a new computer
A ____ is a shared, immutable ledger that facilitates the process of recording
transactions and tracking assets in a business network
allows a network of computers to agree at regular intervals on the
true state of a distributed ledger
relies on cryptographic hash algorithms to records its transactions
blockchain
Which of the following is an example of FDE?
a. BitLocker
b. EFS
c. GNuPG
d. Folder Lock
a
_____ ___is a common application of cryptography
involves
* Understanding their purpose
* Knowing how they are managed
* Determining which type of digital certificate is appropriate for different situations
Digital certificates is a common application of cryptography
* Using digital certificates involves
* Understanding their purpose
* Knowing how they are managed
* Determining which type of digital certificate is appropriate for different situations
A digital certificate is a technology used to associate a user’s ____ to a public key that
has been “digitally signed” by a trusted third party
identity
If a user wants a digital certificate:
* After generating a public and private key, the user must complete a request with
information such as name, address, email address, known as a ____
User electronically signs the CSR and sends it to an___ ___
Certificate Signing
Request (CSR)
User electronically signs the CSR and sends it to an intermediate CA
Intermediate CAs are ___ ___designed to handle specific CA tasks such as:
* Processing certificate requests
Verifying the identity of the individual
subordinate entities
A common method to ensure security and integrity of a root CA is to keep it in an ___
state from the network ___ ___
offline
offline CA
___ ___is a publicly accessible centralized directory of digital
certificates
* It can be used to view certificate status
* The directory can be managed locally by setting it up as a storage area connected to
the CA server
Certificate Repository (CR) is a publicly accessible centralized directory of digital
certificates
* It can be used to view certificate status
* The directory can be managed locally by setting it up as a storage area connected to
the CA server
Reasons a certificate would be ____
▶ Certificate is no longer ____
▶ Details of the certificate have ___, such as user’s address
▶ Private key has been lost or exposed (or suspected lost or exposed)
revoked
used
changed
A ___ __ __ is a list of digital certificates that have been
revoked
A Certificate Revocation List (CRL) is a list of digital certificates that have been
revoked
___ ___ ___ __performs a real-time lookup of a certificate’s
status
* is called a request-response protocol
* The browser sends the certificate’s information to a trusted entity known as an ___
Responder
* The ____ ___ provides immediate revocation information on that certificate
Online Certificate Status Protocol (OCSP) performs a real-time lookup of a certificate’s
status
* OCSP is called a request-response protocol
* The browser sends the certificate’s information to a trusted entity known as an OCSP
Responder
* The OCSP Responder provides immediate revocation information on that certificate
OCSP____
* A variation of OCSP where web servers send queries to the OCSP Responder server
at regular intervals to receive a signed time-stamped response
OCSP stapling
* A variation of OCSP where web servers send queries to the OCSP Responder server
at regular intervals to receive a signed time-stamped response
___ ___Certificates
* The process of verifying a digital certificate is genuine depends upon certificate ____
* Links several certificates together to establish trust between all the certificates
involved
* The beginning point of the chain is known as a root digital certificate and is created
and verified by a CA
* They are self-signed and do not depend upon any higher-level authority
* Endpoint of the chain is the user digital certificate itself
Root Digital Certificates
* The process of verifying a digital certificate is genuine depends upon certificate chaining
* Links several certificates together to establish trust between all the certificates
involved
* The beginning point of the chain is known as a root digital certificate and is created
and verified by a CA
* They are self-signed and do not depend upon any higher-level authority
* Endpoint of the chain is the user digital certificate itself
Web server digital certificates perform two primary functions:
* Ensure the authenticity of the __ __ to the ___
* Ensure the authenticity of the cryptographic connection to the ___ ___
web server to the client
web server
Which of the following is the beginning point of a certificate chain?
a. User certificate
b. Intermediate certificate
c. Root certificate
d. Top-level certificate
Answer: c. Root certificate
The beginning point of a certificate chain is the root certificate and they do not
depend on a higher-level authority
There are several types of domain digital certificates:
There are several types of domain digital certificates:
* Domain validation digital certificates
* Extended validation (EV) digital certificates
* Wildcard digital certificates
* Subject alternative name (SAN) digital certificates
PKI is one of the most important management tools for the use of:
___ __
___ __
PKI is one of the most important management tools for the use of:
* Digital certificates:
* Asymmetric cryptography
___ __ ___ (PKI) is a framework for all entities involved in digital certificates
* Certificate management actions facilitated by PKI
* Create
* Store
* Distribute
* Revoke
Public key infrastructure (PKI) is a framework for all entities involved in digital certificates
* Certificate management actions facilitated by PKI
* Create
* Store
* Distribute
* Revoke
A ___ ___refers to the type of trust relationship that can exist between individuals and
entities
trust model
____ trust is a type of trust model where one person knows the other person
Direct
___ is defined as confidence in or reliance on another person or entity
Trust
The web of trust model is based on ___ trust
Each user signs a digital certificate then exchanges certificates with all other users
direct
The hierarchical trust model assigns a single hierarchy with one master CA called ___, which signs all digital certificate authorities with a single ___
root
key
Hierarchical trust model limitations:
* A single CA private key may be ____ rendering all certificates ____
* Having a single CA who must verify and sign all digital certificates may create a
significant ___
compromised, worthless
backlog
Distributed Trust Model
* The distributed trust model has multiple CAs that sign digital certificates
* Eliminates limitations of __ ___ __
hierarchical trust model
The ___ __model is similar to the distributed trust model
- One CA acts as a facilitator to interconnect connect all other CAs
- Facilitator CA does not issue digital certificates, instead it acts as hub between
hierarchical and distributed trust model
* Allows the different models to be ___
bridge trust
linked
Certificate Life Cycle
* ___
* Occurs after user is positively identified
- ___
- May occur when employee on leave of absence
- ____
- Certificate no longer valid
- ___
- Key can no longer be used
Certificate Life Cycle
* Creation
* Occurs after user is positively identified
- Suspension
- May occur when employee on leave of absence
- Revocation
- Certificate no longer valid
- Expiration
- Key can no longer be used
Which of the following is considered a non-secure place where PKI encryption keys may be
stored?
a. Smart-card
b. Token
c. In a digital certificate
d. Local system
d
Private keys can be stored on a user’s local system but this can leave keys open to
attacks due to possible vulnerabilities in the OS. Storing keys in hardware such as
tokens and smart-cards is usually a more secure alternative.
Public keys can be stored by embedding them within __ __
digital certificates
Alternative: storing keys in hardware
__ __
___
Alternative: storing keys in hardware
* Smart-cards
* Tokens
one of the most common cryptographic protocol
___ __ __
secure sockets layer (SSL) version3 (current)
The most common cryptographic transport algorithms include the following:
* ___ __ __
- ___ __ ___
- __ __
- __ __ __ __
- ___/___
- ___ __ __ __ __
- ___ __
Secure Sockets Layer(SSL)
* Transport Layer Security (TLS)
- Secure Shell (SSH)
- Hypertext Transport Protocol Secure (HTTPS)
- S/MIME - Secure/Multipurpose Internet Mail Extensions
secures email messages - Secure Real-time Transport Protocol (SRTP)
is a secure extension protecting
transmission using the Real-time Transport Protocol (RTP) - IP Security
IPsec is a protocol suite for securing Internet Protocol (IP) communications
Which encryption protocol is used for securing email messages?
a. S/MIME
b. SRTP
c. HTTPS
d. TLS
a
Three primary characteristics that determine the resiliency of the key to attacks (called __ __)
* Randomness
* Length
* Cryptoperiod – length of time for which a key is authorized for use
key strength
Which of the following is NOT a primary characteristic of key strength?
a. Randomness
b. Uniqueness
c. Key length
d. Cryptoperiod
b
