Security & crytography Flashcards
What is the difference between symmetric and asymmetric encryption
Symmetric encryption uses the same key to encrypt and decrypt
Asymmetric encryption uses different keys to encrypt and decrypt
What does AES stand for ?
Advanced Encryption Standard
What does ECB stand for ?
Electronic Code Book
Describe the steps in ecb mode ?
1.) Convert your plaintext to binary
2.) Convert your key to binary
3.) XOR your values in steps 1 and 2
4.) Convert your output in step 3 into hex
5.) Put your hex value from the previous stage into your given substitution box
6. ) Convert your hex value form the substitution and convert it to binary
7.) Put your binary from the previous step into a permutation box (this is you final answer)
8.) Convert your final answer to correct type( hex, decimal or binary)
Describe the steps in cbc mode ?
1.) Convert your initialisation vector to binary
2.) Convert your plaintext to binary
3.) XOR your values in steps 1 and 2 (remember the value after the xor)
4.) Convert your key to binary
5.) XOR your values in step 3 and 4
6.) Convert your output in step 5 into hex
7.) Put your hex value from the previous stage into your given substitution box
8. ) Convert your hex value form the substitution and convert it to binary
9.) Put your binary from the previous step into a permutation box (this is you final answer)
10.) Convert your final answer to correct type( hex, decimal or binary)
Name some modern applications of cryptography
- Online Banking
- Secure Remote Access(Moodle from home
- Cryptocurrency
- Cloud Storage Security
- E-commerce
- Messaging
What is cryptography
- Cryptography is the practice evaluation, and analysis of approaches and techniques to establish security services, such as confidentiality, integrity and authenticity within communication environment to establish data security
Should we use untested crypto systems
No
What is a key in cryptography
Key is a means to safeguard data
Define cryptoanalysis
the study of complex statistical and mathematical techniques to obtain meaningful information about the ciphertext or encrypted message
What is Kirchhoff’s principle
A cryptosystem should preserve its security properties even if everything about the cryptosystem, such as, encryption and decryption algorithms are made public, provided the secret key is kept securely
What are the 5 tuples of cryptosystems
E = Encryption
D = Decryption
M = letter in plaintext
K =Key
C = Ciphertext
What is another name for substitution cipher
monoalphabetic substitution
A simple mono-alphabetic substitution cipher has how many possible keys?
26!
How does substitution cipher work?
It involves one-to-one mapping of the plaintext letter by a fixed ciphertext letter.
What are some drawbacks of substitution cipher?
- This cipher is not secure because its prone to brute force attack(exhaustive key search)
- Cipher text is also prone to letter frequency analysis
Name a type of substitution cipher
Caeser cipher
What happens in Caeser cipher
Every character is replaced with the character three (k) slots to the right
What are the caesar cipher formula
- Encryption c = e^k (m) = m + k mod 26
- Decryption m = d^k (c) = c - k mod 26
What are some drawbacks of caesar cipher
Prone to brute force / exhaustive search because there are only 26 keys.
Prone to letter frequency analysis
Describe how dictionary attack works
. You get some words then:
○ First letter in word becomes A
○ Second letter becomes B and etc
○ Letter repeated occurrences in the plaintext use the same letter
Describe a benefit of dictionary attack
Allows us to perform decryption faster on ciphertext produced from substitution cipher
Describe some weaknesses of dictionary attacks
- Different words can have the same pattern
To avoid this use dictionary on longer words so you can avoid getting the same pattern
What is another name for vigenere cipher
Polyalphabetic cipher
What is a benefit of vigenere cipher
Unlike substitution cipher each letter can be mapped to more than 1 letter.
How does vigenere cipher work
1.) You have a key letter stream and a your plain text
2.) Underneath you the letter stream and plain text, for each letter there is a corresponding no (key stream no. and plaintext no.)
3.) We need to calculate a cipherttext no. to do this we do the following :
. (Key stream no + plaint text no) mod 26
4. To get our ciphetext letter we look at the corresponding letter for each ciphertext no
(Look at week 3 in slides for example)
What are the formulas for vigenere cipher
Encryption(to get cipher text) - (p1 +k1) mod 26
decryption(to get plaintext text) - (c1 - k1) mod 26
p1 = plaintext no
k1 = key stream no
c1 = ciphertext no
Note when doing decryption if c1 - k1 is a negative number subtract it from 26 to get the plain text e.g. 2-4 = -2 then do 26-2 = 4
Explain how a vigenere table works
You are given your plaintext and key. You keep going along the table until you meet and thats your cipher text (See week 3 to see how it works)
What is a drawback of Vigenere cipher
prone to incident of coincidence meaning some letters are mapped to each other which makes is it easier to find the key length via letter frequency analysis
What is transposition cipher
Moving the plaintext letters in some logical fashion to produce a ciphertext
Name a type of transposition cipher
columnar transposition
How does columnar transposition work
- In columnar transposition we spread the letters across the grid and read the letters by column for the cipher text(check slide)
*Another way to do columnar transposition is with a keyword. (irrregurlar column transposition)
- We do the same as stated above but we order the columns alphabetically before reading them by column
(See week 3 for example)
Name some drawbacks of transposition cipher
If you can determine the number of columns you can determine the length of the keyword
Prone to anagramming
What happens in permutation cipher
Basically permutation box
What is a benefit of permutation cipher
improves the security of encryption, such as, Block Ciphers
Name the modern principles of modern cryptography
- Large enough key space to resist exhaustive search
- Resistant to frequency analysis
- Small change in plaintext results in large change in ciphertext
- Security depends only on secrecy of key, and not on secrecy of algorithm (Kerckhoff’s principle)
What does SPN stand for ?
Substitution Permutation Network
What does SPN do
Uses repeated application of XOR key mixing
substitution and permutation to achieve confusion and
diffusion.
Name some forms of encryption that use SPN
AES and Heys cipher
Define confusion
To make the relation between encryption and the key a very complex and involved one
Define diffusion
Plaintext is dissipated so that a tremendous amount of material is needed to tie down this structure
What are the evaluation criteria when it comes to cryptography
- Security
* Resistance to cryptanalysis, soundness of math, randomness of
output, etc - Cost
* Computational efficiency (speed) and memory requirements etc - Algorithm and Implementation Characteristics
* Flexibility, hardware and software suitability, algorithm simplicity
What is padding?
- Padding is when you add extra data to end so it matches the blocksize
Name some modes of operation
. ECB mode - encrypts each block with the same key
. CBC makes use of initialisation vector
. OFB mode
. CFB mode
. CTR mode
. GCM mode
What is a one time pad?
A chunk of key material that is as long as the plaintext to be encrypted, and that, once it is used, is thrown away and never used again for encrypting anything
The cipher text from one time pads is unbreakable because the plaintext could literally be anything
What is the rule for one time pads
If the key is truly random, and is the same length as the plaintext, then the ciphertext is also truly random
What is the main difference between stream and block ciphers
Block ciphers encrypt block by block whereas stream ciphers encrypt by byte/bit
Give some info on stream ciphers
Loosely based around the idea of the one-time pad
- Generate a pseudorandom key stream and use it as the key to
an XOR cipher.
What are the 2 types of stream ciphers
- Synchronous Stream Ciphers:
. Pseudo-random digits generated independently of plain-text
and cipher-text- Both sides must be synchronised.
- Self-synchronising stream ciphers:
- Will resynchronise after a certain number of bytes since a lost
one.
- Will resynchronise after a certain number of bytes since a lost
What is another name for hash functions?
one-way/trapdoor functions
What conditions should hash functions satisfy ?
- They must be fast to compute
- Given the hash, H(m), of message , it must be very difficult to find
another message, m′
that computes to the same hash (“finding the
inverse”) - Should be hard to find m and m′
such that their hashes match
Describe the steps in RSA (brief look)
RSA in a nutshell
1. Choose two large primes p and q, and calculate n = p ∗ q.
2. From n follow some maths steps to calculate the value e and d
3. Publish n and e, keep d secret and destroy p and q
4. Encryption of m is now c = m^e (mod n)
5. Decryption of c is then m = c^d (mod n)
Name the AES Finalists
- MARS
- RC6
- Serpent
- Twofish
- Rijndael (WINNER)
Name a cryptographic hash function
MD5
Which AES mode of operation provides authentication as well as confidentiality
Galois Counter Mode (GCM)
What padding scheme is least advisable in practice?
Pad the message with all zeros.
Why is DES no longer recommended for use in new products requiring encryption?
The key is too short
Is RSA asymmetric
Yes
In AES is the key-size large enough for the foreseeable future to be secure.
yes
What do fiestel ciphers do?
Breaks the problem of designing a good block cipher into the design of a good key expansion algorithm and a good round function
Name some valid round operations in AES
AddRoundKey() and MixColumns()
