Security & crytography

Question 1

What is the difference between symmetric and asymmetric encryption

Answer 1

Symmetric encryption uses the same key to encrypt and decrypt
Asymmetric encryption uses different keys to encrypt and decrypt

Question 2

What does AES stand for ?

Answer 2

Advanced Encryption Standard

Question 3

What does ECB stand for ?

Answer 3

Electronic Code Book

Question 4

Describe the steps in ecb mode ?

Answer 4

1.) Convert your plaintext to binary
2.) Convert your key to binary
3.) XOR your values in steps 1 and 2
4.) Convert your output in step 3 into hex
5.) Put your hex value from the previous stage into your given substitution box
6. ) Convert your hex value form the substitution and convert it to binary
7.) Put your binary from the previous step into a permutation box (this is you final answer)
8.) Convert your final answer to correct type( hex, decimal or binary)

Question 5

Describe the steps in cbc mode ?

Answer 5

1.) Convert your initialisation vector to binary
2.) Convert your plaintext to binary
3.) XOR your values in steps 1 and 2 (remember the value after the xor)
4.) Convert your key to binary
5.) XOR your values in step 3 and 4
6.) Convert your output in step 5 into hex
7.) Put your hex value from the previous stage into your given substitution box
8. ) Convert your hex value form the substitution and convert it to binary
9.) Put your binary from the previous step into a permutation box (this is you final answer)
10.) Convert your final answer to correct type( hex, decimal or binary)

Question 6

Name some modern applications of cryptography

Answer 6

• Online Banking
• Secure Remote Access(Moodle from home
• Cryptocurrency
• Cloud Storage Security
• E-commerce
• Messaging

Question 7

What is cryptography

Answer 7

• Cryptography is the practice evaluation, and analysis of approaches and techniques to establish security services, such as confidentiality, integrity and authenticity within communication environment to establish data security

Question 8

Should we use untested crypto systems

Answer 8

No

Question 9

What is a key in cryptography

Answer 9

Key is a means to safeguard data

Question 10

Define cryptoanalysis

Answer 10

the study of complex statistical and mathematical techniques to obtain meaningful information about the ciphertext or encrypted message

Question 11

What is Kirchhoff’s principle

Answer 11

A cryptosystem should preserve its security properties even if everything about the cryptosystem, such as, encryption and decryption algorithms are made public, provided the secret key is kept securely

Question 12

What are the 5 tuples of cryptosystems

Answer 12

E = Encryption
D = Decryption
M = letter in plaintext
K =Key
C = Ciphertext

Question 13

What is another name for substitution cipher

Answer 13

monoalphabetic substitution

Question 14

A simple mono-alphabetic substitution cipher has how many possible keys?

Answer 14

26!

Question 15

How does substitution cipher work?

Answer 15

It involves one-to-one mapping of the plaintext letter by a fixed ciphertext letter.

Question 16

What are some drawbacks of substitution cipher?

Answer 16

• This cipher is not secure because its prone to brute force attack(exhaustive key search)
• Cipher text is also prone to letter frequency analysis

Question 17

Name a type of substitution cipher

Answer 17

Caeser cipher

Question 18

What happens in Caeser cipher

Answer 18

Every character is replaced with the character three (k) slots to the right

Question 19

What are the caesar cipher formula

Answer 19

• Encryption c = e^k (m) = m + k mod 26
• Decryption m = d^k (c) = c - k mod 26

Question 20

What are some drawbacks of caesar cipher

Answer 20

Prone to brute force / exhaustive search because there are only 26 keys.

Prone to letter frequency analysis

Question 21

Describe how dictionary attack works

Answer 21

. You get some words then:
○ First letter in word becomes A
○ Second letter becomes B and etc
○ Letter repeated occurrences in the plaintext use the same letter

Question 22

Describe a benefit of dictionary attack

Answer 22

Allows us to perform decryption faster on ciphertext produced from substitution cipher

Question 23

Describe some weaknesses of dictionary attacks

Answer 23

• Different words can have the same pattern
  To avoid this use dictionary on longer words so you can avoid getting the same pattern

Question 24

What is another name for vigenere cipher

Answer 24

Polyalphabetic cipher

Question 25

What is a benefit of vigenere cipher

Answer 25

Unlike substitution cipher each letter can be mapped to more than 1 letter.

Question 26

How does vigenere cipher work

Answer 26

1.) You have a key letter stream and a your plain text
2.) Underneath you the letter stream and plain text, for each letter there is a corresponding no (key stream no. and plaintext no.)
3.) We need to calculate a cipherttext no. to do this we do the following :
. (Key stream no + plaint text no) mod 26
4. To get our ciphetext letter we look at the corresponding letter for each ciphertext no
(Look at week 3 in slides for example)

Question 27

What are the formulas for vigenere cipher

Answer 27

Encryption(to get cipher text) - (p1 +k1) mod 26

decryption(to get plaintext text) - (c1 - k1) mod 26

p1 = plaintext no
k1 = key stream no
c1 = ciphertext no

Note when doing decryption if c1 - k1 is a negative number subtract it from 26 to get the plain text e.g. 2-4 = -2 then do 26-2 = 4

Question 28

Explain how a vigenere table works

Answer 28

You are given your plaintext and key. You keep going along the table until you meet and thats your cipher text (See week 3 to see how it works)

Question 29

What is a drawback of Vigenere cipher

Answer 29

prone to incident of coincidence meaning some letters are mapped to each other which makes is it easier to find the key length via letter frequency analysis

Question 30

What is transposition cipher

Answer 30

Moving the plaintext letters in some logical fashion to produce a ciphertext

Question 31

Name a type of transposition cipher

Answer 31

columnar transposition

Question 32

How does columnar transposition work

Answer 32

• In columnar transposition we spread the letters across the grid and read the letters by column for the cipher text(check slide)

*Another way to do columnar transposition is with a keyword. (irrregurlar column transposition)

• We do the same as stated above but we order the columns alphabetically before reading them by column
  (See week 3 for example)

Question 33

Name some drawbacks of transposition cipher

Answer 33

If you can determine the number of columns you can determine the length of the keyword

Prone to anagramming

Question 34

What happens in permutation cipher

Answer 34

Basically permutation box

Question 35

What is a benefit of permutation cipher

Answer 35

improves the security of encryption, such as, Block Ciphers

Question 36

Name the modern principles of modern cryptography

Answer 36

1. Large enough key space to resist exhaustive search
2. Resistant to frequency analysis
3. Small change in plaintext results in large change in ciphertext
4. Security depends only on secrecy of key, and not on secrecy of algorithm (Kerckhoff’s principle)

Question 37

What does SPN stand for ?

Answer 37

Substitution Permutation Network

Question 38

What does SPN do

Answer 38

Uses repeated application of XOR key mixing
substitution and permutation to achieve confusion and
diffusion.

Question 39

Name some forms of encryption that use SPN

Answer 39

AES and Heys cipher

Question 40

Define confusion

Answer 40

To make the relation between encryption and the key a very complex and involved one

Question 41

Define diffusion

Answer 41

Plaintext is dissipated so that a tremendous amount of material is needed to tie down this structure

Question 42

What are the evaluation criteria when it comes to cryptography

Answer 42

1. Security
   * Resistance to cryptanalysis, soundness of math, randomness of
   output, etc
2. Cost
   * Computational efficiency (speed) and memory requirements etc
3. Algorithm and Implementation Characteristics
   * Flexibility, hardware and software suitability, algorithm simplicity

Question 43

What is padding?

Answer 43

• Padding is when you add extra data to end so it matches the blocksize

Question 44

Name some modes of operation

Answer 44

. ECB mode - encrypts each block with the same key
. CBC makes use of initialisation vector
. OFB mode
. CFB mode
. CTR mode
. GCM mode

Question 45

What is a one time pad?

Answer 45

A chunk of key material that is as long as the plaintext to be encrypted, and that, once it is used, is thrown away and never used again for encrypting anything

The cipher text from one time pads is unbreakable because the plaintext could literally be anything

Question 46

What is the rule for one time pads

Answer 46

If the key is truly random, and is the same length as the plaintext, then the ciphertext is also truly random

Question 47

What is the main difference between stream and block ciphers

Answer 47

Block ciphers encrypt block by block whereas stream ciphers encrypt by byte/bit

Question 48

Give some info on stream ciphers

Answer 48

Loosely based around the idea of the one-time pad

• Generate a pseudorandom key stream and use it as the key to
  an XOR cipher.

Question 49

What are the 2 types of stream ciphers

Answer 49

• Synchronous Stream Ciphers:
  . Pseudo-random digits generated independently of plain-text
  and cipher-text
  
  • Both sides must be synchronised.
• Self-synchronising stream ciphers:
  
  • Will resynchronise after a certain number of bytes since a lost
    one.

Question 50

What is another name for hash functions?

Answer 50

one-way/trapdoor functions

Question 51

What conditions should hash functions satisfy ?

Answer 51

• They must be fast to compute
• Given the hash, H(m), of message , it must be very difficult to find
  another message, m′
  that computes to the same hash (“finding the
  inverse”)
• Should be hard to find m and m′
  such that their hashes match

Question 52

Describe the steps in RSA (brief look)

Answer 52

RSA in a nutshell
1. Choose two large primes p and q, and calculate n = p ∗ q.
2. From n follow some maths steps to calculate the value e and d
3. Publish n and e, keep d secret and destroy p and q
4. Encryption of m is now c = m^e (mod n)
5. Decryption of c is then m = c^d (mod n)

Question 53

Name the AES Finalists

Answer 53

• MARS
• RC6
• Serpent
• Twofish
• Rijndael (WINNER)

Question 54

Name a cryptographic hash function

Answer 54

MD5

Question 55

Which AES mode of operation provides authentication as well as confidentiality

Answer 55

Galois Counter Mode (GCM)

Question 56

What padding scheme is least advisable in practice?

Answer 56

Pad the message with all zeros.

Question 57

Why is DES no longer recommended for use in new products requiring encryption?

Answer 57

The key is too short

Question 58

Is RSA asymmetric

Answer 58

Yes

Question 59

In AES is the key-size large enough for the foreseeable future to be secure.

Answer 59

yes

Question 60

What do fiestel ciphers do?

Answer 60

Breaks the problem of designing a good block cipher into the design of a good key expansion algorithm and a good round function

Question 61

Name some valid round operations in AES

Answer 61

AddRoundKey() and MixColumns()