Summarize the basics of cryptographic concepts

Question 1

Digital signatures

Answer 1

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. … Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions or digital messages.

Question 2

Key length

Answer 2

In cryptography, a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.

Question 3

Key stretching

Answer 3

A technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against bruteforce attacks.

Question 4

Salting

Answer 4

A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to (“salting”) each plaintext input.

Question 5

Hashing

Answer 5

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

Question 6

Key exchange

Answer 6

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Question 7

Elliptic-curve cryptography

Answer 7

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.

Question 8

Perfect forward secrecy

Answer 8

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Question 9

Quantum

Answer 9

Communications
Computing

Quantum refers to computers that use properties of quantum mechanics to significantly out-perform classical computers at certain tasks.

Question 10

Communications

Answer 10

While quantum computing could put the strength of current cryptographic ciphers at risk, it also has the promise of underpinning more secure cryptosystems. The properties of entanglement, superposition, and collapse suit the design of a tamper-evident communication system that would allow secure key agreement.

Question 11

Computing

Answer 11

A quantum computer performs processing on units called qubits (quantum bits). A qubit can be set to 0 or 1 or an indeterminate state called a superposition, where there is a probability of it being either 1 or 0. The likelihood can be balanced 50/50 or can be weighted either way. The power of quantum computing comes from the fact that qubits can be entangled. When the value of a qubit is read, it collapses to either 1 or 0, and all other entangled qubits collapse at the same time. The strength of this architecture is that a single operation can utilize huge numbers of state variables represented as qubits, while a classical computer’s CPU must go through a read, execute, write cycle for each bit of memory. This makes quantum very well-suited to solving certain tasks, two of which are the factoring problem that underpins RSA encryption and the discrete logarithm problem that underpins ECC.

Question 12

Post-quantum

Answer 12

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have accesss to significant quantum processing capability.

Question 13

Ephemeral

Answer 13

In cryptography, a key that is used within the context of a single session only.

Question 14

Modes of operation

Answer 14

Authenticated
Unauthenticated
Counter

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Question 15

Authenticated

Answer 15

message authentication code (MAC) provides an authentication and integrity mechanism by hashing a combination of the message output and a shared secret key. The recipient can perform the same process using his or her copy of the secret key to verify the data. This type of authenticated encryption scheme is specified in a cipher suite as separate functions, such as “AES CBC with HMAC-SHA.” Unfortunately, the implementation of this type of authenticated mode in AES CBC is vulnerable to a type of cryptographic attack called a padding oracle attack (docs.microsoft.com/en-us/dotnet/standard/security/vulnerabilities-cbc-mode).

Question 16

Unauthenticated

Answer 16

Symmetric algorithms do not provide message integrity or authentication. The basic CBC and counter modes of operation are unauthenticated. While a man-in-the-middle cannot decrypt them directly without the secret key, the ciphertexts are vulnerable to arbitrary data being inserted or modified to break the encryption scheme, referred to as a chosen ciphertext attack.

Question 17

Counter

Answer 17

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).

Question 18

Blockchain

Answer 18

Public ledgers

Blockchain is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network. An asset can be tangible (a house, car, cash, land) or intangible (intellectual property, patents, copyrights, branding).

Question 19

Public ledgers

Answer 19

The blockchain is recorded in a public ledger. This ledger does not exist as an individual file on a single computer; rather, one of the most important characteristics of a blockchain is that it is decentralized. The ledger is distributed across a peer-to-peer (P2P) network in order to mitigate the risks associated with having a single point of failure or compromise. Blockchain users can therefore trust each other equally. Likewise, another defining quality of a blockchain is its openness—everyone has the same ability to view every transaction on a blockchain.

Question 20

Cipher suites

Answer 20

Stream
Block

A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS)

Question 21

Stream

Answer 21

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Question 22

Block

Answer 22

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

Question 23

Symmetric vs. asymmetric

Answer 23

A symmetric cipher is one in which encryption and decryption are both performed by the same secret key.

With an asymmetric cipher, operations are performed by two different but related public and private keys in a key pair.

Question 24

Lightweight cryptography

Answer 24

Another problem affecting current cryptographic ciphers is use on low-power devices. NIST is hoping that a compact cipher suite will be be developed that is both quantum resistant and that can run on battery-powered devices with minimal CPU and memory resources.

Question 25

Steganography

Answer 25

Audio
Video
Image

Steganography is the practice of hiding a secret message in something that is not secret.

Question 26

Audio Steganography

Question 27

Video Steganography

Question 28

Image Steganography

Question 29

Homomorphic encryption

Answer 29

Method that allows computation of certain fields in a dataset without decrypting it.

Is principally used to share privacy-sensitive data sets. When a company collects private data, it is responsible for keeping the data secure and respecting the privacy rights of individual data subjects. Companies often want to use third parties to perform analysis, however. Sharing unencrypted data in this scenario is a significant risk.

Question 30

Common use cases

Answer 30

Low power devices
Low latency
High resiliency
Supporting confidentiality
Supporting integrity
Supporting obfuscation
Supporting authentication
Supporting non-repudiation

Question 31

Low power devices

Answer 31

Low power devices—some technologies or ciphers configured with longer keys require more processing cycles and memory space. This makes them slower and means they consume more power. Consequently, some algorithms and key strengths are unsuitable for handheld devices and embedded systems, especially those that work on battery power. Another example is a contactless smart card, where the card only receives power from the reader and has fairly limited storage capacity, which affects the maximum key size supported.

Question 32

Low latency

Answer 32

Low latency uses—this can impact protocol handshake setup times. A longer handshake will manifest as delay for the user, and could cause timeout issues with some applications. Also, if cryptography is deployed with a real time-sensitive channel, such as voice or video, the processing overhead on both the transmitter and receiver must be low enough not to impact the quality of the signal.

Question 33

High resiliency

Answer 33

As well as providing integrity at the level of individual messages, cryptography can be used to design highly resilient control systems. A control system is one with multiple parts, such as sensors, workstations, and servers, and complex operating logic. Such a system is resilient if compromise of a small part of the system is prevented from allowing compromise of the whole system. Cryptography assists this goal by ensuring the authentication and integrity of messages delivered over the control system.

Question 34

Supporting confidentiality

Question 35

Supporting integrity

Question 36

Supporting obfuscation

Answer 36

Integrity and resiliency are also an issue for computer code. If a threat actor has administrator privileges, they can change the operation of legitimate code to make it work as malware. A developer can make tampering more difficult using obfuscation. Obfuscation is the art of making a message difficult to understand. Obfuscated source code is rewritten in a way that does not affect the way the computer compiles or executes the code, but makes it difficult for a person reading the code to understand how it works.

Question 37

Supporting authentication

Question 38

Supporting non-repudiation

Answer 38

Non-repudiation is linked to identification and authentication. It is the concept that the sender cannot deny sending the message. If the message has been encrypted in a way known only to the sender, it follows that the sender must have composed it.

Question 39

Limitations

Answer 39

Speed
Size
Weak keys
Time
Longevity
Predictability
Reuse
Entropy
Computational overheads
Resource vs. security constraints

Question 40

Speed

Answer 40

Speed—for symmetric ciphers and hash functions, speed is the amount of data per second that can be processed. Asymmetric ciphers are measured by operations per second. Speed has the most impact when large amounts of data are processed.

Question 41

Size

Answer 41

Size—the security of a cipher is strongly related to the size of the key, with longer keys providing better security. Note that the key size cannot be used to make comparisons between algorithms. For example, a 256-bit ECC key is stronger than a 2048-bit RSA key. Larger keys will increase the computational overhead for each operation, reducing speed and increasing latency.

Question 42

Weak keys

Answer 42

A weak key is one that produces ciphertext that is lower entropy than it should be. If a key space contains weak keys, the technology using the cipher should prevent use of these keys.

Question 43

Time

Answer 43

Time/latency—for some use cases, the time required to obtain a result is more important than a data rate. For example, when a secure protocol depends on ciphers in the handshake phase, no data transport can take place until the handshake is complete. This latency, measured in milliseconds, can be critical to performance.

Question 44

Longevity

Answer 44

longevity is the consideration of how long data must be kept secure. If you assume that a ciphertext will be exposed at some point, how long must that ciphertext resist cryptanalysis?

Question 45

Predictability

Answer 45

Predictability is a weakness in either the cipher operation or within particular key values that make a ciphertext lower entropy and vulnerable to cryptanalysis.

Question 46

Reuse

Question 47

Entropy

Answer 47

A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Question 48

Computational overheads

Answer 48

Computational overheads—in addition to key size selection, different ciphers have unique performance characteristics. Some ciphers require more CPU and memory resources than others, and are less suited to use in a resource-constrained environment.

Question 49

Resource vs. security constraints

Answer 49

Resource constraints may require you to make a tradeoff between security and performance, but you cannot trade too far.