Video Content Lesson 3

Question 2

Julius Caesar’s Cryptography was known as

Answer 2

ROT3 (Rotate 3 characters)

Question 3

Famous German Encryption Machine

Answer 3

Enigma

Question 4

Japanese Encryption Machine

Answer 4

Purple Machine

Question 5

Current Goals of Cryptography

Answer 5

Ensure Confidentiality (private messages stay private even during transmission)
Provide Integrity (ensure message hasn't been changed in transmission--digital signature does this)
Provide Authentication (Validates claimed identity of message's sender, uses encrypted challenge phrases to ensure other party knows appropriate key--similar to non-repudiation)
Provides Nonrepudiation (provides assurance that message came from who it says it came from, validates that message has not been spoofed)

Question 6

Cryptographic Uses

Answer 6

Email
Protocols and standards (PGP Pretty Good Privacy; S/MIME Secure/Multipurpose Internet Mail Extension; IPSec Internet connection security; SSL/TLS Secure Socket Layer/Transport Layer Security)

Question 7

Concepts and Methodologies

Answer 7

Cryptography Terms
Tranposition Cipher
Subtitution Cipher
Cipher Categories
Cipher Process
Symmetric Algorithms
Asymmetric Algorithms
Message Authentication

Question 8

Cryptography Terms

Answer 8

plaintext-Original message- readable
Ciphertext-encrypted message- only readable if first decrypted
Cipher-process of rearranging or altering a plantext message so it is unreadable

Question 9

Tranposition Cipher

Answer 9

Start with a keyword
List the ordinal values, based on a letter’s position in the alphabet
Write plaintext message in tabular form
Read individual columns

Question 10

Substitution Cipher

Answer 10

replaces each character of a plaintext message
All that is needed is a table of plaintext characters and their associated substitute characters
A simple algorithm can be created
Both sender and receiver must use same
One-Time Pad (OTP) (only known unconditionally secure cipher)
Never reuse a OTP

Question 11

Cipher Categories

Answer 11

Stream Cipher (each character is encrypted-example substitution cipher)
Block Cipher (works on a chunk/block of plaintext-example transposition cipher)

Question 12

Cipher Process

Answer 12

One-way function (function that is relatively easy to use to produce output values AND impossible (or nearly so) to deduce the input values from the output values)
Algorithm is sequence of steps used to encrypt plaintext
Key is some value used by the algorithm to encrypt plaintext

Question 13

Symmetric Algorithms

Answer 13

Secret Key Algorithm (same key used to encrypt and decrypt a message
Weaknesses (Key Distribution, lacking nonrepudiation, not scalable (to lots of people)
Main Strength (Fast)

Question 14

Asymmetric Algorithms

Answer 14

Public Key Algorithm (public and private key)
Sender encrypts the message with the receiver’s public key
Receiver decrypts the message with his own private key
Strengths (user maintenance and key management is easy, supports nonrepudiation, key distribution is simple)
Weakness (Slow)

Question 15

Message Authentication

Answer 15

Hashing (mathmatical process that produces a digest of a message (similar to checksums); when the message changes, the digest changes as well; extremely unlikely for two messages to produce the same digest
Hashing allows the receiver to verify authenticity of the message
Digital signatures are used to verify the authenticity of a message

Question 16

Cryptopraphic Algorithms

Answer 16

Binary math used in most cryptographic algorithms (AND, OR, XOR) (most typically used XOR)
DES
Triple DES
IDEA-Blowfish-Skipjack
AES
RSA-El Gamal
Hashing Algorithms
Other Hashing Algorithms

Question 17

DES

Answer 17

Symetrical Coding
Data Encryption Standard (DES)
Published in 1977
Adopted by US government as a standard for all data communications
64-bit block cipher
Key is 56-bit key (remaining 8 bits are parity bits)
4 DES modes
1-Electronic Codebook (ECB) (each 64-bit plaintext block is encrypted with the key)
2-Cipher Block Chaining (CBC) (the XOR operator is used to combine each plaintext block and the preceeding block before encryption)
3-Cipher Feedback (CFB) (the XOR operator is used to combine each plaintext block and the preceeding block after encryption)
4-Output Feedback (OFB) (similart to CFB, but the plaintext is combined with a seed value using the XOR operator

Question 18

Triple DES

Answer 18

Double DES (2DES)--No stronger than DES
Triple DES (3DES)
More secure implementation of the DES algorithm
Exists in three versions (all versions are equally secure)
Ecryption algorithm is the same as DES
E(K1,E(K2,E(K3,P))) 168 bits
E(K1,E(K2,E(K1,P))) 112 bits
E(K1,D(K2,E(K1,P))) 112 bits
E-encryption algorithm
D-decryption algormithm
K1, K2, K3-encryption keys
P-plaintext

Question 19

IDEA

Answer 19

IDEA - International Data Encryption Algorithm (stronger alternative to DES)
Works on 64-bit blocks
Key starts at 128-bits
Key is broken into 52 16-bit subkeys
Subkeys are used to encrypt the plaintext
Very secure (used in commercial business)

Question 20

Blowfish

Answer 20

Developed by Bruce Schneider as an alternative to DES and IDEA
Operates on 64-bit blocks
Key can vary from 32 bits to 448 bits

Question 21

Skipjack

Answer 21

Block cipher operates on 64-bit blocks
Uses 80-bit key
Used in Clipper and Capstone high-speek encryption chips
Supports key escrow

Question 22

AES

Answer 22

Advanced Encryption Standard (AES) (Symetrical)
Based on Rijndael cipher
Allows three key strengths
128-bit key (requires 9 rounds of encryption)
192-bit key (requires 11 rounds of encryption)
256-bit key (requires 13 rounds of encryption)
Uses three transformation layers (Linear, nonlinear, key additional transform)

Question 23

RSA

Answer 23

Asymetrical have at least two key (public and private)
RSA created (1977) by (Ronald Rivest, Adi Shamire, and Leonard Adleman)
Most Popular
Depends on difficulty in factoring very large prime numbers

Question 24

El Gamal

Answer 24

1985 by Dr. T. El Gamal

Uses large integers and modular mathmetics to calculate keys

Question 25

Hashing Algorithms

Answer 25

a hash is taking a block of code and creating an output string of a block of code that represents a digest
SHA-1 (Secure Hash Algorithm)
developed by the National Institute of Standards and Technology (NIST)
Input any size
Always generates a 160-bit digest
MD2, MD4, and MD5 (Message Digest)
MD5 was developed by Ronald Rivest in 1991
Uses 4 computation rounds and produces a 12-bit digest

Question 26

Other Hashing Algorithms

Answer 26

Haval (univeristy of Wallongong, Australia variable length output 128, 160, 192, 224, or 256 bits AND variable number of rounds 3, 4, or 5)
RIPEMD-160 (European RACE Integrity Primitives Evaluation project with 160 bit output AND 5 paired rounds of 16 steps each)

Question 27

Cryptographic Practices

Answer 27

Digital Signatures
Signature Types
Key Distribution
Stenganography
PKI

Question 28

Digital Signatures

Answer 28

provides assurance that the message came from the stated sender AND did not change while in transit (Nonrepudiation and integrity)

Question 29

Signature Types

Answer 29

Hashed Message Authentication Code (HMAC) (Uses shared secret keys, so it does NOT provide nonrepudiation BUT it is more efficient thatn public key encryption schemes
Digital Signature Algorithm (DSA) (Asymmetric algorithm , Variable-length key size 512 and 1024 bits, works with SHA-1 digests
Digital Signature Standard (DSS) (Documentation or standatd set forth by NIST that sets standards for all government cryptography usage, Standard states that DSA is used for digital signatures and SHA-1 for hashing)

Question 30

Key Distribution

Answer 30

how distribute keys?
Manual (paper or electronic)
Public key encryption (once public key encryptions is set up, it can be used to exchange private keys)
Diffie-Hellman Exchange (Algorithm used to calculate and exchange values on both sides; uses large integers and modular arithmetic; Each side produces the same large integer which is used as a secret key)

Question 31

Stenganography

Answer 31

normal cryptography just encrypts a message
Hides the fact that the message exists
In normal use, the message is hidden inside another document
graphics files are common carriers
EX- every 16th bit could be changed without changing the actual image appearance

Question 32

PKI (Public Key Infrustructure)

Answer 32

Ansymetric keys most common to use
Digital certificate (a copy of a person’s public key that is endorsed by a trusted third party)
Certificate Authorities (CA) (neutral organizations that offer notarization services for digital certificates; the validity of the CA is the trust that users have in them)
If a digital certificate is received from an unknown CA, do not accept it)
Public keys are published as digital certificates
CAs handles the generation and distribution of keys
Trust in the CA provides assurance that the parties presenting the days are who they say they are

Question 33

System Architecture

Answer 33

PEM
MOSS
S-MIME
SSL
HTTPS
SET
IPSec
ISAKMP

Question 34

PEM

Answer 34

Privacy Enhanced Mail (PEM) (secure e-mail standard that uses CA-managed digital certificates)

Question 35

MOSS

Answer 35

MIME Object Security Services (MOSS) (suggested replacement for PEM that does NOT use CA digital certificates; provides associations between e-mail addresses and certificates; provides secure exchange of attached documents)

Question 36

S-MIME

Answer 36

Secure/Multipurpose Internet Mail Extensions (S/MIME) (e-mail encryption standard; Uses X.509 digital certificates to exchange keys; routinely uses both symmetric and asymmetric algorithms; very configurable; very flexible

Question 37

SSL

Answer 37

Secure Sockets Layer (SSL) (originally developed by Netscape to provide encrypted transfers between a Web client and a Web server; uses certificates; weakness as it provides encryption only to the web server which is usually outside the firewall; TLS should replace SSL)

Question 38

HTTPS

Answer 38

Secure Hypertext Transfer Protocol (SHTTP/HTTPS) Differs from SSL in that each message is encrypted instead of creating a secure channel; supports 2-way authentication

Question 39

SET

Answer 39

Secure Electronic Transactions (SET) by Visa and Mastercard

Question 40

IPSec

Answer 40

IP Security (IPSec) (complete infrastructure for secure network communications; 1-Transport mode - only the payload is encrypted (can be used with VPM); 2-Tunnel mode - entire packet is encrypted, including the header (gateway to gateway connection through a VPN)

Question 41

ISAKMP

Answer 41

Internet Security Association and Key Management Protocol (ISAKMP) (provides background services for IPSec; provides a method to maintain Security Associations of IPSec machines; provides key management)

Question 42

Methods of Attack

Answer 42

Brute Force
Known Plaintext
Chosen Ciphertext
Chosen Plaintext
Meet-in-the-Middle
Man-in-the-Middle
Birthday
Replay

Question 43

Brute Force

Answer 43

Exhaustively attempts every possible combination to try to break a key
Consumes substantial computing resources
always look at the safety and security of algorithms as computing power changes

Question 44

Known Plaintext

Answer 44

The attacker has a copy of the plaintext and ciphertext versions of the protected file; allows the attacker to analyze the relationship between the plaintext and the ciphertext

Question 45

Chosed Ciphertext

Answer 45

If the attacker can decrypt portions of the encrypted message; the decrypted message fragment can be analyzed to possibly discover the key

Question 46

Chosen Plaintext

Answer 46

attacker can encrypt palintext message; compare ciphertext with result of another encryption to possibly discover the key by matching the two

Question 47

Meet-in-the-Middle

Answer 47

MIM attacker uses two simultaneous brute force attacks; works for algorithms that use two rounds of encryption; attacker encrypts a known plaintext with every possible key while decrypting the associated ciphertext with every possible key
attack is successful when a match is found

Question 48

Man-in-the-Middle

Answer 48

MIM (usual MIM) attacker sits betweeen an intended sender and receiver
Intercepts session initiation and sets up a session from the sender to the attacker, and from the attacker to the receiver

Question 49

Birthday

Answer 49

based on probability
Also called the collision attack
attempts to find a different message that produces the same digest
If you have a room with at least 23 people there is a 50% chance that there are two people with the same birthday

Question 50

Replay

Answer 50

Attacker intercepts a session and records it
The session is played back later
different from the MIM in that MIM is active not passive
easily defeated by incorporating time stamps