Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP ISC2 2023 > CISSP (Domain 5 - Cryptography) > Flashcards

CISSP (Domain 5 - Cryptography) Flashcards

1
Q

4 Cryptography Goals

CAIN

A
  • Confidentiality: no unauthorized access (encrypt with public decrypt with private)
  • Authenticity: Validate source (encrypt with private decrypt with public)
  • Integrity: Message not modified
  • Non-repudiation: Sender can’t deny
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hash

A

Unique digital representation of the “thing”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Symmetric Ciphers (Algorithms)

A
  • Share Key
  • Stream/Block Ciphers (XOR/Substitution)
  • Ciphered and decrypted with the same key
  • Confidentiality but no non-repudiation
  • Faster

*DES, 3DES, AES, IDEA, Blowfish, Twofish, RC4, RC5, RC6, CAST, SAFER, Serpent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Asymmetric Ciphers

A
  • PKI (Public/Private key pairs)
  • No normal reason to share private key
  • Confidentiality, Authentication, non-repudiation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

One-Time Pad Encryption

A
  • Key is the same size as the message and only used once
  • Impossible to break
  • Key exchange is cumbersome
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Exclusive OR (XOR)

A
  • Binary mathematical operation applied to two bits
  • Key and text turned into binary, then math is done.

+If both bits are the same, result is 0
+If both bits are different, results is 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cipher Text

A

Encrypted text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Stream Cipher (Symmetric)
(FSHR)
A
  • Faster than block cipher
  • Operates on smaller units of plaintext (bits)
  • Good for hardware
  • Randomized key string with no repeatable patterns WEP

*Only RC4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Block Cipher (Symmetric)
(DLSC)
A
  • Divided into blocks and put through mathematical functions called Substitution Boxes (S-Boxes)
  • Operates on larger units of plaintext (64 bits)
  • Good for software
  • Most Common

*56 Bit DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Encryption Standard (DES)

DType/key/calc/blocks

A
  • Used for sensitive and unclassified data
  • *56 bit key with 8 for parity (SBOX)
  • *16 rounds of calculations
  • *64 bit Blocks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

2 Modes for Block Ciphers

CE

A
  • *Cipher Block Chaining: XOR before cipher (Errors)

- Electronic Code Book: Same ciphertext for plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

3 Modes of Stream Block Ciphers

COC

A
  • *Cipher Feedback Mode (CFB): Prev ciphertext used to encrypt next block (Errors)
  • Output Feedback Mode (OFB): Output of prev block calc is used as imput for next block
  • Counter Mode (CRT): AES encryption, IVs are successive values
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Triple DES

EC

A
  • Encrypts messages three times with multiple keys

- 48 rounds of computation (256 times stronger)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Advanced Encryption Standard (AES)

RA/BS/KS

A
  • Rijndael Algorithm
  • Block Symmetric Encryption Algorithm (Block size 128/192/256)
  • Key size of 128/192/256 (Variable)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Calculating the Number of Necessary Keys for Symmetric Encryption (Formula)

A

Keys = N(N - 1) / 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3 Symmetric Key Cryptography Issues

DEC

A
  • Distinct key needed for each couple communicating
  • The more the key is used to encrypt large amounts of data, the more the key is exposed
  • Can’t be used for digital signatures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

3 Symmetric Key Cryptography Weaknesses

KD/S/LS

A
  • Key Distribution: secure mechanism needed to deliver keys
  • Scalability: Each pair of users needs a unique pair of keys
  • Limited Security: No non-repudiation, only confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Diffie-Hellman

etype/ri,sr,ssk/agr/no/based/vuln

A
  • Asymmetric PK
  • Random input, share result, shared session key
  • Allows users to agree on a symmetric key over a non-secure medium
  • Does not provide data encryption or digital signatures
  • Security based on discrete logarithms in a finite field
  • Vulnerable to MITM attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

RSA

type/ds,kd,e/ksize/lpn

A
  • Asymmetric PK
  • Digital Signatures, Key distribution, encryption
  • Min 1024 key size
  • Large prime numbers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
El Gamal
(type/ds,e,ke/uses)
A
  • Asymmetric PK
  • Digital Signatures, encryption, key exchange
  • Uses discrete logarithms in a finite field and DH key agreement
21
Q

Elliptic Curve Cryptography (ECC)

type/ds,kd,e/me/minb

A
  • Asymmetric PK
  • Digital Signatures, Key distribution, encryption
  • More efficient, limited processing power products
  • Min 112 bites
22
Q

MD5 Hashing Algorithm (bit digest)

A

128-Bit digest

23
Q

SHA-1 512 (bit digest)

A

160-Bit digest

24
Q

Diffie-Hellman Key Agreement (4 steps)

geck

A
  • generate value from random string
  • exchange value with other party
  • complete calculation using the local value and the received value
  • Unique, mathematically identical key is created
25
Q

Trusted Platform Module (TPM)

gah

A
  • Offers facilities for the generation of cryptographic keys
  • Software can use to authenticate hardware devices
  • *Hardware Based Encryption
    +Real-time protection of data
    +AuthN HD to PC
26
Q

Digital Signature Services

Provides/Enc/Hash/Both

A
  • Provide Integrity, Authentication, Non-repudiation
  • If message is encrypted it provides confidentiality
  • Hashed message provides integrity
  • Message can be digitally signed and encrypted to provide Integrity, Authentication, Non-repudiation, and confidentiality
27
Q

Hashing Collision

A

2 messages with the same digest

28
Q

Ciphertext-Only Attack (Cryptosystems)

A
  • Captured ciphertext only

- Most Common

29
Q

Known-Plaintext Attack (Cryptosystems)

A
  • Captured ciphertext and plaintext
30
Q

Link Encryption Advantage/Disadvantage
(a-en/low)
(d-key/dec)

A

Advantages:

  • Encrypts all data in packet (Headers, addresses, routing info)
  • Works at lower level of OSI

Disadvantage:

  • Key distribution
  • Message decrypted at each hop, more points of vulnerability
31
Q

End-to-End Encryption Advantage/Disadvantage
(a-each/prot/enc)
(d-enc/dec)

A

Advantages:

  • Each hop does not need key to decrypt packet (Mac Header)
  • Protects info from start to finish
  • Only payload encrypted

Disadvantages:

  • Headers, addresses, routing information not encrypted
  • Destination system needs to have same encryption mechanism to decrypt
32
Q

Domain Name Service Security (DNSSEC)

A
  • DNS Server distributes keys

- Secure DNS

33
Q

Secure Remote Procedure Call (S-RPC)

sec/enc/key

A
  • Secure computer to computer connections
  • Uses DES to encrypt message
  • Uses Diffie-Hellman to create key pair
34
Q

Generic Security Services API (GSSAPI)

A

Key exchange, generic authentication, provides encryption interface for different AuthN methods and systems

35
Q

Secure Shell (SSH)

A
  • Provides multiplexed encrypted tunnel into several logical channels.
  • Server authN to client
  • User authentication protocol
36
Q

Secure Electronic Transaction (SET)

key/con/ds/enc

A
  • PKI
  • Confidentiality through DES
  • Digital signatures using RSA
  • Encrypts payment cards and cardholders’ data
37
Q

Internet Protocol Security (IPSec)

framew/layer/sec/3con

A
  • Framework to ensure secure communication over IP networks
  • Layer 3 (Network)
  • Secure between two nodes instead of two applications
  • Host to host, Host to subnet, subnet to subnet
38
Q

IPSec Transfer Mode

A
  • Payload encrypted

- MAC/IP header open

39
Q

IPSec Tunnel Mode

A
  • Payload and IP header encrypted

- MAC header open

40
Q

Secure Multipurpose Internet Mail Extensions (S/MIME)

stand/layer/against/prov/need

A
  • Standard for encrypting and digitally signing electronic mail that contains attachments and for providing secure data transmissions.
  • Application Layer
  • Countermeasure against message interception and forgery
  • Provides Data integrity, confidentiality (users enc algorithm), and authentication (X.509 public key)
  • Needs key management system
41
Q

Secure Email Security Services (4 Things)

CIAN

A
  • Confidentiality, Integrity, Authentication, Non-repudiation
42
Q

Online Certificate Status Protocol (OCSP)

A

Used to validate authenticity of certificates

43
Q

X.509

A

Digital Certificates

44
Q

X.500

A

Directory Services

45
Q

X.400

A

Electronic Messaging

46
Q

X.25

A

Data Communication Protocol

47
Q

PKI Security Services (5 Things)

CIANA

A
  • Confidentiality, Integrity, Authentication, Non-repudiation, Access Control
48
Q

Components of PKI

cert/sn/ds

A
  • X.509 v3 Certificates
  • Serial number in certificate unique
  • All data digitally signed by trusted anchor
49
Q

Steganography

A
  • Modifies least significant bits

- Hiding a message in an image

CISSP ISC2 2023 (90 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions