Chapter 10 (Lecture 9)

Question 1

1. Explain the process Bob should use if he wants to send a confidential message to Alice using asymmetric cryptography.

Answer 1

1. Bob should encrypt the message using Alice’s public key and then transmit the encrypted message to Alice.

Question 2

2. Explain the process Alice would use to decrypt the message Bob sent in question 1.
   (1. Explain the process Bob should use if he wants to send a confidential message to Alice using asymmetric cryptography.)

Answer 2

2. Alice should decrypt the message using her private key.

Question 3

3. Explain the process Bob should use to digitally sign a message to Alice.

(question 1. one the series: Explain the process Bob should use if he wants to send a confidential message to Alice using asymmetric cryptography.)

Answer 3

3. Bob should generate a message digest from the plain-text message using a hash function.

He should then encrypt the message digest using his own private key to create the digital signature.

Finally, he should append the digital signature to the message and transmit it to Alice.

Question 4

4. Explain the process Alice should use to verify the digital signature on the message from Bob in question 3.

[3. Explain the process Bob should use to digitally sign a message to Alice.

(1. Explain the process Bob should use if he wants to send a confidential message to Alice using asymmetric cryptography.)]

Answer 4

4. Alice should decrypt the digital signature in Bob’s message using Bob’s public key.

She should then create a message digest from the plain-text message using the same hashing algorithm Bob used to create the digital signature.

Finally, she should compare the two message digests.
If they are identical, the signature is authentic.

Question 5

1. In the RSA public key cryptosystem, which one of the following numbers will always be largest?

A. e

B. n

C. p

D. q

Answer 5

1. B. The number n is generated as the product of the two large prime numbers p and q. Therefore, n must always be greater than both p and q. Furthermore, it is an algorithm constraint that e must be chosen such that e is smaller than n. Therefore, in RSA cryptography, n is always the largest of the four variables shown in the options to this question.

Question 6

2. Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?

A. RSA

B. Diffie-Hellman

C. 3DES

D. IDEA

Answer 6

2. B. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.

Question 7

3. If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?

A. Richard’s public key

B. Richard’s private key

C. Sue’s public key

D. Sue’s private key

Answer 7

3. C. Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.

Question 8

4. If a 2,048-bit plain-text message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?

A. 1,024 bits

B. 2,048 bits

C. 4,096 bits

D. 8,192 bits

Answer 8

4. C. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.

Question 9

5. Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?

A. 160 bits

B. 512 bits

C. 1,024 bits

D. 2,048 bits

Answer 9

5. A. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.

Question 10

6. John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?

A. 160 bits

B. 512 bits

C. 1,024 bits

D. 2,048 bits

Answer 10

6. A. The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.

Question 11

7. Which one of the following technologies is considered flawed and should no longer be used?

A. SHA-2

B. PGP

C. WEP

D. TLS

Answer 11

7. C. The WEP algorithm has documented flaws that make it trivial to break. It should never be used to protect wireless networks.

Question 12

8. What encryption technique does WPA use to protect wireless communications?

A. TKIP

B. DES

C. 3DES

D. AES

Answer 12

8. A. WiFi Protected Access (WPA) uses the Temporal Key Integrity Protocol (TKIP) to protect wireless communications. WPA2 uses AES encryption.

Question 13

9. Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message?

A. Richard’s public key

B. Richard’s private key

C. Sue’s public key

D. Sue’s private key

Answer 13

9. B. Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.

Question 14

10. Richard wants to digitally sign a message he’s sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?

A. Richard’s public key

B. Richard’s private key

C. Sue’s public key

D. Sue’s private key

Answer 14

10. B. Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.

Question 15

11. Which one of the following algorithms is not supported by the Digital Signature Standard?

A. Digital Signature Algorithm

B. RSA

C. El Gamal DSA

D. Elliptic Curve DSA

Answer 15

11. C. The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

Question 16

12. Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication?

A. X.500

B. X.509

C. X.900

D. X.905

Answer 16

12. B. X.509 governs digital certificates and the public key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.

Question 17

13. What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?

A. ROT13

B. IDEA

C. ECC

D. El Gamal

Answer 17

13. B. Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based upon the IDEA private key cryptosystem.

Question 18

14. What TCP/IP communications port is utilized by Transport Layer Security traffic?

A. 80

B. 220

C. 443

D. 559

Answer 18

14. C. Secure Sockets Layer utilizes TCP port 443 for encrypted client-server communications.

Question 19

15. What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption?

A. Birthday attack

B. Chosen ciphertext attack

C. Meet-in-the-middle attack

D. Man-in-the-middle attack

Answer 19

15. C. The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.

Question 20

16. Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?

A. Rainbow tables

B. Hierarchical screening

C. TKIP

D. Random enhancement

Answer 20

16. A. Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password cracking attacks.

Question 21

17. Which of the following links would be protected by WPA encryption?

A. Firewall to firewall

B. Router to firewall

C. Client to wireless access point

D. Wireless access point to router

Answer 21

17. C. The WiFi Protected Access protocol encrypts traffic passing between a mobile client and the wireless access point. It does not provide end-to-end encryption.

Question 22

18. What is the major disadvantage of using certificate revocation lists?

A. Key management

B. Latency

C. Record keeping

D. Vulnerability to brute force attacks

Answer 22

18. B. Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.

Question 23

19. Which one of the following encryption algorithms is now considered insecure?

A. El Gamal

B. RSA

C. Skipjack

D. Merkle-Hellman Knapsack

Answer 23

19. D. The Merkle-Hellman Knapsack algorithm, which relies upon the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.

Question 24

20. What does IPSec define?

A. All possible security classifications for a specific configuration

B. A framework for setting up a secure communication channel

C. The valid transition states in the Biba model

D. TCSEC security categories

Answer 24

20. B. IPSec is a security protocol that defines a framework for setting up a secure channel to exchange information between two entities.

Question 25

How does RSA works?

Answer 25

Each user of the cryptosystem generates a pair of public and private keys

An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers (Private Key)

Question 26

Merkle-Hellman Knapsack

Answer 26

Encryption Based on super-increasing.

it is ineffective as it is already broken by cryptoanalysts

Question 27

How is the Elliptic Curve Cryptography security?

Answer 27

The security of ECC depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original point and the product

It is widely believed that the elliptic curve discrete logarithm problem is harder to solve than RSA and Diffie-Hellman

Question 28

Purpose of Hash Functions

Answer 28

Hash functions take a potentially long message and generate a unique output value derived from the content of the message

Some of the more common hashing algorithms in use today are
Message Digest 2 and 5 (MD2 and MD5)
Secure Hash Algorithm (SHA-0, SHA-1, and SHA-2)
Hashed Message Authentication Code (HMAC)

Question 29

Basic Requirements for Hash Functions

Answer 29

1. The input can be of any length
2. The output has a fixed length
3. The hash function is relatively easy to compute for any input
4. The hash function is one-way
   It is extremely hard (ideally, impossible) to determine the input when provided with the output
5. The hash function is collision free
   It is extremely hard to find two messages that produce the same hash value

Question 30

What are some Common hashing algorithms:

Answer 30

SHA,
MD2,
MD4,
MD5

Question 31

Describe Secure Hash Algorithm (SHA-1)

Answer 31

• Takes an input of virtually any length
• Produces a 160-bit message digest
• processes a message in 512-bit blocks
• there are weaknesses in the SHA-1 algorithm

Question 32

On Secure Hash Algorithm what are the differences from SHA-1 to SHA-2

Answer 32

SHA-1 and SHA-2 differ in several ways;
mainly, SHA-2 produces 224- or 256-sized digests, whereas SHA-1 produces a 160-bit digest;

SHA-2 can also have block sizes that contain 1024 bits, or 512 bits, like SHA-1.

Brute force attacks on SHA-2 are not as effective as they are against SHA-1.

SHA-2 is generally considered secure.

Question 33

Goals of Digital Signatures

Answer 33

• Digitally signed messages assure the recipient that the message truly came from the claimed sender, and they enforce nonrepudiation
• Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient

Question 34

How Does Digital Signature works

Answer 34

When Alice wants to digitally sign a message she’s sending to Bob, she

• Generates a message digest.
• Encrypts only the message digest using her private key
• Appends the signed message digest to the plain-text message
• Transmits the appended message to Bob

When Bob receives the digitally signed message, he

• Decrypts the digital signature using Alice’s public key
• Uses the same hashing function to create a digest of the full plain-text message
• Compares the decrypted message digest he received from Alice with the message digest he computed

Question 35

What is the Digital Signature Standards for federal government use?

Answer 35

NIST specifies the digital signature algorithms acceptable for federal government use

must use the SHA-1 or SHA-2 hashing functions

DSA, RSA and ECDSA can be used for Infrastructure

Question 36

What Digital certificates is used for?

Answer 36

Digital certificates provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be

Normally using X.509

Question 37

What is the Data inside a X509 Certificate?

Answer 37

X.509 contain the following data
- Version of X.509
- Serial number
- Signature algorithm identifier
Specifies the technique used by the certificate authority to digitally sign the contents of the certificate
- Issuer name
Identification of the certificate authority that issued the certificate
- Validity period
- Subject’s name
The distinguished name (DN) of the entity that owns the public key contained in the certificate
- Subject’s public key

Question 38

What are Certificate Authorities

Answer 38

Certificate authorities (CAs) are neutral organizations offering notarization services for digital certificates

PKI relies upon a hierarchy of trust relationships

Question 39

What are Certificate Registration Authorities ?

Answer 39

Registration authorities (RAs) assist CAs with the burden of verifying users’ identities prior to issuing digital certificates

Question 40

What is a Certificate Path Validation (CPV)

Answer 40

means that each certificate in a certificate path from the root of the trust hierarchy down to the server or client in question is valid and legitimate

• When certificates expire or are replaced
  This can break the chain of trust or the verification path

By forcing a re-verification of all stages of trust, you can reestablish all trust links and prove that the assumed trust remains assured

Question 41

What are the Techniques to identify Revoked Certificates?

Answer 41

• Certificate Revocation Lists (CRLs)
  Maintained by the CA’s as a batch process
• Online Certificate Status Protocol (OCSP)
  real time request to CA’s

Question 42

Applied Cryptography on Portable Devices

Answer 42

Portable devices brings new risks to the world of computing, sometimes exposing sensitive information.

tools for disk encryption are offered like:
Bitlocker (windows)
FileVault (Mac)
TrueCrypt (Open source, linux, Mac, windows)

Question 43

Applied Cryptography on Electronic Mail

Answer 43

Mostly based on Encrypt and Sign

It is the sender’s responsibility to ensure that proper mechanisms are in place to guarantee the security and privacy of a message or transmission

One of the most demanded applications of cryptography is encrypting and signing electronic mail messages

Question 44

Applied Cryptography on S/MIME

Answer 44

The Secure Multipurpose Internet Mail Extensions (S/MIME) protocol has emerged as a likely standard for encrypted electronic mail
S/MIME utilizes the RSA encryption algorithm and has received the backing of major industry players, including RSA Security

S/MIME relies upon the use of X.509 certificates for exchanging cryptographic keys

Question 45

Applied Cryptography on Web

Answer 45

secure web browsing has achieved widespread acceptance in recent years
This is mainly because of the strong movement toward electronic commerce

S-HTTP(HTTPS Today) and SSL

Question 46

Applied Cryptography on Secure Sockets Layer (SSL)

Answer 46

SSL’s goal is to create secure communications channels that remain open for an entire web browsing session
SSL relies upon a combination of symmetric and asymmetric cryptography
When a user accesses a website,
- The browser retrieves the web server’s certificate and extracts its public key
- The browser creates a random symmetric key, encrypts it with the server’s public key, and then sends the encrypted key to the server
- The server decrypts the symmetric key using its own private key
- The two systems exchange all future messages using the symmetric key

This allows SSL to leverage the asymmetric cryptography while encrypting and decrypting the vast majority of the data using the faster symmetric algorithm.

Question 47

Applied Cryptography on Secure HTTP (S-HTTP)

Answer 47

second major protocol used to provide security on the World Wide Web

• S-HTTP is not nearly as popular as SSL

It has two major differences with respect to SSL

• S-HTTP secures individual messages between a client and server rather than creating a secure communications channel
• S-HTTP supports two-way authentication between a client and a server rather than the server-only authentication supported by SSL

(Obsolete to HTTPS)

Question 48

Applied Cryptography on Steganography

Answer 48

Steganography is the art of using cryptographic techniques to hide messages in plain sight, such as embedding a secret message within a picture or a web page

normally using for illegal but can be used by digital watermarks.

Question 49

Applied Cryptography on E-commerce - SET

Answer 49

The Secure Electronic Transaction (SET) standard was developed jointly by Visa and MasterCard as a means for securing e-commerce transactions

SET utilizes a combination of RSA public key cryptography, DES private key cryptography, and digital certificates to secure electronic transactions

Question 50

Applied Cryptography on Circuit Enryption

Answer 50

Link encryption
Protects entire communications circuits by creating a secure tunnel between two points using hardware/software solutions that encrypt all traffic entering one end of the tunnel and decrypts all traffic exiting the other end of the tunnel

End-to-end encryption
Protects communications between two parties (for example, a client and a server) and is performed independently of link encryption

Question 51

Applied Cryptography on IPSec

Answer 51

The Internet Protocol Security (IPSec) standard is a standard architecture set forth by the Internet Engineering Task Force (IETF) for setting up a secure channel between two entities

IPSec does not dictate all implementation details but is an open, modular framework

IPSec uses public key cryptography to provide encryption, access control, nonrepudiation, and authentication, all using IP protocols

The primary use of IPSec is for virtual private networks (VPNs)

provides transport and tunnel mode

Question 52

Applied Cryptography on Wireless Networking

Answer 52

Wired Equivalent Privacy (WEP)
and
Wifi Protected Access (WPA) (better)

Question 53

Applied Cryptography on Attacks

Answer 53

Analytic attack
An algebraic manipulation that attempts to focus on the logic of the algorithm itself
Implementation attack
Exploits weaknesses in the implementation of a cryptography system

Statistical attack
Exploits statistical weaknesses in a cryptosystem, such as inability to produce random numbers and floating-point errors

Brute force
Attempts every possible valid combination for a key or password

Frequency analysis
Counting the number of times each letter appears in the cipher text, and using knowledge about letters frequency in English

Known plain text
The attacker has a copy of the encrypted message along with the plain-text message

Chosen cipher text
The attacker has the ability to decrypt chosen portions of the cipher-text and use them to discover the key

Chosen plain text
The attacker has the ability to encrypt plain-text messages of their choosing and can then analyze the output of the encryption algorithm

Meet in the middle
Used to defeat encryption algorithms that use two rounds of encryption

Birthday
Exploits flaws in the nature of hashing functions

Man in the middle & Replay