Chapter 7

Question 1

Cryptography

Answer 1

The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.

Question 2

What are the four common goals of Cryptography?

Answer 2

Two stem from the CIA Triad and the other two do not:

1. Confidentiality
2. Integrity
3. Authorization
4. Non-Repudiation

Question 3

Cipher

Answer 3

A method used to scramble or obfuscate characters to their value.

Question 4

Substitution Cipher

Answer 4

A type of coding or ciphering system that changes one character or symbol into another.

Question 5

Stream Cipher

Answer 5

Operate on one character or bit of a message (or data stream) at a time.

Question 6

Block cipher

Answer 6

Operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time.

Question 7

Transposition Cipher

Answer 7

Transposing or scrambling the letters in a certain manner.

Question 8

Steganography

Answer 8

The art of using cryptographic techniques to embed secret messages within another file. Like hiding messages in images.

Question 9

Symmetric Cryptosystems

Answer 9

Use a shared secret key available to all users of the cryptosystem.

Question 10

Asymmetric Cryptosystems

*keys

Answer 10

Uses individual combinations of public and private keys for each user of the system.

Question 11

What is the most common way to protect network communications using sensitive data?

Answer 11

With the (TLS) Transport Layer Security Protocol.

Question 12

Full Disk Encryption (FDE)

Answer 12

A form of encryption where all data on a hard drive is automatically encrypted, including the operating system and system files.

Question 13

Partition Encryption

Answer 13

Similar to FDE but targets a specific partition of a hard drive instead of the entire disk.

Question 14

File-Level Encryption

Answer 14

This method allows users to encrypt specific files rather than entire drives or partitions. Not as secure as FDE or partition encryption.

Question 15

Volume Encryption

Answer 15

Involves encrypting a set “volume” on a storage device, which could contain several folders and files.

Question 16

Database Encryption

Answer 16

A method used to protect sensitive information stored in a database from access by unauthorized individuals. There are two types: TDE and CLE.

Question 17

Transparent Data Encryption (TDE)

Answer 17

Encrypts entire databases.

Question 18

Column-Level Encryption (CLE)

Answer 18

Allows specific columns within tables to be encrypted.

Question 19

Record-Level Encryption

Answer 19

It allows individual records within a database to be encrypted.

Question 20

Cryptographic Keys

Answer 20

Nothing more than a number, usually a very large binary number.

Question 21

Key Space

Answer 21

The range of values that are valid for use as a key for a specific algorithm. The total set of possible keys that can be used in an encryption system. The larger the key space, the harder it is for an attacker to guess the correct key through brute force.

Question 22

Key Length

Answer 22

The number of binary bits (0s and 1s) in the key.

Question 23

Key Exchange

Answer 23

The secure distribution of the secret keys required to operate the algorithms. The three main methods are offline distribution, public key encryption, and the Diffie–Hellman key exchange algorithm

Question 24

Kerckhoffs’ Principle

Answer 24

Also known as Kerckhoffs’ assumption, is that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge. The principle is basically: The enemy knows the system.

Question 25

Cryptanalysis

Answer 25

The study of methods to defeat codes and ciphers.

Question 26

Key Management Practices

Answer 26

The security measures taken by cryptosystem users and administrators to protect the security of the keying material.

Question 27

If Alice wants to send a message to Bob using public key cryptography, what key should she use? How would she decrypt the ciphertext?

Answer 27

She would create the message and then encrypt it using Bob's public key. The only way to decrypt it is to use Bob's private key.

Question 28

What is the offline distribution of keys?

Answer 28

One party provides the other party with a sheet of paper or piece of storage media containing the secret key.

Question 29

The AES Cipher allows the use of three key strengths, what are the bit sizes?

Answer 29

128 bits (10 rounds of encryption) , 192 bits (12 rounds of encryption), 256 bits (14 rounds of encryption).

Question 30

Diffie-Hellman Algorithm

Answer 30

A key exchange protocol that allows two parties to securely share a cryptographic key over an insecure channel. It uses a formula.

Question 31

Split Knowledge

Answer 31

For sensitive keys, consider providing two different individuals with half of the key. They then must collaborate to re-create the entire key.

Question 32

Key Escrow

Answer 32

Systems have a third party store a protected copy of the key for use in an emergency.

Question 33

Key recovery

Answer 33

Organizations may have a formal key recovery policy that specifies the circumstances under which a key may be retrieved from escrow and used without a user’s knowledge.

Question 34

RSA public key algorithm

Answer 34

A widely used asymmetric encryption technique for secure data transmission. RSA relies on the mathematical difficulty of prime factorization.

Question 35

Elliptic Curve Cryptography (ECC)

Answer 35

Can be determined using this equation [ y^2 = x^3 + ax + b ]. Computer Scientists and Mathematicians believe it is extremely hard to find x. It is believed to be harder than RSA. It's a powerful encryption method that provides strong security with smaller key sizes compared to traditional RSA.

Question 36

Message Digest

Answer 36

The unique output value derived from the content of a message through hashing.

Question 37

Secure Hash Algorithm (SHA)

Answer 37

SHA (Secure Hash Algorithm) ensures **data integrity** by creating unique, fixed-length **message digests**. Variants like **SHA-1, SHA-256, and SHA-512** produce hashes from **160 to 512 bits**. It’s secure because: 1. **Nearly impossible** to reverse-engineer a message from its hash. 2. **Two different messages almost never** have the same hash. Even a tiny data change results in a completely different hash, making SHA essential in **cybersecurity, digital signatures, and authentication**.

Question 38

Hash-Based Message Authentication Code (HMAC)

Answer 38

This algorithm implements a partial digital signature it guarantees the integrity of a message during transmission, but it does not provide for non-repudiation.

Question 39

If you want to encrypt a message...

Answer 39

use the recipient's public key.

Question 40

If you want to decrypt a message...

Answer 40

use your private key.

Question 41

If you want to digitally sign a message you are sending to someone else...

Answer 41

use your private key.

Question 42

If you want to verify the signature on a message sent by someone else...

Answer 42

use the sender's public key.

Question 43

Public Key Infrastructure (PKI)

Answer 43

A hierarchy of trust relationships. These trusts permit combining asymmetric cryptography with symmetric cryptography along with hashing and digital certificates, giving hybrid cryptography It ensures that data remains confidential, authentic, and tamper-proof.

Question 44

Certificate Authorities (CA)

Answer 44

CAs are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates.

Question 45

Registration Authorities (RA)

Answer 45

RAs assist CAs with the burden of verifying user's identities prior to issuing digital certificates.

Question 46

Root Certificate

Answer 46

The top-level certificate for an entire PKI that serves as the root of trust for all certificates issued by the CA.

Question 47

Offline CAs

Answer 47

Used to protect the root certificate. A highly secure CA that is disconnected from any network to prevent unauthorized access. It is typically used as a root CA in a Public Key Infrastructure (PKI) to issue certificates to intermediate CAs, which handle day-to-day certificate managemen

Question 48

Certificate Chaining

Answer 48

The use of a series of intermediate CAs in the certificate authority trust model.

Question 49

Intermediate CAs

Answer 49

Acts as a bridge between the Root CA and end-user certificates in a Public Key Infrastructure (PKI). It helps distribute trust while maintaining security

Question 50

Certificate signing request (CSR)

Answer 50

Provides your public key to the certificate authority to create an X.509 digital certificate containing your identifying information and a copy of your public key. The CA then digitally signs the certificate using the CA’s private key and provides you with a copy of your signed digital certificate.

Question 51

Extended validation (EV) certificates

Answer 51

Provide a higher level of assurance and the CA takes steps to verify that the certificate owner is a legitimate business before issuing the certificate.

Question 52

Certificate revocation list (CRL)

Answer 52

Used to ensure that the certificate was not revoked.

Question 53

Online Certificate Status Protocol (OCSP)

Answer 53

A real-time facility for verifying the validity of a digital certificate and confirming that it has not been revoked by the issuing certificate authority.

Question 54

Certificate Stapling

Answer 54

A method that improves SSL/TLS certificate verification by allowing a web server to fetch and cache the CA’s signed response about the certificate’s status. This "stapled" response is sent with the TLS handshake, eliminating the need for browsers to query the CA directly. Benefits: -Faster connections by reducing extra verification steps -Enhanced privacy since users don’t contact the CA -Improved security through efficient validity checks

Question 55

Hardware Security Models (HSMs)

Answer 55

A crypto processor used to manage/store digital encryption keys, accelerate cryptographic operations, support faster digital signatures, and improve authentication.

Question 56

Frequency analysis

Answer 56

A cryptographic analysis or attack that looks for repetition of letters in an encrypted message and compares that with the statistics of letter usage for a specific language, such as the frequency of the letters E, T, A, O, N, R, I, S, and H in the English language.

Question 57

Known Plain Text Attack

Answer 57

This attack relies on the attacker having pairs of known plain text along with the corresponding ciphertext.

Question 58

Chosen Plain Text Attack

Answer 58

In this attack, the attacker obtains the ciphertexts corresponding to a set of a plain texts of their own choosing. This allows them to attempt to derive the key used and thus decrypt other messages encrypted with that key.

Question 59

Related Key Attack

Answer 59

A hacker analyzes patterns between multiple secret keys to find weaknesses and decrypt data, exploiting connections between keys rather than guessing one. Used to break insecure systems like WEP. Prevented by avoiding predictable key patterns.

Question 60

Birthday Attack

Answer 60

A cryptographic attack that exploits the probability theory to find hash collisions more efficiently than brute-force methods. Instead of checking every possible input, it takes advantage of the chance that two different inputs might accidentally create the same encoded output, making it easier to find a collision.

Question 61

Downgrade Attack

Answer 61

It is used against secure communications such as TLS. The idea is to trick the user into shifting to a less secure version of the protocol, one that might be easier to break.

Question 62

Salting

Answer 62

This adds a randomly generated value to each password prior to hashing.

Question 63

Key Stretching

Answer 63

Used to create encryption keys from passwords in a strong manner. This uses thousands of iterations of salting and hashing to generate encryption keys that are resilient against attack.

Question 64

Lightweight Cryptography

Answer 64

A form of encryption designed for resource-constrained devices such as small IoT devices, or medical implants. Traditional cryptographic algorithms can be too resource-intensive for these constrained environments, so lightweight cryptography provides security while minimizing processing, memory, and energy consumption.

Question 65

Homomorphic Encryption

Answer 65

A cryptographic method that allows computations on encrypted data without decrypting it, ensuring privacy while still enabling analysis.