**13.** Which of the following works similarly to stream ciphers?

**A.** One-time pad

**B.** AES

**C.** Block

**D.** RSA

CORRECT **A.** Stream ciphers were developed to provide the same type of protection one-time pads do, which is why they work in such a similar manner. In reality, stream ciphers cannot provide the level of protection one-time pads do, but because stream ciphers are implemented through software and automated means, they are much more practical. A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. This cipher uses a pad made up of random values. A plaintext message that needs to be encrypted is converted into bits, and a one-time pad is made up of random bits. This encryption process uses a binary mathematical function called exclusive-OR, usually abbreviated as XOR. XOR is an operation that is applied to two bits and is a function commonly used in binary mathematics and encryption methods. Stream ciphers also encrypt at the bit level, which is how they are similar to one-time pad encryption schemes.

WRONG **B** is incorrect because AES is a symmetric block cipher. When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time. Stream ciphers encrypt data one bit at a time whereas a block cipher encrypts data one block of bits at a time. Suppose you need to encrypt a message you are sending to your friend and you are using a block cipher that uses 64 bits block size. Your message of 640 bits is chopped up into 10 individual blocks of 64 bits. Each block is put through a succession of mathematical formulas, and what you end up with is 10 blocks of encrypted text. You send this encrypted message to your friend. He has to have the same block cipher and key, and those 10 ciphertext blocks go back through the algorithm in the reverse sequence and end up in your plaintext message.

WRONG **C** is incorrect because as stated in the preceding answer, when a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time.

WRONG **D** is incorrect because RSA is a public key algorithm that is the most popular when it comes to asymmetric algorithms. Asymmetric algorithms use a different type of mathematics than symmetric and are nothing similar to onetime pad encryption schemes. The security of this algorithm comes from the difficulty of factoring large numbers into their original prime numbers.

**14.** There are two main types of symmetric ciphers: stream and block. Which of the following is not an attribute of a good stream cipher?

**A.** Statistically unbiased keystream

**B.** Statistically predictable

**C.** Long periods of no repeating patterns

**D.** Keystream not linearly related to key

CORRECT **B.** The two main types of symmetric algorithms are block ciphers and stream ciphers. A block cipher performs mathematical functions on blocks of bits at a time. A stream cipher, on the other hand, does not divide a message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs mathematical functions on each bit individually. Good stream ciphers offer the following: unpredictable statistical results, long periods of no repeating patterns, a statistically unbiased keystream, and a keystream that is not linearly related to the key. If a stream cipher is statistically predictable, then it will be possible for an attacker to uncover the key and break the cipher.

WRONG **A** is incorrect because a statistically unbiased keystream is an attribute of a good stream cipher. A statistically unbiased keystream means that there are as many zeros as there are ones. There should be no dominance in the number of zeros or ones in the keystream.

WRONG **C** is incorrect because long periods of no repeating patterns within keystream values is a characteristic of a good stream cipher. The ultimate goal of any encryption is to provide a high level of randomness so that an attacker cannot reverse engineer and uncover the key that was used during the encryption process.

WRONG **D** is incorrect because a keystream not linearly related to a key is an attribute of a good stream cipher. This means that if someone figures out the keystream values, that does not mean he now knows the key value. This is important because the key provides the randomness of the encryption process. Most encryption algorithms are public, so people know how they work. The secret to the secret sauce is the key. The key provides randomness, so that the stream of bits that are XORed to the plaintext are as random as possible.

**24**. Which of the following describes the difference between the Data Encryption Standard and the Rivest-Shamir-Adleman algorithm?

**A**. DES is symmetric, while RSA is asymmetric.

**B**. DES is asymmetric, while RSA is symmetric.

**C**. They are hashing algorithms, but RSA produces a 160-bit hashing value.

**D**. DES creates public and private keys, while RSA encrypts messages.

**24. A**. DES is a symmetric algorithm. RSA is an asymmetric algorithm. DES is used to encrypt data, and RSA is used to create public/private key pairs.

Out of these contestants, Rijndael was chosen. The block sizes that Rijndael supports are 128, 192, and 256 bits. The number of rounds depends upon the size of the block and the key length:

###
- If both the key and block size are 128 bits, there are 10 rounds.
- If both the key and block size are 192 bits, there are 12 rounds.
- If both the key and block size are 256 bits, there are 14 rounds.

##
**
**Key mixing

Key mixing

Using a portion (subkey) of a key to limit the exposure of the key. Key schedules are used to generate subkeys from master keys.

##
**
**Known-Plaintext Attacks

Known-Plaintext Attacks

In **known-plaintext attacks,** the attacker has the plaintext and corresponding ciphertext of one or more messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.

##
**
**The pad must be used only one time

The pad must be used only one time

• The pad must be used only one time. If the pad is used more than one time, this might introduce patterns in the encryption process that will aid the evildoer in his goal of breaking the encryption.

##
**
**Advantages of link encryption include the following:

Advantages of link encryption include the following:

###
- All data are encrypted, including headers, addresses, and routing information.
- Users do not need to do anything to initiate it. It works at a lower layer in the OSI model.

##
**
**The following list outlines the strengths and weaknesses of asymmetric key algorithms:

**Strengths**

The following list outlines the strengths and weaknesses of asymmetric key algorithms:

**Strengths**

###
- Better key distribution than symmetric systems.
- Better scalability than symmetric systems
- Can provide authentication and nonrepudiation

**5**. Which of the following is a U.S. federal government algorithm developed for creating secure message digests?

**A**. Data Encryption Algorithm

**B**. Digital Signature Standard

**C**. Secure Hash Algorithm

**D**. Data Signature Algorithm

**5. C**. SHA was created to generate secure message digests. Digital Signature Standard (DSS) is the standard to create digital signatures, which dictates that SHA must be used. DSS also outlines the digital signature algorithms that can be used with SHA: RSA, DSA, and ECDSA.

##
**
**Output Feedback (OFB) Mode

Output Feedback (OFB) Mode

###
**Output Feedback (OFB) Mode** As you have read, you can use ECB mode for the process of encrypting small amounts of data, such as a key or PIN value. These components will be around 64 bits or more, so ECB mode works as a true block cipher. You can use CBC mode to encrypt larger amounts of data in block sizes of 64 bits. In situations where you need to encrypt a smaller amount of data, you need the cipher to work like a stream cipher and to encrypt individual bits of the blocks, as in CFB. In some cases, you still need to encrypt a small amount of data at a time (one to eight bits), but you need to ensure possible errors do not affect your encryption and decryption processes.

##
**
**Binding

Binding

"Binding" a hard disk drive is the most common usage scenario of the TPM—where the content of a given hard disk drive is affixed with a particular computing system. The content of the hard disk drive is encrypted, and the decryption key is stored away in the TPM chip. To ensure safe storage of the decryption key, it is further "wrapped" with another encryption key. Binding a hard disk drive makes its content basically inaccessible to other systems, and any attempt to retrieve the drive’s content by attaching it to another system will be very difficult. However, in the event of the TPM chip’s failure, the hard drive’s content will be rendered useless, unless a backup of the key has been escrowed.

##
**
**Advantages of end-to-end encryption include the following:

Advantages of end-to-end encryption include the following:

###
- It provides more flexibility to the user in choosing what gets encrypted and how.
- Higher granularity of functionality is available because each application or user can choose specific configurations.
- Each hop device on the network does not need to have a key to decrypt each packet.

##
**
**Elliptic curve cryptosystem algorithm

Elliptic curve cryptosystem algorithm

Asymmetric algorithm based upon the algebraic structure of elliptic curves over finite fields. Used for digital signatures, encryption, and key exchange.

##
**
**Asymmetric Cryptography

Asymmetric Cryptography

Some things you can tell the public, but some things you just want to keep private.

In symmetric key cryptography, a single secret key is used between entities, whereas in public key systems, each entity has different keys, or **asymmetric keys**. The two different asymmetric keys are mathematically related. If a message is encrypted by one key, the other key is required in order to decrypt the message.

**5.** Which of the following occurs in a PKI environment?

**A.** The RA creates the certificate, and the CA signs it.

**B.** The CA signs the certificate.

**C.** The RA signs the certificate.

**D.** The user signs the certificate.

CORRECT **B.** A certificate authority (CA) is a trusted organization (or server) that maintains and issues digital certificates. When a person requests a certificate, the registration authority (RA) verifies that individual’s identity and passes the certificate request off to the CA. The CA constructs the certificate, digitally signs it, sends it to the requester, and maintains the certificate over its lifetime. The CA digitally signs it so that the receiver can verify that the certificate came from that specific CA. The CA digitally signs the certificate with its private key, and the receiver verifies this signature with the CA’s public key.

WRONG **A** is incorrect because the registration authority (RA) does not create the certificate; the certificate authority (CA) creates it and signs it. The RA performs the certification registration duties. The RA establishes and confirms the identity of the individual requesting the certificate, initiates the certification process with a CA on behalf of an end user, and can perform certificate life-cycle management functions. The RA cannot issue certificates but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.

WRONG **C** is incorrect because the registration authority (RA) does not sign the certificate. The certificate authority (CA) signs the certificate. The RA validates the user’s identity and then sends the request for a certificate to the CA.

WRONG **D** is incorrect because the user does not sign the certificate. In a PKI environment, a user’s certificate is created and signed by the certificate authority (CA). The CA is a trusted third party that generates and maintains user certificates, which hold their public keys. The certificate is digitally signed to provide confidence to others that the certificate was created by that specific CA.

##
**
**Collision

Collision

When two different messages are computed by the same hashing algorithm and the same message digest value results.

##
**
**Triple-DES

Triple-DES

We went from DES to **Triple-DES (3DES),** so it might seem we skipped Double-DES. We did. Double-DES has a key length of 112 bits, but there is a specific attack against Double-DES that reduces its work factor to about the same as DES. Thus, it is no more secure than DES. So let’s move on to 3DES.

##
**
**Message authentication code (MAC)

Message authentication code (MAC)

Keyed cryptographic hash function used for data integrity and data origin authentication.

##
**
**Known-plaintext attack

Known-plaintext attack

Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext.

##
**
**Types of Symmetric Systems

Types of Symmetric Systems

**Types of Symmetric Systems**

Several types of symmetric algorithms are used today. They have different methods of providing encryption and decryption functionality. The one thing they all have in common is that they are symmetric algorithms, meaning the sender and receiver are using two instances of the same key.

##
**
**Transport mode

Transport mode

Mode that IPSec protocols can work in that provides protection for packet data payload.

##
**
**DES Modes

DES Modes

Block ciphers have several modes of operation. Each mode specifies how a block cipher will operate. One mode may work better in one type of environment for specific functionality, whereas another mode may work better in another environment with totally different requirements. It is important that vendors who employ DES (or any block cipher) understand the different modes and which one to use for which purpose.

**29.** Which of the following best describes the role of the values that is allowing for patterns as described in the scenario?

**A.** Initialization vector

**B.** One-time password

**C.** Master symmetric key

**D.** Subkey

CORRECT **A.** Initialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination. If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext. Providing attackers with these types of patterns can make their job easier in breaking the encryption method and uncovering the key.

WRONG **B** is incorrect because a one-time pad is an encryption method created by Gilbert Vernam that is considered impossible to crack if carried out properly. A one-time pad uses a pad with random values that are XORed against the message to produce ciphertext. The pad is at least as long as the message itself and is used once and then discarded. This technology is not addressed in this scenario.

WRONG **C** is incorrect because for complex keys to be generated, commonly a master key is created, and then symmetric keys are generated from it. For example, if an application is responsible for creating a session key for each subject that requests one, it should not be giving out the same instance of that one key. Different subjects need to have different symmetric keys to ensure that the window for the attack to capture and uncover that key is smaller than if the same key were to be used over and over again. When two or more keys are created from a master key, they are called subkeys. This is not a component of the randomness issue addressed in the scenario.

WRONG **D** is incorrect because when two or more keys are created from a master key, they are called subkeys. This is not a component of the randomness issue addressed in the scenario.

##
**
**Statistically unbiased keystream (as many zeroes as ones)

Statistically unbiased keystream (as many zeroes as ones)

There should be no dominance in the number of zeroes or ones in the keystream.

**4**. What would indicate that a message had been modified?

**A**. The public key has been altered.

**B**. The private key has been altered.

**C**. The message digest has been altered.

**D**. The message has been encrypted properly.

**4. C**. Hashing algorithms generate message digests to detect whether modification has taken place. The sender and receiver independently generate their own digests, and the receiver compares these values. If they differ, the receiver knows the message has been altered.

##
**
**One-Way Functions

One-Way Functions

A **one-way function** is a mathematical function that is easier to compute in one direction than in the opposite direction. An analogy of this is when you drop a glass on the floor. Although dropping a glass on the floor is easy, putting all the pieces back together again to reconstruct the original glass is next to impossible. This concept is similar to how a one-way function is used in cryptography, which is what the RSA algorithm, and all other asymmetric algorithms, are based upon.

##
**
**Chosen-Ciphertext Attacks

Chosen-Ciphertext Attacks

In **chosen-ciphertext attacks,** the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

##
**
**Transport Layer Security (TLS)

Transport Layer Security (TLS)

###
SSL is currently at version 3.0. Since SSL was developed by Netscape, it is not an open-community protocol. This means the technology community cannot easily extend SSL to interoperate and expand in its functionality. If a protocol is proprietary in nature, as SSL is, the technology community cannot directly change its specifications and functionality. If the protocol is an open-community protocol, then its specifications can be modified by individuals within the community to expand what it can do and what technologies it can work with. So the open-community and standardized version of SSL is **Transport Layer Security (TLS)**. The differences between SSL 3.0 and TLS are slight, but TLS is more extensible and is backward compatible with SSL.

##
**
**Wireless Security Woes

Wireless Security Woes

We covered the different 802.11 standards and the Wired Equivalent Privacy (WEP) protocol in Chapter 6. Among the long laundry list of security problems with WEP, not using unique session keys for data encryption is one of them. If only WEP is being used to encrypt wireless traffic, then in most implementations, just one static symmetric key is being used over and over again to encrypt the packets. This is one of the changes and advancements in the 802.11i standard, which makes sure each packet is encrypted with a unique session key.

**Types of Symmetric Systems**

##
**
**Some important characteristics of ECB mode encryption are as follows:

Some important characteristics of ECB mode encryption are as follows:

###
- Operations can be run in parallel, which decreases processing time.
- Errors are contained. If an error takes place during the encryption process, it only affects one block of data.
- Only usable for the encryption of short messages.
- Cannot carry out preprocessing functions before receiving plaintext.

##
**
**Kerckhoffs’ Principle

Kerckhoffs’ Principle

Auguste Kerckhoffs published a paper in 1883 stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known. He asserted that if security were based on too many secrets, there would be more vulnerabilities to possibly exploit.

##
**
**Registration authority

Registration authority

Component of PKI that validates the identity of an entity requesting a digital certificate.

##
**
**block cipher

block cipher

When a **block cipher** is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time. Suppose you need to encrypt a message you are sending to your mother and you are using a block cipher that uses 64 bits. Your message of 640 bits is chopped up into 10 individual blocks of 64 bits. Each block is put through a succession of mathematical formulas, and what you end up with is 10 blocks of encrypted text. You send this encrypted message to your mother. She has to have the same block cipher and key, and those 10 ciphertext blocks go back through the algorithm in the reverse sequence and end up in your plaintext message.

**6.** Encryption can happen at different layers of an operating system and network stack. Where does PPTP encryption take place?

**A.** Data link layer

**B.** Within applications

**C.** Transport layer

**D.** Data link and physical layers

CORRECT **A.** The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks (VPNs). It is a Microsoft-proprietary VPN protocol that works at the data link layer of the OSI model. PPTP can only provide a single connection and can only work over PPP connections.

WRONG **B** is incorrect because end-to-end encryption takes place within the applications. End-to-end encryption means that only the data payload is encrypted. If encryption works at any layer of the OSI model, then headers and trailers can also be encrypted. Since PPTP works at the data link layer, headers and trailers from the upper layers can be encrypted and protected along with the data payload.

WRONG **C** is incorrect because SSL is an example of an encryption technology that works at the transport layer, not PPTP. SSL uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication to display secured portions of a Web site to a user. When HTTP runs over SSL, you have HTTP Secure (HTTPS). HTTP works at the application layer, but SSL still works at the transport layer.

WRONG **D** is incorrect because PPTP works at the data link layer, but not the physical layer. The physical layer technologies convert the bits from the data link layer into some type of transmission format. If the data transmission is taking place over a UTP connection, then the data is converted into electronic voltage at the physical layer. If data transmission is taking place over fiber lines, then the data is converted into photons. Specifications for the physical layer include the timing of voltage changes, voltage levels, and the physical connectors for electrical, optical, and mechanical transmission.

##
**
**Trusted Platform Module (TPM)

Trusted Platform Module (TPM)

The **Trusted Platform Module (TPM)** is a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. The TPM was devised by the Trusted Computing Group (TCG), an organization that promotes open standards to help strengthen computing platforms against security weaknesses and attacks.

##
**
**Multipurpose Internet Mail Extension (MIME)

Multipurpose Internet Mail Extension (MIME)

###
**Multipurpose Internet Mail Extension (MIME)** is a technical specification indicating how multimedia data and e-mail binary attachments are to be transferred. The Internet has mail standards that dictate how mail is to be formatted, encapsulated, transmitted, and opened. If a message or document contains a binary attachment, MIME dictates how that portion of the message should be handled.

##
**
**Algorithm

Algorithm

Set of mathematical and logic rules used in cryptographic functions

**7**. What is an advantage of RSA over DSA?

**A**. It can provide digital signature and encryption functionality.

**B**. It uses fewer resources and encrypts faster because it uses symmetric keys.

**C**. It is a block cipher rather than a stream cipher.

**D**. It employs a one-time encryption pad.

**7. A**. RSA can be used for data encryption, key exchange, and digital signatures. DSA can be used only for digital signatures.

##
**
**Issuer (cardholder’s bank)

Issuer (cardholder’s bank)

The financial institution that provides a credit card to the individual.

##
**
**Algebraic Attacks

Algebraic Attacks

**Algebraic attacks** analyze the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure. For instance, attacks on the "textbook" version of the RSA cryptosystem exploit properties of the algorithm, such as the fact that the encryption of a raw "0" message is "0."

##
**
**Decipher

Decipher

Act of transforming data into a readable format

##
**
**Statistical attack

Statistical attack

Cryptanalysis attack that uses identified statistical patterns.

**1**. What is the goal of cryptanalysis?

**A**. To determine the strength of an algorithm

**B**. To increase the substitution functions in a cryptographic algorithm

**C**. To decrease the transposition functions in a cryptographic algorithm

**D**. To determine the permutations used

**1. A**. Cryptanalysis is the process of trying to reverse-engineer a cryptosystem, with the possible goal of uncovering the key used. Once this key is uncovered, all other messages encrypted with this key can be accessed. Cryptanalysis is carried out by the white hats to test the strength of the algorithm.

##
**
**CBC-MAC

CBC-MAC

Cipher block chaining message authentication code uses encryption for data integrity and data origin authentication.

##
**
**Quantum cryptography

Quantum cryptography

Use of quantum mechanical functions to provide strong cryptographic key exchange.

##
**
**Public key

Public key

Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties.

##
**
**El Gamal

El Gamal

**El Gamal** is a public key algorithm that can be used for digital signatures, encryption, and key exchange. It is based not on the difficulty of factoring large numbers but on calculating discrete logarithms in a finite field. El Gamal is actually an extension of the Diffie-Hellman algorithm.

##
**
**Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

So **Output Feedback Mode (OFB)** is a mode that a block cipher can work in when it needs to emulate a stream because it encrypts small amounts of data at a time, but it has a smaller chance of creating and extending errors throughout the full encryption process.

##
**
**The pad must be securely distributed and protected at its destination

The pad must be securely distributed and protected at its destination

• The pad must be securely distributed and protected at its destination. This is a very cumbersome process to accomplish, because the pads are usually just individual pieces of paper that need to be delivered by a secure courier and properly guarded at each destination.

##
**
**elliptic curve cryptosystem (ECC)

elliptic curve cryptosystem (ECC)

###
Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An **elliptic curve cryptosystem (ECC)** provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency. ECC is more efficient than RSA and any other asymmetric algorithm.

##
**
**Block cipher

Block cipher

Symmetric algorithm type that encrypts chunks (blocks) of data at a time.

**27.** There are two main functions that Trusted Platform Modules (TPMs) carry out within systems today. Which of the following best describes these two functions?

**A.** Sealing a hard disk drive is when the decryption key that can be used to decrypt data on the drive is stored on the TPM. Binding is when data pertaining to the system’s state are hashed and stored on the TPM.

**B.** Binding a hard disk drive is when whole-disk encryption is enabled through the use of the TPM. Sealing is when a digital certificate is sealed within a TPM and the system cannot boot up without this certificate being validated.

**C.** Sealing a hard disk drive is when whole-disk encryption is enabled through the use of the TPM. Binding is when a digital certificate is sealed within a TPM and the system cannot boot up without this certificate being validated.

**D.** Binding a hard disk drive is when the decryption key that can be used to decrypt data on the drive is stored on the TPM. Sealing is when data pertaining to the system’s state are hashed and stored on the TPM.

CORRECT **D.** The essence of the TPM lies in a protected and encapsulated microcontroller security chip that provides a safe haven for storing and processing security-intensive data such as keys, passwords, and digital certificates. "Binding" a hard disk drive is the most common usage scenario of the TPM—where the content of a given hard disk drive is affixed with a particular computing system. Another application of the TPM is "sealing" a system’s state to a particular hardware and software configuration.

WRONG **A** is incorrect because binding a hard disk drive is when the decryption key that can be used to decrypt data on the drive is stored on the TPM. Sealing is when data pertaining to the system’s state are hashed and stored on the TPM.

WRONG **B** is incorrect because binding a hard disk drive is when the decryption key that can be used to decrypt data on the drive is stored on the TPM. Sealing is when data pertaining to the system’s state are hashed and stored on the TPM. The content of the hard disk drive is encrypted, and the decryption key is stored away in the TPM chip. To ensure safe storage of the decryption key, it is further "wrapped" with another encryption key. Binding a hard disk drive makes its content basically inaccessible to other systems, and any attempt to retrieve the drive’s content by attaching it to another system will be very difficult.

WRONG **C** is incorrect because sealing a system is fairly straightforward. The TPM generates hash values based on the system’s configuration files and is stored. A sealed system will only be activated once the TPM verifies the integrity of the system’s configuration by comparing it with the original "sealing" value.

The following scenario will be used for questions 28 and 29.

##
**
**security association (SA)

security association (SA)

Each device will have at least one **security association (SA)** for each secure connection it uses. The SA, which is critical to the IPSec architecture, is a record of the configurations the device needs to support an IPSec connection. When two devices complete their handshaking process, which means they have agreed upon a long list of parameters they will use to communicate, these data must be recorded and stored somewhere, which is in the SA. The SA can contain the authentication and encryption keys, the agreed-upon algorithms, the key lifetime, and the source IP address. When a device receives a packet via the IPSec protocol, it is the SA that tells the device what to do with the packet. So if device B receives a packet from device C via IPSec, device B will look to the corresponding SA to tell it how to decrypt the packet, how to properly authenticate the source of the packet, which key to use, and how to reply to the message if necessary.

##
**
**Stream Ciphers

Stream Ciphers

As stated earlier, a block cipher performs mathematical functions on blocks of bits. A stream cipher, on the other hand, does not divide a message into blocks. Instead, a **stream cipher** treats the message as a stream of bits and performs mathematical functions on each bit individually.

**17**. What process usually takes place after creating a DES session key?

**A**. Key signing

**B**. Key escrow

**C**. Key clustering

**D**. Key exchange

**17. D**. After a session key has been created, it must be exchanged securely. In most cryptosystems, an asymmetric key (the receiver’s public key) is used to encrypt this session key, and it is sent to the receiver.

##
**
**Synchronous versus Asynchronous

Synchronous versus Asynchronous

**Synchronous** cryptosystems use keystreams to encrypt plaintext one bit at a time. The keystream values are "in synch" with the plaintext values. An **asynchronous** cryptosystem uses previously generated output to encrypt the current plaintext values. So a stream algorithm would be considered synchronous, while a block algorithm using chaining would be considered asynchronous.

##
**
**Triple-DES (3DES)

Triple-DES (3DES)

We went from DES to **Triple-DES (3DES),** so it might seem we skipped Double-DES. We did. Double-DES has a key length of 112 bits, but there is a specific attack against Double-DES that reduces its work factor to about the same as DES. Thus, it is no more secure than DES. So let’s move on to 3DES.

##
**
**Triple DES

Triple DES

Symmetric cipher that applies DES three times to each block of data during the encryption process.

##
**
**Link Encryption vs. End-to-End Encryption

Link Encryption vs. End-to-End Encryption

Encryption can be performed at different communication levels, each with different types of protection and implications. Two general modes of encryption implementation are link encryption and end-to-end encryption. **Link encryption** encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods. Link encryption provides protection against packet sniffers and eavesdroppers. In **end-to-end encryption,** the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed.

A **cryptosystem** encompasses all of the necessary components for encryption and decryption to take place. Pretty Good Privacy (PGP) is just one example of a cryptosystem. A cryptosystem is made up of at least the following:

###
- Software
- Protocols
- Algorithms
- Keys

**12.** Mandy needs to calculate how many keys must be generated for the 260 employees using the company’s PKI asymmetric algorithm. How many keys are required?

**A.** 33,670

**B.** 520

**C.** 67,340

**D.** 260

CORRECT **B.** With asymmetric algorithms, every user must have at least one pair of keys (private and public). In public key systems, each entity has different keys, or asymmetric keys. The two different asymmetric keys are mathematically related. If a message is encrypted by one key, the other key is required in order to decrypt the message. The formula for determining the number of keys needed in this environment is N × 2, which is the number of people (N) multiplied by the number of keys each person would need (2). In a public key system, the pair of keys is made up of one public key and one private key. The public key can be known to everyone, and the private key must be known and used only by the owner.

WRONG **A** is incorrect because 33,670 is the number of keys needed in a symmetric key cryptosystem. Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key. This means that if Dan and Bob want to communicate, both need to obtain a copy of the same key. If Dan also wants to communicate using symmetric encryption with Norm and Dave, he needs to have three separate keys, one for each friend. This might not sound like a big deal until Dan realizes that he may communicate with hundreds of people over a period of several months, and keeping track and using the correct key that corresponds to each specific receiver can become a daunting task. If ten people needed to communicate securely with each other using symmetric keys, then 45 keys would need to be kept track of. If 100 people were going to communicate, then 4,950 keys would be involved. The equation used to calculate the number of symmetric keys needed is: of keys.

WRONG **C** is incorrect because 67,340 is the total derived from N(N − 1), which is part of the formula used to determine the number of keys needed in a symmetric key cryptosystem. The complete formula is N(N −1)/2. The question, however, asked for the number of keys that would be used in a public key infrastructure’s asymmetric algorithms. Asymmetric—not symmetric—keys are used in a public key cryptosystem. The formula for determining the number of asymmetric keys that are needed is N × 2.

WRONG **D** is incorrect because each user in a public key infrastructure requires at least one key pair—a public key and a private key. One key cannot encrypt and decrypt the same message. So each user requires at least two keys. Thus, the formula for determining the number of asymmetric keys that are needed is N × 2.

##
**
**Meet-in-the-middle attack

Meet-in-the-middle attack

Cryptanalysis attack that tries to uncover a mathematical problem from two different ends.

##
**
**Data Encryption Algorithm

Data Encryption Algorithm

Algorithm chosen to fulfill the Data Encryption Standard. Block symmetric cipher that uses a 56-bit true key size, 64-bit block size, and 16 rounds of computation.

##
**
**Tunnel mode

Tunnel mode

Mode that IPSec protocols can work in that provides protection for packet headers and data payload.

##
**
**One-time pad

One-time pad

Encryption method created by Gilbert Vernam that is considered impossible to crack if carried out properly

##
**
**Ciphertext-only attack

Ciphertext-only attack

Cryptanalysis attack where the attacker is assumed to have access only to a set of ciphertexts.

##
**
**Payload

Payload

The information that is to be concealed and transmitted

##
**
**session key

session key

A **session key** is a single-use symmetric key that is used to encrypt messages between two users during a communication session. A session key is no different from the symmetric key described in the previous section, but it is only good for one communication session between users.

**21**. What is the definition of an algorithm’s work factor?

**A**. The time it takes to encrypt and decrypt the same plaintext

**B**. The time it takes to break the encryption

**C**. The time it takes to implement 16 rounds of computation

**D**. The time it takes to apply substitution functions

**21. B**. The work factor of a cryptosystem is the amount of time and resources necessary to break the cryptosystem or its encryption process. The goal is to make the work factor so high that an attacker could not be successful in breaking the algorithm or cryptosystem.

##
**
**Steganography

Steganography

Method of hiding data in another media type with the goal of secrecy

##
**
**chosen-plaintext attacks

chosen-plaintext attacks

In **chosen-plaintext attacks,** the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

##
**
**Digital Rights Management (DRM)

Digital Rights Management (DRM)

###
Have you ever tried to copy something that was not yours that had an embedded logo or trademark of another company? (If so, shame on you!) The embedded logo or trademark is called a **digital watermark**. Instead of having a secret message within a graphic that is supposed to be invisible to you, digital watermarks are usually visible. These are put into place to deter people from using material that is not theirs. This type of steganography is referred to as **Digital Rights Management (DRM)**. The goal is to restrict the usage of material that is owned by a company or individual.

**9**. What is used to create a digital signature?

**A**. The receiver’s private key

**B**. The sender’s public key

**C**. The sender’s private key

**D**. The receiver’s public key

**9. C**. A digital signature is a message digest that has been encrypted with the sender’s private key. A sender, or anyone else, should never have access to the receiver’s private key.

##
**
**In this section, we will be walking through many of the following algorithms and their characteristics:

In this section, we will be walking through many of the following algorithms and their characteristics:

###
- Data Encryption Standard (DES)
- 3DES (Triple DES)
- Blowfish
- Twofish
- International Data Encryption Algorithm (IDEA)
- RC4, RC5, and RC6
- Advanced Encryption Standard (AES)
- Secure and Fast Encryption Routine (SAFER)
- Serpent

##
**
**Public Key Infrastructure

Public Key Infrastructure

Let’s put all of these cryptography pieces in a bowl and figure out how they all work together.

**Public key infrastructure (PKI)** consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. In other words, a PKI establishes a level of trust within an environment. PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard. The framework was set up to enable authentication to happen across different networks and the Internet. Particular protocols and algorithms are not specified, which is why PKI is called a framework and not a specific technology.

##
**
**Digital Signature Standard (DSS)

Digital Signature Standard (DSS)

###
Because digital signatures are so important in proving who sent which messages, the U.S. government decided to establish standards pertaining to their functions and acceptable use. In 1991, NIST proposed a federal standard called the **Digital Signature Standard (DSS)**. It was developed for federal departments and agencies, but most vendors also designed their products to meet these specifications. The federal government requires its departments to use DSA, RSA, or the elliptic curve digital signature algorithm (ECDSA) and SHA. SHA creates a 160-bit message digest output, which is then inputted into one of the three mentioned digital signature algorithms. SHA is used to ensure the integrity of the message, and the other algorithms are used to digitally sign the message. This is an example of how two different algorithms are combined to provide the right combination of security services.

##
**
**Chosen-Plaintext Attacks

Chosen-Plaintext Attacks

In **chosen-plaintext attacks,** the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

##
**
**Various Hashing Algorithms

Various Hashing Algorithms

As stated earlier, the goal of using a one-way hash function is to provide a fingerprint of the message. If two different messages produce the same hash value, it would be easier for an attacker to break that security mechanism because patterns would be revealed.

##
**
**International Data Encryption Algorithm (IDEA)

International Data Encryption Algorithm (IDEA)

###
**International Data Encryption Algorithm (IDEA)** is a block cipher and operates on 64-bit blocks of data. The 64-bit data block is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it. The key is 128 bits long, and IDEA is faster than DES when implemented in software.

##
**
**concealment cipher

concealment cipher

A **concealment cipher** is a message within a message. If my other supersecret spy buddy and I decide our key value is every third word, then when I get a message from him, I will pick out every third word and write it down. Suppose he sends me a message that reads, "The saying, ‘The time is right’ is not cow language, so is now a dead subject." Because my key is every third word, I come up with "The right cow is dead." This again means nothing to me, and I am now turning in my decoder ring.

##
**
**Running and Concealment Ciphers

Running and Concealment Ciphers

I have my decoder ring, spyglasses, and secret handshake. Now let me figure out how I will encrypt my messages.

Two spy-novel-type ciphers are the running key cipher and the concealment cipher. The **running key cipher** could use a key that does not require an electronic algorithm and bit alterations, but cleverly uses components in the physical world around you. For instance, the algorithm could be a set of books agreed upon by the sender and receiver. The key in this type of cipher could be a book page, line number, and column count. If I get a message from my supersecret spy buddy and the message reads "149l6c7.299l3c7.911l5c8," this could mean for me to look at the 1st book in our predetermined series of books, the 49th page, 6th line down the page, and the 7th column. So I write down the letter in that column, which is m. The second set of numbers starts with 2, so I go to the 2nd book, 99th page, 3rd line down, and then to the 7th column, which is p. The last letter I get from the 9th book, 11th page, 5th line, 8th column, which is t. So now I have come up with my important secret message, which is mpt. This means nothing to me, and I need to look for a new spy buddy. Running key ciphers can be used in different and more complex ways, but I think you get the point.

##
**
**Differential Cryptanalysis

Differential Cryptanalysis

This type of attack also has the goal of uncovering the key that was used for encryption purposes. This attack looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences. One such attack was invented in 1990 as an attack against DES, and it turned out to be an effective and successful attack against DES and other block algorithms.

##
**
**one-time pad

one-time pad

A **one-time pad** is a perfect encryption scheme because it is considered unbreakable if implemented properly. It was invented by Gilbert Vernam in 1917, so sometimes it is referred to as the Vernam cipher.

##
**
**Passive attack

Passive attack

Attack where the attacker does not interact with processing or communication activities, but only carries out observation and data collection, as in network sniffing.

**9.** The elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms?

**A.** It provides digital signatures, secure key distribution, and encryption.

**B.** It computes discrete logarithms in a finite field.

**C.** It uses a larger percentage of resources to carry out encryption.

**D.** It is more efficient.

CORRECT **D.** Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) differs from other asymmetric algorithms due to its efficiency. ECC is more efficient than any other asymmetric algorithm because of less intensive mathematics. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device. And fewer resources make for a more efficient algorithm.

WRONG **A** is incorrect because ECC is not the only asymmetric algorithm that provides digital signatures, secure key distribution, and encryption. These services are also provided by RSA and other asymmetric algorithms. Using its one-way function, ECC provides encryption and signature verification, and the inverse direction performs decryption and signature generation. It can also be used as a key exchange protocol, meaning it is used to encrypt the symmetric key to get it securely to its destination.

WRONG **B** is incorrect because Diffie-Hellman and El Gamal calculate discrete logarithms in a finite field. In the field of mathematics that deals with elliptic curves, points on the curves compose a structure called a group. These points are the values used in mathematical formulas for ECC’s encryption and decryption processes. The algorithm computes discrete logarithms of elliptic curves, which is different from calculating discrete logarithms in a finite field.

WRONG **C** is incorrect because ECCs use much fewer resources when compared to other asymmetric algorithms. Some devices, like wireless devices and cellular phones, have limited processing capacity, storage, power, and bandwidth. With these types of devices, efficiency of resource use is very important.

##
**
**Social engineering attack

Social engineering attack

Manipulating individuals so that they will divulge confidential information, rather than by breaking in or using technical cracking techniques.

##
**
**online encryption

online encryption

Link encryption, which is sometimes called online encryption, is usually provided by service providers and is incorporated into network protocols. All of the information is encrypted, and the packets must be decrypted at each hop so the router, or other intermediate device, knows where to send the packet next. The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way.

##
**
**Certificate authority

Certificate authority

Component of a PKI that creates and maintains digital certificates throughout their life cycles.

##
**
**one-way hash

one-way hash

A **one-way hash** is a function that takes a variable-length string (a message) and produces a fixed-length value called a hash value. For example, if Kevin wants to send a message to Maureen and he wants to ensure the message does not get altered in an unauthorized fashion while it is being transmitted, he would calculate a hash value for the message and append it to the message itself. When Maureen receives the message, she performs the same hashing function Kevin used and then compares her result with the hash value sent with the message. If the two values are the same, Maureen can be sure the message was not altered during transmission. If the two values are different, Maureen knows the message was altered, either intentionally or unintentionally, and she discards the message.

##
**
**Confusion

Confusion

Substitution processes used in encryption functions to increase randomness.

##
**
****Weaknesses**

**Weaknesses**

###
- Requires a secure mechanism to deliver keys properly.
- Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, possibly making key management overwhelming.
- Provides confidentiality but not authenticity or nonrepudiation.

##
**
**Stream cipher

Stream cipher

Algorithm type that generates a keystream (random values), which is XORd with plaintext for encryption purposes.

We need to be clear on all the available choices within cryptography, because different steps and algorithms provide different types of security services:

###
- A message can be encrypted, which provides confidentiality.
- A message can be hashed, which provides integrity.
- A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
- A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity.

##
**
**Plaintext

Plaintext

Data in readable format, also referred to as cleartext

##
**
**work factor

work factor

As explained earlier in this chapter, work factor is the amount of time and resources it would take for someone to break an encryption method. In asymmetric algorithms, the work factor relates to the difference in time and effort that carrying out a one-way function in the easy direction takes compared to carrying out a one-way function in the hard direction. In most cases, the larger the key size, the longer it would take for the bad guy to carry out the one-way function in the hard direction (decrypt a message).

##
**
**Keystream generator

Keystream generator

Component of a stream algorithm that creates random values for encryption purposes.

##
**
**Number generator

Number generator

Algorithm used to create values that are used in cryptographic functions to add randomness

##
**
**asynchronous

asynchronous

**Synchronous** cryptosystems use keystreams to encrypt plaintext one bit at a time. The keystream values are "in synch" with the plaintext values. An **asynchronous** cryptosystem uses previously generated output to encrypt the current plaintext values. So a stream algorithm would be considered synchronous, while a block algorithm using chaining would be considered asynchronous.

##
**
**End-to-end encryption

End-to-end encryption

Encryption method used by the sender of data that encrypts individual messages and not full packets.

##
**
**sealing

sealing

Another application of the TPM is "sealing" a system’s state to a particular hardware and software configuration. Sealing a computing system through TPM is used to deter any attempts to tamper with a system’s configurations. In practice, this is similar to how hashes are used to verify the integrity of files shared over the Internet (or any other untrusted medium).

**7.** Which of the following best describes the difference between public key cryptography and public key infrastructure?

**A.** Public key cryptography is the use of an asymmetric algorithm, while public key infrastructure is the use of a symmetric algorithm.

**B.** Public key cryptography is used to create public/private key pairs, and public key infrastructure is used to perform key exchange and agreement.

**C.** Public key cryptography provides authentication and nonrepudiation, while public key infrastructure provides confidentiality and integrity.

**D.** Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms.

CORRECT **D.** Public key cryptography is asymmetric cryptography; the terms are used interchangeably. Public key cryptography is one piece in a public key infrastructure (PKI), which is made up of many different parts, including certificate authorities, registration authorities, certificates, keys, programs, and users. The infrastructure contains the pieces that will identify users, create and distribute certificates, maintain and revoke certificates, distribute and maintain encryption keys, and enable all technologies to communicate and work together for the purpose of encrypted communication and authentication.

WRONG **A** is incorrect because PKI uses a hybrid system of symmetric and asymmetric key algorithms and methods. Public key cryptography is the use of an asymmetric algorithm. Thus, the terms asymmetric cryptography and public key cryptography are interchangeable and mean the same thing. Examples of asymmetric algorithms are RSA, elliptic curve cryptosystem (ECC), Diffie-Hellman, and El Gamal.

WRONG **B** is incorrect because public key cryptography is the use of asymmetric algorithms, which are used to create public/private key pairs, perform key exchange or agreement, and generate and verify digital signatures. Public key infrastructure, on the other hand, is not an algorithm, a protocol, or an application—it is an infrastructure based on symmetric and asymmetric cryptography.

WRONG **C** is incorrect because a PKI does not provide authentication, nonrepudiation, confidentiality, and integrity directly—it can use algorithms that provide these security services. A PKI uses asymmetric, symmetric, and hashing algorithms. Symmetric algorithms provide confidentiality, asymmetric algorithms provide authentication and nonrepudiation, and hashing algorithms provide integrity.

##
**
**Link encryption

Link encryption

Technology that encrypts full packets (all headers and data payload) and is carried out without the sender’s interaction.

##
**
**So RC5-32/12/16 would mean the following:

So RC5-32/12/16 would mean the following:

###
- 32-bit words, which means it encrypts 64-bit data blocks
- Using 12 rounds
- With a 16-byte (128-bit) key

##
**
**Advanced Encryption Standard

Advanced Encryption Standard

U.S. encryption standard that replaced DES. Block symmetric cipher that uses 128-bit block sizes and various key lengths (128, 192, 256).

##
**
**Block Ciphers

Block Ciphers

When a **block cipher** is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time. Suppose you need to encrypt a message you are sending to your mother and you are using a block cipher that uses 64 bits. Your message of 640 bits is chopped up into 10 individual blocks of 64 bits. Each block is put through a succession of mathematical formulas, and what you end up with is 10 blocks of encrypted text. You send this encrypted message to your mother. She has to have the same block cipher and key, and those 10 ciphertext blocks go back through the algorithm in the reverse sequence and end up in your plaintext message.

##
**
**Payment gateway

Payment gateway

This processes the merchant payment. It may be an acquirer.

##
**
**CMAC

CMAC

Cipher message authentication code that is based upon and provides more security compared to CBC-MAC.

##
**
**DES-EDE3

DES-EDE3

Uses three different keys for encryption, and the data are encrypted, decrypted, encrypted.

##
**
**Elliptic Curve Cryptosystems

Elliptic Curve Cryptosystems

Elliptic curves. That just sounds like fun.

Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An **elliptic curve cryptosystem (ECC)** provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency. ECC is more efficient than RSA and any other asymmetric algorithm.

##
**
**Zero knowledge proof

Zero knowledge proof

One entity can prove something to be true without providing a secret value.

##
**
**Lucifer

Lucifer

Algorithm that was chosen for the Data Encryption Standard, which was altered and renamed Data Encryption Algorithm.

##
**
**Out-of-band method

Out-of-band method

Sending data through an alternate communication channel.

##
**
**polyalphabetic substitution cipher

polyalphabetic substitution cipher

This is an example of a **substitution cipher**, because each character is replaced with another character. This type of substitution cipher is referred to as a **monoalphabetic substitution cipher** because it uses only one alphabet, whereas a **polyalphabetic substitution cipher** uses multiple alphabets.

##
**
**knapsack

knapsack

Over the years, different versions of **knapsack** algorithms have arisen. The first to be developed, Merkle-Hellman, could be used only for encryption, but it was later improved upon to provide digital signature capabilities. These types of algorithms are based on the "knapsack problem," a mathematical dilemma that poses the following question: If you have several different items, each having its own weight, is it possible to add these items to a knapsack so the knapsack has a specific weight?

**25**. Which of the following uses a symmetric key and a hashing algorithm?

**A**. HMAC

**B**. Triple-DES

**C**. ISAKMP-OAKLEY

**D**. RSA

**25. A**. When an HMAC function is used, a symmetric key is combined with the message, and then that result is put though a hashing algorithm. The result is an HMAC value. HMAC provides data origin authentication and data integrity.

##
**
**Substitution cipher

Substitution cipher

Encryption method that uses an algorithm that changes out (substitutes) one value for another value

**16.** In cryptography, different steps and algorithms provide different types of security services. Which of the following provides only authentication, non-repudiation, and integrity?

**A.** Encryption algorithm

**B.** Hash algorithm

**C.** Digital signature

**D.** Encryption paired with a digital signature

CORRECT **C.** A digital signature is a hash value that has been encrypted with the sender’s private key. The act of signing means encrypting the message’s hash value with a private key. A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. The hashing function ensures the integrity of the message, and the signing of the hash value provides authentication and nonrepudiation.

WRONG **A** is incorrect because encryption algorithms provide confidentiality. Encryption is most commonly carried out with the use of symmetric algorithms. Symmetric algorithms can only provide confidentiality and not authentication, nonrepudiation, and integrity.

WRONG **B** is incorrect because hashing algorithms provide data integrity. Hashing algorithms generate message digests (also called hash values) to detect whether modification has taken place. The sender and receiver independently generate their own digests, and the receiver compares these values. If they differ, the receiver knows the message has been altered. A hashing algorithm cannot provide authentication or nonrepudiation.

WRONG **D** is incorrect because encryption and a digital signature provide confidentiality, authentication, nonrepudiation, and integrity. The encryption alone provides confidentiality. And the digital signature provides authentication, nonrepudiation, and integrity. The question asks for which can only provide authentication, nonrepudiation, and integrity.

##
**
**Cookies

Cookies

Data files used by web browsers and servers to keep browser state information and browsing preferences.

##
**
**multiparty key recovery

multiparty key recovery

**Key escrow** is a process or entity that can recover lost or corrupted cryptographic keys; thus, it is a common component of key recovery operations. When two or more entities are required to reconstruct a key for key recovery processes, this is known as **multiparty key recovery**. Multiparty key recovery implements dual control, meaning that two or more people have to be involved with a critical task.

**Trusted Platform Module**

##
**
**Encapsulating security protocol

Encapsulating security protocol

Protocol within the IPSec suite used for integrity, authentication, and encryption.

##
**
**Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

###
So **Output Feedback Mode (OFB)** is a mode that a block cipher can work in when it needs to emulate a stream because it encrypts small amounts of data at a time, but it has a smaller chance of creating and extending errors throughout the full encryption process.

##
**
**Key Derivation Functions

Key Derivation Functions

For complex keys to be generated, a master key is commonly created, and then symmetric keys are generated from it. For example, if an application is responsible for creating a session key for each subject that requests one, it should not be giving out the same instance of that one key. Different subjects need to have different symmetric keys to ensure that the window for the bad guy to capture and uncover that key is smaller than if the same key were to be used over and over again. When two or more keys are created from a master key, they are called **subkeys**.

##
**
**Knapsack

Knapsack

Over the years, different versions of **knapsack** algorithms have arisen. The first to be developed, Merkle-Hellman, could be used only for encryption, but it was later improved upon to provide digital signature capabilities. These types of algorithms are based on the "knapsack problem," a mathematical dilemma that poses the following question: If you have several different items, each having its own weight, is it possible to add these items to a knapsack so the knapsack has a specific weight?

##
**
**Counter Mode (CTR)

Counter Mode (CTR)

**Counter (CTR) Mode Counter Mode (CTR)** is very similar to OFB mode, but instead of using a randomly unique IV value to generate the keystream values, this mode uses an IV counter that increments for each plaintext block that needs to be encrypted. The unique counter ensures that each block is XORed with a unique keystream value.

##
**
**Secure MIME (S/MIME)

Secure MIME (S/MIME)

**Secure MIME (S/MIME)** is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. S/MIME extends the MIME standard by allowing for the encryption of e-mail and attachments. The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests.

##
**
**Secure Shell

Secure Shell

**Secure Shell (SSH)** functions as a type of tunneling mechanism that provides terminal-like access to remote computers. SSH is a program and a protocol that can be used to log into another computer over a network. For example, the program can let Paul, who is on computer A, access computer B’s files, run applications on computer B, and retrieve files from computer B without ever physically touching that computer. SSH provides authentication and secure transmission over vulnerable channels like the Internet.

##
**
**Trusted Platform Module

Trusted Platform Module

The **Trusted Platform Module (TPM)** is a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. The TPM was devised by the Trusted Computing Group (TCG), an organization that promotes open standards to help strengthen computing platforms against security weaknesses and attacks.

##
**
**Digital signature

Digital signature

Ensuring the authenticity and integrity of a message through the use of hashing algorithms and asymmetric algorithms. The message digest is encrypted with the sender’s private key.

##
**
**International Data Encryption Algorithm (IDEA)

International Data Encryption Algorithm (IDEA)

**International Data Encryption Algorithm (IDEA)** is a block cipher and operates on 64-bit blocks of data. The 64-bit data block is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it. The key is 128 bits long, and IDEA is faster than DES when implemented in software.

##
**
**Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

The **Internet Protocol Security (IPSec)** protocol suite provides a method of setting up a secure channel for protected data exchange between two devices. The devices that share this secure channel can be two servers, two routers, a workstation and a server, or two gateways between different networks. IPSec is a widely accepted standard for providing network layer protection. It can be more flexible and less expensive than end-to-end and link encryption methods.

##
**
**Public vs. Secret Algorithms

Public vs. Secret Algorithms

The public mainly uses algorithms that are known and understood versus the secret algorithms where the internal processes and functions are not released to the public. In general, cryptographers in the public sector feel as though the strongest and best-engineered algorithms are the ones released for peer review and public scrutiny, because a thousand brains are better than five, and many times some smarty-pants within the public population can find problems within an algorithm that the developers did not think of. This is why vendors and companies have competitions to see if anyone can break their code and encryption processes. If someone does break it, that means the developers must go back to the drawing board and strengthen this or that piece.

##
**
**Hybrid Encryption Methods

Hybrid Encryption Methods

Up to this point, we have figured out that symmetric algorithms are fast but have some drawbacks (lack of scalability, difficult key management, and they provide only confidentiality). Asymmetric algorithms do not have these drawbacks but are very slow. We just can’t seem to win. So we turn to a hybrid system that uses symmetric and asymmetric encryption methods together.

##
**
**Keyspace

Keyspace

A range of possible values used to construct keys

##
**
**Cipher-Based Message Authentication Code (CMAC)

Cipher-Based Message Authentication Code (CMAC)

###
As with most things in security, the industry found some security issues with CBC-MAC and created **Cipher-Based Message Authentication Code (CMAC)**. CMAC provides the same type of data origin authentication and integrity as CBC-MAC, but is more secure mathematically. CMAC is a variation of CBC-MAC. It is approved to work with AES and Triple DES. CRCs are used to identify data modifications, but these are commonly used lower in the network stack. Since these functions work lower in the network stack, they are used to identify modifications (as in corruption) when the packet is transmitted from one computer to another. HMAC, CBC-MAC, and CMAC work higher in the network stack and can identify not only transmission errors (accidental), but also more nefarious modifications, as in an attacker messing with a message for her own benefit. This means all of these technologies (except CRC) can identify intentional, unauthorized modifications and accidental changes—three in one!

##
**
**Long periods of no repeating patterns within keystream values

Long periods of no repeating patterns within keystream values

Bits generated by the keystream must be random.

##
**
**Trusted Platform Module (TPM)

Trusted Platform Module (TPM)

###
The **Trusted Platform Module (TPM)** is a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. The TPM was devised by the Trusted Computing Group (TCG), an organization that promotes open standards to help strengthen computing platforms against security weaknesses and attacks.

##
**
**Scalability

Scalability

As the number of people who need to communicate increases, so does the number of symmetric keys required, meaning more keys must be managed.

##
**
**one-way function

one-way function

A **one-way function** is a mathematical function that is easier to compute in one direction than in the opposite direction. An analogy of this is when you drop a glass on the floor. Although dropping a glass on the floor is easy, putting all the pieces back together again to reconstruct the original glass is next to impossible. This concept is similar to how a one-way function is used in cryptography, which is what the RSA algorithm, and all other asymmetric algorithms, are based upon.

##
**
**Start with the Basics

Start with the Basics

Why do we connect to the Internet? At first, this seems a basic question, but as we dive deeper into the query, complexity creeps in. We connect to download MP3s, check email, order security books, look at web sites, communicate with friends, and perform various other tasks. But what are we really doing? We are using services provided by a computer’s protocols and software. The services may be file transfers provided by FTP, remote connectivity provided by Telnet, Internet connectivity provided by HTTP, secure connections provided by SSL, and much, much more. Without these protocols, there would be no way to even connect to the Internet.

**8.** Which of the following best describes Key Derivation Functions (KDFs)?

**A.** Keys are generated from a master key.

**B.** Session keys are generated from each other.

**C.** Asymmetric cryptography is used to encrypt symmetric keys.

**D.** A master key is generated from a session key.

CORRECT **A.** For complex keys to be generated, commonly a master key is created and then symmetric keys (subkeys) are generated from it. Key Derivation Functions (KDFs) derive encryption keys from a secret value. The secret value can be a master key, passphrase, or password. KDFs are used to help ensure the randomness of the key values to make it harder for the attacker to uncover them. The KDF commonly uses a pseudorandom number generator with the secret value to make each encryption key unique.

WRONG **B** is incorrect because session keys are commonly generated from the master key—not from each other. For example, if an application is responsible for creating a session key for each subject that requests one, it should not be giving out the same instance of that one key. Different systems need to have different symmetric keys to ensure that the window for the bad guy to capture and uncover that key is smaller than if the same key is used over and over again. When two or more keys are created from a master key, they are called subkeys.

WRONG **C** is incorrect because the encryption of keys has nothing to do with KDFs. KDF pertains to the procedures of creating unique and strong encryption keys. KDF helps to ensure that enough randomness is involved when generating new keys so that the attacker has a harder time uncovering them.

WRONG **D** is incorrect because the statement is backward. A session key is commonly generated from a master key. When keys are generated from an original value, as in a master key, the resulting keys are referred to as subkeys or subsession keys.

##
**
**Diffie-Hellman

Diffie-Hellman

To understand how **Diffie-Hellman** works, consider an example. Let’s say that Tanya and Erika would like to communicate over an encrypted channel by using Diffie-Hellman. They would both generate a private and public key pair and exchange public keys. Tanya’s software would take her private key (which is just a numeric value) and Erika’s public key (another numeric value) and put them through the Diffie-Hellman algorithm. Erika’s software would take her private key and Tanya’s public key and insert them into the Diffie-Hellman algorithm on her computer. Through this process, Tanya and Erika derive the same shared value, which is used to create instances of symmetric keys.

##
**
**certificate revocation list (CRL)

certificate revocation list (CRL)

###
The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a **certificate revocation list (CRL)**. This is a list of every certificate that has been revoked. This list is maintained and updated periodically. A certificate may be revoked because the key holder’s private key was compromised or because the CA discovered the certificate was issued to the wrong person. An analogy for the use of a CRL is how a driver’s license is used by a police officer. If an officer pulls over Sean for speeding, the officer will ask to see Sean’s license. The officer will then run a check on the license to find out if Sean is wanted for any other infractions of the law and to verify the license has not expired. The same thing happens when a person compares a certificate to a CRL. If the certificate became invalid for some reason, the CRL is the mechanism for the CA to let others know this information.

**4.** Which of the following correctly describes a drawback of symmetric key systems?

**A.** Computationally less intensive than asymmetric systems

**B.** Work much more slowly than asymmetric systems

**C.** Carry out mathematically intensive tasks

**D.** Key must be delivered via secure courier

CORRECT **D.** In order for two users to exchange messages encrypted with a symmetric algorithm, they must first figure out how to distribute the key. If a key is compromised, then all messages encrypted with that key can be decrypted and read by an intruder. It is not safe to simply send the key in an e-mail message, because the key is not protected and can be easily intercepted and used by attackers. Thus, one user must send the key to the other using an out-of-band method. The user can save the key on a thumb drive and walk it over to the other person’s desk, or have a secure courier deliver it. This is a disadvantage of symmetric cryptography because distribution is a hassle, as well as clumsy and insecure.

WRONG **A** is incorrect because it describes an advantage of symmetric algorithms. Because they are less computationally intensive than asymmetric algorithms, symmetric algorithms tend to be much faster. They can encrypt and decrypt relatively quickly large amounts of data that would take an unacceptable amount of time to encrypt and decrypt with an asymmetric algorithm.

WRONG **B** is incorrect because asymmetric systems work much more slowly than symmetric systems. The speed with which symmetric algorithms work is an advantage. Asymmetric algorithms are slower than symmetric algorithms because they use much more complex mathematics to carry out their functions, which requires more processing time. However, asymmetric algorithms can provide authentication and nonrepudiation, whereas symmetric algorithms cannot. Because both users employ the same key to encrypt and decrypt messages, symmetric cryptosystems can provide confidentiality but they cannot provide authentication or nonrepudiation. There is no way to prove through cryptography who actually sent a message if two people are using the same key.

WRONG **C** is incorrect because asymmetric algorithms carry out mathematically intensive tasks. Symmetric algorithms, on the other hand, carry out relatively simplistic mathematical functions on the bits during the encryption and decryption processes. They substitute and scramble (transpose) bits, which is not overly difficult or processor-intensive. The reason it is hard to break this type of encryption is that the symmetric algorithms carry out this type of functionality over and over again. So a set of bits will go through a long series of being substituted and transposed.

##
**
**Online Certificate Status Protocol (OCSP)

Online Certificate Status Protocol (OCSP)

**Online Certificate Status Protocol (OCSP)** is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or the CA has to continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.

##
**
**Digital Signature Standard

Digital Signature Standard

Because digital signatures are so important in proving who sent which messages, the U.S. government decided to establish standards pertaining to their functions and acceptable use. In 1991, NIST proposed a federal standard called the **Digital Signature Standard (DSS)**. It was developed for federal departments and agencies, but most vendors also designed their products to meet these specifications. The federal government requires its departments to use DSA, RSA, or the elliptic curve digital signature algorithm (ECDSA) and SHA. SHA creates a 160-bit message digest output, which is then inputted into one of the three mentioned digital signature algorithms. SHA is used to ensure the integrity of the message, and the other algorithms are used to digitally sign the message. This is an example of how two different algorithms are combined to provide the right combination of security services.

**12**. Why would a certificate authority revoke a certificate?

**A**. If the user’s public key has become compromised

**B**. If the user changed over to using the PEM model that uses a web of trust

**C**. If the user’s private key has become compromised

**D**. If the user moved to a new location

**12. C**. The reason a certificate is revoked is to warn others who use that person’s public key that they should no longer trust the public key because, for some reason, that public key is no longer bound to that particular individual’s identity. This could be because an employee left the company, or changed his name and needed a new certificate, but most likely it is because the person’s private key was compromised.

##
**
**Initialization vectors (IVs)

Initialization vectors (IVs)

Values that are used with algorithms to increase randomness for cryptographic functions.

##
**
**HTTPS

HTTPS

A combination of HTTP and SSL\TLS that is commonly used for secure Internet connections and e-commerce transactions.

##
**
**Hybrid cryptography

Hybrid cryptography

Combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key.

DES and other symmetric block ciphers have several distinct modes of operation that are used in different situations for different results. You just need to understand five of them:

###
- Electronic Code Book (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB)
- Counter Mode (CTR)

Tim is a new manager for the software development team at his company. There are different types of data that the company’s software needs to protect. Credit card PIN values are stored within their proprietary retail credit card processing software. The same software also stores documents, which must be properly encrypted and protected. This software is used to transfer sensitive data over dedicated WAN connections between the company’s three branches. Tim also needs to ensure that every user that interacts with the software is properly authenticated before being allowed access, and once the authentication completes successfully, an SSL connection needs to be set up and maintained for each connection.

**27**. Which of the following symmetric block encryption mode(s) should be enabled in this company’s software? (Choose two.)

**A**. Electronic Code Book (ECB)

**B**. Cipher Block Chaining (CBC)

**C**. Cipher Feedback (CFB)

**D**. Output Feedback (OFB)

**27. A and B**. The Electronic Code Book (ECB) mode should be used to encrypt credit card PIN values, and the Cipher Block Chaining (CBC) mode should be used to encrypt documents.

##
Encryption at Different Layers : In reality, encryption can happen at different layers of an operating system and network stack. The following are just a few examples:

Encryption at Different Layers : In reality, encryption can happen at different layers of an operating system and network stack. The following are just a few examples:

###
- End-to-end encryption happens within the applications.
- SSL encryption takes place at the transport layer.
- PPTP encryption takes place at the data link layer.
- Link encryption takes place at the data link and physical layers.

##
**
**Certificate revocation list

Certificate revocation list

List that is maintained by the certificate authority of a PKI that contains information on all of the digital certificates that have been revoked.

##
**
**RC4

RC4

Stream symmetric cipher that was created by Ron Rivest of RSA. Used in SSL and WEP.

##
**
**DES-EEE3

DES-EEE3

Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted.

##
**
**Stream Ciphers vs. One-Time Pads

Stream Ciphers vs. One-Time Pads

Stream ciphers were developed to provide the same type of protection one-time pads do, which is why they work in such a similar manner. In reality, stream ciphers cannot provide the level of protection one-time pads do, but because stream ciphers are implemented through software and automated means, they are much more practical.

**19.** The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OSCP?

**A.** The CRL was developed as a more streamlined approach to OCSP.

**B.** OCSP is a protocol that submits revoked certificates to the CRL.

**C.** OCSP is a protocol developed specifically to check the CRL during a certificate validation process.

**D.** CRL carries out real-time validation of a certificate and reports to the OCSP.

CORRECT **C.** The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically. A certificate may be revoked because the key holder’s private key was compromised or because the CA discovered the certificate was issued to the wrong person. If the certificate becomes invalid for some reason, the CRL is the mechanism for the CA to let others know this information. The Online Certificate Status Protocol (OCSP) is being used more and more compared to the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or the CA continually pushes out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown.

WRONG **A** is incorrect because a certificate revocation list (CRL) is actually a cumbersome approach to managing and validating revoked certificates. The Online Certificate Status Protocol (OCSP) is increasingly being used to address this. OCSP does this work in the background, doing what the user’s Web browser would do when just using CRL. OCSP checks a central CRL to see if a certification has been revoked.

WRONG **B** is incorrect because the Online Certificate Status Protocol (OCSP) does not submit revoked certificates to the certificate revocation list (CRL). The certificate authority (CA) is responsible for the creation, distribution, and maintenance of certificates. This includes revoking them when necessary and storing the information on a CRL.

WRONG **D** is incorrect because the Online Certificate Status Protocol (OCSP), not the certificate revocation list (CRL), carries out real-time validation of a certificate. In addition, the OCSP reports back to the user whether the certificate is valid, invalid, or unknown.

##
**
**Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES)

###
DES was later replaced by the **Rijndael** algorithm as the **Advanced Encryption Standard (AES)** by NIST. This means that Rijndael is the new approved method of encrypting sensitive but unclassified information for the U.S. government; it has been accepted by, and is widely used in, the public arena today.

##
**
**Digital Rights Management (DRM)

Digital Rights Management (DRM)

Access control technologies commonly used to protect copyright material

##
**
**ciphertext-only attack

ciphertext-only attack

A **ciphertext-only attack** is the most common type of active attack because it is very easy to get ciphertext by sniffing someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has so little information about the encryption process.

##
**
**Key Derivation Functions (KDFs)

Key Derivation Functions (KDFs)

Generation of secret keys (subkeys) from an initial value (master key)

##
**
**Online Certificate Status Protocol (OCSP)

Online Certificate Status Protocol (OCSP)

###
**Online Certificate Status Protocol (OCSP)** is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or the CA has to continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.

##
**
**Social Engineering Attacks

Social Engineering Attacks

Attackers can trick people into providing their cryptographic key material through various social engineering attack types. Social engineering attacks have been covered in earlier chapters. They are nontechnical attacks that are carried out on people with the goal of tricking them into divulging some type of sensitive information that can be used by the attacker. The attacker may convince the victim that he is a security administrator that requires the cryptographic data for some type of operational effort. The attacker could then use the data to decrypt and gain access to sensitive data. The attacks can be carried out through persuasion, coercion (rubber-hose cryptanalysis), or bribery (purchase-key attack).

##
**
**How Would a Birthday Attack Take Place?

How Would a Birthday Attack Take Place?

Sue and Joe are going to get married, but before they do, they have a prenuptial contract drawn up that states if they get divorced, then Sue takes her original belongings and Joe takes his original belongings. To ensure this contract is not modified, it is hashed and a message digest value is created.

##
**
**algorithm

algorithm

The **algorithm,** the set of rules also known as the cipher, dictates how enciphering and deciphering take place. Many of the mathematical algorithms used in computer systems today are publicly known and are not the secret part of the encryption process. If the internal mechanisms of the algorithm are not a secret, then something must be. The secret piece of using a well-known encryption algorithm is the key. A common analogy used to illustrate this point is the use of locks you would purchase from your local hardware store. Let’s say 20 people bought the same brand of lock. Just because these people share the same type and brand of lock does not mean they can now unlock each other’s doors and gain access to their private possessions. Instead, each lock comes with its own key, and that one key can only open that one specific lock.

##
**
**Asymmetric algorithm

Asymmetric algorithm

Encryption method that uses two different key types, public and private. Also called public key cryptography.

Tim is a new manager for the software development team at his company. There are different types of data that the company’s software needs to protect. Credit card PIN values are stored within their proprietary retail credit card processing software. The same software also stores documents, which must be properly encrypted and protected. This software is used to transfer sensitive data over dedicated WAN connections between the company’s three branches. Tim also needs to ensure that every user that interacts with the software is properly authenticated before being allowed access, and once the authentication completes successfully, an SSL connection needs to be set up and maintained for each connection.

**28**. Which of the following would be best to implement for this company’s connections?

**A**. End-to-end encryption

**B**. Link encryption

**C**. Trusted Platform Modules

**D**. Advanced Encryption Standard

**28. B**. Since data is transmitting over dedicated WAN links, link encryptors can be implemented to encrypt the sensitive data as it moves from branch to branch.

##
**
**Concealment cipher

Concealment cipher

Encryption method that hides a secret message within an open message

##
**
**Padding

Padding

Adding material to plaintext data before it is encrypted.

##
**
**One-way hash

One-way hash

Cryptographic process that takes an arbitrary amount of data and generates a fixed-length value. Used for integrity protection.

**13**. What does DES stand for?

**A**. Data Encryption System

**B**. Data Encryption Standard

**C**. Data Encoding Standard

**D**. Data Encryption Signature

**13. B**. Data Encryption Standard was developed by NIST and the NSA to encrypt sensitive but unclassified government data.

##
**
**known-plaintext attacks

known-plaintext attacks

In **known-plaintext attacks,** the attacker has the plaintext and corresponding ciphertext of one or more messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.

##
**
**Side-Channel Attacks

Side-Channel Attacks

All of the attacks we have covered thus far have been based mainly on the mathematics of cryptography. Using plaintext and ciphertext involves high-powered mathematical tools that are needed to uncover the key used in the encryption process.

**19**. Which of the following is a true statement pertaining to data encryption when it is used to protect data?

**A**. It verifies the integrity and accuracy of the data.

**B**. It requires careful key management.

**C**. It does not require much system overhead in resources.

**D**. It requires keys to be escrowed.

**19. B**. Data encryption always requires careful key management. Most algorithms are so strong today it is much easier to go after key management rather than to launch a brute force attack. Hashing algorithms are used for data integrity, encryption does require a good amount of resources, and keys do not have to be escrowed for encryption.

##
**
**Certificate

Certificate

Digital identity used within a PKI. Generated and maintained by a certificate authority and used for authentication.

##
**
**Statistical Attacks

Statistical Attacks

**Statistical attacks** identify statistical weaknesses in algorithm design for exploitation—for example, if statistical patterns are identified, as in the number of zeros compared to the number of ones. For instance, a random number generator (RNG) may be biased. If keys are taken directly from the output of the RNG, then the distribution of keys would also be biased. The statistical knowledge about the bias could be used to reduce the search time for the keys.

##
**
**RC6

RC6

Block symmetric cipher that uses a 128-bit block size and variable-length key sizes (128, 192, 256). Built upon the RC5 algorithm.

##
**
**Statistical attacks

Statistical attacks

**Statistical attacks** identify statistical weaknesses in algorithm design for exploitation—for example, if statistical patterns are identified, as in the number of zeros compared to the number of ones. For instance, a random number generator (RNG) may be biased. If keys are taken directly from the output of the RNG, then the distribution of keys would also be biased. The statistical knowledge about the bias could be used to reduce the search time for the keys.

##
**
**Diffusion

Diffusion

Transposition processes used in encryption functions to increase randomness.

##
**
**• The following are examples of asymmetric key algorithms:

• The following are examples of asymmetric key algorithms:

###
- The following are examples of asymmetric key algorithms:

**18**. DES performs how many rounds of transposition/permutation and substitution?

**A**. 16

**B**. 32

**C**. 64

**D**. 56

**18. A**. DES carries out 16 rounds of mathematical computation on each 64-bit block of data it is responsible for encrypting. A round is a set of mathematical formulas used for encryption and decryption processes.

##
**
**TPM Uses

TPM Uses

"Binding" a hard disk drive is the most common usage scenario of the TPM—where the content of a given hard disk drive is affixed with a particular computing system. The content of the hard disk drive is encrypted, and the decryption key is stored away in the TPM chip. To ensure safe storage of the decryption key, it is further "wrapped" with another encryption key. Binding a hard disk drive makes its content basically inaccessible to other systems, and any attempt to retrieve the drive’s content by attaching it to another system will be very difficult. However, in the event of the TPM chip’s failure, the hard drive’s content will be rendered useless, unless a backup of the key has been escrowed.

##
**
**Multipurpose Internet Mail Extension (MIME)

Multipurpose Internet Mail Extension (MIME)

**Multipurpose Internet Mail Extension (MIME)** is a technical specification indicating how multimedia data and e-mail binary attachments are to be transferred. The Internet has mail standards that dictate how mail is to be formatted, encapsulated, transmitted, and opened. If a message or document contains a binary attachment, MIME dictates how that portion of the message should be handled.

##
**
**Secure MIME

Secure MIME

Secure/Multipurpose Internet Mail Extensions, which outlines how public key cryptography can be used to secure MIME data types.

##
**
**MARS

MARS

Developed by the IBM team that created Lucifer

**10**. Which of the following best describes a digital signature?

**A**. A method of transferring a handwritten signature to an electronic document

**B**. A method to encrypt confidential information

**C**. A method to provide an electronic signature and encryption

**D**. A method to let the receiver of the message prove the source and integrity of a message

**10. D**. A digital signature provides authentication (knowing who really sent the message), integrity (because a hashing algorithm is involved), and nonrepudiation (the sender cannot deny sending the message).

##
**
**Meet-in-the-Middle Attacks

Meet-in-the-Middle Attacks

This term refers to a mathematical analysis used to try and break a math problem from both ends. It is a technique that works on the forward mapping of a function and the inverse of the second function at the same time. The attack works by encrypting from one end and decrypting from the other end, thus **meeting in the middle**.

##
**
**Acquirer (merchant’s bank)

Acquirer (merchant’s bank)

The financial institution that processes payment cards.

##
**
**registration authority (RA)

registration authority (RA)

The **registration authority (RA)** performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.

**3**. Which of the following is not a property or characteristic of a one-way hash function?

**A**. It converts a message of arbitrary length into a value of fixed length.

**B**. Given the digest value, it should be computationally infeasible to find the corresponding message.

**C**. It should be impossible or rare to derive the same digest from two different messages.

**D**. It converts a message of fixed length to an arbitrary length value.

**3. D**. A hashing algorithm will take a string of variable length, the message can be any size, and compute a fixed-length value. The fixed-length value is the message digest. The MD family creates the fixed-length value of 128 bits, and SHA creates one of 160 bits.

##
**
**Birthday attack

Birthday attack

Cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory forces collisions within hashing functions.

##
**
**DES-EEE2

DES-EEE2

The same as DES-EEE3, but uses only two keys, and the first and third encryption processes use the same key.

##
**
**A PKI may be made up of the following entities and functions:

A PKI may be made up of the following entities and functions:

###
- Certification authority
- Registration authority
- Certificate repository
- Certificate revocation system
- Key backup and recovery system
- Automatic key update
- Management of key histories
- Timestamping
- Client-side software

**1.** There are several components involved with steganography. Which of the following refers to a file that has hidden information in it?

**A.** Stego-medium

**B.** Concealment cipher

**C.** Carrier

**D.** Payload

CORRECT **C.** Steganography is a method of hiding data in another media type so that the very existence of the data is concealed. Only the sender and receiver are supposed to be able to see the message because it is secretly hidden in a graphic, wave file, document, or other type of media. The message is not necessarily encrypted, just hidden. Encrypted messages can draw attention because it tells the bad guy, "This is something sensitive." A message hidden in a picture would not attract this type of attention, even though the exact same secret message can be embedded into this image. Steganography is a type of security through obscurity. The components involved with steganography are the carrier, stego-medium, and payload. The carrier is a signal, data stream, or file that has hidden information inside of it. In other words, it carries the payload.

WRONG **A** is incorrect because the stego-medium is the medium in which the information is hidden in steganography. If the message were held within a graphic, the stego-medium could be JPEG or TIFF. If the message were embedded within a file, the stego-medium could be a Word document. A stego-medium can be a graphic type, wave file type, document type, or other type of media.

WRONG **B** is incorrect because a concealment cipher is a type of steganography method that involves putting a message within a message. It is a way to hide a secret message within something familiar from the world around us. This answer does not specify a specific component of steganography but is a specific type of steganography.

WRONG **D** is incorrect because the payload is the information that is to be concealed and transported through the use of steganography. The payload is the actual information that the sender wants to keep secret.

##
**
**Carrier

Carrier

A signal, data stream, or file that has hidden information (payload) inside of it

##
**
**Secure Shell (SSH)

Secure Shell (SSH)

###
**Secure Shell (SSH)** functions as a type of tunneling mechanism that provides terminal-like access to remote computers. SSH is a program and a protocol that can be used to log into another computer over a network. For example, the program can let Paul, who is on computer A, access computer B’s files, run applications on computer B, and retrieve files from computer B without ever physically touching that computer. SSH provides authentication and secure transmission over vulnerable channels like the Internet.

##
**
**Kerckhoffs’ principle

Kerckhoffs’ principle

Concept that an algorithm should be known and only the keys should be kept secret

**11.** Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management?

**A.** Keys should be backed up or escrowed in case of emergencies.

**B.** The more a key is used, the shorter its lifetime should be.

**C.** Less secure data allows for a shorter key lifetime.

**D.** Keys should be stored and transmitted by secure means.

CORRECT **C.** Key management is critical for proper protection. Part of key management is determining the lifespan of keys. The key’s lifetime should correspond with the sensitivity of the data it is protecting. Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime. Keys should be properly destroyed when their lifetime comes to an end. The processes of changing and destroying keys should be automated and hidden from the user. They should be integrated into software or the operating system. It only adds complexity and opens the doors for more errors when processes are done manually and depend upon end users to perform certain functions.

WRONG **A** is incorrect because it is true that keys should be backed up or escrowed in case of emergencies. Keys are at risk of being lost, destroyed, or corrupted. Backup copies should be available and easily accessible when required. If data are encrypted and then the user accidentally loses the necessary key to decrypt it, this information would be lost forever if there were not a backup key. The application being used for cryptography may have key recovery options, or it may require copies of the keys to be kept in a secure place.

WRONG **B** is incorrect because it is true that the more a key is used, the shorter its lifetime should be. The frequency of use of a cryptographic key has a direct correlation to how often the key should be changed. The more a key is used, the more likely it is to be captured and compromised. If a key is used infrequently, then this risk drops dramatically. The necessary level of security and the frequency of use can dictate the frequency of key updates. A mom-and-pop diner might only change its cryptography keys every month, whereas an information warfare military unit might change them every day or every week.

WRONG **D** is incorrect because it is true that keys should be stored and transmitted by secure means. Keys are stored before and after distribution. When a key is distributed to a user, it needs a secure place within the file system to be stored and used in a controlled method. The key, the algorithm that will use the key, configurations, and parameters are stored in a module that also needs to be protected. If an attacker is able to obtain these components, she could masquerade as another user and decrypt, read, and re-encrypt messages not intended for her.

##
**
**Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)

**Secure Electronic Transaction (SET)** is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. SET has been waiting in the wings for full implementation and acceptance as a standard for quite some time. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method.

##
**
**The pad must be as long as the message

The pad must be as long as the message

• The pad must be as long as the message. If it is not as long as the message, the pad will need to be reused to cover the whole message. This would be the same thing as using a pad more than one time, which could introduce patterns.

##
**
**Scytale cipher

Scytale cipher

Ancient encryption tool that used a type of paper and rod used by Greek military factions

Sean is a security administrator for a financial company and has an array of security responsibilities. He needs to ensure that traffic flowing within the internal network can only travel from one authenticated system to another authenticated system. This traffic has to be visible to the company’s IDS sensors, so it cannot be encrypted. The data traffic that flows externally to and from the network must only travel to authenticated systems and must be encrypted. He needs to ensure that each employee laptop has full disk encryption capabilities and that each e-mail message that each employee sends is sent from an authenticated individual.

**31**. When Sean purchases laptops for his company, what does he need to ensure is provided by the laptop vendor?

**A**. Public key cryptography

**B**. Cryptography, hashing, and message authentication

**C**. BIOS password protection

**D**. Trusted Platform Module

**31. D**. Trusted Platform Module (TPM) is a microchip that is part of the motherboard of newer systems. It provides cryptographic functionality that allows for full disk encryption. The decryption key is wrapped and stored within the TPM chip.

##
**
**The following are examples of symmetric algorithms, which will be explained later in the "Block and Stream Ciphers" section:

The following are examples of symmetric algorithms, which will be explained later in the "Block and Stream Ciphers" section:

###
- Data Encryption Standard (DES)
- Triple-DES (3DES)
- Blowfish
- International Data Encryption Algorithm (IDEA)
- RC4, RC5, and RC6
- Advanced Encryption Standard (AES)

##
**
**Here We Are

Here We Are

If this is your first time trying to understand cryptography, you may be exasperated by now. Don’t get too uptight. Many people are new to cryptography, because all of this magic just seems to work in the background without us having to understand it or mess with it.

**10.** If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation?

**A.** The pad must be securely distributed and protected at its destination.

**B.** The pad must be made up of truly random values.

**C.** The pad must always be the same length.

**D.** The pad must be used only one time.

CORRECT **C.** A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. It was invented by Gilbert Vernam in 1917, so sometimes it is referred to as the Vernam cipher. The pad must be at least as long as the message. If it is not as long as the message, the pad will need to be reused to cover the whole message. This would be the same thing as using a pad more than one time, which could introduce patterns.

WRONG **A** is incorrect because it is true that the pad must be securely distributed and protected at its destination. This is a very cumbersome process to accomplish, because the pads are usually just individual pieces of paper that need to be delivered by a secure courier and properly guarded at each destination. One-time pads have been used throughout history to protect different types of sensitive data. Today, they are still in place for many types of militaries as a backup encryption option if current encryption processes (that require computers and a power source) are unavailable for reasons of war or attacks.

WRONG **B** is incorrect because it is true that the pad must be made up of truly random values. This may not seem like a difficult task, but even our computer systems today do not have truly random number generators; rather, they have pseudorandom number generators. These generators are seeded by an initial value from some component within the computer system (time, CPU cycles, etc.). Although a computer system is complex, it is a predictable environment, so if the seeding value is predictable in any way, the resulting values created are not truly random—but pseudorandom.

WRONG **D** is incorrect because it is true that the pad must be used only one time. If the pad is used more than one time, this might introduce patterns in the encryption process that will aid an evildoer in his goal of breaking the encryption. Although the one-time pad approach to encryption can provide a very high degree of security, it is impractical in most situations because of all of its different requirements. Each possible pair of entities that might want to communicate in this fashion must receive, in a secure fashion, a pad. This type of key management can be overwhelming and may require more overhead than it is worth. The distribution of the pad can be challenging, and the sender and receiver must be perfectly synchronized so that each is using the same pad.

##
**
**The Strength of the Cryptosystem

The Strength of the Cryptosystem

You are the weakest link. Goodbye!

The **strength** of an encryption method comes from the algorithm, the secrecy of the key, the length of the key, the initialization vectors, and how they all work together within the cryptosystem. When strength is discussed in encryption, it refers to how hard it is to figure out the algorithm or key, whichever is not made public. Attempts to break a cryptosystem usually involve processing an amazing number of possible values in the hopes of finding the one value (key) that can be used to decrypt a specific message. The strength of an encryption method correlates to the amount of necessary processing power, resources, and time required to break the cryptosystem or to figure out the value of the key. Breaking a cryptosystem can be accomplished by a brute force attack, which means trying every possible key value until the resulting plaintext is meaningful. Depending on the algorithm and length of the key, this can be an easy task or one that is close to impossible. If a key can be broken with a Pentium Core i5 processor in three hours, the cipher is not strong at all. If the key can only be broken with the use of a thousand multiprocessing systems over 1.2 million years, then it is pretty darn strong. The introduction of dual-core processors has really increased the threat of brute force attacks.

##
**
**Transposition

Transposition

Encryption method that shifts (permutation) values

##
**
**Secure Shell (SSH)

Secure Shell (SSH)

Network protocol that allows for a secure connection to a remote system. Developed to replace Telnet and other insecure remote shell methods.

##
**
**Strong cryptographic hash functions has the following characteristics:

Strong cryptographic hash functions has the following characteristics:

###
- The hash should be computed over the entire message.
- The hash should be a one-way function so messages are not disclosed by their values.
- Given a message and its hash value, computing another message with the same hash value should be impossible.
- The function should be resistant to birthday attacks (explained in the upcoming section "Attacks Against One-Way Hash Functions").

##
**
**Asymmetric and Symmetric Algorithms Used Together

Asymmetric and Symmetric Algorithms Used Together

**Public key cryptography** uses two keys (public and private) generated by an asymmetric algorithm for protecting encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk encryption. Then there is a hybrid use of the two different algorithms: asymmetric and symmetric. Each algorithm has its pros and cons, so using them together can be the best of both worlds.

**26**. The generation of keys that are made up of random values is referred to as Key Derivation Functions (KDFs). What values are not commonly used in this key generation process?

**A**. Hashing values

**B**. Asymmetric values

**C**. Salts

**D**. Passwords

**26. B**. Different values can be used independently or together to play the role of random key material. The algorithm is created to use specific hash, passwords, and\or salt values, which will go through a certain number of rounds of mathematical functions dictated by the algorithm.

##
**
**Cryptography

Cryptography

Science of secret writing that enables an entity to store and transmit data in a form that is available only to the intended individuals

##
**
**Digital signature standard

Digital signature standard

U.S. standard that outlines the approved algorithms to be used for digital signatures for government authentication activities.

##
**
**Replay attack

Replay attack

Valid data transmission is maliciously or fraudulently repeated to allow an entity gain unauthorized access.

##
**
**El Gamal algorithm

El Gamal algorithm

Asymmetric algorithm based upon the Diffie-Hellman algorithm used for digital signatures, encryption, and key exchange.

##
**
**Analytic attack

Analytic attack

Cryptanalysis attack that exploits vulnerabilities within the algorithm structure.

##
**
**Analytic Attacks

Analytic Attacks

**Analytic attacks** identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm. Examples include the Double DES attack and RSA factoring attack.

##
**
**Linear Cryptanalysis

Linear Cryptanalysis

**Linear cryptanalysis** is another type of attack that carries out functions to identify the highest probability of a specific key employed during the encryption process using a block algorithm. The attacker carries out a known-plaintext attack on several different messages encrypted with the same key. The more messages the attacker can use and put through this type of attack, the higher the confidence level in the probability of a specific key value.

##
**
**Symmetric vs. Asymmetric Algorithms

Symmetric vs. Asymmetric Algorithms

Cryptography algorithms are either **symmetric algorithms,** which use symmetric keys (also called secret keys), or **asymmetric algorithms,** which use asymmetric keys (also called public and private keys). As if encryption were not complicated enough, the terms used to describe the key types only make it worse. Just pay close attention and you will get through this fine.

##
**
**Digital Envelopes

Digital Envelopes

When cryptography is new to people, the process of using symmetric and asymmetric cryptography together can be a bit confusing. But it is important to understand these concepts, because they really are the core, fundamental concepts of all cryptography. This process is not just used in an e-mail client or in a couple of products—this is how it is done when data and a symmetric key must be protected in transmission.

Unfortunately, we don’t always seem to be able to call an apple an apple. In many types of technology, the exact same thing can have more than one name. This could be because the different inventors of the technology had schizophrenia, or it could mean that different terms just evolved over time that overlapped. Sadly, you could see symmetric cryptography referred to as any of the following:

###
- Single key cryptography
- Secret key cryptography
- Session key cryptography
- Private key cryptography
- Shared-key cryptography

##
**
**Encipher

Encipher

Act of transforming data into an unreadable format

##
**
**Secure HTTP

Secure HTTP

Though their names are very similar, there is a difference between Secure HTTP (S-HTTP) and HTTP Secure (HTTPS). **S-HTTP** is a technology that protects each message sent between two computers, while HTTPS protects the communication channel between two computers, messages and all. HTTPS uses SSL/TLS and HTTP to provide a protected circuit between a client and server. So, S-HTTP is used if an individual message needs to be encrypted, but if all information that passes between two computers must be encrypted, then HTTPS is used, which is SSL over HTTP.

Sean is a security administrator for a financial company and has an array of security responsibilities. He needs to ensure that traffic flowing within the internal network can only travel from one authenticated system to another authenticated system. This traffic has to be visible to the company’s IDS sensors, so it cannot be encrypted. The data traffic that flows externally to and from the network must only travel to authenticated systems and must be encrypted. He needs to ensure that each employee laptop has full disk encryption capabilities and that each e-mail message that each employee sends is sent from an authenticated individual.

**30**. Which of the following best describes the software settings that need to be implemented for internal and external traffic?

**A**. IPSec with ESP enabled for internal traffic and IPSec with AH enabled for external traffic

**B**. IPSec with AH enabled for internal traffic and IPSec with ESP enabled for external traffic

**C**. IPSec with AH enabled for internal traffic and IPSec with AN and ESP enabled for external traffic

**D**. IPSec with AH and ESP enabled for internal traffic and IPSec with ESP enabled for external traffic

**30. B**. IPSec can be configured using the AH protocol, which enables system authentication but does not provide encryption capabilities. IPSec can be configured with the ESP protocol, which provides authentication and encryption capabilities.

##
**
**Online certificate status protocol

Online certificate status protocol

Automated method of maintaining revoked certificates within a PKI.

##
**
**Multipurpose Internet Mail Extension

Multipurpose Internet Mail Extension

Standard that outlines the format of e-mail messages and allows binary attachments to be transmitted through email.

##
**
**The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm

The first group to address the shortfalls of symmetric key cryptography decided to attack the issue of secure distribution of the symmetric key. Whitfield Diffie and Martin Hellman worked on this problem and ended up developing the first asymmetric key agreement algorithm, called, naturally, Diffie-Hellman.

##
**
**Diving into Numbers

Diving into Numbers

Cryptography is really all about using mathematics to scramble bits into an undecipherable form and then using the same mathematics in reverse to put the bits back into a form that can be understood by computers and people. RSA’s mathematics are based on the difficulty of factoring a large integer into its two prime factors. Put on your nerdy hat with the propeller and let’s look at how this algorithm works.

##
**
**asymmetric algorithms

asymmetric algorithms

Cryptography algorithms are either **symmetric algorithms,** which use symmetric keys (also called secret keys), or **asymmetric algorithms,** which use asymmetric keys (also called public and private keys). As if encryption were not complicated enough, the terms used to describe the key types only make it worse. Just pay close attention and you will get through this fine.

##
**
**Digital envelope

Digital envelope

Message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. Collectively this is called a digital envelope.

**30.** What cryptographic attack type carries out a mathematical analysis by trying to break a math problem from the beginning and the end of the mathematical formula simultaneously?

**A.** Known plaintext

**B.** Adaptive ciphertext

**C.** Known ciphertext

**D.** Meet-in-the-middle

CORRECT **D.** Meet-in-the-middle attack refers to a mathematical analysis used to try and break a math problem from both ends. It is a technique that works on the forward mapping of a function and the inverse of the second function at the same time. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

WRONG **A** is incorrect because known plaintext attacks are a type of cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext. The attacker has the plaintext and corresponding ciphertext of one or more messages. The goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.

WRONG **B** is incorrect because all cryptographic attacks have a derivative form, the names of which are the same except for putting the word "adaptive" in front of them, such as adaptive chosen-plaintext and adaptive chosen-ciphertext. What this means is that the attacker can carry out one of these attacks and, depending upon what she gleaned from that first attack, modify her next attack. This is the process of reverse-engineering or cryptanalysis attacks: using what you learned to improve your next attack.

WRONG **C** is incorrect because this is a distracter answer. Attacks can always "know" the ciphertext. This is just the encrypted version of the text.

##
**
**Algebraic attacks

Algebraic attacks

**Algebraic attacks** analyze the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure. For instance, attacks on the "textbook" version of the RSA cryptosystem exploit properties of the algorithm, such as the fact that the encryption of a raw "0" message is "0."

**2**. The frequency of successful brute force attacks has increased because

**A**. The use of permutations and transpositions in algorithms has increased.

**B**. As algorithms get stronger, they get less complex, and thus more susceptible to attacks.

**C**. Processor speed and power have increased.

**D**. Key length reduces over time.

**2. C**. A brute force attack is resource-intensive. It tries all values until the correct one is obtained. As computers have more powerful processors added to them, attackers can carry out more powerful brute force attacks.

##
**
**Hashed message authentication code (HMAC)

Hashed message authentication code (HMAC)

Cryptographic hash function that uses a symmetric key value and is used for data integrity and data origin authentication.

##
**
**Key Management Principles

Key Management Principles

Keys should not be in cleartext outside the cryptography device. As stated previously, many cryptography algorithms are known publicly, which puts more stress on protecting the secrecy of the key. If attackers know how the actual algorithm works, in many cases, all they need to figure out is the key to compromise a system. This is why keys should not be available in cleartext—the key is what brings secrecy to encryption.

**16**. Who was involved in developing the first public key algorithm?

**A**. Adi Shamir

**B**. Ross Anderson

**C**. Bruce Schneier

**D**. Martin Hellman

**16. D**. The first released public key cryptography algorithm was developed by Whitfield Diffie and Martin Hellman.

##
**
**Persistent memory

Persistent memory

There are two kinds of keys present in the static memory: Endorsement Key (EK) and Storage Root Key (SRK):

##
**
**Knapsack algorithm

Knapsack algorithm

Asymmetric algorithm based upon a subset sum problem (knapsack problem). It has been broken and no longer used.

##
**
**Cryptology

Cryptology

The study of both cryptography and cryptanalysis

##
**
**Cardholder

Cardholder

The individual authorized to use a credit card.

##
**
**Active attack

Active attack

Attack where the attacker does interact with processing or communication activities.

• **Versatile memory** There are three kinds of keys (or values) present in the versatile memory: Attestation Identity Key (AIK), Platform Configuration Register Hashes (PCR), and storage keys:

###
- The AIK is used for the attestation of the TPM chip itself to service providers. The AIK is linked to the TPM’s identity at the time of development, which in turn is linked to the TPM’s Endorsement Key. Therefore, the AIK ensures the integrity of the EK.
- The PCR is used to store cryptographic hashes of data used for TPM’s "sealing" functionality.
- The storage keys are used to encrypt the storage media of the computer system.

**2.** Which of the following correctly describes the relationship between SSL and TLS?

**A.** TLS is the open-community version of SSL.

**B.** SSL can be modified by developers to expand the protocol’s capabilities.

**C.** TLS is a proprietary protocol, while SSL is an open-community protocol.

**D.** SSL is more extensible and backward compatible with TLS.

CORRECT **A.** Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that are used to secure communications by encrypting segments of network connections. Both protocols work at the transport layer. TLS is the open-community version of SSL. Because TLS is an open-community protocol, its specifications can be modified by vendors within the community to expand what it can do and what technologies it can work with. SSL is a proprietary protocol, and TLS was developed by a standards body, making it an open-community protocol.

WRONG **B** is incorrect because SSL is a proprietary protocol developed by Netscape. This means the technology community cannot easily extend SSL to inter-operate and expand in its functionality. If a protocol is proprietary in nature, as SSL is, the technology community cannot directly change its specifications and functionality. The reason that TLS was developed was to standardize how data can be transmitted securely through a protocol and how vendors can modify the protocol and still allow for interoperability.

WRONG **C** is incorrect because the statement is backward. TLS is not proprietary. It is the open-community version of SSL, which is proprietary. The differences between the latest version of SSL (3.0) and TLS are slight, but TLS can be modified by developers to increase its functionality and work with other technologies. SSL, on the other hand, can only be modified by Netscape. Its code is not open to others.

WRONG **D** is incorrect because TLS is actually more extensible than SSL and is not backward compatible with SSL. TLS and SSL provide the same type of functionality and are very similar, but not similar enough to work directly together. If two devices need to communicate securely, they need to be using either TLS or SSL—they cannot use a hybrid approach and still be able to communicate.

**One-Time Pad Requirements**

For a one-time pad encryption scheme to be considered unbreakable, each pad in the scheme must be

###
- Made up of truly random values
- Used only one time
- Securely distributed to its destination
- Secured at sender’s and receiver’s sites
- At least as long as the message

##
**
**Hashes, HMACs, CBC-MACs, CMACs—Oh My!

Hashes, HMACs, CBC-MACs, CMACs—Oh My!

MACs and hashing processes can be confusing. The following table simplifies the differences between them.

##
**
**Secure Electronic Transaction

Secure Electronic Transaction

Secure e-commerce standard developed by Visa and MasterCard that has not been accepted within the marketplace.

##
**
**least significant bit (LSB)

least significant bit (LSB)

###
A method of embedding the message into some type of medium is to use the **least significant bit (LSB)**. Many types of files have some bits that can be modified and not affect the file they are in, which is where secret data can be hidden without altering the file in a visible manner. In the LSB approach, graphics with a high resolution or an audio file that has many different types of sounds (high bit rate) are the most successful for hiding information within. There is commonly no noticeable distortion, and the file is usually not increased to a size that can be detected. A 24-bit bitmap file will have 8 bits representing each of the three color values, which are red, green, and blue. These eight bits are within each pixel. If we consider just the blue, there will be 2^{8} different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used for something other than color information.

##
**
**HTTP Secure

HTTP Secure

**HTTP Secure (HTTPS)** is HTTP running over SSL. (HTTP works at the application layer, and SSL works at the transport layer.) **Secure Sockets Layer (SSL)** uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. When a client accesses a web site, that web site may have both secured and public portions. The secured portion would require the user to be authenticated in some fashion. When the client goes from a public page on the web site to a secured page, the web server will start the necessary tasks to invoke SSL and protect this type of communication.

**15**. What does DEA stand for?

**A**. Data Encoding Algorithm

**B**. Data Encoding Application

**C**. Data Encryption Algorithm

**D**. Digital Encryption Algorithm

**15. C**. DEA is the algorithm that fulfilled the DES standard. So DEA has all of the attributes of DES: a symmetric block cipher that uses 64-bit blocks, 16 rounds, and a 56-bit key.

**17.** Advanced Encryption Standard is an algorithm used for which of the following?

**A.** Data integrity

**B.** Bulk data encryption

**C.** Key recovery

**D.** Distribution of symmetric keys

CORRECT **B.** The Advanced Encryption Standard (AES) is a data encryption standard that was developed to improve upon the previous de facto standard—the Data Encryption Standard (DES). As a symmetric algorithm, AES is used to encrypt bulk data. Symmetric algorithms, of any kind, are used to encrypt large amounts of data (bulk), while asymmetric algorithms are used to encrypt a small amount of data as in keys and hashing values.

WRONG **A** is incorrect because the Advanced Encryption Standard (AES) is an encryption algorithm and therefore provides confidentiality, not data integrity. Hashing algorithms, such as SHA-1, MD2, MD4, MD5, and HAVAL, provide data integrity.

WRONG **C** is incorrect because the Advanced Encryption Standard (AES) is not used for key recovery. However, AES generates and makes use of keys, which require key recovery procedures. Keys are at risk of being lost, destroyed, or corrupted. Backup copies should be available and easily accessible when required. If data are encrypted and then the user accidentally loses the necessary key to decrypt it, this information would be lost forever if there were not a backup key to save the day. The application being used for cryptography may have key recovery options, or it may require copies of the keys to be kept in a secure place.

WRONG **D** is incorrect because asymmetric algorithms are used to protect symmetric keys while being distributed. AES is a symmetric algorithm. In a hybrid system, the symmetric algorithm creates a secret key that will be used to encrypt the bulk, or the message, and the asymmetric key encrypts the secret key for transmission.

##
**
**Certificates

Certificates

One of the most important pieces of a PKI is its digital certificate. A **certificate** is the mechanism used to associate a public key with a collection of components in a manner that is sufficient to uniquely identify the claimed owner. The standard for how the CA creates the certificate is **X.509,** which dictates the different fields used in the certificate and the valid values that can populate those fields. The most commonly used version is 3 of this standard, which is often denoted as X.509v3. Many cryptographic protocols use this type of certificate, including SSL.

##
**
**RC5

RC5

Block symmetric cipher that uses variable block sizes (32, 64, 128) and variable-length key sizes (0-2040).

##
**
**Initialization Vectors

Initialization Vectors

**Initialization vectors (IVs)** are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination. If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext. Providing attackers with these types of patterns can make their job easier in breaking the encryption method and uncovering the key. For example, if we have the plaintext value of "See Spot run" two times within our message, we need to make sure that even though there is a pattern in the plaintext message, a pattern in the resulting ciphertext will not be created. So the IV and key are both used by the algorithm to provide more randomness to the encryption process.

##
**
**Versatile memory

Versatile memory

There are three kinds of keys (or values) present in the versatile memory: Attestation Identity Key (AIK), Platform Configuration Register Hashes (PCR), and storage keys:

##
**
**Types of Ciphers

Types of Ciphers

Symmetric encryption ciphers come in two basic types: substitution and transposition (permutation). The **substitution cipher** replaces bits, characters, or blocks of characters with different bits, characters, or blocks. The **transposition cipher** does not replace the original text with different text, but rather moves the original values around. It rearranges the bits, characters, or blocks of characters to hide the original meaning.

##
Rules for Keys and Key Management : Key management is critical for proper protection. The following are responsibilities that fall under the key management umbrella:

Rules for Keys and Key Management : Key management is critical for proper protection. The following are responsibilities that fall under the key management umbrella:

###
- The key length should be long enough to provide the necessary level of protection.
- Keys should be stored and transmitted by secure means.
- Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace.
- The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.)
- The more the key is used, the shorter its lifetime should be.
- Keys should be backed up or escrowed in case of emergencies.
- Keys should be properly destroyed when their lifetime comes to an end.

##
**
**Authentication header protocol

Authentication header protocol

Protocol within the IPSec suite used for integrity and authentication.

**11**. How many bits make up the effective length of the DES key?

**A**. 56

**B**. 64

**C**. 32

**D**. 16

**11. A**. DES has a key size of 64 bits, but 8 bits are used for parity, so the true key size is 56 bits. Remember that DEA is the algorithm used for the DES standard, so DEA also has a true key size of 56 bits, because we are actually talking about the same algorithm here. DES is really the standard, and DEA is the algorithm. We just call it DES in the industry because it is easier.

**23**. Which of the following is based on the fact that it is hard to factor large numbers into two original prime numbers?

**A**. ECC

**B**. RSA

**C**. DES

**D**. Diffie-Hellman

**23. B**. The RSA algorithm’s security is based on the difficulty of factoring large numbers into their original prime numbers. This is a one-way function. It is easier to calculate the product than it is to identify the prime numbers used to generate that product.

##
**
**Message Integrity

Message Integrity

Parity bits and cyclic redundancy check (CRC) functions have been used in protocols to detect modifications in streams of bits as they are passed from one computer to another, but they can usually detect only unintentional modifications. Unintentional modifications can happen if a spike occurs in the power supply, if there is interference or attenuation on a wire, or if some other type of physical condition happens that causes the corruption of bits as they travel from one destination to another. Parity bits cannot identify whether a message was captured by an intruder, altered, and then sent on to the intended destination. The intruder can just recalculate a new parity value that includes his changes, and the receiver would never know the difference. For this type of protection, hash algorithms are required to successfully detect intentional and unintentional unauthorized modifications to data. We will now dive into hash algorithms and their characteristics.

##
**
**DES-EDE2

DES-EDE2

The same as DES-EDE3, but uses only two keys, and the first and third encryption processes use the same key.

##
**
**Expansion

Expansion

Expanding the plaintext by duplicating values. Commonly used to increase the plaintext size to map to key sizes.

Sean is a security administrator for a financial company and has an array of security responsibilities. He needs to ensure that traffic flowing within the internal network can only travel from one authenticated system to another authenticated system. This traffic has to be visible to the company’s IDS sensors, so it cannot be encrypted. The data traffic that flows externally to and from the network must only travel to authenticated systems and must be encrypted. He needs to ensure that each employee laptop has full disk encryption capabilities and that each e-mail message that each employee sends is sent from an authenticated individual.

**32**. What type of e-mail functionality is required for this type of scenario?

**A**. Digital signature

**B**. Hashing

**C**. Cryptography

**D**. Message authentication code

**32. A**. A digital signature is a hash value that has been encrypted with the sender’s private key. A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. When e-mail clients have this type of functionality, each sender is authenticated through digital certificates.

##
**
**The pad must be made up of truly random values

The pad must be made up of truly random values

• The pad must be made up of truly random values. This may not seem like a difficult task, but even our computer systems today do not have truly random number generators; rather, they have pseudorandom number generators.

**22**. What is the primary purpose of using one-way hashing on user passwords?

**A**. It minimizes the amount of primary and secondary storage needed to store passwords.

**B**. It prevents anyone from reading passwords in plaintext.

**C**. It avoids excessive processing required by an asymmetric algorithm.

**D**. It prevents replay attacks.

**22. B**. Passwords are usually run through a one-way hashing algorithm so the actual password is not transmitted across the network or stored on a system in plaintext. This greatly reduces the risk of an attacker being able to obtain the actual password.

##
**
**Frequency analysis

Frequency analysis

Cryptanalysis process used to identify weaknesses within cryptosystems by locating patterns in resulting ciphertext

##
**
**Cryptosystem

Cryptosystem

Hardware or software implementation of cryptography that contains all the necessary software, protocols, algorithms, and keys

##
**
**Digital Watermarking

Digital Watermarking

Have you ever tried to copy something that was not yours that had an embedded logo or trademark of another company? (If so, shame on you!) The embedded logo or trademark is called a **digital watermark**. Instead of having a secret message within a graphic that is supposed to be invisible to you, digital watermarks are usually visible. These are put into place to deter people from using material that is not theirs. This type of steganography is referred to as **Digital Rights Management (DRM)**. The goal is to restrict the usage of material that is owned by a company or individual.

##
**
**The following list outlines the strengths and weakness of symmetric key systems:

**Strengths**

The following list outlines the strengths and weakness of symmetric key systems:

**Strengths**

###
- Much faster (less computationally intensive) than asymmetric systems.
- Hard to break if using a large key size.

##
**
**Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP)

###
**Pretty Good Privacy (PGP)** was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP uses its own type of digital certificates rather than what is used in PKI, but they both have similar purposes.

**6**. Which of the following best describes the difference between HMAC and CBC-MAC?

**A**. HMAC creates a message digest and is used for integrity; CBC-MAC is used to encrypt blocks of data for confidentiality.

**B**. HMAC uses a symmetric key and a hashing algorithm; CBC-MAC uses the first block for the checksum.

**C**. HMAC provides integrity and data origin authentication; CBC-MAC uses a block cipher for the process of creating a MAC.

**D**. HMAC encrypts a message with a symmetric key and then puts the result through a hashing algorithm; CBC-MAC encrypts the whole message.

**6. C**. In an HMAC operation, a message is concatenated with a symmetric key and the result is put through a hashing algorithm. This provides integrity and system or data authentication. CBC-MAC uses a block cipher to create a MAC, which is the last block of ciphertext.

**20**. If different keys generate the same ciphertext for the same message, what is this called?

**A**. Collision

**B**. Secure hashing

**C**. MAC

**D**. Key clustering

**20. D**. Message A was encrypted with key A and the result is ciphertext Y. If that same message A were encrypted with key B, the result should not be ciphertext Y. The ciphertext should be different since a different key was used. But if the ciphertext is the same, this occurrence is referred to as key clustering.

##
**
**modification detection code (MDC)

modification detection code (MDC)

###
• MAC is also sometimes called **message integrity code (MIC)** or **modification detection code (MDC)**.

##
**
**International Data Encryption Algorithm

International Data Encryption Algorithm

Block symmetric cipher that uses a 128-bit key and 64-bit block size.

##
**
**Disadvantages of end-to-end encryption include the following:

Disadvantages of end-to-end encryption include the following:

###
- Headers, addresses, and routing information are not encrypted, and therefore not protected.

##
**
**Statistically unpredictable keystream

Statistically unpredictable keystream

Bits generated from the keystream generator cannot be predicted.

**18.** SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process?

**A.** The server creates a session key and encrypts it with a public key.

**B.** The server creates a session key and encrypts it with a private key.

**C.** The client creates a session key and encrypts it with a private key.

**D.** The client creates a session key and encrypts it with a public key.

CORRECT **D.** Secure Sockets Layer (SSL) uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. When a client accesses a Web site, that Web site may have both secured and public portions. The secured portion would require the user to be authenticated in some fashion. When the client goes from a public page on the Web site to a secured page, the Web server will start the necessary tasks to invoke SSL and protect this type of communication. The server sends a message back to the client, indicating a secure session should be established, and the client in response sends its security parameters. The server compares those security parameters to its own until it finds a match. This is the handshaking phase. The server authenticates to the client by sending it a digital certificate, and if the client decides to trust the server, the process continues. The client generates a session key and encrypts it with the server’s public key. This encrypted key is sent to the Web server, and they both use this symmetric key to encrypt the data they send back and forth.

WRONG **A** is incorrect because the server does not create the session key; the client creates a session key and encrypts it with the server’s public key. SSL is commonly used in Web transactions and works in the following way: client creates session key, client encrypts session key with server’s public key and sends it to the server, server receives session key and decrypts it with its private key.

WRONG **B** is incorrect because the server does not create the session key, and it is not encrypted with the private key. The client creates a session key and encrypts it with the server’s public key. The server receives the session key and decrypts it with its private key. The session key is then used to encrypt the data that is transmitted between the client and server.

WRONG **C** is incorrect because the client uses the server’s public key to encrypt the session key it generates. If the client encrypted the session key with the private key, then any entity that possessed the client’s public key would be able to decrypt the session key. This does not provide any security. By encrypting the session key with the server’s public key, only the server—which possesses the corresponding private key—can decrypt it.

##
**
**Stegomedium

Stegomedium

The medium in which the information is hidden

##
**
**Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)

###
**Secure Electronic Transaction (SET)** is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. SET has been waiting in the wings for full implementation and acceptance as a standard for quite some time. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method.

##
**
**Analytic attacks

Analytic attacks

**Analytic attacks** identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm. Examples include the Double DES attack and RSA factoring attack.

##
**
**PKI supplies the following security services:

PKI supplies the following security services:

###
- Confidentiality
- Access control
- Integrity
- Authentication
- Nonrepudiation

##
**
**Avalanche effect

Avalanche effect

Algorithm design requirement so that slight changes to the input result in drastic changes to the output.

**20.** End-to-end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies?

**A.** Link encryption does not encrypt headers and trailers.

**B.** Link encryption encrypts everything but data link messaging.

**C.** End-to-end encryption requires headers to be decrypted at each hop.

**D.** End-to-end encryption encrypts all headers and trailers.

CORRECT **B.** Encryption can be performed at different communication levels, each with different types of protection and implications. Two general modes of encryption implementation are link encryption and end-to-end encryption. Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods. Link encryption provides protection against packet sniffers and eavesdroppers. In end-to-end encryption, the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed. With end-to-end encryption only the data payload is encrypted.

WRONG **A** is incorrect because link encryption does encrypt the headers and trailers. This is a major advantage to using link encryption: the headers, trailers, and data payload are encrypted except for the data link messaging. It also works seamlessly at a lower layer in the OSI model, so users do not need to do anything to initiate it.

WRONG **C** is incorrect because the headers are not encrypted with end-to-end encryption, so there is no need to decrypt them at each hop. This is an advantage of using end-to-end encryption. Other advantages include additional flexibility for the user in choosing what gets encrypted and how, and a higher granularity of functionality because each application or user can choose specific configurations.

WRONG **D** is incorrect because end-to-end encryption does not encrypt any headers or trailers. As a result, they are not protected. This is the primary disadvantage to using end-to-end encryption. If the headers and trailers need to be protected, then link encryption should be used.

##
**
**Public key cryptography

Public key cryptography

Asymmetric cryptography, which uses public and private key values for cryptographic functions.

##
**
**message authentication code (MAC)

message authentication code (MAC)

###
The hashing one-way function takes place without the use of any keys. This means, for example, that if Cheryl writes a message, calculates a message digest, appends the digest to the message, and sends it on to Scott, Bruce can intercept this message, alter Cheryl’s message, recalculate another message digest, append it to the message, and send it on to Scott. When Scott receives it, he verifies the message digest, but never knows the message was actually altered by Bruce. Scott thinks the message came straight from Cheryl and it was never modified because the two message digest values are the same. If Cheryl wanted more protection than this, she would need to use **message authentication code (MAC)**.

##
**
**Public key infrastructure (PKI)

Public key infrastructure (PKI)

**Public key infrastructure (PKI)** is a different animal. It is not an algorithm, a protocol, or an application—it is an infrastructure based on public key cryptography.

##
**
**Disadvantages of link encryption include the following:

Disadvantages of link encryption include the following:

###
- Key distribution and management are more complex because each hop device must receive a key, and when the keys change, each must be updated.
- Packets are decrypted at each hop; thus, more points of vulnerability exist.

##
**
**Security services

Security services

Purely symmetric key cryptography provides confidentiality only, not authentication or nonrepudiation.

##
**
**Compression

Compression

Reduce redundancy before plaintext is encrypted. Compression functions are run on the text before it goes into the encryption algorithm.

##
**
**Chosen-plaintext attack

Chosen-plaintext attack

Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.

##
**
**Quantum Cryptography

Quantum Cryptography

Gee, cryptography just isn’t complex enough. Let’s mix some quantum physics in with it.

Today, we have very sophisticated and strong algorithms that are more than strong enough for most uses. Some communication data are so critical and so desired by other powerful entities that even our current algorithms may be broken. This type of data might be spy interactions, information warfare, government espionage, and so on. When a whole country wants to break another country’s encryption, a great deal of resources will be put behind such efforts—which can put our current algorithms at risk of being broken.

##
**
**email Standards

email Standards

Like other types of technologies, cryptography has industry standards and de facto standards. Standards are necessary because they help ensure interoperability among vendor products. Standards usually mean that a certain technology has been under heavy scrutiny and has been properly tested and accepted by many similar technology communities. A company still needs to decide what type of standard to follow and what type of technology to implement.

##
**
**Side-channel attack

Side-channel attack

Attack that uses information (timing, power consumption) that has been gathered to uncover sensitive data or processing functions.

##
**
**Rijndael

Rijndael

Developed by Joan Daemen and Vincent Rijmen

##
**
**Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES)

DES was later replaced by the **Rijndael** algorithm as the **Advanced Encryption Standard (AES)** by NIST. This means that Rijndael is the new approved method of encrypting sensitive but unclassified information for the U.S. government; it has been accepted by, and is widely used in, the public arena today.

##
**
**A keystream not linearly related to the key

A keystream not linearly related to the key

If someone figures out the keystream values, that does not mean she now knows the key value.

**14**. Which of the following best describes a certificate authority?

**A**. An organization that issues private keys and the corresponding algorithms

**B**. An organization that validates encryption processes

**C**. An organization that verifies encryption keys

**D**. An organization that issues certificates

**14. D**. A registration authority (RA) accepts a person’s request for a certificate and verifies that person’s identity. Then the RA sends this request to a certificate authority (CA), which generates and maintains the certificate.

##
**
**Replay Attacks

Replay Attacks

A big concern in distributed environments is the **replay attack,** in which an attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information. Many times, the data captured and resubmitted are authentication information, and the attacker is trying to authenticate herself as someone else to gain unauthorized access.

##
**
**Cipher Block Chaining (CBC) Mode

Cipher Block Chaining (CBC) Mode

###
**Cipher Block Chaining (CBC) Mode** In ECB mode, a block of plaintext and a key will always give the same ciphertext. This means that if the word "balloon" were encrypted and the resulting ciphertext was "hwicssn," each time it was encrypted using the same key, the same ciphertext would always be given. This can show evidence of a pattern, enabling an evildoer, with some effort, to discover the pattern and get a step closer to compromising the encryption process.

##
**
**Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP)

**Pretty Good Privacy (PGP)** was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP uses its own type of digital certificates rather than what is used in PKI, but they both have similar purposes.

##
**
**Blowfish

Blowfish

Block symmetric cipher that uses 64-bit block sizes and variable-length keys.

**8**. Many countries restrict the use or exportation of cryptographic systems. What is the reason given when these types of restrictions are put into place?

**A**. Without standards, there would be many interoperability issues when trying to employ different algorithms in different programs.

**B**. The systems can be used by some countries against their local people.

**C**. Criminals could use encryption to avoid detection and prosecution.

**D**. Laws are way behind, so adding different types of encryption would confuse the laws more.

**8. C**. The U.S. government has greatly reduced its restrictions on cryptography exportation, but there are still some restrictions in place. Products that use encryption cannot be sold to any country the United States has declared is supporting terrorism. The fear is that the enemies of the country would use encryption to hide their communication, and the government would be unable to break this encryption and spy on their data transfers.

##
**
**Cryptanalysis

Cryptanalysis

Practice of uncovering flaws within cryptosystems

##
**
**Private key

Private key

Value used in public key cryptography that is used for decryption and signature creation and known to only key owner.

Tim is a new manager for the software development team at his company. There are different types of data that the company’s software needs to protect. Credit card PIN values are stored within their proprietary retail credit card processing software. The same software also stores documents, which must be properly encrypted and protected. This software is used to transfer sensitive data over dedicated WAN connections between the company’s three branches. Tim also needs to ensure that every user that interacts with the software is properly authenticated before being allowed access, and once the authentication completes successfully, an SSL connection needs to be set up and maintained for each connection.

**29**. Which of the following is the best way for users to authenticate to this company’s proprietary software?

**A**. Kerberos

**B**. RADIUS

**C**. Public Key Infrastructure

**D**. IPSec

**29. C**. The users can be authenticated by providing digital certificates to the software within a PKI environment. This is the best authentication approach, since SSL requires a PKI environment.

##
**
**chosen-ciphertext attacks

chosen-ciphertext attacks

In **chosen-ciphertext attacks,** the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

##
**
**Caesar cipher

Caesar cipher

Simple substitution algorithm created by Julius Caesar that shifts alphabetic values three positions during its encryption and decryption processes

**15.** Which of the following best describes how a digital signature is created?

**A.** The sender encrypts a message digest with his private key.

**B.** The sender encrypts a message digest with his public key.

**C.** The receiver encrypts a message digest with his private key.

**D.** The receiver encrypts a message digest with his public key.

CORRECT **A.** A digital signature is a hash value that has been encrypted with the sender’s private key. The act of digital signing means encrypting the message’s hash value with a private key. If Sam wants to ensure that the message he sends to Debbie is not modified and he wants her to be sure it came only from him, he can digitally sign the message. This means that a one-way hashing function would be run on the message, and then Sam would encrypt that hash value with his private key. When Debbie receives the message, she will perform the hashing function on the message and come up with her own hash value. Then she will decrypt the sent hash value (digital signature) with Sam’s public key. She then compares the two values, and if they are the same, she can be sure the message was not altered during transmission. She is also sure the message came from Sam because the value was encrypted with his private key.

WRONG **B** is incorrect because if the sender encrypts the message digest with his public key, the recipient will not be able to decrypt it. The recipient would need access to the sender’s private key, which should never happen. The private key should always be kept secret.

WRONG **C** is incorrect because the receiver should decrypt the message digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

WRONG **D** is incorrect because the receiver should decrypt the message digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

If this is your first time with these issues and you are struggling, don’t worry. I remember when I first started with these concepts, and they turned my brain into a pretzel. Just remember the following points:

###
- An asymmetric algorithm performs encryption and decryption by using public and private keys that are related to each other mathematically.
- A symmetric algorithm performs encryption and decryption by using a shared secret key.
- A symmetric key is used to encrypt and/or decrypt the actual message.
- Public keys are used to encrypt the symmetric key for secure key exchange.
- A secret key is synonymous with a symmetric key.
- An asymmetric key refers to a public or private key.

##
**
**CCM

CCM

Block cipher mode that combines the CTR encryption mode and CBC-MAC. One encryption key is used for both authentication and encryption purposes.

##
**
**Key clustering

Key clustering

Instance when two different keys generate the same ciphertext from the same plaintext

Jack has been told that successful attacks have been taking place and data that have been encrypted by his company’s software systems have leaked to the company’s competitors. Through Jack’s investigation he has discovered that the lack of randomness in the seeding values used by the encryption algorithms in the company’s software uncovered patterns and allowed for successful reverse engineering.

**28.** Which of the following is most likely the item that is the root of the problem when it comes to the necessary randomness explained in the scenario?

**A.** Asymmetric algorithm

**B.** Out-of-band communication compromise

**C.** Number generator

**D.** Symmetric algorithm

CORRECT **C.** A number generator is used to create a stream of random values and must be seeded by an initial value. This piece of software obtains its seeding value from some component within the computer system (time, CPU cycles, etc.). Although a computer system is complex, it is a predictable environment, so if the seeding value is predictable in any way, the resulting values created are not truly random, but pseudorandom. If the values from a number generated illustrate patterns and those patterns are recognizable during cryptographic processes, this weakness could allow an attacker to reverse engineer the algorithm and gain access to confidential data.

WRONG **A** is incorrect because an asymmetric algorithm carries out cryptographic functions through the use of two different key types, public and private. This is also called public key cryptography. Components, as in number generators, can be used with asymmetric algorithms, but they are a class of algorithms and do not necessarily integrate randomness issues.

WRONG **B** is incorrect because out-of-band communication just means that communication data are being sent through a channel that is different from the encrypted data that are traveling. It does not have any direct correlation with randomness issues.

WRONG **D** is incorrect because a symmetric algorithm carries out cryptographic functions through the use of two instances of the same key. Components, as in number generators, can be used with symmetric algorithms, but they are a class of algorithms and do not necessarily cause randomness issues.

##
**
**Secure key distribution

Secure key distribution

The symmetric key must be delivered to its destination through a secure courier.

##
**
**Key

Key

Sequence of bits that are used as instructions that govern the acts of cryptographic functions within an algorithm

##
**
**Linear cryptanalysis

Linear cryptanalysis

Cryptanalysis method that uses the study of affine transformation approximation in encryption processes.

##
**
**Ciphertext-Only Attacks

Ciphertext-Only Attacks

In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the key used in the encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with the same key.

**26.** If Marge uses her private key to create a digital signature on a message she is sending to George, but she does not show or share her private key with George, what is it an example of?

**A.** Key clustering

**B.** Avoiding a birthday attack

**C.** Providing data confidentiality

**D.** Zero-knowledge proof

CORRECT **D.** Zero-knowledge proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a specific key without sharing that key or showing it to anyone. A zero-knowledge proof is an interactive method for one party to prove to another that a (usually mathematical) statement is true without revealing anything sensitive.

WRONG **A** is incorrect because key clustering is an instance when two different keys generate the same ciphertext from the same plaintext. This is caused if there is a logical flaw in an algorithm.

WRONG **B** is incorrect because if the algorithm does produce the same value for two distinctly different messages, this is called a collision. An attacker can attempt to force a collision, which is referred to as a birthday attack. This attack is based on the mathematical birthday paradox that exists in standard statistics. It is a cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory. This is not what is being addressed in the question.

WRONG **C** is incorrect because confidentiality provided through cryptography is usually in place when data are encrypted with a key. If the data are considered bulk data, then a symmetric key is used. Not showing others a private key keeps the private key secret, but this is not necessarily confidentiality.

##
**
**Data Encryption Algorithm (DEA)

Data Encryption Algorithm (DEA)

**Data Encryption Standard (DES)** has had a long and rich history within the computer community. The National Institute of Standards and Technology (NIST) researched the need for the protection of sensitive but unclassified data during the 1960s and initiated a cryptography program in the early 1970s. NIST invited vendors to submit data encryption algorithms to be used as a cryptographic standard. IBM had already been developing encryption algorithms to protect financial transactions. In 1974, IBM’s 128-bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this algorithm to use a key size of 64 bits (with 8 bits used for parity, resulting in an effective key length of 56 bits) instead of the original 128 bits, and named it the **Data Encryption Algorithm (DEA)**. Controversy arose about whether the NSA weakened Lucifer on purpose to enable it to decrypt messages not intended for it, but in the end the modified Lucifer became a national cryptographic standard in 1977 and an American National Standards Institute (ANSI) standard in 1978.

##
**
**Hardware vs. Software Cryptography Systems

Hardware vs. Software Cryptography Systems

Encryption can be done through software or hardware, and there are trade-offs with each. Generally, software is less expensive and provides a slower throughput than hardware mechanisms. Software cryptography methods can be more easily modified and disabled compared to hardware systems, but it depends on the application and the hardware product.

##
**
**Serpent

Serpent

Developed by Ross Anderson, Eli Biham, and Lars Knudsen

##
**
**RSA algorithm

RSA algorithm

De facto asymmetric algorithm used for encryption, digital signatures, and key exchange. Based upon the difficulty of factoring large numbers into their original prime numbers.

**3.** Which of the following incorrectly describes steganography?

**A.** It is a type of security through obscurity.

**B.** Modifying the most significant bit is the most common method used.

**C.** Steganography does not draw attention to itself like encryption does.

**D.** Media files are ideal for steganographic transmission because of their large size.

CORRECT **B.** Steganography is the method of hiding data in another media type so that the very existence of the data is concealed. One of the most common methods of embedding the message into some type of medium is using the least significant bit (LSB)—not the most significant bit. Many types of files have some bits that can be modified and not affect the file they are in, which is where secret data can be hidden without altering the file in a visible manner. In the LSB approach, graphics with a high resolution or an audio file that has many different types of sounds (high bit rate) are the most successful in hiding information within. There is commonly no noticeable distortion, and the file is usually not increased to a size that can be detected. A 24-bit bitmap file will have 8 bits representing each of the three color values, which are red, green, and blue. These 8 bits are within each pixel. If we consider just the blue, there will be 2^{8} different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye.

WRONG **A** is incorrect because steganography is a type of security through obscurity. Security through obscurity means that instead of actually securing something with a countermeasure, someone uses secrecy as the way to protect the asset. An example of security through obscurity is if a network administrator changes his HTTP port from 80 to 8080 with the hopes that no one will figure this out. Security through obscurity means that you are trying to fool the potential attacker and you assume that the attacker will not be clever enough to figure out your trickery.

WRONG **C** is incorrect because it is true that steganography does not draw attention to itself as does encryption. An encrypted message can draw attention because it tells the bad guy that the encrypted information is sensitive (otherwise, it wouldn’t be encrypted in the first place). An attacker may then be motivated to break the encryption and uncover the information. The goal of steganography is that the attacker not even know that the sensitive information exists and thus will not attempt to capture it.

WRONG **D** is incorrect because it is true that larger media files are ideal for steganographic transmission because there are more bits to manipulate with a lower chance that anyone will notice. As a simple example, a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. The larger the file, the more obscurity can be accomplished because there are more bits to work with and manipulate.

##
**
**Pretty Good Privacy

Pretty Good Privacy

Cryptosystem used to integrate public key cryptography with e-mail functionality and data encryption, which was developed by Phil Zimmerman.

##
**
**Chosen-ciphertext attack

Chosen-ciphertext attack

Cryptanalysis attack where the attacker chooses a ciphertext and obtains its decryption under an unknown key.

##
**
**Session keys

Session keys

Symmetric keys that have a short lifespan, thus providing more protection than static keys with longer lifespans.

##
**
**Data Encryption Algorithm (DEA)

Data Encryption Algorithm (DEA)

###
**Data Encryption Standard (DES)** has had a long and rich history within the computer community. The National Institute of Standards and Technology (NIST) researched the need for the protection of sensitive but unclassified data during the 1960s and initiated a cryptography program in the early 1970s. NIST invited vendors to submit data encryption algorithms to be used as a cryptographic standard. IBM had already been developing encryption algorithms to protect financial transactions. In 1974, IBM’s 128-bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this algorithm to use a key size of 64 bits (with 8 bits used for parity, resulting in an effective key length of 56 bits) instead of the original 128 bits, and named it the **Data Encryption Algorithm (DEA)**. Controversy arose about whether the NSA weakened Lucifer on purpose to enable it to decrypt messages not intended for it, but in the end the modified Lucifer became a national cryptographic standard in 1977 and an American National Standards Institute (ANSI) standard in 1978.

##
**
**Algebraic attack

Algebraic attack

Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic structure of mathematical functions.

##
**
**Symmetric algorithm

Symmetric algorithm

Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes.

##
**
**Differential cryptanalysis

Differential cryptanalysis

Cryptanalysis method that uses the study of how differences in an input can affect the resultant difference at the output.

##
**
**Polarization

Polarization

In **quantum cryptography,** photon polarization is commonly used to represent bits (1 or 0). Polarization is the orientation of electromagnetic waves, which is what photons are. Photons are the particles that make up light. The electromagnetic waves have an orientation of horizontal or vertical, or left hand or right hand. Think of a photon as a jellybean. As a jellybean flies through the air, it can be vertical (standing up straight), horizontal (lying on its back), left handed (tilted to the left), or right handed (tilted to the right). (This is just to conceptually get your head around the idea of polarization.)

##
**
**Public key infrastructure (PKI)

Public key infrastructure (PKI)

###
**Public key infrastructure (PKI)** is a different animal. It is not an algorithm, a protocol, or an application—it is an infrastructure based on public key cryptography.

##
**
**Running key cipher

Running key cipher

Substitution cipher that creates keystream values, commonly from agreed-upon text passages, to be used for encryption purposes

##
**
**Methods of Encryption

Methods of Encryption

Although there can be several pieces to an encryption process, the two main pieces are the algorithms and the keys. As stated earlier, algorithms used in computer systems are complex mathematical formulas that dictate the rules of how the plaintext will be turned into ciphertext. A key is a string of random bits that will be used by the algorithm to add to the randomness of the encryption process. For two entities to be able to communicate via encryption, they must use the same algorithm and, many times, the same key. In some encryption technologies, the receiver and the sender use the same key, and in other encryption technologies, they must use different but related keys for encryption and decryption purposes. The following sections explain the differences between these two types of encryption methods.

##
**
**Data Encryption Standard

Data Encryption Standard

Block symmetric algorithm chosen by NIST as an encryption standard in 1976. It uses a 56-bit true key bit size, 64-bit block size, and 16 rounds of computation.

##
**
**The Registration Authority

The Registration Authority

The **registration authority (RA)** performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.

##
**
**Diffie-Hellman algorithm

Diffie-Hellman algorithm

First asymmetric algorithm created and is used to exchange symmetric key values. Based upon logarithms in finite fields.

##
**
**Internet Security Association and Key Management Protocol

Internet Security Association and Key Management Protocol

Used to establish security associates and an authentication framework in Internet connections. Commonly used by IKE for key exchange.

##
**
**HAVAL

HAVAL

**HAVAL** is a variable-length, one-way hash function and is a modification of MD5. It processes message blocks twice the size of those used in MD5; thus, it processes blocks of 1,024 bits. HAVAL can produce hashes from 128 to 256 bits in length.