Cryptography

Question 1

FIPS

Answer 1

Federal information Processing Standard (FIPS)

approves cryptographic for use.

Question 2

A possible key length for the Advanced Encryption Standard Rijndael cipher?

Answer 2

128, 192, or 256 bits

The Rijndael cipher allows users to select a key length of 128, 192, or 256 bits, depending on the specific security requirements of the application.

Question 3

frequency analysis attack

Answer 3

The Caesar cipher

The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.

Question 4

Data Encryption Standard (DES) operating modes

Answer 4

Cipher Block Chaining (CBC)

Electronic Code Book (ECB) –> is not suitable for large amounts of data.

Cipher Feedback (CFB)

Output feedback (OFB) –> prevents early errors from interfering with future encryption/decryption.

Question 5

Which AES finalist makes use of prewhitening and postwhitening techniques?

Answer 5

The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.

Question 6

the only known cryptosystem that is not vulnerable to attacks?

Answer 6

the one-time pad

Question 7

block size is used by the 3DES encryption algorithm

Answer 7

3DES simply repeats the use of the DES algorithm three times. Therefore, it has the same block length as DES: 64 bits.

Question 8

a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present

Answer 8

M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.

Question 9

Symmetric Cryptography

Answer 9

DES / 3DES
Blowfish
Skipjack
Twofish
AES

Uses a Shared Key that needs escrow.

Question 10

Which key should I use?

Answer 10

To encrypt a message = recipients public key
To decrypt a message = your private key

To digitally sign a message = your private key

To verify a digital signature = senders public key

Question 11

Email Security

Answer 11

Confidentiality = encrypt the message

To maintain integrity = hash the message

Email needs authentication, integrity and / or nonrepudiation = digitally sign the message

Email needs the kitchen sink = digitally sign + hash

Question 12

Hashing vs Encryption

Answer 12

Encryption is the process of converting a normal readable message known as plaintext into a garbage message or not readable message known as Ciphertext. The ciphertext obtained from the encryption can easily be transformed into plaintext using the encryption key. Some of the examples of encryption algorithms are RSA, AES, and Blowfish.

Hashing is the process of converting the information into a key using a hash function. The original information cannot be retrieved from the hash key by any means. Generally, the hash keys are stored in the database and they are compared to check whether the original information matches or not.

Question 13

IPSec components

Answer 13

Authentication Header (AH) = assurance of message integrity and nonrepudiation.

Encapsulating Security Payload (ESP) = provides confidentiality and integrity of packet contents.

Question 14

IPSec Modes of Operation

Answer 14

Transport Mode = ony the packet payload is encrypted

Tunnel Mode = the entire packet, including header, is encrypted

Question 15

Digital Signature Standard

Answer 15

Gov / NIST
FIPS 186-4

Federally approved algorithms must use the SHA-3 hashing functions.

DSA
RSA
Elliptic Curve

SHA-2

The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

Question 16

3 Major Public Key Cryptosystems

Answer 16

RSA
El-Gamal
Elliptic Curve

Question 17

Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?

Answer 17

A. RSA
B. Diffie-Hellman
C. 3DES
D. IDEA

The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.

Question 18

Which of the following cipher algorithms uses the longest key?

A. One-time pad cipher
B. Caesar cipher
C. Vigenère cipher
D. Columnar transposition cipher

Answer 18

The one-time pad uses a key that is equal in length to the message. All of the other algorithms use keys that are shorter than the message.

Question 19

Cryptography Groups

Answer 19

Hashing = MD2, 4, 5 || SHA-1, 2…512

Asymmetric =

Symmetric

Block Ciphers

Question 20

Flo and Ricky are sending messages to each other using an asymmetric encryption algorithm. Flo wants to send Ricky a private message. What key should she use to encrypt it?

A. Flo’s public key
B. Flo’s private key
C. Ricky’s public key
D. Ricky’s private key

Answer 20

Flo should encrypt the message with Ricky’s public key.

Question 21

Bob received a message from David that was encrypted with an asymmetric algorithm. What key should he use to decrypt it?

A. Bob’s public key
B. Bob’s private key
C. David’s public key
D. David’s private key

Answer 21

B

The recipient of a message encrypted using asymmetric cryptography decrypts it with their own private key.

Question 22

What type of attack can be used against cryptographic algorithms that do not incorporate temporal protections?

A. Chosen plain-text attack
B. Meet-in-the-middle attack
C. Man-in-the-middle attack
D. Replay attack

Answer 22

D

Question 23

Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message?

A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key

Answer 23

B
Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.

Question 24

Richard wants to digitally sign a message he’s sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?

A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key

Answer 24

B
Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.

Question 25

Cryptography four fundamental goals

Answer 25

1. integrity –> data is not altered
2. confidentiality –> data remains private 1. at rest, 2. in transit, 3. in use
3. non repudiation –>
4. authentication –> verifies the claimed identity

Question 26

If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?

A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key

Answer 26

C
Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her private key.

If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message.

If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key.

Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.

Question 27

The three most common Public Key (PKI) cryptosystems in use today

Answer 27

RSA —> 1024 bits&raquo_space; large prime numbers

Elliptic Curve –> 160 bits

El Gamal –> 1024 bits&raquo_space; diffie hellman&raquo_space; but doubles length of any message it encrypts

Question 28

Common Hashing Algorithms

Answer 28

MD2 = Message Digest X
MD4
MD5

HAVAL (MD5 mod)

SHA = Secure Hash Algo –> 1, 2, 3 –> Gov Standard (NIST)

HMAC

Question 29

Digital Signature vs Message Digest

how it works

Answer 29

Alice and Bob got pairs of key (𝐴𝑝𝑢𝑏, 𝐴𝑝𝑟𝑖𝑣), (𝐵𝑝𝑢𝑏, 𝐵𝑝𝑟𝑖𝑣).

Alice knows 𝐵𝑝𝑢𝑏 and Bob knows 𝐴𝑝𝑢𝑏.

Alice wants to send a message 𝑚 to Bob ⟹ She encrypts it with 𝐵𝑝𝑢𝑏.

Alice wants to prove to Bob that it was she who sent the message ⟹ She signs it with her private key 𝐴𝑝𝑟𝑖𝑣.

Problem: signing and encryption using RSA (standard procedure) is slow. How to speed up the process ?

Alice encrypts the message with a symmetric cipher (AES) using a random generated key 𝐾𝑠𝑦𝑚. Then, encrypt 𝐾𝑠𝑦𝑚 with the 𝐵𝑝𝑢𝑏.

Alice does not sign the message, she signs the message digest. Smaller therefore faster.

Alice hashes the message 𝑚 ⟹ she gets the message digest.

𝐻(𝑚)→𝑀𝐷.

Alice signs 𝑀𝐷 with her private key.

𝐸𝐴𝑝𝑟𝑖𝑣(𝑀𝐷)→𝑆𝑖𝑔.

Alice generates a random key for the symmetric encryption.

𝑟𝑑𝑚()→𝐾𝑠𝑦𝑚

Alice encrypts the message and the signature with a symmetric cypher.

𝐸𝐾𝑠𝑦𝑚(𝑚‖𝑆𝑖𝑔)→𝑐

Alice encrypts the symmetric key with Bob’s public key.

𝐸𝐵𝑝𝑢𝑏(𝐾𝑆𝑦𝑚)→𝐾𝑐𝑖𝑝ℎ𝑒𝑟

Alice sends (𝑐,𝐾𝑐𝑖𝑝ℎ𝑒𝑟) to Bob.

Remark: It is a good practice to have 2 pairs of keys : one for encryption, one for signatures.

Question 30

Four rules of PKI and Digital Signatures

Answer 30

Encrypt a message –> use recipients Public Key

Decrypt a message –> use YOUR Private Key

Digitally Sign a message you’re sending to someone else –> use YOUR Private Key

Verify signature on message sent by someone else –> use senders Public Key

Question 31

Digital Signature Standard (DSS)

Answer 31

NITS sets this standard.

FIPS 186-4, AKA Digital Signature Standard (DSS)

DSS = federally approved

1. DSA
2. RSA
3. Elliptic Curve DSA (ECDSA)

Question 32

Email Security

Answer 32

confidentiality = encrypt the message

integrity = hash the message

confidentiality + integrity + auth + norepudiation = encrypt + digitally sign

Question 33

S/MIME

Answer 33

uses RSA

x.509 for key exchange

Question 34

Link Encryption =

End to end =

Answer 34

link = secure tunnel between two points > encrypts ALL traffic

end to end = protects between two point > SSH

Question 35

E

Question 36

Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoil results throughout the communication?

A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB)

Answer 36

Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption.
Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process.
Electronic Code Book (ECB) operation is not suitable for large amounts of data.

Question 37

Which one of the following algorithms is not supported by the Digital Signature Standard?

A. Digital Signature Algorithm
B. RSA
C. El Gamal DSA
D. Elliptic Curve DSA

Answer 37

The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

Question 38

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?

A. Split knowledge
B. M of N Control
C. Work function
D. Zero-knowledge proof

Answer 38

M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks

Question 39

Which of the following can be used securely even when no preexisting secure form of communication exists between the two parties?

A. AES
B. RSA
C. IDEA
D. RC5

Answer 39

RSA is an example of asymmetric cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating.