Cryptography

Question 1

Cryptography

Answer 1

The science of hiding information in order to conceal it from unauthorised parties.

Question 2

Plaintext

Answer 2

An original message

Question 3

Ciphertext

Answer 3

A message that has been transformed by the process of encryption.

Question 4

Encryption/encipherment

Answer 4

The process of transforming plaintext into ciphertext. The process of encryption requires the use of a key.

Question 5

Decryption

Answer 5

The process of transforming ciphertext back into plaintext.

Question 6

Encryption Key

Answer 6

The sender and recipient must have an encryption key.

Question 7

Methods of Encryption

Answer 7

These are the ways in which plaintext is transformed into ciphertext

Question 8

Types of Encryption

Answer 8

The two main types of encryption are streams ciphers and block ciphers

Question 9

Types of encryption keys

Answer 9

The two types of keys are symmetric and asymmetric

Question 10

Methods of Encryption

Answer 10

There are several ways in which plaintext can be transformed into ciphertext:

• Substitution
• Transposition
• Monoalphabetic
• Polyalphabetic
• Running-key
• One-time pads

Question 11

Substitution cipher

Answer 11

A substitution cipher employs some scheme of character substitution.

Question 12

Transposition cipher

Answer 12

a.k.a permutation cipher is one in which the character in a plaintext message are rearranged or transposed to form the ciphertext.

Question 13

Monoalphabetic cipher

Answer 13

A type of substitution cipher where one alphabetic character is substituted for another

Question 14

Polyalphabetic cipher

Answer 14

This cipher uses two or more substitution alphabets to encipher plaintext.

Question 15

Running Key Cipher

Answer 15

A practical application on how a substitution cipher is applied to typical messages that are usually many times longer than an encryption key.

It utilises modular mathematics, where alphabetic characters are converted to numeric values.

Question 16

Block Cipher

Answer 16

A block cipher is used to encrypt and decrypt a block of data such as a message, document or data file. A typical block size is 128 bits. Typical use of block ciphers include:

• File encryption
• Web browser communication sessions (HTTPS)
• SSH (Secure Shel)
• VPN (Virtual Private Network)

Most common block cipher algorithms are:
- AES: Advanced encryption Standard
- DES: Data Encription Standard
- 3DES: Triple DES
- CAST
- Blowfish
- Serpent

Question 17

Bloch Cipher Modes of Operation

Answer 17

These modes have to do with the way plaintext blocks are brought into the cipher and encrypted:
- Electronic codebook ECB
- Cipher-block chaining (CBC)
- Cipher feedback (CFB)
- Output feedback (OFB)
- Counter (CTR)

Question 18

Initialisation Vector

Answer 18

An initialisation vector is a starting block of information than is required for several block cipher modes.
The IV is used as part of the input data needed to encrypt the first block in the plaintext message. It must be random.

Question 19

Stream Cipher

Answer 19

An encryption algorithm that operates on a continuous stream of information, such as a video or audio communications channel

Question 20

Symmetric Key cryptography

Answer 20

Symmetric cryptography implies that both parties must have possession of the same encryption key in order to be able to send encrypted messages to each other.

Well-known encryption algorithm that use symmetric keys:

• DES
• 3DES
• AES
• blowfish
• IDEA
• RC5

Question 21

Asymmetric Key Criptography

Answer 21

In asymmetric key cryptography, each user has two keys: a public key and a private key. These keys are mathematically related to each other. The advantage of public key cryptography is that a user’s public key can be distributed to a wide audience, and yet there is no way for any third party to derive or calculate a user’s private key when they know the value of that user’s public key. A user must, however, protect the private key with the same rigor that would be used to protect a symmetric key.

Question 22

Diffie-Hellman Key Exchange Protocol

Answer 22

The Diffie-Hellman (D-H) key exchange protocol is a means for two parties with no prior knowledge of each other to securely establish a symmetric (shared secret) encryption key.

The strength of the Diffie-Hellman protocol lies in the difficulty of computing the shared secret key ‘S’ without knowing either of the private keys (‘a’ or ‘b’). The security of the protocol relies on the discrete logarithm problem, which is considered computationally infeasible for large prime numbers ‘p’ and appropriate choices of ‘g’.

Question 23

Cryptanalysis

Answer 23

The study of deciphering an encrypted message without access to the encryption key.

Question 24

Methods used in Cryptanalysis

Answer 24

• Frequency Analysis
• Birthday Attacks
• Ciphertext-only attack
• Chosen plaintext attack
• Chosen ciphertext attack
• Known plaintext attack
• Man in the middle attack
• Replay attack
• Rubber hose attack
• Social Engineering

Question 25

Frequency Analysis

Answer 25

The study of the frequency of occurrence of characters in a message
ciphertext.

Question 26

Birthday Attacks

Answer 26

The birthday paradox states that in a group of twenty-three or more randomly chosen peo-
ple, there is a 50 percent probability that two of the people share the same birthday. This
paradox leads to the birthday attack on a hashing (message digest) algorithm, where the
attacker attempts to find messages that result in the same hash value. When two messages
are found to compute the same hash value, this is known as a collision.

Question 27

COA

Answer 27

A ciphertext-only attack (COA) is a cryptanalysis where the attacker has only ciphertext to work with.
A COA attack can be successful by using frequency analysis and other means to either deduce the encryption key or the plaintext itself.

Question 28

Chosen Ciphertext attack

Answer 28

An attacker in a chosen ciphertext attack (CCA) can choose ciphertext, have it decrypted, and obtain the plaintext. This is a trial-and-error attack that requires many decryption operations before the attacker can begin to deduce the key and/or the decryption algorithm.

Question 29

Known Plaintext Attack

Answer 29

An attacker who possesses both plaintext and corresponding ciphertext messages can analyze
both in order to obtain the encryption key. This will enable the attacker to be able to decrypt
all encrypted messages.

Question 30

Man in the Middle Attack

Answer 30

A man-in-the-middle attack (MITM) is a cryptanalysis attack where the attacker is able to read, insert, and modify communications between two parties without those parties’ knowledge or awareness. MITM can be effective against public key cryptography and Diffie-Hellman (D-H) key exchange

Question 31

Replay attack

Answer 31

In a replay attack, the attacker intercepts and records network transmissions for the purpose of
replaying or repeating the transmissions at a later time.

An eavesdropper who records a Telnet (a point-to-point command line interface) or FTP (File Transfer Protocol, a TCP/IP protocol used to copy files from one system to another) login sequence can use the intercepted user id and password pair at a later time in an attempt to masquerade as the original party.

Question 32

Rubber Hose attack

Answer 32

A Rubber Hose attack is a term used to describe a method of coercion or torture used to extract sensitive information, such as cryptographic keys or passwords, from a person. In this context, the term “rubber hose” refers metaphorically to a physical beating or torture with a rubber hose or other means of physical force.

Question 33

Social Engineering Attack

Answer 33

This attack technique is mentioned here to remind readers that the owner or custodian of a private key or symmetric key can be tricked into unknowingly revealing the key or its password to an adversary.