Cryptography Flashcards

Question

What are the two basic elements of a cryptosystem?

Answer 1

- Cryptographic algorithm | - Cryptovariable

Answer 2

Clustering occurs when identical ciphertetx messages are generated form a plaintext message by using the same encryption algorithm but different encryption keys

Answer 3

reduces the number of key combinations that must be attempted in a brute force attack due to a weakness in the cryptographic algorithm

Answer 4

block and stream

Answer 5

- Re-usable keys: Key management is easier | - Interoperability: More widely supported

Answer 6

- Re-usable keys | - Interoperability

Answer 7

They operate in real time on a continuous stream of data, typically bit by bit. using a stream cipher, the same plaintext bit or byte will produce a different ciphertext bit or byte every time it is encrypted.

Answer 8

They operate in real time on a continuous stream of data, typically bit by bit

Answer 9

faster than block ciphers | require less code to implement

Answer 10

Key management as keys in a stream cipher are generally only used once.

Answer 11

Impractical for longer messages as it contains a pad the same length as the message that it is applied to.

Answer 12

substitution and transposition

Answer 13

Substitution and permutation

Answer 14

Replaces bits, characters or character blocks in plaintext with alternate bits, characters or character blocks to produce ciphertext

Answer 15

A single alphabet used to encrypt a message

Answer 16

different alphabet used to encrypt each bit, character or character block

Answer 17

S-boxes (Substitution boxes) employed in DES

Answer 18

non-Linear

Answer 19

rearranges bits characters or character blocks in a plaintext message to produce ciphertext

Answer 20

Words and phrases to communicate a secret message

Answer 21

the key is page 13 of a book and text on that page is added modulo 26 to perform the encryption/decryption

Answer 22

``` Example plaintext = EMI numeric value = 5 13 9 substitution value + 3 modulo 26 result = 8 16 12 ciphertext = HPL ```

Answer 23

A one time pad

Answer 24

Steganography

Answer 25

The art of hiding a message

Answer 26

Uses a single key to both and encrypt and decrypt information

Answer 27

- Distribution: Secure distribution of keys is required - Scalability: Different key required for each pair of communicating parties - Limited functionality: can't provide authentication or non-repudiation

Answer 28

- Speed: Faster than asymmetric systems - Strength: Strength is gained when used with a large key (128 bit, 256 bit or larger) - Availability: There are many algorithms available for organisations to use.

Answer 29

- Data Encryption Standard (DES) - Triple DES (3DES) - Advanced Encryption Standards (AES) - International Data Encryption Algorithm (IDEA) - Rivest Cipher 5 (RC5)

Answer 30

64 bit block cipher based on a 56 bit symmetric key (56 key bits plus 8 parity bits or 8 bytes with each byte containing 7 key bits and 1 parity bit)

Answer 31

1. Original message is divided into 64 bit blocks 2. Operating on a single block at a time, each 64-bit plain-text block is split into 2 32-bit blocks. 3. Under control of the 56-bit symmetric key, 16 rounds of transpositions and substitutions are performed on each individual character to produce the resulting ciphertext output

Answer 32

To detect errors in a bit pattern

Answer 33

- Electronic Code Book - Cipher Block Chaining - Cipher Feedback - Output Feedback

Answer 34

Electronic Code Book and Cipher Block Chaining

Answer 35

- Native operational mode in DES - Normally produces the highest throughput? - Best used for encrypting keys or small amounts of data - Operates on 64-bit blocks of plaintext independently to produce 64-bit blocks of ciphertext

Answer 36

The same plaintext, encrypted with the same key always produces the same ciphertext. Susceptible to Chosen Text attacks (CTA) as certain patterns may be revealed.

Answer 37

- Most common mode of DES operation - Operates on 64-bit blocks of plaintext to produce 64 bit blocks of ciphertext - Each block is XORed with the ciphertext of the preceeding block to create a dependency, or chain, therefore producing a more random ciphertext result. - first block is encrypted with a random block known as an Initialisation Vector (IV)

Answer 38

Errors propagate, however problem is only limited to block in which the problem occurs and the block that immediately follows after which the encryption re-synchronises.

Answer 39

a binary option applied to two input bits, ie: - if two bits are equal result is 0 - if two bits are odd result is 1

Answer 40

- is a stream cipher - most often used to encrypt individual characters - previously generated ciphertext is used as feedback for key generation in the next keystream - resulting ciphertext is chained together

Answer 41

errors are multiplied throughout the encryption process

Answer 42

- is a stream cipher - often used to encrypt satellite communications - previous plaintext is used as feedback for key generation in the next keystream - resulting ciphertext is not chained together

Answer 43

Ciphertext isn't chained together so errors don't spread throughout the encryption process.

Answer 44

triple DES encrypts a message using 3 separate encryption keys. key 1, then key 2 then either the first key again or a new third key.

Answer 45

DES-EEE2 (Encrypt-Encrypt-Encrypt) 1st key, 2nd key, 1st key DES-EDE2 (Encrypt-Decrypt-Encrypt) 1st key, 2nd key, 1st key DES-EEE3 (Encrypt-Encrypt-Encrypt) 1st key, 2nd key, 3rd key DES-EDE3 (Encrypt-Decrypt-Encrypt) 1st key, 2nd key, 3rd key

Answer 46

Double DES

Answer 47

- performance cost so doesn't work with many applications that require high speed throughput for high volumes of data - brute force attack can reduce the key size to 108 bits

Answer 48

AES (192 or 256 bit)

Answer 49

128, 192, 256

Answer 50

Side Channel Attack

Answer 51

cache timing

Answer 52

System in which it is implemented

Answer 53

RC2, 4, 5, 6

Answer 54

- Blowfish operates on 64 bit blocks, employs 16 rounds and uses variable key lengths of up to 448 bits. - Twofish, a finalist in the AES selection process is a symmetric block cipher that operates on 128-bit blocks, employing 16 rounds with variable key lengths up to 256 bits

Answer 55

Blowfish and Twofish

Answer 56

- is a block cipher - operates on 64-bit plaintext blocks by using a 128 bit key - performs 8 rounds on 16 bit sub blocks and can operate in 4 distinct modes similar to DES. - Uses stronger encryption than RC4 and Triple DES.

Answer 57

Because it is patented although is used by PGP

Answer 58

IDEA Blowfish Twofish

Answer 59

Uses a private and public key pair. one key to encrypt and one key to decrypt

Answer 60

1. The sender (Thomas) encrypts the plaintext message with the intended recipient's (Richard) public key. 2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard) 3. The recipient (Richard) then decrypts the message with his private key, known only to him.

Answer 61

secure message

Answer 62

1. The sender (thomas) encrypts the plaintext message with his own private key. 2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard) 3. To verify that the message is from the purported sender (Thomas), the recipient (Richard) applies the senders (Thomas) public key

Answer 63

Open message format

Answer 64

the secure and signed message format

Answer 65

1. the sender (thomas) encrypts the message first with the intended recipients (Richard) public key and then with his own private key. 2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard). 3. the recipient (Richard) uses the senders (thomas) public key to verify the authenticity of the message and then uses his own private key to decrypt the message

Answer 66

A problem that you can easily compute in one direction but not the reverse.

Answer 67

A trapdoor (private key)

Answer 68

key management and digital signatures

Answer 69

asymmetric system used to securely distribute the secret keys of a symmetric key system that's used to encrypt the data.

Answer 70

Lower speed. Because of the types of algorithms that are used to create the one way hash function, large keys are required

Answer 71

- Extended functionality: can provide confidentiality and authenticity whereas symmetric can only provide confidentiality. - Scalability: do not require secret key exchanges with all communicating parties like symmetric does. resolves key management issues.

Answer 72

``` RSA Diffie-Hellman El Gamal Merkle-Hellman (Trapdoor) Knapsack Elliptic Curve ```

Answer 73

1. Thomas creates a symmetric key, encrypts it with Richards public key and then transmits it to Richard. 2. Richard decrypts the symmetric key by using his own private key.

Answer 74

Factoring prime numbers

Answer 75

Diffie-Hellman

Answer 76

1. Thomas and Richard obtain each other's public keys. 2. Thomas and Richard then combine their own private keys with the public key of the other person, producing a symmetric key that only the two users involved in the exchange know.

Answer 77

Diffie-Hellman

Answer 78

harold (attacker) intercepts the public keys during the initial exchange and substitutes his own private key to create a session key that can decrypt the session

Answer 79

Merkle-Hellman (Trapdoor) Knapsack

Answer 80

More efficient than other asymmetric key systems and many symmetric key systems as it uses smaller keys.

Answer 81

Wireless devices and Smart cards

Answer 82

- The message hasn't been altered. - The message isn't a replay of a previous message - The message was sent from the origin stated - the message is sent to the intended recipient

Answer 83

Message authentication

Answer 84

Message authentication

Answer 85

Federal Information Processing Standard

Answer 86

- RSA Digital Signature Algorithm | - Digital Signature Algorithm (DSA) - based on El Gamal

Answer 87

1. Sender encrypts message with his private key. | 2. The sender's public key then decrypts the message, authenticating the originator of the message.

Answer 88

open message format in asymmetric key systems

Answer 89

1. Message is encrypted with the recipient's public key. 2. A representation of the encrypted message is then encrypted with the sender private key to produce a digital signature. 3. The recipient decrypts this representation using the sender's public key and then independently calculates the expected results of the decrypted representation by using the same, known, one-way hashing algorithm. 4. If the results are the same, the integrity of the original message is assured.

Answer 90

- The original message can't be re-created by the message digest - Finding a message that produces a particular digest shouldn't be computationally feasible. - No two messages should produce the same message digest - The message digest should be calculated by using the entire contents of the original message

Answer 91

A Collision

Answer 92

Using a one-way hash function

Answer 93

A digest algorithm

Answer 94

MD5 SHA-1 HMAC

Answer 95

that the same key can't encrypt and decrypt a message in an asymmetric key system

Answer 96

Confidentiality

Answer 97

A trapdoor

Answer 98

integrity and authentication

Answer 99

one way hashing algorithms

Answer 100

MD2 MD4 MD5 MD6

Answer 101

- Slow | - highly susceptible to collisions

Answer 102

Susceptible to collision attacks

Answer 103

- susceptible to collisions | - considered "cryptographically" broken by the US Department of Homeland Security

Answer 104

SHA-1 SHA-2 SHA-3

Answer 105

Hashed Message Authentication Code (or checksum)

Answer 106

Extends the security of the MD5 and SHA-1 algorithms through a concept of key digest by incorporating a previously shared secret key and original message into a single message digest.

Answer 107

If an attacker intercepts a message, modifies its contents and calculates a new message digest, the result won't match the receivers hash calculation because the modified messages hash doesn't contain the secret key.

Answer 108

a central authority that stores encryption keys or certificates associated with users and systems

Answer 109

An electronic document that uses the public key of an organisation or individual to establish identity and a digital signature to establish authenticity.

Answer 110

- confidentiality - integrity - authentication - non-repudiation - access control

Answer 111

certificate authority registration authority repository archive

Answer 112

- comprises hardware, software and personnel administering the PKI - issues certificates - maintains and publishes status information and Certificate Revocation Lists (CRL's) - Maintains Archives

Answer 113

- registration authority also comprises of hardware, software and personnel administering the PKI. - responsible for verifying certificate contents for the CA

Answer 114

A system that accepts certificates and CRL's from a CA and distributes them to authorised parties.

Answer 115

offers long term storage of archived information from the CA

Answer 116

- Key generation - Key distribution - Key installation - Key storage - Key change - Key control - Key disposal

Answer 117

To safeguard keys

Answer 118

- keys must be generate randomly on a secure system - generation sequence shouldn't provide potential clues regarding the contents of the keyspace - generated keys shouldn't be displayed in the clear

Answer 119

must be distributed securely, ie using something like an asymmetric system to securely distribute the keys

Answer 120

manual process that should ensure the key isn't compromised during installation, incorrectly entered or too difficult to be used readily.

Answer 121

- stored on encrypted media | - stored on an application with safeguards that prevent keys from being extracted.

Answer 122

Keys used frequently are more likely to be compromised through interception and statistical analysis.

Answer 123

Addresses the proper use of keys. different keys have different functions and may only be approved for certain levels of classification.

Answer 124

To ensure keys are securely disposed, erased, etc.

Answer 125

the purpose is to divide a key into two parts and place those two parts into escrow with two separate trusted organisations

Answer 126

Via a court order by law enforcement officials

Answer 127

Secure Multi-purpose Internet Mail Extensions (S/MIME) MIME Object Security Services (MOSS) Privacy Enhanced Mail (PEM) Pretty Good Privacy (PGP)

Answer 128

- secure method of sending email incorporated into browsers and email applications. - provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures and X.509 digital certificates - complies with the Public Key Cryptography Standard (PKCS) #7 - has been proposed as a standard to the Internet Engineering Task Force (IETF)

Answer 129

- provides confidentiality, integrity, identification, authentication and non-repudiation by using MD2 or MD5, RSA asymmetric keys and DES - has never been widely implemented

Answer 130

- proposed as a PKCS-compliant standard by the IETF, but never widely implemented or used. - provides confidentiality and authentication by using 3DES for encryption, MD2, or MD5 message digests, X/509 certificates and the RSA asymmetric system for digital signatures and secure key distribution.

Answer 131

- Email encryption application - provides confidentiality and authentication using the IDEA cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution. - Instead of a CA it uses a Trust Model in which the communicating parties implicitly trust each other - ideally suited to smaller groups

Answer 132

- Freeware version from PGP International (free for individuals, not organisations) - commercial version from symantec - Open source version called GPG

Answer 133

``` SSL/TLS S-HTTP SSH IPSec MPLS WTLS ```

Answer 134

- provides session based encryption and authentication for secure communications between clients and servers on the internet. - operates at transport layer - Uses the RSA asymmetric key system - IDEA, DES and 3DES symmetric key systems - Uses the MD5 hash function

Answer 135

- developed by Mastercard and VISA to provide secure e-commerce transactions - utilises dual signatures by allowing 2 pieces of data to be linked and sent to 2 different entities - not widely used

Answer 136

- Confidentiality using DES - Integrity using digital signatures and the RSA asymmetric system - Cardholder authentication using digital signatures and X.509 digital certificates - Merchant authentication using digital signatures and X.509 digital certificates - Interoperability between different hardware and software manufacturers

Answer 137

- provides a method for secure communications with a web server - connectionless oriented protocol that encapsulates data after security properties for the session have been successfully negotiated - uses symmetric encryption for confidentiality - message digests for integrity - public key encryption for client-server authentication and non-repudiation - instead of encrypting an entire session as in SSL, S-HTTP can be applied to individual web documents

Answer 138

- An IETF open standard for secure communications over public IP networks such as the internet. - Ensures confidentiality, integrity and authentication by using Network layer encryption and authentication to provide an end to end solution

Answer 139

Transport Mode: Only the data is encrypted | Tunnel Mode: Entire packet is encrypted

Answer 140

- Authentication Header (AH): Provides integrity, authentication and non-repudiation - Encapsulating Security Payload (ESP): provides confidentiality (encryption) and limited authentication

Answer 141

A security Association (SA)

Answer 142

- A one-way connection between two communicating parties. - Two SAs are required for each pair of communicating hosts - Each SA can only support a single protocol (AH or ESP). If AH and ESP are used between a pair of communicating hosts, 4 SA's are required.

Answer 143

- Security Parameter Index (SPI): a 32-bit string used by the receiving station to differentiate between SA's terminating on that station. SPI is located within the AH or ESP header. - Destination IP Address: end station, intermediate gateway, firewall, but must be a unicast address. - Security Protocol ID: Either an AH or ESP association

Answer 144

Internet Key Exchange (IKE)

Answer 145

- The Internet Security Association and Key Management Protocol (ISAKMP) - The Secure Key Exchange Mechanism (SKEME) - The Oakley Key Determination Protocol

Answer 146

- Main Mode - Aggressive Mode - Quick Mode

Answer 147

- A fast method for forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in a packet. - Is protocol independent and highly scalable. - Provides Quality of Service (QOS) with multiple classes of Service (COS) - Provides Secure Layer 3 VPN tunneling

Answer 148

- used for secure remote access as an alternative to Telnet - can be used to provide confidentiality, integrity and authentication - establishes an encrypted tunnel between the SSH client and SSH server and can also authenticate the client to the server

Answer 149

-provides security services for the Wireless Application Protocol (WAP) commonly used for internet connectivity by mobile devices.

Answer 150

Class 1: Anonymous authentication Class 2: Server Authentication Only Class 3: Client-Server Authentication: Additional Security is provided in WAP using Service Set Identifiers (SSID) and Wired Equivalent Privacy Keys (WEP). A significant improvement in Wireless Security incorporates the Extensible Authentication Protocol (EAP) which uses RADIUS for authentication

Answer 151

Only when other security protocols are unavailable

Answer 152

- Analytic Attacks - Brute force Attacks - implementation Attacks - Statistical Attacks

Answer 153

- Analytic Attacks

Answer 154

- Brute force Attacks (is very time intensive!)

Answer 155

- implementation Attacks

Answer 156

- Statistical Attacks

Answer 157

A precomputed table used to reverse cryptographic hash functions in a specific algorithm

Answer 158

Ophcrack | Rainbowcrack

Answer 159

- attempts to exploit the probability of two messages producing the same message digest by producing the same hash function. - is based on statistical probability (greater than 50%)

Answer 160

Work Factor

Answer 161

based on an observation that processing power doubles every 18 months.

Answer 162

- Requires someone to obtain the ciphertext of several messages, all encrypted by using the same encryption algorithm. Attempt is then made to decrypt the data by searching for repeating patterns and using statistical analysis. - requires a large sample of ciphertext and is generally difficult

Answer 163

Someone obtains a sample of plaintext and the corresponding ciphertext.

Answer 164

- Chosen Plaintext Attack (CPA): chooses plaintext to be encrypted and the corresponding ciphertext is obtained. - Adaptive Chosen Plaintext Attack (ACPA): choose plaintext to be encrypted, then based on the resulting ciphertext, chooses another example to be encrypted - Chosen Ciphertext Attack (CCA): chooses ciphertext t be decrypted and the corresponding plaintext is obtained - Adaptive Chosen Ciphertext Attack (ACCA): choose ciphertext to be decrypted then based on the ciphertext, chooses another sample to be decrypted.

Answer 165

Attacker obtains the ciphertext and corresponding plaintext of several past messages, which he or she uses to decipher new messages

Answer 166

involves an attacker intercepting messages between two parties on a network and potentially modifying the original.

Answer 167

- attacker encrypts known plaintext with each possible key on one end, decrypting the corresponding ciphertext with each possible key, and then comparing the results in the middle. - commonly considered a brute force attack but can be considered an analytical attack due to the differential analysis involved

Answer 168

occurs when a session key is intercepted and used against a later encrypted session between two parties

Answer 169

incorporating a timestamp in the session key

Answer 170

- using physics instead of maths - more concerned with secure key distribution - has two unique channels, one for transmission of quantum key material via single photon light pulses and another carries the message traffic inlcuding cryptographic protocols and encrypted user traffic. - laws of quantum physics define that once a photon has been observed, it's state is changed meaning eavesdropping can easily be identified. - still theoretical

Answer 171

Strong, Weakened, Compromised

Answer 172

Acceptable: safe to use, no security risk known Deprecated: allowed, but user must accept some risk Restricted: additional restrictions required Legacy-Use: may only be used to process already protected information.

Answer 173

Similar to transposition and permutation

Answer 174

a minor change in the key or plaintext can have a significant change in the resulting ciphertext.

Answer 175

- used in cases where the use of encryption is not necessary, but yet the fact that no encryption is needed must be configured in order for the system to work. - used during testing/debugging or when low security is required.

Answer 176

include plaintext without ciphertext

Answer 177

- used during second world war - sender and receiver agree on keyword - table constructed were the word is hidden

Answer 178

message is written and read in two or more lines. simple version.

Answer 179

Keyword re-arrange within a rectangle

Answer 180

the key is repeated for the same length as the plaintext input

Answer 181

provides blockwide transposition of the input data by shifting rows of data.

Answer 182

performed by multiplying and XORing each byte in a column together

Answer 183

- can use keys between 40 and 128 bit length and will do between 12 and 16 rounds of operation. - is a feistal type block cipher with 64-bit blocks

Answer 184

- submitted as an unsuccessful candidate for the new AES algorithm. - operates on 128 bit blocks with keys of 128, 192, 160, 224, 256 bits. - performs 48 rounds

Answer 185

- patent free - work on either 64bit or 128bit input blocks - used in Bluetooth

Answer 186

- combines variable length output with a variable number of rounds of operation on 1024 input blocks. - output may be 128, 160, 192, 224 or 256 bits and number of rounds may vary from 3 to 5.

Answer 187

-developed in response to vulnerabilities found in MD4 and MD5

Answer 188

XML Key Management Specification 2.0 (XKMS)

Answer 189

- XML Key Information Service Specification (X-KISS): describes a syntax that allows a client to delegate part or all of the tasks required to process an XML signature - XML Key Registration Service Specification (X-KRSS): describes a protocol for registration of public key information

Answer 190

- handling of complex syntax, e.g. X.509v3 - retrieval of information from directory - Revocation status verification - Construction and processing of trust chains.

Answer 191

A digital certificate

Answer 192

addresses the needs of financial organisations to transmit securities and funds securely using an electronic medium. describes the means ensure the secrecy of keys. relies on hierarchy of keys

Answer 193

Requires two or more persons to come together and collude to complete a process.

Answer 194

What two people must bring and join together when implementing dual control.

Answer 195

An international standard for random number generation in key management systems.

Answer 196

- a side channel attack

Answer 197

- plain-text attack

Answer 198

rely on their success of block ciphers a high degree of mathematical structure.

Answer 199

useful when attacking a substitution cipher where the statistics of the plain-text language are known, ie allowing an attacker to assume an E might be an S

Answer 200

- Side channel analysis - Fault Analysis - Probing Attacks

Answer 201

A directory service

Cryptography Flashcards

(258 cards)