Domain 3: Cryptography Attacks and Implementing

Question 1

Algebraic manipulation that attempts to reduce the complexity of the algorithm

Answer 1

Analytic Attack

Question 2

Attack that focus on the exploiting of the software code of cryptography system

Answer 2

Implementation Attack

Question 3

Attack that attempts to find the vulnerability in the hardware or OS hosting the cryptography application

Answer 3

Statistical Attack

Question 4

Attack that involves massive processing power to methodically guess the key used to secure cryptographic communications

Answer 4

Brute-Force Attack

Question 5

Attacker has a copy of the message in both encrypted and plaintext format from here he can derive the key that was used

Answer 5

Known Plaintext Attack

Question 6

Attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm

Answer 6

Chosen Plaintext Attack

Question 7

• Cryptanalyst has the ability to decrypt chosen portions of ciphertext message and use the decrypted portion of the message to discover the key
• Mirrors plaintext attacks
• Usually used against asymmetric cryptosystems

Answer 7

Chosen Ciphertext Attacks

Question 8

Attacker seeks to substitute in a digitally signed communication with a different message that produces the same message digest, thereby maintaining the validity of the original digital signature

Answer 8

Birthday attack

Question 9

Cryptanalyst knows something about the key and uses this knowledge to attack

Answer 9

Known Key Attack

Question 10

Seeks to find the difference between related plaintexts that are encrypted

Answer 10

Differential Cryptanalysis

Question 11

• Cryptanalyst finds a large amount of plaintext/ciphertext pairs created with the same key
• The pairs are studied to derive information about the key used to create them

Answer 11

Linear Cryptanalysis

Question 12

• Uses physical data to break a cryptosystem

- i.e. monitoring CPU cycles or power consumption used while encrypting and decrypting

Answer 12

Side-Channel Attacks

Question 13

• Authenticates identity of the signer and proof of document’s integrity
• Provides nonrepudiation

Answer 13

Digital Signatures

Question 14

Public key signed with a digital signature

Answer 14

Digital Certificate

Question 15

Organization registration authority that authenticates the identity of a certificate holder before issuing a certificate to them

Answer 15

Certificate Authorities (CAs)

Question 16

When obtaining a digital certificate you must first prove your identity to the CA. This process is called…

Answer 16

Enrollment

Question 17

List of revoked certificates

Answer 17

Certificate Revocation Lists (CRL)

Question 18

Replacements for Certificate Revocation Lists (CRL) and uses client-server design that scales better

Answer 18

Online Certificate Status Protocol (OCSP)

Question 19

• Software that uses encryption to enforce copyright restrictions on digital media
• i.e. Music, movies, e-book, video games, and documents

Answer 19

Digital Rights Management (DRM)

Question 20

• IPSec protocol
• Acts as a digital signature for data
• Protects against replay attacks
• Provides no confidentiality

Answer 20

Authentication Header (AH)

Question 21

• IPSec protocol

- Encrypted packet data

Answer 21

Encapsulating Security Payload (ESP)

Question 22

• IPSec protocol

- One-way connection used to negotiate ESP or AH parameters

Answer 22

Security Association (SA)

Question 23

• IPSec protocol

- Manages the SA creation process

Answer 23

Internet Security Association and Key Management Protocol (ISAKMP)

Question 24

• IPSec protocol

- Encrypts the entire packet, including original packet headers

Answer 24

ESP Tunnel Mode

Question 25

- IPSec protocol | - Only encrypts the data, not the original headers

Answer 25

ESP Transport Mode

Question 26

- IPSec protocol - Negotiates the algorithm selection process - Both sides of the IPSec tunnel will typically use IKE to negotiate the highest and fastest level of security (i.e. selecting AES over single DES)

Answer 26

IKE

Question 27

- Asymmetric encryption - Used to encrypt emails, documents, or disk drives - Used web of trust model to authenticate digital certificates instead of a central CA

Answer 27

Pretty Good Privacy (PGP)

Question 28

- Asymmetric encryption | - Leverages PKI to encrypt and authenticate MIME-encoded email

Answer 28

S/MIME (Secure MIME)

Question 29

- Third-party organization holds copy of public/private key pair - Failsafe that allows access to sensitive data when the need arises

Answer 29

Escrowed Encryption

Question 30

- The examination of repetition of characters in a given encrypted message - Repeating patterns may indicate the type of cipher being used i.e. substitution or transposition

Answer 30

Frequency analysis

Question 31

Exploits cryptographic protocols that use two rounds of encryption

Answer 31

Meet-in-the-middle attack

Question 32

Procedure to digitally sign a message

Answer 32

1. Use a hash function to generate a message digest | Then encrypt the digest with your private key

Question 33

Procedure to verify the digital signature on a message

Answer 33

1. Decrypt the signature with the sender’s public key and then compare the message digest to the one you generate yourself 2. If they match the message is authentic

Question 34

- NIST standard created to specify the digital signature algorithms acceptable for Federal Gov use - Requires that SHA-3 hashing function be used for all digital signatures - Allowed encryption algorithms include: 1. Digital Signature Algorithm (DSA) 2. Rivest, Shamir, Adleman (RSA) 3. Elliptic Curve DSA (ECDSA)

Answer 34

Digital Signature Standard (DSS)