EXAM 1

Question 1

What is ciphertext

Answer 1

Message after transforming it with encryption

Question 2

What is Encryption?

Answer 2

Converting plaintext to ciphertext

Question 3

What is Decryption?

Answer 3

Restoring plaintext from ciphertext

Question 4

What is a Cipher?

Answer 4

The algo that can take plaintext and convert it to ciphertext, (it goes both ways)

Question 5

What is Cryptanalysis?

Answer 5

The science of breaking ciphers

Question 6

What is Cryptology?

Answer 6

Cryptography + Cryptanalysis

Question 7

How are encryption algorithms classified?

Answer 7

How do they convert plaintext to ciphertext
How many keys they require
How do they process the plaintext

Question 8

How do substitution ciphers work?

Answer 8

Replacing elements of plaintext, with elements of ciphertext

Question 9

How do Transposition ciphers work?

Answer 9

Shuffle the elements of the plaintext

Question 10

How do Product Ciphers work?

Answer 10

Combine Substitution, and Transposition

Question 11

What is Symmetric Encryption?

Answer 11

Single key used for encryption and decryption

Question 12

What is Asymmetric (public Key) cryptography?

Answer 12

Two-keys, one is used for encryption, the other is used for decryption.

Question 13

Asymmetric (public Key) cryptography is commonly used for…

Answer 13

session key distribution, and digital signatures.

Question 14

What is the difference between a block and stream cipher?

Answer 14

Stream does 1 by 1, block does multiple at a time.

Question 15

What are the security requirements for secure symmetric key cryptography?

Answer 15

1. Strong encryption algorithm,
2. Assumption that attacker knows knows the encryption algorithm
3. Trusted third party, to distribute the key

Question 16

What is Kerckhoff’s Principle?

Answer 16

Everything must remain secure even if the attacker knows everything EXCEPT the secret key.

Question 17

If an attacker finds, a secret message and modifies it what violation is it?

Answer 17

Integrity violation, Data integrity

Question 18

What is Data Integrity?

Answer 18

Assurance that data received is sent by someone trusted.

Question 19

What is origin integrity

Answer 19

The source of the data is trustworthy

Question 20

What is DAD?

Answer 20

Disclosure, Alteration, Destruction

Question 21

What three main aspects of security does ITU-T X.800 consider?

Answer 21

Services
Attacks
Mechanisms

Question 22

What is a Passive attack?

Answer 22

An attack that does not involve the modification of systems or data.

Question 23

What types of passive attacks are there?

Answer 23

Eavesdropping
Traffic Analysis

Question 24

How do we protect against traffic analysis?

Answer 24

Traffic padding

Question 25

Why are passive attacks so difficult to detect?

Answer 25

They don't involve any kind of tampering

Question 26

What are types of active attacks?

Answer 26

Masquerade - Pretending to be someone else Replay - Data transmission gets repeated or delayed Message Modification Denial of Service

Question 27

What is an active attack?

Answer 27

An attack that modifies systems or data

Question 28

What is Traffic padding?

Answer 28

Putting bits into gaps in a data stream to make it difficult to figure out the amount of traffic

Question 29

What are the three main elements of network security?

Answer 29

1. algorithm for security transformation 2. Generate secret keys 3. Distribute and share keys

Question 30

What is the difference between the internet and the Web?

Answer 30

A web is a protocol. The internet refers to the entire infrastructure

Question 31

What is a protocol?

Answer 31

A set of rules that govern communication

Question 32

What is the primary objective of data classification? How does it relate to cryptography?

Answer 32

Securing data based on assigned level of importance and sensitivity it relates because Cryptography is used a defense mechanism for data

Question 33

What is FIPS-140? What does it provide?

Answer 33

set of standards for designing and implementing modules that defend sensitive / classified data

Question 34

For what type of government systems was FIPS-140 compliance designed for?

Answer 34

It was designed for data that is sensitive but unclassified

Question 35

Describe the Top-Secret data category. What type of data does it contain? Give examples.

Answer 35

Nuclear secrets, locations of space satellites

Question 36

Give some examples of FIPS-140 requirements

Answer 36

Finite State model Physical Security Operational Environment

Question 37

What is the difference, between brute force and cryptanalytic attack?

Answer 37

Brute force tries every possible key, Cryptanalytic uses nature of algorithm AND some knowledge of the plaintext

Question 38

what is a chosen-plaintext attack?

Answer 38

Attacker can encrypt any plaintext using the target encryption scheme.

Question 39

What is ciphertext-only attack?

Answer 39

Stat techniques to discover the key or plaintext

Question 40

what is a known-plaintext attack?

Answer 40

Has access to the cipher text and knows some properties of the plaintext

Question 41

Describe the requirements and the basic building blocks of public cryptography

Answer 41

Two keys, public and private. Encrypt with public and use private to decrypt.

Question 42

Is public key cryptography inherently more secure than symmetric key cryptography

Answer 42

No, public key is less efficient

Question 43

What is the difference between the RSA and EC approaches to public key cryptography?

Answer 43

RSA is based on the difficulty of factoring large primes EC is based on Elliptical curves over finite fields

Question 44

What is the Elliptic Curve Discrete Logarithm Problem (ECDLP)?

Answer 44

Find K given P and Q, on a curve where Q = kP

Question 45

How can quantum cryptography theoretically threaten the security of public key schemes such as RSA?

Answer 45

Quantum computers in theory are able to solve RSA fast

Question 46

What is a hash function?

Answer 46

one way function that takes a message and produces a fixed-size output

Question 47

What is a hash function used for?

Answer 47

Used for message integrity, and Digital Signatures

Question 48

What are the security requirements of the hash function?

Answer 48

1. Can work with any sized M 2. Produces fixed length output 3. Easy to compute hc 4. No repeating hash values

Question 49

Describe the basic premise of a Birthday attack and be able to do simple probability calculations.

Answer 49

2^(n/2) give you 50% chance to find a match

Question 50

How can the Birthday Paradox be used to crack hashes?

Answer 50

1. Generate 2^(n/2) random messages 2. Do any two messages produce the same hash? 3. Hash detected 4. If not go back to step 1.

Question 51

What is the difference between a hash function and a MAC?

Answer 51

input is variable sized, One way function that computes the digest BASED ON a Secret Key,

Question 52

Compare and contrast symmetric cryptography and a MAC function.

Answer 52

Symmetric: Length of plaintext varies so does length of cipher text Mac function always gives a digest of the same length, and are non invertible.

Question 53

Why do we (ideally) need both link and end-to-end encryption?

Answer 53

Data is always protected, and our headers are still protected on the link

Question 54

What is symmetric key distribution? Why is it important?

Answer 54

changing keys every time you start a new session, incase the previous was compromised

Question 55

Explain the key hierarchy

Answer 55

Decentralized: each person needs a master key Centralized: Trusted third party only need N mater keys.

Question 56

Why use symmetric master keys to distribute session keys?

Answer 56

It's a good idea to change session keys with every session

Question 57

What are key components of Symmetric Needham-Shroeder Key Distribution protocol

Answer 57

A Asks, KDC Shares, A Forwards, B Responds, A Confirms.

Question 58

Why does KDC echo Alice’s message in step (2)?

Answer 58

So Alice knows the session key is for her session with bob and it also has a Nonce

Question 59

How does the protocol use nonces and time stamps to prevent replay attacks?

Answer 59

if checks if any nonces have been used before

Question 60

Is Alice able to decrypt entire message from the KDC? Explain

Answer 60

No, she can only decrypt the first part that used her master key

Question 61

What are the advantages of using a hierarchy of KDCs?

Answer 61

It reduces the load of any single KDC

Question 62

Assume a key distribution scheme where Bob and Alice both share the symmetric master key MBA. To distribute the session key Alice generates the session key KS encrypts it using MBA and sends the message IDA || E(MBA,KS).

Answer 62

Vulnerable to a replay attack, no nonce or timestamp

Question 63

Why use public key cryptography to distribute session keys? That is, why not just use public key encryption to send bulk data?

Answer 63

Public key cryptography is too slow.

Question 64

Consider the Merkle Simple Key Distribution protocol. Is it secure? If so, explain how so and if not so, explain the flaw.

Answer 64

Not secure, There is no public key authenticity

Question 65

Explain how distribution of symmetric keys using public keys can be combined with the Symmetric Key Needham Shroeder protocol for greater efficiency.

Answer 65

Use secure public to distribute master keys. After master keys are distributed use Needham to distribute session keys, we don't need public until we give out master keys again