Network Security Flashcards
(103 cards)
1
Q
what is meant by message integrity
A
sender and receiver want to ensure a message has not altered or been tampered with in transit or afterwards without detection
2
Q
what is included in a passive attack
A
eavesdropping or intercepting messages
3
Q
what is involved in an active attack
A
actively inserting messages into a connection
which is not easy
4
Q
what is involved in an impersonation attack
A
spoof source address of packet
5
Q
what is involved in hijacking attack
A
attacker inserting themselves in the middle, both sender and receiver still think they are talking to each other
6
Q
what is plain text
A
original data
7
Q
what is encrypted version of plain text called
A
ciphertext
8
Q
encryption function
A
E(P) = C
9
Q
decryption function
A
D(C) = P
10
Q
for the cryptosystem to function, what must hold
A
D(E(P)) = P
ie must be able to reproduce the plaintext
11
Q
does the lenght of the key determine its security
A
no its algorithm is also a key factor
12
Q
what is the key space
A
all the possible values the key can take
13
Q
encyrption function with key
A
E_k(P) = C
14
Q
decryption function with key
A
D_k(C) = P
15
Q
why does having a big key space mean more security
A
sequentially going through every key takes too long
ie. brute force attack not worth it
16
Q
how do substitution ciphers work
A
each letter or group of letter is replaced by another group of letters to disguise it
17
Q
three ways to attack on substitution ciphers
A
identify commonly occurring characters
commonly occuring bigrams
domain specific buzzwords eg system, login, password
18
Q
three ways to attack on substitution ciphers
A
identify commonly occurring characters eg vowels
identify commonly occurring bigrams/digrams eg th, ie
identify domain specific buzz words eg system, login, password etc
19
Q
does substitution ciphering preserve the order of text symbols
A
yes
20
Q
how does vigenere cipher work
A
26x26 matrix
pick long word as key
use first letter of key to encrypt first letter of plain text
use second letter of key to encrypt second letter of plain text
when last letter of key is used, wrap around
21
Q
how to break vigenere cipher
A
know length of key and when rotation happens
22
Q
how do transposition ciphers work
A
re order the symbols rather than disguising them
23
Q
process of transposition cipher
A
pick a key
write plain text in rows under the key
re order the columns
send in column
24
Q
how many keys are there in symmetric key encryption
A
1
all parties share the same key
25
what is the main problem with symmetric key encryption
sender and receiver must agree to a secret key without anyone else finding out
26
examples of symmetric key algorithms
DES
triple DES
IDEA
AES
27
what does DES stand for
data encryption standard
28
what does a block cipher do
operates on a single chunk of data at a time
29
why is it important that the output is the same size or smaller than the input
encrypted data should not be bigger than input data
30
how many stages in DES
19
31
what is the first stage of the DES
fixed permutation (pbox)
32
what is the last stage of the DES
exact inverse of first stage permutation
33
what happens in the penultimate stage of DES
leftmost 32 bits exchanged with rightmost 32 bits
34
what are the 16 middle stages of DES Called
rounds
35
what happens in 16 rounds of DES
a version of the key is taken in, only 48 bits are used
old right half becomes new left half
old left half run through mixer with key and XORed with old left half becoming new right half
36
how long would it take to attack a key space of key length 52 bits by brute force
2^56 tries
37
how to improve DES to make it more secure
Triple DES or 3DES
making use of 2 or 3 keys
38
what is the problem with the fact that ECB independently ciphers blocks
determinisitic manner
encrypting independently is a lot of work
want some dependency between blocks that we encrypt
39
what is meant by a probabalistic output
the output should always be different even if the same data is put in
40
what does CBC stand for
cipher block chaining
41
how does cipher block chaining work
pass in plaintext
and initialisation vector
XOR initialisation vector with plaintext
XOR of this goes into box with key
this results in ciphertext
that ciphertext becomes initialisation vector for next block
so everything is now chained
42
what is essential for decryption in cipher block chaining
first initialisation vector
43
what is done with the first few blocks in case someone is listening in
dummy data sent
44
do you have to keep the initialisation vector secret
no
45
how is cipher block chaining slow
cannot go onto the next step until the previous cipher text has been generated
46
what does ofb stand for
output feedback
47
how does output feedback mode work
put intialisation vector through encryption box, this becomes next initialistion vector
XOR the plain text with whatever comes out of the encryption box
this becomes ciphertext
48
advantage of output feedback mode
can pre compute initialisation vectors
so as the packets come you can XOR them and things can be done much quicker
49
why is OFB mode a synchronous process
computations are independent of the plain text
50
what does CFB stand for
cipher feedback
51
how does cipher feeback mode work
similar to OFB but cipher text is fed back
initialisation vector sent into encryption box
result is XORed with plaintext to get ciphertext
cipher text becomes next initialisation vector
52
when is CFB mode used
when short plain text blocks are to be encrypted eg 8 bits long, ASCII character
eg between remote keyboard and a computer
53
which is the asynchronous stream cipher
cipher feedback mode
54
which is the asynchronous stream cipher
output feedback mode
55
what does AES stand for
advanced encryption standard
56
what is most common bit and key size for AES
128 bits
2^128 is too large to compute and test key space by brute force
57
how may rounds of cipher are there in AES
10 to 14 depending on key length
58
how many keys are there in asymmetric key cryptosystems
2
public key
private key
59
what to do if private key shared by accident
discard and create a new public key
60
example of public key cryptographic algorithm
RSA
61
properties of asymmetric key cryptosystems
- must be computationally easy to encipher or decipher a message given the appropriate key
- must be computationally infeasible to derive the private key from the public key
- need for exchanging private key eliminated
62
what does it mean that it must be computationally infeasible to derive the private key from the public key
it should be so hard it is not worth your while
63
is public key used for encryption or decryptionq
public
the public key of the person you wish to send encrypted message to
64
is private key used for encryption or decryption
decryption
only the person with that private key can decrypt
65
what is involved in a passive attack
eavesdropping (just observing messages)
66
how can passive attackers still obtain messages from encrypted messages
information from message length, frequency, hosts etc
67
what is involved in an active attck
modification of data
hacker pretends to be a different identity
hacker relays information between the other two
68
what is authentication
ensuring that the communicating entity is the one that it claims to be
69
what is a symmetric cipher model
sender and receiver have same secret key
70
what is asymmetric cryptography
sender and receiver use different keys
71
what does it mean if the ciphertext is computationally secure
cost of breaking cipher exceeds cost of information and time taken exceeds useful life of information
72
what is the greatest common divider (highest common factor) of two numbers that are relatively prime
1
73
what does the phi function calculate
phi(n)
how many numbers that are less than n are relatively prime to n
74
is the RSA algorithm deterministic or probabilistic
deterministic
a specific plaintext is always mapped to a specific ciphertext
75
is Fermat's primality test always 100% accurate
no
76
what is the size of the chunks that ECB operates on at one time
64 bits
77
what are the flaws of ECB DES
small key, 2^56 for brute force attack
each block encrypted independently so vulnerable to substitution attack
deterministic
78
is CBC probabilistic or deterministic
probabilistic, depending on IV sed
79
what is a X-509 certificate
binds identity of a person/company with their public key
80
what are the contents of a x-509 certificate
identity of user
public key of user
digital signature on the above field with the key of the TTP (trusted third party)
81
why does the basis of x-509 certs assume that every user in the system is equipped with the public key of the TTP
these are embedded in the browsers themselves
82
what is the purpose of a x-509 certificate
allows one to verify the digital signature on the certificate to ensure the message is associated with the named user
83
what are certification authorities
trusted third parties that issue certificated
84
who issues certificates to to other CAs
the root CA
85
what is the order of an element a in group G
the smallest positive integer k for which
a ^ k = a * a * a * ... a (mod G) = 1
86
what are the properties of a group
closure
associative
identity element
inverse element
87
what makes a group Abelian on top of the other properties
commutative
88
what does the closure property of a group mean
a, b, element G then (a op b) element G
if both a and b are elements of the group G, then the result of an operation (addition or multiplication) performed on a and b will also be an element of group G
89
what does the associative property of a group mean
a op (b op c) = (a op b) op c for all a, b, c elements G
90
what does the identity element property of a group mean
(a op e) = (e op a) = a for all a, e elements G
there is an element in every group that when an operation is performed with any other element in the group, the result will be that element
in additive groups it is 0
i.e. anything + 0 is itself
in multiplicative groups it is 1
i.e. anything * 1 is itself
91
what does the inverse element property of a group mean
(a * a^-1) = (a^-1 * a) = e for all a element G
i.e. all elements should have an inverse
92
what is the diffie hellman key exchange
a protocol that allows strangers to establish a shared symmetric key without having to meet and without a need for a cryptosystem to be in plave
93
what are the underlying reasons that the DHKE works
exponentiation is commutative
94
how is the DHKE vulnerable to attack
users aren't authenticated
man-in-the-middle attack
95
what is the man in the middle attack in DHKE
both parties believe they are talking to each other across a secure channel
however the attacker is in the middle and can read and modify messages
96
how to defend against the man in the middle attack in DHKE
use digital certificates to verify the identity of the user you are communicating with
97
how is checksum vulnerable to attack
attacker can intentionally modify message to produce some equal checksum value and the receiver will not detect the change
98
what does it mean that a hash is a one way function
hash is irreversible
you cannot reproduce the input from the output
it is not meant to be decrypted
it is used as a unique digital fingerprint to check integrity of data
99
example of hash functions
SHA-1, SHA-2
100
advantages of symmetric key encryption
speed
little overhead
101
disadvantages of symmetric key encryption
distributing key securely
same key used for encryption and decryption
102
advantages of asymmetric key encryption
public key can be distributed openly so everyone can use it to encrypt data for the owner of the corresponding private key
103
disadvantages of asymmetric key encryption
slower
more overhead
