zzDomain 3 - Cryptographic concepts | Crypto Attacks | PKI Infrastructure

Question 1

Symmetric Encryption - Strengths

Answer 1

Speed, and strength per bit of key

Question 2

Symmetric Encryption - Weakness

Answer 2

Key must be shared securely

Question 3

Symmetric Encryption - Stream Cipher

Answer 3

Each bit is independently encrypted

Question 4

Symmetric Encryption - Block cipher

Answer 4

Blocks of data are encrypted

Question 5

Initialization Vector

Answer 5

Symmetric Encryption

Encryption step. Used on Symmetric ciphers to ensure that the first block of data is random

Question 6

Cipher Block Chaining (feedback in stream modes)

Answer 6

Uses the previous ciphertext from the previous block, and uses it to XOR’ the next block.

First block uses an Initialization Vector.

Question 7

DES Encryption type

Answer 7

Symmetric

Question 8

DES

Answer 8

Data Encryption Standard

Question 9

DES Encryption dates

Answer 9

1976 US Fed standard

Question 10

DES Encryption, who designed

Answer 10

IBM, based on older lucifer symmetric cipher

Question 11

DES Encryption, block size

Answer 11

64 bit

Question 12

DES Encryption, key size

Answer 12

56 bit

Question 13

DES Modes

Answer 13

5 modes:
Electronic Code Book - ECB
Cipher Block Chaining - CBC
Cipher Feedback - CFB
Output Feedback  - OFB
Counter Mode - CTR

Question 14

DES ECB

Answer 14

Electronic Code Book
No initialization vector
susceptible to replay attacks.

Question 15

DES CBC

Answer 15

Cipher Block Chaining

• Block Mode
• XORs previous block as seed to next block
• First encrypted block is IV for next.
• Errors propogate. An error in one block propagates everywhere

Question 16

DES CFB

Answer 16

Cipher Feedback

• Stream
• Uses feedback to destroy patterns
• Uses IV
• Errors propogate

Question 17

DES - OFB

Answer 17

Output Feedback

• XORs previous block as seed to next block
• Stream cipher
• Uses subkey before it is XORed to plaintext
• Subkey is not affected by Encryption errors
• errors don’t propagate

Question 18

DES CTR

Answer 18

Counter

• Uses a counter
• Errors don’t propogate

Question 19

Double DES

Answer 19

Repeat the process twice

Question 20

Triple DES

Answer 20

Applies DES three times per block before moving to next block

Question 21

2TDES

Answer 21

Two triple DES. Uses 1 key to encrypt, another to ‘decrypt’ and again key 1 to encrypt.
Key length of 112 bits

Question 22

3TDES

Answer 22

Strongest form, three triple des

168 bits in key length

Question 23

IDEA Encryption/Cipher Type

Answer 23

International Data Encryption Algorithm.

Symmetric Block Cipher

Question 24

IDEA Key Size

Answer 24

128

Question 25

IDEA block size

Answer 25

64 bit

Question 26

IDEA - good or bad?

Answer 26

Held up to cryptanalysis

Question 27

IDEA - drawback

Answer 27

Patent encumbrance and slow speed

Question 28

AES

Answer 28

Advanced Encryption Standard

Question 29

AES Key Size

Answer 29

128 bit with 10 rounds of encryption
192 bit with 12 rounds of encryption
256 bit with 14 rounds of encryption

Question 30

AES Block size

Answer 30

128 bit

Question 31

AES Functions

Answer 31

Subbytes
ShiftRows
MixColumns
AddRoundKey

Question 32

AES data State

Answer 32

4 Rows of 4, 16 byte blocks

Question 33

AES SubBytes

Answer 33

Uses substitution to add confusion

Question 34

AES ShiftRows

Answer 34

Shifts the rows to add confusion

Question 35

AES MixColumns

Answer 35

Provides diffusion by mixing the columns fo the state via finite field mathematics.

Question 36

AES AddRoundKey

Answer 36

Final function

XORs the state with the subkey

Question 37

Blowfish cipher type

Answer 37

symmetric

Question 38

Blowfish Key size and block

Answer 38

default 128. variable 32 through 448

64 bit blocks

Question 39

Twofish

Answer 39

128 bit blocks

128-256 bit keys

Question 40

RC5 and RC6 designed by

Answer 40

RSA LAbs

Question 41

RC5 block size

Answer 41

32, 64, 128

Question 42

RC5 key size

Answer 42

0 -2040 bits

Question 43

RC6

Answer 43

Based on RC5

128 bit blocks

Question 44

RC6 key size

Answer 44

128, 192, 256

Question 45

Asymmetric Encryption Pros

Answer 45

Solves issues around preshared keys

Question 46

Asymmetric key how many

Answer 46

two. Public/private key pair

Question 47

Asymmetric one-way functions

Answer 47

easy to compute one way. VERY difficult to reverse

Question 48

Asymmetric, factoring prime numbers

Answer 48

Relies on strength of composite number. Example: 6269 x 7883 = 49418527.

To crack, you must factor 49418527 to find which two prime numbers are factors.

Question 49

Discrete logarithm

Answer 49

Basis of the Diffie-hellman and ElGamal asymmetric algs

Question 50

Diffie-Hellman Key agreement protocol

Answer 50

Allows two parties to securely agree on a symmetric key via a public channel

Question 51

Diffie-hellman

Answer 51

Type of key exchange that is secure. If an attacker sniffs the whole conversation, they still can’t obtain the key.

Question 52

Elliptic Curve Cryptography

Answer 52

Type of encryption.

Uses One way function that uses discrete logaratinms

Stronger than discrete logarithms

Uses less computational power

Question 53

Asymmetric and Symmetric tradeoffs

Answer 53

Asymmetric - slower, weaker on equal sized keys. Pro no need for preshared key

Both types are often used together

Symmetric - faster, weak due to pre-shared keys.

Question 54

Hash Functions

Answer 54

Encryption using algorithm and NO KEY

One Way. Because impossible to reverse

Variable length plaintext is hashed into a fixed length hash

Question 55

Collisions

Answer 55

This is what happens if two separate, and non-identical inputs to a hash algorithm result in identical hashes.

Question 56

MD5

Answer 56

Message Digest 5

128 bit hash value based on any input length. Prone to collisions

Question 57

MD5 creator

Answer 57

Ronald Rivest

Question 58

MD6

Answer 58

Message Digest 6

Newest version of the MD family of hashes - published in 2008

Question 59

SHA - Secure Hash Alg

Answer 59

Series of Hash algs

Question 60

SHA1

Answer 60

160 bit hash value

Question 61

SHA3

Answer 61

announced as successor in 2015

Question 62

HAVAL

Answer 62

Hash of variable length. Uses design principles of MD family

Question 63

HAVAL Hash lengths

Answer 63

128, 160, 192, 224, 256

Question 64

HAVAL number of rounds

Answer 64

3, 4, 5

Question 65

Crypto attacks

Answer 65

used by cryptanalysts to recover plaintext

Question 66

Brute force

Answer 66

trying every possible combination. Will work eventually

Question 67

Known Plaintext

Answer 67

If I know an input and output. I can potentially guess a key.

Question 68

Chosen Plaintext and adaptive chosen plaintext

Answer 68

analyst chooses plaintext to be encrypted.

Analyst then changes further rounds of encryption based on previous round

Question 69

Chosen Ciphertext adaptive chosen cipher text

Answer 69

Mirror version of chosen plaintext/adaptive plaintext

Question 70

meet in the middle attack

Answer 70

Read up on this.

Question 71

Known Key

Answer 71

Analyst knows something about the key, and can use that to reduce efforts used to attack it.

Question 72

Differential Cryptanalysis

Answer 72

Seeks to find the difference between related plaintexts that are encrypted. Uses stat analysis to search for signs of non-randomness.

Question 73

Linear Cryptanalysys

Answer 73

when you have a lot of plaintext and ciphertext - pairs are studied to find information about the key.

Question 74

Side Channel Attacks

Answer 74

USe physical data to break cryptosystem. Monitoring CPU cycles or power consumption used while encrypting/decrypting.

Question 75

Birthday Attack

Answer 75

Create hash collisions and break the key

Question 76

Key clustering

Answer 76

two different symmetric keys on same plaintext produce same ciphertext

Question 77

Digital signatures

Answer 77

Method of authentication and non-repudiation.

Process:

1. Sender hashes their message, and appends hash to email
2. Sender then encrypts entire email using their private key.
3. Receiver decrypts message using public key (they now know the sender is authentic - only the sender could have encrypted).
4. Receiver then hashes the message on their own - if the hash is the same as appended to the email they know that integrity has been preserved.

Question 78

HMAC

Answer 78

READ UP ON

Question 79

PKI Public Key Infrastructure

Answer 79

leverages all three forms of encryption. Digital certs.

Question 80

Cert Authorities

Answer 80

Digitals certs are signed by CAs

They authenticate identity of orgs before issuing a certs

May be private, or public

Question 81

Cert Revocation lists

Answer 81

Lists revoked certs. Maintained by CAs

Question 82

IPSec

Answer 82

Suite of protocols to provide cryptographic IPV4 and v6. Used to build VPNs

Question 83

IPSec primary protocols

Answer 83

AH - Authentication Header

ESP - Encapsulating Security Payload

Question 84

IPSec Supporting protocols

Answer 84

ISAKMP, and IKE

Question 85

ISAKMP

Answer 85

internet security assoc and key mgmt protocol

Question 86

IKE

Answer 86

Internet key exchange

Question 87

AH

Answer 87

Authentication header provides authentication and integrity for each packet of net data.

NO CONFIDENTIALITY

Question 88

ESP

Answer 88

provides confidentiality by encrpyting packet data

Question 89

IPSec Security Association (ISAKMP)

Answer 89

one way/simplex connection used to negotiate ESP or AH Parameters. Each ESP and AH session results in a Security Associatin (so, up to 4 SAs may be in each two-way VPN)

ISAKMP is the protocol that manages SA creation.

Question 90

SA Identification index

Answer 90

Identifies the SA. 32 bits

Question 91

ESP Tunnel mode

Answer 91

Encrypts everything

Question 92

ESP Transport mode

Answer 92

only encrypts data, not IP headers. May use AH to authenticate the un-encrypted headers.

Question 93

IKE vs ISAKMP

Answer 93

IKE - Encryption algorithm negotiation protocol. Allows both sided so select and agree upon the best encryption that both sides support.

ISAKMP - Manages Security Associations.

Question 94

IKE

Answer 94

Another way to manage key exchanges. Both sides will use IKE to negotiate fastes and highes sec level.

Question 95

SSL and TLS

Answer 95

TSL succeeds SSL. Commonly used for HTTPS. Encrypted out of the gate. Uses Asymmetric encryption to exchange a key, for a subsequent symmetric session.

Question 96

PGP

Answer 96

pretty good privacy.

Question 97

PGP year

Answer 97

1991

Question 98

PGP

Answer 98

uses web-of-trust instead of cert authority.

Question 99

S/MIME

Answer 99

Email encryption and authentication

Question 100

Escrowed Encryption

Answer 100

splits private key into two or more parts. Will only release their part of the key on a court order.

Question 101

Clipper Chip

Answer 101

Name of tech used in the Escrowed Encryption Standard. Allows backdoor to govt while encrypting voice.

Question 102

Steganography

Answer 102

Science of hidden communication. Hiding information into other media.

Question 103

Digital watermaks

Answer 103

encode data in a file. Watermark is probably hidden

Question 104

Mantrap

Answer 104

Two doors requireing separate authentication to open

Question 105

Bollard

Answer 105

Post designed to stop a car

Question 106

Smart card

Answer 106

physical access card containing integrated circuit

Question 107

tailgating

Answer 107

following an auth person into building w/o providing creds

Question 108

Perimeter defenses

Answer 108

fence doors, walls, locks

Question 109

Class 1 gate

Answer 109

residential

Question 110

class 2 gate

Answer 110

Commercial, general access

Question 111

Class 3 gate

Answer 111

industrial limited access - loading dock for 18 wheeler

Question 112

Class 4 gate

Answer 112

restricted access. Prison or airport

Question 113

Lights

Answer 113

detective and/or deterrant

Question 114

vigenere cipher

Answer 114

• Vigenère cipher
  o Polyalphabetic
  o Repeated 26 times to form a matrix

Question 115

Jefferson disks

Answer 115

o Tommy J

o 36 wooden disks

Question 116

Caesar cipher

Answer 116

• Caesar cipher
  o Monoalphabetic
  o Simple substitution
  o Rotated 3 times

Question 117

book cipher and running key cipher

Answer 117

• Book cipher and running key cipher

o Use well known texts as the basis for keys

Question 118

Codebooks

Answer 118

assign codeword for important people/locations/terms

Question 119

one time pad

Answer 119

o	one time pad
	uses identical paird pads
	one page is used to encrypte
	same page to decrypt
	pages are then discarded, never reused
	only one mathematically proven to be secure

Question 120

vernam cipher

Answer 120

o First known one time pad
o Named after gilbert vernam
o Used bits before computer
o One-time pad bits were also XORed to the plaintext bits

Question 121

project VERONA

Answer 121

o Broke KGB encryption in 1940s
o KGB used one time pads
o KGB violated one of the three rules though
o Reused pads.

Question 122

Hebern Machines and PURPLE

Answer 122

o Class of cryptographic devices
o Large manual typewriter looking devices electrified with rotors
o Used through WWII

Question 123

ENIGMA

Answer 123

doi

Question 124

SIGABA

Answer 124

o Rotor machine used by US through 1950s
o More complex and covered weaknesses of the Enigma
o Large complex and heavy
o Never known to be broken

Question 125

PURPLE

Answer 125

japanese version of enigma

Question 126

COCOM

Answer 126

o Coordinating comeittee for multilateral export controls

 Designed to control export of critical technologies to iron curtain countries

Question 127

Wassenaar arrangement

Answer 127

o After COCOM ended
o Created in 1996
o Many iron curtain countries included
o Relaxed restriction on exporting cryptography.

Question 128

DEA

Answer 128

Data Encryption Algorithm described by DES (Data Encryption Standard)

Question 129

PKI standard

Answer 129

X.509

Question 130

CAs and ORAs

Answer 130

Certificate Authority (Issues Certs)

Organizational Registration Authority (authenticates client certs)

Question 131

OCSP

Answer 131

Online Certificate Status Protocol - Replacement for CRL (Cert Revocation Lists). Scales beeter than CRL

Question 132

CRL

Answer 132

Certificate Revocation Lists

Question 133

PGP encryption type

Answer 133

Symmetric