infs midterm

Question 1

availability

Answer 1

accessible to authorized users at appropriate times

Question 2

aspects of security

Answer 2

security attack, security service, security mechanism

Question 3

threat

Answer 3

something that can damage or destroy an asset

Question 4

vulnerability

Answer 4

a weakness or gap in your protection

Question 5

risk

Answer 5

where assets, threats, and vulnerabilities intersect

Question 6

authentication

Answer 6

assurance that communicating entity is the one claimed

Question 7

access control

Answer 7

prevention of unauthorized use

Question 8

data confidentiality

Answer 8

protection of data from unauthorized disclosure

Question 9

data integrity

Answer 9

data received is as sent by an authorized entity

Question 10

non-repudiation

Answer 10

protection against denial by one of the parties in a communication

Question 11

security mechanism

Answer 11

feature designed to detect, prevent, or recover from a security attack
no single mechanism that will support all services required
however one particular element underlies many of the security mechanisms in use:
cryptographic techniques

Question 12

symmetric key encryption

Answer 12

plaintext-> encryption algorith with secret key shasred by sender and recepient, transmitted cipher text-> decryption using shared key

Question 13

Kerckhoff’s principle

Answer 13

System security should depend only on the secrecy of the key, not the algorithm.

Question 14

Caesar Cipher

Answer 14

A substitution cipher that shifts each letter by a fixed number
𝑘
E(k,p)=(p+k)mod26,

D(k,c)=(c−k)mod26.
can be broken By brute-force testing all 25 possible shifts.

Question 15

keyspace for cryptosystem

Answer 15

For the Caesar cipher, any value from the set {1, 2, …, 25} can be a key
The set of usable keys is referred to as a cryptosystem’s keyspace
Cryptosystems with a small keyspace are vulnerable to a brute-force search for the proper key

Question 16

What are passive vs. active attacks?

Answer 16

Passive = eavesdropping or monitoring; Active = modifying, disrupting, or injecting data.

Question 17

What is a monoalphabetic cipher?

Answer 17

A substitution cipher where any permutation of 26 letters forms the key

Question 18

What is the size of the monoalphabetic cipher keyspace?

Answer 18

26! ≈ 4×10²⁶ keys

Question 19

What is frequency analysis?

Answer 19

Cryptanalysis method using letter frequency patterns in the ciphertext

Question 20

What is a transposition cipher

Answer 20

A: A cipher that rearranges (permutes) letters of plaintext without altering them.

Question 21

How does the Rail Fence cipher work?

Answer 21

Write letters diagonally across multiple rows, then read row by row.
meet me after the toga party = MEMATRHTGPRYETEFETEOAAT

Question 22

What is the Pigpen cipher?

Answer 22

A symbol-substitution cipher mapping letters to grid symbols—easy to memorize, vulnerable to pattern matching.

Question 23

What are the three pillars of information security?

Answer 23

Confidentiality, Integrity, Availability.

Question 24

What is confidentiality?

Answer 24

Ensures computer assets are accessed only by authorized parties.

Question 25

What is integrity?

Answer 25

Ensures assets are modified only by authorized parties or in authorized ways.

Question 26

What is availability?

Answer 26

Ensures assets are accessible to authorized parties at appropriate times.

Question 27

What is Kerckhoff’s Principle?

Answer 27

Security should depend only on the secrecy of the key, not the algorithm.

Question 28

What is cryptography?

Answer 28

The practice of securing information using encryption and decryption with a secret key.

Question 29

What is a Caesar cipher?

Answer 29

Shifts each letter by k positions: E(k,p)=(p+k) mod 26. Example: k=3 → A→D.

Question 30

What is cryptanalysis?

Answer 30

Science of breaking cryptosystems by deducing keys or plaintexts.

Question 31

What is a monoalphabetic cipher?

Answer 31

Each letter maps to another letter using a substitution alphabet. Example: A→Q, B→W.

Question 32

What is frequency analysis?

Answer 32

Breaking ciphers by matching ciphertext letter frequencies to normal language patterns.

Question 33

What is a transposition cipher?

Answer 33

Rearranges plaintext letters. Example: Rail Fence cipher writes diagonally and reads rows.

Question 34

What is a product cipher?

Answer 34

Combines substitution and transposition for stronger encryption.

Question 35

What is a symmetric cipher?

Answer 35

Uses one shared secret key for both encryption and decryption.

Question 36

What is a block cipher?

Answer 36

Encrypts fixed-size blocks (e.g., 64 or 128 bits). Example: DES.

Question 37

What is a stream cipher?

Answer 37

Encrypts data bit-by-bit or byte-by-byte. Example: RC4.

Question 38

What is a Feistel cipher?

Answer 38

Splits plaintext into halves processed in rounds: L_i=R_{i−1}, R_i=L_{i−1} XOR F(R_{i−1},K_i).

Question 39

What are confusion and diffusion?

Answer 39

Confusion hides key–ciphertext relation; diffusion spreads plaintext statistics across ciphertext.

Question 40

What is DES?

Answer 40

Data Encryption Standard; 64-bit block cipher using 56-bit key, Feistel-based.

Question 41

What is AES?

Answer 41

Advanced Encryption Standard; 128-bit block cipher with 128/192/256-bit keys.

Question 42

Who developed AES?

Answer 42

Rijndael algorithm by Daemen and Rijmen, adopted as AES in 2001.

Question 43

What are AES transformations?

Answer 43

SubBytes, ShiftRows, MixColumns, AddRoundKey.

Question 44

What is AES key expansion?

Answer 44

Generates round keys using Rijndael key schedule.

Question 45

What is Triple DES?

Answer 45

Encrypt–Decrypt–Encrypt: C=E(K3,D(K2,E(K1,P))).

Question 46

What is ECB mode?

Answer 46

ECB encrypts each plaintext block independently using the same key: C_i=E_K(P_i). Each block is treated as a separate message.

Question 47

What is CBC mode?

Answer 47

CBC chains blocks together by XORing each plaintext block with the previous ciphertext block before encryption The first block uses an Initialization Vector (IV): C_i=E_K(P_i XOR C_{i−1}).

Question 48

What is CFB mode?

Answer 48

CFB turns a block cipher into a self-synchronizing stream cipher. It encrypts the previous ciphertext block, then XORs it with the plaintext to produce ciphertext. The first step uses an IV instead of C -1 : C_i=P_i XOR E_K(C_{i−1}).

Question 49

What is OFB mode?

Answer 49

OFB generates a keystream by repeatedly encrypting the output of the cipher, independent of the plaintext, with an initial O−1=IV: O_i=E_K(O_{i−1}), C_i=P_i XOR O_i.

Question 50

What is CTR mode?

Answer 50

CTR mode encrypts a counter value for each block and XORs the result with plaintext, Each block uses an incremented counter (Counter_i = Nonce + i).: O_i=E_K(i), C_i=P_i XOR O_i.

Question 51

What is public-key cryptography?

Answer 51

Uses key pair: public for encryption, private for decryption. Example: RSA.

Question 52

What problems does public-key crypto solve?

Answer 52

Key distribution and digital signature verification.

Question 53

What is a divisor?

Answer 53

b divides a if a=mb. Example: 3|9.

Question 54

What is the GCD?

Answer 54

Largest integer dividing both numbers. Example: GCD(8,12)=4.

Question 55

What is the Euclidean algorithm?

Answer 55

Finds GCD using gcd(a,b)=gcd(b,a mod b).

Question 56

What is modular arithmetic?

Answer 56

Arithmetic under mod n. Example: 17 mod 5=2.

Question 57

When are two numbers congruent mod n?

Answer 57

If a mod n=b mod n. Example: 17≡5 (mod 12).

Question 58

What is the Extended Euclidean Algorithm?

Answer 58

Finds x,y such that ax+by=gcd(a,b); used for modular inverses.

Question 59

How to find modular inverse?

Answer 59

If gcd(a,n)=1, then x in ax≡1(mod n) is the inverse of a mod n.

Question 60

What is RSA encryption?

Answer 60

C=M^e mod n; decryption: M=C^d mod n.

Question 61

What is RSA key generation?

Answer 61

Pick primes p,q; n=pq; φ(n)=(p−1)(q−1); choose e; find d where e·d≡1(mod φ(n)).

Question 62

RSA example?

Answer 62

p=17,q=11,e=7,d=23 → C=88^7 mod187=11, M=11^23 mod187=88.

Question 63

What is fast modular exponentiation?

Answer 63

Computes a^b mod n efficiently using repeated squaring.

Question 64

What are the advantages of ECB?

Answer 64

Simple to implement. Allows parallel encryption/decryption of blocks. Efficient for short or random data (like encryption keys).

Question 65

What are the disadvantages of ECB?

Answer 65

Identical plaintext blocks produce identical ciphertext blocks, revealing patterns. Leaks structural information — especially visible in images or repeated data. Not suitable for long or patterned data.

Question 66

Example of ECB weakness?

Answer 66

When encrypting an image, the outline of the original is still visible since identical colors (plaintext blocks) produce the same ciphertext pattern.

Question 67

Why is the IV important in CBC?

Answer 67

It ensures identical plaintexts produce different ciphertexts when re-encrypted. Must be unique and unpredictable for each encryption session.

Question 68

What are the advantages of CBC?

Answer 68

Conceals patterns in the plaintext. Good for large files or data streams. Each ciphertext block depends on all previous blocks.

Question 69

Q: What are the disadvantages of CBC?

Answer 69

Encryption can’t be parallelized since each block depends on the previous one. A single bit error in a ciphertext block corrupts the corresponding plaintext block and the next one. Requires secure handling of the IV.

Question 70

What are the advantages of CFB?

Answer 70

Allows encryption of data smaller than block size (e.g., bytes). Self-synchronizing: a few bits of error are tolerated before recovery. Can process data as it arrives (real-time streams).

Question 71

What are the disadvantages of CFB?

Answer 71

Encryption and decryption cannot be parallelized. A bit error in ciphertext affects several bits of decrypted plaintext. Slower than pure stream ciphers.

Question 72

What are the advantages of OFB?

Answer 72

Bit errors in ciphertext do not propagate beyond the corrupted bit. Allows precomputation of the keystream (useful for high-speed or intermittent connections). Ideal for noisy channels (e.g., satellite links).

Question 73

What are the disadvantages of OFB

Answer 73

Requires unique IV for every session (reusing IVs leads to key reuse attacks). Sender and receiver must remain synchronized — lost data breaks alignment. Not self-synchronizing like CFB.

Question 74

What are the advantages of CTR?

Answer 74

Allows parallel encryption and decryption. Precomputation possible (encrypt counters ahead of time). Simple implementation — no chaining needed. No error propagation.

Question 75

What are the disadvantages of CTR

Answer 75

Counter (Nonce + i) must never repeat with the same key, or security is broken. Requires careful synchronization between sender and receiver.

Question 76

Why are product ciphers stronger?

Answer 76

Substitution ⊕ transposition in sequence achieves Shannon’s confusion + diffusion.

Question 77

Block vs Stream cipher (plain words)?

Answer 77

Block: encrypt fixed-size chunks (e.g., 128 bits). Stream: encrypt one bit/byte at a time with keystream.

Question 78

Shannon’s S-P network idea in one line?

Answer 78

Layer S-boxes (substitution) and P-boxes (permutation) to realize confusion & diffusion.

Question 79

Feistel structure decrypts with same circuit—how

Answer 79

Swap halves each round; apply subkeys in reverse order to invert.

Question 80

DES quick facts

Answer 80

64-bit blocks, 56-bit key, 16 Feistel rounds; adopted 1977; derived from IBM Lucifer

Question 81

Why was DES controversial?

Answer 81

Short key (56 bits) and classified design criteria; still useful historically/legacy

Question 82

Who is Évariste Galois (why mentioned)?

Answer 82

Founder of group theory/Galois fields; AES arithmetic uses GF(2^8)

Question 83

AES in one line (structure)?

Answer 83

SP-network with rounds of SubBytes, ShiftRows, MixColumns, AddRoundKey over bytes.

Question 84

Why not Double-DES?

Answer 84

A: Vulnerable to meet-in-the-middle attack; effective strength ≈ 2⁵⁶.

Question 85

Q: What is Triple-DES (EDE 2-key)?

Answer 85

A: C = Eₖ₁(Dₖ₂(Eₖ₁(P))); if K₁ = K₂ → single DES.

Question 86

Q: What is 3-key Triple-DES?

Answer 86

A: C = Eₖ₃(Dₖ₂(Eₖ₁(P))); avoids 2-key weaknesses.

Question 87

Q: How is message padding handled in ECB?

Answer 87

A: Pad final block with known value or pad length byte.

Question 88

Q: What does the IV do in CBC?

Answer 88

A: Starts chaining; should be unique and sent securely (e.g. ECB first).

Question 89

Q: What does “CFB-s” mean?

Answer 89

A: Feedback of s bits (1/8/64/128); useful for byte streams.

Question 90

Q: OFB key stream property?

Answer 90

A: Precomputable stream Oᵢ = Eₖ(Oᵢ₋₁); bit errors don’t propagate.

Question 91

Q: CTR mode rule and warning?

Answer 91

A: Cᵢ = Pᵢ ⊕ Eₖ(counterᵢ); never reuse (key, nonce+counter) pair.

Question 92

Q: What problem does public-key cryptography solve?

Answer 92

A: Key distribution and digital signature verification.

Question 93

Q: Public-key applications?

Answer 93

A: Encryption/decryption, signatures, key exchange.

Question 94

Q: Public-key requirements?

Answer 94

A: Hard to derive private key from public; easy to use each key with algorithm.

Question 95

Q: Why is public-key slow?

Answer 95

A: Uses very large numbers and hard math problems (e.g. factoring).

Question 96

Q: Division algorithm form?

Answer 96

A: a = q n + r with 0 ≤ r < n.

Question 97

Q: Modular addition/multiplication rule?

Answer 97

A: [(a mod n)+(b mod n)] mod n = (a+b) mod n.

Question 98

Q: RSA encryption and decryption equations.

Answer 98

A: C = Mᵉ mod n; M = Cᵈ mod n.

Question 99

Q: Fast modular exponentiation idea.

Answer 99

A: Square each step and multiply when bit=1; reduces time to O(log e).