Lesson 4: Basic Cryptography Concepts

Question 1

plaintext (or cleartext)

Answer 1

unencrypted message

Question 2

ciphertext

Answer 2

an encrypted message

Question 3

cipher

Answer 3

process (or algorithm) used to encrypt and decrypt a message

Question 4

cryptanalysis

Answer 4

art of breaking or “cracking” cryptographic systems

Question 5

cryptography

Answer 5

• “secret writing”

- historically, operated using simple substitution or transposition ciphers

Question 6

security through obscurity

Answer 6

• to keep something secret by hiding it

- attempts to hide details of cipher (secret algorithm)

Question 7

transport encryption

Answer 7

confidentiality means that a message cannot be deciphered without having the appropriate cipher and key (or alternatively the means to crack the cipher)

Question 8

non-repudiation

Answer 8

• concept that the sender cannot deny sending message

- linked to identification and authentication

Question 9

T or F. Cryptography can be used to design highly resilient control systems

Answer 9

True

Question 10

control system

Answer 10

system with multiple parts, such as sensors, workstations, and servers, and complex operating logic

Question 11

obfuscation

Answer 11

• art of making a message difficult to understand
• term used in conjunction with source code used to design computer applications
• obfuscated source code is rewritten in a way that does not affect the computer compiles or executes code, but makes it difficult for a person reading the code to understand how it works

Question 12

white box cryptography

Answer 12

• attempts to protect an embedded key while preserving the functionality of the code have all been broken
• would offer much better Digital Rights Management (DRM) protection for copyright content such as music, video, and books

Question 13

substitution ciper

Answer 13

• involves replacing units (a letter or blocks of letters) in the plaintext with different ciphertext
• simple substitution ciphers rotate or scramble letters of the alphabet
• example:
  ROT13 (an example of Caesarian cipher) rotates each letter 13 places (so A becomes N for instance)
  “Uryyb Jbeyq” means “Hello World”

Question 14

transposition cipher

Answer 14

• units stay the same in plaintext and ciphertext, but their order is changed
• example: “HLOOLELWRD”

Question 15

rail fence cipher

Answer 15

if you’re having trouble with the transposition cipher, try arranging groups of letters into columns

Question 16

key

Answer 16

• most ciphers use a key to increase the security of the encryption process
• example: if you consider the Caesar cipher ROT13, you should realize that the key is 13
• key is important, because it means that even if the algorithm or cipher method is known, a message still cannot be decrypted without knowledge of the specific key

Question 17

T or F. Most modern ciphers are made stronger by being open to review (cryptanalysis) by third-party researchers

Answer 17

True

Question 18

keyspace

Answer 18

range of key values available to use with a particular cipher

• roughly equivalent to two to the power of the size of key
• some keys within the keyspace may be considered easy to guess (“weak”) and should not be used
• using a longer keys (2048 bits rather than 1024 bits, for instance) makes the encryption scheme stronger

Question 19

T or F. Basic substitution and transposition ciphers are vulnerable to cracking by frequency analysis

Answer 19

True

Question 20

frequency analysis

Answer 20

depends on the fact that some letters and groups of letters appear more frequently in natural language than others

Question 21

T or F. A secure cipher must exhibit the properties of confusion and diffusion

Answer 21

True

Question 22

confusion

Answer 22

• key should not be derivable from the ciphertext
• if one bit in key changes, many bits in ciphertext should change (each plaintext bit should have a 50% chance of flipping)
• same key should not be used by the algorithm in a predictable way when outputting ciphertexts from different plaintexts
• achieved by using complex substitutions, employing both whole key parts of the key to output ciphertext blocks
• confusion prevents attackers from selectively generating encrypted versions of plaintext messages and looking for patterns in their relationship to try to derive the key

Question 23

diffusion

Answer 23

• means that predictable features of the plaintext should not be evident in the ciphertext
• if one bit of the plaintext is changed, many bits in the ciphertext should change as a result
• obtained through transposition
• prevents attackers from selectively determining parts of the message
• modern ciphers must use both substitution and diffusion to resist cryptanalysis attacks

Question 24

trapdoor functions

Answer 24

basis of mathematical ciphers is to use an operation that is simple to perform one way (when all the values are known) but difficult to reverse

Question 25

one-time pad

Answer 25

- an unbreakable encryption mechanism - encryption key - consists of exactly the same number of characters as the plaintext and must be generated by a truly random algorithm - if used properly, one-time pads are unbreakable

Question 26

XOR

Answer 26

- bitwise operation - produces 0 if both values are the same and 1 if the values are different, or, put another way, an XOR operation outputs to truly only if one input is true and the other input is false - advantage of XOR compared to an AND or an OR operation is that XOR has a 50% chance of outputting one or zero, whereas AND is more likely to output zero and OR is more likely to output one - makes the ciphertext harder to analyze

Question 27

nonce

Answer 27

principal characteristic of a nonce that it is never reused ("number used once")

Question 28

initialization vector (IV)

Answer 28

random (or pseudo-random)

Question 29

salt

Answer 29

random (or pseudo-random) number or string

Question 30

weak cipher suites and implementations

Answer 30

- critical vulnerability for an organization | - data that is being stored and processed is not secured

Question 31

available inputs for cryptanalysis are as follows

Answer 31

- known ciphertext - analyst has obtained the ciphertext but has no additional information about it - known plaintext - attacker knows or can guess some of plaintext present in ciphertext, but not its exact location or context - chosen plaintext - attacker can submit plaintexts to the same cryptographic process to derive corresponding ciphertexts, facilitating analysis - chosen ciphertext - attacker can submit ciphertexts to the same cryptographic processes to derive corresponding plaintexts

Question 32

weak key

Answer 32

- one that produces ciphertext that is easy to cryptanalyze - examples of weak keys: - DES - RC4 - IDEA - Blowfish

Question 33

Random Number Generator (RNG)

Answer 33

- module in cryptographic implementation is critical to its strength - two principal ways for an RNG to work: - true random number generator (TRNG) - sample some sort of physical phenomena, such as atmospheric noise, with a high rate of entropy (lack of order) - pseudorandom number generator (PRNG) - uses software routines to simulate randomness

Question 34

side channel attacks

Answer 34

- represents a completely different approach to cryptanalysis - monitors timing, power consumption, and electromagnetic emanation

Question 35

resource versus security constraints

Answer 35

comparative strength of one cipher over another largely depends on the bit-strength of the key and the quality of the algorithm

Question 36

low power devices

Answer 36

- require more processing cycles and memory space | - slower and means they consume more power

Question 37

low latency uses

Answer 37

if cryptography is deployed with a real time-sensitive channel, such as voice or video, the processing overhead on both the transmitter and receiver must be low enough not to impact the quality of the signal

Question 38

data at rest

Answer 38

this means that the data is in some sort of persistent storage media - examples: - financial information stored in databases - archived audiovisual media - operational policies and other management documents - system configuration data

Question 39

data in transit (or data in motion)

Answer 39

- this is the state when data is transmitted over a network - examples: - website traffic - remote access traffic - data being synchronized between cloud repositories

Question 40

data in use

Answer 40

state when data is present in volatile memory, such as system RAM or CPU registers and cache

Question 41

cryptographic algorithms

Answer 41

- computer security systems: - hash functions - symmetric encryption - asymmetric encryption

Question 42

cryptographic primitive

Answer 42

- single hash function, symmetric cipher, asymmetric cipher

Question 43

crypto module or API (application programming interface)

Answer 43

- algorithms underpinning cryptography must be interpreted and packaged as a computer program (or programming library)

Question 44

cryptographic service provider (CSP)

Answer 44

- makes use of Windows crypto module to perform encryption and/or authentication services

Question 45

hashing algorithms

Answer 45

widely used in computer programming to short representation of data

Question 46

checksums

Answer 46

ensure validity of data

Question 47

message digest

Answer 47

produces fixed length string

Question 48

secure hash algorithm (SHA)

Answer 48

- one of the Federal Information Processing Standards (FIPS) - SHA-1 - this was quickly released to address a flaw in the original SHA algorithm - 160-bit digest - SHA-2 - variants using longer digests (notably 256 bits and 512 bits)

Question 49

Message Digest Algorithm (MDA/MD5)

Answer 49

- uses a 128-but hash value | - no longer considered secure for password hashing or signing digital certificates

Question 50

Research and Development in Advanced Communications Technologies in Europe (RACE)

Answer 50

- program set up by European Union

Question 51

message authentication

Answer 51

- prove the integrity and authenticity of a message | - one-way

Question 52

hash-based message authentication code

Answer 52

key and message are combined in a way designed to be resistant to "extension" attacks against other means of generating MACs

Question 53

symmetric encryption

Answer 53

- two-way encryption algorithm in which encryption and decryption are both performed by a single secret key

Question 54

symmetric encryption

Answer 54

two-way encryption algorithm in which encryption and decryption are both performed by a single secret key

Question 55

stream cipher

Answer 55

each byte or bit of data in plaintext is encrypted one at a time

Question 56

rivest ciphers (Ron's Code)

Answer 56

- family of different encryption technologies designed by Ron Rivest

Question 57

block cipher

Answer 57

plaintext is divided into equal-size blocks (usually 64- or 128-bit)

Question 58

data encryption standard cipher

Answer 58

- using 64-bit blocks and 56-bit key

Question 59

advanced encryption standard (AES)

Answer 59

- faster and more secure than 3DES

Question 60

blowfish

Answer 60

- uses 64-bit blocks and variable key sizes | - related cipher Twofish was developed by an extended team to enter AES competition

Question 61

modes of operation

Answer 61

refers to way a cryptographic product processes multiple blocks

Question 62

Electronic Code Book (ECB)

Answer 62

applies same key to each plaintext block

Question 63

Cipher Block Chaining (CBC)

Answer 63

improves ciphertext integrity by applying an Initialization Vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext

Question 64

public and private keys in a key pair

Answer 64

- each key is capable of reversing the operation of its pair - example: if public key is used to encrypt a message, only the paired private key can decrypt the ciphertext produced. the publich key cannot be used to decrypt the ciphertext, even though it was used to encrypt it

Question 65

digital signature

Answer 65

prove identity of sender of message and show that message has not been tampered with since sender posted it

Question 66

digital envelop

Answer 66

secret key (symmetric) encryption is generally faster than public key cryptography, but public key cryptography can provide higher levels of convenience and security. therefore, often, both are used

Question 67

digital certificates

Answer 67

certificate authority (CA) - validate use of public key by issuing subject with a certificate

Question 68

transport encryption

Answer 68

refers to encrypting data as it is sent over a network

Question 69

key exchange

Answer 69

process by which sender and receiver share key to use for encryption

Question 70

ephemeral key

Answer 70

transport encryption often makes use of a different secret key for each session

Question 71

elliptic curve cryptography (ECC)

Answer 71

another type of trapdoor function used to generate public/proving

Question 72

Man-in-the-Middle (MitM) attack

Answer 72

typically focused on public key cryptography

Question 73

downgrade attack

Answer 73

can be used to facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths

Question 74

replay attack

Answer 74

consists of intercepting a key or password hash then reusing it to gain access to a resource, such as the pass-the-hash attack

Question 75

birthday attack

Answer 75

type of brute force attack aimed at exploiting collisions in hash functions