Tutorial 8

Question 1

You must secure email traffic between a branch site and the HQ site. What are three things that you would need to implement secure messages between the sites and why?

Answer 1

• Confidentiality in case the email was captured and read. - Encrypt emails with TLS during transmission so only intended reciepts can decrypt it.
• Integrity to ensure that nothing in the email has changed or been altered. Achieve by applying a hash function with a digital signature. HMAC.
• Authenticity to ensure that the message came from the other destination. - Using digital certificates issued by a trusted CA. When HQ receives an email from the branch, the signature validates that it was indeed sent by the branch’s mail server, not a spoofed source.

Question 2

There are several methods for cracking code or cryptoanalysis. Name and explain them briefly?

Answer 2

Several methods are used in cryptanalysis:
* Brute-force method - The attacker tries every possible key knowing that eventually one of them will work.
* Ciphertext method - The attacker has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext.
* Known-Plaintext method - The attacker has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext.
* Chosen-Plaintext method - The attacker chooses which data the encryption device encrypts and observes the ciphertext output.
* Chosen-Ciphertext method - The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext.
* Meet-in-the-Middle method - The attacker knows a portion of the plaintext and the corresponding ciphertext.

Question 3

What are the primary objectives of securing communication. Briefly explain them and give example of protocols that help to achieve them.

Answer 3

There are three primary objectives of securing communications:
* Authentication - Guarantees that the message is not a forgery and does actually come from whom it states.
* Integrity - Guarantees that no one intercepted the message and altered it; similar to a checksum function in a frame.
* Confidentiality - Guarantees that if the message is captured, it cannot be deciphered.

Many modern networks ensure authentication with protocols, such as hash message authentication code (HMAC). Integrity is ensured by implementing either MD5 or SHA hash-generating algorithms. Data confidentiality is ensured through symmetric encryption algorithms, including Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES). Symmetric encryption algorithms are based on the premise that each communicating party knows the pre-shared key.

Data confidentiality can also be ensured using asymmetric algorithms, including Rivest, Shamir, and Adleman (RSA) and the public key infrastructure (PKI). Asymmetric encryption algorithms are based on the assumption that the two communicating parties have not previously shared a secret and must establish a secure method to do so.

Question 4

Cryptographic services are the foundation for many security implementations. Discuss the key services provided by cryptography.

Answer 4

Confidentiality: The assurance that no one can read a particular piece of data except the receivers explicitly intended. (1 mark)
Integrity or data authentication: The assurance that data has not been altered in transit, intentionally or unintentionally. (1 mark)
Peer authentication: The assurance that the other entity is who he, she, or it claims to be. (1 mark)
Nonrepudiation: A proof of the integrity and origin of the data. The sender can’t repudiate that he or she is the person who sent the data. (1 mark)
Key management: The generation, exchange, storage, safeguarding, use, vetting and replacement of keys.

Question 5

Explain three key differences, for each, between symmetric and asymmetric encryption?

Answer 5

Symmetric
* Use the same key length to encrypt and decrypt data.
* Key lengths are short
* Commonly used for encrypting bulk data..

Asymmetric
* Uses different keys to encrypt and decrypt data.
* Key lengths are long
* Computationally taxing and slower than asymmetric
* Commonly used for quick data transactions

Question 6

There are different types of cryptographic keys that are used to secure communication and they all have a key length and key space. Briefly explain key length & key space?

Answer 6

Key Length: Is the measure of the key in binary bits
Keyspace: The range of valid keys used by an algorithm. It is the number of possibilities that can be generated by a specific key

Question 7

Explain the operation of a keyed hash over a hash, what is its major advantage and provide an example of where it might be used?

Answer 7

Hashing is a mechanism used for data integrity assurance.

It uses a hash function which is a one-way function of input data that produces a fixed length digest of output data…the fingerprint.

It is cryptographically very strong, easy to compute but significantly harder to reverse.

Hash functions are the basis of the protection mechanism of Hashed Message Authentication Codes (HMAC). HMAC’s use existing hash functions and add a secret key as input to the hash function.

Only the sender and the receiver know the secret key and the output of the hash function depends on the input of the data and the secret key. The use of a secret key beats the man in the middle attack and provides authentication of the origin of the data.

Question 8

Organisations must provide support to secure data as it travels across links. Explain the four elements of secure communication and give an example of an algorithm used to provide each service?

Answer 8

• Data Integrity: Guarantees that a message was not altered, any changes to the data in transit will be detected. Integrity is ensured by implementing SHA.
• Origin Authentication: Guarantees that the message is not a forgery and does actually come from whom it states. Origin authentication can be ensured through hash-based message authentication code (HMAC).
• Data Confidentiality: Guarantees that only authorised users can read the message. If the message is intercepted, it cannot be deciphered within a reasonable amount of time. Data confidentiality is ensured through symmetric encryption algorithms.
• Data Non-Repudiation: Guarantees that the sender cannot repudiate, or refute, the validity of a message sent. Non-repudiation relies on the fact that only the sender has the unique signature for how that message it treated.

Hashing
Hashing algorithms are used to ensure integrity between sender and a receiver. Open the webpage https://cryptii.com/ . There are three sections in this window; left hand View, middle Encode / Decode and far right View.

Question 9

In the Encode section, click the down arrow beside the current encoding method to reveal all possible encoding techniques. Choose the Hash function at the bottom and then select MD5.
In the right-hand View, click the down arrow and choose Bytes. Can you explain what has happened here?

Answer 9

The text on the left has been processed using the MD5 hashing algorithm to create this fixed-length message digest that is unique to the text in the left-hand View.

Question 10

Change the message on the left by changing one letter / adding one letter and deleting one letter. Can you explain what has happened?

Answer 10

Changing only one character creates another totally different and unique message digest of exactly the same size

Question 11

Create a message one character in length. Can you explain what has happened?

Answer 11

The message digest is always the same length.

Question 12

A number of different hashing algorithms exist (MD5, SHA-1, SHA-256…) In what way does the hash value change between each of the algorithms and what does this mean?

Answer 12

The hash value gets longer and is therefore more secure.

Question 13

This time select HMAC and one of the hashing algorithms, note a key is required. Can you explain what has happened?

Answer 13

The key is shared between sender and receiver before communication. HMAC combines the pre-shared key and the text in the left had View section, it processes it using a hashing algorithm to produce a unique message digest which can only be computed by the sender and receiver.

You will see by changing the message by one character the digest also changes completely.

Question 14

How might this key be exchanged between a sender and receiver in secret?

Answer 14

Using the Diffie Hellman algorithm.

Question 15

Ryan is responsible for managing the cryptographic keys used by his organisation. Which of the following statements are correct about how he should select and manage these keys?

(a) Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.
(b) Keys should be chosen using an approach that generates them from a predictable pattern
(c) Keys should remain indefinitely
(d) Longer keys provide greater level of security.
(e) Longer keys provide faster decryption.

Answer 15

Answer:
(a) Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.

(d) Longer keys provide greater level of security.

Answer
Keys must be long enough to withstand attack for as long as the data is expected to remain sensitive. They should not be generated in a predictable way. They should be generated randomly. Keys should be securely destroyed, when they are no longer needed and not indefinitely retained. Longer keys provide greater security against brute force attacks.

Question 16

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?

a) Nonrepudiation
b) Confidentiality
c) Availability
d) Integrity

Answer 16

a) Nonrepudiation

Answer
Nonrepudiation prevents the sender of a message from later denying that they sent it. Confidentiality protects the content of encrypted data from unauthorised disclosure, Integrity protects data from unauthorised modification and availability is not a goal of cryptography

Question 17

You are implementing AES encryption for files that your organisation plan to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose?

a) 192 BITS
b) 256 BITS
c) 512 BITS
d) 1024 BITS

Answer 17

b) 256 BITS

Answer
The strongest key supported by the AES standard are 256 bits. The valid AES key lengths are 128, 192 & 256.

Question 18

You are creating a security product that must facilitate the exchange of symmetric encryption keys between two parties that have no way to securely exchange keys in person. What algorithm might you use to facilitate this exchange?

a) Rijndael
b) AES
c) Via the telephone
d) Blowfish
e) Diffie-Hellman

Answer 18

e) Diffie-Hellman

Answer
The Diffie-Hellman Algorithm allows the secure exchange of symmetric encryption keys between two parties over an insecure channel.

Question 19

Which of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message

a) Stream Cipher
b) Ceasar cipher
c) Block cipher
d) ROT3 cipher

Answer 19

c) Block cipher

Answer
Block ciphers operate on message chunks rather than bits. All other ciphers above are stream ciphers that operate on individual bits.

Question 20

Daniel is the administrator for his organisation’s symmetric key cryptography system. He issues keys to users when the need arises. Mary and Jane recently approached him and presented the need to be able to exchange encrypted files securely with each other. How many keys must Daniel generate?

a) One
b) Two
c) Three
d) Four

Answer 20

a) One

Answer
Symmetric key cryptography uses a shared secret key. All communicating parties utilise the same key for communication

Question 21

Brian computes the digest of a single sentence using SHA-2 hash function. He then changes a single character of the sentence and computes the hash value again. Which one of the following statements is true about the new hash value?

a) The new hash value will be one character different from the old hash value.
b) The new hash value will share at least 50% of the characters of the old hash value
c) The new hash value will be unchanged
d) The new hash value will be completely different from the old hash value.

Answer 21

d) The new hash value will be completely different from the old hash value.

Answer
Any change no matter how minor to a message will result in a completely different hash value. There is no relationship between the significance of the change in the message to the significance of the change in the hash value.

Question 22

(8) If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?
a) Richard’s public key
b) Richard’s private key
c) Sue’s private key
d) Sue’s public key

Answer 22

Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her own private key. If he encrypted the message with his own public key, Sue would need to know Richard’s private key to decrypt the message.

If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.

Question 23

(9) Richard received an encrypted message sent to him from Sue. Sue encrypted the message using the RSA encryption algorithm. What key should Richard use to decrypt the message?

a) Richard’s public key
b) Richard’s private key
c) Sue’s public key
d) Sue’s private key

Answer 23

b) Richard’s private key

Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.

Question 24

Richard wants to digitally sign a message he is sending to Sue so that Sue can be sure that the message came from him without modification while in transit. Which key should he use?

a) Richard’s public key
b) Richard’s private key
c) Sue’s public key
d) Sue’s private key

Answer 24

b) Richard’s private key

Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message was not altered in transit.