CryptoMania

Card Set Information

Author:
Zidanny5
ID:
251613
Filename:
CryptoMania
Updated:
2013-12-11 07:02:59
Tags:
Cryptography
Folders:

Description:
Cryptography exam Q&A
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user Zidanny5 on FreezingBlue Flashcards. What would you like to do?


  1. In the case of the following security services, Availability, discuss using an example the kind of threat that this service is designed to counteract:
    Availability –is ensuring that authorized parties are able to access the information when needed. Prevents DOS attacks
  2. What is the difference between a passive attack and an active attack? Give examples.
    • A passive attack involves Eavesdropping or monitoring to obtain contents monitoring
    • traffic flows.
    • Example: tapping

    • An active
    • attack is the modification of data stream to masquerade as someone else, modify messages in transit.
    • Example: DOS (Denial of Service)
  3. In the case of the following security services, Integrity, discuss using an example the kind of threat that this service is designed to counteract:
    Integrity of information refers to protecting information from being modified by unauthorized parties. Service - Message digests; checksums.
  4. In the case of the following security services, Confidentiality, discuss using an example the kind of threat that this service is designed to counteract:
    Confidentiality of information is protecting the information from disclosure to unauthorized parties. Encryption is used to protect data and  very prominent example is SSL/TLS.
  5. In the case of the following security services, Access Control, discuss using an example the kind of threat that this service is designed to counteract:
    Access Control refers to who can access what and in what way.

    Services - File permissions.
  6. In the case of the following security services, Authentication, discuss using an example the kind of threat that this service is designed to counteract:
    Authentication ensures the correct identification of entity or source of data.

    Services - passwords, biometrics, digital signatures.
  7. In the case of the following security services, Non-repudiation, discuss using an example the kind of threat that this service is designed to counteract:
    Proves that communication or a transaction took place by signing the hash of a message.
  8. What is meant by cryptanalysis?
    Attempting to discover plaintext or key or both
  9. When we say an encryption algorithm is strong, what exactly do we mean?
    This means that an attacker who knows:

    • – the algorithm
    • – some pieces of ciphertext
    • – some plaintext-ciphertext pairs (possibly)

    cannot deduce the plaintext or key.
  10. What is the difference between a ciphertext only attack and a known plaintext attack? What is a chosen plaintext attack?
    Ciphertext only– Just have ciphertext to be decoded.

    Known plaintext - has one or more plaintext-ciphertext pairs.

    Chosen plaintext– Can choose plaintext and get corresponding ciphertext
  11. What are two main ways in which a cryptosystem can be attacked?
    • chosen plaintext attack
    • brute force attack
  12. What is the difference between a block cipher and a stream cipher?
    • Block cipher processes a block of plaintext at a time, producing a corresponding block of ciphertext at a time (e.g. 64 or 128 bits)
    • – Optimised for transfer of files and non-real-time data
    • – Used in SSL/TLS

    • Stream cipher processes input continuously(e.g. one bit or one byte at a time)
    • – Optimised for real-time and two-way communications
    • – Used for mobile phone encryption
  13. Is an unbreakable encryption scheme possible?
    In theory no! Except for the one-time pad technique, which is impractical in most situations. In practice, though, it is possible to have a scheme that is effectively unbreakable. An encryption scheme is computationally secure if cost of breaking exceeds value of information.
  14. If a symmetric encryption key is 64 bits in length, what are the chances of an attacker guessing the right key on each attempt?
    Close to zero.
  15. Give an example of an encryption scheme that can't be broken by brute force?
    One-time pad cannot be broken
  16. Outline a method that might be used to attack Monoalphabetic Substitution.
    Frequency of letters in English language is well known

    • Can deduce plaintext->ciphertext mapping by analysing frequency of occurrence

    • e.g. on analysing plenty of ciphertext, most frequent letter probably corresponds to ‘E’

    • – Can spot digrams and trigrams
    • • Digram: common 2-letter sequence; e.g. ‘th’, ‘an’, ‘ed’

    • Trigram: common 3-letter sequence: e.g. ‘ing’, ‘the’, ‘est’
  17. Blum Blum Shub advantages over AES to produce random number?
    Blum Blum Shub is simple, secure and fast.
  18. Give a detailed example to illustrate the use of SSH port forwarding. From the perspective of security, what are the benefits and drawbacks of this facility?
    • - Port 22 is open on firewall
    • - Account on mail server
    • - Using SSH set up a "SSH tunnel" from client port (1143) to the ssh server on company network to gain access to the mailserver on port 143.
  19. Write a short note on the Advanced Encryption Standard. In your answer, discuss how the encryption algorithm was chosen and the selection criteria used.
    Aes was the winning entry in a competition to find a new standard encryption that had to be in public domain, royalty free, block size of 128bits and key sizes of either 128, 192, 256.

    • Taken into account:
    • - Speed of algorithm
    • - Simplicity
    • - Security offered
    • - Memory used
    • - flexibility

    Can use 10, 12 or 14 rounds

    Uses look-up tables
  20. Explain the one-way property of cryptographic hash functions.
    Given hash value h, computationally infeasible to find M such that H(M) = h
  21. Explain the Birthday Attack.
    Attempt to find a pair of messages that hash to the same value.

    -Sender A is preparing to generate the hash of a message.

    - Opponent generates an equal number of variations of desired fraudulent message

    -50% chance of two messages being found that hash to the same value

    -A is presented with the appropriate valid message for signing

    -A's signature is taken from the valid message and attached to the corresponding fraudulent message (that hashes to the same value)
  22. What precautions should one take before signing someone else's key, and why are these measures required?
    A phone call to the other person to have them read their key's fingerprint. This is appropriate if you know the person and the sound of their voice. Else meet them face-to-face to exchange and ask for ID.

    This is appropriate because if your key is in their machine they can add their key and maliciously replace yours.
  23. List and briefly discuss the purpose of each components of a digital certificate.
    Electronic document that binds an entity to a public key

    Signed by third party called a Certificate Authority(CA)

    Conforms to a standard, usually x.509

    Certificate user trusts (CA) to issue valid certificates.

    CA's public key may be validated by another (e.g. higher-level) CA
  24. In what way id Diffie-Hellmann essentially different to RSA?
    • a)   DH is used to generate a shared secret in public for later symmetric ("private-key") encryption. Diffie-Hellman relies on the hardness of taking logarithms.
    • RSA is used to come up with a public/private key pair for asymmetric ("public-key") encryption.  RSA relies on the hardness of factoring.
    • a)      DH is used to generate a shared secret in public for later symmetric ("private-key") encryption. Diffie-Hellman relies on the hardness of taking logarithms.
    • RSA is used to come up with a public/private key pair for asymmetric ("public-key") encryption.  RSA relies on the hardness of factoring.

  25. Explain why the security of RSA depends on the difficulty of factoring large numbers:
    RSA public key contains {e , n}

    RSA private key contains {d, n}

    Security of RSA depends on secrecy of d

    d is a function of e, p,q

    Where p,q are the factors of n
  26. Explain two major limitations of relying solely on symmetric encryption.
    Firstly there’s a requirement for a shared secret key which must be exchanged between two parties: the sender and the recipient. Which means a high level of trust is needed as the process of choosing, distributing and storing keys is difficult to achieve in a dependable and secure manner. As a result, keys should be changed on a regular basis and kept secure during distribution; this process is known as key management.

    • Another disadvantage is that there is no provision for data origin authentication and data integrity protection. In other words, the recipient can neither authenticate the sender nor verify that the decrypted message is the same as the original message.
  27. Use the following key generation parameter values chosen for RSA system:
    p = 19, q = 13, e = 23

    (i) find the values of the private key components d and n.

    (ii) Encrypt the message which is 00101011 in binary using this RSA system. Show your computations in your answer.
    N = p*q = (19 * 13) = 247

    • Φ(n)= (P – 1)*(Q – 1)
    • = (18)*(12) = 216

    • d = e-1 mod Φ(n)
    • = inverse of 23  mod 216

    • 216/23 = 9
    • 216 = 9(23) + 9

    A = 96 + 9   ----- 9 = A – 96

    23 = 2(9) + 5 ------- B = 2(A-96) + 5 --------- 19B – 2A

    9 = 1(5) + 4 ------ A – 9B = 19B – 2A + 4

    4 = 3A -28B

    5= 1(4) + 1 ---- 19B – 2A = 3A -28B + 1

    47B – 5A = 1

    47(23) – 5 (216) = 1

    47(23) MOD 216 – 5 (216) MOD 216

    =1 MOD 216

    -----(47)(23) MOD 216 = 1   

    D =(47)  E = (23)
  28. What is Bitcoin mining?
    Given a string of data that you receive from peers. You basically append a random number onto that (a nonce). Use Sha -256 algorithm to get a 256 bit hash value.  Take that hash value and check to see is it less than the target. If yes then you basically win a bitcoin. If no, you go back and increment the nonce. You keep incrementing the nonce until you find the hash value.
  29. What is the disadvantage of cipher text in block mode?
    It's very inefficient
  30. Why is double-DES never used?
    • Encryption can be broken easily. It’s vulnerable to a particular type of attack called
    • “known plaintext” attack.
  31. Modern symmetric encryption methods involve transformations using exclusive OR (XOR). What is the main benefit of this? Give and example.
    When using XOR and you have a string of binary digits 10101 and you XOR it with 10111 you get 00010. Now to decrypt or get it back to the original all you have to do is XOR the answer with your encoded string and you get your original string back. Also output of XOR always depends on both inputs.
  32. Differentiate between the use of pseudo-random numbers and true random numbers. In your answer, explain what is meant by the seed of a random number generator and list the properties that a good pseudo-random number generator should have.
    • Pseudo-random numbers are not really random they are gotten from a deterministic
    • algorithm that if is implemented properly the sequence of numbers can’t be found. Pseudo-random numbers start with a seed which could be the current time.
    • The seed of a random number is the number that it starts at. Whereas a truly random number is not gotten deterministically it may be taken from the environment such as noise or motion of liquid. Properties of a good random generator are Randomness and unpredictability.

What would you like to do?

Home > Flashcards > Print Preview