Intro to Cyber Test 2
Three security measures: ACLs, Fileencryption, volume encryption
file permissions, individual files, FDE
The re-used keystream problem
multiple cipher texts encrypted with same keystream can be compared to expose plaintexts
symmetric vs asymmetric encryption
one shared key vs public/private key pair
Ports & Sockets, Port 80 for HTTP
port 80 for web traffic sockets is IP + port
Shannon's Maxim
"The enemy knows the system" / assume all details of your algorithm are public except a secret key
In the lab scenario where Nancy and Matthew were using public key encryption, which keys would Nancy have had the ability to see in her public and private keyrings? A. Nancy's public key, Nancy's private key, and Matthew's public key B. Nancy's private key, Matthew's private key, and Matthew's public key C. Only Nancy's public key and Nancy's private key D. Nancy's public key, Nancy's private key, Matthew's public key, and Matthew's private key
A
Packet switching equipment only looks at the recipient's address when transmitting a packet, yet packets almost always include a sender's address. Why? A. The network is less reliable if we omit the sender's address. B. The sender's address requires so little space that it is included for convenience. C. If the packet includes the sender's address, the recipient can reliably identify the sender. D. The sender's address ensures that the recipient can always send a packet in response.
A
To see a list of MAC addresses on a Windows-based network: A. issue the ipconfig /all command. B. issue the show mac /all command. C. issue the ifconfig /all command. D. go to System Preferences in the Windows graphical user interface.
A
True or False? A 192-bit secret key, on average, has 2^191 keys to crack. A. True B. False
A
True or False? A MAC address is unique to every device on a subnet; some firewalls even feature rules blocking certain MAC's. A. True B. False
A
True or False? A certificate authority is a trusted third party that issues certificates on behalf of some organization. A. True B. False
A
True or False? A collision occurs if two or more hosts try to transmit a packet at once. A. True B. False
A
True or False? A distinction of packet switching is that each packet can take its own route. A. True B. False
A
True or False? A keyed hash gives us a way to verify that some of our own data has not been modified by an attacker or someone who doesn't have the secret key. A. True B. False
A
True or False? Access can be controlled based on the computer or user accessing the shared resource. A. True B. False
A
True or False? An encryption application program, from a user's point of view, protects a file with a memorized password. A. True B. False
A
True or False? For every level that the packet descends in the network model, another header gets added. A. True B. False
A
True or False? Microsoft Windows Professional editions include an encryption feature. A. True B. False
A
True or False? The Advanced Encryption Standard (AES) is stronger than the Data Encryption Standard (DES). A. True B. False
A
True or False? When you visit a website with an "https" prefix in the address, the site uses encryption on the web data it sends and receives. A. True B. False
A
Using the Diffie-Hellman algorithm: A. both participants in the exchange must have a public/private key pair. B. each participant in the exchange divides their own private key by the other's public key to computer the shared secret. C. the participants in the exchange do not use public keys. D. None of these is correct.
A
What is the single most important feature of stream encryption that could prevent reused key streams? A. Incorporating a nonce B. Using a truly random crypto key C. Incorporating a one-way hash D. Using a large crypto key
A
bit-flipping attack
A bit-flipping attack is an attack on a cryptographic cipher in which the attacker can change the ciphertext in such a way as to result in a predictable change of the plaintext Birthday Attacks If you know the form of the data you know where certain data will be located and can be changes
Autonomous Systems
A bunch of networks under one organization
cryptoperiods
Amount of time keys are used for Government recommends 3 years
Initialization vectors
An IV is a numeric seeding value that is used with the symmetric key and RC4 algorithm to provide more randomness to the encryption process. Randomness is extremely important in encryption because any patterns can give the bad guys insight into how the process works, which may allow them to uncover the encryption key that was used. The key and IV value are inserted into the RC4 algorithm to generate a key stream
Certificate Authority (CA)
An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
key stream
An input of random bits used with an algorithm and inserted into the encryption process, which assists in changing plaintext to ciphertext.
After encrypting a plaintext file and saving its ciphertext in a new file, what should the file encryption program do next? Select the safest alternative. A. The program deletes the plaintext file. B. The program writes zeroes over the data at the beginning of the plaintext file. C. The program writes zeroes over every data block in the plaintext file. D. The program writes zeroes over the file's directory entry.
C
Encrypting an encryption key using a passphrase is called: A. asymmetric cryptography. B. key exchange. C. key wrapping. D. modular inversing.
C
GnuPG (GPG) uses __________ to create a random set of keys. A. keyrings B. hashing C. entropy D. steganography
C
In the lab, which of the following commands did you use to begin the process of generating a public and private encryption key pair? A. gpg --list-keys B. gpg --list-secret-keys C. gpg --gen-keys D. gpg --armor --export
C
PGP implemented _______________, making it so that no single person was universally trusted to sign certificates. A. digital signatures B. Certificate Authority C. a web of trust D. Certificate Hierarchy
C
The Enigma was: A. an algorithm. B. a type of ciphertext. C. a rotor machine. D. a U.S. encryption standard.
C
The OSI network model has how many layers? A. 3 B. 5 C. 7 D. 9
C
The U.S. government standards published by NIST recommended that a secret key be used for no more than _______ years before changing it. A. 3 B. 1 C. 2 D. 4
C
The video stored on DVDs is encrypted. Where do we get the key to decrypt the DVD when we play it? A. The key is included in DVD software that we download from the internet. B. The key is included in the DVD's package and we enter it separately when we play the video. C. The key is stored in the player. D. The key is stored on the DVD itself.
C
To share the encrypted file with another user, you need to: A. import the other user's keyring. B. export your own keyring to the other user. C. exchange public keys. D. exchange private keys.
C
Which cipher replaces A with D and B with E? A. Confederate B. Potter C. Caesar D. Vigenère
C
Which commands are used to display all of the keys in a user's keyring? A. gpg --list-keys B. gpg --list-secret-keys C. both gpg --list-keys and gpg --list-secret-keys D. It is not possible to list all of the keys in a user's keyring.
C
Analog vs Digital, Codecs
Converts analog to digital and digital to analog
Gilbert Vernam's bit combination operation for encrypting digital teletype transfer is now referred to as: A. nonexclusive and (nxand). B. full add. C. half remove. D. exclusive or (xor).
D
Section 7.3 notes that in 1997, using DESCHALL, a desktop computer could crack 1 million keys per second. If we apply Moore's Law to estimate the improvement in cracking speed, how many million keys per second could we crack 6 years later? A. 3 B. 4 C. 6 D. None of the above
D
The type of cipher that rearranges the text of a message is called: A. substitution. B. asymmetric. C. AES. D. transposition.
D
To launch a distributed denial of service (DDOS) attack, an attacker often uses: A. an analog connection. B. a USB drive. C. a worm. D. a botnet.
D
When encrypting a file, a fully punctuated passphrase should have a minimum of ________ characters. A. 5 B. 10 C. 15 D. 20
D
Which of the following represents the best size for a cryptonet? A. One person B. Everyone who requires access to the encrypted data C. Anyone who might need access to the encrypted data D. The fewest people who require access to the encrypted data
D
Which of the following statements is true regarding keyrings? A. One keyring includes both public and private keys. B. There is only a keyring for public keys. C. There is only a keyring for the private key(s). D. There is a keyring for public keys and another for the private key(s)
D
DES vs AES
DES: IBM Key length too short Lucifer Triple Key DES? Key 1 encrypts plaintext Key 2 decrypts output Key 3 encrypts output How did AES come about? Replacement for DES Won competition for best new encryption algorithm standard
Key wrapping
Encrypting a shared key, usually with symmetric encryption CEK and KEK CEK is a nonce, we don't care what it is Only used once KEK is the passphrase to encrypt the CEK
Passwords vs passphrases
Entropy
True or False? Unused network jacks pose no danger to security.
False
The Enigma machine
German code machine broken by the Allies and used to predict what the Germans would do Rotor machine
The re-keying problem
Hard to communicate new keys to cryptonet
Using a nonce
IV CEK used to encrypt plaintext
Volume risks and why we need FDE
Losing the device Bypassing the BIOS Discarding device without wiping it
Ethernet Frames, MAC addresses, ARP
MAC address to IP address
Hashing operations
One-way Fixed output Ensures the data has not been altered SHA-256 256 - bit size of output
RC4
Open-source algorithms preferable to trade secrets Secrets get leaked Encryption algorithm was a trade secret Not open source Leaked and then cracked Hard to keep a secret secret That's why open-source is preferable
True or False? If a cable originates inside one building and leaves the building, the landlord loses control of that cable.
True
True or False? Worms can be spread through means other than direct network access.
True
agent.btz
USB drive that infected military base Spawned a whole array of later worms
Block cipher-basic operation, impact of bitflipping, rounds
What do we call each successive iteration of the block cipher? Round What is the first step in the block cipher process? Generate the key schedule from the key bit flipping = alters the bit and the block Normal Ciphers- Flipping a single bit of ciphertext causes the decrypted plaintext to have a single bit error Block Ciphers- Flipping a single bit of ciphertext changes the decrypted plaintext dramatically
Cryptonets
Who has the shared keys
codes in WWI and II
Zimmerman telegram bilateral alphabet Enigma Japan's Purple Code
True or False? A frame is a single data packet on an Ethernet network. A. True B. False
a
digital certificate
a data file that identifies individuals or organizations online and is comparable to a digital signature
Elliptic Curve & Quantum
advanced way to generate a public-key pair quantum is projected to be able to crack the current AES encryption standard
One-time pad
an example of perfect (unbreakable) encryption, which is achieved by using, only once, a random polyalphabetic key that is as long the message itself.
Main benefit of FDE
automatic
Alice has constructed a document. Bob needs to verify the document's integrity. Which of the following data items must they share? A. Alice's public key B. Bob's public key C. Bob's private key D. Alice's private key E. A randomly generated key encrypted with Alice's public key F. A randomly generated key encrypted with Bob's public key G. A one-way hash value encrypted with Bob's private key
A
An Advanced Encryption Standard (AES) key may not be: A. 16 bits in length. B. 128 bits in length. C. 192 bits in length. D. 256 bits in length.
A
An algorithm is a type of: A. procedure. B. security principle. C. readable data. D. unreadable data.
A
An encryption algorithm that uses the same key for both encryption and decryption is: A. symmetric. B. asymmetric. C. ciphertext. D. None of these is correct.
A
Digital signatures may be used to provide: A. nonrepudiation. B. protection against denial of service attacks. C. file availability. D. None of these is correct.
A
Encryption ensures that only the intended recipient will have the __________ necessary to view an encrypted file's contents. A. "key" B. application C. "hash" D. channel
A
If we combine "10101" with "01011" using Exclusive Or, which result do we get? A. 11110 B. 100000 C. 00001 D. 100001
A
In GPG, which keysize did you use to encrypt the file? A. 2048 bits B. 64 bit C. 1024 bit D. 512 bit
A
A cryptonet: A. is two or more people who share an encryption key. B. provides better key security when the cryptonet has a large number of members. C. is two or more people who share an encryption key and provides better key security when the cryptonet has a large number of members. D. None of these is correct.
A
A rootkit is: A. software that hides on a computer and provides a back door for an attacker. B. a member of a botnet. C. a type of Ethernet connection. D. a type of mechanical threat.
A
AES was introduced in what year? A. 2002 B. 1989 C. 2007 D. 1975
A
A network host does the following: • Accepts service requests from one or more other hosts • Requests services from one or more other hosts Which of the following is the host behaving as? A. Server B. Peer-to-peer C. Client
B
Alice transmits a message to Bob using a stream cipher. During transmission, an error causes a single bit in the ciphertext to change. How does this affect the decrypted message? A. The decryption process corrects the error. B. The decrypted message contains a 1-bit error in the same location. C. The message is readable up to the bit containing the error and scrambled after that point. D. The entire message is unreadable after it is decrypted.
B
Bob wants to send and receive packets reliably without ever worrying about duplicate packets. He has set up a protocol that never sends multiple packets at once—it always waits for the previous packet's ACK before it transmits the next packet. Will this work? A. Yes, the implementation omits duplicates and is reliable. B. No, transmission will stop as soon as a packet is lost. C. Yes, but only if the implementation includes a timeout to detect and retransmit lost packets. D. Yes, but the implementation must number all packets.
B
Moore's Law observed that computing power doubled every: A. 6-12 months. B. 18-24 months. C. 24-36 months. D. None of these is correct.
B
Primary forms of Ethernet media include the following, except: A. wired. B. nano. C. optical fiber. D. wireless
B
The encryption keypair is stored in __________ in the user's account. A. ASCII format B. hash codes C. binary format D. clear text
B
True or False? A bit-flipping attack is not knowing what the message says and changing it bit by bit. A. True B. False
B
True or False? A disadvantage of circuit switching is the amount of delay between each party. A. True B. False
B
True or False? A disadvantage of message switching is that the message is divided along its journey. A. True B. False
B
True or False? A typical packet does not require the sender's address. A. True B. False
B
True or False? After changing an encryption key, all backup copies of the protected file are also protected by the new key. A. True B. False
B
True or False? Microsoft's built in encryption protects the user's file against a Trojan Horse. A. True B. False
B
True or False? The two primary types of symmetric algorithms are public and cipher. A. True B. False
B
True or False? When operating correctly, a receiver should wait for "just one more packet" before sending an ACK. A. True B. False
B
Which of the following is a file that contains keys recognized by a user's GnuPG install? A. Keycube B. Keyring C. Public key D. Private key
B
Which type of attack is a bit-flipping attack? A. Ciphertext-only B. Known plaintext C. Chosen plaintext D. Chosen ciphertext
B
Who can intercept the contents of a file transmitted over the network in clear text? A. Only very sophisticated hackers B. Anyone who might be monitoring the traffic on a network C. Only those with the private key D. Only those with the public key
B
Encryption Terminology
Plaintext: The original message to be encrypted. Cipher text: The encrypted message. Encryption: The process of converting plaintext into cipher text. Key: A sequence of numbers used to encrypt or decrypt. Encryption algorithm: The formula for encrypting the plaintext.
Worms, Bot Nets
Self replicating Spreads across all devices on LAN A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS)
