Ch. 3
named after the researchers who initially proposed it is a type of public key encryption
(Rivest, Shamir, and Adleman) RSA
The U.S. Government adopted AES as a standard in what year?
2002
Flaws in WPA were first realized less than a year after its release in _____
2003
In _____, TKIP was superseded by the introduction of WPA2 with AES algorithms and CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP
2006
The roots of modern encryption can be traced back almost _____ years.
4,000
The following is an example of encrypting data using _____. Plain Text ABCDEFGHIJKLMNOPQRSTUVWXYZ EncrypText EFGHIAKXJNOPQRSLUVWTYZMBCD
A combination of shifting and substitution cipher. In this example, some letters are shifted while others are substituted.
_______ encryption works a little differently. It uses a known, public key to encrypt the information, and a private, unique key to decrypt. This method is normally used when at least two people must have access to the information. Sensitive business communications between companies, where both parties need access, is a good example of this.
Asymmetric Encryption
notable instance of this method is Pretty Good Privacy (PGP).
Asymmetric Encryption
the process of verifying the identity of a person attempting to access a resource. In systems like education and banking, users have a key to log in and out and gain access by going through security system authentication. Tools such as passwords and biometric identification are used in authenticating the user's identity.
Authentication
_______ encryption uses the same key to encrypt and decrypt. This means that if you are sending information encrypted with a specific key to someone, they must have that specific key to decrypt. For this reason, this method is normally used in localized situations
Symmetric
instances of this method are the Data Encryption Standard (DES), and the Advanced Encryption Standard (AES).
Symmetric Encryption
a direct response to all the security issues of WEP. The most common ___ configuration is ____ (Pre-Shared Key). WPA uses 256-bit encryption, which is significantly more complex than 64-bit. Remember those 10 character keys from before? Now, keys could be as long as 43 characters! The table below shows the stark difference between these
WPA Wi-Fi Protected Access
The most common WPA configuration for personal use is _________ . In other words, the key to decipher is first sent from the sender's router to the receiver's router. They are significantly larger than the 64 keys, or characters, of WEP. WPA transmits 256-bits to the receiver. Hence, it was more complicated for a hacker to decipher.
WPA-PSK (Pre-Shared Key).
____ is considered the norm for router and Wireless Local Area Networks (WLAN), but be aware that you can still select ____ in the control panel when you acquire a new router
WPA2, WPA
A benefit of symmetric encryption is:
Your Answer that it doesn't increase the size of the encrypted message and impede system performance
earliest recorded examples of cryptography
non-standard hieroglyphs as a substitute for the hidden information, and the use of personal identification marks such as seals, emblems, or logos for authentication. The receiver of the sealed item would have a copy of the true mark to use to authenticate the one presented (these are the precursors of signature verification).
a system where each data packet sent over a network has a different encryption key. This means that a hacker trying to intercept the data would need to decrypt each and every packet sent over the network.
per-packet key system
is a form of encryption that uses two keys: a public key, which everyone knows, and a private key, which only you know. To encrypt, the public key is applied to the target information, using a predefined operation (several times), to produce a pseudo-random number. To decrypt, the private key is applied to the pseudo-random number, using a different predefined operation (several times), to get the target information back.
public key encryption
Why was the DES stopped?
relatively small size of the key for the lack of robustness required to allow DES to continue as a standard.
Information that has been encrypted is known as
cyphertext
the cipher breaks the data down into pieces, called blocks, of 128 bits in size. The key it uses can vary in length. 128, 192, or 256 bits are the current choices. The cipher uses the same key to encrypt and decrypt the information, another way of saying it is symmetric. It uses a sequence of simple calculation steps to transform (encrypt or decrypt) the data. The reason for this is so that the transformation can be performed quickly. Even with this, a data set of any size would take too long to transform by hand. Most implementations use special hardware of some sort or computers so it's considered strong
AES characteristics
is a block ciphering encryption tool that resets itself after each block of data of fixed length (64,128,256 bits) is processed.
AES, or Advanced Encryption Standard algorithms,
An early substitution cipher know as _____ reverses the alphabet.
ATBASH
___ ___ ___ was released in 2001 by the National Institute of Standards and Technology (NIST). Its main purpose is to protect important information
Advanced Encryption Standard AES
AES is strong because? Attacks would take too long. Attacks would require too much hardware. It won't succumb to brute force attacks. The large number of possible keys.
C.
is a protocol that allows for enhanced data integration and authenticating data. Counter mode randomly selects an arbitrary value called the 'counter' and then implements 'Not OR' on the data to produce encrypted text. The receiver, who wants to decrypt the message, must know the starting value of counter. Think of it as selecting a number out of a hat! The key is getting that random number correct.
CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol)
defined as the system by which data and information of value are stored or transmitted in such a way that only those for whom it is intended can read, interpret or process it. Effectively, it obscures information from unauthorized snoopers and interceptors.
Cryptography
a digital mathematical value associated with a file and used as a future reference point to verify that the information in the file has not been compromised
Cryptography Checksum
Encryption is the process of: Transferring important information from one location to another. Converting information from one form (not usually human readable), into another form (usually human readable). Resisting brute force attacks. Converting information from one form (usually human readable), into another form (not usually readable).
D.
___ takes two inputs: the plaintext and the secret key (the same key is used for decryption). DES is a 64 bit block cipher, because the key works only on 64 bits of data at a time. The key itself is actually 56 bits, with 8 bits used for error checking. Once the message is received, it's split into 64 bit blocks of data. DES carries out several iterations and substitutions throughout the message in order to make it harder to crack the code.
DES
an encryption algorithm designed at IBM in the 1970s and approved by the US government in 1977 for encryption of sensitive but unclassified government data. It was also used early on to secure electronic fund transfers processed by banks that were members of the Federal Reserve System.
Data Encryption Standard (DES)
process of converting something in the physical world into a representation that can be stored or shared. The goal of _______ is to deliver these ideas to their intended recipients. A person who does not understand the language, or does not know how to read it, will be unable to de-code the information.
Encoding
Allows a person to hide the meaning of information or messages in such a way that only those who know the secret method may read them.
Encryption
based on the Greek word kryptos, which means hidden or secret
Encryption
defined as the process of converting data from the normal, readable format into an encoded format which is unreadable by others
Encryption
The RSA algorithm relies on the fact that _____ is easy and _____ is hard.
Encryption, decryption
Which is true about the Advanced Encryption Standard (AES) ? It is the most widely used encryption algorithm today Even though it is 'advanced', it is not as strong an encryption method as DES It has been repeatedly broken, so it is currently considered obsolete It is the basis for the Navajo language used by the codetalkers in WWII
Explanation AES is the most widely used encryption algorithm today and is expected to remain viable into the forseeable future.
Public key encryption uses or creates _____ in its algorithm. A pseudo-random number A private key A public key All of these answers are correct
Explanation Public key encryption uses or creates a pseudo-random number, a private key, and a public key in its algorithm.
AES uses a blocking size of? 128 bits 192 bits 256 bits 512 bits
Explanation The block Size of AES is 128 bits. This is part of the technical description for the technology.
_____ determine(s) if an attacker has captured or altered message packets passed between the client and the sender. Per-packet key systems Integrity checks The IEEE WEP
Explanation WPA employs integrity checks, which inspect each data packet for evidence tampering.
AES is less efficient that 3DES T or F
F.
_____ is a text-based communications protocol used in Internet webpages. The secure portion comes from the fact that this form of communication can be protected while in transit. It also provides authentication, meaning that you can use it to guarantee that the data came from the intended source.
HTTP
an extension to the standard HTTP protocol. It doesn't change the protocol to any significant degree. Instead, the encryption works as part of the transport layer in a network. This layer, one of the 7 open systems interconnection layers (OSI), implements end-to-end delivery of variable length data regardless of the makeup, or structure, of that data. In other words, it doesn't care what the data is.
HTTPS Encryption
what does HTTPS stand for?
Hyper-Text Transfer Protocol Secure
_____ is designed to support a permanent connection between locations. It does not need to rely on any specific application: it provides the authentication, authorization, and encryption. However, ____ cannot restrict access at a granular level - once you are connected, it is like you have logged into your desktop at work. Everything you can access from work can thus be accessed remotely. This is a problem for the mobile workforce, because the company can't always manage employee-owned devices.
IPSEC
if a company needs a permanent connection to the main office, ____ is the better choice for this scenario.
IPSEC
secures the packets of data being sent. Data is sent over the internet (and internal networks) in small bundles called packets; each packet has a header, much like the address on a traditional snail-mail envelope. This secures those packets. It can secure both the data inside the packets, as well as the header information. To secure the packets, it encrypts this data, then on the other side of the transmission, the receiver decrypts the packet. For any of this to work, both sender and receiver must have access to a public key, allowing the receiver to authenticate the sender using something called a digital certificate. The certificate basically confirms that the sender is who they claim to be, and that the data is encrypted.
IPSec, or Internet Protocol Security
is commonly used for securing communications between web browsers and e-commerce websites. The reason for this is its high strength, in other words, resistance to attack. It is also well understood as many researchers have studied it over the years. The connection makes use of a secure socket layer (SSL) certificate, which is created from the public and private keys mentioned above.
RSA
starts out by selecting two prime numbers. Normally, these would be very large, but for the sake of simplicity, let's say they are 13 and 7. Multiplying them together, we get 91. This becomes our maximum, and roll-over point. It also typically represents a value that is as big as the computer can handle. Next, we select the public key. Let's say it is 5. Using the fact that 13 and 7 are factors of 91, and the Extended Euclidean Algorithm, you can determine the private key to be 29. The Extended Euclidean Algorithm allows you to calculate, in an iterative fashion, the greatest common divisor and various coefficients. The end result is that to encrypt, take your input value and multiply it by itself five times, remembering to roll over at 91 each time.
RSA
When a connection is attempted using ___, the browser will ask that the web server identify itself. The server then sends a certificate and the certificate is checked to make sure it is trusted; if so, then the sending server responds back and an encrypted session is started. This works over the web as well as in VPN (as we will discuss below), because it creates a tunnel between the client and server, which shouldn't be viewable by any hacker or unscrupulous individual.
SSL
___ is built for the web and for remote access. Remote access is granted through a browser session using ___, and a company can have a tighter control on access. Specific users or populations can be granted certain rights.
SSL
uses two keys: both a public key (known to everyone) and a private key (known only to the receiver of the data).___ is quite common when transmitting confidential information; you've seen it in action whenever the https:// is used in a web address instead of plain http://.
SSL, or Secure Sockets Layer
non-standard hieroglyphs as a substitute for the hidden information, and the use of personal identification marks such as seals, emblems, or logos for authentication. The receiver of the sealed item would have a copy of the true mark to use to authenticate the one presented (these are the precursors of signature verification).
Scytale
T or F? TKIP still remains in WPA2 for compatibility with WPA
T
AES is stronger than DES T or F?
T.
Another added feature in WPA was message integrity checks. It could be determined with these checks whether a hacker had seized or altered message packets passed between the client (receiver) and the sender. These message integrity checks are called ____ ____ _____ ______.
Temporal Key Integrity Protocol (TKIP).
One of the main points of vulnerability of a system is that data in _____ is not encrypted.
Use Data in use on the system is not encrypted. There is a point of vulnerability of the system while files are in use.
You need to connect to the corporate network, but can't necessarily trust the Wi-Fi you're using. A ___ provides a secure method for you to connect over the internet. In order to secure the connection, the ___ uses either IPSec or SSL methods to encrypt the connection.
VPN
was first introduced in 1999 and became the most widely used method for security access on routers. It uses 64-bit encryption, meaning that the encryption keys take up 64 bits of memory. In practical use, 64-bit WEP keys could only be 10 characters long. While it might take you a long time to come up with every variation of ten characters ('aaaaaaaaaa', 'aaaaaaaaab', 'aaaaaaaaac', etc), a computer can create and try all of these combinations incredibly quickly
WEP Wired Equivalent Privacy
was first introduced in 1999 but had several security problems
WEP, or Wired Equivalent Privacy,
Due to WEP security flaws, ___was the next encryption software to be introduced
WPA
___ also includes message integrity checks
WPA
A stronger form of encryption, ____ _____ is still in use and the National Institute of Standards and Technology (NIST) estimates that itwill continue to be a reliable encryption algorithm at least through 2030. Using it, each block of data is encrypted using the ____ method three times with different keys
also known as 3DES, Triple DES
Using _______ ________ algorithms, the owner of the key gives out a 'public' key that may be used by anyone to encrypt a message; the second half of the key (private key) is only know to the owner of the key and is used by asymmetric encryption algorithms to decrypt the message.
asymmetric encryption
In transmission, a _______ is done on the data being transmitted. It is encrypted and along with the encrypted data is transmitted to the recipient. Upon receipt of the data, the recipient decrypts the ________ and uses it to again checksum the data transmitted. If the ________ agree, the data is intact and integrity is preserved.
checksum
determine if an attacker has captured or altered message packets passed between the client and the sender.
integrity checks
_____ encryption allows the use of the same key (a single key) to encrypt and to decrypt the data/message; ________ encryption allows the use of a split (two-part) key to encrypt and to decrypt the data/message.
symmetric, asymmetric