IT 351 - Exam 1 Review
Name the block size, key size, and number of rounds used in AES.
Block Size - 128 bits Key Size - 128/192/256 bits Number of Rounds - 10
Name the block size, key size, and number of rounds used in 3DES.
Block Size - 64 bits Key Size - 168 bits Number of Rounds - 48
Name the block size, key size, and number of rounds used in DES.
Block Size - 64 bits Key Size - 56 bits Number of Rounds - 16.
Check all that hash functions and MAC have in common: A) Both condense a message of any size to a fixed size B) Both make use of a secret key C) Both provide confidentiality D) Both provide integrity E) all above
Both condense a message of any size to a fixed size Both provide integrity
Computers can create true random numbers using deterministic algorithms?
False
It is safe to use ECB mode if the plaintext is larger than the block size
False
MACs are not vulnerable to the birthday attack
False
The two important aspects of encryption are to verify that the contents of the message haven't been altered and that the source is authentic
False
What type of cipher is DES? (Hint: Not talking about block/stream cypher)
Feistel Cipher
permutation
rearranging elements in a single set.
substitution
mapping elements from one set to another set.
The following is an example of which security service? Alice uses encryption to ensure that Eve can't read the contents of the message she sends to Bob.
Data Confidentiality
The following is an example of which security concept? Checking to see if an email attachment was exactly the same one that was sent
Data Integrity
What is ECB? Can it be used for CMAC?
Electronic Code Book. No.
Hash, then encrypt
- Calculate the cryptographic hash of the message. - Encrypt the message plus the hash function
Authenticate, then encrypt
- Generate two keys - Calculate the message authentication code using the first key - Encrypt the message plus the message authentication code using the second key
Encrypt, then authenticate
- Generate two keys - Encrypt the message with the first key - Authenticate the encrypted message with the second key.
Encrypt and authenticate
- Generate two keys - Encrypt the message with the first key - Authenticate the message (plain text) with the second key
The three requirements of a MAC are:
1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
How much does the birthday attack reduce the strength of an x bit hash function?
2^(x/2)
System Integrity
Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
Privacy
Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed
Data Confidentiality
Assures that private or confidential information is not made available or disclosed to unauthorized individuals
Availability
Assures that systems work promptly and service is not denied to authorized users
The following is an example of a Threat, Attack, or Neither? Edward Snowden released numerous Top Secret NSA documents.
Attack
The following is an example of which security service? Bob uses a password to prove to Alice that he is Bob.
Authentication
The following is an example of which security concept? Using redundant servers to provide the ISU main web page.
Availability
What is CBC? Can it be used for CMAC?
Cipher Block Chaining. Yes.
HMAC vs CMAC
Cipher-based Message Authentication Code vs Hash-based Message Authentication Code.
What is CFB? Can it be used for CMAC?
Ciphertext Feedback. Yes.
What is CTR? Can it be used for CMAC?
Counter. No.
Check all of the security services MACs provide: A) Confidentiality B) Integrity C) Authentication D) Non-repudiation
Integrity Authentication
Which of the following are requirements for determining if a sequence of numbers is uniformly random?
It is impossible to predict future numbers in the sequence given the past numbers.
Strong collision resistance is associated with which hash function requirement: A) Given h it is infeasible to find X such that H(X)=h B) It is infeasible to find any X, Y such that H(Y)=H(X) C) Given X, it is infeasible to find Y such that H(Y)=H(X) D) Is easy to compute h=H(M) for any message M
It is infeasible to find any X, Y such that H(Y)=H(X)
Which are true about the CTR (cipher counter) mode of operation? A) Cannot preprocess in advance B) It is possible to access encrypted data blocks at any location without having to decrypt previous blocks C) You can reuse key/counter values as many times you want and it still remain secure D) All above
It is possible to access encrypted data at any location without having to decrypt previous blocks
Which of the following approaches for authenticated encryption perform encryption and calculate MAC at the same time? A) MAC-then-Encrypt B) Encrypt-then-MAC C) MAC-and-Encrypt
MAC-and-Encrypt
MAC (not media access control)
Message Authentication Code - generic cryptographic checksum that's appended to message as a signature
The following is an example of which security service? Alice can't deny having sent a message to Bob.
Non-Repudiation
Which of the following, if you increase it, increases the security of a block cipher?
Number of Rounds Block Size Key Size
What is OFB? Can it be used for CMAC?
Output Feedback. No.
Passive vs Active Attack
Passive attack scans incoming messages, active attack scans and modifies incoming messages.
The three main properties of a crypto graphically secure hash are:
Pre-image resistance: Given a hash value hh, it should be computationally infeasible to find any input mm such that h=Hash(m)h=Hash(m). In other words, given a hash output, it should be difficult to find the original message. Second pre-image resistance: Given an input m1m1, it should be computationally infeasible to find another input m2m2 such that Hash(m1)=Hash(m2)Hash(m1)=Hash(m2). In other words, it should be difficult to find a different input that produces the same hash output as a given input. Collision resistance: It should be computationally infeasible to find any two distinct inputs m1m1 and m2m2 that produce the same hash value, i.e., Hash(m1)=Hash(m2)Hash(m1)=Hash(m2). This property ensures that it is difficult to find collisions, where two different inputs produce the same hash value.
The following is an example of which security concept? ReggieNet does not allow students to change their grades.
System Integrity
Is the following an example of a Threat, Attack, or Neither? A tornado may strike in Normal, IL.
Threat
CCM is considered an authenticated encryption that simultaneously protects confidentiality and authenticity (integrity) of communications
True
Hash functions are vulnerable to the birthday attack
True
Higher the entropy, less predictability?
True
In the CBC (Cipher Block Chaining) mode a cipher block depends on all blocks before it, and changes to a block affects all following ciphertext blocks
True
In the ECB (Electronic Codebook) mode of encryption if an attacker reorders the blocks of ciphertext then each block will still decrypt successfully, however, the reordering may alter the meaning of the overall data sequence
True
Kerberos uses symmetric key cryptography to provide centralized private-key third party authentication service in a distributed network
True
What's the point of a MAC?
both parties compute it w/ the message to insure they're who they say they are and the message arrived unmodified.
Substitution adds ________, while permutation adds _______.
confusion, diffusion
