Part 5.2

8. Kerberos version 5 defines all message structures by using __________ and Basic Encoding Rules (BER), which provide an unambiguous byte ordering.

Abstract syntax notation 1

9. __________ is a term used to describe encryption systems that simultaneously protect confidentiality and authenticity (integrity) of communications.

Authenticated Encryption (EA)

4. An __________ is a server computer that negotiates the use of a specific EAP method with an EAP peer, validates the EAP peer's credentials, and authorizes access to the network.

Authentication server

10. The key algorithmic ingredients of __________ are the AES encryption algorithm, the CTR mode of operation, and the CMAC authentication algorithm.

CCM

11. In the _________ mode the input to the encryption algorithm is the XOR of the current plaintext block and the preceeding ciphertext block; the same key is used for each block.

Cipher Block Chaining

6. _________ is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud computing

6. As with symmetric encryption, there are two approaches to attacking a secure hash function: brute-force attack and ___________ .

Cryptanalysis attack

7. The three most important symmetric block ciphers are: triple DES (3DES), the Advanced Encryption Standard (AES), and the ___________ .

Data Encryption standard (DES)

11. The __________ algorithm accepts the ciphertext and the matching key and produces the original plaintext.

Decryption algorithm

7. The two most widely used public key algorithms are RSA and _________ .

Diffie Helman

14. Using an algorithm that is designed to provide only the digital signature function, the _________ makes use of the SHA-1 and cannot be used for encryption or key exchange.

Digital Signature Standard (DSS)

12. A __________ is when the sender "signs" a message with its private key, which is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message.

Digital signature

15. Bob uses his own private key to encrypt the message. When Alice receives the ciphertext she finds that she can decrypt it with Bob's public key, thus proving that the message must have been encrypted by Bob. No one else has Bob's private key and therefore no one else could have created a ciphertext that could be decrypted with Bob's public key. Therefore the entire encrypted message serves as a _________ .

Digital signature

8. The ________ source is drawn from the physical environment of the computer and could include things such as keystroke timing patterns, disk electrical activity, mouse movements, and instantaneous values of the system clock.

ENTROPY

13. Two requirements for secure use of symmetric encryption are: sender and receiver must have obtained copies of the secret key in a secure fashion and a strong __________ is needed.

Encryption algorithm

15. __________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, thereby reducing the number of authentications needed by the user.

Federation

4. Like the MAC, a __________ accepts a variable size message M as input and produces a fixed size message digest H(M) as output. Unlike the MAC, it does not take a secret key as input.

Hash function

15. Many symmetric block encryption algorithms including DES have a structure first described by _________ of IBM in 1973.

Horst feistel

7. NIST defines three service models, which can be viewed as nested service alternatives: software as a service, platform as a service, and _________ as a service.

Infrastructure

5. Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users.

Kerberos

7. A __________ is a set of managed nodes that share the same Kerberos database which resides on the Kerberos master computer system that is located in a physically secure room.

Kerberos realm

1. The strength of any cryptographic system rests with the _________ technique, a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

Key distribution

4. After determining which systems are allowed to communicate with each other and granting permission for the two systems to establish a connection, the _________ provides a one-time session key for that connection.

Key distribution center (KDC)

13. A _________ is when two sides cooperate to exchange a session key.

Key exchange

1. Protection against active attacks (falsification of data and transactions) is known as ___________ .

Message authentication

2. __________ methods are the actions that are applied to ARs to regulate access to the enterprise network.

Network access enforcement

1. The ___________ functions as an access control point for users in remote locations connecting to an enterprise's internal network.

Network access server

9. The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, session keys and __________ .

Password attacks

13. The _________ extension is used only in certificates for CAs issued by other CAs and allows an issuing CA to indicate that one or more of that issuer's policies can be considered equivalent to another policy used in the subject CAs domain.

Policy mapping

2. The __________ property is the "one-way" property and is important if the authentication technique involves the use of a secret value.

Preimage resistant

11. A _________ consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party which is typically a CA that is trusted by the user community.

Public key certificate

3. The __________ approach has two advantages: it provides a digital signature as well as message authentication and it does not require the distribution of keys to communicating parties.

Public key encryption

14. With a principal objective of enabling secure, convenient and efficient acquisition of public keys, __________ is the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography.

Public key infrastructure

10. __________ is a stream cipher used in the Secure Sockets Layer/Transport Layer Security standards that have been defined for communication between Web browsers and servers and is also used in WEP and WPA protocols.

RCH

5. The __________ property guarantees that it is impossible to find an alternative message with the same hash value as a given message, thus preventing forgery when an encrypted hash code is used.

Second preimage resistant or weak collision resistant

8. The _________ was developed by NIST and published as a federal information processing standard in 1993.

Secure Hash Algorithm (SHA)

9. A PRNG takes as input a fixed value called the ________ and produces a sequence of output bits using a deterministic algorithm.

Seed

3. When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session.

Session key

10. A _________ is the client's choice for an encryption key to be used to protect this specific application session.

Sub key

5. A _________ is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an authenticator attached to the other end of that link.

Supplicant PAE

12. Also referred to as conventional encryption, secret-key, or single-key encryption, _________ encryption was the only type of encryption in use prior to the development of public-key encryption in the late 1970's.

Symmetric

6. A __________ server issues tickets to users who have been authenticated to the authentication server.

Ticket-granting

12. __________ defines a framework for the provision of authentication services by the X.500 directory to its users and defines alternative authentication protocols based on the use of public-key certificates.

X.509

3. A __________ provides a form of NAC by allowing or denying network traffic between an enterprise host and an external user.

firewall

2. A __________ indicates the length of time for which a ticket is valid (e.g., eight hours).

lifetime

14. All encryption algorithms are based on two general principles: _________, in which each element in the plaintext is mapped into another element, and transposition, in which elements in the plaintext are rearranged.

substitution