ISA3100 Chapter 8 Review
The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. A) Standard HTTP B) SFTP C) S-HTTP D) SSL Record Protocol
D) SSL Record Protocol
__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. A) Code B) Algorithm C) Key D) Work factor
D) Work factor
Hash Functions
Mathematical algorithms that create a message summary or digest to confirm message identity and integrity Message authentication code (MAC) may be attached to a message
protocols designed to enable secure communications across the Internet.
S-HTTP (Secure Hypertext Transfer Protocol), Secure Electronic Transactions (SET), and SSL (Secure Sockets Layer)
protocols that are used to secure e-mail.
Secure Multipurpose Internet Mail Extensions (S/MIME), Privacy Enhanced Mail (PEM), and Pretty Good Privacy (PGP)
most modern Wi-Fi networks are now protected with
WPA2.
Internet Protocol Security (IPSec)
an open-source protocol framework for security development within the TCP/IP family of protocol standards.
Two basic processing methods are used to convert plaintext data into encrypted data
bit stream and block ciphering.
• Secure Sockets Layer (SSL) protocol
developed by Netscape; uses public-key encryption to secure channel over public Internet.
- Bit stream
each plaintext bit is transformed into a cipher bit one bit at a time.
Digital signatures
encrypted messages that are independently verified by a central facility, and which provide nonrepudiation.
• Secure Hypertext Transfer Protocol (S-HTTP)
extended version of Hypertext Transfer Protocol; provides for encryption of individual messages between client and server across Internet.
• Public-key infrastructure (PKI)
integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services. PKI includes digital certificates and certificate authorities
Template cipher
involves use of hidden message in book, letter, or other message; requires page with specific number of holes cut into it.
The strength of many encryption applications and cryptosystems is determined by
key size.
The science of encryption
known as cryptology, encompasses cryptography (making and using encryption codes) and cryptanalysis (breaking encryption codes
Hash functions
mathematical algorithms that generate a message summary, or digest, that can be used to confirm the identity of a specific message, and confirm that the message has not been altered.
Block cipher
message is divided into blocks (e.g., sets of 8- or 16-bit blocks), and each is transformed into encrypted block of cipher bits using algorithm and key.
Data Encryption Standard (DES)
one of the most popular symmetric encryption cryptosystems. - 64-bit block size; 56-bit key
Encryption
process of converting a message into a form that is unreadable to unauthorized people.
IPSec
protocol used to secure communications across any IP-based network, such as LANs, WANs, and the Internet.
The other major methods used for scrambling data
substitution ciphers, transposition ciphers, the XOR function, the Vigenère cipher, and the Vernam cipher
Most cryptographic algorithms can be grouped into two broad categories
symmetric and asymmetric. Most popular cryptosystems combine the two.
Steganography
the hiding of information. It is not properly a form of cryptography, but is similar in that it is used to protect confidential information while in transit.
Pretty Good Privacy (PGP)
uses IDEA Cipher for message encoding
Running key cipher
uses a book for passing the key to cipher similar to Vigenère cipher; sender provides encrypted message with sequence of numbers from predetermined book to be used as an indicator block.
Exclusive OR (XOR)
• A function within Boolean algebra used as an encryption function in which two bits are compared. Very simple to implement and simple to break
Digital Certificates
• Electronic document/container file containing key value and identifying information about entity that controls key. • Distinguished name (DN): uniquely identifies a certificate entity.
Public-Key Infrastructure (PKI)
• Integrated system of software, encryption methodologies, protocols, legal agreements, and thirdparty services enabling users to communicate securely
Substitution Cipher
• Substitutes or exchanges one value for another
Steganography
• The process of hiding messages; for example, hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect that the hidden message even exists • Also known as the art of secret writing
Book-Based Ciphers
• Uses text from a predetermined book as a key to decrypt a message. • Book cipher: ciphertext consists of a list of codes representing page, line, and word numbers of plaintext word.
Asymmetric Encryption
A cryptographic method that incorporates mathematical operations involving two different keys (commonly known as the public key and the private key) to encipher or decipher a message.
Vernam Cipher
A cryptographic technique developed at AT&T and known as the "one-time pad." • This cipher uses a set of characters for encryption operations only one time and then discards it.
The CA periodically distributes a(n) _________ to all users that identifies all revoked certificates. A) CRL B) RA C) MAC D) RDL
A) CRL
Digital signatures should be created using processes and products that are based on the __________. A) DSS B) NIST C) SSL D) HTTPS
A) DSS
__________ are encrypted messages that can be mathematically proven to be authentic. A) Digital signatures B) MAC C) Message certificates D) Message digests
A) Digital signatures
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals. A) Encryption B) Decryption C) Cryptology D) Cryptography
A) Encryption
_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. A) PGP B) DES C) AH D) ESP
A) PGP
A(n) distinguished name uniquely identifies a certificate entity, to a user's public key. _________________________ A) True B) False
A) True
AES implements a block cipher called the Rijndael Block Cipher. _________________________ A) True B) False
A) True
Bluetooth is a de facto industry standard for short-range wireless communications between devices. A) True B) False
A) True
Ciphertext or cryptogram is the encoded message, or a message that has been successfully encrypted. _________________________ A) True B) False
A) True
Hash algorithms are public functions that create a message digest by converting variable-length messages into a single fixed-length value. _________________________ A) True B) False
A) True
In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early version of the transposition cipher. A) True B) False
A) True
Internet Protocol Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocol. A) True B) False
A) True
Internet Protocol Security is designed to protect data integrity, user confidentiality, and authenticity at the IP packet level. _________________________ A) True B) False
A) True
Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. A) True B) False
A) True
One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message. A) True B) False
A) True
PKI systems are based on public key cryptosystems and include digital certificates and certificate authorities. A) True B) False
A) True
Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms. A) True B) False
A) True
Pretty Good Privacy (PGP) uses the freeware ZIP algorithm to compress the message after it has been digitally signed but before it is encrypted. _________________________ A) True B) False
A) True
Secure Multipurpose Internet Mail Extensions builds on the encoding format of the MIME protocol and uses digital signatures based on public key cryptosystems to secure e-mail. _________________________ A) True B) False
A) True
Steganography is a data hiding method that involves embedding information within other files, such as digital pictures or other images. A) True B) False
A) True
The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. A) True B) False
A) True
The most common hybrid system is based on the Diffie-Hellman key exchange, which is a method for exchanging private keys using public key encryption. A) True B) False
A) True
The most popular modern version of steganography involves hiding information within files that contain digital pictures or other images. _________________________ A) True B) False
A) True
The permutation cipher simply rearranges the values within a block to create the ciphertext. A) True B) False
A) True
When an asymmetric cryptographic process uses the sender's private key to encrypt a message, the sender's public key must be used to decrypt the message. A) True B) False
A) True
Transposition Cipher
Also known as a permutation cipher; involves simply rearranging the values within a block based on an established pattern.
The __________ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. A) ESP B) AH C) HA D) SEP
B) AH
At the World Championships in Athletics in Helsinki in August of 2005, a virus called Cabir infected dozens of __________, the first time this occurred in a public setting. A) Ipad tablets B) Bluetooth mobile phones C) WiFi routers D) laptop Macintosh computers
B) Bluetooth mobile phones
3DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time. A) True B) False
B) False
A brute force function is a mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity. A) True B) False
B) False
A cryptovariable is a value representing the application of a hash algorithm on a message. A) True B) False
B) False
A multipart authentication code (MAC) is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. _________________________ A) True B) False
B) False
Adopted by NIST in 1976 as a federal standard, DES uses a 64-bit block size and key. A) True B) False
B) False
As DES became known as being too weak for highly classified communications, Double DES was created to provide a level of security far beyond that of DES. _________________________ A) True B) False
B) False
Encryption is the process of converting the ciphertext message back into plaintext so that it can be readily understood. _________________________ A) True B) False
B) False
Hashing functions require the use of keys. A) True B) False
B) False
In 1953, Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption. A) True B) False
B) False
In a book cipher, the key consists of a list of codes representing the page number, line number, and word number of the plaintext word._________________________ A) True B) False
B) False
In transport mode the entire IP packet is encrypted and is then placed as the content portion of another IP packet. _________________________ A) True B) False
B) False
SSL builds on the encoding format of the Multipurpose Internet Mail Extensions protocol and uses digital signatures based on public key cryptosystems to secure e-mail. A) True B) False
B) False
Sequence encryption is a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using different keys and sends it to the next neighbor, and this process continues until the message reaches the final destination. A) True B) False
B) False
Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. _________________________ A) True B) False
B) False
The AES algorithm was the first public key encryption algorithm to use a 256 bit key length. A) True B) False
B) False
The S-HTTP security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management. A) True B) False
B) False
The application header (AH) protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. _________________________ A) True B) False
B) False
The number of horizontal and vertical pixels captured and recorded is known as the image's contrast. _________________________ A) True B) False
B) False
To encipher means to decrypt, decode, or convert, ciphertext into the equivalent plaintext. _________________________ A) True B) False
B) False
To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted. A) True B) False
B) False
UltraViolet wireless (UVW) is a de facto industry standard for short-range wireless communications between devices. _________________________ A) True B) False
B) False
Usually, as the length of a crytpovariable increases, the number of random guesses that have to be made in order to break the code is reduced. A) True B) False
B) False
Within a PKI, a(n) registration authority issues, manages, authenticates, signs, and revokes users' digital certificates, which typically contain the user name, public key, and other identifying information. _________________________ A) True B) False
B) False
You cannot combine the XOR operation with a block cipher operation. A) True B) False
B) False
__________ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding. A) PEM B) PGP C) S/MIME D) SSL
B) PGP
__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. A) MAC B) PKI C) DES D) AES
B) PKI
The __________ algorithm, developed in 1977, was the first public key encryption algorithm published for commercial use. A) DES B) RSA C) MAC D) AES
B) RSA
A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption. A) asymmetric B) symmetric C) public D) private
B) symmetric
• Plaintext can be encrypted through:
Bit stream - Block cipher
SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm. A) 48 B) 56 C) 160 D) 256
C) 160
__________ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. A) DES B) 2DES C) AES D) 3DES
C) AES
__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet. A) PEM B) SSH C) IPSec D) SET
C) IPSec
__________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. A) Password B) Cipher C) Key D) Passphrase
C) Key
More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions. A) multialphabetic B) monoalphabetic C) polyalphabetic D) polynomic
C) polyalphabetic
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version. A) timing matrix B) agile scrum C) rainbow table D) smurf list
C) rainbow table
