Chapter 8

monoalphabetic cipher 26 (on the order of 1026) two-and three-letter

A ________________ would also appear to be better than the Caesar cipher in that there are ____________________ possible pairings of letters rather than 25 possible pairings. By statistical analysis of the plaintext language, for example, knowing that the letters e and t are the most frequently occurring letters in typical English text, and knowing that particular _______________________ occurrences of letters appear quite often together (for example, "in," "it," "the," "ion," "ing," and so forth) make it relatively easy to break this code.

nonce

A _______ is a number that a protocol will use only once in a lifetime.

playback attack

Bob is subject to a ___________________: Trudy need only eavesdrop on Alice's communication, record the encrypted version of the password, and play back the encrypted version of the password to Bob to pretend that she is Alice.

the Authentication Header (AH) protocol and the Encapsulation Security Payload (ESP) protocol

In the IPsec protocol suite, there are two principal protocols: _____________________________________________.

snooping on communication (possibly stealing passwords and data), impersonating another entity, hijacking an ongoing session, denying service to legitimate network users by overloading system resources, and so on

Unless appropriate countermeasures are taken, these capabilities allow an intruder to mount a wide variety of security attacks:

Confidentiality, Message Integrity, End-point authentication, Operational Security

identify the following desirable properties of secure communication:

four

it is possible to provide security services in any of the top _______ layers of the Internet protocol stack.

hash checksum

A hash function takes an input and computes a fixed-size string known as a ______. It is computationally infeasible for an intruder to substitute one message for another message that is protected by the hash function. For security purposes, we are going to need a more powerful hash function than a _________.

encryption algorithm ciphertext symmetric key public key

Alice provides a key, KA, a string of numbers or characters, as input to the ___________________. The encryption algorithm takes the key and the plaintext message, m, as input and produces ______________ as output. Bob will provide a key to the decryption algorithm that takes the ciphertext and Bob's key as input and produces the original plaintext as output. In ____________________ systems, Alice's and Bob's keys are identical and are secret. In ___________ systems, a pair of keys is used. One of the keys is known to both Bob and Alice (indeed, it is known to the whole world). The other key is known only by either Bob or Alice (but not both).

substituting one thing for another

All cryptographic algorithms involve ___________________________________________________, for example, taking a piece of plaintext and then computing and substituting the appropriate ciphertext to create the encrypted message.

Security Association Database (SAD)

An IPsec entity stores the state information for all of its SAs in its _____________________________, which is a data structure in the entity's OS kernel.

public key certification

An important application of digital signatures is _________________, certifying that a public key belongs to a specific entity.

monoalphabetic cipher

An improvement on the Caesar cipher is the _________________________, which also substitutes one letter of the alphabet with another letter of the alphabet. However, rather than substituting according to a regular pattern,, any letter can be substituted for any other letter, as long as each letter has a unique substitute letter, and vice versa.

private network

An institution that extends over multiple geographical regions often desires its own IP network, so that its hosts and servers can send data to each other in a secure and confidential manner. To achieve this goal, the institution could actually deploy a stand-alone physical network—including routers, links, and a DNS infrastructure—that is completely separate from the public Internet. Such a disjoint network, dedicated to a particular institution, is called a ___________________. Instead of deploying and maintaining a private network, many institutions today create VPNs over the existing public Internet. With a VPN, the institution's inter-office traffic is sent over the public Internet rather than over a physically independent network.

encrypted

Because eavesdroppers may intercept the message, this necessarily requires that the message be somehow ______________ so that an intercepted message cannot be understood by an interceptor.

security association (SA)

Before sending IPsec datagrams from source entity to destination entity, the source and destination entities create a network-layer logical connection. This logical connection is called a _______________________. An SA is a simplex logical connection; that is, it is unidirectional from source to destination. If both entities want to send secure datagrams to each other, then two SAs (that is, two logical connections) need to be established, one in each direction.

Secure Sockets Layer (SSL)

Enhanced version of TCP is commonly known as _______________________. If you have ever purchased anything over the Internet with your credit card, the communication between your browser and the server for this purchase almost certainly went over SSL. SSL is often used to provide security to transactions that take place over HTTP.

polyalphabetic encryption monoalphabetic ciphers

Five hundred years ago, techniques improving on monoalphabetic encryption, known as ____________________, were invented. The idea behind polyalphabetic encryption is to use multiple __________________, with a specific monoalphabetic cipher to encode a letter in a specific position in the plaintext message. Thus, the same letter, appearing in different positions in the plaintext message, might be encoded differently.

substituting the letter that is k letters later d

For English text, the Caesar cipher would work by taking each letter in the plaintext message and ________________________________________ (allowing wraparound; that is, having the letter z followed by the letter a) in the alphabet. For example if k = 3, then the letter a in plaintext becomes __ in ciphertext; b in plaintext becomes e in ciphertext, and so on.

verify Certification Authority (CA) certificate CA-signed certificate validity

For public key cryptography to be useful, you need to be able to _______ that you have the actual public key of the entity with whom you want to communicate. For example, when Alice wants to communicate with Bob using public key cryptography, she needs to verify that the public key that is supposed to be Bob's is indeed Bob's. Binding a public key to a particular entity is typically done by a ___________________, whose job is to validate identities and issue certificates. Once the CA verifies the identity of the entity, the CA creates a __________ that binds the public key of the entity to the identity. When Bob places his order he also sends his ___________________. Alice uses the CA's public key to check the ______ of Bob's certificate and extract Bob's public key.

tunnel transport

IPsec has two different packet forms, one for the so-called ________ mode and the other for the so-called _______________ mode. The tunnel mode, being more appropriate for VPNs, is more widely deployed than the transport mode.

digital signature public-key

In a digital world, one often wants to indicate the owner or creator of a document, or to signify one's agreement with a document's content. A ______________ is a cryptographic technique for achieving these goals in a digital world. Just as with handwritten signatures, digital signing should be done in a way that is verifiable and nonforgeable. Recall that with ______________ cryptography, Bob has both a public and private key, with both of these keys being unique to Bob. Thus, public-key cryptography is an excellent candidate for providing digital signatures. Bob only knows his private key so if you create m with the private key then multiple the public key by it, you will get m.

expensive hash functions fingerprint

One concern with signing data by encryption is that encryption and decryption are computationally _____________. A more efficient approach is to introduce ___________ into the digital signature. A hash algorithm takes a message, m, of arbitrary length and computes a fixed-length "____________" of the message, denoted by H(m). Using a hash function, Bob signs the hash of a message rather than the message itself. Since H(m) is generally much smaller than the original message m, the computational effort required to create the digital signature is substantially reduced.

encryption algorithm authenticate

One nice feature of a MAC is that it does not require an ________________________. Using a MAC, the entities can ______________ the messages they send to each other without having to integrate complex encryption algorithms into the integrity process.

symmetric key cryptography session

RSA is often used in practice in combination with __________________________. For example, if Alice wants to send Bob a large amount of encrypted data, she could do the following. First Alice chooses a key that will be used to encode the data itself; this key is referred to as a _________ key. Alice must inform Bob of the session key, since this is the shared symmetric key they will use with a symmetric key cipher. Alice encrypts the session key using Bob's public key. Bob receives the RSA-encrypted session key and decrypts it to obtain the session key. Bob now knows the session key that Alice will use for her encrypted data transfer.

confidentiality sender authentication message integrity receiver authentication

Security features desired for a secure e-mail system: - _________________: neither Alice nor Bob wants Trudy to read Alice's e-mail message - __________________: when Bob receives a message he would want to be sure that the message came from Alice and not from Trudy - ___________________: assurance that the message Alice sends is not modified while en route to Bob - ___________________: Alice wants to make sure that she is indeed sending the letter to Bob and not to someone else who is impersonating Bob.

public private

Suppose Alice wants to communicate with Bob. Rather than Bob and Alice sharing a single secret key (as in the case of symmetric key systems), Bob (the recipient of Alice's messages) instead has two keys—a ________ key that is available to everyone in the world and a ______ key that is known only to Bob.

plaintext encryption algorithm ciphertext known keys

Suppose now that Alice wants to send a message to Bob. Alice's message in its original form (for example, "Bob, I love you. Alice") is known as ___________, or cleartext. Alice encrypts her plaintext message using an ____________________ so that the encrypted message, known as _____________, looks unintelligible to any intruder. Interestingly, in many modern cryptographic systems, including those used in the Internet, the encryption technique itself is ____________—published, standardized, and available to everyone, even a potential intruder! Clearly, if everyone knows the method for encoding data, then there must be some secret information that prevents an intruder from decrypting the transmitted data. This is where _______ come in.

IPsec virtual private networks

The IP security protocol, more commonly known as _______, provides security at the network layer. IPsec secures IP datagrams between any two network-layer entities, including hosts and routers. As we will soon describe, many institutions (corporations, government branches, non-profit organizations, and so on) use IPsec to create _____________________ (VPNs) that run over the public Internet.

Ron Rivest padding append initialization of an accumulator looping

The MD5 hash algorithm of ____________ is in wide use today. It computes a 128-bit hash in a four-step process consisting of a ______ step (adding a one followed by enough zeros so that the length of the message satisfies certain conditions), an ________ step (appending a 64-bit representation of the message length before padding), an ____________________, and a final _______ step in which the message's 16-word blocks are processed in four rounds.

Secure Hash Algorithm longer output

The second major hash algorithm in use today is the ________________________(SHA-1). SHA-1, a US federal standard, is required for use whenever a cryptographic hash algorithm is needed for federal applications. It produces a 160-bit message digest. The l_______________ ength makes SHA-1 more secure.

stream ciphers and block ciphers

There are two broad classes of symmetric encryption techniques: ____________________________

The choice of the public key and the private key The encryption and decryption algorithm

There are two interrelated components of RSA:

authentication key

To perform message integrity, in addition to using cryptographic hash functions, Alice and Bob will need a shared secret. This shared secret, which is nothing more than a string of bits, is called the __________________. Using this shared secret, message integrity can be performed as follows:

Ciphertext-only attack: the intruder may have access only to the intercepted ciphertext Known-plaintext attack: if Trudy somehow knew for sure that "bob" and "alice" appeared in the ciphertext message, then she could have determined the (plaintext, ciphertext) pairings for the letters a, l, i, c, e, b, and o Chosen-plaintext attack: the intruder is able to choose the plaintext message and obtain its corresponding ciphertext form

When considering how easy it might be for Trudy to break Bob and Alice's encryption scheme, one can distinguish three different scenarios, depending on what information the intruder has.

RSA algorithm

_________________: has become almost synonymous with public key cryptography

Cryptographic techniques

__________________ allow a sender to disguise data so that an intruder can gain no information from the intercepted data. The receiver, of course, must be able to recover the original data from the disguised data.

End-point authentication

__________________ is the process of one entity proving its identity to another entity over a computer network, for example, a user proving its identity to an e-mail server. As humans, we authenticate each other in many ways: We recognize each other's faces when we meet, we recognize each other's voices on the telephone, we are authenticated by the customs official who checks us against the picture on our passport.

Cipher Block Chaining (CBC) Initialization Vector (IV) provide a mechanism within the protocol to distribute the IV from sender to receiver

__________________________: idea to send only one random value along with the very first message, and then have the sender and receiver use the computed coded blocks in place of the subsequent random number Before encrypting the message (or the stream of data), the sender generates a random k-bit string, called the ________________________. CBC has an important consequence when designing secure network protocols: we'll need to _____________________________________________________________.