CISSP Chapter 6: Cryptography and Symmetric Key Algorithms

What is the formula for calculating the total number of keys needed in a fully asymmetric cryptosystem?

2n

How many versions of 3DES are there?

4

__________ is based on the Rijndael block cipher, protects all government sensitive information, and allows key strength of 128, 192, or 256 bits. Block size can be equal to key length, though longer keys require more rounds of encryption. (128 bit key/10 rounds, 192 bit key/12 rounds, 256 bit key/14 rounds).

AES

The _________ operation (represented by the ^ symbol) checks to see whether two values are both true. Takes only 2 values as input.

AND

What are the important Boolean logical operations (in relation to cryptography)?

AND, OR, NOT, Exclusive OR, Modulo

_____________ algorithms provide a solution to the weaknesses of symmetric key encryption, where each user has a public key (shared with all users) and a private key (a secret to only that user).

Asymmetric/Public Key

____________ verifies the claimed identity of system users and is a major function of cryptosystems

Authentication

______________ ciphers operate on "chunks" or "blocks" of a message and apply the encryption algorithm to an entire block at the same time.

Block

The __________ algorithm was founded by Bruce Schneier and is a DES/IDEA alternative that also operates on 64-bit blocks, but allows for keys between 32 bits (awful) to 448 bits (insanely secure). Much faster than DES and IDEA too. Built into a number of software products/operating systems, including Linux's bcrypt.

Blowfish

_________________ defines the rules for the bits and bytes that form the nervous system of any computer. It's binary (0s and 1s/on and off/true and false).

Boolean mathematics

The _____________ shift each letter 3 letters to the right (A = D). Also known as ROT3/Rotate3 for this reason.

Caesar Cipher

In the _________________ mode of DES, each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm.

Cipher Block Chaining

____________ mode of DES is the streaming cipher version of Cipher Block Chaining CBC, meaning that it operates against data produced in real time. Instead of breaking messages into blocks, it uses memory buffers of the same block size, and as they become full, it is encrypted and sent to the recipients. Can lead to the propagation/chaining of errors. Doesn't stop chaining errors.

Cipher Feedback

_________ are always meant to hide the true meaning of a message using a variety of different techniques.

Ciphers

The sender uses a cryptographic algorithm to encrypt the message and produce a _____________ message.

Ciphertext

What is the equation for a one-time pad?

Ciphertext = (Plaintext + Key) mod 26

_________ are cryptographic systems or symbols that represent works or phrases, and are sometimes secret, but are not necessarily meant to provide confidentiality. (Things like 10-4.)

Codes

Explain the mathematical process that the Diffie-Hellman key exchange algorithm uses to operate.

Communicating parties agree on 2 large numbers (one prime, "p" and one an integer "g") such as 1 < g < p First person chooses a random large integer ("r") and performs R = g^r mod p Other person chooses a different random large integer ("s") and performs S = g^s mod p First person sends their random integer to the other and vice versa. Operation is then performed backwards where K = S^r mod p and K = R^s mod p

_______________ ensures that data remains private while at rest, such as when stored on a risk, or in transit, such as during transmission between two or more parties.

Confidentiality

What are the 4 main goals of cryptography?

Confidentiality, integrity, authentication, and nonrepudiation

_____________ occurs when the relationship between the plaintext and key is so complicated that an attacker can't merely continue altering the plaintext and analyze the resulting ciphertext to retrieve the key.

Confusion

The ____________ mode of DES uses a stream cipher similar to that used in CFB and OFB modes, but instead of creating a seed value for each encryption/decryption operation, it uses a simple counter that increments each operation. This mode of DES does stop error chaining/propagation.

Counter

______________ is the study of methods to defeat codes and ciphers

Cryptoanalysis

__________________ is the art of creating and implementing secret codes and ciphers

Cryptography

Together, cryptography and cryptoanalysis are known as ________________

Cryptology

_________ is a 64-bit block cipher that has 5 modes of operation: Electronic Codebook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, and Counter (CTR) mode. All modes work on 64-bit blocks of plaintext at a time and use keys that are 56 bits in size.

DES

____________ is an algorithm for key exchange used when neither public key encryption nor offline distribution is sufficient for key exchange.

Diffie-Hellman

___________ occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.

Diffusion

______________ is the simplest (least secure) mode of DES. Each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key. This means that if the algorithm encounters the same block multiple times, it will produce the same encrypted block.

Electronic Codebook Mode (ECB)

What are the DES modes?

Electronic Codebook Mode, Cipher Block Chaining Mode, Cipher Feedback Mode, Output Feedback Mode, and Counter Mode

The ____________ used by Germany prior to WWII, machine with 3-6 rotors to implement substitution cipher.

Enigma Cipher

In the ____________ approach to key escrow, the government is provided with a technological means to decrypt ciphertext, which is the basis behind the Skipjack algorithm

Escrowed Encryption Standard

The _______________ operation is commonly used in cryptographic applications, known as the XOR function (represented by the + symbol). It returns a true value when only one of the input values is true.

Exclusive OR

____________ ensures that data is not altered without authorization (you want to receive what is sent to you 100% identically.)

Integrity

The ___________ block cipher was developed in response to complaints about insufficient DES key length. Also operates on 64-bit blocks but uses a 128 bit key that is broken up in a series of operations into 52, 16-bit subkeys. Can operate in the same modes as DES. This algorithm is used in Pretty Good Privacy (email encryption).

International Data Encryption Algorithm (IDEA)

_______________ allow the government under limited circumstances such as a court order, to obtain the cryptographic key used for a particular communication from a central storage facility.

Key escrow systems

Cryptographic algorithms rely on __________ to maintain their security. They are typically just large binary numbers.

Keys

_____________ requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. X out of Y people must work to retrieve the key.

M of N Control

_____________ are summaries of a message's content produced by a hashing algorithm. It is difficult/practically impossible to derive a message from an ideal hash algorithm and it is very unlikely that two messages will produce the same hash value.

Message digests

Other than one-time pads, all cryptographic systems have a limited life span, typically calculated via ____________, which states that processing capabilities of a state of the part microprocessor will double approximately every two years.

Moore's Law

The __________ operation (represented by the ~ or ! symbols) simply reverses the value of an input variable. True is not false and false is not true.

NOT

____________ provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender. Prevents the sender from claiming that they never sent the message in the first place

Nonrepudiation

The ______________ operation (represented by the ▼ symbol) checks to see whether at least one of the input values is true. Always true unless both values are false.

OR

______________ is the physical exchange of key material via paper, a drive that actually looks like a key, or something else. Dangerous to send in the mail, phones can be tapped, and papers can be lost.

Offline Distribution

What are the 3 main methods used to exchange secret keys in a symmetric key environment?

Offline distribution, public key encryption, and Diffie-Hellman

In _______________mode, DES operates in almost the same fashion as it does in Cipher Feedback mode, but instead of XORing an encrypted version of the previous block of ciphertext, DES XORs the plaintext with a seed value. An initialization vector is used to create the seed value. This mode of DES does stop error chaining/propagation.

Output Feedback Mode

____________ works for this as mentioned earlier where a key is exchanged via public key encryption at the beginning of a session and then symmetric encryption is used once the key has been safely exchanged.

Public Key Encryption

The ____________ algorithm was approved for use by FIPS 185, the Escrowed Encryption Standard. It operates on 64-bit blocks of text, uses an 80 bit key, and supports the 4 DES modes. It also supports the escrow of encryption keys. The information needed to reconstruct a Skipjack key is held by NIST and the Department of the Treasury. Generally not embraced because of escrow procedures in place within the US government.

Skipjack

What is the major weaknesses of public key/asymmetric encryption?

Slow speed of operation

___________ ciphers operate on one character or bit of a message at a time.

Stream

_____________ ciphers use the encryption algorithm to replace each character or bit of the plaintext message with a different character.

Substitution

____________ algorithms rely on a "shared secret" encryption key that is distributed to all members who participate in communications. Sometimes called secret key or private key cryptography.

Symmetric Key

What are the 2 major approaches to key escrow?

The Fair Cryptosystems approach and the Escrowed Encryption Standard.

What are the requirements for a one-time pad to be unbreakable?

The pad must be randomly generated, physically protected against disclosure, only used once, and the key must be at least as long as the message to be encrypted.

______________ciphers use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message. The decryption algorithm simply reverses the encryption transformation to retrieve the original message.

Transposition

The Allies used the ___________ to attack/crack the Enigma Cipher.

Ultra Cipher

3DES ___________ is simple DES that encrypts the plain text 3 times using 3 different keys.

Version 1 (DES EEE3)

3DES ______________ uses 3 keys but replaces the second encryption operation with a decryption operation).

Version 2 (DES EEE2)

3DES ___________ only uses 2 keys. Uses an effective 112 bit key.

Version 3

3DES _______________ uses 2 keys with a decryption operation in the middle. Uses an effective 112 bit key.

Version 4.

__________________ refers to the ability of people to prove their knowledge of a fact to a third party without revealing the fact itself to that third party.

Zero knowledge proof

A key space is defined by its ___________, which is nothing more than the number of binary bits (0s and 1s) in the key.

bit size

In the ____________ approach to key escrow, the secret keys used in a communication are divided into two or more pieces, each of which is given to an independent third party. Each of these pieces is useless on its own but valuable when recombined. When the government gets authority, they can recombine and decrypt.

fair cryptosystems

An example of nonce use is in an ______________ where a random bit string that is the same length as the block size and is XORed with the message.

initialization vector

The best example of split knowledge is in the form of _____________, where cryptographic keys, digital signatures, and even digital certificates can be stored in a special database called the (same word) database.

key escrow

Every algorithm has a specific _________ that is the range of values that are valid for use as a key for a specific algorithm.

key space

The ___________ function is extremely important in cryptography. It is the remainder value left over after a division operation is performed. Used in RSA publish key encryption.

modulo

What is the formula for calculating the total number of keys needed in a fully symmetric cryptosystem?

n(n-1)/2

A _________ is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, it is replaced with a random number generated at the moment of processing for one-time use.

nonce

A _______________ is an extremely powerful type of substitution cipher that uses a different substitution alphabet for each letter of the plaintext message.

one-time pad

A ________________ is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values. This is where large prime numbers come into play.

one-way function

Before a message is put into a coded form, it is known as a ____________ (represented by the letter P) message.

plaintext

The problem with one time pads is that you have to have a key as long as the message and then physically hand off the pad to someone else so they can decrypt the message. One common solution to this dilemma is the use of a ________________ cipher. In this cipher, the encryption key is as long as the message itself and is often chosen from a common book.

running key cipher/book

When the information or privilege required to perform an operation is divided among multiple users, no single person has sufficient privileges to compromise the security system of the environment. This separation of duties and two-person control contained in a single solution is called _______________

split knowledge

You can measure the strength of a cryptography system by measuring the effort in terms of cost and/or time using a _______________. Usually the time and effort required to perform a complete brute-force attack against an encryption system is what the work function represents.

work function/factor