Guide to network security ch3

true

AES was developed to replace both DES and 3DES

false

Asymmetric algorithms are two way functions

false

Asymmetric encryption is more efficient than symmetric for sending messages

true

Diffie Hellman key exchange uses asymmetric encryption to exchange session keys

Content transfer encoding

Identifies type of conversion used in message body

critical aspects of cryptography

Protecting and verifying information transmitted via information systems.

true

RSA algorithm has become the de facto standard for public use encryption applications.

Work Factor

The amount of effort required to decode an encrypted message when the key and algorithm is unknown.

Block Cipher Method

The message is divided into blocks and then each block of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and a key. Can use substitution, transposition, XOR, or some combination of these operations.

Transposition

The process of rearranging plaintext values to form ciphertext

Substitution

The process of replacing plaintext values with other values to form ciphertext

Algorithm

The programmatic steps used to convert an unencrypted message into an encrypted sequence of bits that represents the message.

Bit stream method and block cipher method.

Two contemporary methods for encrypting plaintext

rainbow table

a database of precomputed hashes from sequentially calculated passwords

message authentication code (MAC)

a key dependent, one way hash function that allows only specific recipients to access the message digest.

true

a longer key directly influences the strength of the encryption

Link encryption

a series of encryptions and decryptions among a number of systems, wherein each system in a network decrypts the message sent to it and then re encrypts it using different keys and sends it to the next neighbor

the message digest

also known as hash value; is a fingerprint of the author's message, which is compared with the recipient's locally calculated hash of the same message.

Vigenere cipher

an advance type of substitution cipher that uses a simple polyalphabetic code.

time memory trade off attack

an algorithm which improves running time by using more space or, similarly, that improves memory usage at the expense of more computing time.

Cipher of Cryptosystem

an encryption method or process encompassing the algorithm, key and cryptovariables, and procedures used to perform encryption and decryption.

Secure Sockets Layer (SSL) and Secure Hypertext Transfer Protocol (S-HTTP)

are designed to enable secure Web communication for e-commerce, banking, and a number of other sensitive uses.

hash functions

are mathematical algorithms that generate a message summary or digest that can be used to confirm the identity of a specific message and/or confirm that there have not been any changes to the content.

hash algorithms

are mathematical functions that create a hash value, also known as a message digest, by converting variable length messages into a single fixed length value

Cryptographic algorithms

are often grouped into two broad categories but today's most popular cryptosystems use a combination of symmetric and asymmetric algorithms.

Internet Protocol Security (IPSec) and Secure Shell (SSH)

are widely used to enable secure network communications across LANs WANs and the Internet.

true

asymmetric encryption can be used to transmit symmetric keys in a hybrid approach.

false

asymmetric encryption requires out of band key exchange

Secure Multipurpose Internet Mail Extensions (S/MIME)

builds on the encoding format of the MIME protocol and uses digital signatures based on public key cryptosistems to secure e-mail; it is the second generation of enhancements to the SMTP standard

yes

can hash functions confirm message identity and integrity?

Content description

describes body object

Content type

describes data in body of message

Bit stream method

each bit in the plaintext is transformed into a cipher bit, 1 bit at a time. commonly use algorithm functions like the exclusive OR operation

true

hash functions are considered one way operations in that the same message always provides the same hash value, but the hash value itself cannot be used to determine the contents of the message.

four keys

how many keys does asymmetric encryption needs to hold a single conversation between two parties?

Content ID

identifies MIME entities

false

if you use the same operation multiple times, you gain additional benefit

Advanced Encryption Standard (AES)

is a federal information processing standard that specifies a cryptographic algorithm used within the US government to protect information in federal agencies that are not a part of the national defense infrastructure.

Exclusive OR operator (XOR)

is a function of a binary operation in which two bits are compared and (1) if the two bits are identical, the result is a binary 0, and (2) if the two bits are not the same, the result is a binary 1.

Diffie Hellman key exchange

is a method for exchanging private keys using public key encryption

Mathematical trapdoor

is a secret mechanism that enables you to easily accomplish the reverse function in a one way function

Secure Hash Standard (SHS)

is a standard issued by the National Institute of Standards and Technology

Secure HTTP (S_HTTP)

is an extended version of HTTP that provides for the encryption of individual messages transmitted via the internet between a client and server

Internet Protocol Security (IPSec)

is an open source protocol framework for security development within the TCP/IP family of protocol standards.

Vigenere Square

is made up of 26 distinct cipher alphabets

one way function

is simple to compute in one direction but complex to compute in the opposite direction.

Encryption

is the process of converting an original message into a form that is unreadable to unauthorized individuals.

Decryption

is the process of converting the ciphertext message back into plaintext so that it can be readily understood.

Salting

is the process of providing a nonsecret, random piece of data to the hashing function when the hash is first calculated.

Triple DES (3DES)

is the same as that of standard DES, except it is repeated three times.

Monoalphabetic substitution

it only uses one alphabet

Session Keys

limited use symmetric keys for temporary communications; they allow two organizations to conduct quick, efficient, secure communications based on symmetric encryption.

private key

means that it is kept secret, known only to the owner of the key pair

public key

means that it is stored in a public location where anyone can use it

SSL

most popular browsers, including internet explorer, firefox, safari, and chrome, use this protocol

true

much of the software programs currently used to protect the confidentiality of information are not true cryptosystems

Transport mode

only the IP data are encrypted, not the IP headers.

Secure Shell (SSH)

protocol developed in order to provide a secure method for accessing systems over an insecure medium

Secure Sockets Layer (SSL)

protocol used for public key encryption to secure a channel over the internet.

IPSec

protocol used to secure communications across IP based networks such as LANs, WANs and the internet by protecting data integrity, used confidentiality and authenticity at the IP packet level

SSL Record Protocol

provides basic security and communications services to the top levels of the SSL protocol stack and is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the plaintext prior to transmission.

Encapsulation security payload (ESP) protocol

provides secrecy for the contents of network communications, as well as system to system authentication and data integrity verification.

Autentication Header (AH) protocol

provides system to system authentication and data integrity verification but does not provide secrecy for the content of a network communication.

Standard HTTP

provides the internet communications services between client and host without considering encryption of the data that is transmitted between client and server

Transposition cipher

simply rearranges the values within a block to create the ciphertext

MIME version

states conformity to TFCs 2045 and 2046

Number larger than 26

the 26 is sequentially subtracted from in until the number is in the proper range

Book or Running key cipher

the ciphertext consists of a list of codes representing the page number, line number, and work number of the plaintext word.

Ciphertext or cryptogram

the encoded message resulting from an encryption

Tunnel Mode

the entire IP packet is encrypted and then placed into the content portion of another IP packet.

Keyspace

the entire range of values that can be used to construct an individual key

Steganography

the hiding of messages in such a way that no one but the sender and intended recipient of the message even knows a message exists.

Key or cryptovariable

the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext

public key encryption

the more common name for asymmetric encryption

true

the notation used to describe an encryption process varies, depending on the source describing the encryption

Plaintext or cleartext

the original unencrypted message, or a message that has been successfully decrypted`

code

the process of converting components of an unencrypted message into encrypted components

Cryptography

the process of making and using codes to secure the transmission of information.

Cryptanalysis

the process of obtaining the original message from an encrypted message without knowing the keys used to perform the encryption.

false

the salt value is to keep a secret

Cryptology

the science of encryption that encompasses both cryptography and cryptanalysis.

false

the security of encrypted data is dependent on keeping the encrypting algorithm secret

key size

the strength of many encryption applications and cryptosystems is measured by:

transport and tunnel

the two modes in with IPSec operates

false

these days only the once standard 56 bit encryption can stand up to brute force attacks by personal computers

Decipher

to decrypt, decode, or convert ciphertext into the equivalent plaintext.

Encipher

to encrypt, encode, or convert plaintext into the equivalent ciphertext

Symmetric encryption

use mathematical operations that can be programmed into extremely fast computing algorithms so that the encryption and decryption processes are executed quickly by even small computers.

Polyalphabetic substitutions

use two or more alphabets

XOR

used in applications where security is not a defined requirement

Lucifer Algorithm

uses a key length of 128 bits

Vernam Cipher

uses a set of characters only one time for each encryption process.

Grille cipher

uses a stencil or template with holes cut out. When the template is applied to a particular message, book, or other document, the message is revealed in the holes.

Asymmetric encryption

uses two different but related keys, and either key can be used to encrypt or decrypt the message.

Rainbow cracking

using a rainbow table, the rainbow cracker simply looks up the hashed password in the massive list and reads out the text version, with no brute force required.

Nonrepudiation

verification that a message was sent by a particular sender and cannot be refuted

Data encryption standard (DES)

was developed by IBM and is based on the company's Lucifer algorithm.

PGP Pretty Good Privacy

was developed by Phil Zimmermann and is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications

RSA algorithm

was the first asymmetric, or public key, encryption algorithm developed and published for commercial use.

Substitution cipher

you substitute one value for another.