Untitled Quiz

Questions and Answers

What is the first step in the ECDSA key generation process?

• Compute e using a hash function
• Select a random integer d from the interval [1, n − 1] as the private key (correct)
• Publish Q = dG as the public key
• Select a random integer k from the interval [1, n − 1]

In ECDSA signing, what must be done if the computed value r equals 0?

• Publish Q = dG
• Goto step 1 (correct)
• Accept the signature
• Stop the process

During ECDSA verification, which condition must be satisfied for the signature to be accepted?

• v must equal r (correct)
• s must be less than n
• v must not equal r
• e must equal h(m)

What is the purpose of the k−1 mod n calculation in the ECDSA signing process?

To generate the signature s (A)

What is a requirement for fixed password schemes mentioned in the content?

At least one character from each of a set of categories (A)

Which mechanism ensures that only authorized users can access specific resources within a system?

Access Control (A)

What is the primary function of a firewall in a network security context?

Blocking unauthorized access (D)

Which type of intrusion detection system primarily relies on predefined signatures for identifying threats?

Signature-based IDS (A)

Which feature of message authentication codes (MAC) helps to verify both the integrity and authenticity of a message?

Combination of a key with the message (D)

Which property of hash functions indicates its resistance to finding two different inputs that yield the same hash value?

Collision resistance (B)

How does an anomaly-based intrusion detection system function?

By comparing traffic against normal behavioral patterns (B)

What does a hashing function do when processing a long document?

Maps the document into a fixed length digest (D)

Which method of authentication uses cryptographic mechanisms to validate the identity of a user or entity?

Digital signatures (B)

What is the purpose of padding a message to a multiple of 512 bits in the MD5 algorithm?

To ensure the message length is compatible for hashing. (C)

In the context of HMAC, what role does the secret key play?

It is combined with the message to form the hash. (B)

How is the hash function H(D) computed in the given algorithm?

By performing a repeated operation involving XOR on the message blocks. (B)

What distinguishes SHA-1 from MD5?

SHA-1 has a hash size of 160 bits, while MD5 has a hash size of 128 bits. (A)

Which statement is true regarding Message Authentication Codes (MAC)?

MAC provides assurances about both the message's source and integrity. (D)

What is the result of modifying the buffer in the MD5 algorithm according to the next 512-bit block?

It updates the buffer for the subsequent block processing. (B)

What is the primary function of a hash function like MD5 and SHA-1 in cryptography?

To generate fixed-size hash values from arbitrary length input. (A)

What is the purpose of the extra zero bits appended to the document in hashing?

To ensure the document's length is an even multiple of n bits. (D)

Flashcards

Hash Function

An algorithm that takes an input (like a document) and produces a fixed-size output (the hash).

MD5

A widely used hash function that produces a 128-bit hash from a given input.

SHA-1

A secure hash algorithm creating a 160-bit hash from input data.

Message Digest

Fixed-size output (hash) produced by hash functions.

HMAC

A method to enhance security by incorporating a secret key to the hashing process.

Message Authentication Code (MAC)

A way to verify message integrity and origin in data communication.

Hashing Block Size

The fixed size of data units processed by the hash function (e.g., 512 bits).

Hash Output Size

Fixed-size output from a hash function.

ECDSA Key Generation

The process of creating a public and private key pair using Elliptic Curve cryptography for digital signatures.

ECDSA Signing

A process that creates a digital signature for a message using the private key and a hash of the message

ECDSA Verification

The procedure to validate a digital signature using the public key and hash of the message

Private Key (ECDSA)

A secret value used to sign messages in ECDSA.

Password Length

The minimum number of characters required for a password.

Hash Digest

The fixed-size output produced by a hash function, representing the input data.

Collision Resistance

A property of good hash functions, where it's extremely difficult to find two different inputs that produce the same hash.

How does hashing overcome public-key limitations?

Hashing allows the processing of large messages using public-key schemes because the hash digest is smaller and can be encrypted using the recipient's public key.

What is a mixing algorithm (M)?

A transformation process used in hash functions to combine blocks of data to generate the hash digest.

Block Size vs. Hash Output Size

Block size refers to the fixed size of data processed by the hash function, while the hash output size is the length of the resulting hash digest.

Why is hash collision resistance crucial for security?

It prevents malicious alterations to data without detection, as any change drastically alters the hash.

What does a hash function guarantee?

It efficiently ensures that the data hasn't been tampered with. Any modifications to the original data will result in a different hash.

Study Notes

Information Security Tools

• Authentication, Access Control, Encryption, Firewalls, Intrusion Detection System are tools for information security.

Authentication

• Message authentication & Integrity: Integrity using Modification Detection Codes (MDC), unsigned hash functions, message authentication codes (MAC), signed hash functions are examples.
• Entity authentication (Digital signatures): This is another aspect of authentication.

Hash Function Algorithm

• Hash function H maps a string (message or document) D of arbitrary length to an integer d = H(D) with a fixed number of bits (digest of D).
• The digest, d, has specific properties: Given a string D, the digest of D can be computed quickly; Given the digest d of D, but not D, it is computationally infeasible to find D; Hash H should be collision resistant (hard to find two documents with the same hash functions).
• Most hash functions use a mixing algorithm, M that transforms a bit string of length n into another bit string of length n; Break a long document into blocks and successively use M to combine each block with the previously processed material.
• To compute H(D), append extra 0 bits to document D, D is written as a concatenation of bit strings of length n H(D) is computed with an initial bit string Ho and an operation like H₁ = Hi-1 xor M(D₁) for 1 ≤ i ≤ k.
• Examples of hash functions include Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1). MD5 algorithm involves padding a message into a multiple of 512 bits, initialization of a 128-bit buffer to a given value, modifying the buffer content at each step according to the next 512-bit block, and finally obtaining a 128-bit "hash" code. SHA-1 works with a block size of 512 bits and a hash size of 160 bits.

Message Digest 5 (MD5)

• The MD5 algorithm is detailed.

Secure Hashing Algorithm 1 (SHA-1)

• The SHA-1 algorithm details are given.

Message Authentication Codes (MAC)

• MAC aims to ensure the source and integrity of a message.
• MAC uses a message input and a secret key.
• MAC algorithms involve keyed hashed algorithms.
• Hashed message authentication code (HMAC) is a method for increasing the strength of the hash function

HMAC

• The details of the HMAC algorithm are given including steps for computing HMAC using MD5.

DES MAC

• Input data is a 64-bit length and the key is a 56-bit length. Output is a 64-bit MAC.
• Message is padded and divided into 64-bit blocks and encrypted sequentially using the key.

Entity Authentication (Digital Signatures)

• Detailed set-up and nomenclature for digital signature.
• Digital Signature Schemes are described.

RSA Scheme

• The RSA scheme for digital signatures is outlined.

Digital Signature Algorithm (DSA)

• DSA algorithm details for key generation, signing, and verification

ECDSA (Elliptic Curve Digital Signature Algorithm)

• Key generation steps are given for the ECSDA algorithm
• Signature process steps are described.
• Verification steps of the ECDSA Algorithm are outlined.

User ID & Passwords

• Fixed password schemes are described.
• Password schemes and techniques are described.
• Password attacks like exhaustive search are also discussed.
• Entropy for 7 bit ASCII character are presented.

Personal Identification Numbers (PINs)

• PINs are fixed, time-invariant passwords.
• Used in conjunction with chipcards.
• Short and numeric (e.g., 4 to 8 digits).
• Additional constraints are used to prevent exhaustive search.
• Constraints on PINs are also presented

Multi-Factor Authentication (MFA)

• MFA uses 2 or more verification methods.
• MFA decreases likelihood of successful cyberattacks.

Three Main Types of MFA Methods

• Knowledge-based factors (passwords, PINs)
• Possession-based factors (badges, smartphones)
• Inheritance-based factors (biometrics like fingerprints, voice recognition)

Access Control

• Access control ensures authenticated users access appropriate resources.
• It determines what actions authorized users can perform.

Access Control Models

• Access matrices, Access Control Lists (ACLs), Role-based access control (RBAC)

Access Control Matrices

• Access control matrix is a two-dimensional matrix.
• Rows represent subjects (users) and columns represent objects (files).
• Entries contain access attributes (e.g. read, write, execute, owner).

Access Control Lists (ACLs)

• ACL is a list of users and their access rights for each resource.
• ACL advantages: determined access
• ACL disadvantages : complex and laborious to maintain

Role-based Access Control (RBAC)

• RBAC assigns users to roles, and roles have specific access rights.
• RBAC advantages: simplified administration.
• RBAC disadvantages: Roles themselves can become difficult to manage.

Discretionary Access Control (DAC)

• DAC allows an individual user to set access control to an object, deciding whether the user or object can access it.
• Strengths of DAC: flexibility. Usage : widely implemented in operating systems.

Mandatory Access Control (MAC)

• MAC is a system-wide policy deciding who has access and individual users have no control over the access policies.
• MAC strengths : secure but inflexible. Usage: Used where flexibility is not the main concern.

I-node data Structure in Minix

• The structure of i-nodes in Minix is explained.