352CIS-3 Chapter 4 - Part 2

Questions and Answers

What is the first step Alice takes when setting up her RSA encryption system?

• Publishes her private key.
• Finds her public key.
• Calculates the product of her chosen primes.
• Chooses two prime numbers. (correct)

How does Bob create ciphertext C from message M using Alice's public key?

• $C = M^e % n$. (correct)
• $C = n * e + M$.
• $C = M * d % n$.
• $C = (M * e) / n$.

In the RSA algorithm, what ensures that a public key is securely paired with a private key?

• Both keys are derived from the same product of prime numbers. (correct)
• The public key is usually kept secret.
• Both keys are the same length.
• They share a common prime factor.

What is the purpose of the modulus operation used during encryption in RSA?

To ensure the original message can be retrieved. (B)

In the RSA algorithm, what value must 'ed' yield when calculated with respect to m?

ed % m = 1 (A)

Which operation is not performed by Alice when she decrypts ciphertext C?

Uses her public key. (D)

Which of these values must be true considering Alice's choice of e and d?

d must be the inverse of e mod φ(n). (C)

What is the significance of φ(n) in the RSA algorithm?

It helps in determining the possible values for e. (D)

What is the primary purpose of a digital certificate?

To certify the online identities of individuals and organizations (A)

What information is NOT contained in a digital certificate?

The certificate's owner's password (A)

How does a Certificate Authority (CA) create a digital signature for a certificate?

By generating a message digest and signing it with its private key (D)

What is the standard that digital certificates conform to?

X.509 (B)

Which statement is true regarding the verification of a digital certificate's integrity?

It can be done using the CA’s public key and the message digest (C)

In the Diffie-Hellman Key Exchange, what is the role of the private keys A and B chosen by Alice and Bob?

They help in computing shared symmetric keys. (D)

What is the primary purpose of error detecting codes?

To verify data integrity (B)

Which of the following is NOT a term associated with error detecting codes?

Data encryption (D)

What process transforms any given data into a fixed value in cryptography?

Hashing (C)

What is a cryptographic checksum primarily used for?

To verify data integrity with a key (B)

During the Diffie-Hellman Key Exchange, what mathematical operation do both parties perform with their received values?

Modulo (C)

Which statement describes the output of Alice and Bob's calculations in the example?

They achieve a shared symmetric key. (A)

Which element is NOT part of the steps in the Diffie-Hellman Key Exchange depicted?

Data encryption (A)

What is the value of φ when p = 7 and q = 11?

60 (A)

If Alice chooses e to be 13, what is the corresponding value of d that satisfies ed ≡ 1 (mod φ)?

37 (C)

In the context of public key cryptography, what is a key characteristic of the key exchange protocol?

It can be used to establish a shared secret over an insecure channel. (A)

What problem does the 'Man in the Middle' attack present in key exchange protocols?

It can intercept and alter the messages transmitted. (D)

In the Diffie-Hellman key exchange, what do Alice and Bob share publicly?

A prime number P and a base number N (B)

What does Alice compute and send to Bob in the Diffie-Hellman key exchange?

J = N^A (mod P) (B)

What is the role of Eve in the Diffie-Hellman key exchange?

She can intercept but cannot decipher the keys exchanged. (C)

Which aspect confirms the confidentiality and authenticity in Amy and Bill's key exchange solution?

Encrypting the key with both public and private keys. (C)

What is the primary purpose of using hash functions in password storage?

To protect passwords by storing their hash values instead of the clear text. (C)

What feature do digital signatures provide that ensures a signer cannot deny their signature later?

Non-repudiation (A)

Which algorithm is commonly used for creating digital signatures?

RSA (C)

In a digital signature process, what is fed into the hash function?

The original data. (D)

How does the verifier check the validity of a digital signature?

By generating a new hash value from the received data and comparing it to the original hash. (A)

What is the role of the private key in the digital signature process?

To create the digital signature along with the hash value. (A)

Which of the following hash algorithms is NOT mentioned as commonly used?

BLAKE2 (A)

What happens after the verifier successfully verifies the digital signature?

The verifier retrieves the data through decryption using their private key. (D)

How are password hashes typically stored in system files?

In pairs consisting of user ID and hash value. (C)

What does the term 'checksums' refer to in the context of hash functions?

Values used to measure data integrity. (C)

A certificate contains the owner's public key and the Certificate Authority's digital signature.

True (A)

Digital certificates are issued by individuals without the need for a Certificate Authority (CA).

False (B)

The CA uses its public key to digitally sign each certificate it issues.

False (B)

Anyone can use the CA's private key to verify the integrity of a certificate.

False (B)

A message digest is created by the CA from the certificate to generate a digital signature.

True (A)

SHA stands for Secure Hash Algorithm.

True (A)

MD4 and MD6 are the most widely used cryptographic hash functions.

False (B)

A digital signature allows a person to deny signing a message later on.

False (B)

Hash functions convert plaintext passwords into a fixed-length output referred to as a hash value.

True (A)

The signature key in digital signatures uses the receiver's private key.

False (B)

The verifier compares the hash value of original data against the received hash value to check the validity of a digital signature.

True (A)

Digital signatures are created using a public key.

False (B)

The password file stores both the clear text password and its hash value.

False (B)

Every person who adopts the digital signature scheme has a unique public-private key pair.

True (A)

The process of generating a digital signature includes appending a hash value to the data.

True (A)

The ciphertext C is calculated by using the formula $C = m^e mod n$.

True (A)

In the RSA encryption system, d and e are chosen such that the product ed mod φ = 0.

False (B)

Amy's message E(kPUB−A, E(kPRIV−B, K) is a method for ensuring only authenticity in key exchanges.

False (B)

Alice and Bob choose their secret exponents A and B independently before computing J and K.

True (A)

Eve's knowledge of P and N can compromise the Diffie-Hellman key exchange.

False (B)

The calculation K = N^B mod P generates a value that Bob sends to Alice in the Diffie-Hellman exchange.

True (A)

In key exchange protocols, knowing the public key is sufficient for decrypting the message.

False (B)

The prime numbers chosen by Alice and Bob do not need to be kept secret in the Diffie-Hellman protocol.

True (A)

The value of φ when p = 7 and q = 11 is computed as 60.

True (A)

Block ciphers encrypt data in sequences of bytes rather than in fixed-size blocks.

False (B)

AES operates on blocks of 128 bits and can use private keys of varying lengths including 128, 192, and 256 bits.

True (A)

The DES encryption algorithm consists of a maximum of 12 cycles for encrypting data.

False (B)

Each round of the AES algorithm consists of only one step that involves shifting bits.

False (B)

The security of DES was demonstrated to be compromised when researchers used 3,500 machines to infer a key in less than four months.

True (A)

Stream ciphers apply the same operation to all data items regardless of their readiness to transmit.

False (B)

Padding is unnecessary when using block ciphers if all blocks are of the same size.

True (A)

The encryption process in DES includes a permutation step that shuffles bits and a substitution step that replaces blocks of bits.

True (A)

The purpose of cryptographic checksums is to ensure the data integrity using a key known only to authorized parties.

True (A)

In the Diffie-Hellman Key Exchange, Alice and Bob end up with different symmetric keys after their calculations.

False (B)

Error detecting codes only include techniques like parity and can be categorized under a single name.

False (B)

The mathematical trick in the Diffie-Hellman Key Exchange involves both parties raising the number received from the other party to their private key power modulo a prime number.

True (A)

Hashing is the process of altering the data into a numeric representation without any specific function.

False (B)

Error detecting codes are primarily intended for error correction, rather than detecting modifications in data.

False (B)

During the Diffie-Hellman Key Exchange, both Alice and Bob send their calculated keys to each other after performing their computations.

True (A)

The symmetric key resulting from Alice and Bob's calculations in the Diffie-Hellman Key Exchange is guaranteed to be unique.

False (B)

Hash codes can be used effectively to seal a file by verifying its content integrity.

True (A)

Study Notes

Asymmetric Encryption Algorithms

• RSA Algorithm works by using two keys: public and private, with a minimum length of 256 bits.
• Encryption is done by raising each plaintext block to the power of the key, which is much slower than DES and AES but provides stronger security.
• Decryption reverses the encryption process using the corresponding private key.

RSA Algorithm Example

• Alice's Setup:
  • Chooses two prime numbers, p and q.
  • Calculates the product n = pq.
  • Calculates m = (p - 1)(q - 1).
  • Chooses numbers e and d such that ed has a remainder of 1 when divided by m (ed % m = 1).
  • Publishes her public key (n, e).
• Bob's Encryption:
  • Obtains Alice's public key (n, e).
  • Calculates the remainder C when Me is divided by n (C = Me % n).
  • Sends ciphertext C to Alice.
• Alice's Decryption:
  • Uses her private key (n, d).
  • Calculates the remainder R when Cd is divided by n (R = Cd % n).
  • R matches the original message M sent by Bob.

RSA Algorithm Working Example

• Alice's Setup:
  • p=11, q=3
  • n = pq = 33
  • m = (p-1)(q-1) = 20
  • e = 3, d = 7 (ed = 21 has a remainder of 1 when divided by m = 20)
  • Publishes (n, e) = (33, 3)
• Bob's Encryption:
  • (n, e) = (33, 3)
  • Message M = 14
  • C = 14^3 % 33 = 5
  • Sends ciphertext C = 5 to Alice.
• Alice's Decryption:
  • (n, d) = (33, 7)
  • C = 5
  • R = 5^7 % 33 = 14
  • R = 14 = M (original message)

Key Exchange Protocols

• Public key cryptography can be used to exchange secret keys between parties who have no prior relationship.

Simple Key Exchange Protocol

• Issue: This protocol is vulnerable to a man-in-the-middle attack, where an attacker can intercept the exchange and impersonate both parties.

Key Exchange Solution (1)

• Amy sends to Bill: E(kPUB−B , E(kPRIV −A , K))
• This solution adds confidentiality and authenticity to the exchange.

Diffie-Hellman Key Exchange (Solution 2)

• Public Agreement: Alice and Bob publicly agree on a prime number P and a base number N.
• Secret Exponents:
  • Alice chooses a secret exponent A.
  • Bob chooses a secret exponent B.
• Computations:
  • Alice calculates J = N^A (mod P) and sends J to Bob.
  • Bob calculates K = N^B (mod P) and sends K to Alice.
• Shared Secret:
  • Alice calculates K^A (mod P) = (N^B)^A (mod P) = N^(AB) (mod P)
  • Bob calculates J^B (mod P) = (N^A)^B (mod P) = N^(AB) (mod P)
• Result: Both Alice and Bob arrive at the same shared secret value.

Diffie-Hellman Key Exchange Example

• Public Values: N = 7, P = 23
• Alice's Secret Exponent: A = 3
• Bob's Secret Exponent: B = 6
• Calculations:
  • Alice: K = 7^3 mod 23 = 21
  • Bob: J = 7^6 mod 23 = 4
• Shared Secret:
  • Alice: 4^3 mod 23 = 18
  • Bob: 21^6 mod 23 = 18

Error Detecting Codes

• Used to detect if a block of data has been modified.

Hash Codes

• A hashing function transforms any given data into a value.
• Cryptographic Checksum: Uses a cryptographic key known only to the sender and receiver.

Hash Codes (SHA, MD4, MD5)

• SHA (Secure Hash Algorithm): A collection of algorithms for computing checksums.
• MD4, MD5: Widely used cryptographic hash functions.

Message Digest

• Hash functions are used for password storage.
• Instead of storing passwords in clear text, hash values of passwords are stored.
• This ensures that even if the password file is compromised, the original passwords cannot be retrieved.

Digital Signatures

• Purpose: Bind a person or entity to digital data.
• Features:
  • Non-repudiation: The signer cannot deny signing the data.
• Process:
  • The signer generates a hash of the data using a hash function.
  • They sign the hash value using their private key.
  • The signature is appended to the data and sent to the verifier.
• Verification:
  • The verifier runs the same hash function on the received data.
  • The generated hash value is compared to the original hash value in the signature.
  • If the values match, the signature is deemed valid.

Digital Signature Example

• Signing:
  • Sender uses their private key to sign a hash of the data, creating a digital signature.
• Verification:
  • Receiver verifies the signature using the sender's public key.
  • The data is decrypted using the receiver's private key.

Certificates

• Purpose: Certify the online identities of individuals, organizations, and computers.
• Structure: Contains information about the owner (subject), owner's public key, and a digital signature by a Certificate Authority (CA).

CA (Certificate Authority)

• Issues and certifies digital certificates.
• Uses its private key to digitally sign certificates.
• The CA's public key can be used to verify the certificate's integrity.

Block Ciphers

• Block ciphers encrypt data in blocks, typically 64, 128, 256 bits or more.
• All blocks must be the same size, padding is used if necessary
• Block ciphers work on all plaintext data at once
• A block cipher algorithm performs its work on a quantity of plaintext data all at once.
• Blocks for such algorithms are typically 64, 128, 256 bits or more.
• All blocks have to have the same size of bits, otherwise padding is used.

Symmetric Encryption Algorithms

• DES (Data Encryption Standard) uses standard arithmetic and logical operations on a block of data up to 64 bits long and a private key 56 bits long.
• DES employs 16 cycles (rounds) for encryption.
• Each round involves:
  • Substitution step: Replacing blocks of bits
  • Permutation step: Shuffling the bits
  • Key transformation: Mingling in bits from the key
• DES has been found to be vulnerable, as researchers were able to infer a DES key in four months using a network of 3,500 machines in parallel in 1997.
• In 1998, a special DES cracker machine was built, costing approximately $200,000, that could find a DES key in four days.
• AES (Advanced Encryption Standard) uses 10, 12, or 14 cycles (rounds) for private keys of 128, 192, and 256 bits, respectively.
• Each round of AES consists of four steps:
  • Byte substitution: Substituting each byte of a 128-bit block based on a substitution table.
  • Shift row: Shifting certain bits to other positions.
  • Mix column: Encrypting the message.
  • Add round key: Combining with the round key.
• AES is considered more secure than DES due to its larger key sizes and more complex rounds.

Key Exchange Protocols

• Key exchange protocols enable the secure exchange of cryptographic keys between parties who have no prior relationship.
• Simple key exchange protocols can be vulnerable to a "Man in the Middle" attack.
• A "Man in the Middle" attack occurs when an attacker intercepts the key exchange and impersonates one of the communicating parties.
• To counter a "Man in the Middle" attack, a solution involves using encryption with both the sender's and receiver's public keys.
• The Diffie-Hellman key exchange is another solution that allows two parties to establish a shared secret key over an insecure channel.

Diffie-Hellman Key Exchange

1. Alice and Bob publicly agree on a prime number P and a base number N.
2. Alice chooses a secret exponent A and computes J = NA (mod P), sending J to Bob.
3. Bob chooses a secret exponent B and computes K = NB (mod P), sending K to Alice.
4. Alice computes K^A (mod P) and Bob computes J^S (mod P).
   • Both computations result in the same shared secret key, which is secure even if Eve knows both J and K.
5. Alice and Bob can now use this shared secret key for secure communication.

Error Detecting Codes

• Error detecting codes help detect if a block of data has been modified.
• Examples include parity, hash codes, message digests, checksums, integrity checks, and error detection and correction codes.
• These codes are functions applied to a block of data to detect potential alterations.

Hashing

• Hashing involves transforming any data into a fixed-size value using a hash function.
• A hash function is a mathematical algorithm that generates a unique "fingerprint" for a given input.
• Hash codes (or checksums) are used to verify the integrity of data.
• A cryptographic checksum uses a cryptographic key known only to the sender and recipient, offering stronger integrity protection.

Message Digest

• Message digests are examples of hash functions that are widely used for data integrity.
• They provide protection for password storage.
• Instead of storing passwords in plain text, most login processes store their hashed values.
• Password files contain a table of pairs in the form (user id, h(P)), where h(P) is the hash of the password.

Digital Signatures

• Digital signatures bind a person or entity to digital data, similar to handwritten signatures in the physical world.
• They provide non-repudiation, meaning the signer cannot deny signing the data later on.
• Each person has a public-private key pair.
• To create a digital signature:
  1. The signer generates a hash of the data using a hash function.
  2. The hash value and the signer's private key are fed to a signature algorithm, generating a digital signature.
  3. The signature is appended to the data and sent to the verifier.
• To verify a digital signature:
  1. The verifier runs the same hash function on the received data to generate a hash value.
  2. The verifier compares the generated hash value with the received hash value.
  3. If the values match, the digital signature is considered valid, proving the data's authenticity and integrity.
• Since the digital signature is created using the signer's private key, only the signer can generate a valid signature.
• This prevents the signer from denying they signed the data.

Certificates

• Digital certificates are like online identification cards, uniquely identifying individuals, organizations, and computers.
• They are issued and certified by Certificate Authorities (CAs).
• A certificate contains:
  1. The certificate owner (subject) as an entity on the network.
  2. The owner's public key.
  3. A digital signature from the Certificate Authority.
• To verify a certificate:
  1. Use the Certificate Authority's public key to verify the digital signature embedded in the certificate.
  2. The Certificate Authority digitally signs each certificate it issues using its private key.
• This verification process ensures the authenticity and integrity of the certificate.
• If the signature is valid, it confirms that the certificate was issued by the Certificate Authority and hasn't been tampered with.

Description

This quiz delves into the RSA algorithm, a fundamental asymmetric encryption method. It covers key concepts such as key generation, encryption, and decryption processes, exploring how public and private keys interact. Test your knowledge on the workings of RSA and understand its significance in modern security.