352CIS-3 Chapter 4 - Part 2

Questions and Answers

What is the first step Alice takes when setting up her RSA encryption system?

Publishes her private key.

Finds her public key.

Calculates the product of her chosen primes.

Chooses two prime numbers. (correct)

How does Bob create ciphertext C from message M using Alice's public key?

$C = M^e % n$. (correct)

$C = n * e + M$.

$C = M * d % n$.

$C = (M * e) / n$.

In the RSA algorithm, what ensures that a public key is securely paired with a private key?

Both keys are derived from the same product of prime numbers. (correct)

The public key is usually kept secret.

Both keys are the same length.

They share a common prime factor.

What is the purpose of the modulus operation used during encryption in RSA?

To ensure the original message can be retrieved.

In the RSA algorithm, what value must 'ed' yield when calculated with respect to m?

ed % m = 1

Which operation is not performed by Alice when she decrypts ciphertext C?

Uses her public key.

Which of these values must be true considering Alice's choice of e and d?

d must be the inverse of e mod φ(n).

What is the significance of φ(n) in the RSA algorithm?

It helps in determining the possible values for e.

What is the primary purpose of a digital certificate?

To certify the online identities of individuals and organizations

What information is NOT contained in a digital certificate?

The certificate's owner's password

How does a Certificate Authority (CA) create a digital signature for a certificate?

By generating a message digest and signing it with its private key

What is the standard that digital certificates conform to?

X.509

Which statement is true regarding the verification of a digital certificate's integrity?

It can be done using the CA’s public key and the message digest

In the Diffie-Hellman Key Exchange, what is the role of the private keys A and B chosen by Alice and Bob?

They help in computing shared symmetric keys.

What is the primary purpose of error detecting codes?

To verify data integrity

Which of the following is NOT a term associated with error detecting codes?

Data encryption

What process transforms any given data into a fixed value in cryptography?

Hashing

What is a cryptographic checksum primarily used for?

To verify data integrity with a key

During the Diffie-Hellman Key Exchange, what mathematical operation do both parties perform with their received values?

Modulo

Which statement describes the output of Alice and Bob's calculations in the example?

They achieve a shared symmetric key.

Which element is NOT part of the steps in the Diffie-Hellman Key Exchange depicted?

Data encryption

What is the value of φ when p = 7 and q = 11?

60

If Alice chooses e to be 13, what is the corresponding value of d that satisfies ed ≡ 1 (mod φ)?

37

In the context of public key cryptography, what is a key characteristic of the key exchange protocol?

It can be used to establish a shared secret over an insecure channel.

What problem does the 'Man in the Middle' attack present in key exchange protocols?

It can intercept and alter the messages transmitted.

In the Diffie-Hellman key exchange, what do Alice and Bob share publicly?

A prime number P and a base number N

What does Alice compute and send to Bob in the Diffie-Hellman key exchange?

J = N^A (mod P)

What is the role of Eve in the Diffie-Hellman key exchange?

She can intercept but cannot decipher the keys exchanged.

Which aspect confirms the confidentiality and authenticity in Amy and Bill's key exchange solution?

Encrypting the key with both public and private keys.

What is the primary purpose of using hash functions in password storage?

To protect passwords by storing their hash values instead of the clear text.

What feature do digital signatures provide that ensures a signer cannot deny their signature later?

Non-repudiation

Which algorithm is commonly used for creating digital signatures?

RSA

In a digital signature process, what is fed into the hash function?

The original data.

How does the verifier check the validity of a digital signature?

By generating a new hash value from the received data and comparing it to the original hash.

What is the role of the private key in the digital signature process?

To create the digital signature along with the hash value.

Which of the following hash algorithms is NOT mentioned as commonly used?

BLAKE2

What happens after the verifier successfully verifies the digital signature?

The verifier retrieves the data through decryption using their private key.

How are password hashes typically stored in system files?

In pairs consisting of user ID and hash value.

What does the term 'checksums' refer to in the context of hash functions?

Values used to measure data integrity.

A certificate contains the owner's public key and the Certificate Authority's digital signature.

True

Digital certificates are issued by individuals without the need for a Certificate Authority (CA).

False

The CA uses its public key to digitally sign each certificate it issues.

False

Anyone can use the CA's private key to verify the integrity of a certificate.

False

A message digest is created by the CA from the certificate to generate a digital signature.

True

SHA stands for Secure Hash Algorithm.

True

MD4 and MD6 are the most widely used cryptographic hash functions.

False

A digital signature allows a person to deny signing a message later on.

False

Hash functions convert plaintext passwords into a fixed-length output referred to as a hash value.

True

The signature key in digital signatures uses the receiver's private key.

False

The verifier compares the hash value of original data against the received hash value to check the validity of a digital signature.

True

Digital signatures are created using a public key.

False

The password file stores both the clear text password and its hash value.

False

Every person who adopts the digital signature scheme has a unique public-private key pair.

True

The process of generating a digital signature includes appending a hash value to the data.

True

The ciphertext C is calculated by using the formula $C = m^e mod n$.

True

In the RSA encryption system, d and e are chosen such that the product ed mod φ = 0.

False

Amy's message E(kPUB−A, E(kPRIV−B, K) is a method for ensuring only authenticity in key exchanges.

False

Alice and Bob choose their secret exponents A and B independently before computing J and K.

True

Eve's knowledge of P and N can compromise the Diffie-Hellman key exchange.

False

The calculation K = N^B mod P generates a value that Bob sends to Alice in the Diffie-Hellman exchange.

True

In key exchange protocols, knowing the public key is sufficient for decrypting the message.

False

The prime numbers chosen by Alice and Bob do not need to be kept secret in the Diffie-Hellman protocol.

True

The value of φ when p = 7 and q = 11 is computed as 60.

True

Block ciphers encrypt data in sequences of bytes rather than in fixed-size blocks.

False

AES operates on blocks of 128 bits and can use private keys of varying lengths including 128, 192, and 256 bits.

True

The DES encryption algorithm consists of a maximum of 12 cycles for encrypting data.

False

Each round of the AES algorithm consists of only one step that involves shifting bits.

False

The security of DES was demonstrated to be compromised when researchers used 3,500 machines to infer a key in less than four months.

True

Stream ciphers apply the same operation to all data items regardless of their readiness to transmit.

False

Padding is unnecessary when using block ciphers if all blocks are of the same size.

True

The encryption process in DES includes a permutation step that shuffles bits and a substitution step that replaces blocks of bits.

True

The purpose of cryptographic checksums is to ensure the data integrity using a key known only to authorized parties.

True

In the Diffie-Hellman Key Exchange, Alice and Bob end up with different symmetric keys after their calculations.

False

Error detecting codes only include techniques like parity and can be categorized under a single name.

False

The mathematical trick in the Diffie-Hellman Key Exchange involves both parties raising the number received from the other party to their private key power modulo a prime number.

True

Hashing is the process of altering the data into a numeric representation without any specific function.

False

Error detecting codes are primarily intended for error correction, rather than detecting modifications in data.

False

During the Diffie-Hellman Key Exchange, both Alice and Bob send their calculated keys to each other after performing their computations.

True

The symmetric key resulting from Alice and Bob's calculations in the Diffie-Hellman Key Exchange is guaranteed to be unique.

False

Hash codes can be used effectively to seal a file by verifying its content integrity.

True

Study Notes

Asymmetric Encryption Algorithms

• RSA Algorithm works by using two keys: public and private, with a minimum length of 256 bits.
• Encryption is done by raising each plaintext block to the power of the key, which is much slower than DES and AES but provides stronger security.
• Decryption reverses the encryption process using the corresponding private key.

RSA Algorithm Example

• Alice's Setup:
  • Chooses two prime numbers, p and q.
  • Calculates the product n = pq.
  • Calculates m = (p - 1)(q - 1).
  • Chooses numbers e and d such that ed has a remainder of 1 when divided by m (ed % m = 1).
  • Publishes her public key (n, e).
• Bob's Encryption:
  • Obtains Alice's public key (n, e).
  • Calculates the remainder C when Me is divided by n (C = Me % n).
  • Sends ciphertext C to Alice.
• Alice's Decryption:
  • Uses her private key (n, d).
  • Calculates the remainder R when Cd is divided by n (R = Cd % n).
  • R matches the original message M sent by Bob.

RSA Algorithm Working Example

• Alice's Setup:
  • p=11, q=3
  • n = pq = 33
  • m = (p-1)(q-1) = 20
  • e = 3, d = 7 (ed = 21 has a remainder of 1 when divided by m = 20)
  • Publishes (n, e) = (33, 3)
• Bob's Encryption:
  • (n, e) = (33, 3)
  • Message M = 14
  • C = 14^3 % 33 = 5
  • Sends ciphertext C = 5 to Alice.
• Alice's Decryption:
  • (n, d) = (33, 7)
  • C = 5
  • R = 5^7 % 33 = 14
  • R = 14 = M (original message)

Key Exchange Protocols

• Public key cryptography can be used to exchange secret keys between parties who have no prior relationship.

Simple Key Exchange Protocol

• Issue: This protocol is vulnerable to a man-in-the-middle attack, where an attacker can intercept the exchange and impersonate both parties.

Key Exchange Solution (1)

• Amy sends to Bill: E(kPUB−B , E(kPRIV −A , K))
• This solution adds confidentiality and authenticity to the exchange.

Diffie-Hellman Key Exchange (Solution 2)

• Public Agreement: Alice and Bob publicly agree on a prime number P and a base number N.
• Secret Exponents:
  • Alice chooses a secret exponent A.
  • Bob chooses a secret exponent B.
• Computations:
  • Alice calculates J = N^A (mod P) and sends J to Bob.
  • Bob calculates K = N^B (mod P) and sends K to Alice.
• Shared Secret:
  • Alice calculates K^A (mod P) = (N^B)^A (mod P) = N^(AB) (mod P)
  • Bob calculates J^B (mod P) = (N^A)^B (mod P) = N^(AB) (mod P)
• Result: Both Alice and Bob arrive at the same shared secret value.

Diffie-Hellman Key Exchange Example

• Public Values: N = 7, P = 23
• Alice's Secret Exponent: A = 3
• Bob's Secret Exponent: B = 6
• Calculations:
  • Alice: K = 7^3 mod 23 = 21
  • Bob: J = 7^6 mod 23 = 4
• Shared Secret:
  • Alice: 4^3 mod 23 = 18
  • Bob: 21^6 mod 23 = 18

Error Detecting Codes

• Used to detect if a block of data has been modified.

Hash Codes

• A hashing function transforms any given data into a value.
• Cryptographic Checksum: Uses a cryptographic key known only to the sender and receiver.

Hash Codes (SHA, MD4, MD5)

• SHA (Secure Hash Algorithm): A collection of algorithms for computing checksums.
• MD4, MD5: Widely used cryptographic hash functions.

Message Digest

• Hash functions are used for password storage.
• Instead of storing passwords in clear text, hash values of passwords are stored.
• This ensures that even if the password file is compromised, the original passwords cannot be retrieved.

Digital Signatures

• Purpose: Bind a person or entity to digital data.
• Features:
  • Non-repudiation: The signer cannot deny signing the data.
• Process:
  • The signer generates a hash of the data using a hash function.
  • They sign the hash value using their private key.
  • The signature is appended to the data and sent to the verifier.
• Verification:
  • The verifier runs the same hash function on the received data.
  • The generated hash value is compared to the original hash value in the signature.
  • If the values match, the signature is deemed valid.

Digital Signature Example

• Signing:
  • Sender uses their private key to sign a hash of the data, creating a digital signature.
• Verification:
  • Receiver verifies the signature using the sender's public key.
  • The data is decrypted using the receiver's private key.

Certificates

• Purpose: Certify the online identities of individuals, organizations, and computers.
• Structure: Contains information about the owner (subject), owner's public key, and a digital signature by a Certificate Authority (CA).

CA (Certificate Authority)

• Issues and certifies digital certificates.
• Uses its private key to digitally sign certificates.
• The CA's public key can be used to verify the certificate's integrity.

Block Ciphers

• Block ciphers encrypt data in blocks, typically 64, 128, 256 bits or more.
• All blocks must be the same size, padding is used if necessary
• Block ciphers work on all plaintext data at once
• A block cipher algorithm performs its work on a quantity of plaintext data all at once.
• Blocks for such algorithms are typically 64, 128, 256 bits or more.
• All blocks have to have the same size of bits, otherwise padding is used.

Symmetric Encryption Algorithms

• DES (Data Encryption Standard) uses standard arithmetic and logical operations on a block of data up to 64 bits long and a private key 56 bits long.
• DES employs 16 cycles (rounds) for encryption.
• Each round involves:
  • Substitution step: Replacing blocks of bits
  • Permutation step: Shuffling the bits
  • Key transformation: Mingling in bits from the key
• DES has been found to be vulnerable, as researchers were able to infer a DES key in four months using a network of 3,500 machines in parallel in 1997.
• In 1998, a special DES cracker machine was built, costing approximately $200,000, that could find a DES key in four days.
• AES (Advanced Encryption Standard) uses 10, 12, or 14 cycles (rounds) for private keys of 128, 192, and 256 bits, respectively.
• Each round of AES consists of four steps:
  • Byte substitution: Substituting each byte of a 128-bit block based on a substitution table.
  • Shift row: Shifting certain bits to other positions.
  • Mix column: Encrypting the message.
  • Add round key: Combining with the round key.
• AES is considered more secure than DES due to its larger key sizes and more complex rounds.

Key Exchange Protocols

• Key exchange protocols enable the secure exchange of cryptographic keys between parties who have no prior relationship.
• Simple key exchange protocols can be vulnerable to a "Man in the Middle" attack.
• A "Man in the Middle" attack occurs when an attacker intercepts the key exchange and impersonates one of the communicating parties.
• To counter a "Man in the Middle" attack, a solution involves using encryption with both the sender's and receiver's public keys.
• The Diffie-Hellman key exchange is another solution that allows two parties to establish a shared secret key over an insecure channel.

Diffie-Hellman Key Exchange

1. Alice and Bob publicly agree on a prime number P and a base number N.
2. Alice chooses a secret exponent A and computes J = NA (mod P), sending J to Bob.
3. Bob chooses a secret exponent B and computes K = NB (mod P), sending K to Alice.
4. Alice computes K^A (mod P) and Bob computes J^S (mod P).
   • Both computations result in the same shared secret key, which is secure even if Eve knows both J and K.
5. Alice and Bob can now use this shared secret key for secure communication.

Error Detecting Codes

• Error detecting codes help detect if a block of data has been modified.
• Examples include parity, hash codes, message digests, checksums, integrity checks, and error detection and correction codes.
• These codes are functions applied to a block of data to detect potential alterations.

Hashing

• Hashing involves transforming any data into a fixed-size value using a hash function.
• A hash function is a mathematical algorithm that generates a unique "fingerprint" for a given input.
• Hash codes (or checksums) are used to verify the integrity of data.
• A cryptographic checksum uses a cryptographic key known only to the sender and recipient, offering stronger integrity protection.

Message Digest

• Message digests are examples of hash functions that are widely used for data integrity.
• They provide protection for password storage.
• Instead of storing passwords in plain text, most login processes store their hashed values.
• Password files contain a table of pairs in the form (user id, h(P)), where h(P) is the hash of the password.

Digital Signatures

• Digital signatures bind a person or entity to digital data, similar to handwritten signatures in the physical world.
• They provide non-repudiation, meaning the signer cannot deny signing the data later on.
• Each person has a public-private key pair.
• To create a digital signature:
  1. The signer generates a hash of the data using a hash function.
  2. The hash value and the signer's private key are fed to a signature algorithm, generating a digital signature.
  3. The signature is appended to the data and sent to the verifier.
• To verify a digital signature:
  1. The verifier runs the same hash function on the received data to generate a hash value.
  2. The verifier compares the generated hash value with the received hash value.
  3. If the values match, the digital signature is considered valid, proving the data's authenticity and integrity.
• Since the digital signature is created using the signer's private key, only the signer can generate a valid signature.
• This prevents the signer from denying they signed the data.

Certificates

• Digital certificates are like online identification cards, uniquely identifying individuals, organizations, and computers.
• They are issued and certified by Certificate Authorities (CAs).
• A certificate contains:
  1. The certificate owner (subject) as an entity on the network.
  2. The owner's public key.
  3. A digital signature from the Certificate Authority.
• To verify a certificate:
  1. Use the Certificate Authority's public key to verify the digital signature embedded in the certificate.
  2. The Certificate Authority digitally signs each certificate it issues using its private key.
• This verification process ensures the authenticity and integrity of the certificate.
• If the signature is valid, it confirms that the certificate was issued by the Certificate Authority and hasn't been tampered with.

Description

This quiz delves into the RSA algorithm, a fundamental asymmetric encryption method. It covers key concepts such as key generation, encryption, and decryption processes, exploring how public and private keys interact. Test your knowledge on the workings of RSA and understand its significance in modern security.