Computer Security: CIA Triad

Questions and Answers

Which of the following is the primary goal of 'Confidentiality' as a computer security objective?

• Guaranteeing that data is changed only in a specified and authorized manner.
• Ensuring systems are promptly available to authorized users.
• Assuring that private information is not disclosed to unauthorized individuals. (correct)
• Confirming that a system performs its intended function without manipulation.

What is the main objective of 'Integrity' in the context of computer security?

• To control the flow of network traffic.
• To keep systems available to authorized users.
• To provide assurance that information and programs are altered in a specified and authorized manner. (correct)
• To ensure data is protected from unauthorized access.

Which security objective is violated when ransomware encrypts a user's files and demands cryptocurrency for the decryption key?

• Availability only
• Integrity only
• Confidentiality only
• Confidentiality, Integrity, and Availability (correct)

What distinguishes an 'active attack' from a 'passive attack' in computer security?

Active attacks attempt to alter system resources, while passive attacks only gather information. (A)

Which of the following is a defining characteristic of a 'passive attack'?

It attempts to learn or make use of information from the system without affecting system resources. (C)

Which type of active attack involves the unauthorized capture and subsequent retransmission of a data unit?

Replay (C)

In the context of security mechanisms, what is the primary purpose of 'encipherment'?

To transform data into an unintelligible form using algorithms and keys. (D)

What is the role of a 'trusted third party' in the model for network security?

To act as an arbiter and distributor of secret information. (C)

Which cryptographic algorithm is best suited for concealing small blocks of data, such as encryption keys and hash function values in digital signatures?

Asymmetric encryption (D)

What is the process of converting ciphertext back into its original plaintext form called?

Deciphering (C)

What condition must be met for an encryption scheme to be considered 'computationally secure'?

The cost of breaking the cipher must exceed the value of the encrypted information. (D)

In a 'known plaintext' attack, what information is available to the cryptanalyst?

The encryption algorithm, ciphertext, and one or more plaintext-ciphertext pairs. (A)

What is the primary reliance of cryptanalysis as an attack method?

Exploiting the characteristics of the algorithm and knowledge of plaintext characteristics. (D)

Which of the following is NOT a characteristic dimension used to categorize cryptographic systems?

The length of the key used. (D)

What is another name for symmetric encryption?

Single-key encryption (D)

According to the simplified model of symmetric encryption, what is required for successful decryption?

The same secret key used for encryption. (A)

What is the core principle behind the substitution technique in classical ciphers?

Replacing plaintext letters with other letters, numbers, or symbols. (C)

What is the key characteristic of the Caesar cipher?

It replaces each letter with the letter standing three places further down the alphabet. (A)

If the Caesar cipher algorithm is expressed as $C = E(k, p) = (p + k) \mod 26$, where $p$ is the plaintext letter, $C$ is the ciphertext letter, and $k$ is the key, what does the $\mod 26$ operation ensure?

That the ciphertext letters remain within the range of the alphabet. (D)

In the context of cryptanalysis, what makes the Caesar cipher particularly vulnerable to a brute-force attack?

There are only 25 possible keys to try. (B)

What is a key characteristic of a monoalphabetic substitution cipher?

A single cipher alphabet is used per message, and each letter has one unique substitute. (D)

What is a major weakness of monoalphabetic ciphers that makes them easy to break?

They reflect the frequency data of the original alphabet. (A)

What is the primary characteristic of the Playfair cipher?

It encrypts pairs of letters (digrams) as single units. (A)

In the Playfair cipher, with a key matrix established with the keyword 'EXAMPLE', if both letters in the plaintext digram fall in the same column, how are they encrypted?

They are replaced by the letters beneath, with the top element of the column circularly following the last. (D)

In the Rail Fence cipher, what is the key element used for encryption?

Depth of the diagonals used to write the plaintext. (A)

In row transposition ciphers, what is the key to the algorithm?

The order in which columns are read. (C)

Which significant contribution did rotor machines provide to the field of cryptography?

The concept of multiple stages of encryption. (B)

What is the estimated number of different substitution alphabets in a three-rotor machine, where each rotor has 26 positions?

17,576 (D)

Which modern cipher is mentioned as being influenced by the rotor machine?

DES (B)

Flashcards

Confidentiality definition?

Assures that private information is not disclosed to unauthorized individuals.

Define Integrity

Information and programs are changed only in a specified and authorized manner.

Availability definition?

Systems work promptly and service is not denied to authorized users.

What is a passive attack?

Learn or make use of information from the system WITHOUT affecting system resources.

Active attack definition?

Alter system resources or affect their operation, unlike passive attacks.

Masquerade definition?

One entity pretends to be a different entity.

Replay attack definition?

Passive capture of a data unit and its subsequent retransmission.

Modification of messages?

Some portion of a legitimate message is altered.

Denial of Service (DoS)?

Prevents normal use of communication facilities.

Encipherment

Transform data into a form that is not readily intelligible.

Symmetric encryption?

Used to conceal blocks/streams of data, including messages and passwords.

Asymmetric encryption?

Used to conceal small blocks of data, like encryption keys.

Data integrity algorithms?

Used to protect blocks of data from alteration.

Authentication protocols?

Schemes designed to authenticate the identity of entities.

Plaintext definition?

The original message before encryption.

Ciphertext Definition?

The coded message after encryption.

Cryptographic system or cipher?

Schemes used for encryption.

Cryptanalysis definition?

Techniques used for deciphering messages without knowing enciphering details.

Cryptology definition?

Areas of cryptography and cryptanalysis together.

Unconditionally secure?

Impossible to decrypt because info is not there.

Computationally secure?

The cost or time to break it exceeds its value or lifetime.

What is Cryptanalysis?

Attack relies on the algorithm's nature and knowledge of the plaintext.

Brute-force attack?

Try every possible key until an intelligible translation is obtained.

Substitution Technique definition?

Letters of plaintext are replaced by other letters or symbols.

Caesar Cipher definition?

Replacing each letter with the letter standing three places further.

Monoalphabetic substitution?

A single cipher alphabet is used per message.

Playfair Cipher?

Treats digrams in the plaintext as single units.

Rail Fence Cipher Technique?

Write plaintext as diagonals, read off as rows.

Study Notes

Computer Security Objectives - CIA

• Confidentiality ensures private information isn't disclosed to unauthorized individuals.
• It gives individuals control over what information is collected, stored, and by whom.
• Integrity ensures information and programs are changed only in an authorized manner.
• The system performs its intended function, free from deliberate or inadvertent unauthorized manipulation.
• Availability ensures systems work promptly and that authorized users are not denied service.

CIA Scenario

• A user downloads ransomware disguised as a software update unknowingly.
• The ransomware encrypts all files, including documents and photos.
• Encryption is robust, making it difficult to decrypt files without the key.
• After encryption, a message demands cryptocurrency in exchange for the decryption key.
• This scenario breaches Confidentiality, Integrity, and Availability.

Security Attacks

• Security attacks classification used is based on X.800 and RFC 4949.
• Passive attacks aim to learn or use system information without affecting resources.
• Active attacks attempt to alter system resources or affect their operation.

Passive Attacks

• Involve eavesdropping on or monitoring transmissions.
• The goal is to obtain transmitted information.
• Prevention is preferred over detection, as detection is difficult.
• Two types of passive attacks are: the release of message contents and traffic analysis.

Active Attacks

• Active attacks involve modifying data or creating false data streams.
• They're hard to prevent due to potential vulnerabilities in hardware and software.
• The goal is to detect attacks and recover from any disruption or delays.
• Detection is more likely than prevention.
• Masquerade takes place when one entity pretends to be a different entity.
• Replay involves capturing and retransmitting data to cause an unauthorized effect.
• Modification of messages alters or reorders a legitimate message, leading to unauthorized outcomes.
• Denial of service prevents normal use or management of communications facilities.

Security Mechanisms (X.800)

• Specific security mechanisms can be added to protocol layers to provide OSI security services.
• Trusted functionality is perceived as correct based on specific criteria, like a security policy.
• A security label marks a resource with its security attributes.
• Event detection identifies security-relevant events.
• A security audit trail is data used for an independent review of system records.
• Security recovery manages mechanisms, handling events and recovery actions.
• Encipherment transforms data using algorithms to make it unintelligible, relying on keys.
• Digital signatures prove the source and integrity of data, protecting against forgery.
• Access control enforces resource access rights.
• Data integrity ensures the integrity of data units or streams.
• Authentication exchange verifies an entity's identity through information exchange.
• Traffic padding inserts bits into data streams to thwart traffic analysis.
• Routing control selects secure routes and enables routing changes if security is breached.
• Notarization uses a trusted third party to ensure properties of a data exchange.

Model for Network Security

• Model Includes a sender, receiver, and trusted third party.
• Security-related transformation helps to make it a secure, encrypted message.
• Secret information is used.
• Information channel acts as medium for encrypted text passed from sender to receiver.
• Opponent tries to listen in.

Cryptographic Algorithms and Protocols

• Major areas include symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols.
• Symmetric encryption conceals data blocks or streams, with symmetric keys.
• Asymmetric encryption conceals small data blocks, like encryption keys, using asymmetric keys.
• Data integrity algorithms protect data blocks from alteration.
• Authentication protocols use cryptographic algorithms to verify entities' identities.

Basic Terminology

• Plaintext is the original message, while ciphertext is the coded message.
• Enciphering (encryption) converts plaintext to ciphertext.
• Deciphering (decryption) restores plaintext from ciphertext.
• Cryptography is the study of encryption.
• A cryptographic system or cipher is a scheme used for encryption.
• Cryptanalysis involves deciphering messages without knowing the encryption details.
• Cryptology encompasses both cryptography and cryptanalysis.

Encryption Scheme Security

• An unconditionally secure scheme cannot be decrypted by an opponent, regardless of time because needed info is missing.
• A Computationally secure scheme breaking costs is higher than the encrypted information value or time needed exceeds the useful information lifetime.

Types of Attacks on Encrypted Messages

• "Ciphertext Only" attacks rely only on knowledge of the encryption algorithm and ciphertext.
• "Known Plaintext" attacks knows the encryption algorithm, ciphertext, and how it corresponds to plaintext.
• "Chosen Plaintext" attacks rely on the encryption algorithm, obtained ciphertext, and plaintext.
• "Chosen Ciphertext" attacks rely on the algorithm, and related ciphertext with corresponding decrypted plaintext generated with the secret key.

Cryptanalysis and Brute-Force Attack

• Cryptanalysis relies on algorithm knowledge and plaintext characteristics to deduce plaintext or the key.
• Brute-force attack tests every possible key until intelligible translation is achieved.

Cryptographic Systems

• Systems categorized by operation type, number of keys, and how plaintext is processed.
• Operation type includes substitution and transposition.
• Number of keys includes single-key (symmetric) and two-key (asymmetric) systems.
• Plaintext processing methods are block cipher and stream cipher.

Symmetric Encryption

• Also called conventional or single-key encryption.
• It was the only form before public-key encryption developed in the 1970s.
• It is the most widely used encryption.
• Examples: Data Encryption Standard (DES) and Advanced Encryption Standard (AES).

Simplified Model of Symmetric Encryption

• Sender and receiver both know the secret key.
• Plaintext input is encrypted using the secret key and an algorithm to produce ciphertext.
• The receiver decrypts the ciphertext using the same key and a reverse algorithm to recover the plaintext.

Substitution Technique

• Letters in plaintext are replaced by other letters, numbers, or symbols.
• If plaintext is bits, substitution replaces plaintext bit patterns ciphertext bit patterns.

Caesar Cipher

• The Caesar cipher is the earliest known substitution cipher.
• Used by Julius Caesar.
• It involves replacing each letter with the letter three positions down the alphabet.
• The alphabet is circular, so the letter after "Z" is "A".

Caesar Cipher Algorithm

• Can define transformation: each letter replaced three positions down.
• Mathematically gives letter a number.
• Expressed as: c = E(3, p) = (p + 3) mod (26).
• Caesar algorithm is C = E(k, p) = (p + k ) mod 26.
• 'k' is value 1 to 25.
• Decryption algorithm is: p = D(k, C) = (C - k) mod 26.

Brute-Force Analysis

• Encryption and decryption algorithms are known.
• There are 25 keys to try.
• Ciphertext is easily recognizable.

Monoalphabetic Cipher

• Defined as a permutation: a finite ordered sequence with elements appearing once.
• If the "cipher" line can be any permutation of the 26 alphabetic characters, then there exceeding 4 x 1026 possible keys
• The key space for DES is 10 orders of magnitude less than the quantity of permutations.
• One cipher alphabet is used per message in single cipher alphabet.
• More easily broken as it reflects frequency data.
• Digram is a two-letter combination (most common: th).
• Trigram is a single three-letter combination (most common: the).
• Possible countermeasure against these attacks: multiple substitutes (homophones)

Playfair Cipher

• An encryption cipher known as a multiple-letter encryption substitution.
• Treats digrams in the plaintext as single units, and translates these units into cipher text digrams.
• A 5x5 matrix of letters is built as security based on use of keyword.
• The British Army used the standard system, and the U.S. Army and allied forces adopted it during World War II.
• Repeating plaintext letters that are in the same pair are separated with a filler letter, so that balloon would be treated as ba lx lo on.
• Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last.
• Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the column circularly following the last.
• Plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter.

Rail Fence Cipher

• This Cipher is one of the Simplest transposition.
• Plaintext is written down diagonals and read off rows.

Row Transposition Cipher

• A complex transposition.
• Write the message in a rectangle row by row; read the message column by column.
• Permute the order of the columns for the key.

Rotor Machines

• Rotor machines such as Enigma used in World War II were key to encryption.
• It allowed multiple stages of encryption.
• Key factor: the different substitution alphabets are 26* 26 * 26 = 17,576
• These machines pave the way for Data Encryption Standard (DES).