COSC019W: Applied Cryptography Quiz

Questions and Answers

Who developed the Data Encryption Standard (DES) and when was it adopted by NIST?

IBM in 1977 (correct)

Ron Rivest in 1994

NIST in 2001

RSA Security in 1987

What is the effective key length of Triple DES (3DES)?

168 bits

The Advanced Encryption Standard (AES) uses 256-bit blocks.

False

A block cipher mode that encrypts a sequence of message blocks in the most straightforward manner is called ____ Mode.

Electronic Code Book (ECB)

What is the purpose of Key Distribution Centres (KDC) in modern cryptosystems?

To distribute secret keys

Digital signatures combine public key cryptography and hashing.

True

What is the primary purpose of a digital signature?

Verify the integrity and authenticity of a message

Prime numbers only have divisors of 1 and ______.

itself

Match the cryptography method with its description:

Brute Force Attack = Trying every possible key until the correct one is found Frequency Analysis = Analyzing the frequency of characters in ciphertext Known Plaintext Attack = Attacker having access to plaintext and corresponding ciphertext Differential Cryptanalysis = Analyzing input differences leading to output differences

What is the modulus function?

The remainder value left over after a division operation is performed.

What is the purpose of a nonce in cryptography?

To add randomness to the encryption process

Initialization vectors (IVs) are used with keys and must be encrypted when being sent to the destination.

False

Cryptography aims to hide information from _________ individuals.

unauthorized

Match the following cryptography terms:

Cryptanalysis = Techniques used for deciphering messages Encryption = Scrambling plaintext into ciphertext Decryption = Unscrambling ciphertext into plaintext Ciphertext = Information in scrambled form

What is the purpose of hashing algorithms?

Create message digest for digitally signed messages, protect user passwords, and create message authentication codes (MAC)

Which hashing algorithm creates a 128-bit message digest?

MD5

Stream ciphers divide a message into blocks for encryption.

False

What are the three independent dimensions that characterize a cryptographic system?

Type of operations, number of keys, method of processing plaintext

What is a substitution cipher?

A substitution cipher is one in which the letters of plaintext are replaced by other letters or symbols.

In a substitution cipher, the substitution key uniquely maps each letter of the alphabet to another letter.

True

The encryption function for the Caesar cipher is C = (P + $3$) mod ___

26

Match the encryption method with the description:

Symmetric encryption = Uses the same key for both encryption and decryption Asymmetric encryption = Involves two keys, public and private, for encryption and decryption

Study Notes

Modern Cryptosystems Algorithms

• Data Encryption Standard (DES):
  • Developed by IBM and adopted by NIST in 1977
  • 64-bit blocks and 56-bit keys
  • Small key space makes exhaustive search attack feasible since late 90s
  • Symmetric encryption algorithm
• Triple DES (3DES):
  • Nested application of DES with three different keys (KA, KB, and KC)
  • Effective key length is 168 bits, making exhaustive search attacks unfeasible
  • C = EKC (DKB (EK A(P))); P = DKA (EK B(DK C(C)))
  • Equivalent to DES when KA=KB=KC (backward compatible)

Advanced Encryption Standard (AES)

• Selected by NIST in 2001 through open international competition and public discussion
• 128-bit blocks and several possible key lengths: 128, 192, and 256 bits
• Exhaustive search attack not currently possible
• AES-256 is the symmetric encryption algorithm of choice

Block Cipher Modes

• Electronic Code Book (ECB) Mode:
  • Simplest mode
  • Block P[i] encrypted into ciphertext block C[i] = EK(P[i])
  • Block C[i] decrypted into plaintext block M[i] = DK(C[i])
  • Weakness: patterns in the plaintext are repeated in the ciphertext
• Cipher Block Chaining (CBC) Mode:
  • C[i] = EK(C[i − 1] ⊕ P[i])
  • C[−1] = V, a random block separately transmitted (Initialization Vector)
  • Decryption: P[i] = C[i − 1] ⊕ DK(C[i])
  • Symmetric encryption algorithm

Rivest Cipher 4 (RC4)

• Designed in 1987 by Ron Rivest for RSA Security
• Trade secret until 1994
• Symmetric encryption algorithm with up to 2,048 bits keys
• Simple algorithm and remarkable speed

Asymmetric Crypters: RSA

• RSA (Rivest–Shamir–Adleman) is a public key cryptosystem that uses block cipher
• Example: RSA Visual

One-Time Pad (OTP)

• Extremely powerful type of substitution cipher
• For a one-time pad encryption scheme to be considered unbreakable, each pad must:
  • Be made up of truly random values
  • Be used only one time
  • Be securely distributed/generated for both sides
  • Be secured at sender’s and receiver’s sites
  • Be at least as long as the message
• One-time Pad is a form of Stream Cipher

Key Management and Distribution

• Keys: uses a message digest
• Keyspace: set of all possible keys
• Key management: one of the most difficult and critical parts of a cryptosystem

Key Distribution Techniques

• Paper distribution: requires no technology, but requires a person to install the key
• Digital distribution: can be in the form of CDs or email, but must be protected during transmission
• Hardware distribution: keys distributed via hardware, such as a smart card or a plug-in module

Purpose of Public Key Infrastructure (PKI)

• Provides a mechanism for establishing a trusted relationship between two parties
• PKI brings trust, integrity, and security to electronic transactions
• PKI framework used to manage, create, store, and distribute keys and digital certificates

Diffie-Hellman Key Exchange

• Enables two users to exchange a secret key securely
• Limited to the exchange of keys
• Algorithm itself is not used for encryption of messages

Hash and Digital Signature

• Digital signatures combine public key cryptography and hashing
• Digital signatures (certificates) are stored in a public key infrastructure domain
• Creating a digital signature involves:
  1. Passing the message through a hashing algorithm
  2. Encrypting the hash using the sender's private key

Cryptanalysis

• Cryptanalysis involves various methods used to decipher encrypted data
• Objective: break cryptographic security systems and gain access to encrypted messages
• Methods:
  • Brute Force Attack
  • Dictionary Attack
  • Frequency Analysis
  • Known Plaintext Attack
  • Differential Cryptanalysis
  • Rainbow Table Attack
  • Quantum Computing### Boolean Mathematics
• Boolean mathematics defines the rules used for the bits and bytes that form the nervous system of a computer.
• It is based on logical functions that manipulate data.

Logical Operations

• AND Operation (∧):
  • Checks if both input values are true.
  • Truth table: two true inputs yield true, otherwise false.
• OR Operation (∨):
  • Checks if at least one input value is true.
  • Truth table: two false inputs yield false, otherwise true.
• NOT Operation (∼ or !):
  • Reverses the value of an input variable.
  • Truth table: true becomes false, and false becomes true.
• XOR Operation (⊕):
  • Returns true only when one input value is true.
  • Truth table: two true inputs or two false inputs yield false, otherwise true.

Prime Numbers

• Prime numbers have only divisors of 1 and itself.
• They cannot be written as a product of other numbers.
• Examples: 2, 3, 5, 7, 11, 13, 17, 19, 23, and 29.

Modulus Function

• If a is an integer and n is a positive integer, amodn is the remainder when a is divided by n.
• The modulus function is extremely important in cryptography.
• It is represented by the abbreviation "mod" or the "%" operator.

Nonce and Initialization Vectors

• A nonce is a random number generator used to add randomness to the encryption process.
• It is a placeholder variable in mathematical functions.
• Initialization vectors (IVs) are random values used with algorithms to ensure patterns are not created during encryption.
• IVs are used with keys and do not need to be encrypted.

Cryptography Basics

• Cryptography is the area of study of schemes used for encryption.
• Cryptanalysis is the technique used to decipher a message without knowledge of the enciphering details.
• Unencrypted information is called plaintext or cleartext.
• Encrypted information is called ciphertext.

Cryptography Goals

• The primary goal of cryptography is to hide information from unauthorized individuals.
• A more realistic goal is to make obtaining the information too work-intensive or time-consuming to be worthwhile to the attacker.

Cryptosystems

• A cryptosystem is a system that includes all the necessary components for encryption and decryption.
• It includes software, algorithms, protocols, and keys.
• Cryptosystems can be used to achieve confidentiality, integrity, authentication, and non-repudiation.

Cryptography Capabilities

• Cryptography can provide various capabilities, including:
  • Privacy or confidentiality
  • Certification
  • Timestamping
  • Witnessing
  • Ownership
  • Anonymity
  • Non-repudiation

Cryptographic Functions and Ciphers

• Each cipher has specific characteristics that make it desirable or undesirable.
• When evaluating a cipher, consider its intended use, key size, and operational mode.

Confusion and Diffusion

• Cryptographic algorithms rely on two basic operations: confusion and diffusion.
• Confusion occurs when the relationship between the plaintext and key is complicated.
• Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Steganography

• Steganography is a method of hiding data in another media type.
• The message is not encrypted, just hidden.
• Steganography is a type of security through obscurity.

The Strength of the Cryptosystem

• The strength of a cryptosystem comes from the algorithm, secrecy of the key, key length, initialization vectors, and how they all work together.
• The strength of a cryptosystem correlates to the amount of necessary processing power, resources, and time required to break the cryptosystem.### Cryptography Overview
• Cryptography is the practice of protecting the confidentiality, integrity, and authenticity of information by using algorithms to transform messages into unreadable formats.

Symmetric Encryption

• In symmetric encryption, the same key is used for both encryption and decryption.
• The sender and receiver use two instances of the same key for encryption and decryption.
• Symmetric keys are also called secret keys.
• Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key.
• The security of symmetric encryption is completely dependent on how well users protect the key.
• Symmetric cryptosystems can provide confidentiality but not authentication or non-repudiation.
• The equation used to calculate the number of symmetric keys needed is N ∗ (N − 1)/2 = number of keys.

Strengths and Weaknesses of Symmetric Encryption

• Strengths:
  • Great speed at which it can operate.
  • Symmetric keying is very fast, often 1,000 to 10,000 times faster than asymmetric.
  • Symmetric encryption algorithms are also hard to break if a large key size is used.
• Weaknesses:
  • Requires a secure mechanism to deliver keys properly.
  • Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, possibly making key management overwhelming.
  • Provides confidentiality but not authenticity or non-repudiation.

Asymmetric Encryption

• In asymmetric encryption, sometimes called public key systems, each user has two keys:
  • The public key can be known to everyone, and the private key must be known and used only by the owner.
  • The two different asymmetric keys are mathematically related.
  • If a message is encrypted by one key, the other key is required in order to decrypt the message.
• Each user using an asymmetric encryption algorithm needs two keys, one public key and one private key.
• The equation used to calculate the number of asymmetric keys needed is N ∗ 2 = number of keys.

Asymmetric Encryption Functions

• Asymmetric algorithms can provide authentication and non-repudiation, depending on the type of algorithm being used.
• Asymmetric systems also provide for easier and more manageable key distribution than symmetric systems and do not have the scalability issues of symmetric systems.
• How is authentication provided:
  • A message can be decrypted with a public key only if the message was encrypted with the corresponding private key.
  • This provides authentication.
• How is confidentiality provided:
  • If confidentiality is needed, Alice would encrypt the file with the receiver's public key.
  • This is called a secure message format because it can only be decrypted by the person who has the corresponding private key.
• How is non-repudiation provided:
  • If Alice encrypts the message with her private key.
  • Only her public key can decrypt it.
  • Alice cannot deny sending this message if her public key can decrypt it. This is non-repudiation.

Strengths and Weaknesses of Asymmetric Encryption

• Strengths:
  • Better key distribution than symmetric systems.
  • Better scalability than symmetric systems.
  • Can provide authentication and non-repudiation.
• Weaknesses:
  • Works much more slowly than symmetric systems.
  • Mathematically intensive tasks.

Ciphers

• Cipher systems have long been used by individuals and governments interested in preserving the confidentiality of their communications.
• The scytale was used by the Spartans to decipher encrypted messages.

Block Cipher

• Encrypts a block of input to a block of output.
• Typically, the two blocks are of the same length.
• Most symmetric key systems block size is 64.
• In AES block size is 128.
• Different modes for encrypting plaintext longer than a block.

Stream Cipher

• A stream cipher does not divide a message into blocks.
• A stream cipher treats the message as a stream of bits and performs mathematical functions on each bit individually.
• Stream ciphers use keystream generators, which produce a stream of bits that is XORed with the plaintext bits to produce ciphertext.
• Stream cipher is very similar to the one-time pad substitution cipher.

Hashing Algorithms

• The most common hashing functions create the message digest for digitally signed messages.
• Hashing is also used to protect user passwords.
• Hashing-type functions can also be used with symmetric key cryptography, and the result of the operation is called a message authentication code (MAC).

Hash Function and Integrity

• Hash functions:
  • Help detect forgeries.
  • Compute a checksum of a message.
  • Combine the checksum with a cryptographic function so that the result is tamperproof.
• A hash is:
  • A checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message.
  • Usually a fixed size, resulting in a hash value, which is larger than checksum values.

Common Hashing Algorithms

• MD5 message digest algorithm—Takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by finding another input.
• Secure Hashing Algorithm (SHA) variants are the most common variants of hashing functions found in commercial software.
  • Secure Hash Algorithm (SHA-1)—Produces a 160-bit hash from a message of any arbitrary length.
  • SHA256 with a digest size of 256 bits is one the most widely used hash algorithms.
  • Hash message authentication code (HMAC)—A hash function that uses a key to create the hash, or message digest.

Description

Test your knowledge of modern cryptosystems, key management, digital signatures, and cryptanalysis, covering topics from the University of Westminster's COSC019W Cyber Security course.