Cryptography: CIA Services

Questions and Answers

In cryptographic services, what primary security goals are achieved through authentication, integrity checks, and ensuring confidentiality?

• Establishing user identity, maintaining data consistency, and protecting data from unauthorized access. (correct)
• Verifying user permissions, managing network traffic, and securing physical infrastructure.
• Monitoring system logs, detecting intrusion attempts, and ensuring regulatory compliance.
• Preventing unauthorized access while ensuring data accuracy and reliability.

How does hashing contribute to data integrity in cryptographic systems?

• By compressing data to reduce storage space and improve transmission speed.
• By creating a unique fingerprint of the data, which changes if the data is altered. (correct)
• By verifying the source of the data through digital signatures.
• By encrypting data to prevent unauthorized viewing.

What is the purpose of using asymmetric keys for authentication?

• To reduce the overhead of encryption and decryption processes.
• To allow verification of the sender's identity and ensure non-repudiation. (correct)
• To simplify key management.
• To speed up the encryption process.

What is the main challenge in key exchange that Diffie-Hellman and similar algorithms aim to solve?

Securing the exchange of cryptographic keys over a public channel. (D)

Which of the following is a core component of the CIA triad, focusing on preventing unauthorized disclosure of information?

Confidentiality (A)

In symmetric encryption, what key management issue is most prominent?

Distributing the secret key securely to all authorized parties. (B)

Which security goal is primarily achieved through the use of digital certificates?

Verification of the sender's identity via a trusted third party. (B)

How does a Certificate Authority (CA) contribute to the Public Key Infrastructure (PKI)?

By issuing, managing, and revoking digital certificates. (B)

What is the purpose of a Registration Authority (RA) in the context of digital certificates?

To verify the identity of certificate applicants before forwarding requests to a CA. (B)

Which of the following best describes the difference between symmetric and asymmetric encryption?

Symmetric encryption uses one key for both encryption and decryption, while asymmetric encryption uses a pair of keys. (A)

Which algorithm is considered 'most secure' for integrity?

SHA (B)

Which key length is associated with the DES encryption algorithm?

56-bits (A)

In public key cryptography, what is the purpose of encrypting a message with the recipient's public key?

To ensure the message can only be read by the recipient. (C)

Confidentiality with symmetric key is achieved with?

Same key to Encrypt/Decrypt (A)

What is the purpose of the keyed-hash message authentication code?

Hash the message with key (C)

What is a digital certificate mainly used for?

To prove bond (D)

Which of the following properties are associated with Digital Signatures?

All of the above (D)

Between PSK and RSA, which peer authentification method is considered 'Most Secure'?

RSA (C)

A certificate authority (CA) has the ability to sign certificates. What is this proving?

All of the above (C)

In symmetric encryption, the same key is used for both encryption and decryption.

True (A)

Asymmetric encryption, such as RSA, utilizes the same key for encryption and decryption, simplifying key management.

False (B)

Authentication provides assurance that data has not been altered in transit.

False (B)

Integrity ensures the confidentiality of data but does not confirm the sender's identity.

False (B)

Confidentiality is achieved through hashing algorithms, which scramble the data.

False (B)

Key exchange protocols are not necessary if both parties already possess pre-shared keys.

True (A)

Public key cryptography relies on distributing the private key to ensure secure communication.

False (B)

In a VPN, encryption is only applied to the header of the data packet, leaving the payload unencrypted for faster processing.

False (B)

Hashing algorithms are reversible, allowing the original data to be recovered from the hash value.

False (B)

Digital signatures provide integrity, authentication, and non-repudiation for digital communications.

True (A)

A certificate authority (CA) is responsible for issuing digital certificates to verify the identity of individuals and organizations.

True (A)

Digital certificates are valid indefinitely and do not require renewal.

False (B)

The MD5 algorithm produces a 256-bit hash value, making it more secure than SHA-1.

False (B)

HMAC (Keyed-Hash Message Authentication Code) uses a cryptographic key to provide both integrity and authentication of a message.

True (A)

In the context of cryptography, non-repudiation means that the sender of a message can deny having sent it.

False (B)

Diffie-Hellman is a symmetric encryption algorithm used to securely exchange keys over a public channel.

False (B)

Assuming Alice wants to send an encrypted message to Bob using asymmetric encryption, she would encrypt the message with her private key and Bob would decrypt it using Alice's public key.

False (B)

The main goal of cryptography is to ensure availability of data, even if it implies sacrificing confidentiality or integrity.

False (B)

PSK (Pre-Shared Key) is considered a more secure peer authentication method than RSA due to its complex key generation process.

False (B)

A registration authority (RA) directly issues certificates to end-users, bypassing the need for a certificate authority (CA).

False (B)

Flashcards

Confidentiality

Ensuring data is accessible only to authorized parties.

Integrity

Guaranteeing that data remains unaltered and genuine.

Authentication

Verifying the identity of users or devices.

Encryption

The method of transforming data into an unreadable format.

Symmetric Encryption

An encryption method using a single key for both encryption and decryption.

Asymmetric Encryption

Encryption with separate keys for encryption and decryption.

Hash Algorithms

Algorithms that produce a unique, fixed-size output from variable-size input data.

HMAC

A cryptographic function using a secret key to authenticate a message.

PKI Framework

Framework for digital certificates that uses a certification authority

Digital Certificate

A digital document to prove the ownership of a public key.

Cryptography

Cryptographic techniques used to secure and protect information.

VPN

A secure network connection that provides privacy and integrity over a public network.

IPsec VPN

A suite of protocols providing secure IP communications, involving encryption and authentication.

Site-to-Site IPsec VPN

A VPN that connects entire networks, securing all traffic between them.

SSL VPN

A VPN that uses SSL/TLS protocol to secure web traffic.

Peer authentication Methods

Used in authentication, they ensure that sender's identity is verified.

Registration Authority

Process by which users get digital certificate.

Message Integrity

Ensures data or messages are unaltered from origin to the destination.

Cryptographic Services

A framework for establishing secure communication using encryption and authentication

Key Exchange

The process of securely exchanging cryptographic keys between parties.

Diffie-Hellman

A key exchange protocol used to securely establish a shared secret between two parties.

Study Notes

• Cryptography covers symmetric vs. asymmetric encryption, authentication, integrity, confidentiality, key management & exchange, and public key cryptography.
• Authentication, Integrity, and Confidentiality are all facets of cryptographic services.
• With Authentication Alice encrypts Hash using a private key, and Bob decrypts using Alices public key
• A certificate authority signs and proves the public IP to validate authenticity.
• Encryption ensures confidentiality.
  • Examples: DES, 3DES, AES, SEAL.
• Hashing is used for integrity.
  • Examples: MD5, SHA.
• Authentication confirms identity.
  • Examples: PSK, RSA.
• Key Exchange helps with key management;
  • Example: Diffie-Hellman.
• Security of Hash Algorithms is dependent on Key Length