Cryptography: Symmetric Encryption

Questions and Answers

What is a fundamental requirement for secure symmetric encryption?

• The encryption algorithm must be patented, and the key can be sent via any communication channel.
• The encryption algorithm must be open source, and the key should be easy to remember.
• The encryption algorithm must be complex, and the key must be delivered through a secure channel. (correct)
• The encryption algorithm's strength is irrelevant as long as the key is long enough.

In cryptanalysis, what is the primary approach used when exploiting the characteristics of an encryption algorithm?

• Analyzing algorithm properties to deduce specific plaintext or the key. (correct)
• Stealing the encryption key through social engineering.
• Reverse-engineering the hardware that performs the encryption.
• Brute-force attack to try all possible key combinations.

Which of these algorithms has a variable key size?

• DES
• Triple DES
• AES (correct)
• All of the above

Why was DES (Data Encryption Standard) considered to have 'strength concerns'?

Its 56-bit key was vulnerable to brute-force attacks, and concerns existed about the algorithm itself. (B)

What is the main advantage of Triple DES (3DES) compared to standard DES?

3DES is less susceptible to brute-force attacks due to its longer key length. (D)

After NIST called for proposals for a new AES in 1997, what was the primary goal for the new standard?

To improve security strength with significantly improved efficiency compared to 3DES. (A)

What is a primary characteristic of Electronic Codebook (ECB) mode in symmetric encryption?

Each block of plaintext is encrypted using the same key. (C)

Which of the following is a key difference between block and stream ciphers?

Block ciphers process one block of elements at a time, while stream ciphers process input elements continuously. (C)

What is a key characteristic of public key encryption?

It uses two separate keys, a public key for encryption and a private key for decryption. (B)

In public-key cryptography, what is the purpose of the public key?

To encrypt messages that can only be decrypted by the corresponding private key. (B)

According to Table 2.3, which algorithm can be used for symmetric-key distribution?

Diffie-Hellman (B)

What is a critical requirement for public-key cryptosystems related to key creation?

Generating key pairs must be computationally easy. (D)

Which asymmetric encryption algorithm can be used for encryption?

RSA (Rivest–Shamir–Adleman) (C)

What primary security goal does message authentication achieve?

Protecting against active attacks by verifying that the received message is authentic. (C)

In the context of hash functions, what does 'pre-image resistance' mean?

It should be computationally infeasible to find an input that produces a specific hash value. (C)

How are hash functions primarily utilized to enhance security in password storage?

By storing hash values of passwords, reducing the risk of exposure if the database is compromised. (B)

What does a digital signature provide, even with complete encryption of the message?

Authenticity and data integrity, ensuring the message is from the claimed sender and has not been altered. (C)

What is the function of a Certification Authority (CA) in the context of public-key certificates?

To issue and verify digital certificates, confirming the binding between a public key and an identity. (A)

What is the primary purpose of digital envelopes in secure communication?

To protect a message without needing prior arrangement for sender and receiver to share a secret key. (A)

Which of the following security goals is addressed by generating random numbers in cryptographic systems?

Preventing replay attacks through handshaking protocols. (D)

What is a key criterion for randomness in the context of random number generation?

Uniform distribution, where each number has an equal chance of occurrence. (B)

How do True Random Number Generators (TRNGs) typically operate?

By measuring unpredictable natural processes. (D)

What distinguishes pseudorandom numbers from truly random numbers?

Pseudorandom numbers are statistically random and sequences are likely predictable. (A)

Which of the following describes a primary characteristic of a stream cipher?

Combines the plaintext with a pseudorandom stream to generate the ciphertext. (A)

What is the significance of 'collision resistance' in the context of hash functions?

It should be computationally infeasible to find two distinct inputs that produce the same hash value. (C)

Which of the following is most vulnerable to exploitation if the same key is reused?

Stream cipher. (D)

How does public-key cryptography address the key distribution problem inherent in symmetric encryption?

By using asymmetric key pairs where the public key can be openly distributed. (D)

In terms of randomness requirements, which is more critical for cryptographic applications: uniform distribution or unpredictability?

Unpredictability, because an attacker must not be able to predict future elements. (B)

What is typically included in an unsigned digital certificate?

The user's public key and identification details. (A)

Why is it less common to encrypt stored data compared to encrypting data in transit?

Historical reasons and assumptions have led to less focus on encryption for stored data. (A)

What kind of security is provided by message authentication?

Integrity, verifying the message has not been altered or corrupted during transmission. (D)

What is the purpose of the output 'h' in the function: $h = H(M)$?

The fixed-length hash value of message M. (C)

Why is a brute-force attack more effective on an encryption algorithm with a shorter key length?

The search space of possible keys is smaller, thus requiring less time to test all possible keys. (B)

What is the primary difference in how symmetric and asymmetric encryption algorithms handle keys?

Symmetric algorithms use a shared secret key, whereas asymmetric algorithms use a key pair (public and private keys). (C)

In the context of cryptography, what does the term 'non-repudiation' refer to?

The guarantee that the sender of a message cannot deny having sent the message. (B)

What is a digital signature's primary purpose in securing electronic communication?

To verify the message's origin and integrity, ensuring it hasn't been tampered with and comes from the claimed sender. (D)

Which of the following is a practical application of a secure hash function beyond password storage?

Detecting unauthorized modifications to files on a system (intrusion detection). (B)

Flashcards

Symmetric Encryption

The universal technique for providing confidentiality for transmitted or stored data.

Cryptanalytic Attack

An attack that relies on the nature of the algorithm, general plaintext characteristics and sample plaintext-ciphertext pairs.

Brute-Force Attack

An attack that tries all possible keys on ciphertext until intelligible plaintext is obtained.

Data Encryption Standard (DES)

A symmetric encryption algorithm using 64-bit plaintext block and 56-bit key to produce a 64-bit ciphertext block.

Triple DES (3DES)

A symmetric encryption algorithm that repeats the basic DES algorithm three times using either two or three unique keys.

Advanced Encryption Standard (AES)

A symmetric block cipher selected by NIST in 2001 with 128-bit data and 128/192/256 bit keys.

Multiple-block encryption

Symmetric encryption applied to a unit of data larger than a single block.

Electronic codebook (ECB)

Simplest approach to multiple-block encryption that encrypts each block of plaintext using the same key.

Block Cipher

Processes the input one block of elements at a time and produces an output block for each input block.

Stream Cipher

Processes the input elements continuously, producing output one element at a time.

Public Key Encryption

A form of cryptography in which encryption and decryption are performed using two related but different keys.

Plaintext

Readable message or data that is fed into the algorithm as input.

Public and Private Key

Pair of keys used in asymmetric cryptography; one for encryption, and one for decryption.

Ciphertext

Scrambled message produced as output by an encryption algorithm.

Asymmetric Encryption Algorithms

RSA (Rivest, Shamir, Adleman), Diffie-Hellman, DSS and Elliptic Curve Cryptography.

Message Authentication

Protects against active attacks and verifies that a message comes from the alleged source and has not been altered.

Secure Hash Functions

A cryptographic hash function that is an alternative to the message authentication code.

Hash Function requirements

They apply to a block of data of any size and produce a fixed-length output making them one-way or pre-image resistant.

Cryptanalysis of Hash Functions

This identifies logical weaknesses in an hash function, such as collisions or biases in the output.

Brute-Force Attack on Hash Functions

It refers to the process of trying all possible inputs to a hash function to find a collision or preimage.

Digital Signatures

Used for authenticating both source and data integrity and created by encrypting hash code with private key.

Digital Envelopes

Protects a message without needing to first arrange for sender and receiver to have the same secret key.

Random Numbers Generation Uses

They include Keys for public-key algorithms and stream keys for symmetric stream cipher.

Randomness Criteria

These define that frequency of occurrence of each of the numbers should be approximately the same and no one value in the sequence can be inferred from the others.

Unpredictability

This defines a number that opponent should not be able to predict future elements of the sequence on the basis of earlier elements.

Cryptographic Algorithm Techniques

Algorithms are deterministic and therefore produce sequences of numbers that are not statistically random.

Pseudorandom numbers

Sequences produced that satisfy statistical randomness tests and are likely to be predictable.

True Random Number Generator (TRNG)

Uses a nondeterministic source to produce randomness and most operate by measuring unpredictable natural processes.

Study Notes

Cryptographic Tools

• The chapter provides an overview of cryptographic tools, including encryption, authentication, digital signatures, and random number generation.

Confidentiality with Symmetric Encryption

• Symmetric encryption is a universal technique for maintaining confidentiality of transmitted or stored data.
• Symmetric encryption is also referred to as conventional or single-key encryption.
• Secure use requires a strong encryption algorithm and securely obtained and maintained secret keys by both sender and receiver.
• A simplified model involves plaintext input, an encryption algorithm using a secret key, a transmitted ciphertext, a decryption algorithm using the same secret key, and plaintext output.

Attacking Symmetric Encryption

• Cryptanalytic attacks rely on the algorithm's nature and plaintext characteristics to deduce specific plaintexts or keys.
• Success in cryptanalysis compromises all future and past messages encrypted with that key.
• Brute-force attacks involve testing all possible keys until an intelligible translation is obtained.
• On average, half of all possible keys must be tried for success.

DES, Triple DES, and AES

• DES has a plaintext block size of 64 bits, a ciphertext block size of 64 bits, and a key size of 56 bits.
• Triple DES has a plaintext block size of 64 bits, a ciphertext block size of 64 bits, and a key size of 112 or 168 bits.
• AES has a plaintext block size of 128 bits, a ciphertext block size of 128 bits, and a key size of 128, 192, or 256 bits.

Data Encryption Standard (DES)

• DES is the most widely used encryption scheme which is also known as Data Encryption Algorithm (DEA) and is defined in FIPS PUB 46.
• It uses a 64-bit plaintext block with a 56-bit key to produce a 64-bit ciphertext block.
• Concerns about algorithm strength exist as the use of a 56-bit key was broken by the Electronic Frontier Foundation (EFF) in July 1998.

Triple DES (3DES)

• The basic DES algorithm repeats three times using either two or three unique keys.
• In 1985 Triple DES was first standardized for use in financial applications in ANSI standard X9.17.
• Attractions include a 168-bit key length, which resists brute-force attacks, and the same underlying encryption algorithm as DES.
• Drawbacks of using Triple DES is that the algorithm is sluggish in software and uses a 64-bit block size.

Advanced Encryption Standard (AES)

• AES became necessary as a replacement for 3DES.
• In 1997, NIST called for proposals for a new AES and Rijndael was selected in November 2001.
• The goals of AES include having better security, improved efficiency and being a symmetric block cipher
• AES utilizes 128 bit data and 128/192/256 bit key and has now been published as FIPS 197.

Practical Security Issues

• Symmetric encryption is typically applied to data units larger than a single 64-bit or 128-bit block.
• Electronic codebook (ECB) mode is the simplest approach to encrypting multiple blocks. Each block of plaintext is encrypted using the same key, and cryptanalysts might exploit regularities in the plaintext.
• New techniques were developed to increase the security of symmetric block encryption for large sequences.
• These techniques overcome the weaknesses of ECB.

Block and Stream Ciphers

• Block ciphers process input in blocks of elements at a time, producing an output block for each input block, and can reuse keys, which makes them more common.
• Stream ciphers process input elements continuously, producing one element at a time.

Public Key Encryption

• Public-key encryption was publicly proposed by Diffie and Hellman in 1976.
• Public-key encryption is based on mathematical functions and is asymmetric, using two separate keys: a public key for others to use and a private key.
• Public-key encryption requires an accepted protocol for distribution.

Public Key Encryption Details

• Plaintext is the readable message or data that is fed into the algorithm as input.
• The Encryption algorithm performs transformations on the plaintext.
• Public and private key are a pair of keys, one for encryption, one for decryption.
• Ciphertext is the scrambled message produced as output.
• The Decryption Key produces the original plaintext.

Public-Key Cryptography

• A user encrypts data using their own private key.
• Anyone with the corresponding public key can decrypt the message.

Applications for Public-Key Cryptosystems

• RSA can be used for Digital Signatures, Symmetric Key Distribution and Encryption of Secret Keys.
• Diffie-Hellman can be used Symmetric Key Distribution.
• DSS may be used for Digital Signatures
• Elliptic Curve may be used for Digital Signatures, Symmetric Key Distribution and Encryption of Secret Keys

Requirements for Public-Key Cryptosystems

• It must be computationally easy to create key pairs.
• It must be useful if either key can be used for each role.
• It must be computationally easy for a sender, knowing the public key, to encrypt messages.
• It must be computationally infeasible for an opponent to determine the private key from the public key.
• It must be computationally easy for a receiver, knowing the private key, to decrypt the ciphertext.
• It must be computationally infeasible for an opponent to recover the original message.

Asymmetric Encryption Algorithms

• RSA, developed in 1977, is the most widely accepted approach to public-key encryption, in which the plaintext and ciphertext are integers between 0 and n-1.
• Diffie-Hellman key exchange algorithm enables two users to securely reach an agreement about a shared secret that can be used as a secret key, but it is limited to the exchange of the keys.
• Digital Signature Standard (DSS) provides only a digital signature function using SHA-1 and cannot be used for encryption or key exchange.
• Elliptic curve cryptography (ECC) has security like RSA, but with much smaller keys.

Message Authentication

• Message authentication protects against active attacks.

Secure Hash Functions

• Secure Hash Functions provide an alternative to the message authentication code.

Hash Function Requirements

• Hash functions must be applicable to a block of data of any size.
• Hash functions must produce a fixed-length output.
• H(x) should be relatively easy to compute for any given x.
• It must be computationally infeasible to find x such that H(x) = h, and y ≠ x such that H(y) = H(x).
• It must be computationally infeasible to find any pair (x,y) such that H(x) = H(y).

Security of Hash Functions

• Two approaches used to attack a secure hash function are cryptanalysis and brute-force attacks.
• SHA is the most widely used hash algorithm.
• Additional secure hash function applications include password storage and intrusion detection..

Digital Signatures

• Digital Signatures are used for authenticating the source and data integrity.
• Digital Signatures are created by encrypting the hash code with the private key.
• Digital Signatures do not provide confidentiality. Therefore, even in the case of complete encryption, the message is safe from alteration but not eavesdropping.

Digital Envelopes

• Protects a message without needing a pre-existing shared secret key.
• Functions similarly to a sealed envelope that contains an unsigned letter

Random Numbers

• Random numbers are for generating keys for public-key algorithms and stream keys for symmetric stream ciphers.
• Random numbers are used for generating symmetric keys for use as a temporary session key or in creating a digital envelope.

Random Number Requirements

• Randomness, including uniform distribution and independence, and unpredictability are requirements of Random numbers.

Random versus Pseudorandom

• Cryptographic applications often use algorithmic techniques for generating random numbers.
• Pseudorandom numbers are sequences produced that satisfy statistical randomness tests but are likely to be predictable.
• True random number generators (TRNG) use a nondeterministic source to produce randomness, often measuring unpredictable natural processes (e.g., radiation, gas discharge, leaky capacitors).

Practical Application: Encryption of Stored Data

• It is more common to encrypt transmitted data than it is for stored data.
• Approaches to encrypting stored data include using a commercially available encryption, back-end appliance, library-based tape encryption and background laptop/PC data encryption