Introduction to Cryptography

Questions and Answers

What does Data Integrity ensure in secure communications?

Only authorized users can read the message

The message was not altered (correct)

The message is authentic and genuine

The sender cannot deny the validity of the message

Which property of a cryptographic hash function ensures that two different inputs produce different hash values?

Computationally easy to reverse

The output can be of varying lengths

Collision free (correct)

The function is not reversible

In the equation h = H(x), what does 'H' represent?

The original message

A hash algorithm (correct)

A fixed-length output

The hash value

What does Data Non-Repudiation guarantee?

The sender cannot deny sending the message

What is a characteristic of hashing in regards to message alteration?

The hash value changes whenever the data is altered

Which of the following statements is true about cryptographic hash functions?

They take an input of any length and output a fixed length

What is the primary purpose of using hash functions?

To verify and ensure data integrity

What is the term used for the condensed representation produced by a hash function?

Digital fingerprint

What is required for a host to successfully decrypt a message that was encrypted using a private key?

The corresponding public key

Which statement correctly describes how authentication is achieved in asymmetric encryption?

The private key is used to encrypt, and the public key is used to decrypt.

What element of asymmetric encryption helps in achieving integrity of a message?

Ciphering a message with a public key alongside a ciphered hash

In the scenario where Alice encrypts a message with her private key, what is Bob's role in the process?

Bob uses Alice’s public key to decrypt the message.

What is the primary function of the private key in asymmetric encryption?

To encrypt and authenticate messages.

Why is confidentiality said to be achieved when only one host possesses the private key?

Only that host can decrypt the messages intended for them.

Which of the following processes combines confidentiality, authentication, and integrity in asymmetric encryption?

Ciphering a message with a public key and a hash ciphered with a private key.

What verifies who the sender of a message is in asymmetric encryption?

The successful decryption of the message with the public key.

What is the primary purpose of digital certificates?

To authenticate the identity of a system and establish an encrypted connection

Which assurance does a digital signature NOT provide?

Modification of the code is evident

What does it mean if a file is digitally signed by Cisco Systems Inc.?

The file is recognized as developed by Cisco without tampering

What is included in the Certificate Information tab of a digitally signed file?

Validation details of the signing organization

Which of the following statements about digitally signed software is incorrect?

It guarantees the software will function correctly

What function does the Windows Certification manager (certmgr) serve?

To manage and review digital certificates

Which property does NOT relate to a digitally signed file?

The file can be modified by anyone

Which is NOT a characteristic of digital signatures for code signing?

They enable software version control

What is the primary characteristic of a site-to-site VPN?

VPN traffic is only encrypted between the terminating devices.

Which of the following statements about remote-access VPNs is true?

They dynamically establish a connection between a client and a VPN device.

What happens to the outbound traffic in a site-to-site VPN before it is sent through the tunnel?

It is encapsulated and encrypted by the VPN gateway.

What is the role of a VPN gateway in a site-to-site VPN?

To relay packets toward the target host inside its private network.

What is the main purpose of the Diffie-Hellman (DH) algorithm?

To generate an identical shared secret between two parties

What does hybrid encryption combine?

Asymmetric encryption and symmetric encryption

How is VPN traffic usually forwarded in a site-to-site configuration?

It is sent through a secure tunnel over the internet.

What does a digital signature provide?

Authenticity, integrity, and nonrepudiation

Which protocol is typically used to create and secure site-to-site VPNs?

Internet Protocol Security (IPsec)

Which of the following best describes the nature of internal hosts in a site-to-site VPN?

They remain unaware of the VPN usage.

How is the symmetric key used in hybrid encryption?

For encrypting traffic once exchanged

In what context are digital signatures commonly used?

Code signing for verifying executable files

What is a significant benefit of utilizing high-speed connections for remote workers?

They can gain secure access to corporate networks.

Which of the following describes the function of Bob's private key in the context described?

To decrypt messages received from Alice

What is the significance of the symmetric key in the context of hybrid encryption?

It is used for encrypting data after being exchanged using asymmetric encryption

Why is the Diffie-Hellman algorithm classified as asymmetric?

It generates a common secret without key exchange

What is the primary function of HMAC in message transmission?

To ensure the integrity and authenticity of the message

Which of the following describes symmetric encryption?

It relies on a pre-shared key for both encrypting and decrypting data.

What should be done to ensure more secure communications when using symmetric encryption?

Use longer encryption keys to increase security.

How does the receiving device verify the authenticity of a message with HMAC?

By calculating a new digest using its own secret key.

Which encryption standard is commonly used with VPN traffic due to its lower CPU resource demands?

Advanced Encryption Standard (AES)

What is the role of a hashing algorithm in the context of HMAC?

To create a fixed-length digest that verifies message integrity.

Which of the following statements about asymmetric encryption is true?

It requires a public and private key for secure communication.

What is the primary difference between block ciphers and stream ciphers in symmetric encryption?

Block ciphers encrypt data in fixed-size blocks while stream ciphers encrypt data one bit at a time.

Study Notes

Cryptography

• Cryptography is the practice and study of techniques for secure communication in the presence of adversarial behavior.
• Organizations need to secure data internally and externally.
• Four key elements for secure communications:
  • Data integrity—ensures the message wasn't altered.
  • Origin authentication—verifies the message's origin.
  • Data confidentiality—guarantees only authorized users can read the message.
  • Data non-repudiation—prevents the sender from denying sending the message.

Cryptographic Hash Functions

• Hashes are used to verify data integrity; ensure data hasn't been altered
• Hashing uses a one-way mathematical function. Easy to compute but hard to reverse.
• A hash function takes variable binary data and produces a fixed-length hash.
• The hash is also called a message digest or digital fingerprint.
• Different data sets cannot create the same hash.
• Changes to data will alter the hash value.

Cryptographic Hash Operation

• The mathematical equation h = H(x) describes how a hash algorithm works.
• A hash function takes input x and produces a fixed-size hash value h.
• Cryptographic hash functions must have these properties:
  • Input can be any length.
  • Output has a fixed length.
  • H(x) is relatively easy to compute for a given x.
  • H(x) is one-way and not reversible.
  • H(x) produces different output for different inputs (collision-free).

MD5 and SHA

• Hash functions ensure message integrity (accidental or intentional alterations).
• There are four major hash functions:
  • MD5 (128-bit digest): A one-way function.
  • SHA-1 (160-bit digest): Similar to MD5 but slower.
  • SHA-2 (256, 384, 512-bit digests): Provides enhanced security.
• Hashing doesn't protect against deliberate changes.
• Vulnerable to man-in-the-middle attacks (no sender authentication).

Origin Authentication

• HMAC adds origin authentication and integrity. A keyed-hash message authentication code.
• HMAC uses an additional secret key as input to a hash function
• Only sender and receiver have access to the secret key.
• Computation of the HMAC digest requires the secret key

Data Confidentiality

• Two encryption types provide data confidentiality: symmetric and asymmetric.
• Symmetric encryption algorithms (DES, 3DES, AES) use the same key for encryption and decryption.
  • Uses less processing power but requires a pre-shared key.
  • Key length is short(40-256 bits).
• Asymmetric encryption algorithms (RSA, PKI) use different keys for encryption and decryption.
  • Uses more processing power but ensures security without pre-shared keys.
  • Key length is long (512-4096 bits).

Symmetric Encryption

• Symmetric encryption algorithms use the same pre-shared secret key for encryption and decryption. It is frequently used for VPN traffic due to its ability in handling large amounts of data compared to asymmetric encryption.
• Encryption keys are generally between 112 and 256 bits. A larger key size aids in protecting it from decryption attempts.
• Symmetric encryption algorithms are often categorized as either block ciphers or stream ciphers.
• Block ciphers encrypt data in fixed-size blocks (often 64 or 128 bits), while stream ciphers encrypt data one bit or byte at a time.

Asymmetric Encryption

• Asymmetric encryption, also called public-key encryption, uses different keys for encryption and decryption.
• Asymmetric encryption uses a public key and a private key.
• The public key is used for encryption, only the private key can decrypt data.
• Asymmetric algorithms are substantially slower than symmetric algorithms.
• Asymmetric algorithms support key lengths between 512 and 4096 bits to enhance security.

Asymmetric Encryption – Confidentiality

• Asymmetric encryption initiates its confidentiality objective with the public key.
• The general concept is: encrypt with public key, decrypt with private key.
• The receiver's public key is needed for securing confidentiality.
• Only one host has the private key.

Asymmetric Encryption – Authentication

• Asymmetric encryption's authentication objective initiates with the private key.
• Encrypts data with the private key, but the corresponding public key decrypts the data.
• Only the host with the private key can encrypt a message, confirming the sender.
• Decryption using the recipient's public key verifies the sender.

Asymmetric Encryption - Integrity

• Combining asymmetric encryption operations provides confidentiality, authentication, and integrity.
• Messages are encrypted with the sender's public key, and the hash is encrypted with the sender's private key to maintain message integrity.

Diffie-Hellman

• Diffie-Hellman is a public-key algorithm that facilitates secure key exchange between two parties. The parties don't exchange the key itself; they calculate the key using a shared secret, calculated mathematically.

Hybrid Encryption

• Hybrid encryption combines the speed of symmetric encryption with the security of asymmetric encryption.
• Asymmetric encryption is used to securely exchange a symmetric key.
• The symmetric key is then used to encrypt the actual data.

Public Key Cryptography

• Public-key cryptography uses different keys for encryption and decryption.

Using Digital Signatures

• Digital signatures—a mathematical technique that assures the authenticity, integrity, and nonrepudiation of messages.
• Uses asymmetric cryptography.
• Commonly employed for code signing and verifying website identity.
• Digital certificates are used to authenticate identities and secure data exchange.
• Digitally signed software assures that the product is not tampered with or altered as it was originally designed and intended for its intended use.

Digital Signatures for Code Signing

• Digital signatures provide authentication and data integrity, crucial when verifying software code's origin and lack of tampering.
• Code signing verifies executable files' integrity.
• Digitally signed code guarantees authenticity and prevents unauthorized modifications to the original code.

The Public Key Infrastructure (PKI)

• PKI is a framework for creating, managing, storing, distributing, and revoking digital certificates.
• PKI is critical for large-scale trust and secure data exchange within a network.
• PKI utilizes a trusted third party called a Certificate Authority (CA) to validate and issue digital certificates.

VPN Overview

• VPNs create secure connections between sites and users.
• VPN traffic is encrypted during transmission, ensuring confidentiality.
• VPNs are often used to connect to corporate networks from remote locations.

VPN Benefits

• Cost savings from using less expensive wider bandwidth options for data transmission.
• Enhanced security and data protection.
• Scalability and flexibility to support new users without additional infrastructure.
• Enhanced compatibility over various network configurations, including remote access from users in varied locations.

VPN Topologies

• VPN topologies describe how VPNs are configured for secure connections.
• Site-to-site VPNs are configured to allow sites to communicate with one another securely.
• Remote-access VPNs establishes secure remote connections from users to the VPN terminating device.

Stuxnet

• Stuxnet is a sophisticated computer worm that targeted industrial control systems to cause damage. It used sophisticated techniques for evasion of detection and targeted attacks, as well as exploiting exploits that haven't been found yet.

Description

This quiz explores the fundamental concepts of cryptography, focusing on secure communication techniques. It covers key elements like data integrity, origin authentication, confidentiality, and non-repudiation. Additionally, it delves into cryptographic hash functions and their role in ensuring data integrity.