Security Fundamentals Chapter 3 - Cryptography Exam Questions with Answers

Security Fundamentals: Chapter 3 - Cryptography Exam Questions with Answers Cryptography - Correct Answers: Scrambling information so it cannot be read; transforms information into secure forms so unauthorized persons cannot access it. Steganography - Correct Answers: Hides the existence of data; an image, audio, or video file can contain hidden messages embedded in the file; achieved by dividing the data and hiding it in unused portions of the file; may hide data in the file header fields that describe the file, between sections of the metadata. Metadata - Correct Answers: Data used to describe the content or structure of the actual data. Encryption - Correct Answers: Changing original text into a secret message using cryptography. Decryption - Correct Answers: Changing a secret message back to its original form. Plaintext - Correct Answers: Unencrypted data to be encrypted or is the output of decryption. Ciphertext - Correct Answers: The scrambled and unreadable output of encryption. Cleartext data - Correct Answers: Data stored or transmitted without encryption. Cryptographic Algorithm - Correct Answers: Also called a cipher, consists of procedures based on a mathematical formula used to encrypt and decrypt the data. Key - Correct Answers: A mathematical value entered into the algorithm to produce ciphertext; the reverse process uses the key to decrypt the message. Substitution Cipher - Correct Answers: Substitutes one character for another. E.g., ROT13 XOR Cipher - Correct Answers: Based on the binary operation eXclusive OR that compares two bits. LUCIANO (Without the "LU"!!) - Correct Answers: Confidentiality, Integrity, Authentication, Non-Repudiation, Obfuscation Confidentiality - Correct Answers: Ensures only authorized parties can view it. Authentication - Correct Answers: Ensures sender can be verified through cryptography. Integrity - Correct Answers: Ensures information is correct and unaltered. Non-Repudiation - Correct Answers: Proves that a user performed an action. Obfuscation - Correct Answers: Making something obscure or unclear. Security through Obscurity - Correct Answers: An approach in security where virtually any system can be made secure as long as outsiders are unaware of it or how it functions. Cryptography can provide protection to data that resides in any of three states. - Correct Answers: Data-in-Use, Data-in-Transit, and Data-at-Rest. Resource vs. Security Constraint - Correct Answers: A limitation in providing strong cryptography due to the tug-of-war between available resources (time and energy) and the security provided by cryptography. High Resiliency - Correct Answers: The ability to recover from resource vs security constraints. The three categories of cryptographic algorithms - Correct Answers: Hash Algorithms, Symmetric Cryptographic Algorithms, and Asymmetric Cryptographic Algorithms. Hash Alogrithms - Correct Answers: Creates a unique "digital fingerprint" of a set of data and is commonly called "hashing"; fingerprint is often called a "digest", and it represents the contents; contents cannot be used to reveal original data set; primarily used for comparison purposes. Fixed Size - Correct Answers: Hashing characteristic; short and long data sets have the same size hash. Unique - Correct Answers: Hashing characteristic; two different data sets cannot produce the same hash, which is known as COLLISION. Original - Correct Answers: Hashing characteristic; data set cannot be created to have a predefined hash. Secure - Correct Answers: Hash characteristic; resulting hash cannot be reversed to determine original plaintext. Message Digest 5 (MD5) - Correct Answers: Most well-known of MD hash algorithms; message length padded to 512 bits; weaknesses in compression function could lead to collisions; some security experts recommend using a more secure hash algorithm. Secure Hash Algorithm (SHA) - Correct Answers: More secure than MD; SHA-2 is currently considered to be a secure hash; SHA-3 was announced as a new standard in 2015 and may be suitable for low-power devices. Race Integrity Primitives Evaluation Message Digest (RIPEMD) - Correct Answers: The primary design feature is two different and independent parallel chains of computation; results are combines at the end of the process. Hashed Message Authentication Code (HMAC) - Correct Answers: A hash variation providing improved security; uses a "shared secret hey" possessed y sender and receiver; receiver uses a key to decrypt the hash. Symmetric Cryptography Algorithms - Correct Answers: Use the same single key to encrypt and decrypt a document; also called private key cryptography. Common Symmetric Cryptographic Algorithms - Correct Answers: DES, 3DES, AES, etc. Data Encryption Standard (DES) - Correct Answers: Uses 56-bit key; block cipher; based on product designed in early 1970s. Triple Data Encryption Standard (3DES) - Correct Answers: Replaces DES; uses three rounds of encryption; ciphertext of first roud becomes input for second round; most secure versions use different keys used for each round. Advanced Encryption Standard (AES) - Correct Answers: A symmetric cipher approved by the NIST in 2000 as a replacement for DES; performs three steps on every block (128 bits) of plaintext; designed to be secure well into the future. Other AES Standards - Correct Answers: Rivest Cipher (RC); Blowfish; International Data Encryption Algorithm (IDEA). Weakness of symmetric algorithms - Correct Answers: Distributing and maintaining a secure single key among multiple users distributed geographically. Asymmetric Cryptographic Algorithms - Correct Answers: Also known as Public Key Cryptography; uses two mathematically related keys; public key available to everyone and freely distributed; private key known only to individual to whom it belongs. Important principles of Asymmetric Cryptographic Algorithms - Correct Answers: Key pairs; public key; private key; both directions - keys can work in both directions. Common Asymmetric Cryptographic Algorithms - Correct Answers: RSA, Elliptic Curve Cryptography, Digital Signature Algorithm, and those relating to Key Exchange. RSA - Correct Answers: Published in 1977 - patented by MIT in 1983; most common asymmetric cryptography algorithm; uses two large prime numbers. Elliptic Curve Cryptography (ECC) - Correct Answers: Users share one elliptic curve and one point on the curve; uses less computing power than prime number-based asymmetric cryptography - key sizes are smaller; considered as an alternative for prime number-based asymmetric cryptography for mobile and wireless devices. Digital Signature Algorithm (DSA) - Correct Answers: Digital structure - an electronic verification; verifies the sender; prevents sender from disowning the message, and proves message integrity. Key Exchange - Correct Answers: There are different solutions for key exchange: Diffie-Hellman (DH) Diffie-Hellman Ephemeral (DHE) Elliptic Curve Diffie-Hellman (ECDH) Perfect Forward Security Cryptographic Attacks - Correct Answers: Several of the more common cryptographic attacks include those that: Target algorithm weaknesses Exploit collisions Cryptography should be used to secure: - Correct Answers: Data-in-transit, data-at-rest, and when possible data-in-use. Cryptography can be applied through: - Correct Answers: Software and Hardware File & File System Cryptography - Correct Answers: Encryption software can be used to encrypt or decrypt files one-by-one. Pretty Good Privacy (PGP) - Correct Answers: Widely used asymmetric cryptography system; used for files and e-mails on Windows systems. GNU Privacy Guard (GNuPG) - Correct Answers: Open-source product that runs on Windows, UNIX, and Linux operating systems that provides asymmetric cryptography. OpenPGP - Correct Answers: Another open-source alternative that is based on PGP. Operating System Encryption - Correct Answers: Microsoft Windows Encrypting File System (EFS); cryptography system for Windows; uses the NTFS file system; tightly integrated with the file system; encryption and decryption are transparent to the user. Full Disk Encryption (FDE) - Correct Answers: Protects all data on a HDD or SSD; prevents attackers from accessing data bu booting from another OS or placing the hard drive in another computer. Hardware Encryption - Correct Answers: Provides higher degree of security; can be applied to USB devices and standard hard drives. Examples of Hardware Encryption - Correct Answers: Trusted Platform Module, and Hardware Security Module. USB Device Encryption - Correct Answers: Encryption on hardware-based flash drives can be used; will not connect to a computer until correct password has been provided; all data copied to the drive is automatically encrypted; tamper-resistant external cases; can be remotely controlled and activity can be tracked; stolen devices can be remotely disabled. Self-Encrypting Drives (SEDs) - Correct Answers: Protects all files stored on them; the drive and host device perform an authentication process during initial power up; if authentication fails, the drive can be configured to deny access or even delete encryption keys so all data is permanently unreadable. Trusted Platform Module (TPM) - Correct Answers: A chip on a computer's motherboard that provides cryptographic services; includes a true random number generator; entirely done in hardware so it cannot be subject to software attack; prevents computer from booting if files or data have been altered; prompts for password if hard drive is moved to a new computer. Hardware Security Module (HSM) - Correct Answers: A secure cryptographic processor; includes an onboard key generator and key storage facility; performs accelerated symmetric and asymmetric encryption; can provide services to multiple devices over a LAN.