This is the original message or data that is fed into the algorithm as input. a. Plaintext b. Encryption Algorithm c. Secret Key d. Ciphertext e. Decryption Algorithm a. Plaintext Part of the symmetric encryption scheme performs various substitutions and transformations on the plaintext. a. Plaintext b. Encryption Algorithm c. Secret Key d. Ciphertext e.
Decryption Algorithm The ______ is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the _____. a. Plaintext b. Encryption Algorithm c. Secret Key d. Ciphertext e. Decryption Algorithm This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two
different _______. a. Encryption Algorithm b. Ciphertext c. Decryption Algorithm This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. a. Plaintext b. Encryption Algorithm c. Decryption Algorithm _________ rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the
plaintext or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. If the attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised. a. Cryptanalytic Attacks b. Brute-Force Attack a. Cryptanalytiic Attacks ______ is to try
every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. a. Cryptanalytic Attacks b. Brute-Force Attack c. Hash Function d. Weak Collision Resistant There are two general approaches to attacking a symmetric encryption scheme. what are they? 1. Cryptanalytic Attacks
2. Brute-Force Attack
What is the most widely used encryption scheme?
a. Advanced Encryption Standard (AES)
b. Data Encryption Standard (DES)
c. Digital Signature Standard
d. Secure Hash Algorithm (SHA)
b. Data Encryption Standard (DES)
DES takes a plaintext block
of 64 bits and a key of 56 bits, to produce a ciphertext block of 64 bits.
alternative techniques developed to increase the security of symmetric block encryption for large sequences.
overcomes the weaknesses of ECB
a. One-way Hash Function
b. Second Preimage Resistant
c. Secure Hash Function
d. Modes of operation
d. Modes of operation
To increase the security of symmetric block encryption for large sequences of data, a number of alternative techniques have been develped. these modes overcome the weaknesses of Electronic Codebook (ECB); each mode has its own particular advantages.
This is the simplest approach to multiple-block encryption.
- Each block of plaintext is encrypted using the same key
- Cryptanalysts may be able to exploit regularities in the plaintext.
a. Electronic Codebook (ECB)
b. Message Authentication Code (MAC)
c. Encryption
a. Electronic Codebook (ECB)
For lengthy messages, the ECB mode may not be secure. A cryptanalyst may be able to exploit regularities in the plaintext to ease the task of decryption. For example, if it is known that the message always starts out with certain predefined fields, then the cryptanalyst may have a number of known plaintext-ciphertext pairs
to work with.
processes the input one block of elements at a time, producing an output block for each input block
a. Block Cipher
The advantage of a block cipher is that you can reuse keys. For applications that deal with blocks of data, such as file
transfer, e-mail, and database, block ciphers may be more appropriate.
Block Ciphers are far more common than stream ciphers.
processes the input elements continuously, producing output one element at a time, as it goes along.
a. Block Cipher b. Stream Cipher c. Ciphertext
d. cryptanalysis
b. Stream Cipher
The primary advantage of a stream cipher is that stream ciphers are almost always faster and use far less code than do block ciphers. . For applications that require encryption/decryption of a stream of data, such as over a data communications channel or a browser/Web link, a stream cipher might be the better alternative.
______ protects against active attacks, verifies received message is authentic, and can use conventional encryption.
As with Symmetric Encrption, what are the two approaches to attacking a secure hash function?
Cryptanalysis and Brute-Force Attack
A hash of a password is stored by an _______.
Operating System
a hash of a password is stored by an operating system rather than the password itself. Thus, the actual password is not retrievable by a hacker who gains access to the password file. In simple terms, when a user enters a password, the hash of that password is compared to the stored hash value for verification. This application requires preimage resistance and perhaps second preimage resistance.
Public-Key cryptography is _______, involving the use of two seppare keys, in contrast to symmtric encryption, which uses only one key.
Asymmetric
The use of two keys has profound consequences in the areas of confidentiality, key distribution, and authentication.
The security of any encryption scheme depends on _____ and _____.
1) The length of the key
2) The computational work involved in breaking a cipher.
The essential steps are the following:
1. Each user generates a pair of keys to be used for the encryption and decryption of messages.
2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. As Figure 2.7a suggests, each user maintains a collection of public keys obtained from others.
3. If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice’s public key.
4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
With this approach, all participants have access to public key, and private keys are generated locally by each participant and therefore need never be distributed. As long as a user
protects his or her ____, incoming communication is secure. At any time, a user can change the____ and publish the companion public key to replace the old public key.
This is the readable message or data that is fed into the algorithm as input.
The ___ _____ performs various transformations on the plaintext.
This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.
Public and Private Key
The exact transformations performed by the encryption algorithm depend on the public or private key that is provided as input.
This is the scrambled message produced as output. it depends on the plaintext and the key. for a given message, two different keys will produce two different _____.
This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
These are the requirements for _______
1) Computationally easy to create key pairs
2) Useful if either key can be used for each role
3) Computationally infeasible for opponent to otherwise recover original message.
4) Computationally infeasible for opponent to determine private key from public key.
5) Computationally easy for receiver knowing pricate key to decrypt ciphertext.
6) computationally easy for sender knowing public key to encrypt messages.
Public-Key Cryptosystems
1) It is computationally easy for a party B to generate a pair
2. It is computationally easy for a sender A, knowing the public key and the message to be encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M)
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message: M = D(PRb,C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an opponent, knowing the public key, PUb, to determine the private key, PRb.
5. It is computationally infeasible for an opponent, knowing the public key, PUb, and a ciphertext, C, to recover the original message, M.
We can add a sixth requirement that, although useful, is not necessary for all public-key applications:
6. Either of the two related keys can be used for encryption, with the other used for decryption.
M = D[PUb,
E(PRb, M)] = D[PRb, E(PUb, M)]
____ are used for authenticating both source and data integrity.
It is important to emphasize that the ____ does not provide confidentiality. That is, the message being sent is safe from alteration but not safe from eavesdropping. This is obvious in the case of a signature based on a portion of the message, because the rest of the message is transmitted in the clear. Even in the case of complete encryption, there is no protection of confidentiality because any observer can decrypt the message by using the sender’s public key.
Digital Signatures
Suppose that Bob wants to send a message to Alice. Although it is not important that the message be kept secret, he wants Alice to be certain that the message is indeed from him. For this purpose, Bob uses a secure hash function, such as SHA-512, to generate a hash value for the message and then encrypts the hash code with his
private key, creating a digital signature. Bob sends the message with the signature attached. When Alice receives the message plus signature, she (1) calculates a hash value for
the message; (2) decrypts the signature using Bob’s public key; and (3) compares the calculated hash value to the decrypted hash value. If the two hash values match, Alice is assured that the message must have been signed by Bob. No one else has Bob’s private key and therefore no one else
could have created a ciphertext that could be decrypted with Bob’s public key. In addition, it is impossible to alter the message without access to Bob’s private key, so the message is authenticated both in terms of source and in terms of data integrity.
_____ protects a message without needing to first arrage for a sender and receiver to have the same secret key.
Digital Envelopes
****equates to the same thing as a sealed envelope containing an unsigned letter.
The general approach is shown in Figure 2.9. Suppose Bob wishes to send a confidential message to Alice, but they do not share a symmetric secret key. Bob does the following:
1. Prepare a message.
2. Generate a random symmetric key that will be used this one time only.
3. Encrypt that message using symmetric encryption the one-time key.
4. Encrypt the one-time key using public-key encryption with Alice’s public key.
5. Attach the encrypted one-time key to the encrypted message and send it to Alice.
Only Alice is capable of decrypting the one-time key and therefore of recovering the original message. If Bob obtained Alice’s public key by means of Alice’s
public-key certificate, then Bob is assured that it is a valid key.
The distribution of numbers in the sequence should be uniform; that is, the frequency of occurrence of each of the numbers should be approximately the same.
No one value in the sequence can be inferred from the others.
What are the two criteria used to validate that a sequence of numbers is random?
Uniform Distribution and Independence
In applications such as reciprocal authentication and session key generation, the requirement is not so much that the sequence of numbers be statistically random but that the successive members of the sequence are ______
Unpredictable
With “true” random sequences, each number is statistically independent of other numbers in the sequence and therefore unpredictable.
Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and therefore produce
sequences of numbers that are not statistically random. However, if the algorithm is good, the
resulting sequences will pass many reasonable tests of randomness. Such numbers are referred to as ________.
A ______ uses a nondeterministic source to produce randomness.
- most operate by measuring unpredictable natural processes (e.g. radiation, gas discharge, leaky capacitors)
- increasingly provided on modern processors
true random number generator (TRNG)
What is one of the principal security requirements of a computer system?
Security mechanisms to provide such protection include access control, intrusion detection, and intrusion prevention schemes. . But beyond technical approaches, these approaches can become vulnerable because of human factors.
Protection of Stored Data