Term
| The party trying to prove it's identity is the ____; the other party is the ____ |
|
Definition
|
|
Term
| ____ is the first handshaking stage. It is the negotiation of ___ methods to be used in communication. |
|
Definition
Negotiation
cryptographic methods |
|
|
Term
The two public key encryption ciphers are ____ and ____.
Which is more efficient? |
|
Definition
RSA and ECC (Elliptic Curve Cryptography)
ECC is more efficient. |
|
|
Term
| ____ is the strongest cipher with the lowest RAM requirements. The key lengths are ___ ___ and___ |
|
Definition
|
|
Term
| ___ encryption is fast and uses a small amount of RAM, so it is ideal for ____ |
|
Definition
|
|
Term
| _____ is used when logging into servers |
|
Definition
| Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) |
|
|
Term
| ____ Authenticates a single message with public key encryption. |
|
Definition
|
|
Term
| Nearly all encryption for confidentiality uses ____ |
|
Definition
|
|
Term
| When the identity of a communication partner is tested by both sides it is _____ |
|
Definition
|
|
Term
| ____ variants provide more secure hashing. Never use ___ or ___ as they are unsecured. |
|
Definition
Secure Hash Algorithm (SHA)
MD5 or SHA-1 |
|
|
Term
| When encrypting a message digest with it's own private key, this is called ____ |
|
Definition
|
|
Term
| The second handshaking stage is ___ |
|
Definition
|
|
Term
| ____ use ___ that represent complete words or phrases. Why is this limiting? |
|
Definition
| Codes use Code symbols. With enough examples a code can be easily broken. |
|
|
Term
| Step one in creating a digital signature for authentication, the plaintext message is hashed, creating the_____ |
|
Definition
|
|
Term
In ongoing secured communication:
1. The sender sends a(n) ____ to authenticate each message (for message by message authentication)
2. Electronic signatures provide _____
3. The sender encrypts the message and ______ |
|
Definition
1. electronic signature
2. message integrity
3. digital signature |
|
|
Term
| ___ specifies both the protections to be applied and the mathematical processes that will be used to provide protections. |
|
Definition
| Cryptographic system standard |
|
|
Term
| _____ is sending keys or secrets securely. |
|
Definition
|
|
Term
| ____ is a specific set of options in SSL/TLS. |
|
Definition
|
|
Term
| Protections are now provided by a(n) ____ which is a packaged set of cryptographic countermeasures for protecting dialogues. |
|
Definition
|
|
Term
| A cipher where the letters are moved around within a message, based on their initial position in the message. |
|
Definition
|
|
Term
| ____ is when both parties authenticate themselves. |
|
Definition
|
|
Term
| As the duration of key use increases, so does traffic volume and so must ____ for security |
|
Definition
|
|
Term
| ___ is trying all possible keys until the correct one is found |
|
Definition
|
|
Term
| ____ turns the cipher text back to plaintext. |
|
Definition
|
|
Term
| Public key encryption can be used to deliver ____ securely |
|
Definition
|
|
Term
| What are the most common ciphers |
|
Definition
|
|
Term
| ____ is based on password authentication on servers. |
|
Definition
| Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) |
|
|
Term
| ____: which means that people who intercept messages can't read them. |
|
Definition
|
|
Term
| The simplest type of cryptanalysis is ____; which is trying all possible keys until the cryptanalyst finds the right key. |
|
Definition
|
|
Term
| In public key encryption, each party has two keys. What are they? |
|
Definition
|
|
Term
| A cipher that both parties encrypt and decrypt with the same key. |
|
Definition
|
|
Term
| A random string of 40 to 4,000 bits. |
|
Definition
|
|
Term
| ____ extends the effective key size of ____ by applying the algorithm multiple times in a row. How many times does it apply the algorithm? |
|
Definition
|
|
Term
| In step 2 of producing a digital signature, the sender encrypts the message with their own private key. This creates the ____. |
|
Definition
|
|
Term
| In order to have confidentiality, communication partners need to keep the ____ secret, not the ____. |
|
Definition
|
|
Term
| ____ was the original purpose for cryptology. |
|
Definition
| Encryption for confidentiality |
|
|
Term
| ____ is converting the message's bits by dividing it by a number and using the remainder. This process is ____. |
|
Definition
|
|
Term
| Real world ciphers mix several rounds of both ____ and ____ to ensure randomness. |
|
Definition
Substitution
Transposition |
|
|
Term
| ____ is the crptographic process that turns plaintext into a seemingly random stream of bits called ____. |
|
Definition
|
|
Term
| Using public key encryption for authentication, the supplicant proves it knows something no one else will, the true party's ____. |
|
Definition
|
|
Term
| By using a random ____, the cipher can make it impossible to analyze the text by letter frequency. |
|
Definition
|
|
Term
Key that are prohibitively time consuming to crack.
How long do they have to be today to be considered strong? |
|
Definition
Strong symmetric keys
100 bits |
|
|
Term
| A cipher where one character is substituted for another, but the character position isn't changed. |
|
Definition
|
|
Term
On average, a cryptographer will have to try ____ of all keys before succeeding.
What is the formula to calculate the number of attempts before succeeding? |
|
Definition
Half
(2^N/2) where N= key length (in bits) |
|
|
Term
| Most math processes in ciphers use variations of two basic math processes. ____ and ____. |
|
Definition
Substitution
Transposition |
|
|
Term
| Ciphers use ____ rounds of computations. |
|
Definition
|
|
Term
| ____ is the original, unencrypted, message. |
|
Definition
|
|
Term
| Ciphertext encrypted with proprietary algorithms are typically cracked ____, even if the attacker doesn't know the detailed cipher. |
|
Definition
|
|
Term
| The use of mathematical operations to protect messages traveling between parties or stored on a computer. |
|
Definition
|
|
Term
| A specific mathematical process used in encryption and decryption. |
|
Definition
|
|
Term
| Relying on secrecy, or an attacker's inability to obtain information about the cipher, rather than the robustness of the cipher itself is ____. |
|
Definition
| Security through obscurity |
|
|
Term
| ____ is the person the supplicant claims to be. |
|
Definition
|
|
Term
| What are the capabilities of RC4 |
|
Definition
40 or more bits
very weak key strength
Low RAM requirements
Can use variable key length |
|
|
Term
| What are the capabilities of DES |
|
Definition
56 bit Key
Weak key strength
Moderate RAM and proccessing requirements |
|
|
Term
| What are the capabilities of 3DES |
|
Definition
112 or 168 bit Key
Strong key strength
High processing requirements
Moderate RAM requirements |
|
|
Term
| What are the capabilities of 3DES |
|
Definition
128, 192 or 256 bit Key
Strong key strength
low processing requirements
Low RAM requirements |
|
|
Term
| the DES key is ___ bits long. It comes in a bock of ___, of which ___ bits represents the key. the other 8 bits are redundant. |
|
Definition
|
|
Term
When two parties begin to communicate via a cryptographic they go through 3 handshaking stages.
Stage 1 ___.
Stage 2 ___.
Stage 3 ___. |
|
Definition
1. Initial negotiation of security parameters
2. initial authentication (usually mutual)
3. Keying (secure exchange of keys and other secrets) |
|
|
Term
Cryptographic methods of ongoing communications.
1. Sender sends a(n) ___ to each message. This allows ___.
2. A good electronic signature provides ___.
3. The sender encrypts the combined message and electronic signature for ___. |
|
Definition
1. Electronic Signature
The receiver to authenticate each message.
2. Message integrity
3. Confidentiality |
|
|
Term
| To get a party's public key from a trusted source, you get it from a ___. |
|
Definition
|
|
Term
| A ___ is a(n) independent and trusted source of information about the public keys of true parties. |
|
Definition
|
|
Term
| A ___ contains a number of fields. Most importantly it contains the ___ in the subject field, and the ___ in the Public Key field. |
|
Definition
1. Digital Certificate
2. Name of the true party
3. True party's public key |
|
|
Term
| What are the fields of a digital certificate? |
|
Definition
Version number
Issuer serial number
Subject
Public Key
Public Key algorithm
Valid period
Digital Signature
Signature algorithm
Identifier
Other fields. |
|
|
Term
| What goes into testing a digital certificate? |
|
Definition
1. Test the digital signature.
It has it's own digital signature
Signed with the CA's private key
Tested with the CA's public key
Check the valid period
Check for revocation |
|
|
Term
| To check for a revoked certificate, a verifier can do the following. |
|
Definition
Download the certification revocation list.
Check the Online Certificate Status Protocol. |
|
|
Term
|
Definition
| Key-Hashed message Authentication Codes |
|
|
Term
|
Definition
The sender adds the key to each outgoing message then hashes the combined message and key.
The recipient decrypts it and tests the HMAC. The computed HMAC should match the transmitted one. |
|
|
Term
| ___ means the sender can't send an important message and later claim that they didn't send it. This is used through ___. |
|
Definition
Nonrepudiation
electronic signatures |
|
|
Term
| ___ occurs when an attacker intercepts an encrypted message and transmits it later. This works even if the message is encrypted for ___ and the attacker can't read it. |
|
Definition
Replay attack
Confidentiality |
|
|
Term
| TO ensure freshness of a message, you can include a ___ |
|
Definition
|
|
Term
| ___ is a randomly generated number attached to a message to deny a replay attack. The same generated number is never used twice. |
|
Definition
|
|
Term
___ delivers enormously long keys to communication partners.
This is a ___ use key. |
|
Definition
Quantum Key distribution
one time |
|
|
Term
| Quantum key distribution creates a ___ that is as long as the entire message. |
|
Definition
|
|
Term
| ___ can be used to crack keys quickly by trying dozens, hundreds or thousands of keys at once. |
|
Definition
|
|
Term
| ___ combine all of the cryptographic protections, including confidentiality, authentication and integrity into a single system |
|
Definition
|
|
Term
| ___ is created by using a cryptographic system to secure communication over an untrusted network. |
|
Definition
| Virtual Private Network (VPN) |
|
|
Term
| ___ connects a single client over an untrusted network to a single server. This gives you access to a ___ computer |
|
Definition
|
|
Term
| ___ connects a single remote PC over an untrusted network to a site network. |
|
Definition
|
|
Term
| Remote access users connect to a ___ which authenticates them and gives them access to authorized resources within the site. This gateway gives remote users access to ___ computers within the site. |
|
Definition
|
|
Term
| ___ protects all traffic flowing over an untrusted network between a pair of sites. |
|
Definition
|
|
Term
| Site to Site VPNs connections cryptographically protects teh traffic of ___ simultaneous conversation(s) taking place between various computers in the sites. |
|
Definition
|
|
Term
| What is the VPN standard for now? |
|
Definition
|
|
Term
| SSL/TLS is the cryptographic standard for ___ VPNs and ___ VPNs |
|
Definition
Host to Host
Remote Access |
|
|
Term
| Because SSL/TLS works at the ___ layer, it can protect application layer traffic encapsulated in the ___ messages. |
|
Definition
|
|
Term
| SSL/TLSs protection of the application layer messages is not ___, which means it doesn't ___ protect all higher-layer messages. It only protects applications that are ___. |
|
Definition
transparent
automatically
SSL/TLS-aware |
|
|
Term
To convert SSl/TLS from a host to host VPN to a remote access VPN, firms place a(n) ___ at the border of each site.
Then the remote client's browser establishes a(n) ___ connection rather than with the individual hosts within the site. |
|
Definition
SSL/TLS gateway
Single SSL/TLS |
|
|
Term
How many SSL/TLS gateway standards are there?
Why? |
|
Definition
None
SSL/TLS governs the link between the client and the SSL/TLS gateway |
|
|
Term
| A SSL/TLS gateay is simply a ___ as far as SSL/TLS is concerned |
|
Definition
|
|
Term
| what are the common features of SSL/TLS gateways? |
|
Definition
Authentication: the gateway authenticates itself to the client via public key authentication
Connection the client PC to authorized resources. |
|
|
Term
| VPN gateways ___ messages for browsers to present to users. |
|
Definition
|
|
Term
| There may or may not be security between the SSL/TLS gateway and resources ___ the network. |
|
Definition
|
|
Term
| PGP stands for what? What is it used for? |
|
Definition
Pretty good privacy
Send encrypted emails that governments cant decrypt. |
|
|
Term
| SRTP states for what? How is it used? |
|
Definition
Secure Real-time Transport Protocol.
It uses negotiated keys to encrypt VoIP calls. |
|
|
Term
| What is the strongest VPN security? |
|
Definition
|
|
Term
| IPsec operates at the ___ layer and protects the ___ data field. |
|
Definition
|
|
Term
| Does IPsec increase or decrease implementation cost? How? |
|
Definition
| Decrease by reducing workarounds. However, IPsec is more costly and complex overall to install. |
|
|
Term
| ___ gives host-to-host security. |
|
Definition
|
|
Term
| Transport mode (in regards to IPsec) is attractive because it provides security when packets travel over ___ networks as well as across ___. |
|
Definition
|
|
Term
| On the negative side, transport mode IPsec requires forms to set up IPsec explicitly on ___ and ___ |
|
Definition
|
|
Term
| ___ only protects traffic between two IPsecgateways at different sites. This creates a site to site VPN. |
|
Definition
|
|
Term
The major advantage of IPsec Tunnel mode operation is ___. All of the cryptographic work is done on the IPsec ___ servers.
In addition, IPsec Tunnel mode is ___ friendly. How? |
|
Definition
Cost
gateway
firewall. Packets are only encrypted between the two IPsec gateways. After a packet arrives it can be filtered by the firewall |
|
|
Term
| What is the main disadvantage of IPsec Tunnel Mode? |
|
Definition
| It gives no protection at all to IP packets when they are traveling WITHIN the site networks at the two sites |
|
|
Term
| ___ is an agreement about what IPsec security methods and operations two hosts or two IPsec gateways will use. |
|
Definition
| Security Association (SA) |
|
|
Term
| When two parties communicate, they must establish ___ SA's. |
|
Definition
| Two. One in each direction. |
|
|
Term
| SSL/TLS has no way to set and enforce policies centrally, but ___ does. |
|
Definition
|
|
Term
| IPsec supports the use of ___, which pushes a list of suitable policies to individual IPsec gateway servers or hosts. |
|
Definition
|
|
