Term
The party trying to prove it's identity is the ____; the other party is the ____ |
|
Definition
|
|
Term
____ is the first handshaking stage. It is the negotiation of ___ methods to be used in communication. |
|
Definition
Negotiation cryptographic methods |
|
|
Term
The two public key encryption ciphers are ____ and ____. Which is more efficient? |
|
Definition
RSA and ECC (Elliptic Curve Cryptography) ECC is more efficient. |
|
|
Term
____ is the strongest cipher with the lowest RAM requirements. The key lengths are ___ ___ and___ |
|
Definition
|
|
Term
___ encryption is fast and uses a small amount of RAM, so it is ideal for ____ |
|
Definition
|
|
Term
_____ is used when logging into servers |
|
Definition
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) |
|
|
Term
____ Authenticates a single message with public key encryption. |
|
Definition
|
|
Term
Nearly all encryption for confidentiality uses ____ |
|
Definition
|
|
Term
When the identity of a communication partner is tested by both sides it is _____ |
|
Definition
|
|
Term
____ variants provide more secure hashing. Never use ___ or ___ as they are unsecured. |
|
Definition
Secure Hash Algorithm (SHA) MD5 or SHA-1 |
|
|
Term
When encrypting a message digest with it's own private key, this is called ____ |
|
Definition
|
|
Term
The second handshaking stage is ___ |
|
Definition
|
|
Term
____ use ___ that represent complete words or phrases. Why is this limiting? |
|
Definition
Codes use Code symbols. With enough examples a code can be easily broken. |
|
|
Term
Step one in creating a digital signature for authentication, the plaintext message is hashed, creating the_____ |
|
Definition
|
|
Term
In ongoing secured communication: 1. The sender sends a(n) ____ to authenticate each message (for message by message authentication) 2. Electronic signatures provide _____ 3. The sender encrypts the message and ______ |
|
Definition
1. electronic signature 2. message integrity 3. digital signature |
|
|
Term
___ specifies both the protections to be applied and the mathematical processes that will be used to provide protections. |
|
Definition
Cryptographic system standard |
|
|
Term
_____ is sending keys or secrets securely. |
|
Definition
|
|
Term
____ is a specific set of options in SSL/TLS. |
|
Definition
|
|
Term
Protections are now provided by a(n) ____ which is a packaged set of cryptographic countermeasures for protecting dialogues. |
|
Definition
|
|
Term
A cipher where the letters are moved around within a message, based on their initial position in the message. |
|
Definition
|
|
Term
____ is when both parties authenticate themselves. |
|
Definition
|
|
Term
As the duration of key use increases, so does traffic volume and so must ____ for security |
|
Definition
|
|
Term
___ is trying all possible keys until the correct one is found |
|
Definition
|
|
Term
____ turns the cipher text back to plaintext. |
|
Definition
|
|
Term
Public key encryption can be used to deliver ____ securely |
|
Definition
|
|
Term
What are the most common ciphers |
|
Definition
|
|
Term
____ is based on password authentication on servers. |
|
Definition
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) |
|
|
Term
____: which means that people who intercept messages can't read them. |
|
Definition
|
|
Term
The simplest type of cryptanalysis is ____; which is trying all possible keys until the cryptanalyst finds the right key. |
|
Definition
|
|
Term
In public key encryption, each party has two keys. What are they? |
|
Definition
|
|
Term
A cipher that both parties encrypt and decrypt with the same key. |
|
Definition
|
|
Term
A random string of 40 to 4,000 bits. |
|
Definition
|
|
Term
____ extends the effective key size of ____ by applying the algorithm multiple times in a row. How many times does it apply the algorithm? |
|
Definition
|
|
Term
In step 2 of producing a digital signature, the sender encrypts the message with their own private key. This creates the ____. |
|
Definition
|
|
Term
In order to have confidentiality, communication partners need to keep the ____ secret, not the ____. |
|
Definition
|
|
Term
____ was the original purpose for cryptology. |
|
Definition
Encryption for confidentiality |
|
|
Term
____ is converting the message's bits by dividing it by a number and using the remainder. This process is ____. |
|
Definition
|
|
Term
Real world ciphers mix several rounds of both ____ and ____ to ensure randomness. |
|
Definition
Substitution Transposition |
|
|
Term
____ is the crptographic process that turns plaintext into a seemingly random stream of bits called ____. |
|
Definition
|
|
Term
Using public key encryption for authentication, the supplicant proves it knows something no one else will, the true party's ____. |
|
Definition
|
|
Term
By using a random ____, the cipher can make it impossible to analyze the text by letter frequency. |
|
Definition
|
|
Term
Key that are prohibitively time consuming to crack.
How long do they have to be today to be considered strong? |
|
Definition
Strong symmetric keys
100 bits |
|
|
Term
A cipher where one character is substituted for another, but the character position isn't changed. |
|
Definition
|
|
Term
On average, a cryptographer will have to try ____ of all keys before succeeding.
What is the formula to calculate the number of attempts before succeeding? |
|
Definition
Half
(2^N/2) where N= key length (in bits) |
|
|
Term
Most math processes in ciphers use variations of two basic math processes. ____ and ____. |
|
Definition
Substitution Transposition |
|
|
Term
Ciphers use ____ rounds of computations. |
|
Definition
|
|
Term
____ is the original, unencrypted, message. |
|
Definition
|
|
Term
Ciphertext encrypted with proprietary algorithms are typically cracked ____, even if the attacker doesn't know the detailed cipher. |
|
Definition
|
|
Term
The use of mathematical operations to protect messages traveling between parties or stored on a computer. |
|
Definition
|
|
Term
A specific mathematical process used in encryption and decryption. |
|
Definition
|
|
Term
Relying on secrecy, or an attacker's inability to obtain information about the cipher, rather than the robustness of the cipher itself is ____. |
|
Definition
Security through obscurity |
|
|
Term
____ is the person the supplicant claims to be. |
|
Definition
|
|
Term
What are the capabilities of RC4 |
|
Definition
40 or more bits very weak key strength Low RAM requirements Can use variable key length |
|
|
Term
What are the capabilities of DES |
|
Definition
56 bit Key Weak key strength Moderate RAM and proccessing requirements |
|
|
Term
What are the capabilities of 3DES |
|
Definition
112 or 168 bit Key Strong key strength High processing requirements Moderate RAM requirements |
|
|
Term
What are the capabilities of 3DES |
|
Definition
128, 192 or 256 bit Key Strong key strength low processing requirements Low RAM requirements |
|
|
Term
the DES key is ___ bits long. It comes in a bock of ___, of which ___ bits represents the key. the other 8 bits are redundant. |
|
Definition
|
|
Term
When two parties begin to communicate via a cryptographic they go through 3 handshaking stages.
Stage 1 ___. Stage 2 ___. Stage 3 ___. |
|
Definition
1. Initial negotiation of security parameters 2. initial authentication (usually mutual) 3. Keying (secure exchange of keys and other secrets) |
|
|
Term
Cryptographic methods of ongoing communications. 1. Sender sends a(n) ___ to each message. This allows ___. 2. A good electronic signature provides ___. 3. The sender encrypts the combined message and electronic signature for ___. |
|
Definition
1. Electronic Signature The receiver to authenticate each message. 2. Message integrity 3. Confidentiality |
|
|
Term
To get a party's public key from a trusted source, you get it from a ___. |
|
Definition
|
|
Term
A ___ is a(n) independent and trusted source of information about the public keys of true parties. |
|
Definition
|
|
Term
A ___ contains a number of fields. Most importantly it contains the ___ in the subject field, and the ___ in the Public Key field. |
|
Definition
1. Digital Certificate 2. Name of the true party 3. True party's public key |
|
|
Term
What are the fields of a digital certificate? |
|
Definition
Version number Issuer serial number Subject Public Key Public Key algorithm Valid period Digital Signature Signature algorithm Identifier Other fields. |
|
|
Term
What goes into testing a digital certificate? |
|
Definition
1. Test the digital signature. It has it's own digital signature Signed with the CA's private key Tested with the CA's public key Check the valid period Check for revocation |
|
|
Term
To check for a revoked certificate, a verifier can do the following. |
|
Definition
Download the certification revocation list. Check the Online Certificate Status Protocol. |
|
|
Term
|
Definition
Key-Hashed message Authentication Codes |
|
|
Term
|
Definition
The sender adds the key to each outgoing message then hashes the combined message and key.
The recipient decrypts it and tests the HMAC. The computed HMAC should match the transmitted one. |
|
|
Term
___ means the sender can't send an important message and later claim that they didn't send it. This is used through ___. |
|
Definition
Nonrepudiation electronic signatures |
|
|
Term
___ occurs when an attacker intercepts an encrypted message and transmits it later. This works even if the message is encrypted for ___ and the attacker can't read it. |
|
Definition
Replay attack Confidentiality |
|
|
Term
TO ensure freshness of a message, you can include a ___ |
|
Definition
|
|
Term
___ is a randomly generated number attached to a message to deny a replay attack. The same generated number is never used twice. |
|
Definition
|
|
Term
___ delivers enormously long keys to communication partners. This is a ___ use key. |
|
Definition
Quantum Key distribution one time |
|
|
Term
Quantum key distribution creates a ___ that is as long as the entire message. |
|
Definition
|
|
Term
___ can be used to crack keys quickly by trying dozens, hundreds or thousands of keys at once. |
|
Definition
|
|
Term
___ combine all of the cryptographic protections, including confidentiality, authentication and integrity into a single system |
|
Definition
|
|
Term
___ is created by using a cryptographic system to secure communication over an untrusted network. |
|
Definition
Virtual Private Network (VPN) |
|
|
Term
___ connects a single client over an untrusted network to a single server. This gives you access to a ___ computer |
|
Definition
|
|
Term
___ connects a single remote PC over an untrusted network to a site network. |
|
Definition
|
|
Term
Remote access users connect to a ___ which authenticates them and gives them access to authorized resources within the site. This gateway gives remote users access to ___ computers within the site. |
|
Definition
|
|
Term
___ protects all traffic flowing over an untrusted network between a pair of sites. |
|
Definition
|
|
Term
Site to Site VPNs connections cryptographically protects teh traffic of ___ simultaneous conversation(s) taking place between various computers in the sites. |
|
Definition
|
|
Term
What is the VPN standard for now? |
|
Definition
|
|
Term
SSL/TLS is the cryptographic standard for ___ VPNs and ___ VPNs |
|
Definition
Host to Host Remote Access |
|
|
Term
Because SSL/TLS works at the ___ layer, it can protect application layer traffic encapsulated in the ___ messages. |
|
Definition
|
|
Term
SSL/TLSs protection of the application layer messages is not ___, which means it doesn't ___ protect all higher-layer messages. It only protects applications that are ___. |
|
Definition
transparent automatically SSL/TLS-aware |
|
|
Term
To convert SSl/TLS from a host to host VPN to a remote access VPN, firms place a(n) ___ at the border of each site. Then the remote client's browser establishes a(n) ___ connection rather than with the individual hosts within the site. |
|
Definition
SSL/TLS gateway Single SSL/TLS |
|
|
Term
How many SSL/TLS gateway standards are there? Why? |
|
Definition
None SSL/TLS governs the link between the client and the SSL/TLS gateway |
|
|
Term
A SSL/TLS gateay is simply a ___ as far as SSL/TLS is concerned |
|
Definition
|
|
Term
what are the common features of SSL/TLS gateways? |
|
Definition
Authentication: the gateway authenticates itself to the client via public key authentication Connection the client PC to authorized resources. |
|
|
Term
VPN gateways ___ messages for browsers to present to users. |
|
Definition
|
|
Term
There may or may not be security between the SSL/TLS gateway and resources ___ the network. |
|
Definition
|
|
Term
PGP stands for what? What is it used for? |
|
Definition
Pretty good privacy Send encrypted emails that governments cant decrypt. |
|
|
Term
SRTP states for what? How is it used? |
|
Definition
Secure Real-time Transport Protocol. It uses negotiated keys to encrypt VoIP calls. |
|
|
Term
What is the strongest VPN security? |
|
Definition
|
|
Term
IPsec operates at the ___ layer and protects the ___ data field. |
|
Definition
|
|
Term
Does IPsec increase or decrease implementation cost? How? |
|
Definition
Decrease by reducing workarounds. However, IPsec is more costly and complex overall to install. |
|
|
Term
___ gives host-to-host security. |
|
Definition
|
|
Term
Transport mode (in regards to IPsec) is attractive because it provides security when packets travel over ___ networks as well as across ___. |
|
Definition
|
|
Term
On the negative side, transport mode IPsec requires forms to set up IPsec explicitly on ___ and ___ |
|
Definition
|
|
Term
___ only protects traffic between two IPsecgateways at different sites. This creates a site to site VPN. |
|
Definition
|
|
Term
The major advantage of IPsec Tunnel mode operation is ___. All of the cryptographic work is done on the IPsec ___ servers. In addition, IPsec Tunnel mode is ___ friendly. How? |
|
Definition
Cost gateway firewall. Packets are only encrypted between the two IPsec gateways. After a packet arrives it can be filtered by the firewall |
|
|
Term
What is the main disadvantage of IPsec Tunnel Mode? |
|
Definition
It gives no protection at all to IP packets when they are traveling WITHIN the site networks at the two sites |
|
|
Term
___ is an agreement about what IPsec security methods and operations two hosts or two IPsec gateways will use. |
|
Definition
Security Association (SA) |
|
|
Term
When two parties communicate, they must establish ___ SA's. |
|
Definition
Two. One in each direction. |
|
|
Term
SSL/TLS has no way to set and enforce policies centrally, but ___ does. |
|
Definition
|
|
Term
IPsec supports the use of ___, which pushes a list of suitable policies to individual IPsec gateway servers or hosts. |
|
Definition
|
|