Term
| What are the most common security Threats? |
|
Definition
- Eavesdropping and Wiretapping (Secretly listening)
- Key interception: Stealing the key
- Impersonating a person, address or computer
- Data Duplication: Replay attack (Copying an encrypted message which has a command and excecute it again)
- Combat this by time stamping or adding nonces to messages
- Cryptanalysis: Deciphering the ciphertext without key
- Social Engineering: Take advantage of people
- Physical Security
|
|
|
Term
| What is symetrc encryption? |
|
Definition
- There is one key used to convert between plaintext and ciphertext and back
- Sender and receiver both need to know the key
|
|
|
Term
| What is the key distribution problem? |
|
Definition
- How do you give out the secret key?
- How do you know that a published key is authentic?
- Session key
- Random (not predictable) key used for a short period of time
- Distributed keys using public key infrastructure
|
|
|
Term
| What is the algorithm for DES? |
|
Definition
- Start with 56-bit key and 64-bit input block
- Expand 56-bit key into 16 48-bit round keys
- Split input block into two 32-bit locks (L & R)
- Repeat the following steps 16 times (once per each round key)
- L = R (Save L as temp somewhere)
- Perform f(round key, R) which means
- Expand R to 48-bits xor with round key
- Split into 8 6-bit sections
- Substitute each section with a 4-bit replacement using a lookup table
- R = L xor with output of previous step
|
|
|
Term
| What are the security characteristics of DES? |
|
Definition
- No algoritmic weakness (even after 30 years of study)
- Brute force key will take forever
- 256 possibilities which if you tested one every microsecond would take 2000 years
- EFF managed to crack it in 3 days using parallel programming
- 1800 chips, 24 seach units on each chip
|
|
|
Term
| What is the algorithm for DES? |
|
Definition
- Run DES on plaintext
- Run DES on output of step 1
- Output of step 2 is ciphertext
|
|
|
Term
| What are the security characteristics of DES? |
|
Definition
- Brute force on this takes a lot longer
- Vulnerable to 'meet in the middle' attack
- plaintext -> middle text --> ciphertext
- Run through all possible keys on plain text
- store the intermediate results (Need a lot of storage)
- Find which kays make the intermedate result equal to the input of the second DES
- In other words find the keys that produce the same middle text
|
|
|
Term
| What are the characteristics of 3DES? |
|
Definition
- Makes meet in the middle attack a lot harder
- Still in major use and effectively unbreakable
|
|
|
Term
| What is the algorithm for 3DES? |
|
Definition
- Run DES on plaintext
- Run DES on output of step 1
- Run DES on output of step 2
- Output of step 3 is ciphertext
|
|
|
Term
| What are the possible variants of 3DES? |
|
Definition
- Variant 1
- Uses three different 56-bit keys
- Estimated to be secure until 2030
- Variant 2
- Use the same key for 1st and 3rd
- Estimated to be secure until 2020
- Longer Keys
- The algorithm is used for 56-bit keys
- Using a longer key would involve making a new algorithm
- Therefore you can't just use longer keys for DES
|
|
|
Term
| What is the algorithm for AES? |
|
Definition
- Start with either a 128-bit, 192-bit, or 256-bit key and 128-bit input lock (in a grid of 4x4 bytes known as the state)
- Turn 128-bit, 192-bit or 256-bit key into 11, 13 or 15 128-bit round keys (respectively)
- xor input block with first round key
- Repeat the following steps 10, 12 or 14 times (one for each round key except for the initial one)
- Split input into bytes and substitute each byte using a lookup table('S' box)
- Perform a left rotation on the grid
- Shift each byte in a row n places to the left, where n is the row number starting from 0
- Each column is multiplied with a constant matrix
- xor output of last step with round key
|
|
|
Term
| What are the only security issues with AES? |
|
Definition
- Best key recovery attack
- Four times better than exhaustive search (128 key to 126 key)
- Relatd key attack on AES-256:
- Given 299 input/output pairs from four related keys in AES-256
- Can recover keys in time ~299
|
|
|
Term
| What are the principles of Ciphers? |
|
Definition
- Use a dictionary or lookup table
- Monoalphabetic cipher: Replace one letter in the alphabet with another
- Block ciphers: Take a block of input and a key, then encrypt using a function
|
|
|
Term
|
Definition
- XOR key with plaintext to get ciphertext
- Decipher by XORing key with ciphertext
- Length of the key has to be at least hte length of the plain text
- Key must be random (not predictable) and should never be reused
- Reusing a one time pad makes it trivial to crack
|
|
|
Term
| What are the Block cipher modes? |
|
Definition
- Electronic Code Book
- Cipher block chaining
- Output Feedback Mode
- Cipher Feedback Mode
|
|
|
Term
| What is Electronic Codebook Mode? |
|
Definition
| Break apart the input into blocks of the block size of the cipher and pass each one of those block through the cipher. |
|
|
Term
| How is the Cipher Block Chaining implemented? |
|
Definition
- Uses random initialisation vector (different for every message, not predictable) which is sent at the start of the message
- This is XORed with the first block of the plaintext
- It is then encrypted using a key
- Repeat steps 5-6 until all text is encrypted
- The next block is then XORed with the ciphertext from the previous one
- It is then encryted using a key
|
|
|
Term
| What does output feedback mode consist of? |
|
Definition
- Uses random initialization vector (different for every message, not predictable) which is sent at the start of the message
- It is then encrypted using a key
- This is then XORed with the first block of plaintext
- Repeat the following steps until all text is encrypted:
- The output of the encryption of the last one is then encrypted using a key
- This is then XORed with the next block of plain text
|
|
|
Term
| What does the cipher feedback mode consist of? |
|
Definition
Values to encrypt X, Ciphertext C:
Xi = Concat(Xi-1[s:], Ci-1)
X0 = Initialization Vector
Ci = E(xi)[:s] XOR mi
- Uses random initialization vector as first value to encrypt using key
- Divides the output into two sections - the first section, of size s
- Takes the first section of size s and XORs it with the first message, resulting in the first block of Ciphertext
- The last n-s bits of the first value used to encrypt and concatenates it with the ciphertext obtained in the previous step to obtain the next value to encrypt
- These steps are repeated until you obtain the complete ciphertext
|
|
|
