1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 169
Выбрать главу

The mathematical operations used to map between plain text and ciphertext are identified by cryptographic algorithms. Cryptographic algorithms require the text to be mapped and, at a minimum, require some value that controls the mapping process. This value is called a key. Given the same text and the same algorithm, different keys produce different mappings.

Cryptographic algorithms need not be kept secret. The success of cryptography is attributed to the difficulty of inverting an algorithm. In other words, the number of mappings from which plaintext can be transformed into ciphertext is so great that it is impractical to find the correct mapping without the key. For example, the Data Encryption Standard (DES) uses a 56-bit key. A user with the correct key can easily decrypt a message, whereas a user without the key needs to attempt random keys from a set of more than 72 quadrillion possible values.

Authentication is incorrect because it is one of the services provided by cryptography. Authentication allows the recipient of a message to validate its origin. It prevents an imposter from masquerading as the sender of the message. Confidentiality is incorrect because it is one of the services provided by cryptography. Confidentiality prevents disclosure of the message to unauthorized users. Integrity is incorrect because it is one of the services provided by cryptography. Integrity assures the recipient that the message was not modified en route. Note that the integrity service allows the recipient to detect message modification but not prevent it.

199. Which one of the following items is unrelated to the other three items?

a. S-box

b. P-box

c. Product ciphers

d. Sandbox

199. d. Sandbox is not related to S-box, P-box, and product ciphers. Sandbox is a system that allows an untrusted application to run in a highly controlled environment where the application’s permissions are restricted to an essential set of computer permissions. In particular, an application in a sandbox (for example, JavaApplet) is usually restricted from accessing the file system or the network.

The other three choices are related to each other. S-box is a nonlinear substitution table box used in several byte substitution transformations and in the key expansion routine to perform a one-for-one substitution of a byte value. This substitution, which is implemented with simple electrical circuits, is done so fast in that it does not require any computation, just signal propagation.

P-box is a permutation box used to effect a transposition on an 8-bit input in a product cipher. This transposition, which is implemented with simple electrical circuits, is done so fast in that it does not require any computation, just signal propagation.

Product ciphers are a whole series of combination of S-boxes and P-boxes cascaded. In each iteration or round, first there is an S-box followed by a P-box. In addition, there is one P-box at the beginning and one P-box at the end of each round. Common product ciphers operate on k-bit inputs to product k-bit outputs.

200. Which of the following key algorithms decrypt data with the same key used for encryption?

a. Symmetric key algorithm

b. Asymmetric key algorithm

c. Symmetric and public key algorithms

d. Asymmetric and secret key algorithms

200. a. Cryptography is the process of scrambling information in such a manner that it becomes unintelligible and can be unscrambled only by the intended recipient(s). In cryptographic terms, this process involves the encryption of plain text data to produce ciphertext, and the subsequent decryption of ciphertext to recover the original plain text. Encryption and decryption are therefore inverse processes.

Cryptographic processing depends on the use of keys, which are of primary importance in the security of a cryptographic system. Cryptographic keys are conceptually similar to the keys used with padlocks, in the sense that data can be locked, or encrypted, through the use of a key with a cryptographic algorithm. Symmetric key algorithms decrypt data with the same key used for encryption. Asymmetric key algorithms use a pair of keys, consisting of a public key component and a private key component, both having a specific mathematical relationship. Symmetric and asymmetric key algorithms are commonly referred to as secret key and public key algorithms, respectively. Cryptography plays a major role in information security and is a critical component of authentication technology.

201. Common encryption algorithms that implement symmetric cryptography do not include which of the following?

a. Digital encryption standard (DES)

b. Tripe DES (3DES)

c. Rivest, Shamir, and Adelman (RSA)

d. Advanced encryption standard (AES)

201. c. Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. RSA is an example of asymmetric cryptography. DES, 3DES, and AES are examples of symmetric cryptography.

202. Which of the following are examples of block cipher algorithms for encryption and decryption?

a. AES and RAS

b. TDEA and DES

c. AES and TDEA

d. MAC and HMAC

202. c. Encryption is used to provide data confidentiality. The data to be protected is called plain-text. Encryption transforms the plain-text data into ciphertext data. Cipher-text can be transformed back into plain-text using decryption. The approved algorithms for encryption and decryption include the advanced encryption standard (AES) and the triple data encryption algorithms (TDEA). Each of these algorithms operates on blocks (chunks) of data during an encryption or decryption operation. For this reason, these algorithms are commonly referred to as block cipher algorithms.

RAS is remote access server, which is not a block cipher, and DES is data encryption standard, which is a block cipher.

Message authentication code (MAC) is incorrect because it is not a block cipher because it provides an assurance of authenticity and integrity. HMAC is a MAC that uses a cryptographic hash function in combination with a secret key. Both MAC and HMAC are based on hash functions, which are used by (i) keyed hash message authentication coded algorithms, (ii) digital signature algorithms, (iii) key derivation functions for key agreement, and (iv) random number generators. Typically, MACs are used to detect data modifications that occur between the initial generation of the MAC and the verification of the received MAC. They do not detect errors that occur before the MAC is originally generated.

203. Cross-certification is not allowed in which of the following public key infrastructure (PKI) architectures?

a. Hierarchical PKI model

b. Mesh PKI model

c. Bridge PKI model

d. Complex PKI model

203. a. There are four architectures used to link certificate authorities (CAs), including hierarchical, mesh, bridge, and complex. In a hierarchical PKI model, authorities are arranged hierarchically under a “root CA” that issues certificates to subordinate CAs. A CA delegates when it certifies a subordinate CA. Trust delegation starts at a root CA that is trusted by every node in the infrastructure. Therefore, cross-certification is not allowed in the hierarchical PKI model.

~ 169 ~