Last Updated on March 28, 2022 by Admin 3

SSCP : System Security Certified Practitioner (SSCP) : Part 05

  1. Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?

    • Differential cryptanalysis
    • Differential linear cryptanalysis
    • Birthday attack
    • Statistical attack

    Explanation:

    A Birthday attack is usually applied to the probability of two different messages using the same hash function producing a common message digest.

    The term “birthday” comes from the fact that in a room with 23 people, the probability of two of more people having the same birthday is greater than 50%.

    Linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of the two most widely used attacks on block ciphers; the other being differential cryptanalysis.

    Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir. Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems. A DES-like cryptosystem is an iterated cryptosystem which relies on conventional cryptographic techniques such as substitution and diffusion.

    Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformations, discovering where the cipher exhibits non-random behaviour, and exploiting such properties to recover the secret key.
    Source:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 163).
    and
    http://en.wikipedia.org/wiki/Differential_cryptanalysis

  2. Which of the following does NOT concern itself with key management?

    • Internet Security Association Key Management Protocol (ISAKMP)
    • Diffie-Hellman (DH)
    • Cryptology (CRYPTO)
    • Key Exchange Algorithm (KEA)
    Explanation:

    Cryptology is the science that includes both cryptography and cryptanalysis and is not directly concerned with key management. Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.

    The following are all concerned with Key Management which makes them the wrong choices:
    Internet Security Association Key Management Protocol (ISAKMP) is a key management protocol used by IPSec. ISAKMP (Internet Security Association and Key Management Protocol) is a protocol defined by RFC 2408 for establishing Security Associations (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange. The actual key exchange is done by the Oakley Key Determination Protocol which is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection using the Diffie-Hellman key exchange algorithm.

    Diffie-Hellman and one variation of the Diffie-Hellman algorithm called the Key Exchange Algorithm (KEA) are also key exchange protocols. Key exchange (also known as “key establishment”) is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm. Diffie–Hellman key exchange (D–H) is a specific method of exchanging keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

    Reference(s) used for this question:
    Mike Meyers CISSP Certification Passport, by Shon Harris and Mike Meyers, page 228.
    It is highlighted as an EXAM TIP. Which tells you that it is a must know for the purpose of the exam.
    HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, Fifth Edition, Chapter 8: Cryptography (page 713-715).
    and
    https://en.wikipedia.org/wiki/ISAKMP
    and
    http://searchsecurity.techtarget.com/definition/cryptology

  3. Which of the following encryption algorithms does not deal with discrete logarithms?

    • El Gamal
    • Diffie-Hellman
    • RSA
    • Elliptic Curve
    Explanation:

    The security of the RSA system is based on the assumption that factoring the product into two original large prime numbers is difficult

    Source:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 159).
    Shon Harris, CISSP All-in-One Examine Guide, Third Edition, McGraw-Hill Companies, August 2005, Chapter 8: Cryptography, Page 636 – 639

  4. What enables users to validate each other’s certificate when they are certified under different certification hierarchies?

    • Cross-certification
    • Multiple certificates
    • Redundant certification authorities
    • Root certification authorities
    Explanation:
    Cross-certification is the act or process by which two CAs each certifiy a public key of the other, issuing a public-key certificate to that other CA, enabling users that are certified under different certification hierarchies to validate each other’s certificate.
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
  5. Which of the following statements is most accurate regarding a digital signature?

    • It is a method used to encrypt confidential data.
    • It is the art of transferring handwritten signature to electronic media.
    • It allows the recipient of data to prove the source and integrity of data.
    • It can be used as a signature system and a cryptosystem.
    Explanation:
    Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 
  6. The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as “_________________,” RSA is quite feasible for computer use.

    • computing in Galois fields
    • computing in Gladden fields
    • computing in Gallipoli fields
    • computing in Galbraith fields
    Explanation:
    The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as computing in Galois fields, RSA is quite feasible for computer use.
    Source: FITES, Philip E., KRATZ, Martin P., Information Systems Security: A Practitioner’s Reference, 1993, Van Nostrand Reinhold, page 44.
  7. Which of the following is NOT a property of a one-way hash function?

    • It converts a message of a fixed length into a message digest of arbitrary length.
    • It is computationally infeasible to construct two different messages with the same digest.
    • It converts a message of arbitrary length into a message digest of a fixed length.
    • Given a digest value, it is computationally infeasible to find the corresponding message.
    Explanation:

    An algorithm that turns messages or text into a fixed string of digits, usually for security or data management purposes. The “one way” means that it’s nearly impossible to derive the original text from the string.

    A one-way hash function is used to create digital signatures, which in turn identify and authenticate the sender and message of a digitally distributed message.

    A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the “message,” and the hash value is sometimes called the message digest or simply digest.

    The ideal cryptographic hash function has four main or significant properties:

    it is easy (but not necessarily quick) to compute the hash value for any given message
    it is infeasible to generate a message that has a given hash
    it is infeasible to modify a message without changing the hash
    it is infeasible to find two different messages with the same hash

    Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for functions with rather different properties and purposes.

    Source:

    TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
    and
    http://en.wikipedia.org/wiki/Cryptographic_hash_function

  8. The Data Encryption Algorithm performs how many rounds of substitution and permutation?

    • 4
    • 16
    • 54
    • 64
    Explanation:
    Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 
  9. What is NOT true about a one-way hashing function?

    • It provides authentication of the message
    • A hash cannot be reverse to get the message used to create the hash
    • The results of a one-way hash is a message digest
    • It provides integrity of the message
    Explanation:

    A one way hashing function can only be use for the integrity of a message and not for authentication or confidentiality. Because the hash creates just a fingerprint of the message which cannot be reversed and it is also very difficult to create a second message with the same hash.

    A hash by itself does not provide Authentication. It only provides a weak form or integrity. It would be possible for an attacker to perform a Man-In-The-Middle attack where both the hash and the digest could be changed without the receiver knowing it.

    A hash combined with your session key will produce a Message Authentication Code (MAC) which will provide you with both authentication of the source and integrity. It is sometimes referred to as a Keyed Hash.
    A hash encrypted with the sender private key produce a Digital Signature which provide authentication, but not the hash by itself.
    Hashing functions by themselves such as MD5, SHA1, SHA2, SHA-3 does not provide authentication.

    Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 548

  10. You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals.

    One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.

    What critical step in forensic evidence have you forgotten?

    • Chain of custody
    • Locking the laptop in your desk
    • Making a disk image for examination
    • Cracking the admin password with chntpw
    Explanation:

    When evidence from a crime is to be used in the prosecution of a criminal it is critical that you follow the law when handling that evidence. Part of that process is called chain of custody and is when you maintain proactive and documented control over ALL evidence involved in a crime.

    Failure to do this can lead to the dismissal of charges against a criminal because if the evidence is compromised because you failed to maintain of chain of custody.

    A chain of custody is chronological documentation for evidence in a particular case, and is especially important with electronic evidence due to the possibility of fraudulent data alteration, deletion, or creation. A fully detailed chain of custody report is necessary to prove the physical custody of a piece of evidence and show all parties that had access to said evidence at any given time.

    Evidence must be protected from the time it is collected until the time it is presented in court.

    The following answers are incorrect:

    – Locking the laptop in your desk: Even this wouldn’t assure that the defense team would try to challenge chain of custody handling. It’s usually easy to break into a desk drawer and evidence should be stored in approved safes or other storage facility.

    – Making a disk image for examination: This is a key part of system forensics where we make a disk image of the evidence system and study that as opposed to studying the real disk drive. That could lead to loss of evidence. However if the original evidence is not secured than the chain of custoday has not been maintained properly.

    – Cracking the admin password with chntpw: This isn’t correct. Your first mistake was to compromise the chain of custody of the laptop. The chntpw program is a Linux utility to (re)set the password of any user that has a valid (local) account on a Windows system, by modifying the crypted password in the registry’s SAM file. You do not need to know the old password to set a new one. It works offline which means you must have physical access (i.e., you have to shutdown your computer and boot off a linux floppy disk). The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together. This utility works with SYSKEY and includes the option to turn it off. A bootdisk image is provided on their website at http://freecode.com/projects/chntpw .

    The following reference(s) was used to create this question:

    For more details and to cover 100% of the exam Qs, subscribe to our holistic Security+ 2014 CBT Tutorial at: http://www.cccure.tv/
    and
    http://en.wikipedia.org/wiki/Chain_of_custody
    and
    http://www.datarecovery.com/forensic_chain_of_custody.asp

  11. Which of the following concerning the Rijndael block cipher algorithm is false?

    • The design of Rijndael was strongly influenced by the design of the block cipher Square.
    • A total of 25 combinations of key length and block length are possible
    • Both block size and key length can be extended to multiples of 64 bits.
    • The cipher has a variable block length and key length.
    Explanation:

    The answer above is the correct answer because it is FALSE. Rijndael does not support multiples of 64 bits but multiples of 32 bits in the range of 128 bits to 256 bits. Key length could be 128, 160, 192, 224, and 256.

    Both block length and key length can be extended very easily to multiples of 32 bits. For a total combination of 25 different block and key size that are possible.

    The Rijndael Cipher
    Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the Advanced Encryption Standard (AES) in the United States of America. The cipher has a variable block length and key length.

    Rijndael can be implemented very efficiently on a wide range of processors and in hardware.

    The design of Rijndael was strongly influenced by the design of the block cipher Square.

    The Advanced Encryption Standard (AES)
    The Advanced Encryption Standard (AES) keys are defined to be either 128, 192, or 256 bits in accordance with the requirements of the AES.

    The number of rounds, or iterations of the main algorithm, can vary from 10 to 14 within the Advanced Encryption Standard (AES) and is dependent on the block size and key length. 128 bits keys uses 10 rounds or encryptions, 192 bits keys uses 12 rounds of encryption, and 256 bits keys uses 14 rounds of encryption.

    The low number of rounds has been one of the main criticisms of Rijndael, but if this ever becomes a problem the number of rounds can easily be increased at little extra cost performance wise by increasing the block size and key length.

    Range of key and block lengths in Rijndael and AES
    Rijndael and AES differ only in the range of supported values for the block length and cipher key length.

    For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits. The support for block and key lengths 160 and 224 bits was introduced in Joan Daemen and Vincent Rijmen, AES submission document on Rijndael, Version 2, September 1999 available at http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf

    AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.

    Reference used for this question:
    The Rijndael Page
    and
    http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
    and
    FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001.

  12. This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I ?

    • Chosen-Ciphertext attack
    • Ciphertext-only attack
    • Plaintext Only Attack
    • Adaptive-Chosen-Plaintext attack
    Explanation:

    A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems.

    A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an unknown key. In the attack, an adversary has a chance to enter one or more known ciphertexts into the system and obtain the resulting plaintexts. From these pieces of information the adversary can attempt to recover the hidden secret key used for decryption.

    A number of otherwise secure schemes can be defeated under chosen-ciphertext attack. For example, the El Gamal cryptosystem is semantically secure under chosen-plaintext attack, but this semantic security can be trivially defeated under a chosen-ciphertext attack. Early versions of RSA padding used in the SSL protocol were vulnerable to a sophisticated adaptive chosen-ciphertext attack which revealed SSL session keys. Chosen-ciphertext attacks have implications for some self-synchronizing stream ciphers as well. Designers of tamper-resistant cryptographic smart cards must be particularly cognizant of these attacks, as these devices may be completely under the control of an adversary, who can issue a large number of chosen-ciphertexts in an attempt to recover the hidden secret key.

    According to RSA:
    Cryptanalytic attacks are generally classified into six categories that distinguish the kind of information the cryptanalyst has available to mount an attack. The categories of attack are listed here roughly in increasing order of the quality of information available to the cryptanalyst, or, equivalently, in decreasing order of the level of difficulty to the cryptanalyst. The objective of the cryptanalyst in all cases is to be able to decrypt new pieces of ciphertext without additional information. The ideal for a cryptanalyst is to extract the secret key.

    A ciphertext-only attack is one in which the cryptanalyst obtains a sample of ciphertext, without the plaintext associated with it. This data is relatively easy to obtain in many scenarios, but a successful ciphertext-only attack is generally difficult, and requires a very large ciphertext sample. Such attack was possible on cipher using Code Book Mode where frequency analysis was being used and even thou only the ciphertext was available, it was still possible to eventually collect enough data and decipher it without having the key.

    A known-plaintext attack is one in which the cryptanalyst obtains a sample of ciphertext and the corresponding plaintext as well. The known-plaintext attack (KPA) or crib is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encrypted version (ciphertext), and is at liberty to make use of them to reveal further secret information such as secret keys and code books.

    A chosen-plaintext attack is one in which the cryptanalyst is able to choose a quantity of plaintext and then obtain the corresponding encrypted ciphertext. A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the attack is to gain some further information which reduces the security of the encryption scheme. In the worst case, a chosen-plaintext attack could reveal the scheme’s secret key.

    This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an attacker could persuade a human cryptographer to encrypt large amounts of plaintexts of the attacker’s choosing. Modern cryptography, on the other hand, is implemented in software or hardware and is used for a diverse range of applications; for many cases, a chosen-plaintext attack is often very feasible. Chosen-plaintext attacks become extremely important in the context of public key cryptography, where the encryption key is public and attackers can encrypt any plaintext they choose.

    Any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against known-plaintext and ciphertext-only attacks; this is a conservative approach to security.

    Two forms of chosen-plaintext attack can be distinguished:

    Batch chosen-plaintext attack, where the cryptanalyst chooses all plaintexts before any of them are encrypted. This is often the meaning of an unqualified use of “chosen-plaintext attack”.

    Adaptive chosen-plaintext attack, is a special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on the results of previous encryptions. The cryptanalyst makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions.

    Non-randomized (deterministic) public key encryption algorithms are vulnerable to simple “dictionary”-type attacks, where the attacker builds a table of likely messages and their corresponding ciphertexts. To find the decryption of some observed ciphertext, the attacker simply looks the ciphertext up in the table. As a result, public-key definitions of security under chosen-plaintext attack require probabilistic encryption (i.e., randomized encryption). Conventional symmetric ciphers, in which the same key is used to encrypt and decrypt a text, may also be vulnerable to other forms of chosen-plaintext attack, for example, differential cryptanalysis of block ciphers.

    An adaptive-chosen-ciphertext is the adaptive version of the above attack. A cryptanalyst can mount an attack of this type in a scenario in which he has free use of a piece of decryption hardware, but is unable to extract the decryption key from it.

    An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosen-ciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses the results of these decryptions to select subsequent ciphertexts. It is to be distinguished from an indifferent chosen-ciphertext attack (CCA1).

    The goal of this attack is to gradually reveal information about an encrypted message, or about the decryption key itself. For public-key systems, adaptive-chosen-ciphertexts are generally applicable only when they have the property of ciphertext malleability — that is, a ciphertext can be modified in specific ways that will have a predictable effect on the decryption of that message.

    A Plaintext Only Attack is simply a bogus detractor. If you have the plaintext only then there is no need to perform any attack.

    References:
    RSA Laboratories FAQs about today’s cryptography: What are some of the basic types of cryptanalytic attack?

    also see:
    http://www.giac.org/resources/whitepaper/cryptography/57.php
    and
    http://en.wikipedia.org/wiki/Chosen-plaintext_attack

  13. Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

    • Steganography
    • Digital watermarking
    • Digital enveloping
    • Digital signature
    Explanation:
    RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images, video, or audio#and for detecting or extracting the marks later. The set of embedded bits (the digital watermark) is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. It is used as a measure to protect intellectual property rights. Steganography involves hiding the very existence of a message. A digital signature is a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data’s origin and integrity. A digital envelope is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient.
    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
  14. Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?

    • OAKLEY
    • Internet Security Association and Key Management Protocol (ISAKMP)
    • Simple Key-management for Internet Protocols (SKIP)
    • IPsec Key exchange (IKE)
    Explanation:

    RFC 2828 (Internet Security Glossary) defines the Internet Security Association and Key Management Protocol (ISAKMP) as an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.

    Let’s clear up some confusion here first. Internet Key Exchange (IKE) is a hybrid protocol, it consists of 3 “protocols”

    ISAKMP: It’s not a key exchange protocol per se, it’s a framework on which key exchange protocols operate. ISAKMP is part of IKE. IKE establishs the shared security policy and authenticated keys. ISAKMP is the protocol that specifies the mechanics of the key exchange.

    Oakley: Describes the “modes” of key exchange (e.g. perfect forward secrecy for keys, identity protection, and authentication). Oakley describes a series of key exchanges and services.

    SKEME: Provides support for public-key-based key exchange, key distribution centres, and manual installation, it also outlines methods of secure and fast key refreshment.

    So yes, IPSec does use IKE, but ISAKMP is part of IKE.
    The questions did not ask for the actual key negotiation being done but only for the “exchange of key generation and authentication data” being done. Under Oakly it would be Diffie Hellman (DH) that would be used for the actual key nogotiation.

    The following are incorrect answers:

    Simple Key-management for Internet Protocols (SKIP) is a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.

    OAKLEY is a key establishment protocol (proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP.

    IPsec Key Exchange (IKE) is an Internet, IPsec, key-establishment protocol [R2409] (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.
    Reference used for this question:
    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

  15. Which of the following would best define a digital envelope?

    • A message that is encrypted and signed with a digital certificate.
    • A message that is signed with a secret key and encrypted with the sender’s private key.
    • A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
    • A message that is encrypted with the recipient’s public key and signed with the sender’s private key.
    Explanation:

    A digital envelope for a recipient is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient.

    It consists of a hybrid encryption scheme in sealing a message, by encrypting the data and sending both it and a protected form of the key to the intended recipient, so that one else can open the message.

    In PKCS #7, it means first encrypting the data using a symmetric encryption algorithm and a secret key, and then encrypting the secret key using an asymmetric encryption algorithm and the public key of the intended recipient.

    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

  16. What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data’s origin and integrity?

    • A digital envelope
    • A cryptographic hash
    • A Message Authentication Code
    • A digital signature
    Explanation:

    RFC 2828 (Internet Security Glossary) defines a digital signature as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data’s origin and integrity.

    The steps to create a Digital Signature are very simple:
    1. You create a Message Digest of the message you wish to send
    2. You encrypt the message digest using your Private Key which is the action of Signing
    3. You send the Message along with the Digital Signature to the recipient

    To validate the Digital Signature the recipient will make use of the sender Public Key. Here are the steps:
    1. The receiver will decrypt the Digital Signature using the sender Publick Key producing a clear text message digest.
    2. The receiver will produce his own message digest of the message received.
    3. At this point the receiver will compare the two message digest (the one sent and the one produce by the receiver), if the two matches, it proves the authenticity of the message and it confirms that the message was not modified in transit validating the integrity as well. Digital Signatures provides for Authenticity and Integrity only. There is no confidentiality in place, if you wish to get confidentiality it would be needed for the sender to encrypt everything with the receiver public key as a last step before sending the message.

    A Digital Envelope is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient. In simple term it is a type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public-key encryption. This technique overcomes one of the problems of public-key encryption, which is that it is slower than symmetric encryption. Because only the key is protected with public-key encryption, there is very little overhead.
    A cryptographic hash is the result of a cryptographic hash function such as MD5, SHA-1, or SHA-2. A hash value also called a Message Digest is like a fingerprint of a message. It is used to proves integrity and ensure the message was not changed either in transit or in storage.

    A Message Authentication Code (MAC) refers to an ANSI standard for a checksum that is computed with a keyed hash that is based on DES or it can also be produced without using DES by concataning the Secret Key at the end of the message (simply adding it at the end of the message) being sent and then producing a Message digest of the Message+Secret Key together. The MAC is then attached and sent along with the message but the Secret Key is NEVER sent in clear text over the network.

    In cryptography, HMAC (Hash-based Message Authentication Code), is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output length in bits and on the size and quality of the cryptographic key.

    There is more than one type of MAC: Meet CBC-MAC
    In cryptography, a Cipher Block Chaining Message Authentication Code, abbreviated CBC-MAC, is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. This interdependence ensures that a change to any of the plaintext bits will cause the final encrypted block to change in a way that cannot be predicted or counteracted without knowing the key to the block cipher.

    References:
    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
    and
    http://www.webopedia.com/TERM/D/digital_envelope.html
    and
    http://en.wikipedia.org/wiki/CBC-MAC

  17. Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

    • Internet Security Association and Key Management Protocol (ISAKMP)
    • Simple Key-management for Internet Protocols (SKIP)
    • Diffie-Hellman Key Distribution Protocol
    • IPsec Key exchange (IKE)
    Explanation:

    RFC 2828 (Internet Security Glossary) defines Simple Key Management for Internet Protocols (SKIP) as:

    A key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.

    SKIP is an hybrid Key distribution protocol similar to SSL, except that it establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis. Therefore, no connection setup overhead exists and new keys values are not continually generated. SKIP uses the knowledge of its own secret key or private component and the destination’s public component to calculate a unique key that can only be used between them.

    IKE stand for Internet Key Exchange, it makes use of ISAKMP and OAKLEY internally.
    Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.

    The following are incorrect answers:

    ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.
    IKE is an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.

    IPsec Key exchange (IKE) is only a detracto.

    Reference(s) used for this question:
    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
    and
    http://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol
    and
    http://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol

  18. Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?

    • A known-plaintext attack
    • A known-algorithm attack
    • A chosen-ciphertext attack
    • A chosen-plaintext attack
    Explanation:

    RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs (although the analyst may also have other clues, such as the knowing the cryptographic algorithm). A chosen-ciphertext attack is defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of plaintext that corresponds to ciphertext selected (i.e., dictated) by the analyst. A chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to determine the key from knowledge of ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst. The other choice is a distracter.

    The following are incorrect answers:

    A chosen-plaintext attacks
    The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

    A chosen-ciphertext attack
    In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

    A known-algorithm attack
    Knowing the algorithm does not give you much advantage without knowing the key. This is a bogus detractor. The algorithm should be public, which is the Kerckhoffs’s Principle . The only secret should be the key.

    Reference(s) used for this question:

    Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
    and
    Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 866). McGraw-Hill. Kindle Edition.
    and
    Kerckhoffs’s Principle

  19. Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?

    • Diffie-Hellman Key Exchange Protocol
    • Internet Security Association and Key Management Protocol (ISAKMP)
    • Simple Key-management for Internet Protocols (SKIP)
    • OAKLEY
    Explanation:

    RFC 2828 (Internet Security Glossary) defines OAKLEY as a key establishment protocol (proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP.

    ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.

    SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.

    ISAKMP provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to be key exchange independant; that is, it is designed to support many different key exchanges.
    Oakley and SKEME each define a method to establish an authenticated key exchange. This includes payloads construction, the information payloads carry, the order in which they are processed and how they are used.

    Oakley describes a series of key exchanges– called modes and details the services provided by each (e.g. perfect forward secrecy for keys, identity protection, and authentication).

    SKEME describes a versatile key exchange technique which provides anonymity, repudiability, and quick key refreshment.

    RFC 2049 describes the IKE protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IETF IPsec DOI.
    While Oakley defines “modes”, ISAKMP defines “phases”. The relationship between the two is very straightforward and IKE presents different exchanges as modes which operate in one of two phases.

    Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA). “Main Mode” and “Aggressive Mode” each accomplish a phase 1 exchange. “Main Mode” and “Aggressive Mode” MUST ONLY be used in phase 1.

    Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation. “Quick Mode” accomplishes a phase 2 exchange. “Quick Mode” MUST ONLY be used in phase 2.

    References:
    CISSP: Certified Information Systems Security Professional Study Guide By James Michael Stewart, Ed Tittel, Mike Chappl, page 397

    RFC 2049 at: http://www.ietf.org/rfc/rfc2409
    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
    The All-in-one CISSP Exam Guide, 3rd Edition, by Shon Harris, page 674
    The CISSP and CAP Prep Guide, Platinum Edition, by Krutz and Vines

  20. Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?

    • Internet Key exchange (IKE)
    • Security Association Authentication Protocol (SAAP)
    • Simple Key-management for Internet Protocols (SKIP)
    • Key Exchange Algorithm (KEA)
    Explanation

    RFC 2828 (Internet Security Glossary) defines IKE as an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.

    The following are incorrect answers:

    SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.

    The Key Exchange Algorithm (KEA) is defined as a key agreement algorithm that is similar to the Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was developed and formerly classified at the secret level by the NSA.

    Security Association Authentication Protocol (SAAP) is a distracter.

    Reference(s) used for this question:
    SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.