Chapter 8 Review Questions


Whitman, M. and Mattord, H. (2011). Principles of Information Security, 5th Edition.       Independence, KY: Cengage Learning.

  1. What are cryptography and cryptanalysis?

Crypto comes from a Greek word Kryptos which means hidden and Graphein means to write. In computer science making transmitted message secure with the help of codes is called cryptography. Cryptanalysis is the extraction of the information from the coded message.

  1. What were some of the first uses of cryptography?

Cryptography was use by ancient Egyptians to hieroglyphs with the help of clay tablets. The use of cryptography is also observed in Hebrew scribes writing the Jeremiah book. A reverse alphabet substitution cipher was utilized.

  1. What is a key, and what is it used for?

It is a piece of information used in conjunction with an algorithm to create a cipher text or cryptographic text from plain text information. In computer science a key can be alphabets or numbers alone or in combination.

  1. What are the three basic operations in cryptography?

The three basic operations in Cryptography are Encryption, decryption and hashing of information.

  1. What is a hash function, and what can it be used for?

Hash functions are in the form of mathematical algorithms that are used to assess the quality and originality of a coded and transmitted message. Hash function tells us if the message is in its original form or has been altered.

  1. Why is it important to exchange keys out of band in symmetric encryption?

In symmetric encryption it is important to exchange key out of band so that they are not intercepted by hackers and used to decrepit the transmitted message.

  1. What is the fundamental difference between symmetric and asymmetric encryption?

Sympatric encryption utilizes two keys to encrypt and decrypt a message. This is also called public key encryption. Asymmetric encryption on the other hand is called private key encryption that utilizes the same key to encrypt and decrypt.

  1. How does Public-Key Infrastructure protect information assets?

A Public Key Infrastructure protects information assets by making the cryptographic system more easy to use.

  1. What are the six components of PKI?

The six components of PKI are Regulation Authority, Certificate Authority, Certificate directories, Management protocols, policies and procedures.

  1. What is the difference between digital signatures and digital certificates?

Digital signatures are encrypted messages that can be verified with the help of hashing while digital certificates are files that contain public key that are used to identify the ownership of computer applications.

  1. What drawbacks to symmetric and asymmetric encryption are resolved by using a

hybrid method like Diffie-Hellman?

Sometimes when symmetric or asymmetric keys are exchanged through third parties, there is a possibility that the information may be compromised. Diffie-Hellman and alike methods are used to solve these kinds of third party issues.

  1. What is steganography, and what can it be used for?

Steganography is a form of sending secret messages with secret writing techniques. It can be used to protect the confidentiality of information and messages.

  1. Which security protocols are predominantly used in Web-based electronic commerce?

There are different security protocols used in web-based electronic commerce. Some examples are SET or Secure Electronic Transactions, HTTP Secure and SSL or Secure Socket Layer.

  1. Which security protocols are used to protect e-mail?

To protect email from being hacked and misused, S/MIME or secure multipurpose internet mail extensions protocol is utilized.

  1. IPSec can be used in two modes. What are they?

IPSec can be used I Transport and Tunnel modes.

  1. Which kind of attack on cryptosystems involves using a collection of pre-identified terms? Which kind of attack involves sequential guessing of all possible key combinations?

Correlation attacks on cryptosystems involves using a collection of pre-identified terms. Dictionary Attacks involves sequential guessing of all possible key combinations.

  1. If you were setting up an encryption-based network, what size key would you choose and why?

The more the size of a key in data bits, the more secure the key would be. I would prefer a 128 bit encryption key if I were to setup an encryption based network.

  1. What is the average key size of a strong encryption system in use today?

SSL of Secure Socket Layer is a strong encryption system based on an average128 bit keys.

  1. What is the standard for encryption currently recommended by NIST?

Secure Hash Standard or SHS is the standard for encryption currently recommended by NIST.

  1. What is the most popular symmetric encryption system used over the Web? The most popular asymmetric system? Hybrid system?

The most popular symmetric encryption system use over the web is Data Encryption Standard (DES).

The most popular asymmetric system is RSA algorithm.

The most popular hybrid system is PGP.