1.

Nhng khi nim c bn v m ha Encryption is the obfuscation of information to hide it from unauthorized individuals whiles allowing authorized individuals to see it Encryption provides portions of three security services: confidentiality, integrity, and accountability Encryption systems are attacked in three aways: weaknesses in algorithms, brute-force attacks, and weaknesses in the surrounding system. Attackers looks for weaknesses in the way algorithm change plaintext into ciphertext to try to recover the plaintext Brute-force attacks are attempts to use every possible key on the ciphertext to find the plaintext Brute-force attacks always succeed eventually given enough time and resource, but an algorithm is considered computationally secure if the cost of acquiring the key through brute force is more than the value of the information being protected It is usually easier to attack the system surrounding the encryption ( for example, intercepting a key when it is through regular mail or hacking a users computer to gain access to the key) than is it to attack the encryption algorithm There are two primary types of encryption: private key and public key 2. M ha kha b mt Private key encryption (also known as symmetric key encryption) is the most widely used method. It users the same key to encrypt information as to decrypt information Private key encryption does not provide authentication; anyone with the key can create and send valid messages Private key encryption is fast and can be easy to implement in both hardware and software Substitution ciphers operate on plaintext one character at a time Substitution ciphers can be be broken by analysis of the frequency of the letters One-time pads (OPTs) are theoretically unbreakable and use a list of random numbers to cencode messages OPTs are used in high-security environments and can only be used once The data encryption standard (des) is a block cipher developed by IBM in the 1970s. It uses a 65-bit key Des uses four modes: electronic code book, cipher block chaining, cipher feedback, and output feedback

 Todays hardware system have the potential to brute-force a Des key in 35 minutes Triple Des (TDES) uses Des mutiple times to increase the security. TDES should be used instead of DES for most applications The standard Unix password encryption scheme is a variation of DES. The greaest weakness in the Unix password function is the password choice users make Rijndale is a block cipher that uses 128, 192, and 256 bits, and is an appropriate alternative to TDES There are several other private key algorithm to choose from, including IDEA, RC5, Skipjack, Blowfish, Twofish, CAST-128, and GOST, which are all strong enough for general use 3. M ha kha cng khai Public key encryption users a key pair - one key to encrypt the date and another key to decrypt the data In public key encryption, the private key is kept secret by the owner, the public key is published identifying who the owner is. You cannot computer one key from the other Proper use of public key encryption can provide confidentiality, authentication, and integrity of information. If authentication is desired, the owner of the key pair encrypt information with pivate key. Only the correct public key can decrypt the information, and successful decryption provides assurance that only the owner of the key pair could have sent the information Public key encryption is computationally intensive and slower than private key encryption The Diffie-Helleman algorithm is a public key encryption system that was developed to solve the problem of key distribution for private key encryption system. Diffie-Helleman cannot be used to encrypt or decrypt information, but is used to exchange secret keys. The RSA algorithm is a public key system that can be used for encryption and decryption. It is based on the difficulty of factoring large numbers Other public key algorithm include Elgamal, Digital signature, Algorithm, and elliptic curve encryption 4. Ch k in t Adigital signature is a mothod of authenticating electronic information using encryption Digital signatures protect information from modification after it has been received and decrypted

 Digital signature put information through a hash function to create a checksum that is encrypted with a private key and travels with the information. This checksum can be used to verify that the information was not modified The security and usefulness of a digital signature are dependent on the protection of the users private key and a secure hash fuction A hash function is secure if the function is one-way and if it is difficult to construct two pieces of information that provide the same checksum when run through the function The two most common hash function are MD5 and SHA 5. Qun l kha (Key management) Key management is one of the most critical aspects of an encryption system. It includes creating strong keys, distributing them securely , certifying that they are correct, protecting them while they are in use, and revoking them when they are compromised or expired Most encryption systems have a method for uses to generate keys in many cases, the user chooses a password In general, the longer the key, the better the security (when comparing keys for the same type of algorithm) Key must be transported securely to ensure the intefity of the keys. If keys are transmitted, they must be checked on arrival to ensure they have not been tampered with (usually done manually or by digital signature) Certificate authorities (Cas) ensure the integrity of the keys and prevent an attacker from intrducing their own keys Public keys require integrity protection (provided by certification) , but they do not require confidentiality protection; however, all copies of the private key of a public key system must be protected at all times Session keys may only exist for a given session and may be deleted after the session. Public key pairs are generally certified for one or two years If a key is lost or compromised, the owner of the key should inform users that it should not be used. In the case of a public key encryption system, the owner must post the revocation to all of the potential key servers 6. S tin cy trong h thng Trust is the underlying concept of all security and encryption There are two primary models that are used for trust: hierarchical and web The hierarchical trust model is based on a chain of authority ; you trust someone if someone higher up in the chain verifies that you should

 The hierarchical trust model is complicated to put into practice because there are no real root-level CSs Establishing an internal CA and public key infastructure for a business is a challenging task that demands a lot of resources The web trust model, first used by pretty good private (PGP), is based on the concept that each user certifies his or her own certificate and passes that certificate off to known associates (there is no central authority) The primary problem with the web of trust model is a lack of scalability. The primary advantage is that there is no large investment in infastructure VIII Mutiple choice Qui 1. Which statement is true cocerning encryption? Encryption is the obfuscation of information As long as aithrized users do not have a key, the information is safe Encryption cannot provide for integrity of informatio The intent of an encryption system is to make it difficult for authrized users to gain access to information 2. which of the following is a technique that can be used to attack an encryption system? Descryption Surrounding the system Cryptography Brute-force 3. private key encryption uses___________? Multiple keys Three keys Two keys A single keys 4. Which statement is true cocerning substitution ciphers?
They are strongest cipher used in history They suffer from one primary weakness: the frequency of letters in the original alphabet does not changes They can easily broken if a small sample of ciphertext is intercepted They are difficult to break because some letters are used only once 5. The system that is theoretically unbreakable is _______________? OPT DES TDES Diffie-Helleman 6. The key pair used in a public key encryption system is ____________?

 Plaintext and ciphertext Public key and private key Personal key and private key Sender and receiver 7. which system user the following algorithm? Ciphertext = (plaintext)c mod n Plaintext = (Ciphertext)d mod n Private key ={d,n} Public key={e,n} Diffie-Helleman RSA GOST TDES 8. which of the following is a public ley algorithm? Elgamal Caesar cipher Rijndael DES 9. Digital signatues are a form of encryption that _____________? Provides an unbreakable system Provides for authentication Provides for web encryption Provides for file-level encryption 10. The security and usefulness of a digital signature depends on __________? Protection of the users public key Protection of the users private key A public hash function A two-way hash function 11. which statement is true concerning key management? Keys have infinite lives The shorter the key, the better the security Public keys require certification The managerment of keys is pimary about protecting them while in use 12. A good recomment is that if a private key is __________or longer , the key is trought to be secure 50 bits 60 bits 70 bits 80 bits 13. which of the following keys require confidentiality protection? Public keys Private keys

 Revoked keys Compromised keys 14. which method of trust relies on passing certificates to known associates? Shared trust Hierarchy trust Central authority Web of trust 15. which statement is true concerning CAs? Revocation of the certificate is challenging to implement The web of trust model uses a CA The CAs certificate does not need to be available to each lower-level entity Root-level Cas are the lowest level of the hierarchy