Crypto CH 1 - 3单词卡 | Quizlet

The OSI security architecture provides a systematic framework for defining security attacks, mechanisms, and services.

[True or False]

True

Security attacks are classified as either passive or aggressive.

[True or False]

False

Authentication protocols and encryption algorithms are examples of security mechanisms.

[True or False]

True

The more critical a component or service, the higher the level of required availability.

[True or False]

True

Security services include access control, data confidentiality and data integrity, but do not include authentication.

[True or False]

True

The field of network and Internet security consists of measures to deter, prevent, detect and correct security violations that involve the transmission of information.

[True or False]

True

Patient allergy information is an example of an asset with a high requirement for integrity.

[True or False]

True

The OSI security architecture was not developed as an international standard, therefore causing an obstacle for computer and communication vendors when developing security features

[True or false]

False

Data origin authentication does not provide protection against the modification of data units.

[True or False]

True

The emphasis in dealing with active attacks is on prevention rather than detection.

[True or False]

False

The connection-oriented integrity service addresses both message stream modification and denial of service.

[True or False]

False

All the techniques for providing security have two components: a security-related transformation on the information to be sent and some secret information shared by the two principals.

[True or False]

True

Information access threats intercept or modify data on behalf of users who should not have access to that data.

[True or False]

True

The data integrity service inserts bits into gaps in a data stream to frustrate traffic analysis attempts.

[True or False]

False

Symmetric encryption is used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords.

[True or false]

True

__________ is the most common method used to conceal small blocks of data, such as encryption keys and hash function values, which are used in digital signatures.

A) Authentication protocols

B) Symmetric encryption

C) Asymmetric encryption

D) Data integrity algorithms

C) Asymmetric Encryption

A common technique for masking contents of messages or other information traffic so that opponents can not extract the information from the message is __________ .

A) analysis

B) encryption

C) masquerade

D) integrity

B) Encryption

__________ involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.

A) Service denial

B) Masquerade

C) Disruption

D) Replay

D) Replay

The three concepts that form what is often referred to as the CIA triad are ________ . These three concepts embody the fundamental security objectives for both data and for information and computing services.

A) communication, information and authenticity

B) confidentiality, integrity and availability

C) confidentiality, integrity, access control

D) communication, integrity and authentication

B) confidentiality, integrity and availability

A loss of __________ is the unauthorized disclosure of information.

A) integrity

B) confidentiality

C) reliability

D) authenticity

B) confidentiality

Verifying that users are who they say they are and that each input arriving at the system came from a trusted source is _________ .

A) integrity

B) credibility

C) accountability

D) authenticity

D) authenticity

A _________ level breach of security could cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced.

A) high

B) catastrophic

C) moderate

D) low

C) Moderate

A __________ is any action that compromises the security of information owned by an organization.

A) security service

B) security mechanism

C) security attack

D) security alert

C) security attack

A __________ takes place when one entity pretends to be a different entity.

A) passive attack

B) masquerade

C) service denial

D) replay

B) masquerade

__________ is the protection of transmitted data from passive attacks.

A)Data control

B) Access control

C) Confidentiality

D) Nonrepudiation

C) Confidentiality

A(n) __________ service is one that protects a system to ensure its availability and addresses the security concerns raised by denial-of-service attacks.

A) integrity

B) masquerade

C) replay

D) availability

D) availability

__________ threats exploit service flaws in computers to inhibit use by legitimate users.

A) Reliability

B) Passive

C) Service

D) Information access

C) Service

A(n) __________ is a potential for violation of security, which exists when there is a circumstance, capability, action or event that could breach security and cause harm.

A) attack

B) risk

C) threat

D) attack vector

C) threat

The protection of the information that might be derived from observation of traffic flows is _________ .

A) connection confidentiality

B) traffic-flow confidentiality

C) selective-field confidentiality

D) connectionless confidentiality

B) traffic-flow confidentiality

Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery is a(n) ___________ .

A) encipherment

B) security audit trail

C) authentication exchange

D) digital signature

D) digital signature

A ___________ is any process, or a device incorporating such a process, that is designed to detect, prevent, or recover from a security attack. Examples are encryption algorithms, digital signatures and authentication protocols.

Security Mechanism

An __________ attack attempts to alter system resources or affect their operation.

Active

"The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources" is the definition of _________ .

Computer Security

A loss of __________ is the disruption of access to or use of information or an information system.

Availability

Irreversible __________ mechanisms include hash algorithms and message authentication codes, which are used in digital signature and message authentication applications.

Encipherment

In the United States, the release of student grade information is regulated by the __________ .

Family Educational Rights and Privacy Act (FERPA)

A loss of _________ is the unauthorized modification or destruction of information.

integrity

A _________ attack attempts to learn or make use of information from the system but does not affect system resources.

Passive

The __________ service is concerned with assuring the recipient that the message is from the source that it claims to be from. This service must also assure that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception.

authentication

Two specific authentication services defined in X.800 are peer entity authentication and _________ authentication.

data origin

In the context of network security, ___________ is the ability to limit and control the access to host systems and applications via communications links.

access control

__________ prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message and when a message is received, the sender can prove that the alleged receiver in fact received the message.

Nonrepudiation

Viruses and worms are two examples of _________ attacks. Such attacks can be introduced into a system by means of a disk that contains the unwanted logic concealed in otherwise useful software. They can also be inserted into a system across a network.

software

An __________ is an assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system.

attack

__________ is the use of a trusted third party to assure certain properties of a data exchange.

Notarization

Symmetric encryption remains by far the most widely used of the two types of encryption.

[True or False]

True

Rotor machines are sophisticated precomputer hardware devices that use substitution techniques.

[True or False]

True

Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed using different keys. It is also known as non-conventional encryption.

[True or False]

False

With the use of symmetric encryption, the principal security problem is maintaining the secrecy of the key.

[True or False]

False

The process of converting from plaintext to ciphertext is known as deciphering or decryption.

[True or False]

False

The algorithm will produce a different output depending on the specific secret key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.

[True or False]

True

When using symmetric encryption it is very important to keep the algorithm secret.

[True or False]

False

On average, half of all possible keys must be tried to achieve success with a brute-force attack.

[True or False]

True

Ciphertext generated using a computationally secure encryption scheme is impossible for an opponent to decrypt simply because the required information is not there.

[True or False]

False

Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet.

[True or False]

True

As with Playfair, the strength of the Hill cipher is that it completely hides single letter frequencies.

[True or False]

True

A scheme known as a one-time pad is unbreakable because it produces random output that bears no statistical relationship to the plaintext.

[True or False]

True

The one-time pad has unlimited utility and is useful primarily for high-bandwidth channels requiring low security.

[True or False]

False

The most widely used cipher is the Data Encryption Standard.

[True or False]

True

Steganography renders the message unintelligible to outsiders by various transformations of the text.

[True or False]

False

__________ techniques map plaintext elements (characters, bits) into ciphertext elements.

A) Symmetric

B) Traditional

C) Substitution

D) Transposition

C) Substitution

Joseph Mauborgne proposed an improvement to the Vernam cipher that uses a random key that is as long as the message so that the key does not need to be repeated. The key is used to encrypt and decrypt a single message and then is discarded. Each new message requires a new key of the same length as the new message. This scheme is known as a(n) __________ .

A) one-time pad

B) pascaline

C) polycipher

D) enigma

A) one-time pad

An original intelligible message fed into the algorithm as input is known as __________ , while the coded message produced as output is called the __________ .

A) plaintext, ciphertext

B) cipher, plaintext

C) decryption, encryption

D) deciphering, enciphering

A) plaintext, ciphertext

Restoring the plaintext from the ciphertext is __________ .

A) transposition

B) encryption

C) steganography

D) deciphering

D) deciphering

A __________ attack involves trying every possible key until an intelligible translation of the ciphertext is obtained.

A) brute-force

B) chosen plaintext

C) ciphertext only

D) Caesar attack

A) brute-force

Techniques used for deciphering a message without any knowledge of the enciphering details is ___________ .

A) steganography

B) blind deciphering

C) cryptanalysis

D) transposition

C) cryptanalysis

The ___________ takes the ciphertext and the secret key and produces the original plaintext. It is essentially the encryption algorithm run in reverse.

A) diagram algorithm

B) cryptanalysis

C) Voronoi algorithm

D) decryption algorithm

D) decryption algorithm

If both sender and receiver use the same key, the system is referred to as:

A) public-key encryption

B) conventional encryption

C) two-key

D) asymmetric

B) conventional encryption

__________ attacks exploit the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

A) Brute-force

B) Cryptanalytic

C) transposition

D) Block cipher

B) Cryptanalytic

The __________ was used as the standard field system by the British Army in World War I and was used by the U.S. Army and other Allied forces during World War II.

A) Caesar cipher

B) Hill cipher

C) Rail Fence cipher

D) Playfair cipher

D) Playfair cipher

The __________ attack is the easiest to defend against because the opponent has the least amount of information to work with.

A) chosen plaintext

B) chosen ciphertext

C) ciphertext-only

D) known plaintext

C) ciphertext-only

_________ refer to common two-letter combinations in the English language.

A) Transposition

B) Polyalphabetic cipher

C) Streaming

D) Digrams

D) Digrams

A way to improve on the simple monoalphabetic technique is to use different monoalphabetic substitutions as one proceeds through the plaintext message. The general name for this approach is ___________ .

A) rail fence cipher

B) polyalphabetic substitution cipher

C) polyanalysis cipher

D) cryptanalysis

B) polyalphabetic substitution cipher

A technique referred to as a __________ is a mapping achieved by performing some sort of permutation on the plaintext letters.

A) transposition cipher

B) Caesar cipher

C) polyalphabetic cipher

D) monoalphabetic cipher

A) transposition cipher

The methods of __________ conceal the existence of the message in a graphic image.

A) cryptology

B) steganography

C) cryptography

D) decryptology

B) steganography

__________ encryption is a form of cryptosystem in which encryption and decryption are performed using the same key.

Symmetric

A technique for hiding a secret message within a larger document or picture in such a way that others cannot discern the presence or contents of the hidden message is __________ .

steganography

An encryption scheme is said to be __________ if the cost of breaking the cipher exceeds the value of the encrypted information and the time required to break the cipher exceeds the useful lifetime of the information.

Computationally Secure

The two types of attack on an encryption algorithm are cryptanalysis based on properties of the encryption algorithm, and _________ which involves trying all possible keys.

brute force

Cryptographic systems are characterized along three independent dimensions: The type of operations used for transforming plaintext to ciphertext; The way in which the plaintext is processed; and __________ .

The number of keys used

All encryption algorithms are based on two general principles: substitution and ____________ .

transposition

One of the simplest and best known polyalphabetic ciphers is _________ cipher. In this scheme, the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers with shifts of 0 through 25. Each cipher is denoted by a key letter which is the ciphertext letter that substitutes for the plaintext letter a.

Vigenere

A __________ cipher processes the input one block of elements at a time producing an output block for each input block whereas a __________ cipher processes the input elements continuously producing output one element at a time.

block, stream

The earliest known and simplest use of a substitution cipher was called the __________ cipher and involved replacing each letter of the alphabet with the letter standing three places further down the alphabet.

Caesar

An encryption scheme is __________ secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available.

unconditionally secure

The best known multiple letter encryption cipher is the __________ which treats digrams in the plaintext as single units and translates these units into ciphertext digrams.

Playfair

The task of making large quantities of random keys on a regular basis and distributing a key of equal length to both sender and receiver for every message sent are difficulties of the __________ scheme.

Rail fence

The simplest transposition cipher is the _________ technique in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.

rail fence cipher

The most widely used cipher ever is the __________

DES

The __________ consist of a set of independently rotating cylinders through which electrical pulses can flow. Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input pin to a unique output pin.

Rotor

The vast majority of network based symmetric cryptographic applications make use of stream ciphers.

[True or False]

False

The Feistel cipher structure, based on Shannon's proposal of 1945, dates back over a quarter of a century and is the structure used by many significant symmetric block ciphers currently in use.

[True or False]

True

DES uses a 56-bit block and a 64-bit key.

[True or False]

False

If the bit-stream generator is a key-controlled algorithm the two users only need to share the generating key and then each can produce the keystream.

[True or False]

True

A problem with the ideal block cipher using a small block size is that it is vulnerable to a statistical analysis of the plaintext.

[True or False]

True

Confusion seeks to make the statistical relationship between the plaintext and ciphertext as complex as possible in order to thwart attempts to deduce the key.

[True or False]

False

All other things being equal, smaller block sizes mean greater security.

[True or False]

False

Greater complexity in the subkey generation algorithm should lead to greater difficulty of cryptanalysis.

[True or False]

True

Fast software encryption/decryption and ease of analysis are two considerations in the design of a Feistel cipher.

[True or False]

True

A prime concern with DES has been its vulnerability to brute-force attack because of its relatively short key length.

[True or False]

True