ISS210

Page |1

HOMEWORK CHAPTER 8
Student Name: Location:
Answer the following questions and upload your document on blackboard under
Homework Chapter 8.
1. What are cryptography and cryptanalysis?
a. While cryptanalysis studies analyzing of information systems so as to study the
hidden aspects of their systems, cryptanalysis is used for the purposes of
breaching cryptographic security systems to gain access to their encrypted
messages.

2. What were some of the first uses of cryptography?

a. Military and diplomatic intelligence

3. What is a key, and what is it used for?

a. A key may be an electronic device or took used to access something. Some may
be cryptographic keys such as a digital signatures or biometric data like
fingerprints. Some may allow entry of a PIN to generate unique combination of
numbers.

4. What are the three basic operations in cryptography?

a. Diffie-Hellman public key cryptography; bulk encryption algorithms; digital
certificates

5. What is a hash function, and what can it be used for?

a. The hash function is considered very difficult to invert or to recreate the input
data from its hash value alone. Such one-way hash functions have been referred to
as workhorses of modern cryptography.

6. Why is it important to exchange keys out of band in symmetric encryption?

a. This is important so to make sure that the sender and receiver of a message share
a single common key which will be used to encrypt and decrypt a message.

7. What is the fundamental difference between symmetric and asymmetric encryption?

a. In symmetric encryption, a simple kind of encryption is used which involves in
using one secret key. In asymmetric ancryption, we use encryption known as
public key cryptography and which uses two keys to encrypt plain text.

ISS210

Page |2

8. How does Public Key Infrastructure protect information assets?

a. Basically, a Public-key infrastructure (PKI) involves publishing the public-key
values used in public-key cryptography. PKI can be further described as the
combination of services, software and also encryption technologies to help
organizations protect the security of their communications on the Internet.

9. What are the components of PKI?

a. Public keys are mainly comprised of digital certificates, certificate revocation
lists, and certification authorities.

10. What is the difference between digital signatures and digital certificates?
a. A digital signature can be described as a unique and mathematically computed
signature which ensures accountability while a A digital certificate enables unique
identification of an entity similar to an electronic ID and issued by a trusted third
party.

11. What drawbacks to symmetric and asymmetric encryption are resolved by using a hybrid
method like Diffie-Hellman?
a. With this type of digital encryption, a number raised to specific powers is is used
to produce decryption keys. Such keys are never directly transmitted and therefore
making the task of a hacker or code breaker mathematically overwhelming and
practically impossible.

12. What is steganography, and what may it be used for?

a. This involves hiding information by embedding messages within some seemingly
harmless messages. The method works by replacing bits of unused data in normal
computer files like HTML or even floppy disks with bits of invisible information.

13. What security protocols are predominantly used in Web-based electronic commerce?
a. These security protocols include Secure Sockets Layer (SSL) which is the
technology used to encrypt and decrypt messages sent between the browsers and
servers. By encrypting the data, messages are protected from being read while in
transit across the Internet. SSL encrypts a message from the browser before
sending to the server. When the message is received by the server, it is decrypted
and verified as coming from the correct sender. This is known as authentication.

14. What security protocols are used to protect e-mail?

a. Emails can be encrypted and authenticated to protect the content from being read
by all but the intended recipients. Email encryption can rely on public-key

ISS210

Page |3

cryptography. In this scenario, users each publish a public key that others can use
to encrypt messages to them while they keep secret a private key used to decrypt
such messages.

15. IPSec can be used in two modes. What are they?

a. Encapsulating Security Payload (ESP) and Authentication Header (AH)

16. Which kind of attack on cryptosystems involves using a collection of pre-identified

terms? Which kind of attack involves sequential guessing of all possible key
combinations?
a. A dictionary attack uses pre-identified terms.
b. A brute-force attack tries all possible combinations.

17. If you were setting up an encryption-based network, what size key would you chose and
why?
a. 104-bit size key encryption standard

18. What is the average key size of a strong encryption system in use today?
a. 128-bit keys.

19. What is the standard for encryption currently recommended by NIST?

a. Advanced Encryption Standard (AES) algorithm; 64-bit block size; 56-bit key

20. What is the most popular symmetric encryption system used over the Web? The most
popular asymmetric system? Hybrid system?
a. Uses two different but related keys; either key can encrypt or decrypt message. If
Key A encrypts message, only Key B can decrypt
b. Highest value when one key serves as private key and the other serves as public
key