Module 16: Quiz – Basic Integrity and Authenticity (Answers) Network Security

Explanation: Encryption algorithms are used to provide data confidentiality, which ensures that if data is intercepted in transit, it cannot be read.

Explanation: Typical usage of cryptographic keys includes the following:

• Symmetric keys, which can be exchanged between two routers supporting a VPN.
• Digital signatures, which are used when connecting to a secure website.
• Hash keys, which are used in symmetric and asymmetric key generation, digital signatures, and other types of applications.

Explanation: Most attacks on cryptographic systems are aimed at the key management level, rather than the cryptographic algorithm itself.

Explanation: Because only the sender and receiver know the secret key, only parties that have access to that key can compute the digest of an HMAC function. This defeats man-in-the-middle attacks and provides authentication of where the data originated.​

Explanation: Asymmetric encryption algorithms use different keys for encryption and decryption. These are known as private and public keys. The longer key lengths used by asymmetric algorithms make them slower than symmetrical encryption and inefficient for bulk data.

Explanation: DH is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret, without having communicated before. Asymmetric key systems are extremely slow for any sort of bulk encryption. It is common to encrypt the bulk of the traffic using a symmetric algorithm such as DES, 3DES, or AES, and use the DH algorithm to create keys that will be used by the symmetric encryption algorithm.

Explanation: SEAL is a stream cipher that uses a 160-bit encryption key. It is a symmetric encryption algorithm that has a lower impact on the CPU resources compared to other software-based algorithms, such as software-based DES, 3DES, and AES.

Explanation: Hashing algorithms are used to provide message integrity, which ensures that data in transit has not changed or been altered.

Explanation: Hashing algorithms are used to provide data integrity, which ensures that the data has not changed during transmission. MD5 and SHA are commonly used hashing algorithms.

Explanation: To make a key strong, there are several essential characteristics of key management that should be considered:

• Generation – The use of good random number generators is needed to ensure that all keys are likely to be equally generated so that the attacker cannot predict which keys are more likely to be used.
• Verification – Almost all cryptographic algorithms have some weak keys that should not be used. With the help of key verification procedures, these keys can be regenerated if they occur.
• Exchange – Key management procedures should provide a secure key exchange mechanism that allows secure agreement on the keying material with the other party, probably over an untrusted medium.
• Revocation and Destruction – Revocation notifies all interested parties that a certain key has been compromised and should no longer be used. Destruction erases old keys in a manner that prevents malicious attackers from recovering them.

Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel.