GOOGLE IT SUPPORT PROFESSIONAL CERTIFICATE

Course 5 – IT Security: Defense Against the Digital Dark Arts

Week 2: Pelcgbybtl (Cryptology)

Coursera Study Guide

TABLE OF CONTENT

In the second week of this course, we’ll learn about cryptology. We’ll explore different types of encryption practices and how they work. We’ll show you the most common algorithms used in cryptography and how they’ve evolved over time. By the end of this module, you’ll understand how symmetric encryption, asymmetric encryption, and hashing work; you’ll also know how to choose the most appropriate cryptographic method for a scenario you may see in the workplace.

Learning Objectives

  • Understand the how symmetric encryption, asymmetric encryption, and hashing work.
  • Describe the most common algorithms of cryptography.
  • Choose the most appropriate cryptographic method given a scenario.

PRACTICE QUIZ: SYMMETRIC ENCRYPTION

1. What are the components that make up a cryptosystem? Check all that apply.

  • Transmission algorithms
  • Decryption algorithms (CORRECT)
  • Encryption algorithms (CORRECT)
  • Key generation algorithms (CORRECT)

Great job! A cryptosystem is a collection of algorithms needed to operate an encryption service. This involves generating encryption keys, as well as encryption and decryption operations.

2. What is steganography?

  • The practice of hiding messages (CORRECT)
  • The practice of encoding messages
  • The study of languages
  • The study of stegosauruses

Yep! Steganography involves hiding messages, but not encoding them.

3. What makes an encryption algorithm symmetric?

  • Different keys used for encryption and decryption
  • High speed
  • Very large key sizes
  • The same keys used for encryption and decryption (CORRECT)

Awesome! The symmetry of a symmetric algorithm refers to one key being used for both encryption and decryption.

4. What’s the difference between a stream cipher and a block cipher?

  • Block ciphers are only used for block device encryption.
  • Stream ciphers encrypt data as a continuous stream, while block ciphers operate on chunks of data. (CORRECT)
  • Stream ciphers can’t save encrypted data to disk.
  • There is no difference.

You got it! A stream cipher takes data in as a continuous stream, and outputs the ciphertext as a continuous stream, too. A block cipher encrypts the data in chunks, or blocks.

5. True or false: The smaller the encryption key is, the more secure the encrypted data is.

  • TRUE
  • FALSE (CORRECT)

Nice work! The reverse is true. The larger the key, the more secure the encrypted data will be.

PRACTICE QUIZ: PUBLIC KEY OR ASYMMETRIC ENCRYPTION

1. Which of the following do asymmetric cryptosystems provide? Check all that apply.

  • Authenticity (CORRECT)
  • Non-repudiation (CORRECT)
  • Availability
  • Confidentiality (CORRECT)

Exactly! Confidentiality is provided by the encryption and decryption functionality, while authenticity and non-repudiation are ensured by the signing and verification processes.

2. What advantages do asymmetric algorithms have over symmetric ones?

  • They’re easier to implement.
  • They’re more secure.
  • They allow secure communication over insecure channels. (CORRECT)
  • They have very fast performance.

Wohoo! By exchanging public keys for encrypting data, asymmetric encryption securely exchanges information over untrusted channels.

3. What’s a common application for asymmetric algorithms?

  • Secure key exchange (CORRECT)
  • Full disk encryption
  • Secure password storage
  • Random number generation

You nailed it! Asymmetric encryption schemes are perfect for securely exchanging small amounts of data over untrusted networks by exchanging public keys that are used for encrypting data.

PRACTICE QUIZ:  HASHING

1. How is hashing different from encryption?

  • It’s faster.
  • Hashing operations are one-directional. (CORRECT)
  • It’s less secure.
  • Hashing is meant for large amounts of data, while encryption is meant for small amounts of data.

Great job! Hash functions, by definition, are one-way, meaning that it’s not possible to take a hash and recover the input that generated the hash. Encryption, on the other hand, is two-directional, since data can be both encrypted and decrypted.

2. What’s a hash collision?

  • When a hash digest is reversed to recover the original
  • When two identical files generate different hash digests
  • When two different hashing algorithms produce the same hash
  • When two different files generate the same hash digest (CORRECT)

Awesome work! If two different files result in the same hash, this is referred to as a hash collision. Hash collisions aren’t awesome, as this would allow an attacker to create a fake file that would pass hash verification.

3. How is a Message Integrity Check (MIC) different from a Message Authentication Code (MAC)?

  • A MIC only hashes the message, while a MAC incorporates a secret key. (CORRECT)
  • A MAC requires a password, while a MIC does not.
  • They’re the same thing.
  • A MIC is more reliable than a MAC.

That’s exactly right! A MIC can be thought of as just a checksum or hash digest of a message, while a MAC uses a shared secret to generate the checksum. This also makes it authenticated, since the other party must also have the same shared secret, preventing a third party from forging the checksum data.

4. How can you defend against brute-force password attacks? Check all that apply.

  • Enforce the use of strong passwords. (CORRECT)
  • Store passwords in a rainbow table.
  • Incorporate salts into password hashing. (CORRECT)
  • Run passwords through the hashing function multiple times. (CORRECT)

Correct! A brute-force password attack involves guessing the password. So, having complex and long passwords will make this task much harder and will require more time and resources for the attacker to succeed. Incorporating salts into password hashes will protect against rainbow table attacks, and running passwords through the hashing algorithm lots of times also raises the bar for an attacker, requiring more resources for each password guess.

PRACTICE QUIZ:  CRYPTOGRAPHY APPLICATIONS

1. What information does a digital certificate contain? Check all that apply.

  • Public key data (CORRECT)
  • Identifying information of the certificate owner (CORRECT)
  • Digital signature (CORRECT)
  • Private key data

Great job! A digital certificate contains the public key information, along with a digital signature from a CA. It also includes information about the certificate, like the entity that the certificate was issued to.

2. Which type of encryption does SSL/TLS use?

  • Both (CORRECT)
  • Asymmetric encryption
  • Neither
  • Symmetric encryption

Wohoo! SSL/TLS use asymmetric algorithms to securely exchange information used to derive a symmetric encryption key.

3. What are some of the functions that a Trusted Platform Module can perform? Check all that apply.

  • Secure user authentication
  • Malware detection
  • Remote attestation (CORRECT)
  • Data binding and sealing (CORRECT)

You nailed it! A TPM can be used for remote attestation, ensuring that a host is a known good state and hasn’t been modified or tampered (from a hardware and a software perspective). TPMs can also seal and bind data to them, encrypting data against the TPM. This also allows it to be decrypted by the TPM, only if the machine is in a good and trusted state.

PRACTICE QUIZ: WEEK TWO PRACTICE QUIZ

1. Plaintext is the original message, while _____ is the encrypted message.

  • Cipher
  • Digest
  • Algorithm
  • Ciphertext (CORRECT)

Yep! Once the original message is encrypted, the result is referred to as ciphertext.

2. The specific function of converting plaintext into ciphertext is called a(n) ______.

  • Encryption algorithm (CORRECT)
  • Permutation
  • Data protection standard
  • Integrity check

Nice job! An encryption algorithm is the specific function or steps taken to convert plaintext into encrypted ciphertext.

3. Studying how often letters and pairs of letters occur in a language is referred to as _______.

  • Espionage
  • Codebreaking
  • Frequency analysis (CORRECT)
  • Cryptography

Great work! Frequency analysis involves studying how often letters occur, and looking for similarities in ciphertext to uncover possible plaintext mappings.

4. True or false: The same plaintext encrypted using the same algorithm and same encryption key would result in different ciphertext outputs.

  • TRUE
  • FALSE (CORRECT)

Wohoo! If the plaintext, algorithm, and key are all the same, the resulting ciphertext would also be the same.

5. The practice of hiding messages instead of encoding them is referred to as ______.

  • Hashing
  • Obfuscation
  • Steganography (CORRECT)
  • Encryption

That’s right! Steganography involves hiding messages from discovery instead of encoding them.

6. ROT13 and a Caesar cipher are examples of _______.

  • Asymmetric encryption
  • Digital signatures
  • Steganography
  • Substitution ciphers (CORRECT)

Awesome! These are both examples of substitution ciphers, since they substitute letters for other letters in the alphabet.

7. DES, RC4, and AES are examples of ______ encryption algorithms.

  • Asymmetric
  • Strong
  • Symmetric (CORRECT)
  • Weak

Exactly! DES, RC4, and AES are all symmetric encryption algorithms.

8. What are the two components of an asymmetric encryption system, necessary for encryption and decryption operations? Check all that apply.

  • Digest
  • Random number generator
  • Public key (CORRECT)
  • Private key (CORRECT)

You got it! In asymmetric encryption systems, there’s a private key used for encryption, and a public key used for decryption.

9. To create a public key signature, you would use the ______ key.

  • Private (CORRECT)
  • Public
  • Decryption
  • Symmetric

Nice work! The private key is used to sign data. This allows a third party to verify the signature using the public key, ensuring that the signature came from someone in possession of the private key.

10. Using an asymmetric cryptosystem provides which of the following benefits? Check all that apply.

  • Hashing
  • Authenticity
  • Non-repudiation (CORRECT)
  • Confidentiality (CORRECT)

That’s exactly right! Confidentiality is provided by the encryption, authenticity is achieved through the use of digital signatures, and non-repudiation is also provided by digitally signing data.

11. If two different files result in the same hash, this is referred to as a ________.

  • Coincidence
  • Key collision
  • Hash collision (CORRECT)
  • Mistake

Correct! A hash collision is when two different inputs yield the same hash.

12. When authenticating a user’s password, the password supplied by the user is authenticated by comparing the ____ of the password with the one stored on the system.

  • Hash (CORRECT)
  • Plaintext
  • Ciphertext
  • Length

Yep! Passwords are verified by hashing and comparing hashes. This is to avoid storing plaintext passwords.

13. If a rainbow table is used instead of brute-forcing hashes, what is the resource trade-off?

  • Rainbow tables use less RAM resources and more computational resources
  • Rainbow tables use less storage space and more computational resources
  • Rainbow tables use less computational resources and more storage space (CORRECT)
  • Rainbow tables use less storage space and more RAM resources

Wohoo! Instead of computing every hash, a rainbow table is a precomputed table of hashes and text. Using a rainbow table to lookup a hash requires a lot less computing power, but a lot more storage space.

14. In a PKI system, what entity is responsible for issuing, storing, and signing certificates?

  • Certificate Authority (CORRECT)
  • Government
  • Registration Authority
  • Intermediary Authority

Excellent job! The certificate authority is the entity that signs, issues, and stores certificates.