- (Topic 1)
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive
email. At what layer of the OSI layer does the encryption and decryption of the message take place?
Correct Answer:
D
https://en.wikipedia.org/wiki/Presentation_layer
In the seven-layer OSI model of computer networking, the presentation layer is layer 6 and serves as the data translator for the network. It is sometimes called the syntax layer. The presentation layer is responsible for the formatting and delivery of information to the application layer for further processing or display.
Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages. Decryption is also handled at the presentation layer. For example, when logging on to bank account sites the presentation layer will decrypt the data as it is received.
- (Topic 3)
Your company, Encryptor Corp, is developing a new application that will handle highly sensitive user information. As a cybersecurity specialist, you want to ensure this data is securely stored. The development team proposes a method where data is hashed and then encrypted before storage. However, you want an added layer of security to verify the integrity of the data upon retrieval. Which of the following cryptographic concepts should you propose to the team?
Correct Answer:
B
A digital signature mechanism is a cryptographic concept that you should propose to the team to verify the integrity of the data upon retrieval. A digital signature mechanism works as follows:
✑ A digital signature is a mathematical scheme that allows the sender of a message
to sign the message with their private key, and allows the receiver of the message to verify the signature with the sender??s public key. A digital signature provides two
security services: authentication and non-repudiation. Authentication means that the receiver can confirm the identity of the sender, and non-repudiation means that the sender cannot deny sending the message12.
✑ A digital signature mechanism consists of three algorithms: key generation,
signing, and verification. Key generation produces a pair of keys: a private key for the sender and a public key for the receiver. Signing takes the message and the private key as inputs, and outputs a signature. Verification takes the message, the signature, and the public key as inputs, and outputs a boolean value indicating whether the signature is valid or not12.
✑ A digital signature mechanism can be implemented using various cryptographic
techniques, such as hash-based signatures, RSA signatures, or elliptic curve signatures. A common method is to use a hash function to compress the message into a fixed-length digest, and then use an asymmetric encryption algorithm to encrypt the digest with the private key. The encrypted digest is the signature, which can be decrypted with the public key and compared with the hash of the message to verify the integrity12.
A digital signature mechanism can ensure the integrity of the data upon retrieval, because:
✑ A digital signature is unique to the message and the sender, and it cannot be forged or altered by anyone else. If the message or the signature is modified in any way, the verification will fail and the receiver will know that the data is corrupted or tampered with12.
✑ A digital signature is independent of the encryption or hashing of the data, and it can be applied to any type of data, regardless of its format or size. The encryption or hashing of the data can provide confidentiality and efficiency, but they cannot provide integrity or authentication by themselves. A digital signature can complement the encryption or hashing of the data by providing an additional layer of security12.
The other options are not as suitable as option B for the following reasons:
✑ A. Implement a block cipher mode of operation: This option is not relevant because it does not address the integrity verification issue, but the encryption issue. A block cipher mode of operation is a method of applying a block cipher, which is a symmetric encryption algorithm that operates on fixed-length blocks of data, to a variable-length message. A block cipher mode of operation can provide different security properties, such as confidentiality, integrity, or authenticity, depending on the mode. However, a block cipher mode of operation cannot provide a digital signature, which is a form of asymmetric encryption that uses a pair of keys3 .
✑ C. Suggest using salt with hashing: This option is not sufficient because it does not provide a digital signature, but only a hash value. Salt is a random value that is added to the input of a hash function, which is a one-way function that maps any data to a fixed-length digest. Salt can enhance the security of hashing by making it harder to perform brute-force attacks or dictionary attacks, which are methods of finding the input that produces a given hash value. However, salt cannot provide a digital signature, which is a two-way function that uses a pair of keys to sign and verify a message .
✑ D. Switch to elliptic curve cryptography: This option is not specific because it does not specify a digital signature mechanism, but only a type of cryptography. Elliptic curve cryptography is a branch of cryptography that uses mathematical curves to generate keys and perform operations. Elliptic curve cryptography can be used to
implement various cryptographic techniques, such as encryption, hashing, or digital signatures. However, elliptic curve cryptography is not a digital signature mechanism by itself, but rather a tool that can be used to create one .
References:
✑ 1: Digital signature - Wikipedia
✑ 2: Digital Signature: What It Is and How It Works | Kaspersky
✑ 3: Block cipher mode of operation - Wikipedia
✑ : Block Cipher Modes of Operation - an overview | ScienceDirect Topics
✑ : Salt (cryptography) - Wikipedia
✑ : What is Salt in Cryptography? | Cloudflare
✑ : Elliptic-curve cryptography - Wikipedia
✑ : Elliptic Curve Cryptography: What It Is and How It Works | Kaspersky
- (Topic 3)
A company??s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
Correct Answer:
A
There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of XSS flaws: non- persistent and persistent. In this issue, we consider the non-persistent cross-site scripting vulnerability.
The non-persistent (or reflected) cross-site scripting vulnerability is by far the most basic type of web vulnerability. These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the content.
Because HTML documents have a flat, serial structure that mixes control statements, formatting, and the actual content, any non-validated user-supplied data included in the resulting page without proper HTML encoding, may lead to markup injection. A classic example of a potential vector is a site search engine: if one searches for a string, the search string will typically be redisplayed verbatim on the result page to indicate what was searched for. If this response does not properly escape or reject HTML control characters, a cross-site scripting flaw will ensue.
- (Topic 3)
As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless
network security. While experimenting with your home Wi-Fi network, you decide to use a well-known
hacking tool to capture network traffic and attempt to crack the Wi-Fi password. However, despite many
attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal
with AES encryption.
Why are you finding it difficult to crack the Wi-Fi password?
Correct Answer:
C
The network is using an uncrackable encryption method, which makes it difficult to crack the Wi-Fi password. WPA2 Personal with AES encryption is the strongest form of security offered by Wi-Fi devices at the moment, and it should be used for all purposes. AES stands for Advanced Encryption Standard, and it is a symmetric-key algorithm that uses a 128-bit, 192-bit, or 256-bit key to encrypt and decrypt data. AES is considered to be uncrackable by brute force attacks, as it would take an impractical amount of time and computational power to try all possible key combinations12. Therefore, unless you have access to the Wi-Fi password or the encryption key, you will not be able to decrypt the network traffic and crack the password.
The other options are not correct for the following reasons:
✑ A. The Wi-Fi password is too complex and long: This option is not relevant because the Wi-Fi password is not directly used to encrypt the network traffic. Instead, the password is used to generate a Pre-Shared Key (PSK), which is then used to derive a Pairwise Master Key (PMK), which is then used to derive a Pairwise Transient Key (PTK), which is then used to encrypt the data. Therefore, the complexity and length of the password do not affect the encryption strength, as long as the password is not easily guessed or leaked34.
✑ B. Your hacking tool is outdated: This option is not plausible because even if your hacking tool is outdated, it would not affect your ability to capture the network traffic and attempt to crack the password. The hacking tool may not support the latest Wi-Fi standards or protocols, but it should still be able to capture the raw data packets and save them in a file. The cracking process would depend on the encryption algorithm and the key, not on the hacking tool.
✑ D. The network is using MAC address filtering: This option is not feasible because MAC address filtering is a technique that restricts network access and communication to trusted devices based on their MAC addresses, which are unique identifiers assigned to network interfaces. MAC address filtering can prevent unauthorized devices from joining the network, but it cannot prevent authorized devices from capturing the network traffic. Moreover, MAC address filtering can be easily bypassed by spoofing the MAC address of an allowed device56.
References:
✑ 1: What is AES Encryption and How Does it Work? | Kaspersky
✑ 2: AES Encryption: Everything You Need to Know | Comparitech
✑ 3: How Does WPA2 Work? | Techwalla
✑ 4: How Does WPA2 Encryption Work? | Security Boulevard
✑ 5: What is MAC Address Filtering? | Definition, Types & Examples - Fortinet
✑ 6: How to Bypass MAC Address Filtering on Wireless Networks - Null Byte :: WonderHowTo
- (Topic 3)
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?
Correct Answer:
C
Evilginx Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server.