1. Introduction to Cyber Security Flashcards
common cyber security attackers
- script kiddies
- hackers (white, grey, black)
- insiders
- cyber criminal groups
- hacktivist
cyber crime motivations
- bragging rights
- money
- steal, alter, delete information
- revenge
- state sponsored spying etc
types of cryptography
- symmetric key
- encryption and decryption use the same key
- private, only known to sender and receiver - asymmetric key
- encryption and decryption use different key
- public key for encryption
- private key for decryption - hashing
- no keys
- one way functions to convert plain txt to fixed length hashed value
symmetric cryptography
- substitution cypher
- mono alphabetic (Caesar cypher)
- poly alphabetic (Vegenere cypher) - transposition cypher
- simple transposition
- rail fence cypher
- columnar transposition
vulnerabilities of symmetric cryptography
if algorithm is know, easy to decrypt
how to solve vulnerabilities of symmetric cryptography
- approach
- DES
- 3 DES
- AES - approach
- OTP
asymmetric cryptography
keys are generated in pairs using one way function
choose one as public, one as private
public key to encrypt
private key to decrypt
how to authenticate users using asymmetric keys
if use public key to encrypt, private key to decrypt –> confidentiality
if use public key to decrypt, private key to encrypt –> authentication
sender signs text with sender private key
sender encrypts signed text with receiver public key
receiver decrypts with receiver private key
receiver verify with sender public key
key generation
- modular arithmetic
- prime factorisation
- RSA key generation
RSA key generation
- pick 2 large prime P, Q
- calculate n = PQ
- calculate N = (P-1)(Q-1)
- pick e = number < N, co prime to N
- calculate d where d x e x mod(N) = 1
- public key = (e, n)
- private key = (d, n)
deffie hellman key exchange
alice calculates: A = pow(G,a) x mod(P)
bob calculates: B = pow(G,b) x mod(P)
shared information: A, B, P, G
alice calculates: K = pow(B,a) x mod(P)
bob calculates: K = pow(A,b) x mod(P)
what is the CIA triad
- confidentiality
- prevention of unauthorised disclosure of information - integrity
- prevention of unauthorised modification of information - availability
- prevention of unauthorised withholding of resources