17 - security Flashcards
why is encryption needed
- reduce risk of eavesdroppers understanding data that is sent over a network
security concerns about data transmission
- confidentiality - only intended receipt can understand
- authenticity - identifies the source is legitimate
- integrity - data isn’t changed
- non repudiation - neither sender nor receiver can deny transmission
plaintext
original data being sent
cipher text
once plaintext has gone through an encryption algorithm
block cipher
- normally used when encrypting
- the algorithm is applied to a group of contiguous bits - rather than one at a time
- the plaintext is XORed with the previous cipher text
- prevents identical plaintext making the same cipher text
stream cipher
- encryption algorithm is applied to one bit at a time
block chaining
- the plaintext is XORed with the previous cipher text - before encryption
- prevents identical plaintext making the same cipher text
symmetric encryption
uses the same key to encrypt and decrypt the encoded message
- use longer key to make it harder to crack
- key has to be sent to the recipient - key distribution problem
key distribution problem
in symmetric encryption the sender has the send the key to the recipient as they use the same key - this could be intercepted and used to decrypt the message
asymmetric encryption
- uses 2 keys - public + private - public is available to all and private is known only to a person/ computer
- receiver generates 2 keys - are
mathematically linked but cannot be derived - sends public key to sender
- sender encrypts document with public key
- sends document and receiver decrypts using private key
asymmetric encryption
- if 2 way communication is required between multiple people they all need to generate their own matching public and private keys
- and swap all public kets so they can send encrypted files
quantum cryptography
- uses photons and their quantum properties to produce virtually unbreakable encryption
- uses a quit (quantum bit) as the unit of data
- can be 0 or 1 but also both
- put through a polarising filter to make it one direction
quantum key distribution
- sending encryption keys across a network uses quantum cryptography – a quantum key
distribution (QKD) protocol
eg BB84
stages of quantum cryptography
- use light to generate photons
- sent through 4 random polarisers - randomly give one of 4 bit values
- this travels along fibre optic to its destination
- at the destination there are 2 splitters (diagonal or vertical/horizontal)
- one is chosen at random and detectors are read
- repeated until the whole key is sent
- recipient send back sequence of splitters
- sender compares to the polarisation sequence - and confirms where was correct
- ensures they are synchronised
- key is now sent safely
advantages of quantum cryptography
- unbreakable
- eavesdropping detection
- longer key generated
- future proof - quantum comps can crack classical encryption easily
drawbacks of quantum cryptography
- requires a dedicated line and specialist hardware - expensive
- limited range
- polarisation can be changed as it travels due to interference
- terrorists and other
criminals can use the technology to hide their activities from government law enforcers
SSL and TLS
- use the standard cryptographic protocols to ensure there is a secure and authenticated communication between client and server
- ensure no third party can eavesdrop
SSL
- encrypts data - agrees which encryption to use
- compresses data - reduces amount transmitted
- data integrity checks - need digital certificate
shown by https or a small closed padlock
uses of SSL and TLS
- online banking and finance
- online shopping
- sending and recieving emails
- cloud storage
- VPNs
TLS
- modern more secure version of SSL
- provides encryption, authentication and data integrity
- 2 layers - record and handshake protocol
record protocol
can be used with/ without encryption - contains dat abeing transmited over the network
handshake protocol
- permits the web server and client to authenticate each other and make use of encryption algorithms
- establishes a secure session between client and server
why is TLS used
- possible to extend by adding new authentication methods
- can use session caching improving performance
- separates handshake from the record protocol where all data is held
session caching
- when opening a session it requires computer time - due to complex cryptographic processes
- session caching means less comp time is needed for each connection
- TLS can establish a new session or resume an existing session
hows SSL/TLS are used once client types in URL
- the clients browser requests the pages from the web server
- the server sends back the digital certificate
- the client checks the: digital signature, start and end dates, and domain
- once the browser trusts the certificate the public key is used to generate a temporary session key
- the session key is sent to the server
- server uses its private key to decrypt the session key and sends back acknowledgement
- communication can now take place
public key infrastructure
a set of protocols, standards and services that allow clients and servers to authenticate each other using digital certificates
digital signatures follow the same protocol
requires the provider to use an encryption algorithm to generate keys
digital signature
a way of validating authenticity of digital documents and identifying sender
methods to make a digital signature
- use the private key - unique to sender
- hash the message to make a digest then encrypt with the private key - once received has the plaintext and if it matches then the document is sent correct
making digital signature via digital certificate
- condensing the digital certificate
- put it through a hashing algorithm
- then encrypt with the CA’s private key
digital certificate
- is an electronic document used to prove online identity of website or person
- contains public key and info identifying owner
- issued by the certificate authority (CA) - 3rd party identifier
whats found on a digital certificate
- version number
- name of issuer
- validity (start and expiry date)
- public key
- company details
- issuers identifier
- digital signature
- serial number
how to apply for digital certificate
- request made using online form - send public key and user id
- companies user id is verified by CA
- digital certificate is generated for the user
- sent back to the applicant - contains public key, CA id, user id, digital signature etc.
