17 - security

Question 1

why is encryption needed

Answer 1

• reduce risk of eavesdroppers understanding data that is sent over a network

Question 2

security concerns about data transmission

Answer 2

• confidentiality - only intended receipt can understand
• authenticity - identifies the source is legitimate
• integrity - data isn’t changed
• non repudiation - neither sender nor receiver can deny transmission

Question 3

plaintext

Answer 3

original data being sent

Question 4

cipher text

Answer 4

once plaintext has gone through an encryption algorithm

Question 5

block cipher

Answer 5

• normally used when encrypting
• the algorithm is applied to a group of contiguous bits - rather than one at a time
• the plaintext is XORed with the previous cipher text
• prevents identical plaintext making the same cipher text

Question 6

stream cipher

Answer 6

• encryption algorithm is applied to one bit at a time

Question 7

block chaining

Answer 7

• the plaintext is XORed with the previous cipher text - before encryption
• prevents identical plaintext making the same cipher text

Question 8

symmetric encryption

Answer 8

uses the same key to encrypt and decrypt the encoded message
- use longer key to make it harder to crack
- key has to be sent to the recipient - key distribution problem

Question 9

key distribution problem

Answer 9

in symmetric encryption the sender has the send the key to the recipient as they use the same key - this could be intercepted and used to decrypt the message

Question 10

asymmetric encryption

Answer 10

• uses 2 keys - public + private - public is available to all and private is known only to a person/ computer
• receiver generates 2 keys - are
  mathematically linked but cannot be derived
• sends public key to sender
• sender encrypts document with public key
• sends document and receiver decrypts using private key

Question 11

asymmetric encryption

Answer 11

• if 2 way communication is required between multiple people they all need to generate their own matching public and private keys
• and swap all public kets so they can send encrypted files

Question 12

quantum cryptography

Answer 12

• uses photons and their quantum properties to produce virtually unbreakable encryption
• uses a quit (quantum bit) as the unit of data
• can be 0 or 1 but also both
• put through a polarising filter to make it one direction

Question 13

quantum key distribution

Answer 13

• sending encryption keys across a network uses quantum cryptography – a quantum key
  distribution (QKD) protocol
  eg BB84

Question 14

stages of quantum cryptography

Answer 14

• use light to generate photons
• sent through 4 random polarisers - randomly give one of 4 bit values
• this travels along fibre optic to its destination
• at the destination there are 2 splitters (diagonal or vertical/horizontal)
• one is chosen at random and detectors are read
• repeated until the whole key is sent
• recipient send back sequence of splitters
• sender compares to the polarisation sequence - and confirms where was correct
• ensures they are synchronised
• key is now sent safely

Question 15

advantages of quantum cryptography

Answer 15

• unbreakable
• eavesdropping detection
• longer key generated
• future proof - quantum comps can crack classical encryption easily

Question 16

drawbacks of quantum cryptography

Answer 16

• requires a dedicated line and specialist hardware - expensive
• limited range
• polarisation can be changed as it travels due to interference
• terrorists and other
  criminals can use the technology to hide their activities from government law enforcers

Question 17

SSL and TLS

Answer 17

• use the standard cryptographic protocols to ensure there is a secure and authenticated communication between client and server
• ensure no third party can eavesdrop

Question 18

SSL

Answer 18

• encrypts data - agrees which encryption to use
• compresses data - reduces amount transmitted
• data integrity checks - need digital certificate
  shown by https or a small closed padlock

Question 19

uses of SSL and TLS

Answer 19

• online banking and finance
• online shopping
• sending and recieving emails
• cloud storage
• VPNs

Question 20

TLS

Answer 20

• modern more secure version of SSL
• provides encryption, authentication and data integrity
• 2 layers - record and handshake protocol

Question 21

record protocol

Answer 21

can be used with/ without encryption - contains dat abeing transmited over the network

Question 22

handshake protocol

Answer 22

• permits the web server and client to authenticate each other and make use of encryption algorithms
• establishes a secure session between client and server

Question 23

why is TLS used

Answer 23

• possible to extend by adding new authentication methods
• can use session caching improving performance
• separates handshake from the record protocol where all data is held

Question 24

session caching

Answer 24

• when opening a session it requires computer time - due to complex cryptographic processes
• session caching means less comp time is needed for each connection
• TLS can establish a new session or resume an existing session

Question 25

hows SSL/TLS are used once client types in URL

Answer 25

• the clients browser requests the pages from the web server
• the server sends back the digital certificate
• the client checks the: digital signature, start and end dates, and domain
• once the browser trusts the certificate the public key is used to generate a temporary session key
• the session key is sent to the server
• server uses its private key to decrypt the session key and sends back acknowledgement
• communication can now take place

Question 26

public key infrastructure

Answer 26

a set of protocols, standards and services that allow clients and servers to authenticate each other using digital certificates
digital signatures follow the same protocol
requires the provider to use an encryption algorithm to generate keys

Question 27

digital signature

Answer 27

a way of validating authenticity of digital documents and identifying sender

Question 28

methods to make a digital signature

Answer 28

• use the private key - unique to sender
• hash the message to make a digest then encrypt with the private key - once received has the plaintext and if it matches then the document is sent correct

Question 29

making digital signature via digital certificate

Answer 29

• condensing the digital certificate
• put it through a hashing algorithm
• then encrypt with the CA’s private key

Question 30

digital certificate

Answer 30

• is an electronic document used to prove online identity of website or person
• contains public key and info identifying owner
• issued by the certificate authority (CA) - 3rd party identifier

Question 31

whats found on a digital certificate

Answer 31

• version number
• name of issuer
• validity (start and expiry date)
• public key
• company details
• issuers identifier
• digital signature
• serial number

Question 32

how to apply for digital certificate

Answer 32

• request made using online form - send public key and user id
• companies user id is verified by CA
• digital certificate is generated for the user
• sent back to the applicant - contains public key, CA id, user id, digital signature etc.