B3P4 - Security Flashcards
asymmetric encryption
encryptionKey != decryptionKey;
asymmetric keys
encryptWithPublicKey and decryptWithPrivateKey;
authentification
checking that nominalSender = actualSender;
confidentiality
checking that messageContent is only visible to intendedRecipient;
cryptography
design of algorithms for secureDataComms;
Diffie-Hellman (DH) algorithm
enables eachParty to locally generate an identicalSecretKey without exchanging it;
encapsulating security payload (ESP)
a combination of algorithms providing integrity, authentification, and confidentiality;
file transfer protocol (FTP)
layer 4 [transport] protocol for file transfer;
hash
hashFunction(message) = aHash;
hash function
a mathFunction returning aHash to check messageIntegrity;
integrity
ensuring message can’t be changed in transit;
internet key exchange (IKE) (IPsec VPN)
a protocol establishing a secureAssociation between endpoints of an IPsec VPN;
IP Security (IPsec) protocol
a layer 3 [network] protocol for secureDataTransfer;
message digest
= aHash;
public-key algorithm
uses asymmetric encryption;
secure socket layer (SSL)
a protocol for secureDataTransfer over IPnets;
security association
two ends agreeing options for confidentiality, integrity, and authentification;
symmetric encryption
encryptionKey = decriptionKey;
transport mode (IPsec)
where IPsec provides security at layer 4 [transport] for layers 4 and above;
tunnel mode (IPsec)
where IPsec provides security at layer 3 [network] for layers 3 and above;
