Chapter 1 Flashcards
What are the three security goals?
Confidentiality, Integrity, Availability
What are security attacks?
Threats that compromise the three security goals
What are security services?
Mechanisms implemented to achieve security goals
What are security mechanisms?
Tools or processes used to provide security services
What two techniques are introduced to implement security mechanisms?
Cryptography, Steganography
Define computer security according to NIST.
Protection of an automated information system to preserve integrity, availability, and confidentiality
What are the three fundamental questions in computer security?
- What assets do we need to protect? * How are those assets threatened? * What can we do to counter those threats?
What does network security refer to?
Measures to protect data during transmission and to prevent unauthorized access
What is Internet security?
Protection of data during transmission over interconnected networks
True or False: Nothing is ever completely or truly secure.
True
What is the CIA triad?
Confidentiality, Integrity, Availability
What does confidentiality mean in information security?
Protection of confidential information from unauthorized access
What does integrity mean in the context of information?
Changes to information must be made only by authorized entities
What does availability signify in information security?
Information must be accessible to authorized entities
What is snooping?
Unauthorized access to or interception of data
Define modification in the context of security attacks.
Interception and alteration of a message by an attacker
What is masquerading or spoofing?
When an attacker impersonates someone else
What does replaying mean in security attacks?
Obtaining a copy of a message and re-sending it
What is repudiation in security context?
Sender or receiver denies having sent or received a message
What is a denial of service (DoS) attack?
An attack that slows down or interrupts service
What does ITU-T provide in terms of security?
Security services and mechanisms
What is cryptography?
The science and art of transforming messages to secure them
What does the term steganography mean?
Covered writing, in contrast to secret writing
What is encryption?
Transformation of intelligible information into unintelligible form
What is decryption?
Transformation of encrypted information back into intelligible form
What is cryptanalysis?
Analyzing encrypted information to recover the original message
What is cryptology?
The field encompassing both cryptography and cryptanalysis
What is the study of principles and methods of deciphering ciphertext without knowing the key called?
Cryptology
Cryptology encompasses both cryptography and cryptanalysis.
What is the original message before encryption called?
Plain text
What is the algorithm used to transform plaintext into unintelligible form called?
Encryption Algorithm
What is the encrypted text referred to as?
Cipher text
What is the key used in the encryption process called?
Encryption key
What is the algorithm used to transform cipher text back to plaintext called?
Decryption Algorithm
What is the key used in the decryption process called?
Decryption key
In a cryptosystem, what must be public while the keys remain secret?
All algorithms
What type of intruder listens to communications without modification?
Passive intruder
What type of intruder modifies messages and re-inserts them?
Active intruder
What does cryptography ensure regarding the knowledge of transferred information?
Confidentiality
What does cryptography ensure regarding the integrity of a message during transmission?
Integrity
What does authenticity in cryptography confirm?
You can verify that you are talking to the entity you think you are talking to
What does identity in cryptography allow you to verify?
Who is the specific individual behind that entity
What does non-repudiation ensure in cryptography?
The individual behind that asset cannot deny being associated with it
What is the classification of cryptography based on the number of keys used?
Symmetric key cryptography and Asymmetric key cryptography
What type of cryptography uses the same key for encryption and decryption?
Symmetric key cryptography
What type of cryptography uses two mathematically related keys?
Asymmetric key cryptography
What is an example of symmetric encryption?
DES (Data Encryption Standard)
What must both sender and receiver possess in a symmetric encryption system?
The same key
What are two requirements for secure use of symmetric encryption?
A strong encryption algorithm and a secret key known only to sender/receiver
What is the mathematical representation of encryption in symmetric cryptography?
C = E_K(M)
What is the mathematical representation of decryption in symmetric cryptography?
M = D_K(C)
What is a substitution cipher?
Replaces the actual bits, character, or block of characters with substitutes
What is a transposition cipher?
Rearranges the order of the bits, characters, or blocks of characters
What is a product cipher?
Combination between transposition cipher and substitution cipher
What is a key characteristic of asymmetric key cryptography?
The relation between the two keys is unknown
What can messages encrypted with the public key be decrypted with?
The private key
What can messages encrypted with the private key be decrypted with?
The public key
What are the essential steps in the asymmetric encryption model?
- Each entity generates a pair of keys
- Each entity publishes its public key
- User A encrypts a message using User B’s public key
- User B decrypts the message using their private key
What are examples of asymmetric ciphers?
- RSA
- Rabin
- ElGamal
- Elliptic curve cryptography
What is a digital signature?
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient to prove the source and integrity of the data unit
What are the two fundamental assumptions upon which digital signatures depend?
- The private key is secure
- The only way to produce a digital signature is to use the private key
What must a digital signature be verifiable by?
Third parties to resolve disputes
What must be possible to verify regarding a digital signature?
- The author
- The date
- The time
What is a key property of digital signatures?
The signature must be verifiable by third parties to resolve disputes.
This ensures that the authenticity of the signature can be confirmed by someone other than the signer.
What must be possible to verify regarding a digital signature?
The author, the date, and time of the signature.
This verification is crucial for establishing the context and legitimacy of the signature.
What must be authenticated at the time of a digital signature?
The contents.
This ensures that the information being signed has not been altered after the signature was created.
Name one standard associated with digital signatures.
DSS (Digital Signature Standard).
DSS is a federal information processing standard for digital signatures.
What is one example of a digital signature algorithm?
RSA (Rivest-Shamir-Adleman).
RSA is widely used for secure data transmission.
What is a key advantage of symmetric-key cryptography?
High rates of data throughput.
This allows for faster encryption and decryption processes compared to asymmetric-key methods.
What is a disadvantage of symmetric-key cryptography?
The key must remain secret in two-party communication.
This requirement complicates the secure exchange of keys between parties.
What challenge arises in large networks with symmetric-key cryptography?
Many key pairs must be managed.
This leads to a significant increase in the number of keys required as the number of users grows.
How many keys does a cryptosystem with n users require?
n*(n-1)/2 keys.
This formula arises from the need for each user to have a unique key with every other user.
What is a key advantage of asymmetric-key cryptography?
Only the private key must be kept secret.
This simplifies key management since the public key can be shared openly.
What problem does asymmetric-key cryptography aim to solve?
Key distribution and digital signature.
These issues are critical in ensuring secure communications and verifying identities.
What is a disadvantage of asymmetric-key cryptography?
Slower than the best-known symmetric key schemes.
The computational complexity of asymmetric algorithms leads to longer processing times.
What is typically larger in asymmetric-key cryptography compared to symmetric-key cryptography?
Key sizes.
Larger key sizes are necessary to achieve comparable security levels.
