Chapter 17

Question 1

encryption

Answer 1

process of changing plain text into cipher text

Question 2

cipher text

Answer 2

data after encryption

Question 3

plain text

Answer 3

data before encryption

Question 4

public key

Answer 4

an encryption key that is shared with everyone involved in the process

Question 5

private key

Answer 5

• an encryption key that is not shared with anyone
• it is used to decrypt data that was encrypted with its matching public key

Question 6

similarities between private and public key

Answer 6

both used in asymmetric encryption
a pair of keys is required//matching pair
both are hashing algorithms

Question 7

difference between private and public keys

Answer 7

private key is only known to the owner of the key pair, public key is available for everyone

public key is for encryption, private key is for decryption

Question 8

purpose of encryption

Answer 8

to provide better security,
ensure the authenticity of the message
non-repudiation, neither sender nor receiver can deny the transmission’s occurrence

Question 9

symmetric encryption

Answer 9

one key is used for both encryption and decryption

Question 10

asymmetric encryption

Answer 10

two different keys are used for encryption and decryption, one private and one public.

• the message to be sent is encrypted using the receiver’s public key
• the message is decrypted using the receiver’s matching private key
• as the receiver is the only one with that private key, only the receiver can read the message.

Question 11

explain the difference between symmetric and asymmetric encryption

Answer 11

• Symmetric cryptography uses a single key to encrypt and decrypt messages, Asymmetric cryptography uses two.
• The symmetric key is shared, whereas with asymmetric, only the public key is shared (and the private key isn’t).
• …asymmetric encryption is more secure.
• Symmetric cryptography is a simple process that can be carried out quickly, but asymmetric is more complex, so slower.
• The length of the keys in symmetric encryption are (usually) shorter than those for asymmetric (128/256 bits v 2048 bits).

Question 12

security concerns for encryption

Answer 12

confidentiality = the receiver should be the only one to decipher the cipher text

authenticity = the receiver should be certain who sent the ciphertext

integrity = ensuring the cipher text has not been altered during transmission

Question 13

handshake

Answer 13

when a device initiates communication with another device

Question 14

handshake protocol

Answer 14

requests from the server its SSL certificate which is a digital certificate that confirms its identity. a session key is established that is used for the duration of the connection.

long answer:
client requests server’s digital certificate and public key
client validates certificate and sends their certificate (if requested)
client sends an encrypted message to the server (using server’s public key) to establish session key
session begins

Question 15

security parameters determined during the handshake protocol

Answer 15

• which protocol will be used
• session ID (uniquely identifies the messages sent)
• encryption method
• compression method to be used

Question 16

secure socket layer (SSL) protocol

Answer 16

when a user logs onto a website, SSL encrypts the data and only the client’s computer and the webserver are able to make sense of what is being transmitted

initiates handshake protocol
during this process the client and browser establish a session key that they use for the duration of their connection

Question 17

ssl process

Answer 17

handshake protocol first establishes a connection and confirms identity - the client browser requests its SSL certificate (a digital certificate confirming its identity) and its public key

• if the digital certificate is valid (checks cert through list of certificate authorities) then the session is created, if it is invalid the website is rejected.

client browser then creates and sends the server a symmetric session key using the server’s public key

server uses their private key to decrypt the session key, and sends an acknowledgement (encrypted)

• the session key is used to encrypt the data throughout session

Question 18

function of ssl

Answer 18

created to reassure a user when a client-server application is underway. its purpose is:
- Encryption of data
- Compression of data
- Integrity checking of data

Question 19

transport layer security (TLS)

Answer 19

provides secure communication over a network.
maintains data integrity and adds a layer of security (more secure than SSL)
composed of two layers - record protocol and handshake protocol

Question 20

record protocol (not in spec?)

Answer 20

contains the data being transmitted over the network

Question 21

differences between SSL and TLS

Answer 21

it’s possible to extend TLS by adding new authentication methods unlike SSL
TLS separates the handshaking process from the record protocol layer where all data is held

Question 22

examples of when ssl/tls is used:

Answer 22

banking
private/secure email
online shopping
secure file transfer
using a social networking site - audio chatting, instant messaging.

Question 23

digital signature

Answer 23

an agreed hash function is applied to a message (creating a digest), which is then encrypted using the sender’s private key to form a digital signature. used to identify a sender

Question 24

digital signature process

Answer 24

• Cryptographic one-way hashing algorithm (agreed upon hashing algorithm) is used on the message to create a message digest
• The sender’s private key is then used to encrypt the message digest, which becomes the digital signature.
• the message and digital signature are encrypted with the receiver’s public key (asymmetric), and are sent
• The receiver decrypts the message and digital signature using the receiver’s private key (asymmetric)
• the digital signature is then decrypted with the sender’s public key to recover the message digest
• The receiver uses the same hash function on the decrypted message and compares the two
• If they are identical, the sender’s identity is verified and the message has not been altered.

Question 25

digital certificate

Answer 25

a data file that provides authentication through the CA.

Question 26

how is a digital certificate obtained

Answer 26

• an application is filed to the local CA (certificate authority)
• with some proof of identity e.g. organization name and the information required by the CA
• organization also hands over its public key (depends on question)
• identity is checked by a registration authority
• if it’s verified, the CA generates the certificate, with the CA’s digital signature and name verifying the certificate.
• the digital certificate is issued and handed back to be used.

Question 27

items in the digital certificate

Answer 27

serial number (unique)
certificate authority that issued certificate
certificate authority digital signature
name of the owner of certificate
the owner’s public key
period of validity of certificate
agreed hashing algorithm

Question 28

how is a digital certificate used to create a digital signature?

Answer 28

Instead of making the public key available for everyone, the sender could send the public key to a CA for optimum security.

the CA creates a digital certificate which contains the public key with proof of ownership of the public key

Anyone wishing to use the public key obtains it from the digital certificate

a message encrypted with the public key could be sent to the owner of the private key

that owner could use it to create a digital signature that can be used to authenticate a message

Question 29

purpose of quantum cryptography

Answer 29

• to send virtually un-hackable messages …
• … by using the laws / principles of quantum mechanics / properties of photons
• detects eavesdropping …
• …because the properties of the photons change
• to protect security of data transmitted over fibre optic cables
• to enable the use of longer keys.

Question 30

quantum cryptography

Answer 30

(the direction each photon vibrates in is called its polarisation. A photon can polarised to represent a value for a bit - two ways to represent a 1 and two ways to represent a 0.)

process:
Sender generates photons
Sender sends photons through a random sequence of polarizers
Receiver sends photons to a randomly generated sequence of beam splitters
sender informs receiver of used sequence (polarisation basis)
the receiver informs which ones matched.
for each matched value there is now a stored bit.
receiver then discards other photon signals

Question 31

benefits of quantum cryptography

Answer 31

• impossible to intercept without alterting either side that there has been an interception due to the nature of the photons/laws of physics
• • furthermore photons would be destroyed by the attempt (more secure)
• performance of quantum cryptography is continuously improved
• integrity of the key once transferred can be guaranteed
• longer keys can be used
• eavesdropping can be detected (changes the state of photon)

Question 32

drawbacks of quantum cryptography

Answer 32

• requires dedicated quantum fibre optic line and specialist equipment which are difficult and expensive to implement.
• has a limited range - currently only works over relatively short distances
• polarisation of light can change during the transmission due to poor conditions
• can be utilized by criminals to hide their activities