Chapter 21 Security

Question 1

encryption

Answer 1

alters data into a form that is unreadable by anybody that is not the intended recipient
process of turning plain text into cipher text

Example sentence: The encryption process ensures that sensitive information remains secure.

Question 2

plain-text

Answer 2

the original data

Question 3

cipher text

Answer 3

the encrypted data

Question 4

public key

Answer 4

widely available key that can be used to encrypt messages that only the owner of the private key can decrypt

Question 5

private key

Answer 5

key needed to decrypt data that has been encrypted by a public key and is used in asymmetric encryption which is not shared

Question 6

similarities between priv and pub key

Answer 6

both used in asymmetric encryption
a pair of keys is required
one is used to encrypt data and the other is used to decrypt data
both are hashing algorithms

Question 7

differences between priv and pub key

Answer 7

private key is only known to the owner of the key pair, public key can be distributed to anyone
when messages are sent to the owner of the public key they are encrypted with the owner’s public key so they can only be decrypted by the owner’s private key

Question 8

symmetric key encryption

Answer 8

when only one key is used to encrypt and decrypt (sender and receiver share the secret key)

Question 9

asymmetric encryption

Answer 9

when two different keys are used (one for encryption and one for decryption)

Question 10

how does asymmetric encryption ensure that the message remains private

Answer 10

sender will encrypt the message with the receiver’s public key
receiver will decrypt the message with their private key

Question 11

secure socket layer protocol (SSL)

Answer 11

when a user logs onto a website, SSL encrypts the data and only the client’s computer and the webserver are able to make sense of what is being transmitted

Question 12

process of setting up secure connection using SSL

Answer 12

browser requests that the server identifies itself
server sends a copy of its SSL certificate and its public key
browser checks the certificate against a list of trusted certificate authorities
if browser trusts certificate, it creates and sends the server a symmetric session key using the server’s public key
server decrypts the symmetric session key using its private key
server sends browser an acknowledgement encrypted with session key

Question 13

symmetric session key

Answer 13

when the client gains trust of the server after confirming the SSL certificate of it from a CA (certificate authority), the client creates a symmetric session key by using the public key of the server for that particular session
after this all messages are encrypted by that session key which is only known to the client and server

Question 14

transport layer security protocol (TLS)

Answer 14

recent security protocol
more secure than SSL
only some browsers have the capability to support TLS so SSL is widely used
provides encryption, authentication and data integrity in more effective way

Question 15

record protocol

Answer 15

(main layer #1 of TLS) can be used with or without encryption, contains the data being transmitted over the network

Question 16

handshake protocol

Answer 16

(main layer #2 of TLS) permits the web server and client to authenticate each other and to make use of encryption algorithm

Question 17

differences between SSL and TLS

Answer 17

it’s possible to extend TLS by adding new authentication methods unlike SSL
TLS can make use of session caching which improves overall performance of the communication when compared to SSL
TLS separates the handshaking process from the record protocol layer where all data is held

Question 18

session caching

Answer 18

when opening a TLS session a lot of time is required due to the complex cryptographic process
so the existing session can be used again

Question 19

what is the purpose of TLS

Answer 19

to provide secure communication over a network
to maintain data integrity
additional layer of security

Question 20

applications of TLS

Answer 20

online banking
private email
online shopping
online messaging

Question 21

security parameters agreed on b/w server and client during handshake

Answer 21

which protocol will be used => there are different versions of the 2 protocols
session ID => uniquely identifies a related series of messages b/w server and client
session type => reusable or not
encryption method => asymmetric or symmetric
authentication method => use of digital certificate or use of digital signature

Question 22

differences between a digital certificate and signature

Answer 22

certificate is obtained from an issuing authority while signature is created from a message
certificate provides authentication of owner while signature is used to authenticate a message sent by the owner
certificate remains unchanged while valid while signature is created for every message
signature makes use of private key and does not provide info while certificate provides info and does not use private key

Question 23

purpose of a digital signature

Answer 23

to ensure a document is authentic
to ensure a document has not been altered during transmission
the validity of contents cannot be denied

Question 24

how is a digital signature produced

Answer 24

a message is put thru agreed hashing algorithm
to produce a hash total also known as a message digest
the message digest is then encrypted using the sender’s private key

Question 25

how is a digital certificate obtained

Answer 25

an application is filed to an issuing certificate authority

Question 26

how is a digital certificate obtained

Answer 26

an application is filed to an issuing certificate authority (CA) with proof of identity e.g: name of organization/address
so their identity can be checked by organizational registration authority
so that a digital certificate will only be issued to a trusted organization

Question 27

items in a digital certificate

Answer 27

public key
agreed hashing algorithm
serial number
name of organisation
date valid from/to
signature
name of issuer
CA digital signature

Question 28

how is asymmetric encryption used to ensured that the message is verified

Answer 28

sender creates the message digest
receiver recreates the message digest
if both copied of message digest match then message has not been altered

Question 29

quantum computing

Answer 29

due to advancement in tech, the concept of quantum computers have been introduced which will easily be able to crack all encryption keys

Question 30

benefits of quantum cryptography

Answer 30

any eavesdropping can be identified
integrity of the key once transferred can be guaranteed
more secure keys can be exchanged

Question 31

drawbacks of quantum cryptography

Answer 31

requires a dedicated line and specialist hardware which can be expensive to implement
has a limited range
possible for polarisation of light to be altered due to various contions while travelling down fibre optic cable
terrorists and criminals can use the technology to hide their activities from government