Chapter 21 Security Flashcards
encryption
alters data into a form that is unreadable by anybody that is not the intended recipient
process of turning plain text into cipher text
Example sentence: The encryption process ensures that sensitive information remains secure.
plain-text
the original data
cipher text
the encrypted data
public key
widely available key that can be used to encrypt messages that only the owner of the private key can decrypt
private key
key needed to decrypt data that has been encrypted by a public key and is used in asymmetric encryption which is not shared
similarities between priv and pub key
both used in asymmetric encryption
a pair of keys is required
one is used to encrypt data and the other is used to decrypt data
both are hashing algorithms
differences between priv and pub key
private key is only known to the owner of the key pair, public key can be distributed to anyone
when messages are sent to the owner of the public key they are encrypted with the owner’s public key so they can only be decrypted by the owner’s private key
symmetric key encryption
when only one key is used to encrypt and decrypt (sender and receiver share the secret key)
asymmetric encryption
when two different keys are used (one for encryption and one for decryption)
how does asymmetric encryption ensure that the message remains private
sender will encrypt the message with the receiver’s public key
receiver will decrypt the message with their private key
secure socket layer protocol (SSL)
when a user logs onto a website, SSL encrypts the data and only the client’s computer and the webserver are able to make sense of what is being transmitted
process of setting up secure connection using SSL
browser requests that the server identifies itself
server sends a copy of its SSL certificate and its public key
browser checks the certificate against a list of trusted certificate authorities
if browser trusts certificate, it creates and sends the server a symmetric session key using the server’s public key
server decrypts the symmetric session key using its private key
server sends browser an acknowledgement encrypted with session key
symmetric session key
when the client gains trust of the server after confirming the SSL certificate of it from a CA (certificate authority), the client creates a symmetric session key by using the public key of the server for that particular session
after this all messages are encrypted by that session key which is only known to the client and server
transport layer security protocol (TLS)
recent security protocol
more secure than SSL
only some browsers have the capability to support TLS so SSL is widely used
provides encryption, authentication and data integrity in more effective way
record protocol
(main layer #1 of TLS) can be used with or without encryption, contains the data being transmitted over the network