Chapter 6- Cryptography and Symmetric Key Algorithms Flashcards
List the goals of cryptography
- Confidentiality
- Integrity
- Authentication
- Non-Repudiation
3 states at which data must remain private
- Rest
- Transit
- Use
Most common goal of cryptosystems
Confidentiality
List the cryptosystems that enforce confidentiality
- Symmetric Cryptosystems
2. Asymmetric Cryptosystems
When developing cryptographic systems. Which types of data must you think about
- Data at rest
- Data in motion
- Data in use
Define:
a. Data at rest
b. Data in Motion
c. Data in Use
Data at Rest: this is data that resides in a permanent location awaiting access. It is also known as stored data.
Data in Motion: this is data that is been transmitted on a network between 2 systems. It is also known as data on the wire.
Data in use: this is data that is stored on the active memory of a computer system where it may be accessed by a process running on that system.
Example of data in motion, rest and use
Threats to data in motion, rest and use
Data in Motion: Data on a wireless network, company network. Threat-Eavesdropping attacks.
Data at Rest: data on hard drives. cloud, USB devices. Threat- theft.
Data in Use:
Define Integrity
Integrity ensures that data is not altered without authorization.
How is message integrity kept
Message integrity is enforced by the use of encrypted message digests, known as digital signatures.
or through secret keys sometimes.
Define Authentication
This is a major function of cryptosystems that verifies the claimed identity of system users.
What is Nonrepudiation
Nonrepudiation provides assurance to the recipient that the message originated from the sender.
It prevents an impostor from pretending to be the sender.
It also prevents the sender from claiming that they never sent the message.
The following do not guarantee non-repudiation
secret key, symmetric key, cryptosystems (i.e. simple substitution ciphers.
Define Algorithms
Set of rules, usually mathematical that dictates how enciphering and deciphering processes are to take place
What term can be summed up as “the enemy knows the system”
Kerckhoffs’s Principle (or assumption)
State Kerckhoffs’s Assumption
Kerckhoffs’s principles is that cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
What do you understand by cryptology
this is a mixture of cryptography and cryptanalysis.
What is one-way function?
This is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.
What is a nonce?
This is is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at the moment of processing for one-time use. e.g. Initialization Vector (IV)
What is a nonce?
This is is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at the moment of processing for one-time use. e.g. Initialization Vector (IV)
Explain Zero Knowledge of proof
This involves proving your knowledge of a fact to a third party without revealing the fact to the third party.
Split Knowledge involves
dividing the information or privilege required to perform an operation among multiple users, so that no single user has sufficient privileges to compromise the security of an environment. e.g. concept of key escrow.
M of N Control
This requires that a minimum number of agents (M) out of a total number of agents (N) work together to perform high-security tasks.
What is Work Function?
This involves measuring the strength of a cryptography system by measuring the effort in terms of cost and time using a work function.
For example the time and effort required to perform a complete brute force attack.
Codes vs Ciphers
Codes represent words or phrases. They are sometimes secret. They are not necessarily meant to provide confidentiality.
Ciphers are ALWAYS meant to hide the true meaning of a message. They use a variety of techniques to alter or rearrange the characters or bits of a message to achieve confidentiality.