CHAPTER: SECURITY Flashcards
What is Encryption
it is the process of turning plain text into something that appears to be random and meaningless (cipher text)
What is Decryption
Decryption is the process of turning cipher text into plain text
Plain Text
It is the data before it is encrypted
Cipher Text
It is the data after an encryption algorithm is added to it
Four Security Concerns that are solved by encryption
- Confidentiality: only the intended recipient can view what the message says
- Authenticity: the receiver is sure of who the sender is
3, Integrity: cipher text mustnt be modified
- Non-Repudiation: neither sender nor receiver can state they didn’t take part in the transmission
What is Symmetric Encryption
It is an encryption where the same key is used for encrypting and decrypting data. Symmetric Keys are shared
What is Asymmetric Encryption
It is an encryption where two different keys are used.
The public key of the receiver encrypts the data and the private key of the reliever is used to decrypt the data (message)
Public Key
- widely available
-used to encrypt messages
-only owner of private key can decrypt the data
Private Key
- key that is used to decrypt the encrypted data
Similarities between the Keys
Both keys are used in asymmetric encryption
Both keys use hashing algorithms
Difference between the Keys
The private key is only available to the owner of the key whereas the public key is shared
Messages are encrypted using the public key of the receiver
Message digests are encrypted using the sender’s private key to form digital signatures
Purpose of Quantum Cryptography
- sends virtually unhackable messages using the laws of physics
- detects eavesdropping as that changes the properties of the photons
- allows to protect data being transmitted over fibre optic cables
- allows for the use of longer keys
Advantages of Quantum Cryptography
- no eavesdropping
- virtually unhackable
- integrity of keys is guaranteed once transmitted
- it is more secure as it uses the laws of physics as opposed to maths
Disadvantages of Quantum Cryptography
- lacks vital features like digital signatures
- high cost of purchasing
Digital Certificate
ensures a document being transmitted is authentic and has not been altered during transmission
Contents of Digital Certificate
Digital Signature produced by CA
Certificate Serial Number
Subject Name
Hashing Algorithm
Date of Expiriy
How to issue a Digital Certificate
- the user starts an application for the Digital certificate on the computer
- on the computer a key pair is generated
- the user submits the application along with the required details and the public key
- the data is encrypted using the CA’s public key
- CA then created digital document with required details and signs using their private key
- sends the certificate back to the user
Digital Signature
it is a encrypted message digest that ensures if a document is authentic
Issuing a Digital Signature
-CA uses a hashing algorithm
- generates message digest from particular certificate
- message digest encrypted using CA’s private key
How Digital Signature is produced for transmission with message
- message hashed with the agreed hashing algorithm to create the message digest
- it is then encrypted using sender’s private key so digital signature can be decrypted with sender’s public key
Differences between Digital Certificate and Signature
Certificate is from an issuing authority while Signature is created from the message
Certificate provides authentication of owner while Signature provides authentication of messages from owner
Certificate remains unchanged while valid while new signature for every message sent
How server and browser establish secure connections for online transactions
- browser requests the server to identify itself
- server sends its digital certificate to browser
- browser then checks the certificate against CA
- if browser trusts then a symmetric session key is then generated
- encrypted using the server’s public key and sent to server and server decrypts using its private key
Descrive the process for esnureing software is unaltered and authentic
- software put through hashing algortihm
- hashtotal encrypted with private key and put in DS
- DS sent to receiver
- receiver decrypts using server’s public key
- if sent has and received hash are the same, software unaltered and authentic
What is a protocol:
it is a known set of rules
an agreed method of transmission
