CHAPTER: SECURITY

Question 1

What is Encryption

Answer 1

it is the process of turning plain text into something that appears to be random and meaningless (cipher text)

Question 2

What is Decryption

Answer 2

Decryption is the process of turning cipher text into plain text

Question 3

Plain Text

Answer 3

It is the data before it is encrypted

Question 4

Cipher Text

Answer 4

It is the data after an encryption algorithm is added to it

Question 5

Four Security Concerns that are solved by encryption

Answer 5

1. Confidentiality: only the intended recipient can view what the message says
2. Authenticity: the receiver is sure of who the sender is

3, Integrity: cipher text mustnt be modified

4. Non-Repudiation: neither sender nor receiver can state they didn’t take part in the transmission

Question 6

What is Symmetric Encryption

Answer 6

It is an encryption where the same key is used for encrypting and decrypting data. Symmetric Keys are shared

Question 7

What is Asymmetric Encryption

Answer 7

It is an encryption where two different keys are used.
The public key of the receiver encrypts the data and the private key of the reliever is used to decrypt the data (message)

Question 8

Public Key

Answer 8

• widely available
  -used to encrypt messages
  -only owner of private key can decrypt the data

Question 9

Private Key

Answer 9

• key that is used to decrypt the encrypted data

Question 10

Similarities between the Keys

Answer 10

Both keys are used in asymmetric encryption
Both keys use hashing algorithms

Question 11

Difference between the Keys

Answer 11

The private key is only available to the owner of the key whereas the public key is shared

Messages are encrypted using the public key of the receiver

Message digests are encrypted using the sender’s private key to form digital signatures

Question 12

Purpose of Quantum Cryptography

Answer 12

• sends virtually unhackable messages using the laws of physics
• detects eavesdropping as that changes the properties of the photons
• allows to protect data being transmitted over fibre optic cables
• allows for the use of longer keys

Question 13

Advantages of Quantum Cryptography

Answer 13

• no eavesdropping
• virtually unhackable
• integrity of keys is guaranteed once transmitted
• it is more secure as it uses the laws of physics as opposed to maths

Question 14

Disadvantages of Quantum Cryptography

Answer 14

• lacks vital features like digital signatures
• high cost of purchasing

Question 15

Digital Certificate

Answer 15

ensures a document being transmitted is authentic and has not been altered during transmission

Question 16

Contents of Digital Certificate

Answer 16

Digital Signature produced by CA
Certificate Serial Number
Subject Name
Hashing Algorithm
Date of Expiriy

Question 17

How to issue a Digital Certificate

Answer 17

• the user starts an application for the Digital certificate on the computer
• on the computer a key pair is generated
• the user submits the application along with the required details and the public key
• the data is encrypted using the CA’s public key
• CA then created digital document with required details and signs using their private key
• sends the certificate back to the user

Question 18

Digital Signature

Answer 18

it is a encrypted message digest that ensures if a document is authentic

Question 19

Issuing a Digital Signature

Answer 19

-CA uses a hashing algorithm
- generates message digest from particular certificate
- message digest encrypted using CA’s private key

Question 20

How Digital Signature is produced for transmission with message

Answer 20

• message hashed with the agreed hashing algorithm to create the message digest
• it is then encrypted using sender’s private key so digital signature can be decrypted with sender’s public key

Question 21

Differences between Digital Certificate and Signature

Answer 21

Certificate is from an issuing authority while Signature is created from the message
Certificate provides authentication of owner while Signature provides authentication of messages from owner
Certificate remains unchanged while valid while new signature for every message sent

Question 22

How server and browser establish secure connections for online transactions

Answer 22

• browser requests the server to identify itself
• server sends its digital certificate to browser
• browser then checks the certificate against CA
• if browser trusts then a symmetric session key is then generated
• encrypted using the server’s public key and sent to server and server decrypts using its private key

Question 23

Descrive the process for esnureing software is unaltered and authentic

Answer 23

• software put through hashing algortihm
• hashtotal encrypted with private key and put in DS
• DS sent to receiver
• receiver decrypts using server’s public key
• if sent has and received hash are the same, software unaltered and authentic

Question 24

What is a protocol:

Answer 24

it is a known set of rules
an agreed method of transmission

Question 25

Purpose of SSL and TLS

Answer 25

• provides communication security ver a network
• provides encryption
• enables parties to identify and authenticate each other
• and communicate with confidentiality and integrity

Question 26

Uses of SSL and TLS

Answer 26

• online banking
  -online shoppin
• private email
• secure file transfer

Question 27

How SSL and TLS protocols used when between client and server

Answer 27

• every new session begins with a handshake
• client requests a digital certificate from the server
• client verifies the digital certificate of the server
• and obtains a public key
• encryption algorithm agreed on and symmetric keys are generated

Question 28

Virus

Answer 28

• it tries to attach and replicate itself inside other programs
• it attacks files used to run and install software
• to prevent install antivirus software and opt for daily scans

Question 29

Worm

Answer 29

• it runs independently; propogates to other netowk hosts and reproduces itself
• it attacks shared networks
• to prevent set up firewalls to protect from external networks

Question 30

Spyware

Answer 30

it collects information from they typing of the keyboard and transmits to other systems

• it usually attacks the in the background processes
• to prevent install and use real time spyware protection