csrm 2

Question 1

Symmetric key cryptography

Answer 1

Simplest kind. It involves only one secret key to cipher and decipher information. Symmetric encryption uses a secret key that can either be a number, a word, or a string of random letters. Key K is used for both encryption and decryption.

Question 2

Asymmetric encryption

Answer 2

Public key cryptography. It uses two keys to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious persons do not misuse the keys.

Question 3

Public key cryptography (single pair)

Answer 3

It uses a pair of two related keys for encryption and decryption. The public key (PK) is published and distributed (linked to its owner), and the secret key (SK) is private and unique. It does not matter if someone intercepts PKb, this one is public

Question 4

Public key cryptography (double pair):

Answer 4

Use PKb to encrypt and SKb to decrypt. Or use Ska to encrypt (signature) and anyone with PKa can test.

Question 5

application of encryption/decryption

Answer 5

• Signature: Purpose is to authenticate a message. A signature schema has a key-pair generation function which given a random input R will return to keys (private signing key and public verification key).
• Governance of public key infrastructure (PKI): Infrastructure and governance mechanisms for establishing a secure key exchange. Procedures for linking keys (certificates) to a natural person. The weaknesses are often in key management and governance structure.
• Protocols: Rules for interaction (TCP/IP protocols).
• Two-factor authentication
• Mathematical security models
• SP networks (substitution – permutation)
• Advanced encryption standard
• Feistel cipher
• DES (3DES)

Question 6

Types of encryptions

Answer 6

Biometric encryption technologies:
End-to-end encryption
Quantum cryptography
Homomorphic encryption:
Blockchain

Question 7

Biometric encryption technologies

Answer 7

Fingerprints, facial recognition, and voice recognition. This type of technology will remove the need for remembering annoying passwords and answers to secret questions. You also can’t lose this biometric aspect. You’re face or fingerprint will be representing by a number by measuring distance between aspects. A range of correct inputs will be accepted.

Question 8

End-to-end encryption

Answer 8

A system of communication where only the communicating users can read the messages. It prevents potential eavesdroppers from being able to access the cryptographic keys needed to decrypt the conversation. Each phone has two unique keys that encrypt and decrypt messages (public and private keys). A combination of public and private keys is used to create a temporarily shared key. The public keys are used to confirm that the shared key is authentic. The shared keys are erased and regenerated constantly; this ensures that the conversations can’t be eavesdropped in the future.

Question 9

Quantum cryptography:

Answer 9

makes encryption useless because a quantum computer would be able to easily decrypt anything that is encrypted. The way to combat this would be via quantum cryptography. It relies on the law of physics. The key is a stream of photons. These photons have a property called spin which can be changed when it passes. It reflects in filters to 0 and 1’s.

Question 10

Homomorphic encryption

Answer 10

Used for transmission of highly classified material while keeping the material highly secured. There will be worked on the data inside of a protected box without having full access. Processed without access.

Question 11

Blockchain

Answer 11

Decentralized ledgers lead to encryption technology. Only some people have a copy.

Question 12

Ethics and data protection: privacy

Answer 12

The right for information self-determination. Also, right to ‘control, edit, manage, and delete information about themselves and decide when, how and to what extent information is communicated to others.’

Question 13

General Data Protection Regulation:

Answer 13

Talks about privacy law (right to privacy and a private life) and Data protection law. It is an EU regulation (2016) on the protection of natural persons about the processing of personal data and on the free movement of such data. It governs how, when, and why data controllers and processors process personal data. Some differences with previous regulations:

Question 14

what is the difference between privacy and confidentiality

Answer 14

Confidentiality is a part of privacy. Privacy is a bit broader, also talks about granularity of information, types of processing, consent, opt-out v. opt-in.

Question 15

General Data Protection Regulation. What are Some differences with previous regulations:

Answer 15

• Increased sanctions and authority for regulators, increased accountability for organizations
• Introduces obligations to perform Data protection impact assessments and to appoint data
  protection officer and to report breaches
• Strengthen the idea of privacy by design and privacy by default
• Uphold right to be forgotten
• Strengthen rules against profiling

Question 16

Data processing roles (actors):

Answer 16

• Data subject: natural person, about whom data is processed
• Controller: Determines purposes and means of processing of personal data
• Processor: Processes personal data on behalf of the controller

Question 17

what are the seven key principles relating to processing of personal data

Answer 17

Lawfulness, fairness, and transparency:
Purpose limitation
Data minimization:
Data accuracy
Storage limitation
Integrity and confidentiality:
Accountability

Question 18

Lawfulness, fairness, and transparency:

Answer 18

Should act in compliance with the wishes of the data subject (ethical behavior). Customers must be aware of and really understanding what is happening with their data and the risks. And lawful in means of consent of the data, necessity to enter or perform a contract and necessity for the legitimate interest of the controller or a third party. Consent needs to be freely given, specific, informed, and unambiguous indication by a statement of clear affirmative action

Question 19

Purpose limitation

Answer 19

Collected for specified, explicit and legitimate purposes and not further processes in a manner that is not compatible with those purposes. Every purpose requires a legal basis (so not directly to third parties).

Question 20

Data minimization:

Answer 20

Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Question 21

Data accuracy

Answer 21

Accurate and where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purpose for which they are processed, are erased, or rectified without delay.

Question 22

Storage limitation

Answer 22

Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

Question 23

Integrity and confidentiality

Answer 23

Shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organizational measures.

Question 24

Accountability:

Answer 24

Put into place measures that would normally guarantee data protection and compliance, have documentation ready to demonstrate that these measures have been taken.