ECM 1407 Encryption Flashcards
What can modern cryptography be defined as?
The study of mathematical techniques for securing digital data
How does Caesar’s Cipher work?
Shifts each letter by a set amount
e.g. A -> E, B ->F
What are the two principles of cryptography?
Security by obscurity
Kerckhoff’s principle
What is security by obscurity?
Improving security by keeping the algorithm secret
What is Kerckhoff’s principle?
The cipher method must not be required to be secret, and the message must be able to fall into the hands of the enemy
Everything except the keys are public knowledge
What is the mono-alphabetic substitution?
Defines a map from each letter to some letter of the alphabet, where the map is arbitrary, instead of a fixed shift.
What is the difference between symmetric and asymmetric encryption?
Symmetric uses one key for encryption and decryption
Asymmetric makes use of a public key for encryption and a private key for decryption
What is a stream cipher?
an encryption technique that works byte by byte to transform plain text into code that’s unreadable to anyone without the proper key.
Stream ciphers are linear, so the same key both encrypts and decrypts messages. And while cracking them can be difficult, hackers have managed to do it.
What is a block cipher?
a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
The block cipher processes fixed-size blocks simultaneously, as opposed to a stream cipher, which encrypts data one byte at a time.
What are the origins of RSA?
A public-key cryptosystem, one of the oldest, that is widely used for secure data transmission. The acronym “RSA” comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977
How does RSA work?
1) Choose 2 large prime numbers p and q
2) Calculate n = p * q
3) z = (p - 1) * (q - 1)
4) Choose e to be relatively prime (no other common factors than 1) to z
5) Choose d such that (d*e) mod z = 1
What are the RSA equations?
M = plaintext block
C = encrypted block
C = M^e mod n
M = C^d mod n
What are 3 examples of digital signatures?
Private keys
Hashing
Tarballs
What is an example of an awry software implementation? What was the issue?
The heartbleed bug
When a word with more characters than specified, the word is promptly returned as expected, but with random spare data that often reveals sensitive data about the machine and its user.
What websites were affected by the heartbleed bug?
- Yahoo!, Imgur, Stack Overflow, Slate, DuckDuckGo
- These sites asked users to promptly change their passwords
What information is not picked up on by intruders through HTTPS as opposed to HTTP?
The User
The Data
What is information is transmitted from a system to a site that can be used by intruders?
The url
The User
The Data
The machine’s location
Who can intercept the connection between 2 ISPs?
The National Security Agency (NSA)
What is Tor?
A free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays. Using Tor makes it more difficult to trace a user’s Internet activity.
It uses multiple router keys that act as protective layers that the interceptors will reach as opposed to the core connection
What are 3 kinds of parties that have access to your Internet Service Provider (ISP)?
Lawyers
Police
System Administrators
What can external parties receive from an Internet user’s ISP who is using Tor?
Only the location. Tor encrypts the rest
What is the double edged sword in Tor?
+ It allows good people to do what they want to do without the government controlling them
- It allows bad people to do what they want to do without the government controlling them
What are some symmetric encryption programs?
AES
Blowfish
Twofish
What are some asymmetric encryption programs?
ECC
ELGamal
RSA
What surveillance tech was leaked by Edward Snowden?
RAMPART-A
What does the Online Safety Bill say to encryption?
An offence is committed if the participant submits data to OFCOM that cannot be decrypted.
What must participants under the OSB do?
It provides a legal duty for social media companies to put in place systems and processes that tackle child sexual abuse on their services irrespective of the technology they use
Companies failing to comply with such systems and processes face Ofcom, which is able to impose fines of up to £18 million or 10% of the company’s global annual turnover - depending on which is higher.
