Encryption Flashcards
What are the 5 steps in Risk Assessment
1) Assets
2) Vulnerability
3) Threat
4) Adversary
5) Consequence
What is the best way to tailor security controls
Tailor controls specific to your assets to minimise the burdens
What is the 3 word acronym for security parameters
C - Confidentiality
I - Integrity
A - Availabilty
What is the extended acronym for security parameters
CIA
P - Possession
A - Authenticity
N - Non-repudiation
A - Authorisation
Define Confidentiality
when we want an asset to remain undisclosed
Define Integrity
Ensuring the accuracy and completion of an asset
Define Availability
The asset must be available and functioning when we need it e.g. not destroyed or encrypted
Define Possession
Ensuring that the asset remains in the right hands and not stolen
Define Authenticity
Validity of claim of origin or authorship
Define Non-Repudiation
Ensures that neither the sender or receiver can deny fulfillment of either end of a contract
What are the 3 main types of protection
Prevention
Detection
Recovery
Define Prevention
Preventing files from being compromised e.g. encryption or keeping keys hidden
Define Detection
Being able to detect an attacker e.g. using deliberate traps, canary tokens and other notification triggers
Define Recovery
Having the ability to recover what is lost
What is the Zero Trust Model
Everything done involves a factor of risk. Evaluate and Distribute the trust
How would you distribute the trust when you need to upload files to a cloud-based storage
1) Can’t trust cloud service
2) Back-up files in separate location
3) Encrypt uploaded files using hash only you have access to
How would you distribute the trust when downloading an untrusted app
Run it in an isolated VM or sandbox to trap any malware
What is encryption?
Turning readable text in to unreadable ciphertext
Pros and cons of high bit-rate algorithm
More secure but takes longer to encrypt and decrypt
What is a brute force attack?
When you try to guess a password by trying all possible combinations
What is a dictionary attack?
Using all the words in the dictionary
What is symmetric encryption?
Symmetric encryption uses 1 key
Is used in most encryption protocols
Is fast and currently ‘unbreakable’
Common standard for HTTPS, Tor, SSH etc.
What is Asymmetric encryption?
The use of 2 keys, one public and one private
What are some common asymmetric key algorithms
RSA
Elliptical curve cryptosystem (ECC)
Diffie-Hellman (DH)
If you encrypt with the senders private key, what do you need to decrypt
The senders public key
- Authentication of sender
If you encrypt with the receivers public key, what is needed to decrypt
The receivers private key
- Confidentiality, only receiver can decrypt message
What is a Crypto system
The use of various crypto techniques in combination
Pros and cons of Asymmetric Algorithms
Better key distribution
Can place pub key on site but only intended reader can decipher with priv key
Authentication & Non-Repudiation
V slow compared to symmetric
Mathematically intensive (higher bit-rate)
Pros and Cons of symmetric algorithms
Fast & Strong
Not scalable
- Sending an encrypted file to 10 people requires 10 keys to also be sent out
What is a Digital Signature?
A hash value (digest) that is encrypted with the senders private key
What security parameters are provided by hashing?
Confidentiality
Integrity
Authentication
Non-Repudiation