Extras

Question 1

What is the difference between system, infrastructure, host and network security?

Answer 1

System security focuses on the overall protection of an entire system, covering all components like hardware, software, processes and people. In contrast, host, infrastructure, and network security are more targeted approaches:

• Host Security: Secures individual devices, protecting them from malware, unauthorised access, and vulnerabilities.
• Infrastructure Security: Safeguards foundational elements like servers and data centres, including physical and cloud environments.
• Network Security: Protects communication paths and protocols, using firewalls, encryption, and intrusion detection.

These targeted approaches collectively strengthen an organisation’s security posture.

Question 2

What is the difference between a cryptographic key and an encryption key?

Answer 2

A cryptographic key and an encryption key are terms that are often used interchangeably, but they can have slightly different connotations depending on the context.

• Cryptographic Key: This is a more general term that refers to any key used within a cryptographic algorithm, whether for encryption, decryption, authentication, or other cryptographic operations. Cryptographic keys can be used in various cryptographic processes, such as hashing, digital signatures, or key exchange, in addition to encryption and decryption.
• Encryption Key: This specifically refers to the key used in the process of encrypting data. In symmetric encryption, the same key is used for both encryption and decryption. In asymmetric encryption, there are two separate keys: a public key used for encryption and a private key used for decryption.

In summary, an encryption key is a type of cryptographic key used specifically for the encryption (and often decryption) of data, while a cryptographic key is a broader term encompassing any key used in various cryptographic functions.

Question 3

Notation for describing messages and encryption keys

Answer 3

A → B: M
Alice sends Bob a message M

A → B : M, H(M)
Alice sends Bob a message M and the hash of that message H(M)

В → А: {М}к
Bob sends Alice a message M encrypted with a key K

А → B : {M}к(B.plc)
Alice sends Bob a message M
encrypted with his public key к(B.plc)

В → А: {М}к(B.pr)
Bob sends Alice a message M
encrypted with his private key K(B.pr)

E →1: {M}к, M’
Eve sends lan a message M encrypted with a key K and a corrupted message M’

Question 4

What is the difference between linear and differential cryptanalysis?

Answer 4

Linear Cryptanalysis:
- Focus: Finds linear relationships between plaintext, ciphertext, and key.
- Method: Uses statistical analysis of many plaintext-ciphertext pairs to uncover key bits.
- Attack Type: Known plaintext attack.
- Key Point: Exploits linear approximations valid with higher-than-random probability.

Differential Cryptanalysis:
- Focus: Analyses how differences in plaintext affect differences in ciphertext.
- Method: Examines pairs of plaintexts with specific differences to track patterns in ciphertext differences.
- Attack Type: Known plaintext attack using controlled plaintext differences.
- Key Point: Exploits differential patterns that occur more frequently than expected by chance.

Summary:
- Approach: Linear focuses on bit relationships; differential tracks how differences propagate.
- Data: Linear uses large datasets; differential uses specific plaintext pairs.

Question 5

What are the typical defences for network security?

Answer 5

• Firewalls: Control incoming and outgoing network traffic based on security rules.
• Web Application Firewall (WAF): Protects web applications by filtering and monitoring HTTP/HTTPS traffic, blocking common web-based attacks.
• Intrusion Detection/Prevention Systems (IDS/IPS): Monitor network traffic for suspicious activity and can block threats.
• Antivirus/Antimalware: Detect and remove malicious software from devices on the network.
• Encryption: Protects data in transit and at rest by making it unreadable to unauthorised users.
• Network Segmentation: Divides the network into isolated segments to limit the spread of attacks.
• Virtual LANs (VLANs): Segregate network traffic into different logical groups to enhance security and limit broadcast traffic.
• Switchport Security: Limits the number of MAC addresses on a port and can disable ports if a security violation occurs, protecting against unauthorised devices.
• Access Control: Ensures that only authorised users and devices can access network resources.
• Multi-Factor Authentication (MFA): Adds an extra layer of security by requiring multiple forms of verification.
• Patch Management: Regularly updates software and devices to fix vulnerabilities.
• VPNs: Securely connect remote users to the network by encrypting their internet traffic.
• DMZ (Demilitarised Zone): Isolates public-facing services from the internal network to protect against external threats.
• Security Information and Event Management (SIEM): Aggregates and analyses security data for threat detection and response.

Question 6

What are the 7 GDPR principles?

Answer 6

1. Lawfulness, Fairness, and Transparency:
   • Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject (the person whose data is being processed).
   
   2. Purpose Limitation:
      • Personal data should be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
   3. Data Minimisation:
      • Personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
   4. Accuracy:
      • Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted without delay.
   5. Storage Limitation:
      • Personal data should be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
   6. Integrity and Confidentiality (Security):
      • Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
   7. Accountability:
      • The data controller (the entity responsible for determining the purposes and means of processing personal data) is responsible for and must be able to demonstrate compliance with the other six principles.

Question 7

What is the TLS handshake and how does it work?

Answer 7

The TLS handshake is the process that establishes a secure connection between a client and a server. Here’s how it works:

1. Client Hello: The client sends a “hello” message to the server, including supported encryption algorithms and a random number.
2. Server Hello: The server responds with its chosen encryption method, its digital certificate (containing its public key), and another random number.
3. Authentication and Pre-Master Secret: The client verifies the server’s certificate. If valid, the client generates a pre-master secret, encrypts it with the server’s public key, and sends it back.
4. Session Keys Generation: Both the client and server use the random numbers and pre-master secret to generate session keys for encryption.
5. Client and Server Finished: The client and server confirm that future communications will be encrypted using the session keys, and the secure connection is established.

This process ensures secure, encrypted communication between the client and server.