Introduction

Question 1

Security vs. Safety

Answer 1

Security: refers to protection against itended incidents and attacks
Safety: refers to reliability, stability and resilience (Ausfallsicherheit) (in German “dependability (Zuverlässigkeit) refer to both)

Question 2

Define Information

Answer 2

Represents a fourth production factor (in addition to ground, capital and work)
–> moving from industralized society to an information society

Question 3

What is Security?

Answer 3

State in which threats do not exist, are irrelevant , or do not apply –> security is subjective and relative (is flying secure?)

Question 4

What is IT Security?

Answer 4

Focuses on secure storage, processing, encoded transmission of data
Goals: Availability, Confidentiality, Integrity, Authenticity, Nonrepudation, Anonymity, etc.

Question 5

Name possible strategies of attacks and their likelyhood of success

Answer 5

Direct attacks: can be made technically diffcult

Indirect attacks: are often possible and successful (eg. social engineering attacks)

Question 6

Name natural enemies of IT Security

Answer 6

• Users
• Complexcity (of Code, e.g. 1 error per every 1000 lines of code: 50k errors in Windows)
• Speed (time to market, etc.)

Question 7

Name key concepts and principles

Answer 7

there is no absolute security / a system will always be attacked / security measures are mostly circumvented - not broken / simplicity and minimal systems are advantegeous

Question 8

Name some misconceptions of IT Security

Answer 8

Users are interested in IT Security / data and information flows can be controlled / certificates are useful / penetration tests helps

Question 9

Name the formula to compute risk

Answer 9

Risk = (Probability of an event) * (expected loss)

Question 10

What are baseline requirements in IT Security?

Answer 10

independent from actual risk, you put state-of-the-art tools into place (firewall, antivir software, etc.)

Question 11

What is the problem with IT Security and Standards?

Answer 11

There are no standards that cover 100%, but best practices such as ISO

Question 12

What is cryptography?

Answer 12

kryptos = hidden, logos = word

Question 13

Name some cryptographic fundamentals

Answer 13

data integrity, access control, authentification, anonomity

Question 14

what is a cryptosystem?

Answer 14

set of algorithms together with the key management processes that support use of the algorithm in some application context

Question 15

Name some classes of cryptosystems

Answer 15

keyless cryptosystems (no crypto-parameter used) / secret key (symmetric) cryptosystems (same crypto-paramter for all participants) / public key (asymmetric) cryptosystems (crypto-parameters not shared among all participants)

Question 16

Explain unconditional / information-theoretical security

Answer 16

if its impossible for the advisory to solve the task (e.g. its impossible to calculate the key because any key could be possible with same probability)

Question 17

Explain conditional / computational security

Answer 17

the advisory can theoretical calculate the key (maybe not now because of insufficient calculation power)

Question 18

What is a provably secure cryptosystem?

Answer 18

when breaking the cryptosystem is computationally equivalent to solving a mathematical problem –> if the problem cannot be solved, the system cannot be broken

Question 19

what is the Kerckhoff’s principle?

Answer 19

it says that cryptographic systems should be designed in a way that it remains secure even if the adversary knows all the details expect the key (e.g. knows the code)

Question 20

What are side-channel attacks?

Answer 20

work surprisingly well, e.g. timing attacks: time needed to generate a key leads to assumption about the approach

Question 21

what are keyless cryptosystems?

Answer 21

have a one-way function e.g. Function f:X –> Y is one-way, if it can be computed efficiencly but cannot be inverted efficiencly