Introduction to Security Flashcards
What is information security?
The protection of information and information systems
What is confidentiality?
the assurance that data cannot be viewed by an unauthorised user
What is data integrity?
the assurance that data has not been altered in an unauthorised manner (including accidental errors)
What is data origin authentication?
assurance that a given entity was the original source of a data
Another term for data origin authentication?
message authentication
What is entity authentication?
the assurance that a given entity is involved and currently active in a communication session
What is non-repudiation?
the assurance that an entity cannot deny a previous commitment or action (to a “third party”)
What is cryptography?
design and analysis of mechanisms based
on mathematical techniques that provide fundamental security services
What is cryptography primitive?
a cryptographic process that provides a number of specified security services
What is plaintext?
the raw data to be protected during transmission from sender to receiver
What is ciphertext?
the encrypted version of the plaintext that results from applying the encryption algorithm & the encryption key to the plaintext
What is an encryption algorithm?
the set of rules that determines, for any given plaintext and encryption key, a ciphertext
What is a decryption algorithm?
the set of rules that determines, for any given ciphertext and decryption key, a unique plaintext
What is an encryption key?
a value that the sender inputs into the encryption algorithm along with the plaintext in order to compute the ciphertext
What is a decryption key?
a value that the receiver inputs into the decryption algorithm along with the ciphertext in order to compute the plaintext
What is a keyspace?
the collection of all possible decryption keys
What is an interceptor?
an entity other than the sender or receiver who attempts to determine the plaintext
What is the difference between symmetric and public key encryption?
the encryption key and the decryption key are fundamentally different i.e., it is computationally infeasible to determine the decryption key from the encryption key
What is the difference between passive and active message interception?
Passive interception involves the unauthorised access to data e.g. eavesdropping or copying restricted files whereas passive interception includes the unauthorised alteration, deletion, transmission or access prevention to data
What does AES stand for?
Advanced Encryption Standard
What is the difference regarding plaintext with steganography compared to encyption?
the adversary should not even notice that there is a plaintext at all, in contrast to encryption, where he knows there is a plaintext, but cannot compute it
What is Kerchoff’s principle?
the cryptographic algorithm should not be required to be secret (it should stay secure even if the detail of the algorithm is revealed)
What are the two ways to break an encryption algorithm?
- determining the decryption key directly
- deducing a plaintext from the corresponding ciphertext without first determining the decryption key
What is a ciphertext-only attack?
where the attacker only knows the encryption algorithm and some ciphertext
What is a known-plaintext attack?
attacks that assume the attacker knows the encryption algorithm and some arbitrary
plaintext/ciphertext pairs
What is a chosen-plaintext attack?
attacks that assume the attacker knows the encryption algorithm and some arbitrary
plaintext/ciphertext pairs
What is a chosen-ciphertext attack?
attacks that assume the attacker knows the encryption algorithm and some plaintext/ciphertext pairs that correspond either to plaintexts or to ciphertexts chosen by the attacker
Examples of historical cryptosystems (4)
- Caesar cipher
- Simple substitution cipher
- Playfair cipher
- Vigenere cipher
What is the keyspace of the Caesar cipher?
26
What is the keyspace of the simple substitution cipher?
26!
What makes historical cryptosystems unsuitable (3)
- They are all symmetric cryptosystems
- They are designed to provide confidentiality only
- They operate on alphabetic characters
What can be used to break the simple substitution cipher?
Single-letter frequency analysis
What can make an exhaustive key search impractical?
A large keyspace
What are the classes of attack? (4)
- Generic attack - applies to a wide range of cryptographic primitives and do not require knowledge of the working promotive
- Primitive-specific attack - apply to a specific clas of cryptographic pimitives
- Algorithm-specific attack - designed for use against a specific cryptographic algorithm
- Side-channel attack - not directed against the theoretical design of a cryptographic primitive, but rather the way in which the primitive is implemented
What is the aim of homophonic encoding?
to design a cryptosystem whose ciphertext alphabet histogram is close to being ‘flat’ (in other words, every ciphertext symbol occurs approximately equally often).
Disadvantage of homophonic encoding?
Message expansion - it becomes more expensive to send messages across communication channel (more bits are needed to encode one of 1000 ciphertext symbols compared to one of 26 alphabetic characters)
Why is the vignere cipher a more favoured defence against single-letter frequency analysis compared to homophonic encoding?
It does not involve message expansion
What is positional dependency?
the characteristic of a cipher where the position or order of characters in the plaintext directly influences the position or order of characters in the corresponding ciphertext
What is another name for confidentiality?
Secrecy
How does homophonic encoding work?
Each character in the plaintext is mapped to one or more characters in the ciphertext and common characters in the plaintext may have multiple representations in the ciphertext, while less common characters may have fewer or even single representations
What is another name for authentication?
Identification
Which cipher takes advantage of positional dependency?
Vignere cipher
How does the vignere cipher work?
Each letter of the plain text is shifted based on the corresponding letter of the keyword to which it is matched up
How can the vignere cipher be broken?
If the length of the keyword is known, the ciphertext can be split into sections of the length of the keyword and single-letter frequency analysis can be used
