Introduction to Security Flashcards
What is information security?
The protection of information and information systems
What is confidentiality?
the assurance that data cannot be viewed by an unauthorised user
What is data integrity?
the assurance that data has not been altered in an unauthorised manner (including accidental errors)
What is data origin authentication?
assurance that a given entity was the original source of a data
Another term for data origin authentication?
message authentication
What is entity authentication?
the assurance that a given entity is involved and currently active in a communication session
What is non-repudiation?
the assurance that an entity cannot deny a previous commitment or action (to a “third party”)
What is cryptography?
design and analysis of mechanisms based
on mathematical techniques that provide fundamental security services
What is cryptography primitive?
a cryptographic process that provides a number of specified security services
What is plaintext?
the raw data to be protected during transmission from sender to receiver
What is ciphertext?
the encrypted version of the plaintext that results from applying the encryption algorithm & the encryption key to the plaintext
What is an encryption algorithm?
the set of rules that determines, for any given plaintext and encryption key, a ciphertext
What is a decryption algorithm?
the set of rules that determines, for any given ciphertext and decryption key, a unique plaintext
What is an encryption key?
a value that the sender inputs into the encryption algorithm along with the plaintext in order to compute the ciphertext
What is a decryption key?
a value that the receiver inputs into the decryption algorithm along with the ciphertext in order to compute the plaintext
What is a keyspace?
the collection of all possible decryption keys
What is an interceptor?
an entity other than the sender or receiver who attempts to determine the plaintext
What is the difference between symmetric and public key encryption?
the encryption key and the decryption key are fundamentally different i.e., it is computationally infeasible to determine the decryption key from the encryption key
What is the difference between passive and active message interception?
Passive interception involves the unauthorised access to data e.g. eavesdropping or copying restricted files whereas passive interception includes the unauthorised alteration, deletion, transmission or access prevention to data
What does AES stand for?
Advanced Encryption Standard
What is the difference regarding plaintext with steganography compared to encyption?
the adversary should not even notice that there is a plaintext at all, in contrast to encryption, where he knows there is a plaintext, but cannot compute it
What is Kerchoff’s principle?
the cryptographic algorithm should not be required to be secret (it should stay secure even if the detail of the algorithm is revealed)
What are the two ways to break an encryption algorithm?
- determining the decryption key directly
- deducing a plaintext from the corresponding ciphertext without first determining the decryption key
What is a ciphertext-only attack?
where the attacker only knows the encryption algorithm and some ciphertext