Lecture 2 - Security Protocols

Question 1

Simplest protocol?

Answer 1

Simply memorising the secret key or password

Question 2

When is using memorisation appropriate?

Answer 2

When the key is short and easy to remember

Question 3

Second simplest protocol?

Answer 3

Writing the secret key down on a piece of paper. This means this protocol relies on the attacker having physical access.

Question 4

Threat to writing down our secret key?

Answer 4

• losing the piece of paper
• new copies must be secured, kept track of and updated
• we have to destroy all copies when we are done

Question 5

Can we use a computer file to store our secret key (no encryption) ?

Answer 5

This is possible, however extremely vulnerable to attackers, while also having backups overwrite versions (all need to be protected) and the fact deleted files can be recovered.

Question 6

What is an encryption program?

Answer 6

A program that takes our key in plaintext and produces a ciphertext as a result.

Question 7

What is a decryption program?

Answer 7

A program that takes a ciphertext as input and produces a plaintext as a result.

Question 8

What must decryption do?

Answer 8

undo the encryption

Question 9

What must happen after we encrypt the plaintext?

Answer 9

The original plaintext document should be deleted, this includes all copies and backups. This means using encryption also has vulnerability while the plaintext is around.

Question 10

What is a threat to the encryption and decryption algorithms.

Answer 10

Attacker potentially finding the encryption and decryption algorithms. These themselves cannot be encrypted as they must be running on the machine.

Question 11

What type of a cybersecurity problem is sending secret information between 2 entities?

Answer 11

This is a confidentiality, integrity (if messaged changed before or during transmission) and potentially an availability (if someone prevents message from being received) problem.

Question 12

What is the only fully safe medium of transmission.

Answer 12

Meeting in a private place.

Question 13

First, worse way to use encryption for transfer of data?

Answer 13

Encrypting before sending, sending , then decrypting at source. (decryption algorithm is a secret)

Question 14

Why is keeping an algorithm a secret bad?

Answer 14

• algorithm designers might be at risk as they know the secret
• peer review of public algorithm reduces flaws (it is easy to fool yourself that an algorithm is more secure than it really is)

Question 15

What is symmetric encryption / one-key encryption?

Answer 15

Encryption and decryption algorithms must be know by both entities. They’re typically public, however require a secret key to work. The algorithm is useless without the key. The key must be exchanged!

Question 16

What is asymmetric encryption?

Answer 16

Encryption based on 2 keys -> private and public. One key is used for encryption (the public one) and other for the decryption (the private one). This is a one-way communication encryption mode (until the source provides a separate set of keys).