Revision Exam Flashcards
What is public key cryptography?
Relies on 2 keys, one is made public for others to use, the other remains confidential to the owner. One is used for encryption, the other decryption. As long as the private key remains confidential, the encrypted data is protected.
Symmetric vs Asymmetric encryption (Pros/Cons)
Symmetric (same key for encryption/decryption):
• Pros:
- fast, allows for processing of large amounts of data
- easy to implement
• Cons:
- if distributed key is compromised, the encrypted data is exposed
- distribution of keys needs to be done in a secure and reliable way
- in a large system the amount of unique keys grows exponentially
- no digital signatures
Asymmetric (public/private key):
• Pros:
- public key, no need to distribute over secure channels
- if public key is exposed, connection remains secure
- supports digital signatures
- easily scalable
• Cons:
- slower performance, not suitable for large amounts of data
- users must secure their own keys
How are hash functions used?
Hash functions transform variable size plaintext and transforms it into fixed size data blocks, it also creates a fingerprint of the plaintext.
It is used for:
- message authentication
- verifying data integrity
- password storage
- digital signatures
What is confidentiality?
Systems and data are only accessible by authorised users.
What is integrity?
Systems and data are reliable and complete.
What is availability?
Systems and data are accessible when they are needed.
What does it mean for a system to be corrupted?
It’s a loss of integrity.
What does it mean for a system to become leaky?
It represents a loss of confidentiality.
What does it mean for a system to be unavailable?
It represents a loss of availability.
What is a passive attack?
It observes the use of the systems data.
What is an active attack?
It changes the content of a system and its resources.
What is an insider attack?
It’s an attack from a person with privileged access to the system (employee).
What is an outsider attack?
It is an attack from a person or organisation from outside the organisation which seeks to obtain protected information by infiltrating.
What is a DOS attack and Flooding attack?
DOS attack:
Has the objective to make a system unavailable or unusable by depleting system resources (bandwidth, disk space, CPU).
Flooding attack:
Is a type of DOS attack. It sends large volumes of traffic to a system, so that it cannot examine and authorise network traffic.
SSL and IPSec
SSL (Secure Socket Layer):
Used for secure web traffic and ensures data encryption between a client and a server. It secures data at the application level. It is commonly used in web browsing, email and instant messaging.
IPSec (Internet Protocol Security):
Suite of protocols used to secure data at the network layer. Used for securing communications over IP networks (VPN).
Ensures all traffic passing through a network is secured.
What is risk analysis?
It specifies the likelihood of each individual threat to assets, given existing controls (management, operations, technical processes and procedures). It asses risk as the probability of a threat occurring times its cost to the company. The consequences are specified along with the order of risks, to more easily treat them.
Difference between cryptanalytic and brute-force attack?
Cryptanalytic attack:
Relies on the nature of the algorithm and some knowledge of the general characteristics of the plaintext or sample of plaintext-ciphertext pairs.
Brute-force attack:
Tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is found. On average half of all possible keys must be tried to achieve success.
A computer virus places a copy pf itself into programs and arranges so the code executes when the program is run. The easy approach is to append itself onto the existing code, which increases the size of the program. List approaches which do not change the size of the program:
- Compression virus:
Length would be unaffected and thus both the original and infected program would be identical in size, making it impossible to identify by size. - Pointer to RAM:
Uses a pointer to RAM location and execute the code that resides there.
