Secure Software Design - Introduction

Question 1

What are the five primary security objectives in secure software development?

Answer 1

Availability, Authentication, Non-repudiation, Confidentiality, Integrity

Question 2

Define the concept of availability in security objectives.

Answer 2

Ensuring a service is accessible for authorized users at all times.

Question 3

Fill in the blank: Ensuring that data is not accessible to unauthorized individuals is called ______.

Answer 3

Confidentiality

Question 4

What is the purpose of authentication in security?

Answer 4

To verify that only authorized users have access to restricted resources and services.

Question 5

Explain non-repudiation as a security objective.

Answer 5

Non-repudiation ensures that actions taken by a user cannot be denied or disputed by that user.

Question 6

List four types of security risks mentioned in the document.

Answer 6

Unauthorized access, identity theft, access to confidential data, data falsification

Question 7

What is a major vulnerability of automated systems to attack?

Answer 7

They are prone to bot-based attacks which can often be countered with automated protections.

Question 8

According to Kerckhoff’s principles, what must a secure system not rely on for its security?

Answer 8

Secrecy; security should depend on the strength of the key, not hiding the system’s details.

Question 9

Fill in the blank: The process of verifying message authenticity and integrity through public-key cryptography is called ______.

Answer 9

Digital Signature

Question 10

What is the primary function of a certification authority (CA)?

Answer 10

To verify and certify the identity of public key holders, ensuring secure public key exchanges.

Question 11

What is symmetric encryption, and what is its main limitation?

Answer 11

Symmetric encryption uses a single key for both encryption and decryption. Its main limitation is secure key exchange.

Question 12

How does asymmetric encryption solve the key exchange problem?

Answer 12

Asymmetric encryption uses a public key for encryption and a private key for decryption, allowing secure communication without sharing the private key.

Question 13

What is the purpose of a cryptographic hash function?

Answer 13

To create a fixed-size, unique hash of input data that is resistant to inversion, second pre-image, and collision attacks.

Question 14

Fill in the blank: A cryptographic hash function that is difficult to invert is said to have ______.

Answer 14

Pre-image resistance

Question 15

Why is the avalanche effect important in cryptographic functions?

Answer 15

The avalanche effect ensures that a small change in input produces a substantial change in output, enhancing security by making patterns harder to detect.

Question 16

Define threshold cryptography.

Answer 16

Threshold cryptography involves sharing a secret key among multiple parties, requiring a minimum number of participants to reconstruct the secret.

Question 17

In Shamir’s secret sharing scheme, what mathematical concept is used?

Answer 17

Polynomial interpolation is used to divide and reconstruct the secret among participants.

Question 18

Why are public-key infrastructures (PKI) crucial in network security?

Answer 18

PKIs link public keys to their owners and are essential for secure information transfer, e.g., in e-commerce and digital communications.

Question 19

Fill in the blank: A(n) ______ is an electronic document used to prove the ownership of a public key.

Answer 19

Public Key Certificate

Question 20

What are the main challenges of using asymmetric encryption?

Answer 20

Time required for processing and the need for an initial public key exchange.

Question 21

What are two popular criteria for ensuring the avalanche effect?

Answer 21

Strict avalanche criterion and bits independence criterion.

Question 22

What does Kerckhoff’s principle suggest about the role of secrecy in security?

Answer 22

Security should not rely on secrecy; the system should be unbreakable without the key.

Question 23

What is the main function of padding in cryptography?

Answer 23

To divide large input data into equal-sized blocks for iterative processing in hashes, ciphers, and signatures.

Question 24

Explain the identification problem in public key cryptography.

Answer 24

Without a trusted intermediary, anyone can generate a key pair and claim a false identity.

Question 25

What is the primary difference between symmetric and asymmetric encryption?

Answer 25

Symmetric encryption uses one key for both encryption and decryption, while asymmetric uses a key pair: one for encryption (public) and one for decryption (private).

Question 26

List two main challenges in implementing digital signatures.

Answer 26

Creating small, secure signatures for long messages and ensuring they are hard to falsify.

Question 27

Fill in the blank: ______ cryptography allows multiple parties to securely reconstruct a secret only if a certain number of them cooperate.

Answer 27

Threshold

Question 28

What does PKI stand for in cybersecurity?

Answer 28

Public Key Infrastructure

Question 29

What does a trusted certification authority do in a PKI system?

Answer 29

It verifies identities by linking public keys to their rightful owners, ensuring authenticated communications.

Question 30

Fill in the blank: ______ attacks attempt to generate two different messages with the same hash value.

Answer 30

Collision

Question 31

Why is it challenging to secure digital systems against human attackers?

Answer 31

Human attackers, unlike automated bots, use adaptable and sophisticated methods that are harder to counteract.