Secure Software Design - Introduction Flashcards

1
Q

What are the five primary security objectives in secure software development?

A

Availability, Authentication, Non-repudiation, Confidentiality, Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define the concept of availability in security objectives.

A

Ensuring a service is accessible for authorized users at all times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Fill in the blank: Ensuring that data is not accessible to unauthorized individuals is called ______.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the purpose of authentication in security?

A

To verify that only authorized users have access to restricted resources and services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain non-repudiation as a security objective.

A

Non-repudiation ensures that actions taken by a user cannot be denied or disputed by that user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List four types of security risks mentioned in the document.

A

Unauthorized access, identity theft, access to confidential data, data falsification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a major vulnerability of automated systems to attack?

A

They are prone to bot-based attacks which can often be countered with automated protections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

According to Kerckhoff’s principles, what must a secure system not rely on for its security?

A

Secrecy; security should depend on the strength of the key, not hiding the system’s details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Fill in the blank: The process of verifying message authenticity and integrity through public-key cryptography is called ______.

A

Digital Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the primary function of a certification authority (CA)?

A

To verify and certify the identity of public key holders, ensuring secure public key exchanges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is symmetric encryption, and what is its main limitation?

A

Symmetric encryption uses a single key for both encryption and decryption. Its main limitation is secure key exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does asymmetric encryption solve the key exchange problem?

A

Asymmetric encryption uses a public key for encryption and a private key for decryption, allowing secure communication without sharing the private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the purpose of a cryptographic hash function?

A

To create a fixed-size, unique hash of input data that is resistant to inversion, second pre-image, and collision attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Fill in the blank: A cryptographic hash function that is difficult to invert is said to have ______.

A

Pre-image resistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is the avalanche effect important in cryptographic functions?

A

The avalanche effect ensures that a small change in input produces a substantial change in output, enhancing security by making patterns harder to detect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define threshold cryptography.

A

Threshold cryptography involves sharing a secret key among multiple parties, requiring a minimum number of participants to reconstruct the secret.

17
Q

In Shamir’s secret sharing scheme, what mathematical concept is used?

A

Polynomial interpolation is used to divide and reconstruct the secret among participants.

18
Q

Why are public-key infrastructures (PKI) crucial in network security?

A

PKIs link public keys to their owners and are essential for secure information transfer, e.g., in e-commerce and digital communications.

19
Q

Fill in the blank: A(n) ______ is an electronic document used to prove the ownership of a public key.

A

Public Key Certificate

20
Q

What are the main challenges of using asymmetric encryption?

A

Time required for processing and the need for an initial public key exchange.

21
Q

What are two popular criteria for ensuring the avalanche effect?

A

Strict avalanche criterion and bits independence criterion.

22
Q

What does Kerckhoff’s principle suggest about the role of secrecy in security?

A

Security should not rely on secrecy; the system should be unbreakable without the key.

23
Q

What is the main function of padding in cryptography?

A

To divide large input data into equal-sized blocks for iterative processing in hashes, ciphers, and signatures.

24
Q

Explain the identification problem in public key cryptography.

A

Without a trusted intermediary, anyone can generate a key pair and claim a false identity.

25
Q

What is the primary difference between symmetric and asymmetric encryption?

A

Symmetric encryption uses one key for both encryption and decryption, while asymmetric uses a key pair: one for encryption (public) and one for decryption (private).

26
Q

List two main challenges in implementing digital signatures.

A

Creating small, secure signatures for long messages and ensuring they are hard to falsify.

27
Q

Fill in the blank: ______ cryptography allows multiple parties to securely reconstruct a secret only if a certain number of them cooperate.

A

Threshold

28
Q

What does PKI stand for in cybersecurity?

A

Public Key Infrastructure

29
Q

What does a trusted certification authority do in a PKI system?

A

It verifies identities by linking public keys to their rightful owners, ensuring authenticated communications.

30
Q

Fill in the blank: ______ attacks attempt to generate two different messages with the same hash value.

A

Collision

31
Q

Why is it challenging to secure digital systems against human attackers?

A

Human attackers, unlike automated bots, use adaptable and sophisticated methods that are harder to counteract.