Security Flashcards
What are the four main security concerns when data is transmitted ?
- Confidentiality, only the intended receiver should be able to decipher the data
- Authenticity, the need to identify the sender and the verification that the source is legitimate
- Integrity, the data should not be altered during transmission
- Non repudiation, neither the sender or the receiver should be able to deny that they were a part of the data transmission
What are the reasons for using key cryptography ?
- To ensure that only the intended receiver is able to understand the message
- To ensure that the message is authentic and came from a verified, legitimate source
- To ensure that the message has not been altered during transmission
- Non-repudiation
What is plain text ?
What is cipher text ?
- It is the original data before it is put through the encryption algorithm
- It is the product of the plain text being put through the encryption algorithm
What is symmetric key encryption ?
A single key is used for both encryption and decryption.
They key is used by all parties involved in the transmission
What are the pros and cons of symmetric key encryption ?
Pros
- It is not very complex
- It is fast
Cons
- The key has to be exchanged securely
- If the key is compromised, both sent and received messages can be decrypted
- Cannot ensure non-repudiation
- Cannot ensure origin or integrity of the data
What is a private key ?
- It is the secret key that is never transmitted, it is only known by the owner of the key pair
- It has a matching public key
- It is used to decrypt data that was encrypted using its matching public key
What is a public key ?
- It is the key that is made available to all people who will be communicated with
- It has a matching private key
- It is used to encrypt the message being sent to the owner of the key so it can be decrypted using the matching private key
What is asymmetric encryption ?
It uses two keys, one private and one public
The message to be sent is encrypted using the recipient’s public key
The message is decrypted using the recipients private key
What is the purpose of asymmetric encryption ?
- To provide better security by using two different keys
- Where one of the keys is used to encrypt the message and a matching key is used to decrypt the message
What is the purpose of quantum cryptography ?
It uses the principles of quantum mechanics and the properties of photons to produce a virtually unbreakable encryption system which allows users to send virtually unhackable messages.
It can detect eavesdropping since the properties of the photons will change
It ensures the data security of data transmitted over fibre optic cables
What are the pros and cons of quantum cryptography ?
Pros
- Virtually unhackable
- Eavesdropping can be detected
- Longer keys can be exchanged
- The integrity of the key once transferred can be guaranteed as it can’t be copied or decrypted
- To protect the security of data transmitted over fibre optic cables
Cons
- Requires dedicated fibre optic line and specialist hardware
- The cost of dedicated fibre optic line and specialist hardware is
expensive - Limited range
- Lacks features like digital signatures
- Allows criminals and terrorists to hide their communications
What is the purpose of SSL/TLS
Secure Sockets Layer/Transport Layer Security
- The protocols provide communications security over the internet by providing encryption
- They enable two parties to identify and authenticate each other so they can communicate with confidentiality and integrity
Explain how SSL/TLS protocols are used when a client-server communication is initiated.
- The connection will be initiated by an application which will become the client
- The application which receives the connection becomes the server
- Every new session begins with a handshake
- The client requests the digital certificate from the server, and the server will send it to the client
- The client will verify the digital certificate and obtain the servers public key
- The encryption algorithms will be agreed and the session keys will be generated
How is the digital signature produced before the message is sent ?
- The message is hashed using the agreed upon hashing algorithm to produce the digest
- The digest is encrypted using the senders private key to form the digital signature
How is digital signature used to verify a message when it is received ?
- The message together with the digital signature are decrypted using the receivers private key
- The digital signature received is decrypted using the senders public key to recover the digest sent
- The decrypted messaged is hashed using the agreed hashing algorithm to produce the digest
- If the two digests are the same then the message has not been altered
- Otherwise it has been altered
